DOP-C01 : AWS DevOps Engineer Professional : Part 20

DOP-C01 : AWS DevOps Engineer Professional : Part 20

DOP-C01 : AWS DevOps Engineer Professional : Part 20

  1. What is the scope of an EBS volume?

    • VPC
    • Region
    • Placement Group
    • Availability Zone
    Explanation:

    An Amazon EBS volume is tied to its Availability Zone and can be attached only to instances in the same Availability Zone.

  2. You are experiencing performance issues writing to a DynamoDB table. Your system tracks high scores for video games on a marketplace. Your most popular game experiences all of the performance issues.

    What is the most likely problem?

    • DynamoDB’s vector clock is out of sync, because of the rapid growth in request for the most popular game.
    • You selected the Game ID or equivalent identifier as the primary partition key for the table.
    • You selected the Game ID or equivalent identifier as the primary partition key for the table.
    • You did not provision enough read or write throughput to the table.
    Explanation:

    The primary key selection dramatically affects performance consistency when reading or writing to DynamoDB. By selecting a key that is tied to the identity of the game, you forced DynamoDB to create a hotspot in the table partitions, and over-request against the primary key partition for the popular game. When it stores data, DynamoDB divides a table’s items into multiple partitions, and distributes the data primarily based upon the partition key value. The provisioned throughput associated with a table is also divided evenly among the partitions, with no sharing of provisioned throughput across partitions.

  3. You meet once per month with your operations team to review the past month’s data. During the meeting, you realize that 3 weeks ago, your monitoring system which pings over HTTP from outside AWS recorded a large spike in latency on your 3-tier web service API. You use DynamoDB for the database layer, ELB, EBS, and EC2 for the business logic tier, and SQS, ELB, and EC2 for the presentation layer.

    Which of the following techniques will NOT help you figure out what happened?

    • Check your CloudTrail log history around the spike’s time for any API calls that caused slowness.
    • Review CloudWatch Metrics graphs to determine which component(s) slowed the system down.
    • Review your ELB access logs in S3 to see if any ELBs in your system saw the latency.
    • Analyze your logs to detect bursts in traffic at that time.
    Explanation:
    Metrics data are available for 2 weeks. If you want to store metrics data beyond that duration, you can retrieve it using our GetMetricStatistics API as well as a number of applications and tools offered by AWS partners.

  4. Which of these is not an intrinsic function in AWS CloudFormation?

    • Fn::Split
    • Fn::FindInMap
    • Fn::Select
    • Fn::GetAZs
    Explanation:

    This is the complete list of Intrinsic Functions…: Fn::Base64, Fn::And, Fn::Equals, Fn::If, Fn::Not, Fn::Or, Fn::FindInMap, Fn::GetAtt, Fn::GetAZs, Fn::Join, Fn::Select

  5. For AWS CloudFormation, which is true?

    • Custom resources using SNS have a default timeout of 3 minutes.
    • Custom resources using SNS do not need a <code>ServiceToken</code> property.
    • Custom resources using Lambda and <code>Code.ZipFile</code> allow inline nodejs resource composition.
    • Custom resources using Lambda do not need a <code>ServiceToken</code>property
    Explanation:

    Code is a property of the AWS::Lambda::Function resource that enables to you specify the source code of an AWS Lambda (Lambda) function. You can point to a file in an Amazon Simple Storage Service (Amazon S3) bucket or specify your source code as inline text (for nodejs runtime environments only).

  6. Your API requires the ability to stay online during AWS regional failures. Your API does not store any state, it only aggregates data from other sources – you do not have a database. What is a simple but effective way to achieve this uptime goal?

    • Use a CloudFront distribution to serve up your API. Even if the region your API is in goes down, the edge locations CloudFront uses will be fine.
    • Use an ELB and a cross-zone ELB deployment to create redundancy across datacenters. Even if a region fails, the other AZ will stay online.
    • Create a Route53 Weighted Round Robin record, and if one region goes down, have that region redirect to the other region.
    • Create a Route53 Latency Based Routing Record with Failover and point it to two identical deployments of your stateless API in two different regions. Make sure both regions use Auto Scaling Groups behind ELBs.
    Explanation:
    Latency Based Records allow request distribution when all is well with both regions, and the Failover component enables fallbacks between regions. By adding in the ELB and ASG, your system in the surviving region can expand to meet 100% of demand instead of the original fraction, whenever failover occurs.

  7. You are designing an enterprise data storage system. Your data management software system requires mountable disks and a real filesystem, so you cannot use S3 for storage. You need persistence, so you will be using AWS EBS Volumes for your system. The system needs as lowcost storage as possible, and access is not frequent or high throughput, and is mostly sequential reads.

    Which is the most appropriate EBS Volume Type for this scenario?

    • gp1
    • io1
    • standard
    • gp2
    Explanation:

    Standard volumes, or Magnetic volumes, are best for: Cold workloads where data is infrequently accessed, or scenarios where the lowest storage cost is important.

  8. You need to deploy an AWS stack in a repeatable manner across multiple environments. You have selected CloudFormation as the right tool to accomplish this, but have found that there is a resource type you need to create and model, but is unsupported by CloudFormation. How should you overcome this challenge?

    • Use a CloudFormation Custom Resource Template by selecting an API call to proxy for create, update, and delete actions. CloudFormation will use the AWS SDK, CLI, or API method of your choosing as the state transition function for the resource type you are modeling.
    • Submit a ticket to the AWS Forums. AWS extends CloudFormation Resource Types by releasing tooling to the AWS Labs organization on GitHub. Their response time is usually 1 day, and they complete requests within a week or two.
    • Instead of depending on CloudFormation, use Chef, Puppet, or Ansible to author Heat templates, which are declarative stack resource definitions that operate over the OpenStack hypervisor and cloud environment.
    • Create a CloudFormation Custom Resource Type by implementing create, update, and delete functionality, either by subscribing a Custom Resource Provider to an SNS topic, or by implementing the logic in AWS Lambda.
    Explanation:

    Custom resources provide a way for you to write custom provisioning logic in AWS CloudFormation template and have AWS CloudFormation run it during a stack operation, such as when you create, update or delete a stack. For more information, see Custom Resources.

  9. You run a 2000-engineer organization. You are about to begin using AWS at a large scale for the first time. You want to integrate with your existing identity management system running on Microsoft Active Directory, because your organization is a power-user of Active Directory. How should you manage your AWS identities in the most simple manner?

    • Use a large AWS Directory Service Simple AD.
    • Use a large AWS Directory Service AD Connector.
    • Use an Sync Domain running on AWS Directory Service.
    • Use an AWS Directory Sync Domain running on AWS Lambda
    Explanation:

    You must use AD Connector as a power-user of Microsoft Active Directory. Simple AD only works with a subset of AD functionality. Sync Domains do not exist; they are made up answers. AD Connector is a directory gateway that allows you to proxy directory requests to your on-premises Microsoft Active Directory, without caching any information in the cloud. AD Connector comes in 2 sizes; small and large. A small AD Connector is designed for smaller organizations of up to 500 users. A large AD Connector is designed for larger organizations of up to 5,000 users

  10. When thinking of AWS OpsWorks, which of the following is not an instance type you can allocate in a stack layer?

    • 24/7 instances
    • Spot instances
    • Time-based instances
    • Load-based instances
    Explanation: AWS OpsWorks supports the following instance types, which are characterized by how they are started and stopped. 24/7 instances are started manually and run until you stop them.Time-based instances are run by AWS OpsWorks on a specified daily and weekly schedule. They allow your stack to automatically adjust the number of instances to accommodate predictable usage patterns. Load-based instances are automatically started and stopped by AWS OpsWorks, based on specified load metrics, such as CPU utilization. They allow your stack to automatically adjust the number of instances to accommodate variations in incoming traffic. Load-based instances are available only for Linux-based stacks.

  11. Which of these is not a CloudFormation Helper Script?

    • cfn-signal
    • cfn-hup
    • cfn-request
    • cfn-get-metadata
    Explanation:

    This is the complete list of CloudFormation Helper Scripts: cfn-init, cfn-signal, cfn-get-metadata,

  12. Your team wants to begin practicing continuous delivery using CloudFormation, to enable automated builds and deploys of whole, versioned stacks or stack layers. You have a 3-tier, mission-critical system. Which of the following is NOT a best practice for using CloudFormation in a continuous delivery environment?

    • Use the AWS CloudFormation <code>ValidateTemplate</code> call before publishing changes to AWS.
    • Model your stack in one template, so you can leverage CloudFormation’s state management and dependency resolution to propagate all changes.
    • Use CloudFormation to create brand new infrastructure for all stateless resources on each push, and run integration tests on that set of infrastructure.
    • Parametrize the template and use <code>Mappings</code> to ensure your template works in multiple Regions.
    Explanation:

    Putting all resources in one stack is a bad idea, since different tiers have different life cycles and frequencies of change. For additional guidance about organizing your stacks, you can use two common frameworks: a multi-layered architecture and service-oriented architecture (SOA).

  13. You need to replicate API calls across two systems in real time. What tool should you use as a buffer and transport mechanism for API call events?

    • AWS SQS
    • AWS Lambda
    • AWS Kinesis
    • AWS SNS
    Explanation:

    AWS Kinesis is an event stream service. Streams can act as buffers and transport across systems for in-order programmatic events, making it ideal for replicating API calls across systems. A typical Amazon Kinesis Streams application reads data from an Amazon Kinesis stream as data records. These applications can use the Amazon Kinesis Client Library, and they can run on Amazon EC2 instances. The processed records can be sent to dashboards, used to generate alerts, dynamically change pricing and advertising strategies, or send data to a variety of other AWS services. For information about Streams features and pricing, see Amazon Kinesis Streams.

  14. You are building a Ruby on Rails application for internal, non-production use which uses MySQL as a database. You want developers without very much AWS experience to be able to deploy new code with a single command line push. You also want to set this up as simply as possible.

    Which tool is ideal for this setup?

    • AWS CloudFormation
    • AWS OpsWorks
    • AWS ELB + EC2 with CLI Push
    • AWS Elastic Beanstalk
    Explanation:

    Elastic Beanstalk’s primary mode of operation exactly supports this use case out of the box. It is simpler than all the other options for this question. With Elastic Beanstalk, you can quickly deploy and manage applications in the AWS cloud without worrying about the infrastructure that runs those applications. AWS Elastic Beanstalk reduces management complexity without restricting choice or control. You simply upload your application, and Elastic Beanstalk automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring.

  15. What is the scope of AWS IAM?

    • Global
    • Availability Zone
    • Region
    • Placement Group
    Explanation:

    IAM resources are all global; there is not regional constraint.

  16. You are building a mobile app for consumers to post cat pictures online. You will be storing the images in AWS S3. You want to run the system very cheaply and simply.

    Which one of these options allows you to build a photo sharing application without needing to worry about scaling expensive uploads processes, authentication/authorization and so forth?

    • Build the application out using AWS Cognito and web identity federation to allow users to log in using Facebook or Google Accounts. Once they are logged in, the secret token passed to that user is used to directly access resources on AWS, like AWS S3.
    • Use JWT or SAML compliant systems to build authorization policies. Users log in with a username and password, and are given a token they can use indefinitely to make calls against the photo infrastructure.
    • Use AWS API Gateway with a constantly rotating API Key to allow access from the client-side. Construct a custom build of the SDK and include S3 access in it.
    • Create an AWS oAuth Service Domain ad grant public signup and access to the domain. During setup, add at least one major social media site as a trusted Identity Provider for users.
    Explanation:
    The short answer is that Amazon Cognito is a superset of the functionality provided by web identity federation. It supports the same providers, and you configure your app and authenticate with those providers in the same way. But Amazon Cognito includes a variety of additional features. For example, it enables your users to start using the app as a guest user and later sign in using one of the supported identity providers.

  17. Your CTO has asked you to make sure that you know what all users of your AWS account are doing to change resources at all times. She wants a report of who is doing what over time, reported to her once per week, for as broad a resource type group as possible.

    How should you do this?

    • Create a global AWS CloudTrail Trail. Configure a script to aggregate the log data delivered to S3 once per week and deliver this to the CTO.
    • Use CloudWatch Events Rules with an SNS topic subscribed to all AWS API calls. Subscribe the CTO to an email type delivery on this SNS Topic.
    • Use AWS IAM credential reports to deliver a CSV of all uses of IAM User Tokens over time to the CTO.
    • Use AWS Config with an SNS subscription on a Lambda, and insert these changes over time into a DynamoDB table. Generate reports based on the contents of this table.
    Explanation:
    This is the ideal use case for AWS CloudTrail. CloudTrail provides visibility into user activity by recording API calls made on your account. CloudTrail records important information about each API call, including the name of the API, the identity of the caller, the time of the API call, the request parameters, and the response elements returned by the AWS service. This information helps you to track changes made to your AWS resources and to troubleshoot operational issues. CloudTrail makes it easier to ensure compliance with internal policies and regulatory standards.

  18. What is the order of most-to-least rapidly-scaling (fastest to scale first)?

    DOP-C01 AWS DevOps Engineer Professional Part 20 Q18 013
    DOP-C01 AWS DevOps Engineer Professional Part 20 Q18 013
    •  B, A, C
    • C, B, A
    • C, A, B
    • A, C, B
    Explanation:
    Lambda is designed to scale instantly. EC2 + ELB + Auto Scaling require single-digit minutes to scale out. RDS will take at least 15 minutes, and will apply OS patches or any other updates when applied.

  19. Which is not a restriction on AWS EBS Snapshots?

    • Snapshots which are shared cannot be used as a basis for other snapshots.
    • You cannot share a snapshot containing an AWS Access Key ID or AWS Secret Access Key.
    • You cannot share unencrypted snapshots.
    • Snapshot restorations are restricted to the region in which the snapshots are created.
    Explanation: Snapshots shared with other users are usable in full by the recipient, including but limited to the ability to base modified volumes and snapshots.

  20. You need to deploy a new application version to production. Because the deployment is high-risk, you need to roll the new version out to users over a number of hours, to make sure everything is working correctly. You need to be able to control the proportion of users seeing the new version of the application down to the percentage point. You use ELB and EC2 with Auto Scaling Groups and custom AMIs with your code pre-installed assigned to Launch Configurations. There are no database-level changes during your deployment. You have been told you cannot spend too much money, so you must not increase the number of EC2 instances much at all during the deployment, but you also need to be able to switch back to the original version of code quickly if something goes wrong.

    What is the best way to meet these requirements?

    • Create a second ELB, Auto Scaling Launch Configuration, and Auto Scaling Group using the Launch Configuration. Create AMIs with all code pre-installed. Assign the new AMI to the second Auto Scaling Launch Configuration. Use Route53 Weighted Round Robin Records to adjust the proportion of traffic hitting the two ELBs.
    • Use the Blue-Green deployment method to enable the fastest possible rollback if needed. Create a full second stack of instances and cut the DNS over to the new stack of instances, and change the DNS back if a rollback is needed.
    • Create AMIs with all code pre-installed. Assign the new AMI to the Auto Scaling Launch Configuration, to replace the old one. Gradually terminate instances running the old code (launched with the old Launch Configuration) and allow the new AMIs to boot to adjust the traffic balance to the new code. On rollback, reverse the process by doing the same thing, but changing the AMI on the Launch Config back to the original code.
    • Migrate to use AWS Elastic Beanstalk. Use the established and well-tested Rolling Deployment setting AWS provides on the new Application Environment, publishing a zip bundle of the new code and adjusting the wait period to spread the deployment over time. Re-deploy the old code bundle to rollback if needed.
    Explanation:

    Only Weighted Round Robin DNS Records and reverse proxies allow such fine-grained tuning of traffic splits. The Blue-Green option does not meet the requirement that we mitigate costs and keep overall EC2 fleet size consistent, so we must select the 2 ELB and ASG option with WRR DNS tuning. This method is called A/B deployment and/or Canary deployment.