ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 33 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 33
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A healthcare services company is concerned about the growing costs of software licensing for an application for monitoring patient wellness. The company wants to create an audit process to ensure that the application is running exclusively on Amazon EC2 Dedicated Hosts. A DevOps Engineer must create a workflow to audit the application to ensure compliance.
What steps should the Engineer take to meet this requirement with the LEAST administrative overhead?

  • A. Use AWS Systems Manager Configuration Compliance. Use calls to the put-compliance-items API action to scan and build a database of noncompliant EC2 instances based on their host placement configuration. Use an Amazon DynamoDB table to store these instance IDs for fast access. Generate a report through Systems Manager by calling the list-compliance-summaries API action.
  • B. Use custom Java code running on an EC2 instance. Set up EC2 Auto Scaling for the instance depending on the number of instances to be checked. Send the list of noncompliant EC2 instance IDs to an Amazon SQS queue. Set up another worker instance to process instance IDs from the SQS queue and write them to Amazon DynamoDB. Use an AWS Lambda function to terminate noncompliant instance IDs obtained from the queue, and send them to an Amazon SNS email topic for distribution.
  • C. Use AWS Config. Identify all EC2 instances to be audited by enabling Config Recording on all Amazon EC2 resources for the region. Create a custom AWS Config rule that triggers an AWS Lambda function by using the ג€config-rule-change-triggeredג€ blueprint. Modify the Lambda evaluateCompliance() function to verify host placement to return a NON_COMPLIANT result if the instance is not running on an EC2 Dedicated Host. Use the AWS Config report to address noncompliant instances.
  • D. Use AWS CloudTrail. Identify all EC2 instances to be audited by analyzing all calls to the EC2 RunCommand API action. Invoke an AWS Lambda function that analyzes the host placement of the instance. Store the EC2 instance ID of noncompliant resources in an Amazon RDS MySQL DB instance. Generate a report by querying the RDS instance and exporting the query results to a CSV text file.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by agomes at July 24, 2019, 7:20 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
YashBindlish
Highly Voted 3 years, 8 months ago
Correct Answer is "C" A will only help in ompliance to scan your fleet of managed instances for patch compliance and configuration inconsistencies. but when it comes to software licensing compliance aws config rules nables you to assess compliance with your server-bound software licenses
upvoted 24 times
...
amzngenius
Highly Voted 3 years, 8 months ago
C: https://aws.amazon.com/about-aws/whats-new/2015/11/use-aws-config-to-track-ec2-instances-on-dedicated-hosts-and-assess-license-compliance/
upvoted 9 times
pleasespammelater
3 years, 7 months ago
This is for tracking what is running on dedicated hosts. It won't help with detecting when your software ISN'T running on your dedicated hosts. For that you need a custom rule. https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_getting-started.html Also, the Lambda blueprint function is actually called "evaluateChangeNotificationCompliance". I'm guessing this has just changed over time so it's still the correct answer. https://console.aws.amazon.com/lambda/home?region=us-east-1#/create/function/configure/blueprint?blueprint=config-rule-change-triggered
upvoted 2 times
...
...
Bulti
Most Recent 2 years, 4 months ago
Correct answer is C.
upvoted 1 times
...
SamHan
2 years, 9 months ago
Selected Answer: C
Ans: C
upvoted 1 times
...
nebojsaMa
3 years, 7 months ago
The answer is C why: References: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-aws-config.html https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-compliance-about.html#sysman-compliance-custom https://aws.amazon.com/blogs/aws/now-available-ec2-dedicated-hosts/
upvoted 2 times
...
WhyIronMan
3 years, 7 months ago
I'll go with C
upvoted 2 times
...
aws_Tamilan
3 years, 7 months ago
Correct Answer: C Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-aws-config.html https://aws.amazon.com/about-aws/whats-new/2015/11/use-aws-config-to-track-ec2-instances-on-dedicated-hosts-and-assess-license-compliance/
upvoted 1 times
...
fogunfunminiyi
3 years, 7 months ago
C is the answer. Remember when compliance is mentioned, think config, config rule, etc. If the compliance has to do with EC2 instance or instance AMI inspection, think inspector
upvoted 7 times
...
jackdryan
3 years, 7 months ago
I'll go with C
upvoted 2 times
...
ChauPhan
3 years, 7 months ago
I'll go with C https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-aws-config.html
upvoted 1 times
...
Raj9
3 years, 7 months ago
C - directly related to https://aws.amazon.com/blogs/aws/now-available-ec2-dedicated-hosts/
upvoted 1 times
...
yassu
3 years, 8 months ago
C is correct
upvoted 1 times
...
xaocho
3 years, 8 months ago
It is C
upvoted 1 times
...
AdityaB
3 years, 8 months ago
C -- AWS Config records the configuration details of Dedicated hosts and the instances that you launch on them
upvoted 1 times
...
dinhvu
3 years, 8 months ago
answer is C thanks amzngenus for the document
upvoted 1 times
...
jiedee
3 years, 8 months ago
i will go with c
upvoted 3 times
...
neil001
3 years, 8 months ago
Answer is indeed C and mentioned in the aws dedicated hosts web page, check "License Usage Reporting" in the link below https://aws.amazon.com/ec2/dedicated-hosts/
upvoted 6 times
pleasespammelater
3 years, 8 months ago
The page must have been changed - License Usage Reporting is not there.
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel