Updated Oct 31, 2025 Verified Pass Cloud-Deployment-and-Operations Exam in First Attempt Guaranteed Free Cloud-Deployment-and-Operations Sample Questions and 100% Cover Real Exam Questions (Updated 70 Questions) NEW QUESTION # 24 (What is a patch baseline attached to if it is not defined in Patch Manager?) A. Accelerate patch baseline B. Patch process C. Baseline data set D. Default patch group Answer: [...]

All Products Contact now

Updated Oct 31, 2025 Verified Pass Cloud-Deployment-and-Operations Exam in First Attempt Guaranteed [Q24-Q44]

Share

Updated Oct 31, 2025 Verified Pass Cloud-Deployment-and-Operations Exam in First Attempt Guaranteed

Free Cloud-Deployment-and-Operations Sample Questions and 100% Cover Real Exam Questions (Updated 70 Questions)

NEW QUESTION # 24
(What is a patch baseline attached to if it is not defined in Patch Manager?)

  • A. Accelerate patch baseline
  • B. Patch process
  • C. Baseline data set
  • D. Default patch group

Answer: D

Explanation:
If a patch baseline is not explicitly defined in Patch Manager, it is attached to the default patch group. This default group applies a preconfigured baseline with AWS-recommended patches, ensuring basic compliance for instances without custom baselines. The WGU Cloud Deployment and Operations Study Guide (Section
5.2, Patch Manager) states, "If no custom patch baseline is defined, instances are associated with the default patch group, which uses AWS-provided baseline settings for automatic patch approval." Options A, C, and D are not valid attachments for patch baselines.


NEW QUESTION # 25
(Which two solutions should an administrator use to receive emails when a Lambda function returns an error?
Choose 2 answers.)

  • A. Amazon Simple Notification Service
  • B. Amazon Simple Queue Service
  • C. Amazon CloudWatch
  • D. AWS CloudTrail

Answer: A,C

Explanation:
To receive emails when a Lambda function returns an error, the administrator should use Amazon CloudWatch to monitor the function's logs and metrics (e.g., errors) and Amazon Simple Notification Service (SNS) to send email notifications based on CloudWatch alarms. The WGU Cloud Deployment and Operations Study Guide (Section 4.3, CloudWatch and SNS) states, "CloudWatch can detect Lambda errors via logs and trigger an alarm, which integrates with SNS to send email notifications to subscribed endpoints, ensuring timely error alerts." SQS and CloudTrail are not designed for this notification workflow.


NEW QUESTION # 26
(An administrator needs to troubleshoot a connectivity issue from on-premises computers to public IP addresses assigned to EC2 instances. The administrator suspects the cause to be a network security group.
Which VPC feature should be used to troubleshoot the issue?)

  • A. PrivateLink
  • B. Flow Logs
  • C. Reachability Analyzer
  • D. Traffic Mirroring

Answer: C

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
The Reachability Analyzer in AWS VPC should be used to troubleshoot connectivity issues from on-premises computers to EC2 instances, especially when a network security group (NSG) is suspected. It analyzes the network path and identifies blocked traffic due to NSG rules or route tables. The WGU Cloud Deployment and Operations Study Guide (Section 3.2, VPC Troubleshooting) states, "Reachability Analyzer helps diagnose connectivity issues by simulating traffic paths, identifying if an NSG rule (e.g., blocked port) or route table is causing the problem from on-premises to EC2 public IPs." Flow Logs provide data but not analysis, PrivateLink is for private connections, and Traffic Mirroring is for monitoring.


NEW QUESTION # 27
(A cloud engineer needs to notify the response team whenever a high-security web server responds with a 403 Forbidden error. Which two steps can enable this functionality? Choose 2 answers.)

  • A. Bind a Lambda function to an Apache process
  • B. Send alarms from the Lambda function using Amazon SQS
  • C. Create an alarm for the metric filter to deliver alerts using Amazon SNS
  • D. Define a metric filter for Apache logs in CloudWatch

Answer: C,D

Explanation:
To notify a response team when a high-security web server returns a 403 Forbidden error, two key steps are required. First, define a metric filter for Apache logs in CloudWatch to detect the 403 error code within the log data. This involves setting up a filter pattern to match "403" in the Apache access logs. Second, create an alarm for the metric filter and configure it to deliver alerts using Amazon SNS, which supports email or other notifications to the response team. The WGU Cloud Deployment and Operations Study Guide (Section 4.2, CloudWatch Logs and Alarms) confirms that metric filters and SNS-integrated alarms are the standard approach for monitoring and alerting on log-based events. Options B and D are incorrect as they involve unnecessary or unsupported configurations (e.g., binding Lambda to Apache or using SQS for alarms).


NEW QUESTION # 28
(What should be configured in Systems Manager to set the error threshold for automation documents?)

  • A. Maintenance windows
  • B. Rate control
  • C. Resource group
  • D. Session preferences

Answer: B

Explanation:
In AWS Systems Manager, the error threshold for automation documents is configured using rate control.
Rate control allows administrators to define the maximum number of errors or concurrent executions that can occur before an automation task is throttled or stopped, ensuring system stability. The WGU Cloud Deployment and Operations Study Guide (Section 5.1, Systems Manager Automation) explicitly states, "Rate control settings in Automation documents can be used to specify the maximum number of errors allowed during execution, helping to manage error thresholds effectively." Resource groups, session preferences, and maintenance windows do not directly address error thresholds.


NEW QUESTION # 29
(Which type of support plan provides a technical account manager and full use of Trusted Advisor?)

  • A. Developer
  • B. Standard
  • C. Enterprise
  • D. Business

Answer: C

Explanation:
The Enterprise support plan provides a technical account manager (TAM) and full use of Trusted Advisor, offering proactive guidance and comprehensive access to all checks. This plan is designed for large-scale, mission-critical workloads. The WGU Cloud Deployment and Operations Study Guide (Section 6.4, AWS Support Plans) states, "The Enterprise support plan includes a dedicated Technical Account Manager and full Trusted Advisor access, providing 24/7 support and proactive optimization recommendations." Developer, Standard, and Business plans offer limited or no TAM support and partial Trusted Advisor access.


NEW QUESTION # 30
(What should be used to monitor estimated AWS charges?)

  • A. Billing alarm
  • B. Forecast
  • C. Cognito
  • D. Pricing Calculator

Answer: A

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
A Billing alarm in Amazon CloudWatch should be used to monitor estimated AWS charges by setting thresholds on cost metrics and triggering notifications when exceeded. This helps manage budgets effectively.
The WGU Cloud Deployment and Operations Study Guide (Section 7.4, Cost Monitoring) states, "Billing alarms in CloudWatch monitor estimated charges against a defined threshold, sending alerts via SNS to prevent cost overruns." Cognito handles user authentication, Pricing Calculator estimates costs pre- deployment, and Forecast predicts usage, none of which monitor real-time charges.


NEW QUESTION # 31
(A company manages a containerized application by manually deploying AWS compute instances. Which solution should be used to optimize the cost of the application?)

  • A. RDS
  • B. EFS
  • C. Aurora
  • D. Fargate

Answer: D

Explanation:
AWS Fargate should be used to optimize the cost of a containerized application by eliminating the need for manual instance management, as it provides serverless container orchestration that automatically scales and charges only for resource usage. The WGU Cloud Deployment and Operations Study Guide (Section 7.5, Fargate) states, "Fargate optimizes costs for containerized applications by removing the overhead of managing EC2 instances, scaling automatically, and billing based on vCPU and memory usage, reducing manual deployment expenses." Aurora, RDS, and EFS are database or storage solutions not designed for container cost optimization.


NEW QUESTION # 32
(Which CloudWatch metric filter includes log events with the word ERROR but excludes log events with the word WARNING?)

  • A. ERROR -WARN
  • B. "ERROR" WARN
  • C. ?ERROR ?WARN
  • D. ERROR WARN

Answer: A

Explanation:
A metric filter in Amazon CloudWatch Logs can be used to search for specific terms in log data and create metrics based on the matches. To include log events with the word "ERROR" and exclude those with the word "WARNING," the correct syntax involves using a filter pattern with a positive match for "ERROR" and a negation for "WARNING." The correct pattern is "ERROR -WARN," where the minus sign (-) indicates exclusion of log events containing "WARN." According to the WGU Cloud Deployment and Operations Study Guide (Section 4.2, CloudWatch Logs), metric filters use a pattern-based syntax where terms are included or excluded using positive matches and the negation operator (-). This ensures that only logs with
"ERROR" and without "WARN" are processed into the metric.


NEW QUESTION # 33
(What can AWS Config directly invoke to cause remediation of findings?)

  • A. Lambda function
  • B. CloudWatch alarm
  • C. Systems Manager document
  • D. Control Tower guardrail

Answer: A

Explanation:
AWS Config can directly invoke an AWS Lambda function to cause remediation of findings by triggering automated responses to configuration changes or non-compliant resources. This integration enables real-time corrective actions. The WGU Cloud Deployment and Operations Study Guide (Section 6.1, AWS Config) states, "AWS Config can invoke a Lambda function as a remediation action, allowing automated fixes for non- compliant resources (e.g., terminating unauthorized instances)." Control Tower guardrails, CloudWatch alarms, and Systems Manager documents are not directly invoked by Config for this purpose.


NEW QUESTION # 34
(Where does Patch Manager send compliance reports?)

  • A. OpsWorks
  • B. Route 53
  • C. Simple Storage Service (S3)
  • D. Elastic Block Store (EBS)

Answer: C

Explanation:
Patch Manager in AWS Systems Manager sends compliance reports to an Amazon S3 bucket, where they are stored for auditing and analysis. This allows administrators to track patch compliance status across EC2 instances and on-premises servers. The WGU Cloud Deployment and Operations Study Guide (Section 5.2, Patch Manager) states, "Patch Manager compliance reports are delivered to an S3 bucket configured as a target, providing a centralized location for reviewing patch status and compliance data." OpsWorks, EBS, and Route 53 are not used for storing these reports.


NEW QUESTION # 35
(Which service enables a company to enforce and manage governance rules across multiple AWS accounts?)

  • A. Control Tower
  • B. Security Hub
  • C. GuardDuty
  • D. Systems Manager

Answer: A

Explanation:
AWS Control Tower enables a company to enforce and manage governance rules across multiple AWS accounts by setting up a landing zone with preconfigured policies for security, compliance, and operations. It simplifies multi-account management. The WGU Cloud Deployment and Operations Study Guide (Section
6.5, Control Tower) states, "Control Tower provides a centralized solution to establish and enforce governance rules across multiple accounts, using guardrails and a landing zone to ensure compliance with organizational policies." Security Hub, GuardDuty, and Systems Manager do not offer this multi-account governance capability.


NEW QUESTION # 36
(Which AWS CloudFormation feature should be used to specify the AWS resources to be provisioned?)

  • A. Change set
  • B. Exports
  • C. StackSet
  • D. Template

Answer: D

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
The CloudFormation template feature should be used to specify the AWS resources to be provisioned. A template is a JSON or YAML file that defines the resources (e.g., EC2 instances, S3 buckets) and their configurations for deployment. The WGU Cloud Deployment and Operations Study Guide (Section 5.3, CloudFormation Templates) states, "The template is the core component of CloudFormation, containing the resource specifications and properties that are provisioned when a stack is created." Change sets, exports, and stack sets serve different purposes (e.g., previewing changes, sharing outputs, managing multiple stacks).


NEW QUESTION # 37
(Media files are stored in an S3 bucket in region A. Demand for the files from region B has increased. Region B is suffering from some latency issues due to geographical location. Which type of replication will reduce the latency in region B?)

  • A. S3 Versioning
  • B. Cross-Region
  • C. Same-Region
  • D. S3 Batch

Answer: B

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
To reduce latency in region B due to increased demand for media files stored in region A, cross-region replication (CRR) should be used. CRR replicates objects to an S3 bucket in another region (e.g., region B), allowing users to access files from a closer location, thus minimizing latency. The WGU Cloud Deployment and Operations Study Guide (Section 2.2, S3 Replication) states, "Cross-Region Replication in S3 copies objects to a destination bucket in a different region, reducing latency by enabling access to data from the nearest region, such as region B in this case." S3 Batch, S3 Versioning, and Same-Region replication do not address cross-region latency.


NEW QUESTION # 38
(An administrator plans to deploy a database to AWS that supports the following: multiple Availability Zones, a standby database instance that provides failover support, a database instance that allows only read-only connections. Which two database solutions should the administrator use? Choose 2 answers.)

  • A. Amazon RDS Multi-AZ DB instance
  • B. Amazon Aurora DB instance with Aurora Replica
  • C. Amazon RDS Multi-AZ DB cluster
  • D. Amazon Aurora DB cluster with multi-master replication

Answer: A,B

Explanation:
To meet the requirements, the administrator should use an Amazon RDS Multi-AZ DB instance for multiple Availability Zones and failover support, and an Amazon Aurora DB instance with Aurora Replica for a read- only connection. The RDS Multi-AZ configuration automatically provisions a standby instance in a different AZ for failover, while Aurora Replicas provide read-only instances for scaling read traffic. The WGU Cloud Deployment and Operations Study Guide (Section 7.1, RDS and Aurora) states, "RDS Multi-AZ deploys a standby instance across AZs for failover, and Aurora Replicas are read-only instances that enhance performance by offloading read traffic from the primary instance." Options A and D are incorrect as multi- master replication and Multi-AZ clusters do not align with the read-only requirement.


NEW QUESTION # 39
(A company configures the CloudFront caching TTL to the following settings: Min: 0, Max: 172800. An administrator updates the Cache-Control setting to 432000. However, objects are only cached for 48 hours.
What is required to ensure objects are cached for up to 120 hours?)

  • A. Configure the Min setting for 432000
  • B. Configure the Cache-Control setting for 172800
  • C. Configure the expiration setting for 172800
  • D. Configure the Max setting for 432000

Answer: D

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
In Amazon CloudFront, the caching TTL is controlled by the minimum and maximum TTL settings, with the maximum TTL (in seconds) capping the cache duration. The current Max TTL is 172800 seconds (48 hours), and the Cache-Control setting of 432000 seconds (120 hours) is ignored because it exceeds the Max TTL. To cache objects for up to 120 hours, the Max setting must be configured to 432000 seconds. The WGU Cloud Deployment and Operations Study Guide (Section 4.4, CloudFront Caching) states, "The maximum TTL in CloudFront settings (e.g., 172800 seconds) overrides any higher Cache-Control value; to allow 120 hours (432000 seconds), the Max TTL must be set accordingly." Adjusting Min, expiration, or Cache-Control alone does not resolve this.


NEW QUESTION # 40
(Which two languages are used by CloudFormation to define infrastructure? Choose 2 answers.)

  • A. C#
  • B. YAML
  • C. JSON
  • D. XML

Answer: B,C

Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
AWS CloudFormation uses YAML and JSON languages to define infrastructure as code (IaC) templates, specifying resources, parameters, and configurations. These formats are human-readable and support the creation of stacks for provisioning AWS resources. The WGU Cloud Deployment and Operations Study Guide (Section 5.3, CloudFormation) states, "CloudFormation templates can be written in YAML or JSON, both of which are supported for defining infrastructure resources like EC2 instances and S3 buckets." XML and C# are not supported languages for CloudFormation templates.


NEW QUESTION # 41
(Which function is used to obtain components defined in an AWS CloudFormation template?)

  • A. Ref
  • B. GetAZs
  • C. ImportValue
  • D. Cidr

Answer: A

Explanation:
The `Ref` function in an AWS CloudFormation template is used to obtain values of components defined within the template, such as resource IDs, parameters, or outputs. This function allows dynamic referencing of resources during stack creation. The WGU Cloud Deployment and Operations Study Guide (Section 5.3, CloudFormation Functions) states, "The `Ref` function is used to reference the logical IDs of resources, parameters, or mappings defined in the template, enabling dynamic value retrieval (e.g., `Ref:
MyEC2Instance` returns the instance ID)." ImportValue is used for cross-stack references, Cidr for IP range calculations, and GetAZs for availability zone lists, making them unsuitable here.


NEW QUESTION # 42
(A company is using the CloudWatch agent on its EC2 Linux instances. The company needs to determine how long read requests have waited on the instance's I/O for proper sizing of the instance. Which metric should the company use?)

  • A. disk_io_time
  • B. disk_read_ops
  • C. diskio_read_bytes
  • D. diskio_reads

Answer: A

Explanation:
The `disk_io_time` metric, collected by the CloudWatch agent on EC2 Linux instances, measures the total time (in milliseconds) that read and write requests have waited on I/O, helping to assess disk performance for instance sizing. The WGU Cloud Deployment and Operations Study Guide (Section 4.1, CloudWatch Agent Metrics) states, "The `disk_io_time` metric, available via the CloudWatch agent, tracks the time spent waiting for I/O operations, providing insight into disk contention for optimizing EC2 instance sizing." disk_read_ops, diskio_reads, and diskio_read_bytes measure operation counts or bytes, not wait times.


NEW QUESTION # 43
(An administrator needs to create Systems Manager Automation documents to take action based on AWS Config rules. Which two file formats should be used? Choose 2 answers.)

  • A. CSV
  • B. YAML
  • C. JSON
  • D. XML

Answer: B,C

Explanation:
Systems Manager Automation documents can be created using JSON or YAML file formats to define workflows and actions based on AWS Config rules. These formats allow administrators to specify the steps and parameters for automation tasks, such as remediation actions triggered by Config rule evaluations. The WGU Cloud Deployment and Operations Study Guide (Section 5.1, Systems Manager Automation) states that both JSON and YAML are supported formats for writing Automation documents, providing flexibility in scripting automation logic. XML and CSV are not supported formats for this purpose.


NEW QUESTION # 44
......

Download Real WGU Cloud-Deployment-and-Operations Exam Dumps Test Engine Exam Questions: https://pass4sure.guidetorrent.com/Cloud-Deployment-and-Operations-dumps-questions.html

Related Articles

more
WGU Cloud-Deployment-and-Operations Certification Practice Exam