[2026] Pass WGU Cloud-Deployment-and-Operations Exam Updated 70 Questions
Get 2026 Updated Free WGU Cloud-Deployment-and-Operations Exam Questions and Answer
WGU Cloud-Deployment-and-Operations Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
NEW QUESTION # 10
(What is the role of a patch baseline in Patch Manager?)
- A. Installs all patch updates as they become available by default
- B. Defines patches that should and should not be installed on EC2 instances
- C. Assigns an IAM role for services that can auto-approve patches upon release
- D. Notifies Config of any patch updates that need to be performed
Answer: B
Explanation:
A patch baseline in Patch Manager defines the patches that should and should not be installed on EC2 instances, specifying approval rules for security updates, other updates, and exclusions. This ensures controlled and compliant patching. The WGU Cloud Deployment and Operations Study Guide (Section 5.2, Patch Manager) states, "A patch baseline specifies which patches are approved for installation and which are excluded, allowing customization of patch deployment (e.g., approving only critical security updates)." Options A, B, and D misrepresent the baseline's role, as it does not auto-install, assign IAM roles, or notify Config directly.
NEW QUESTION # 11
(An AWS SysOps administrator needs to configure Amazon Route 53 to load balance customer requests across multiple identically configured websites. The load balancing method must ensure that the customer requests are directed to the website that offers the shortest round-trip time. Which routing policy should be used?)
- A. Weighted
- B. Latency
- C. Geoproximity
- D. Geolocation
Answer: B
Explanation:
The latency routing policy in Amazon Route 53 should be used to direct customer requests to the website with the shortest round-trip time (RTT). This policy routes traffic to the AWS region with the lowest latency based on the user's location, optimizing performance. The WGU Cloud Deployment and Operations Study Guide (Section 3.1, Route 53 Routing Policies) states, "The latency-based routing policy in Route 53 measures RTT to direct users to the region with the lowest latency, improving user experience across multiple websites." Geolocation, geoproximity, and weighted policies do not prioritize RTT in this manner.
NEW QUESTION # 12
(Which service should be used to schedule the patching of EC2 instances and on-premises servers with security updates?)
- A. EventBridge
- B. Config
- C. App Runner
- D. Systems Manager
Answer: D
Explanation:
AWS Systems Manager should be used to schedule the patching of EC2 instances and on-premises servers with security updates, utilizing features like Patch Manager and maintenance windows. This service supports hybrid environments and automated patch deployment. The WGU Cloud Deployment and Operations Study Guide (Section 5.2, Systems Manager Patch Manager) states, "Systems Manager provides Patch Manager to schedule and deploy security updates to EC2 instances and on-premises servers during maintenance windows, ensuring consistent patching across hybrid environments." EventBridge, Config, and App Runner do not offer this patching capability.
NEW QUESTION # 13
(What is the role of AWS Trusted Advisor?)
- A. It provides recommendations to help follow AWS best practices.
- B. It provides an assessment on unused IAM roles.
- C. It provides a holistic overview of the health of architecture.
- D. It provides recommendations on patches to be performed on resources.
Answer: A
Explanation:
AWS Trusted Advisor provides recommendations to help follow AWS best practices, analyzing the environment for cost optimization, security, performance, and fault tolerance. It offers actionable insights to improve resource usage. The WGU Cloud Deployment and Operations Study Guide (Section 6.4, Trusted Advisor) states, "Trusted Advisor evaluates your AWS environment against best practices, providing recommendations in categories like cost optimization and security (e.g., enabling MFA or removing unused resources)." Options A, B, and C overstate or misrepresent its role, as it does not focus solely on unused IAM roles, holistic health overviews, or patch recommendations.
NEW QUESTION # 14
(A company is using Route 53 for Domain Name System (DNS) hosting. The company requires a zone that should only be accessible from instances in a Virtual Private Cloud (VPC). Which type of hosted zone should be used?)
- A. Private Zone
- B. Public Hosted Zone
- C. Lightsail DNS Zone
- D. DNS Zone
Answer: A
Explanation:
A Private Hosted Zone in Amazon Route 53 should be used to restrict DNS resolution to instances within a Virtual Private Cloud (VPC), ensuring that the zone is only accessible internally. This isolates DNS services from public internet access. The WGU Cloud Deployment and Operations Study Guide (Section 3.1, Route 53 Hosted Zones) states, "A Private Hosted Zone in Route 53 limits DNS resolution to resources within a specified VPC, preventing external access and enhancing security for internal services." Public Hosted Zones, DNS Zones, and Lightsail DNS Zones do not provide this VPC-specific restriction.
NEW QUESTION # 15
(Which AWS monitoring feature is used to process events using AWS Lambda?)
- A. Metrics
- B. Targets
- C. Logs
- D. Rules
Answer: D
Explanation:
The AWS monitoring feature used to process events with AWS Lambda is CloudWatch Events, specifically through the use of rules. Rules define the events to monitor (e.g., based on event patterns) and specify targets like AWS Lambda functions to process those events. The WGU Cloud Deployment and Operations Study Guide (Section 4.3, CloudWatch Events) explains that rules are the core component for event-driven architectures, enabling automation by linking events to Lambda for processing. Metrics, targets, and logs are related but not the primary feature for this function.
NEW QUESTION # 16
(Which type of support plan provides a technical account manager and full use of Trusted Advisor?)
- A. Enterprise
- B. Developer
- C. Business
- D. Standard
Answer: A
Explanation:
The Enterprise support plan provides a technical account manager (TAM) and full use of Trusted Advisor, offering proactive guidance and comprehensive access to all checks. This plan is designed for large-scale, mission-critical workloads. The WGU Cloud Deployment and Operations Study Guide (Section 6.4, AWS Support Plans) states, "The Enterprise support plan includes a dedicated Technical Account Manager and full Trusted Advisor access, providing 24/7 support and proactive optimization recommendations." Developer, Standard, and Business plans offer limited or no TAM support and partial Trusted Advisor access.
NEW QUESTION # 17
(What needs to be configured in Systems Manager to run Automation documents on schedule?)
- A. Rate control
- B. Resource groups
- C. Maintenance window
- D. Session preferences
Answer: C
Explanation:
To run Automation documents on a schedule in AWS Systems Manager, a maintenance window must be configured. Maintenance windows define the time periods during which automated tasks, including the execution of Automation documents, can run. The WGU Cloud Deployment and Operations Study Guide (Section 5.2, Maintenance Windows) explains that maintenance windows are used to schedule and control the execution of Systems Manager tasks, ensuring they align with operational windows. Rate control, session preferences, and resource groups are not used for scheduling automation tasks.
NEW QUESTION # 18
(A company stores critical data on general-purpose Amazon EBS volumes. The company can only tolerate the loss of up to one hour of data. Which solution should be used to protect data from loss?)
- A. Enable automated volume backups in Cloud Control
- B. Replace existing volumes with local storage
- C. Schedule automated volume snapshots using CloudWatch Events
- D. Switch to Block Express volume type
Answer: C
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
To protect critical data on EBS volumes with a maximum tolerable data loss of one hour, the company should schedule automated volume snapshots using CloudWatch Events. Snapshots capture the state of the volume at a point in time, and regular scheduling (e.g., every hour) ensures data loss is limited to the snapshot interval.
The WGU Cloud Deployment and Operations Study Guide (Section 7.3, EBS and Snapshots) states,
"Automated EBS snapshots can be scheduled using CloudWatch Events rules to create backups at defined intervals, ensuring an RPO of one hour by capturing volume data regularly." Local storage, Cloud Control backups, and Block Express are not viable solutions for this automated snapshot requirement.
NEW QUESTION # 19
(Which action must be used to create a metric filter in the Amazon CloudWatch console?)
- A. Select a log group
- B. Enable an alarm
- C. Define a trace
- D. Specify a stream
Answer: A
Explanation:
To create a metric filter in the Amazon CloudWatch console, the first step is to select a log group from which the log data will be analyzed. A log group contains log streams, and metric filters are applied to the log data within these groups to extract metrics based on patterns. The WGU Cloud Deployment and Operations Study Guide (Section 4.2, CloudWatch Logs) specifies that the process begins by navigating to the CloudWatch console, selecting a log group, and then defining the filter pattern. Actions like enabling an alarm, defining a trace, or specifying a stream are subsequent or unrelated steps.
NEW QUESTION # 20
(An administrator plans to deploy a database to AWS that supports the following: multiple Availability Zones, a standby database instance that provides failover support, a database instance that allows only read-only connections. Which two database solutions should the administrator use? Choose 2 answers.)
- A. Amazon Aurora DB instance with Aurora Replica
- B. Amazon Aurora DB cluster with multi-master replication
- C. Amazon RDS Multi-AZ DB instance
- D. Amazon RDS Multi-AZ DB cluster
Answer: A,C
Explanation:
To meet the requirements, the administrator should use an Amazon RDS Multi-AZ DB instance for multiple Availability Zones and failover support, and an Amazon Aurora DB instance with Aurora Replica for a read- only connection. The RDS Multi-AZ configuration automatically provisions a standby instance in a different AZ for failover, while Aurora Replicas provide read-only instances for scaling read traffic. The WGU Cloud Deployment and Operations Study Guide (Section 7.1, RDS and Aurora) states, "RDS Multi-AZ deploys a standby instance across AZs for failover, and Aurora Replicas are read-only instances that enhance performance by offloading read traffic from the primary instance." Options A and D are incorrect as multi- master replication and Multi-AZ clusters do not align with the read-only requirement.
NEW QUESTION # 21
(Which two protocols are supported in security group rules? Choose 2 answers.)
- A. ICMP
- B. UDP
- C. BGP
- D. MPLS
Answer: A,B
Explanation:
Security group rules in AWS support the Internet Control Message Protocol (ICMP) and User Datagram Protocol (UDP) for defining inbound and outbound traffic rules. These protocols are commonly used for network communication and monitoring. The WGU Cloud Deployment and Operations Study Guide (Section
3.2, Security Groups) states, "Security groups support protocols like ICMP for diagnostic traffic and UDP for streaming or low-latency applications, allowing fine-grained control over instance access." BGP and MPLS are routing or network layer protocols not supported by security group rules.
NEW QUESTION # 22
(A company has deployed an application to AWS and a standby instance to its on-premises data center. The on-premises infrastructure is a scaled-down version of the AWS infrastructure. Which routing policy in Route
53 will allow the company to send 75% of the load to AWS and the remaining 25% to its on-premises infrastructure?)
- A. Failover routing policy
- B. Geolocation routing policy
- C. Simple routing policy
- D. Weighted routing policy
Answer: D
Explanation:
The weighted routing policy in Amazon Route 53 allows the company to distribute traffic with specific percentages, such as 75% to AWS and 25% to the on-premises infrastructure, by assigning weights to each resource record. This enables load balancing across hybrid environments. The WGU Cloud Deployment and Operations Study Guide (Section 3.1, Route 53 Routing Policies) states, "Weighted routing policy assigns weights to resource record sets (e.g., 75 for AWS, 25 for on-premises), controlling the percentage of traffic directed to each endpoint." Geolocation, failover, and simple policies do not support percentage-based traffic splitting.
NEW QUESTION # 23
(Which type of support plan provides a technical account manager and full use of Trusted Advisor?)
- A. Enterprise
- B. Developer
- C. Business
- D. Standard
Answer: A
Explanation:
The Enterprise support plan provides a technical account manager (TAM) and full use of Trusted Advisor, offering proactive guidance and comprehensive access to all checks. This plan is designed for large-scale, mission-critical workloads. The WGU Cloud Deployment and Operations Study Guide (Section 6.4, AWS Support Plans) states, "The Enterprise support plan includes a dedicated Technical Account Manager and full Trusted Advisor access, providing 24/7 support and proactive optimization recommendations." Developer, Standard, and Business plans offer limited or no TAM support and partial Trusted Advisor access.
NEW QUESTION # 24
(A company that uses five Elastic IP addresses does not want to request more from AWS. Which solution should be used to route requests to a healthy endpoint?)
- A. Register a DNS name to an auto-assigned public IP address
- B. Adjust the TTL of the IP packets
- C. Edit the route table for the VPC
- D. Use Systems Manager to update endpoints
Answer: A
Explanation:
To route requests to a healthy endpoint without requesting additional Elastic IP addresses, the company should register a DNS name to an auto-assigned public IP address using a service like Route 53. This leverages dynamic DNS to distribute traffic, reducing reliance on fixed EIPs. The WGU Cloud Deployment and Operations Study Guide (Section 3.1, Route 53) states, "Registering a DNS name with an auto-assigned public IP in Route 53 allows traffic routing to healthy instances, avoiding the need for additional Elastic IP addresses." TTL adjustment, route table edits, and Systems Manager are not relevant solutions.
NEW QUESTION # 25
......
Verified Cloud-Deployment-and-Operations exam dumps Q&As with Correct 70 Questions and Answers: https://www.realexamfree.com/Cloud-Deployment-and-Operations-real-exam-dumps.html
Cloud-Deployment-and-Operations Dumps PDF and Test Engine Exam Questions: https://drive.google.com/open?id=1qBHq4J7ff-LybHeGhzazMyI3QQEheQt-
