AWS-DEVOPS-ENGINEER

A company has an application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The EC2 instances are in multiple Availability Zones. The application was misconfigured in a single Availability Zone, which caused a partial outage of the application.A DevOps engineer made changes to ensure that the unhealthy EC2 instances in one Availability Zone do not affect the healthy EC2 instances in the other Availability Zones. The DevOps engineer needs to test the application's failover and shift where the ALB sends traffic. During failover, the ALB must avoid sending traffic to the Availability Zone where the failure has occurred.Which solution will meet these requirements?

A development team is using AWS CodeCommit to version control application code and AWS CodePipeline to orchestrate software deployments. The team has decided to use a remote main branch as the trigger for the pipeline to integrate code changes. A developer has pushed code changes to the CodeCommit repository, but noticed that the pipeline had no reaction, even after 10 minutes.Which of the following actions should be taken to troubleshoot this issue?

A company has a web application that is hosted on Amazon EC2 instances. The company is deploying the application into multiple AWS Regions.The application consists of dynamic content such as WebSocket-based real-time product updates. The company uses Amazon Route 53 to manage all DNS records.Which solution will provide multi-Region access to the application with the LEAST latency?

A company wants to build a pipeline to update the standard AMI monthly. The AMI must be updated to use the most recent patches to ensure that launched Amazon EC2 instances are up to date. Each new AMI must be available to all AWS accounts in the company's organization in AWS Organizations.The company needs to configure an automated pipeline to build the AMI.Which solution will meet these requirements with the MOST operational efficiency?

A company has a workflow that generates a file for each of the company's products and stores the files in a production environment Amazon S3 bucket. The company's users can access the S3 bucket.Each file contains a product ID. Product IDs for products that have not been publicly announced are prefixed with a specific UUID. Product IDs are 12 characters long. IDs for products that have not been publicly announces begin with the letter P.The company does not want information about products that have not been publicly announced to be available in the production environment S3 bucket.Which solution will meet these requirements?

A company is migrating its web application to AWS. The application uses WebSocket connections for real-time updates and requires sticky sessions.A DevOps engineer must implement a highly available architecture for the application. The application must be accessible to users worldwide with the least possible latency.Which solution will meet these requirements with the LEAST operational overhead?

A company has an organization in AWS Organizations with many Oils that contain many AWS accounts. The organization has a dedicated delegated administrator AWS account.The company needs the accounts in one OU to have server-side encryption enforced for all Amazon Elastic Block Store (Amazon EBS) volumes and Amazon Simple Queue Service (Amazon SQS) queues that are created or updated on an AWS CloudFormation stack.Which solution will enforce this policy before a CloudFormation stack operation in the accounts of this OU?

A company has a web application that is hosted on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The EKS cluster runs on AWS Fargate that is available through an internet-facing Application Load Balancer.The application is experiencing stability issues that lead to longer response times. A DevOps engineer needs to configure observability in Amazon CloudWatch to troubleshoot the issue. The solution must provide only the minimum necessary permissions.Which combination of steps will meet these requirements? (Choose three.) E. Configure an IAM OpenID Connect (OIDC) provider for the EKS cluster. F. Enable EKS control plane logging for the EKS cluster.

A company has containerized all of its in-house quality control applications. The company is running Jenkins on Amazon EC2 instances, which require patching and upgrading. The compliance officer has requested a DevOps engineer begin encrypting build artifacts since they contain company intellectual property.What should the DevOps engineer do to accomplish this in the MOST maintainable manner?

A company has a mobile application that makes HTTP API calls to an Application Load Balancer (ALB). The ALB routes requests to an AWS Lambda function. Many different versions of the application are in use at any given time, including versions that are in testing by a subset of users. The version of the application is defined in the user-agent header that is sent with all requests to the API.After a series of recent changes to the API, the company has observed issues with the application. The company needs to gather a metric for each API operation by response code for each version of the application that is in use. A DevOps engineer has modified the Lambda function to extract the API operation name, version information from the user-agent header and response code.Which additional set of actions should the DevOps engineer take to gather the required metrics?

A DevOps engineer is implementing governance controls for a company that requires its infrastructure to be housed within the United States. The company has many AWS accounts in an organization in AWS Organizations that has all features enabled.The engineer must restrict which AWS Regions the company can use. The engineer must also ensure that an alert is sent as soon as possible if any activity outside the governance policy occurs. The controls must be automatically enabled on any new Region outside the United States.Which combination of steps will meet these requirements? (Choose two.) E. Create an Organizations SCP allow policy that has a condition that the aws:RequestedRegion property matches a list of all US Regions. Include an exception in the policy for global services. Attach the policy to the root of the organization.

A company manages a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The EC2 instances run in an Auto Scaling group across multiple Availability Zones. The application uses an Amazon RDS for MySQL DB instance to store the data. The company has configured Amazon Route 53 with an alias record that points to the ALB.A new company guideline requires a geographically isolated disaster recovery (DR) site with an RTO of 4 hours and an RPO of 15 minutes.Which DR strategy will meet these requirements with the LEAST change to the application stack?

A software development team is implementing a CI/CD pipeline for its web application. The team is using AWS CodeBuild to compile Java-based source code and to run unit tests.The team needs to store the artifacts that are created by the CodeBuild project.Which solution will meet this requirement?

A DevOps engineer needs to apply a core set of security controls to an existing set of AWS accounts. The accounts are in an organization in AWS Organizations. Individual teams will administer individual accounts by using the AdministratorAccess AWS managed policy. For all accounts. AWS CloudTrail and AWS Config must be turned on in all available AWS Regions. Individual account administrators must not be able to edit or delete any of the baseline resources. However, individual account administrators must be able to edit or delete their own CloudTrail trails and AWS Config rules.Which solution will meet these requirements in the MOST operationally efficient way?

A company is developing an ecommerce application on AWS. The company wants to make sure that the application can handle sudden increases in traffic.The company uses AWS CodePipeline for its CI/CD process. The company must implement a solution to integrate automated load testing into the CI/CD pipeline to validate the application's performance. The solution must perform production deployment only if the performance exceeds a threshold.Which solution will meet these requirements with the LEAST operational overhead?

A company requires that its internally facing web application be highly available. The architecture is made up of one Amazon EC2 web server instance and one NAT instance that provides outbound internet access for updates and accessing public data.Which combination of architecture adjustments should the company implement to achieve high availability? (Choose two.) E. Replace the NAT instance with a NAT gateway that spans multiple Availability Zones. Update the route tables.

A company is implementing a standardized security baseline across its AWS accounts. The accounts are in an organization in AWS Organizations.The company must deploy consistent IAM roles and policies across all existing and future accounts in the organization.Which solution will meet these requirements with the MOST operational efficiency?

A company is implementing a CI/CD pipeline for an application by using AWS CodePipeline and AWS CodeBuild. The company needs a solution to run unit tests and automatically generate code coverage reports before any code is deployed to production. The CI/CD pipeline execution must fail if the code coverage is less than 80%.Which solution will meet these requirements?

A company is developing a microservices-based application on AWS. The application consists of AWS Lambda functions and Amazon Elastic Container Service (Amazon ECS) services that need to be deployed frequently.A DevOps engineer needs to implement a consistent deployment solution across all components of the application. The solution must automate the deployments, minimize downtime during updates, and manage configuration data for the application.Which solution will meet these requirements with the LEAST development effort?

A company is running its ecommerce website on AWS. The website is currently hosted on a single Amazon EC2 instance in one Availability Zone. A MySQL database runs on the same EC2 instance.The company needs to eliminate single points of failure in the architecture to improve the website's availability and resilience.Which solution will meet these requirements with the LEAST configuration changes to the website?

A company uses a pipeline in AWS CodePipeline to deploy an application. The company created an AWS Fault Injection Service (AWS FIS) experiment template to test the resiliency of the application. A DevOps engineer needs to integrate the experiment into the pipeline.Which solution will meet this requirement?

A company is developing code and wants to use semantic versioning. The company's DevOps team needs to create a pipeline for compiling the code. The team also needs to manage versions of the compiled code. If the code uses any open source libraries, the libraries must also be cached in the build process.Which solution will meet these requirements?

A company has multiple development teams in separate business units that work in a single shared AWS account. All Amazon EC2 resources that users create in the account must include tags that specify which user created the resources. The tagging must occur within the first hour of resource creation.A DevOps engineer needs to add tags to new resources that include the ID of the user that created the resource and the appropriate cost center ID. The DevOps engineer configures an AWS Lambda function to use the cost center mappings to tag the resources. The DevOps engineer also sets up AWS CloudTrail in the shared AWS account. An Amazon S3 bucket stores the CloudTrail event logs.Which solution will meet the tagging requirements?

A company has an AWS account named PipelineAccount. The account manages a pipeline in AWS CodePipeline. The account uses an IAM role named CodePipeline_Service_Role and produces an artifact that is stored in an Amazon S3 bucket. The company uses a customer managed AWS KMS key to encrypt objects in the S3 bucket.A DevOps engineer wants to configure the pipeline to use an AWS CodeDeploy application in an AWS account named CodeDeployAccount to deploy the produced artifact.The DevOps engineer updates the KMS key policy to grant the CodeDeployAccount account permission to use the key. The DevOps engineer configures an IAM role named DevOps_Role in the CodeDeployAccount account that has access to the CodeDeploy resources that the pipeline requires. The DevOps engineer updates an Amazon EC2 instance role that operates within the CodeDeployAccount account to allow access to the S3 bucket and the KMS key that is in the PipelineAccount account.Which additional steps will meet these requirements?

A company hosts several applications in an AWS account. Each application sends logs to its own log group in Amazon CloudWatch. The company's CloudWatch costs for ingestion are increasing.A DevOps engineer needs to identify which applications are the source of the increased logging costs.Which solution will meet this requirement in the MOST operationally efficient way?

A DevOps team operates an integration service that runs on an Amazon EC2 instance. The DevOps team uses Amazon Route 53 to manage the integration service's domain name by using a simple routing record. The integration service is stateful and uses Amazon Elastic File System (Amazon EFS) for data storage and state storage. The integration service does not support load balancing between multiple nodes.The DevOps team deploys the integration service on a new EC2 instance as a warm standby to reduce the mean time to recovery. The DevOps team wants the integration service to automatically fail over to the standby EC2 instance.Which solution will meet these requirements?

A DevOps engineer updates an AWS CloudFormation stack to add a nested stack that includes several Amazon EC2 instances. When the DevOps engineer attempts to deploy the updated stack, the nested stack fails to deploy.What should the DevOps engineer do to determine the cause of the failure?

A company's application development team uses Linux-based Amazon EC2 instances as bastion hosts. Inbound SSH access to the bastion hosts is restricted to specific IP addresses, as defined in the associated security groups. The company's security team wants to receive a notification if the security group rules are modified to allow SSH access from any IP address.What should a DevOps engineer do to meet this requirement?

A video platform company is migrating its video catalog to AWS. The company will host MP4 videos files in an Amazon S3 bucket. The company will use Amazon CloudFront and Amazon EC2 instances to serve the video files.Users first connect to a frontend application that redirects to a video URL. The video URL contains an authorization token in CloudFront. The cache is activated on the CloudFront distribution. Authorization token check activity needs to be logged in Amazon CloudWatch.The company wants to prevent direct access to video files on CloudFront and Amazon S3 and wants to implement checks of the authorization token that the frontend application provides. The company also wants to perform regular rolling updates of the code that checks the authorization token signature.Which solution will meet these requirements with the LEAST operational effort?

A DevOps engineer has implemented a CI/CD pipeline to deploy an AWS CloudFormation template that provisions a web application. The web application consists of an Application Load Balancer (ALB), a target group, a launch template that uses an Amazon Linux 2 AMI, an Auto Scaling group of Amazon EC2 instances, a security group, and an Amazon RDS for MySQL database. The launch template includes user data that specifies a script to install and start the application.The initial deployment of the application was successful. The DevOps engineer made changes to update the version of the application with the user data. The CI/CD pipeline has deployed a new version of the template. However, the health checks on the ALB are now failing. The health checks have marked all targets as unhealthy.During investigation, the DevOps engineer notices that the CloudFormation stack has a status of UPDATE_COMPLETE. However, when the DevOps engineer connects to one of the EC2 instances and checks /var/log/messages, the DevOps engineer notices that the Apache web server failed to start successfully because of a configuration error.How can the DevOps engineer ensure that the CloudFormation deployment will fail if the user data fails to successfully finish running?