QUESTION 121
A company uses AWS Directory Service for Microsoft Active Directory as its identity provider (IdP). The company requires all infrastructure to be defined and deployed by AWS CloudFormation. A DevOps engineer needs to create a fleet of Windows-based Amazon EC2 instances to host an application. The DevOps engineer has created a CloudFormation template that contains an EC2 launch template, IAM role, EC2 security group, and EC2 Auto Scaling group. The DevOps engineer must implement a solution that joins all EC2 instances to the domain of the AWS Managed Microsoft AD directory. Which solution will meet these requirements with the MOST operational efficiency?
A. In the CloudFormation template, create an AWS::SSM::Document resource that joins the EC2 instance to the AWS Managed Microsoft AD domain by using the parameters for the existing directory. Update the launch template to include the SSMAssociation property to use the new SSM document. Attach the AmazonSSMManagedInstanceCore and AmazonSSMDirectoryServiceAccess AWS managed policies to the IAM role that the EC2 instances use.
B. In the CloudFormation template, update the launch template to include specific tags that propagate on launch. Create an AWS::SSM::Association resource to associate the AWS-JoinDirectory ServiceDomain Automation runbook with the EC2 instances that have the specified tags. Define the required parameters to join the AWS Managed Microsoft AD directory. Attach the AmazonSSMManagedInstanceCore and AmazonSSMDirectoryServiceAccess AWS managed policies to the IAM role that the EC2 instances use.
C. Store the existing AWS Managed Microsoft AD domain connection details in AWS Secrets Manager. In the CloudFormation template, create an AWS::SSM::Association resource to associate the AWS-CreateManagedWindowsInstanceWithApproval Automation runbook with the EC2 Auto Scaling group. Pass the ARNs for the parameters from Secrets Manager to join the domain. Attach the AmazonSSMDirectory ServiceAccess and SecretsManagerReadWrite AWS managed policies to the IAM role that the EC2 instances use.
D. Store the existing AWS Managed Microsoft AD domain administrator credentials in AWS Secrets Manager. In the CloudFormation template, update the EC2 launch template to include user data. Configure the user data to pull the administrator credentials from Secrets Manager and to join the AWS Managed Microsoft AD domain. Attach the AmazonSSMManagedInstanceCore and SecretsManagerReadWrite AS managed policies to the IAM role that the EC2 instances use.
Correct Answer: B
QUESTION 122
A company runs a web application that extends across multiple Availability Zones. The company uses an Application Load Balancer (ALB) for routing, AWS Fargate for the application, and Amazon Aurora for the application data. The company uses AWS CloudFormation templates to deploy the application. The company stores all Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository in the same AWS account and AWS Region. A DevOps engineer needs to establish a disaster recovery (DR) process in another Region. The solution must meet an RPO of 8 hours and an RTO of 2 hours. The company sometimes needs more than 2 hours to build the Docker images from the Dockerfile. Which solution will meet the RTO and RPO requirements MOST cost-effectively?
A. Copy the CloudFormation templates and the Dockerfile to an Amazon S3 bucket in the DR Region. Use AWS Backup to configure automated Aurora cross-Region hourly snapshots. In case of DR, build the most recent Docker image and upload the Docker image to an ECR repository in the DR Region. Use the CloudFormation template that has the most recent Aurora snapshot and the Docker image from the ECR repository to launch a new CloudFormation stack in the DR Region. Update the application DNS records to point to the new ALB.
B. Copy the CloudFormation templates to an Amazon S3 bucket in the DR Region. Configure Aurora automated backup Cross-Region Replication. Configure ECR Cross-Region Replication. In case of DR, use the CloudFormation template with the most recent Aurora snapshot and the Docker image from the local ECR repository to launch a new CloudFormation stack in the DR Region. Update the application DNS records to point to the new ALB.
C. Copy the CloudFormation templates to an Amazon S3 bucket in the DR Region. Use Amazon EventBridge to schedule an AWS Lambda function to take an hourly snapshot of the Aurora database and of the most recent Docker image in the ECR repository. Copy the snapshot and the Docker image to the DR Region. In case of DR, use the CloudFormation template with the most recent Aurora snapshot and the Docker image from the local ECR repository to launch a new CloudFormation stack in the DR Region.
D. Copy the CloudFormation templates to an Amazon S3 bucket in the DR Region. Deploy a second application CloudFormation stack in the DR Region. Reconfigure Aurora to be a global database. Update both CloudFormation stacks when a new application release in the current Region is needed. In case of DR, update the application DNS records to point to the new ALB.
Correct Answer: B
QUESTION 123
A company has an RPO of 24 hours and an RTO of 10 minutes for a critical web application that runs on Amazon EC2 instances. The company uses AWS Organizations to manage its AWS account. The company wants to set up AWS Backup for its AWS environment. A DevOps engineer configures AWS Organizations for AWS Backup. The DevOps engineer creates a new centralized AWS account to store the backups. Each EC2 instance has four Amazon Elastic Block Store (Amazon EBS) volumes attached. Which solution will meet this requirement MOST securely?
A. Create encrypted backup vaults and customer managed AWS KMS keys in both accounts. Configure AWS Backup to create full EC2 backups as AMIs. Copy the backups to the centralized vault.
B. Create encrypted vaults in both accounts by using the source account’s AWS KMS key. Configure AWS Backup to create EC2 AMIs. Copy the AMIs to the centralized vault.
C. Create backup vaults in both accounts. Use AWS managed keys for encryption. Configure AWS Backup to create EC2 AMIs. Copy the AMIs to the centralized vault.
D. Create encrypted vaults in both accounts. Use a customer managed KMS key in the source account. Use an AWS managed key in the centralized account. Configure AWS Backup to create EC2 AMIs. Copy the AMIs to the centralized vault.
Correct Answer: A
QUESTION 124
A DevOps engineer needs to configure an AWS CodePipeline pipeline that publishes container images to an Amazon Elastic Container Registry (Amazon ECR) repository. The pipeline must wait for the previous run to finish and must run when new Git tags are pushed to a Git repository that is connected to AWS CodeConnections. An existing deployment pipeline needs to run in response to the publication of new container images. Which solution will meet these requirements?
A. Configure a CodePipeline V2 type pipeline that uses QUEUED mode. Add a trigger filter to the pipeline definition that includes all tags. Configure an Amazon EventBridge rule that matches container image pushes to start the existing deployment pipeline.
B. Configure a CodePipeline V2 type pipeline that uses SUPERSEDED mode. Add a trigger filter to the pipeline definition that includes all branches. Configure an Amazon EventBridge rule that matches container image pushes to start the existing deployment pipeline.
C. Configure a CodePipeline V1 type pipeline that uses SUPERSEDED mode. Add a trigger filter to the pipeline definition that includes all tags. Add a stage at the end of the pipeline to invoke the existing deployment pipeline.
D. Configure a CodePipeline V1 type pipeline that uses QUEUED mode. Add a trigger filter to the pipeline definition that includes all branches. Add a stage at the end of the pipeline to invoke the existing deployment pipeline.
Correct Answer: A
QUESTION 125
A company operates a fleet of Amazon EC2 instances that host critical applications and handle sensitive data. The EC2 instances must have up-to-date security patches to protect against vulnerabilities and ensure compliance with industry standards and regulations. The company needs an automated solution to monitor and enforce security patch compliance across the EC2 fleet. Which solution will meet these requirements?
A. Configure AWS Systems Manager Patch Manager and AWS Config with defined patch baselines and compliance rules that run Systems Manager Automation documents.
B. Access each EC2 instance by using SSH keys. Check for and apply security updates by using package managers. Verify the installations.
C. Configure Auto Scaling groups that have scaling policies based on Amazon CloudWatch metrics. Configure Auto Scaling launch templates that launch new instances by using the latest AMIs that contain new security patches.
D. Use AWS CloudFormation to recreate EC2 instances with the latest AMI every time a new patch becomes available. Use AWS CloudTrail logs to monitor patch compliance and to send alerts for non-compliant instances.
Correct Answer: A
QUESTION 126
A company has a web application that publishes logs that contain metadata for transactions, with a status of success or failure for each log. The logs are in JSON format. The application publishes the logs to an Amazon CloudWatch Logs log group. The company wants to create a dashboard that displays the number of successful transactions. Which solution will meet this requirement with the LEAST operational overhead?
A. Create an Amazon OpenSearch Service cluster and an OpenSearch Service subscription filter to send the log group data to the cluster. Create a dashboard within the Dashboards feature in the OpenSearch Service cluster by using a search query for transactions that have a status of success.
B. Create a CloudWatch subscription filter for the log group that uses an AWS Lambda function. Configure the Lambda function to parse the JSON logs and publish a custom metric to CloudWatch for transactions that have a status of success. Create a CloudWatch dashboard by using a metric graph that displays the custom metric.
C. Create a CloudWatch metric filter for the log groups with a filter pattern that matches the transaction status property and a value of success. Create a CloudWatch dashboard by using a metric graph that displays the new metric.
D. Create an Amazon Kinesis data stream that is subscribed to the log group. Configure the data stream to filter incoming log data based on a status of success and to send the filtered logs to an AWS Lambda function. Configure the Lambda function to publish a custom metric to CloudWatch. Create a CloudWatch dashboard by using a metric graph that displays the custom metric.
Correct Answer: C
QUESTION 127
A DevOps engineer is implementing governance controls for a company that requires its infrastructure to be housed within the United States. The company has many AWS accounts in an organization in AWS Organizations that has all features enabled. The engineer must restrict which AWS Regions the company can use. The engineer must also ensure that an alert is sent as soon as possible if any activity outside the governance policy occurs. The controls must be automatically enabled on any new Region outside the United States. Which combination of steps will meet these requirements? (Select TWO.)
A. Create an Organizations SCP deny policy that has a condition that the aws:RequestedRegion property does not match a list of all US Regions. Include an exception in the policy for global services. Attach the policy to the root of the organization.
B. Configure AWS CloudTrail to send logs to Amazon CloudWatch Logs. Enable CloudTrail for all Regions. Use a CloudWatch Logs metric filter to create a metric in non-US Regions. Configure a CloudWatch alarm to send an alert if the metric is greater than 0.
C. Use an AWS Lambda function that checks for AWS service activity. Deploy the Lambda function to all Regions. Write an Amazon EventBridge rule that runs the Lambda function every hour. Configure the rule to send an alert if the Lambda function finds any activity in a non-US Region.
D. Use an AWS Lambda function to query Amazon Inspector to look for service activity in non-US Regions. Configure the Lambda function to send alerts if Amazon Inspector finds any activity.
E. Create an Organizations SCP allow policy that has a condition that the aws: RequestedRegion property matches a list of all US Regions. Include an exception in the policy for global services. Attach the policy to the root of the organization.
Correct Answer: AB
QUESTION 128
A company is developing an ecommerce application that has a backend that runs on Amazon EC2 instances. The application has a static frontend website that is hosted in an Amazon S3 bucket. The company uses a GitHub repository for version control and must automate builds and deployments whenever code is pushed to the main branch. The company must deploy changes to the fronted and backend independently of each other. Which solution will meet these requirements?
A. Create a single AWS CodePipeline pipeline to use for the fronted and the backend. Specify the GitHub repository as the source. Configure two build stages that use AWS CodeBuild as the action provider to build the fronted components and backend components, respectively. Configure two deployment stages that use AWS CodeDeploy as the action provider to deploy the frontend and backend, respectively.
B. Create a single AWS CodePipeline pipeline to use for the fronted and the backend. Specify the GitHub repository as the source. Configure two build stages that use AWS CodeBuild as the action provider to build the frontend components and backend components, respectively. Configure two deployment stages. For the backend stage, use AWS CodeDeploy as the action provider to deploy the backend to the EC2 instances. For the frontend stage, use Amazon S3 as the action provider to deploy the frontend to the S3 bucket.
C. Create two AWS CodePipeline pipelines: one for the fronted and one for the backend. Specify the GitHub repository as the source. Configure a build stage that uses AWS CodeBuild as the action provider for each pipeline to build the frontend and the backend. Configure a deployment stage that uses AWS CodeDeploy as the action provider for each pipeline to deploy the fronted and the backend.
D. Create two AWS CodePipeline pipelines: one for the frontend and one for the backend. Specify the GitHub repository as the source. Configure a build stage that uses AWS CodeBuild as the action provider for each pipeline to build the frontend and the backend. For the backend pipeline, use AWS CodeDeploy as the action provider to deploy the backend to the EC2 instances. For the frontend pipeline, use Amazon S3 as the action provider to deploy the frontend to the S3 bucket.
Correct Answer: D
QUESTION 129
A company has an application that streams logs to an Amazon CloudWatch Logs log group. The logs must be available for the team to search in CloudWatch for at least 30 days. Logs must be accessible with low latency for at least 90 days. After 180 days, log retrieval is rare and latency is not important. A DevOps engineer creates an Amazon S3
bucket to store the logs. Log availability metrics and data protection are important to the company. Which solution will meet these requirements in the MOST cost-effective way?
A. Configure the log group to have a retention period of 30 days and to use the infrequent access log class. Create a Cloudwatch metric stream that uses Amazon Kinesis Data Streams to send log events to the S3 bucket. Create an S3 Lifecycle policy to move objects to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 90 days and to Amazon Glacier Flexible Retrieval after 180 days.
B. Configure the log group to have a retention period of 30 days and to use the infrequent access log class. Create a CloudWatch metric stream that uses Amazon Data Firehose to send log events to the S3 bucket. Create an S3 Lifecycle policy to move objects to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) after 90 days and to Amazon S3 Glacier Flexible Retrieval after 180 days.
C. Configure the log groups to have a retention period of 30 days. Create a CloudWatch subscription filter that uses Amazon Kinesis Data Streams to send log events to the S3 bucket by writing files. Create an S3 Lifecycle policy to move objects to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 90 days and to Amazon S3 Glacier Instant Retrieval after 180 days.
D. Configure the log groups to have a retention period of 30 days. Create a CloudWatch subscription filter that uses Amazon Data Firehose to send log events to the S3 bucket. Create an S3 Lifecycle policy to move objects to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 90 days and to Amazon S3 Glacier Deep Archive after 180 days.
Correct Answer: D
QUESTION 130
A company needs to update its order processing application to improve resilience and availability. The application requires a stateful database and uses a single-node Amazon RDS DB instance to store customer orders and transaction history. A DevOps engineer must make the database highly available. Which solution will meet this requirement?
A. Migrate the database to Amazon DynamoDB global tables. Configure automatic failover between AWS Regions by using Amazon Route 53 health checks.
B. Migrate the database to Amazon EC2 instances in multiple Availability Zones. Use Amazon Elastic Block Store (Amazon EBS) Multi-Attach to connect all the instances to a single EBS volume.
C. Use the RDS DB instance as the source instance to create read replicas in multiple Availability Zones. Deploy an Application Load Balancer to distribute read traffic across the read replicas.
D. Modify the RDS DB instance to be a Multi-AZ deployment. Verify automatic failover to the standby instance if the primary instance becomes unavailable.
Correct Answer: D
QUESTION 131
A company hosts a website on an Apache server that the company runs on Amazon EC2 instances. Website users report that the website is returning HTTP 404 errors. The EC2 instances send logs to Amazon CloudWatch. A DevOps engineer wants to implement automatic, near real-time log monitoring. The DevOps engineer wants a solution that will send notifications to an existing Amazon Simple Notification Service Amazon SNS topic when the number of customers who receive HTTP 404 errors exceeds a specified threshold. Which solution will meet these requirements with the MOST operational efficiency?
A. Use Amazon CloudWatch Logs Insights to search, group, and count the logs of HTTP 404 errors. Configure CloudWatch Logs Insights to send the logs to Amazon S3. Configure a SQL query in Amazon Athena to count the total number of logs in the S3 bucket that contain the HTTP 404 error code. Configure Athena to send a notification to the SNS topic when Athena detects the specified number of error logs.
B. Create a metric filter in Amazon CloudWatch by specifying a filter pattern that includes HTTP 404 errors. Set an alarm for the metric filter, and configure the alarm to send the logs to Amazon S3 when it is in ALARM state. Configure a SQL query in Amazon Athena to count the total number of logs in the S3 bucket. Configure Athena to send a notification to the SNS topic when Athena detects the specified number of error logs.
C. Create a metric filter in Amazon CloudWatch by specifying a filter pattern that includes HTTP 404 errors. Set the metric value to 1. Create an alarm for the metric filter. Configure the alarm to send a notification to the SNS topic when the alarm enters ALARM state.
D. Configure Amazon CloudWatch Logs Insights to count the number of logs for HTTP 404 errors. Configure CloudWatch Logs Insights to send a notification to the SNS topic when the specified number of error logs are found.
Correct Answer: C
QUESTION 132
A company configured an Amazon S3 event source for an AWS Lambda function. The company needs the Lambda function to run when a new object is created or an existing object is modified in a specific S3 bucket. The Lambda function will use the S3 bucket name and the S3 object key of the incoming event to read the contents of the new or modified S3 object. The Lambda function will parse the contents and save the parsed contents to an Amazon DynamoDB table. The Lambda function’s execution role has permissions to read from the S3 bucket and to write to the DynamoDB table. During testing, a DevOps engineer discovers that the Lambda function does not run when objects are added to the S3 bucket or when existing objects are modified. Which solution will resolve these problems?
A. Create an S3 bucket policy for the S3 bucket that grants the S3 bucket permission to invoke the Lambda function.
B. Create a resource policy for the Lambda function to grant Amazon S3 permission to invoke the Lambda function on the S3 bucket.
C. Configure an Amazon Simple Queue Service (Amazon SQS) queue as an OnFailure destination for the Lambda function. Update the Lambda function to process messages from the SQS queue and the S3 event notifications.
D. Configure an Amazon Simple Queue Service (Amazon SQS) queue as the destination for the S3 bucket event notifications. Update the Lambda function’s execution role to have permission to read from the SQS queue. Update the Lambda function to consume messages from the SQS queue.
Correct Answer: A
QUESTION 133
A company hosts several applications in an AWS account. Each application sends logs to its own log group in Amazon CloudWatch. The company’s CloudWatch costs for ingestion are increasing. A DevOps engineer needs to identify which applications are the source of the increased logging costs. Which solution will meet this requirement in the MOST operationally efficient way?
A. Use CloudWatch metrics to create a custom expression that identifies the CloudWatch log groups that receive the most data.
B. Use Amazon CloudWatch Logs Insights to create a query for the application log groups to identify the number of log groups that received data during a specific time period.
C. Use AWS Cost Explorer to generate a cost report that details costs for CloudWatch usage.
D. Use AWS Cloud Trail to filter for CreateLogStream events for each application.
Correct Answer: C
QUESTION 134
A company wants to implement a CI/CD pipeline to deploy code changes to an application by using AWS CodePipeline and AWS CodeDeploy. The application is configured to use an Elastic Load Balancing (ELB) load balancer and AWS WAF. The pipeline needs to validate the application’s UI after the deployment is finished. The pipeline must perform a rollback if the validation is not successful. Which solution will meet these requirements with the LEAST implementation effort?
A. Configure an AWS Lambda function to validate the application UI. Configure CodeDeploy to perform an automatic rollback if the Lambda function validation fails. Set up an AWS WAF IP set match condition that allows the Lambda function IP address.
B. Configure an AWS Lambda function to validate the application UI. Configure CodeDeploy to perform an automatic rollback if the Lambda function validation fails. Disable the SignalNonBrowserUserAgent AWS WAF rule.
C. Configure an Amazon CloudWatch Synthetics canary to test the application’s UI. Configure CodeDeploy to perform an automatic rollback if the CloudWatch Synthetics canary validation fails. Set up an AWS WAF IP set match condition that allows the CloudWatch Synthetics canary IP address.
D. Configure an Amazon CloudWatch Synthetics canary to validate the application’s UI. Configure CodeDeploy to perform an automatic rollback if the CloudWatch Synthetics canary validation fails. Set up an AWS WAF string match condition that allows the string “CloudWatchSynthetics.”
Correct Answer: C
QUESTION 135
A DevOps engineer manages an AWS CodePipeline pipeline that builds and deploys a web application on AWS. The pipeline has a source stage, a build stage, and a deploy stage. When deployed properly, the web application responds with a 200 OK HTTP response code when the URL of the home page is requested. The home page recently returned a 503 HTTP response code after CodePipeline deployed the application. The DevOps engineer needs to add an automated test into the pipeline. The automated test must ensure that the application returns a 200 OK HTTP response code after the application is deployed. The pipeline must fail if the response code is not present during the test. The DevOps engineer has added a CheckURL stage after the deploy stage in the pipeline. What should the DevOps engineer do next to implement the automated test?
A. Configure the CheckURL stage to use an Amazon CloudWatch action. Configure the action to use a canary synthetic monitoring check on the application URL and to report a success or failure to CodePipeline.
B. Create an AWS Lambda function to check the response code status of the URL and to report a success or failure to CodePipeline. Configure an action in the CheckURL stage to invoke the Lambda function.
C. Configure the CheckURL stage to use an AWS CodeDeploy action. Configure the action with an input artifact that is the URL of the application and to report a success or failure to CodePipeline.
D. Deploy an Amazon API Gateway HTTP API that checks the response code status of the URL and that reports success or failure to CodePipeline. Configure the CheckURL stage to use the AWS Device Farm test action and to provide the API Gateway HTTP API as an input artifact.
Correct Answer: B
QUESTION 136
A company deploys a web application on Amazon EC2 instances that are behind an Application Load Balancer (ALB). The company stores the application code in an AWS CodeConnections compatible Git repository. When the company merges code to the main branch, an AWS CodeBuild project is initiated. The CodeBuild project compiles the code, stores the packaged code in AWS CodeArtifact, and invokes AWS Systems Manager Run Command to deploy the packaged code to the EC2 instances. Previous deployments have resulted in defects, EC2 instances that were not running the latest version of the packaged code, and inconsistencies between instances. A DevOps engineer needs to improve the reliability of the deployment solution. Which combination of actions will meet this requirement? (Select TWO.)
A. Create a pipeline in AWS CodePipeline that uses the Git repository as the source provider. Configure the pipeline to have parallel build and test stages. In the pipeline, pass the CodeBuild project output artifact to an AWS CodeDeploy action.
B. Create a pipeline in AWS CodePipeline that uses the Git repository as the source provider. Configure the pipeline to have a build stage followed by a test stage. In the pipeline, pass the CodeBuild project output artifact to an AWS CodeDeploy action.
C. Create an AWS CodeDeploy application and a deployment group to deploy the packaged code to the EC2 instances. Configure the ALB for the deployment group.
D. Create individual AWS Lambda functions that use AWS CodeDeploy instead of Systems Manager to run build, test, and deploy actions.
E. Create an Amazon S3 bucket. Modify the CodeBuild project to store the packages in the S3 bucket instead of in CodeArtifact. Use deploy actions in CodeDeploy to deploy the artifact to the EC2 instances.
Correct Answer: BC
QUESTION 137
A company has deployed a microservices-based application on Amazon Elastic Container Service (Amazon ECS). The application is experiencing performance issues. The company needs to identify which microservices are causing the issues. Which solution will provide this information?
A. Configure AWS X-Ray for each ECS task. Create an X-Ray group for each microservice. Implement custom X-Ray subsegments in each microservice to capture detailed timing information. Use an X-Ray service map to visualize and identify slow microservices and requests.
B. Configure AWS X-Ray for each ECS task. Use an X-Ray service map to visualize the application’s architecture and request flow. Filter the X-Ray traces by response time and error rate. Identify the microservices that have high latency or high error rates. Analyze individual traces to identify slow microservices and requests.
C. Configure Amazon CloudWatch Container Insights for each ECS task. Analyze Container Insights metrics to identify slow microservices. Use CloudWatch Logs Insights to filter the Container Insights log data by response time and error rate. Analyze the log data to identify slow requests.
D. Configure Amazon CloudWatch Container Insights for each ECS task. Use the CloudWatch automatic dashboard for Amazon ECS to identify slow microservices. Use CloudWatch Logs Insights to analyze the Container Insights performance logs for each ECS task to identify slow requests.
Correct Answer: B
QUESTION 138
A company needs to manage shared libraries for various projects across its development AWS account and production AWS account. The company has configured IAM roles for developers and has defined an AWS CodePipeline pipeline by using the AWS Cloud Development Kit (AWS CDK). A DevOps engineer must implement a solution to ensure that only developers can access the latest versions of the libraries. The solution must test shared packages independently before the shared packages are consumed by other applications and before they go to production. Which solution will meet these requirements?
A. Create a single AWS CodeArtifact repository for development and production in a central account. Use IAM policies for the developer roles to allow only developers to access the shared libraries. Create an Amazon EventBridge rule to start an AWS CodeBuild project and to test each package before the package is copied to the production repository.
B. Create an AWS CodeArtifact repository in the development account. Create another CodeArtifact repository in the production account. For the development repository, add a repository policy that allows only developers to access the shared libraries. Create an Amazon EventBridge rule to start the CodePipeline pipeline and to test each package before the package is copied to the production repository.
C. Create a single Amazon S3 bucket with versioning enabled for development and production in a central account. Use IAM policies for the developer roles to allow only the developers to access the shared libraries. Create an Amazon EventBridge rule to start an AWS CodeBuild project and to test each package before the package is copied to production.
D. Create an Amazon S3 bucket with versioning enabled in the development account. Create another S3 bucket with versioning enabled in the production account. For the development S3 bucket, add a bucket policy that allows only developers to access the shared libraries. Create an Amazon EventBridge rule to start the CodePipeline pipeline. Configure the rule to test each package when the package is copied to production and to revert the changes if the tests.
Correct Answer: B
QUESTION 139
A company uses AWS Organizations to manage multiple AWS accounts. The accounts are in an OU that has a policy attached to allow all actions. The company is migrating several Git repositories to a specified AWS CodeConnections supported Git provider. The Git repositories manage AWS CloudFormation stacks for application infrastructure that the company deploys across multiple AWS Regions. The company wants a DevOps team to integrate CodeConnections into the CloudFormation stacks. The DevOps team must ensure that company staff members can integrate only with the specified Git provider. The deployment process must be highly available across Regions. Which combination of steps will meet these requirements? (Select THREE.)
A. Add a new SCP statement to the OU that denies the CodeConnections CreatingConnections action where the provider type is not the specified Git provider.
B. Add a new SCP statement to the OU that allows the CodeConnections CreatingConnections action where the provider type is the specified Git provider.
C. Use CodeConnections to configure a single CodeConnections connection to each Git repository.
D. Use CodeConnections to create a CodeConnections connection from each Region where the company operates to each Git repository.
E. Use CodeConnections to create a CodeConnections repository link. Update each CloudFormation stack to sync from the Git repository.
F. For each Git repository, create a pipeline in AWS CodePipeline that has the Git repository set as the source and a CloudFormation deployment stage.
Correct Answer: ADF
QUESTION 140
A company is running its ecommerce website on AWS. The website is currently hosted on a single Amazon EC2 instance in one Availability Zone. A MySQL database runs on the same EC2 instance. The company needs to eliminate single points of failure in the architecture to improve the website’s availability and resilience. Which solution will meet these requirements with the LEAST configuration changes to the website?
A. Deploy the application by using AWS Fargate containers. Migrate the database to Amazon DynamoDB. Use Amazon API Gateway to route requests.
B. Deploy the application on EC2 instances across multiple Availability Zones. Put the EC2 instances into an Auto Scaling group behind an Application Load Balancer. Migrate the database to Amazon Aurora Multi-AZ. Use Amazon CloudFront for content delivery.
C. Use AWS Elastic Beanstalk to deploy the application across multiple AWS Regions. Migrate the database to Amazon Redshift. Use Amazon ElastiCache for session management.
D. Migrate the application to AWS Lambda functions. Use Amazon S3 for static content hosting. Migrate the database to Amazon DocumentDB (with MongoDB compatibility).
Correct Answer: B
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.