A company is launching an application that stores raw data in an Amazon S3 bucket.Three applications need to access the data to generate reports.The data must be redacted differently for each application before the applications can access the data.Which solution will meet these requirements?Read More →
A company manually provisions IAM access for its employees.The company wants to replace the manual process with an automated process.The company has an existing Active Directory system configured with an external SAML 2.0 identity provider (IdP).The company wants employees to use their existing corporate credentials to access AWS.The groups from the existing Active Directory system must be available for permission management in AWS Identity and Access Management (IAM).A DevOps engineer has completed the initial configuration of AWS IAM Identity Center (AWS Single Sign-On) in the company’s AWS account.What should the DevOps engineer do next to meet the requirements?Read More →
A company has a legacy application.A DevOps engineer needs to automate the process of building the deployable artifact for the legacy application.The solution must store the deployable artifact in an existing Amazon S3 bucket for future deployments to reference.Which solution will meet these requirements in the MOST operationally efficient way?Read More →
A global company manages multiple AWS accounts by using AWS Control Tower.The company hosts internal applications and public applications.Each application team in the company has its own AWS account for application hosting.The accounts are consolidated in an organization in AWS Organizations.One of the AWS Control Tower member accounts serves as a centralized DevOps account with CI/CD pipelines that application teams use to deploy applications to their respective target AWS accounts.An IAM role for deployment exists in the centralized DevOps account.An application team is attempting to deploy its application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster in an application AWS account.An IAM role for deployment exists in the application AWS account.The deployment is through an AWS CodeBuild project that is set up in the centralized DevOps account.The CodeBuild project uses an IAM service role for CodeBuild.The deployment is failing with an Unauthorized error during attempts to connect to the cross-account EKS cluster from CodeBuild.Which solution will resolve this error?Read More →
A company has a data ingestion application that runs across multiple AWS accounts.The accounts are in an organization in AWS Organizations.The company needs to monitor the application and consolidate access to the application.Currently, the company is running the application on Amazon EC2 instances from several Auto Scaling groups.The EC2 instances have no access to the internet because the data is sensitive.Engineers have deployed the necessary VPC endpoints.The EC2 instances run a custom AMI that is built specifically for the application.To maintain and troubleshoot the application, system administrators need the ability to log in to the EC2 instances.This access must be automated and controlled centrally.The company’s security team must receive a notification whenever the instances are accessed.Which solution will meet these requirements?Read More →
A company manages an application that stores logs in Amazon CloudWatch Logs.The company wants to archive the logs to an Amazon S3 bucket.Logs are rarely accessed after 90 days and must be retained for 10 years.Which combination of steps should a DevOps engineer take to meet these requirements? (Choose two.)Read More →
A company is hosting a static website from an Amazon S3 bucket.The website is available to customers at example.com.The company uses an Amazon Route 53 weighted routing policy with a TTL of 1 day.The company has decided to replace the existing static website with a dynamic web application.The dynamic web application uses an Application Load Balancer (ALB) in front of a fleet of Amazon EC2 instances.On the day of production launch to customers, the company creates an additional Route 53 weighted DNS record entry that points to the ALB with a weight of 255 and a TTL of 1 hour.Two days later, a DevOps engineer notices that the previous static website is displayed sometimes when customers navigate to example.com.How can the DevOps engineer ensure that the company serves only dynamic content for example.com?Read More →
A company has an application that is using a MySQL-compatible Amazon Aurora Multi-AZ DB cluster as the database.A cross-Region read replica has been created for disaster recovery purposes.A DevOps engineer wants to automate the promotion of the replica so it becomes the primary database instance in the event of a failure.Which solution will accomplish this?Read More →
A developer is maintaining a fleet of 50 Amazon EC2 Linux servers.The servers are part of an Amazon EC2 Auto Scaling group, and also use Elastic Load Balancing for load balancing.Occasionally, some application servers are being terminated after failing ELB HTTP health checks.The developer would like to perform a root cause analysis on the issue, but before being able to access application logs, the server is terminated.How can log collection be automated?Read More →
A company gives its employees limited rights to AWS.DevOps engineers have the ability to assume an administrator role.For tracking purposes, the security team wants to receive a near-real-time notification when the administrator role is assumed.How should this be accomplished?Read More →
© 2025. Tip2Cloud doesn't offer any real exam questions. All questions & answers were supported by AI.