A company uses Amazon S3 to store proprietary information.The development team creates buckets for new projects on a daily basis.The security team wants to ensure that all existing and future buckets have encryption, logging, and versioning enabled.Additionally, no buckets should ever be publicly read or write accessible.What should a DevOps engineer do to meet these requirements?Read More →
A company manages a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB).The EC2 instances run in an Auto Scaling group across multiple Availability Zones.The application uses an Amazon RDS for MySQL DB instance to store the data.The company has configured Amazon Route 53 with an alias record that points to the ALB.A new company guideline requires a geographically isolated disaster recovery (DR) site with an RTO of 4 hours and an RPO of 15 minutes.Which DR strategy will meet these requirements with the LEAST change to the application stack?Read More →
A DevOps engineer used an AWS CloudFormation custom resource to set up AD Connector.The AWS Lambda function ran and created AD Connector, but CloudFormation is not transitioning from CREATE_IN_PROGRESS to CREATE_COMPLETE.Which action should the engineer take to resolve this issue?Read More →
A company is migrating from its on-premises data center to AWS.The company currently uses a custom on-premises Cl/CD pipeline solution to build and package software.The company wants its software packages and dependent public repositories to be available in AWS CodeArtifact to facilitate the creation of application-specific pipelines.Which combination of steps should the company take to update the CI/CD pipeline solution and to configure CodeArtifact with the LEAST operational overhead? (Choose two.)Read More →
A DevOps engineer has created an AWS CloudFormation template that deploys an application on Amazon EC2 instances.The EC2 instances run Amazon Linux.The application is deployed to the EC2 instances by using shell scripts that contain user data.The EC2 instances have an IAM instance profile that has an IAM role with the AmazonSSMManagedinstanceCore managed policy attached.The DevOps engineer has modified the user data in the CloudFormation template to install a new version of the application.The engineer has also applied the stack update.However, the application was not updated on the running EC2 instances.The engineer needs to ensure that the changes to the application are installed on the running EC2 instances.Which combination of steps will meet these requirements? (Choose two.)Read More →
A company needs to ensure that flow logs remain configured for all existing and new VPCs in its AWS account.The company uses an AWS CloudFormation stack to manage its VPCs.The company needs a solution that will work for any VPCs that any IAM user creates.Which solution will meet these requirements?Read More →
A company has multiple development teams in different business units that work in a shared single AWS account.All Amazon EC2 resources that are created in the account must include tags that specify who created the resources.The tagging must occur within the first hour of resource creation.A DevOps engineer needs to add tags to the created resources that include the user ID that created the resource and the cost center ID.The DevOps engineer configures an AWS Lambda function with the cost center mappings to tag the resources.The DevOps engineer also sets up AWS CloudTrail in the AWS account.An Amazon S3 bucket stores the CloudTrail event logs.Which solution will meet the tagging requirements?Read More →
A company manages AWS accounts for application teams in AWS Control Tower.Individual application teams are responsible for securing their respective AWS accounts.A DevOps engineer needs to enable Amazon GuardDuty for all AWS accounts in which the application teams have not already enabled GuardDuty.The DevOps engineer is using AWS CloudFormation StackSets from the AWS Control Tower management account.How should the DevOps engineer configure the CloudFormation template to prevent failure during the StackSets deployment?Read More →
A company needs to implement failover for its application.The application includes an Amazon CloudFront distribution and a public Application Load Balancer (ALB) in an AWS Region.The company has configured the ALB as the default origin for the distribution.After some recent application outages, the company wants a zero-second RTO.The company deploys the application to a secondary Region in a warm standby configuration.A DevOps engineer needs to automate the failover of the application to the secondary Region so that HTTP GET requests meet the desired RTO.Which solution will meet these requirements?Read More →
A company runs a web application that extends across multiple Availability Zones.The company uses an Application Load Balancer (ALB) for routing, AWS Fargate for the application, and Amazon Aurora for the application data.The company uses AWS CloudFormation templates to deploy the application.The company stores all Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository in the same AWS account and AWS Region.A DevOps engineer needs to establish a disaster recovery (DR) process in another Region.The solution must meet an RPO of 8 hours and an RTO of 2 hours.The company sometimes needs more than 2 hours to build the Docker images from the Dockerfile.Which solution will meet the RTO and RPO requirements MOST cost-effectively?Read More →
© 2025. Tip2Cloud doesn't offer any real exam questions. All questions & answers were supported by AI.