A security team is concerned that a developer can unintentionally attach an Elastic IP address to an Amazon EC2 instance in production.No developer should be allowed to attach an Elastic IP address to an instance.The security team must be notified if any production server has an Elastic IP address at any time.How can this task be automated?Read More →
A DevOps engineer manages a large commercial website that runs on Amazon EC2.The website uses Amazon Kinesis Data Streams to collect and process web logs.The DevOps engineer manages the Kinesis consumer application, which also runs on Amazon EC2.Sudden increases of data cause the Kinesis consumer application to fall behind, and the Kinesis data streams drop records before the records can be processed.The DevOps engineer must implement a solution to improve stream handling.Which solution meets these requirements with the MOST operational efficiency?Read More →
A company has developed an AWS Lambda function that handles orders received through an API.The company is using AWS CodeDeploy to deploy the Lambda function as the final stage of a CI/CD pipeline.A DevOps engineer has noticed there are intermittent failures of the ordering API for a few seconds after deployment.After some investigation, the DevOps engineer believes the failures are due to database changes not having fully propagated before the Lambda function is invoked.How should the DevOps engineer overcome this?Read More →
A DevOps engineer has implemented a CI/CD pipeline to deploy an AWS CloudFormation template that provisions a web application.The web application consists of an Application Load Balancer (ALB), a target group, a launch template that uses an Amazon Linux 2 AMI, an Auto Scaling group of Amazon EC2 instances, a security group, and an Amazon RDS for MySQL database.The launch template includes user data that specifies a script to install and start the application.The initial deployment of the application was successful.The DevOps engineer made changes to update the version of the application with the user data.The CI/CD pipeline has deployed a new version of the template.However, the health checks on the ALB are now failing.The health checks have marked all targets as unhealthy.During investigation, the DevOps engineer notices that the CloudFormation stack has a status of UPDATE_COMPLETE.However, when the DevOps engineer connects to one of the EC2 instances and checks /var/log/messages, the DevOps engineer notices that the Apache web server failed to start successfully because of a configuration error.How can the DevOps engineer ensure that the CloudFormation deployment will fail if the user data fails to successfully finish running?Read More →
An ecommerce company is receiving reports that its order history page is experiencing delays in reflecting the processing status of orders.The order processing system consists of an AWS Lambda function that uses reserved concurrency.The Lambda function processes order messages from an Amazon Simple Queue Service (Amazon SQS) queue and inserts processed orders into an Amazon DynamoDB table.The DynamoDB table has auto scaling enabled for read and write capacity.Which actions should a DevOps engineer take to resolve this delay? (Choose two.)Read More →
A company is using Amazon S3 buckets to store important documents.The company discovers that some S3 buckets are not encrypted.Currently, the company’s IAM users can create new S3 buckets without encryption.The company is implementing a new requirement that all S3 buckets must be encrypted.A DevOps engineer must implement a solution to ensure that server-side encryption is enabled on all existing S3 buckets and all new S3 buckets.The encryption must be enabled on new S3 buckets as soon as the S3 buckets are created.The default encryption type must be 256-bit Advanced Encryption Standard (AES-256).Which solution will meet these requirements?Read More →
An IT team has built an AWS CloudFormation template so others in the company can quickly and reliably deploy and terminate an application.The template creates an Amazon EC2 instance with a user data script to install the application and an Amazon S3 bucket that the application uses to serve static webpages while it is running.All resources should be removed when the CloudFormation stack is deleted.However, the team observes that CloudFormation reports an error during stack deletion, and the S3 bucket created by the stack is not deleted.How can the team resolve the error in the MOST efficient manner to ensure that all resources are deleted without errors?Read More →
A company uses AWS CloudFormation stacks to deploy updates to its application.The stacks consist of different resources.The resources include AWS Auto Scaling groups, Amazon EC2 instances, Application Load Balancers (ALBs), and other resources that are necessary to launch and maintain independent stacks.Changes to application resources outside of CloudFormation stack updates are not allowed.The company recently attempted to update the application stack by using the AWS CLI.The stack failed to update and produced the following error message: “ERROR: both the deployment and the CloudFormation stack rollback failed.The deployment failed because the following resource(s) failed to update: [AutoScalingGroup].”The stack remains in a status of UPDATE_ROLLBACK_FAILED.Which solution will resolve this issue?Read More →
A rapidly growing company wants to scale for developer demand for AWS development environments.Development environments are created manually in the AWS Management Console.The networking team uses AWS CloudFormation to manage the networking infrastructure, exporting stack output values for the Amazon VPC and all subnets.The development environments have common standards, such as Application Load Balancers, Amazon EC2 Auto Scaling groups, security groups, and Amazon DynamoDB tables.To keep up with demand, the DevOps engineer wants to automate the creation of development environments.Because the infrastructure required to support the application is expected to grow, there must be a way to easily update the deployed infrastructure.CloudFormation will be used to create a template for the development environments.Which approach will meet these requirements and quickly provide consistent AWS environments for developers?Read More →
A company has started using AWS across several teams.Each team has multiple accounts and unique security profiles.The company manages the accounts in an organization in AWS Organizations.Each account has its own configuration and security controls.The company’s DevOps team wants to use preventive and detective controls to govern all accounts.The DevOps team needs to ensure the security of accounts now and in the future as the company creates new accounts in the organization.Which solution will meet these requirements?Read More →
© 2025. Tip2Cloud doesn't offer any real exam questions. All questions & answers were supported by AI.