DevOps Engineer Professional (Page 31)

An ecommerce company has chosen AWS to host its new platform.The company’s DevOps team has started building an AWS Control Tower landing zone.The DevOps team has set the identity store within AWS Single Sign-On (AWS SSO) to external identity provider (IdP) and has configured SAML 2 0.The DevOps team wants a robust permission model that applies the principle of least privilege.The model must allow the team to build and manage only the team’s own resources.Which combination of steps will meet these requirements? (Choose three.)Read More →

A DevOps Engineer has several legacy applications that all generate different log formats.The Engineer must standardize the formats before writing them toAmazon S3 for querying and analysis.How can this requirement be met at the LOWEST cost?Read More →

A company’s legacy application uses IAM user credentials to access resources in the company’s AWS Organizations organization.A DevOps engineer must ensure that new IAM users cannot be created unless the employee who creates the IAM user is on an exception list.Which solution will meet these requirements?Read More →

A DevOps engineer is troubleshooting deployments to a new application that runs on Amazon EC2 instances behind an Application Load Balancer.The instances run in an EC2 Auto Scaling group across multiple Availability Zones.Instances sometimes come online before they are ready, which is leading to increased error rates among users.The current health check configuration gives instances a 60-second grace period and considers instances healthy after two 200 response codes from /index.php, a page that may respond intermittently during the deployment process.The development team wants instances to come online as soon as possible.Which strategy would address this issue?Read More →

A security team is concerned that a developer can unintentionally attach an Elastic IP address to an Amazon EC2 instance in production.No developer should be allowed to attach an Elastic IP address to an instance.The security team must be notified if any production server has an Elastic IP address at any time.How can this task be automated?Read More →

A company has microservices running in AWS Lambda that read data from Amazon DynamoDB.The Lambda code is manually deployed by developers after successful testing.The company now needs the tests and deployments be automated and run in the cloud.Additionally, traffic to the new versions of each microservice should be incrementally shifted over time after deployment.What solution meets all the requirements, ensuring the MOST developer velocity?Read More →

A company has a guideline that every Amazon EC2 instance must be launched from an AMI that the company’s security team produces.Every month, the security team sends an email message with the latest approved AMIs to all the development teams.The development teams use AWS CloudFormation to deploy their applications.When developers launch a new service, they have to search their email for the latest AMIs that the security department sent.A DevOps engineer wants to automate the process that the security team uses to provide the AMI IDs to the development teams.What is the MOST scalable solution that meets these requirements?Read More →

The security team depends on AWS CloudTrail to detect sensitive security issues in the company’s AWS account The DevOps engineer needs a solution to auto-remediate CloudTrail being turned off in an AWS account.What solution ensures the LEAST amount of downtime for the CloudTrail log deliveries?Read More →

A company has an organization in AWS Organizations.The company has configured AWS Single Sign-On (AWS SSO) to centrally manage access to the AWS accounts in the organization.A DevOps engineer needs to ensure that all users sign in by using multi-factor authentication (MFA).Users must be allowed to manage their own MFA devices.Users also must be prompted for MFA every time they sign in.What should the DevOps engineer do to meet these requirements?Read More →

A company uses a single AWS account to test applications on Amazon EC2 instances.The company has turned on AWS Config in the AWS account and has activated the restricted-ssh AWS Config managed rule.The company needs an automated monitoring solution that will provide a customized notification in real time if any security group in the account is not compliant with the restricted-ssh rule.The customized notification must contain the name and ID of the noncompliant security group.A DevOps engineer creates an Amazon Simple Notification Service (Amazon SNS) topic in the account and subscribes the appropriate personnel to the topic.What should the DevOps engineer do next to meet these requirements?Read More →