DevOps Engineer Professional (Page 37)

A developer is using the AWS Serverless Application Model (AWS SAM) to create a prototype for an AWS Lambda function.The AWS SAM template contains an AWS::Serverless::Function resource that has the CodeUri property that points to an Amazon S3 location.The developer wants to identify the correct commands for deployment before creating a CI/CD pipeline.The developer creates an archive of the Lambda function code named package.zip.The developer uploads the .zip file archive to the S3 location specified in the CodeUri property.The developer runs the sam deploy command and deploys the Lambda function.The developer updates the Lambda function code and uses the same steps to deploy the new version of the Lambda function.The sam deploy command fails and returns an error of no changes to deploy.Which solutions will deploy the new version? (Choose two.)Read More →

A company needs a strategy for failover and disaster recovery of its data and application.The application uses a MySQL database and Amazon EC2 instances.The company requires a maximum RPO of 2 hours and a maximum RTO of 10 minutes for its data and application at all times.Which combination of deployment strategies will meet these requirements? (Choose two.)Read More →

A highly regulated company has a policy that DevOps engineers should not log in to their Amazon EC2 instances except in emergencies.If a DevOps engineer does log in, the security team must be notified within 15 minutes of the occurrence.Which solution will meet these requirements?Read More →

A development team wants to use AWS CloudFormation stacks to deploy an application.However, the developer IAM role does not have the required permissions to provision the resources that are specified in the AWS CloudFormation template.A DevOps engineer needs to implement a solution that allows the developers to deploy the stacks.The solution must follow the principle of least privilege.Which solution will meet these requirements?Read More →

A security team is concerned that a developer can unintentionally attach an Elastic IP address to an Amazon EC2 instance in production.No developer should be allowed to attach an Elastic IP address to an instance.The security team must be notified if any production server has an Elastic IP address at any time.How can this task be automated?Read More →

A DevOps engineer manages a large commercial website that runs on Amazon EC2.The website uses Amazon Kinesis Data Streams to collect and process web logs.The DevOps engineer manages the Kinesis consumer application, which also runs on Amazon EC2.Sudden increases of data cause the Kinesis consumer application to fall behind, and the Kinesis data streams drop records before the records can be processed.The DevOps engineer must implement a solution to improve stream handling.Which solution meets these requirements with the MOST operational efficiency?Read More →

A company has developed an AWS Lambda function that handles orders received through an API.The company is using AWS CodeDeploy to deploy the Lambda function as the final stage of a CI/CD pipeline.A DevOps engineer has noticed there are intermittent failures of the ordering API for a few seconds after deployment.After some investigation, the DevOps engineer believes the failures are due to database changes not having fully propagated before the Lambda function is invoked.How should the DevOps engineer overcome this?Read More →

A DevOps engineer has implemented a CI/CD pipeline to deploy an AWS CloudFormation template that provisions a web application.The web application consists of an Application Load Balancer (ALB), a target group, a launch template that uses an Amazon Linux 2 AMI, an Auto Scaling group of Amazon EC2 instances, a security group, and an Amazon RDS for MySQL database.The launch template includes user data that specifies a script to install and start the application.The initial deployment of the application was successful.The DevOps engineer made changes to update the version of the application with the user data.The CI/CD pipeline has deployed a new version of the template.However, the health checks on the ALB are now failing.The health checks have marked all targets as unhealthy.During investigation, the DevOps engineer notices that the CloudFormation stack has a status of UPDATE_COMPLETE.However, when the DevOps engineer connects to one of the EC2 instances and checks /var/log/messages, the DevOps engineer notices that the Apache web server failed to start successfully because of a configuration error.How can the DevOps engineer ensure that the CloudFormation deployment will fail if the user data fails to successfully finish running?Read More →

An ecommerce company is receiving reports that its order history page is experiencing delays in reflecting the processing status of orders.The order processing system consists of an AWS Lambda function that uses reserved concurrency.The Lambda function processes order messages from an Amazon Simple Queue Service (Amazon SQS) queue and inserts processed orders into an Amazon DynamoDB table.The DynamoDB table has auto scaling enabled for read and write capacity.Which actions should a DevOps engineer take to resolve this delay? (Choose two.)Read More →

A company is using Amazon S3 buckets to store important documents.The company discovers that some S3 buckets are not encrypted.Currently, the company’s IAM users can create new S3 buckets without encryption.The company is implementing a new requirement that all S3 buckets must be encrypted.A DevOps engineer must implement a solution to ensure that server-side encryption is enabled on all existing S3 buckets and all new S3 buckets.The encryption must be enabled on new S3 buckets as soon as the S3 buckets are created.The default encryption type must be 256-bit Advanced Encryption Standard (AES-256).Which solution will meet these requirements?Read More →