DevOps Engineer Professional (Page 37)

A DevOps engineer is developing an application for a company.The application needs to persist files to Amazon S3.The application needs to upload files with different security classifications that the company defines.These classifications include confidential, private, and public.Files that have a confidential classification must not be viewable by anyone other than the user who uploaded them.The application uses the IAM role of the user to call the S3 API operations.The DevOps engineer has modified the application to add a DataClassification tag with the value of confidential and an Owner tag with the uploading user’s ID to each confidential object that is uploaded to Amazon S3.Which set of additional steps must the DevOps engineer take to meet the company’s requirements?Read More →

An e-commerce company is running a web application in an AWS Elastic Beanstalk environment.In recent months, the average load of the Amazon EC2 instances has been increased to handle more traffic.The company would like to improve the scalability and resilience of the environment.The Development team has been asked to decouple long-running tasks from the environment if the tasks can be executed asynchronously.Examples of these tasks include confirmation emails when users are registered to the platform, and processing images or videos.Also, some of the periodic tasks that are currently running within the web server should be offloaded.What is the MOST time-efficient and integrated way to achieve this?Read More →

A company has containerized all of its in-house quality control applications.The company is running Jenkins on Amazon EC2, which requires patching and upgrading.The compliance officer has requested a DevOps engineer begin encrypting build artifacts since they contain company intellectual property.What should the DevOps engineer do to accomplish this in the MOST maintainable manner?Read More →

A company has a VPC that consists of a public subnet and a private subnet.The company has an application that runs on Amazon EC2 instances that are in the private subnet.An Application Load Balancer is in the public subnet and distributes traffic to the EC2 instances.The company has enabled Amazon GuardDuty for the account.The company’s DevOps team has a list of external IP ranges that is updated each day.The list is stored in an Amazon S3 bucket in the account.A DevOps engineer needs to configure GuardDuty to create a GuardDuty finding when traffic to the application originates from an IP range in the external IP range list.Which solution will meet these requirements?Read More →

An AWS CodePipeline pipeline has implemented a code release process.The pipeline is integrated with AWS CodeDeploy to deploy versions of an application to multiple Amazon EC2 instances for each CodePipeline stage.During a recent deployment, the pipeline failed due to a CodeDeploy issue.The DevOps team wants to improve monitoring and notifications during deployment to decrease resolution times.What should the DevOps Engineer do to create notifications when issues are discovered?Read More →

A mobile application running on eight Amazon EC2 instances is relying on a third-party API endpoint.The third-party service has a high failure rate because of limited capacity which is expected to be resolved in a few weeks.In the meantime, the mobile application developers have added a retry mechanism and are logging failed API requests.A DevOps engineer must automate the monitoring of application logs and count the specific error messages, if there are more than 10 errors within a 1-minute window the system must issue an alert.How can the requirements be met with MINIMAL management overhead?Read More →

A company that uses electronic health records is running a fleet of Amazon EC2 instances with an Amazon Linux operating system.As part of patient privacy requirements, the company must ensure continuous compliance for patches for operating system and applications running on the EC2 instances.How can the deployments of the operating system and application patches be automated using a default and custom repository?Read More →

A web application has been deployed using an AWS Elastic Beanstalk application.The application developers are concerned that they are seeing high latency in two different areas of the application:• HTTP client requests to a third-party API• MySQL client library queries to an Amazon RDS databaseA DevOps engineer must gather trace data to diagnose the issues.Which steps will gather the trace information with the LEAST amount of changes and performance impacts to the application?Read More →

A company is using AWS CodeDeploy to automate software deployment.The deployment must meet these requirements:• A number of instances must be available to serve traffic during the deployment.Traffic must be balanced across those instances, and the instances must automatically heal in the event of failure.• A new fleet of instances must be launched for deploying a new revision automatically, with no manual provisioning.• Traffic must be rerouted to the new environment to half of the new instances at a time.The deployment should succeed if traffic is rerouted to at least half of the instances; otherwise, it should fail.• Before routing traffic to the new fleet of instances, the temporary files generated during the deployment process must be deleted.• At the end of a successful deployment, the original instances in the deployment group must be deleted immediately to reduce costs.How can a DevOps engineer meet these requirements?Read More →

A DevOps engineer needs to apply a core set of security controls to an existing set of AWS accounts.The accounts are in an organization in AWS Organizations.Individual teams will administer individual accounts by using the AdministratorAccess AWS managed policy.For all accounts, AWS CloudTrail and AWS Config must be turned on in all available AWS Regions.Individual account administrators must not be able to edit or delete any of the baseline resources.However, individual account administrators must be able to edit or delete their own CloudTrail trails and AWS Config rules.Which solution will meet these requirements in the MOST operationally efficient way?Read More →