DevOps Engineer Professional (Page 40)

An Engineering team manages a Node.js e-commerce application.The current environment consists of the following components:✑ Amazon S3 buckets for storing content✑ Amazon EC2 for the front-end web servers✑ AWS Lambda for image processing✑ Amazon DynamoDB for storing session-related dataThe team expects a significant increase in traffic to the site.The application should handle the additional load without interruption.The team ran initial tests by adding new servers to the EC2 front-end to handle the larger load, but the instances took up to 20 minutes to become fully configured.The team wants to reduce this configuration time.What changes will the Engineering team need to implement to make the solution the MOST resilient and highly available while meeting the expected increase in demand?Read More →

A production account has a requirement that any Amazon EC2 instance that has been logged into manually must be terminated within 24 hours.All applications in the production account are using Auto Scaling groups with Amazon CloudWatch Logs agent configured.How can this process be automated?Read More →

A company wants to use AWS development tools to replace its current bash deployment scripts.The company currently deploys a LAMP application to a group ofAmazon EC2 instances behind an Application Load Balancer (ALB).During the deployments, the company unit tests the committed application, stops and starts services, unregisters and re-registers instances with the load balancer, and updates file permissions.The company wants to maintain the same deployment functionality through the shift to using AWS services.Which solution will meet these requirements?Read More →

A company has an application that is using a MySQL-compatible Amazon Aurora Multi-AZ DB cluster as the database.A cross-Region read replica has been created for disaster recovery purposes.A DevOps engineer wants to automate the promotion of the replica so it becomes the primary database instance in the event of a failure.Which solution will accomplish this?Read More →

A company has 20 service teams.Each service team is responsible for its own microservice.Each service team uses a separate AWS account for its microservice and a VPC with the 192.168.0.0/22 CIDR block.The company manages the AWS accounts with AWS Organizations.Each service team hosts its microservice on multiple Amazon EC2 instances behind an Application Load Balancer.The microservices communicate with each other across the public Internet.The company’s security team has issued a new guideline that all communication between microservices must use HTTPS over private network connections and cannot traverse the public Internet.A DevOps engineer must implement a solution that fulfills these obligations and minimizes the number of changes for each service team.Which solution will meet these requirements?Read More →

A large enterprise is deploying a web application on AWS.The application runs on Amazon EC2 instances behind an Application Load Balancer.The instances run in an Auto Scaling group across multiple Availability Zones.The application stores data in an Amazon RDS Oracle DB instance and Amazon DynamoDB.There are separate environments for development, testing, and production.What is the MOST secure and flexible way to obtain password credentials during deployment?Read More →

A company has an application that runs on 12 Amazon EC2 instances.The instances run in an Amazon EC2 Auto Scaling group across three Availability Zones.On a typical day each EC2 instance has 30% CPU utilization during business hours and 10% CPU utilization after business hours.The CPU utilization increases suddenly in the first few minutes of business hours each day.Other increases in CPU utilization are gradual.A DevOps engineer needs to optimize costs while maintaining or improving the application’s reliability.Which solution meets these requirements?Read More →

A company wants to ensure that their EC2 instances are secure.They want to be notified if any new vulnerabilities are discovered on their instances, and they also want an audit trail of all login activities on the instances.Which solution will meet these requirements?Read More →

A company’s application development team uses Linux-based Amazon EC2 instances as bastion hosts.Inbound SSH access to the bastion hosts is restricted to specific IP addresses, as defined in the associated security groups.The company’s security team wants to receive a notification if the security group rules are modified to allow SSH access from any IP address.What should a DevOps engineer do to meet this requirement?Read More →

A company runs applications in AWS accounts that are in an organization in AWS Organizations.The applications use Amazon EC2 instances and Amazon S3.The company wants to detect potentially compromised EC2 instances, suspicious network activity, and unusual API activity in its existing AWS accounts and in any AWS accounts that the company creates in the future.When the company detects one of these events, the company wants to use an existing Amazon Simple Notification Service (Amazon SNS) topic to send a notification to its operational support team for investigation and remediation.Which solution will meet these requirements in accordance with AWS best practices?Read More →