DevOps Engineer Professional (Page 40)

A company is examining its disaster recovery capability and wants the ability to switch over its daily operations to a secondary AWS Region.The company uses AWS CodeCommit as a source control tool in the primary Region.A DevOps engineer must provide the capability for the company to develop code in the secondary Region.If the company needs to use the secondary Region, developers can add an additional remote URL to their local Git configuration.Which solution will meet these requirements?Read More →

A company’s organization in AWS Organizations has a single OU.The company runs Amazon EC2 instances in the OU accounts.The company needs to limit the use of each EC2 instance’s credentials to the specific EC2 instance that the credential is assigned to.A DevOps engineer must configure security for the EC2 instances.Which solution will meet these requirements?Read More →

A company has multiple member accounts that are part of an organization in AWS Organizations.The security team needs to review every Amazon EC2 security group and their inbound and outbound rules.The security team wants to programmatically retrieve this information from the member accounts using an AWS Lambda function in the management account of the organization.Which combination of access changes will meet these requirements? (Choose three.)Read More →

An Amazon EC2 instance is running in a VPC and needs to download an object from a restricted Amazon S3 bucket.When the DevOps engineer tries to download the object, an AccessDenied error is received.What are the possible causes for this error? (Choose two.)Read More →

A company that uses electronic health records is running a fleet of Amazon EC2 instances with an Amazon Linux operating system.As part of patient privacy requirements, the company must ensure continuous compliance for patches for operating system and applications running on the EC2 instances.How can the deployments of the operating system and application patches be automated using a default and custom repository?Read More →

A DevOps engineer is using AWS CodeDeploy across a fleet of Amazon EC2 instances in an EC2 Auto Scaling group.The associated CodeDeploy deployment group, which is integrated with EC2 Auto Scaling, is configured to perform in-place deployments with CodeDeployDefault.OneAtATime.During an ongoing new deployment, the engineer discovers that, although the overall deployment finished successfully, two out of five instances have the previous application revision deployed.The other three instances have the newest application revision.What is likely causing this issue?Read More →

A company uses AWS Organizations and AWS Control Tower to manage all the company’s AWS accounts.The company uses the Enterprise Support plan.A DevOps engineer is using Account Factory for Terraform (AFT) to provision new accounts.When new accounts are provisioned, the DevOps engineer notices that the support plan for the new accounts is set to the Basic Support plan.The DevOps engineer needs to implement a solution to provision the new accounts with the Enterprise Support plan.Which solution will meet these requirements?Read More →

A company has an application that includes AWS Lambda functions.The Lambda functions run Python code that is stored in an AWS CodeCommit repository.The company has recently experienced failures in the production environment because of an error in the Python code.An engineer has written unit tests for the Lambda functions to help avoid releasing any future defects into the production environment.The company’s DevOps team needs to implement a solution to integrate the unit tests into an existing AWS CodePipeline pipeline.The solution must produce reports about the unit tests for the company to view.Which solution will meet these requirements?Read More →

A company builds a container image in an AWS CodeBuild project by running Docker commands.After the container image is built, the CodeBuild project uploads the container image to an Amazon S3 bucket.The CodeBuild project has an IAM service role that has permissions to access the S3 bucket.A DevOps engineer needs to replace the S3 bucket with an Amazon Elastic Container Registry (Amazon ECR) repository to store the container images.The DevOps engineer creates an ECR private image repository in the same AWS Region of the CodeBuild project.The DevOps engineer adjusts the IAM service role with the permissions that are necessary to work with the new ECR repository.The DevOps engineer also places new repository information into the docker build command and the docker push command that are used in the buildspec.yml file.When the CodeBuild project runs a build job, the job fails when the job tries to access the ECR repository.Which solution will resolve the issue of failed access to the ECR repository?Read More →

A development team manually builds an artifact locally and then places it in an Amazon S3 bucket.The application has a local cache that must be cleared when a deployment occurs.The team runs a command to do this, downloads the artifact from Amazon S3, and unzips the artifact to complete the deployment.A DevOps team wants to migrate to a CI/CD process and build in checks to stop and roll back the deployment when a failure occurs.This requires the team to track the progression of the deployment.Which combination of actions will accomplish this? (Choose three.)Read More →