DevOps Engineer Professional (Page 42)

A DevOps engineer needs to implement integration tests into an existing AWS CodePipeline CI/CD workflow for an Amazon Elastic Container Service (Amazon ECS) service.The CI/CD workflow retrieves new application code from an AWS CodeCommit repository and builds a container image.The Cl/CD workflow then uploads the container image to Amazon Elastic Container Registry (Amazon ECR) with a new image tag version.The integration tests must ensure that new versions of the service endpoint are reachable and that various API methods return successful response data.The DevOps engineer has already created an ECS cluster to test the service.Which combination of steps will meet these requirements with the LEAST management overhead? (Choose three.)Read More →

A company uses the AWS Cloud Development Kit (AWS CDK) to define its application.The company uses a pipeline that consists of AWS CodePipeline and AWS CodeBuild to deploy the CDK application.The company wants to introduce unit tests to the pipeline to test various infrastructure components.The company wants to ensure that a deployment proceeds if no unit tests result in a failure.Which combination of steps will enforce the testing requirement in the pipeline? (Choose two.)Read More →

To run an application, a DevOps engineer launches an Amazon EC2 instance with public IP addresses in a public subnet.A user data script obtains the application artifacts and installs them on the instances upon launch.A change to the security classification of the application now requires the instances to run with no access to the internet.While the instances launch successfully and show as healthy, the application does not seem to be installed.Which of the following should successfully install the application while complying with the new rule?Read More →

An ecommerce company has chosen AWS to host its new platform.The company’s DevOps team has started building an AWS Control Tower landing zone.The DevOps team has set the identity store within AWS IAM Identity Center (AWS Single Sign-On) to external identity provider (IdP) and has configured SAML 2.0.The DevOps team wants a robust permission model that applies the principle of least privilege.The model must allow the team to build and manage only the team’s own resources.Which combination of steps will meet these requirements? (Choose three.)Read More →

A company’s developers use Amazon EC2 instances as remote workstations.The company is concerned that users can create or modify EC2 security groups to allow unrestricted inbound access.A DevOps engineer needs to develop a solution to detect when users create unrestricted security group rules.The solution must detect changes to security group rules in near real time, remove unrestricted rules, and send email notifications to the security team.The DevOps engineer has created an AWS Lambda function that checks for security group ID from input, removes rules that grant unrestricted access, and sends notifications through Amazon Simple Notification Service (Amazon SNS).What should the DevOps engineer do next to meet the requirements?Read More →

A company uses an Amazon API Gateway regional REST API to host its application API.The REST API has a custom domain.The REST API’s default endpoint is deactivated.The company’s internal teams consume the API.The company wants to use mutual TLS between the API and the internal teams as an additional layer of authentication.Which combination of steps will meet these requirements? (Choose two.)Read More →

A company has an AWS Control Tower landing zone.The company’s DevOps team creates a workload OU.A development OU and a production OU are nested under the workload OU.The company grants users full access to the company’s AWS accounts to deploy applications.The DevOps team needs to allow only a specific management IAM role to manage the IAM roles and policies of any AWS accounts in only the production OU.Which combination of steps will meet these requirements? (Choose two.)Read More →

A company is using AWS Organizations to centrally manage its AWS accounts.The company has turned on AWS Config in each member account by using AWS CloudFormation StackSets.The company has configured trusted access in Organizations for AWS Config and has configured a member account as a delegated administrator account for AWS Config.A DevOps engineer needs to implement a new security policy.The policy must require all current and future AWS member accounts to use a common baseline of AWS Config rules that contain remediation actions that are managed from a central account.Non-administrator users who can access member accounts must not be able to modify this common baseline of AWS Config rules that are deployed into each member account.Which solution will meet these requirements?Read More →

A DevOps engineer notices that all Amazon EC2 instances running behind an Application Load Balancer in an Auto Scaling group are failing to respond to user requests.The EC2 instances are also failing target group HTTP health checks.Upon inspection, the engineer notices the application process was not running in any EC2 instances.There are a significant number of out of memory messages in the system logs.The engineer needs to improve the resilience of the application to cope with a potential application memory leak.Monitoring and notifications should be enabled to alert when there is an issue.Which combination of actions will meet these requirements? (Choose two.)Read More →

A company manages multiple AWS accounts by using AWS Organizations with OUs for the different business divisions.The company is updating their corporate network to use new IP address ranges.The company has 10 Amazon S3 buckets in different AWS accounts.The S3 buckets store reports for the different divisions.The S3 bucket configurations allow only private corporate network IP addresses to access the S3 buckets.A DevOps engineer needs to change the range of IP addresses that have permission to access the contents of the S3 buckets.The DevOps engineer also needs to revoke the permissions of two OUs in the company.Which solution will meet these requirements?Read More →