DevOps Engineer Professional (Page 9)

A cloud team uses AWS Organizations and AWS IAM Identity Center (AWS Single Sign-On) to manage a company’s AWS accounts.The company recently established a research team.The research team requires the ability to fully manage the resources in its account.The research team must not be able to create IAM users.The cloud team creates a Research Administrator permission set in IAM Identity Center for the research team.The permission set has the AdministratorAccess AWS managed policy attached.The cloud team must ensure that no one on the research team can create IAM users.Which solution will meet these requirements?Read More →

A DevOps engineer is setting up an Amazon Elastic Container Service (Amazon ECS) blue/green deployment for an application by using AWS CodeDeploy and AWS CloudFormation.During the deployment window, the application must be highly available and CodeDeploy must shift 10% of traffic to a new version of the application every minute until all traffic is shifted.Which configuration should the DevOps engineer add in the CloudFormation template to meet these requirements?Read More →

A company is launching an application.The application must use only approved AWS services.The account that runs the application was created less than 1 year ago and is assigned to an AWS Organizations OU.The company needs to create a new Organizations account structure.The account structure must have an appropriate SCP that supports the use of only services that are currently active in the AWS account.The company will use AWS Identity and Access Management (IAM) Access Analyzer in the solution.Which solution will meet these requirements?Read More →

A company uses Amazon RDS for all databases in its AWS accounts.The company uses AWS Control Tower to build a landing zone that has an audit and logging account.All databases must be encrypted at rest for compliance reasons.The company’s security engineer needs to receive notification about any noncompliant databases that are in the company’s accounts.Which solution will meet these requirements with the MOST operational efficiency?Read More →

A company uses an AWS CodeCommit repository to store its source code and corresponding unit tests.The company has configured an AWS CodePipeline pipeline that includes an AWS CodeBuild project that runs when code is merged to the main branch of the repository.The company wants the CodeBuild project to run the unit tests.If the unit tests pass, the CodeBuild project must tag the most recent commit.How should the company configure the CodeBuild project to meet these requirements?Read More →

A company is using AWS CodeDeploy to automate software deployment.The deployment must meet these requirements:• A number of instances must be available to serve traffic during the deployment.Traffic must be balanced across those instances, and the instances must automatically heal in the event of failure.• A new fleet of instances must be launched for deploying a new revision automatically, with no manual provisioning.• Traffic must be rerouted to the new environment to half of the new instances at a time.The deployment should succeed if traffic is rerouted to at least half of the instances: otherwise, it should fail.• Before routing traffic to the new fleet of instances, the temporary files generated during the deployment process must be deleted.• At the end of a successful deployment, the original instances in the deployment group must be deleted immediately to reduce costs.How can a DevOps engineer meet these requirements?Read More →

A company uses AWS Organizations to manage its AWS accounts.The company wants its monitoring system to receive an alert when a root user logs in.The company also needs a dashboard to display any log activity that the root user generates.Which combination of steps will meet these requirements? (Choose three.)Read More →

A company uses an Amazon Elastic Kubernetes Service (Amazon EKS) cluster to deploy its web applications on containers.The web applications contain confidential data that cannot be decrypted without specific credentials.A DevOps engineer has stored the credentials in AWS Secrets Manager.The secrets are encrypted by an AWS Key Management Service (AWS KMS) customer managed key.A Kubernetes service account for a third-party tool makes the secrets available to the applications.The service account assumes an IAM role that the company created to access the secrets.The service account receives an Access Denied (403 Forbidden) error while trying to retrieve the secrets from Secrets Manager.What is the root cause of this issue?Read More →

A company has an application that stores data that includes personally identifiable information (PII) in an Amazon S3 bucket.All data is encrypted with AWS Key Management Service (AWS KMS) customer managed keys.All AWS resources are deployed from an AWS CloudFormation template.A DevOps engineer needs to set up a development environment for the application in a different AWS account.The data in the development environment’s S3 bucket needs to be updated once a week from the production environment’s S3 bucket.The company must not move PII from the production environment without anonymizing the PII first.The data in each environment must be encrypted with different KMS customer managed keys.Which combination of steps should the DevOps engineer take to meet these requirements? (Choose two.)Read More →

A company’s application has an API that retrieves workload metrics.The company needs to audit, analyze, and visualize these metrics from the application to detect issues at scale.Which combination of steps will meet these requirements? (Choose three.)Read More →