{"id":96262,"date":"2025-01-27T03:19:29","date_gmt":"2025-01-27T03:19:29","guid":{"rendered":"https:\/\/www.dumpsbase.com\/freedumps\/?p=96262"},"modified":"2025-01-20T03:21:52","modified_gmt":"2025-01-20T03:21:52","slug":"download-dop-c02-dumps-pdf-v14-03-to-prepare-for-your-aws-certified-devops-engineer-professional-certification-exam","status":"publish","type":"post","link":"https:\/\/www.dumpsbase.com\/freedumps\/download-dop-c02-dumps-pdf-v14-03-to-prepare-for-your-aws-certified-devops-engineer-professional-certification-exam.html","title":{"rendered":"Download DOP-C02 Dumps PDF (V14.03) to Prepare for Your AWS Certified DevOps Engineer &#8211; Professional Certification Exam"},"content":{"rendered":"<p>The AWS Certified DevOps Engineer &#8211; Professional certification is valuable to validate your technical expertise in provisioning, operating, and managing distributed application systems on the AWS platform, giving them increased confidence and credibility with peers, stakeholders, and customers. To achieve success, you should download the DOP-C02 dumps PDF from DumpsBase for learning. We updated the DOP-C02 exam dumps to V14.03 with 250 practice questions and answers. Our PDF format can work on all smart devices, and you can download our PDF file to study DOP-C02 exam questions from any place at any time. Additionally, we have software at no cost if you choose to download the PDF file. Our Amazon DOP-C02 dumps in software version are ideal for evaluating and enhancing your test preparation. It will simulate the authentic AWS Certified DevOps Engineer &#8211; Professional Exam environment. Register for the AWS Certified DevOps Engineer &#8211; Professional DOP-C02 exam, download the DumpsBase DOP-C02 dumps (V14.03) in PDF and software formats, and start preparation right now.<\/p>\n<h2>Read AWS Certified DevOps Engineer &#8211; Professional <em><span style=\"background-color: #00ff00;\">DOP-C02 Free Dumps<\/span><\/em> to Check the V14.03:<\/h2>\n<script>\n\t  window.fbAsyncInit = function() {\n\t    FB.init({\n\t      appId            : '622169541470367',\n\t      autoLogAppEvents : true,\n\t      xfbml            : true,\n\t      version          : 'v3.1'\n\t    });\n\t  };\n\t\n\t  (function(d, s, id){\n\t     var js, fjs = d.getElementsByTagName(s)[0];\n\t     if (d.getElementById(id)) {return;}\n\t     js = d.createElement(s); js.id = id;\n\t     js.src = \"https:\/\/connect.facebook.net\/en_US\/sdk.js\";\n\t     fjs.parentNode.insertBefore(js, fjs);\n\t   }(document, 'script', 'facebook-jssdk'));\n\t<\/script><script type=\"text\/javascript\" >\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \nif(!window.jQuery) alert(\"The important jQuery library is not properly loaded in your site. Your WordPress theme is probably missing the essential wp_head() call. You can switch to another theme and you will see that the plugin works fine and this notice disappears. If you are still not sure what to do you can contact us for help.\");\n});\n<\/script>  \n  \n<div  id=\"watupro_quiz\" class=\"quiz-area single-page-quiz\">\n<p id=\"submittingExam9021\" style=\"display:none;text-align:center;\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\"><\/p>\n\n\n\n<form action=\"\" method=\"post\" class=\"quiz-form\" id=\"quiz-9021\"  enctype=\"multipart\/form-data\" >\n<div class='watu-question ' id='question-1' style=';'><div id='questionWrap-1'  class='   watupro-question-id-353990'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>1. <\/span>A company uses AWS Organizations to manage multiple accounts. Information security policies require that all unencrypted Amazon EBS volumes be marked as non-compliant. A DevOps engineer needs to automatically deploy the solution and ensure that this compliance check is always present. <br \/>\r<br>Which solution will accomplish this?<\/div><input type='hidden' name='question_id[]' id='qID_1' value='353990' \/><input type='hidden' id='answerType353990' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353990[]' id='answer-id-1382114' class='answer   answerof-353990 ' value='1382114'   \/><label for='answer-id-1382114' id='answer-label-1382114' class=' answer'><span>Create an AWS CloudFormation template that defines an AWS Inspector rule to check whether EBS encryption is enabled. Save the template to an Amazon S3 bucket that has been shared with all accounts within the company. Update the account creation script pointing to the CloudFormation template in Amazon S3.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353990[]' id='answer-id-1382115' class='answer   answerof-353990 ' value='1382115'   \/><label for='answer-id-1382115' id='answer-label-1382115' class=' answer'><span>Create an AWS Config organizational rule to check whether EBS encryption is enabled and deploy the rule using the AWS CL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353990[]' id='answer-id-1382116' class='answer   answerof-353990 ' value='1382116'   \/><label for='answer-id-1382116' id='answer-label-1382116' class=' answer'><span>Create and apply an SCP to prohibit stopping and deleting AWS Config across the organization.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353990[]' id='answer-id-1382117' class='answer   answerof-353990 ' value='1382117'   \/><label for='answer-id-1382117' id='answer-label-1382117' class=' answer'><span>Create an SCP in Organizations. Set the policy to prevent the launch of Amazon EC2 instances without encryption on the EBS volumes using a conditional expression. Apply the SCP to all AWS accounts. Use Amazon Athena to analyze the AWS CloudTrail output, looking for events that deny an ec2: RunInstances action.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353990[]' id='answer-id-1382118' class='answer   answerof-353990 ' value='1382118'   \/><label for='answer-id-1382118' id='answer-label-1382118' class=' answer'><span>Deploy an IAM role to all accounts from a single trusted account. Build a pipeline with AWS CodePipeline with a stage in AWS Lambda to assume the IAM role, and list all EBS volumes in the account. Publish a report to Amazon S3.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-2' style=';'><div id='questionWrap-2'  class='   watupro-question-id-353991'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>2. <\/span>A company has chosen AWS to host a new application. The company needs to implement a multi-account strategy. A DevOps engineer creates a new AWS account and an organization in AWS Organizations. The DevOps engineer also creates the OU structure for the organization and sets up a landing zone by using AWS Control Tower. <br \/>\r<br>The DevOps engineer must implement a solution that automatically deploys resources for new accounts that users create through AWS Control Tower Account Factory. When a user creates a new account, the solution must apply AWS CloudFormation templates and SCPs that are customized for the OU or the account to automatically deploy all the resources that are attached to the account. All the OUs are enrolled in AWS Control Tower. <br \/>\r<br>Which solution will meet these requirements in the MOST automated way?<\/div><input type='hidden' name='question_id[]' id='qID_2' value='353991' \/><input type='hidden' id='answerType353991' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353991[]' id='answer-id-1382119' class='answer   answerof-353991 ' value='1382119'   \/><label for='answer-id-1382119' id='answer-label-1382119' class=' answer'><span>Use AWS Service Catalog with AWS Control Tower. Create portfolios and products in AWS Service Catalog. Grant granular permissions to provision these resources. Deploy SCPs by using the AWS CLI and JSON documents.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353991[]' id='answer-id-1382120' class='answer   answerof-353991 ' value='1382120'   \/><label for='answer-id-1382120' id='answer-label-1382120' class=' answer'><span>Deploy CloudFormation stack sets by using the required templates. Enable automatic deployment. Deploy stack instances to the required accounts. Deploy a CloudFormation stack set to the organization\u2019s management account to deploy SCPs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353991[]' id='answer-id-1382121' class='answer   answerof-353991 ' value='1382121'   \/><label for='answer-id-1382121' id='answer-label-1382121' class=' answer'><span>Create an Amazon EventBridge rule to detect the CreateManagedAccount event. \r\nConfigure AWS Service Catalog as the target to deploy resources to any new accounts. \r\nDeploy SCPs by using the AWS CLI and JSON documents.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353991[]' id='answer-id-1382122' class='answer   answerof-353991 ' value='1382122'   \/><label for='answer-id-1382122' id='answer-label-1382122' class=' answer'><span>Deploy the Customizations for AWS Control Tower (CfCT) solution. Use an AWS CodeCommit repository as the source. In the repository, create a custom package that includes the CloudFormation templates and the SCP JSON documents.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-3' style=';'><div id='questionWrap-3'  class='   watupro-question-id-353992'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>3. <\/span>A space exploration company receives telemetry data from multiple satellites. Small packets of data are received through Amazon API Gateway and are placed directly into an Amazon Simple Queue Service (Amazon SQS) standard queue. A custom application is subscribed to the queue and transforms the data into a standard format. <br \/>\r<br>Because of inconsistencies in the data that the satellites produce, the application is occasionally unable to transform the data. In these cases, the messages remain in theSQS queue. A DevOps engineer must develop a solution that retains the failed messages and makes them available to scientists for review and future processing. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_3' value='353992' \/><input type='hidden' id='answerType353992' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353992[]' id='answer-id-1382123' class='answer   answerof-353992 ' value='1382123'   \/><label for='answer-id-1382123' id='answer-label-1382123' class=' answer'><span>Configure AWS Lambda to poll the SQS queue and invoke a Lambda function to check whether the queue messages are valid. If validation fails, send a copy of the data that is not valid to an Amazon S3 bucket so that the scientists can review and correct the data. When the data is corrected, amend the message in the SQS queue by using a replay Lambda function with the corrected data.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353992[]' id='answer-id-1382124' class='answer   answerof-353992 ' value='1382124'   \/><label for='answer-id-1382124' id='answer-label-1382124' class=' answer'><span>Convert the SQS standard queue to an SQS FIFO queue. Configure AWS Lambda to poll the SQS queue every 10 minutes by using an Amazon EventBridge schedule. Invoke the Lambda function to identify any messages with a SentTimestamp value that is older than 5 minutes, push the data to the same location as the application's output location, and remove the messages from the queue.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353992[]' id='answer-id-1382125' class='answer   answerof-353992 ' value='1382125'   \/><label for='answer-id-1382125' id='answer-label-1382125' class=' answer'><span>Create an SQS dead-letter queue. Modify the existing queue by including a redrive policy that sets the Maximum Receives setting to 1 and sets the dead-letter queue ARN to the ARN of the newly created queue. Instruct the scientists to use the dead-letter queue to review the data that is not valid. Reprocess this data at a later time.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353992[]' id='answer-id-1382126' class='answer   answerof-353992 ' value='1382126'   \/><label for='answer-id-1382126' id='answer-label-1382126' class=' answer'><span>Configure API Gateway to send messages to different SQS virtual queues that are named for each of the satellites. Update the application to use a new virtual queue for any data that it cannot transform, and send the message to the new virtual queue. Instruct the scientists to use the virtual queue to review the data that is not valid. Reprocess this data at a later time.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-4' style=';'><div id='questionWrap-4'  class='   watupro-question-id-353993'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>4. <\/span>A company has multiple member accounts that are part of an organization in AWS Organizations. The security team needs to review every Amazon EC2 security group and their inbound and outbound rules. The security team wants to programmatically retrieve this information from the member accounts using an AWS Lambda function in the management account of the organization. <br \/>\r<br>Which combination of access changes will meet these requirements? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_4' value='353993' \/><input type='hidden' id='answerType353993' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-353993[]' id='answer-id-1382127' class='answer   answerof-353993 ' value='1382127'   \/><label for='answer-id-1382127' id='answer-label-1382127' class=' answer'><span>Create a trust relationship that allows users in the member accounts to assume the management account IAM role.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-353993[]' id='answer-id-1382128' class='answer   answerof-353993 ' value='1382128'   \/><label for='answer-id-1382128' id='answer-label-1382128' class=' answer'><span>Create a trust relationship that allows users in the management account to assume the IAM roles of the member accounts.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-353993[]' id='answer-id-1382129' class='answer   answerof-353993 ' value='1382129'   \/><label for='answer-id-1382129' id='answer-label-1382129' class=' answer'><span>Create an IAM role in each member account that has access to the AmazonEC2ReadOnlyAccess managed policy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-353993[]' id='answer-id-1382130' class='answer   answerof-353993 ' value='1382130'   \/><label for='answer-id-1382130' id='answer-label-1382130' class=' answer'><span>Create an I AM role in each member account to allow the sts: AssumeRole action against the management account IAM role's AR<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-353993[]' id='answer-id-1382131' class='answer   answerof-353993 ' value='1382131'   \/><label for='answer-id-1382131' id='answer-label-1382131' class=' answer'><span>Create an I AM role in the management account that allows the sts: AssumeRole action against the member account IAM role's AR<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-353993[]' id='answer-id-1382132' class='answer   answerof-353993 ' value='1382132'   \/><label for='answer-id-1382132' id='answer-label-1382132' class=' answer'><span>Create an IAM role in the management account that has access to the AmazonEC2ReadOnlyAccess managed policy.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-5' style=';'><div id='questionWrap-5'  class='   watupro-question-id-353994'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>5. <\/span>A company uses AWS Key Management Service (AWS KMS) keys and manual key rotation to meet regulatory compliance requirements. The security team wants to be notified when any keys have not been rotated after 90 days. <br \/>\r<br>Which solution will accomplish this?<\/div><input type='hidden' name='question_id[]' id='qID_5' value='353994' \/><input type='hidden' id='answerType353994' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353994[]' id='answer-id-1382133' class='answer   answerof-353994 ' value='1382133'   \/><label for='answer-id-1382133' id='answer-label-1382133' class=' answer'><span>Configure AWS KMS to publish to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353994[]' id='answer-id-1382134' class='answer   answerof-353994 ' value='1382134'   \/><label for='answer-id-1382134' id='answer-label-1382134' class=' answer'><span>Configure an Amazon EventBridge event to launch an AWS Lambda function to call the AWS Trusted Advisor API and publish to an Amazon Simple Notification Service (Amazon SNS) topic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353994[]' id='answer-id-1382135' class='answer   answerof-353994 ' value='1382135'   \/><label for='answer-id-1382135' id='answer-label-1382135' class=' answer'><span>Develop an AWS Config custom rule that publishes to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353994[]' id='answer-id-1382136' class='answer   answerof-353994 ' value='1382136'   \/><label for='answer-id-1382136' id='answer-label-1382136' class=' answer'><span>Configure AWS Security Hub to publish to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-6' style=';'><div id='questionWrap-6'  class='   watupro-question-id-353995'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>6. <\/span>A video-sharing company stores its videos in Amazon S3. The company has observed a sudden increase in video access requests, but the company does not know which videos are most popular. The company needs to identify the general access pattern for the video files. This pattern includes the number of users who access a certain file on a given day, as well as the number of pull requests for certain files. <br \/>\r<br>How can the company meet these requirements with the LEAST amount of effort?<\/div><input type='hidden' name='question_id[]' id='qID_6' value='353995' \/><input type='hidden' id='answerType353995' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353995[]' id='answer-id-1382137' class='answer   answerof-353995 ' value='1382137'   \/><label for='answer-id-1382137' id='answer-label-1382137' class=' answer'><span>Activate S3 server access logging. Import the access logs into an Amazon Aurora database. Use an Aurora SQL query to analyze the access patterns.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353995[]' id='answer-id-1382138' class='answer   answerof-353995 ' value='1382138'   \/><label for='answer-id-1382138' id='answer-label-1382138' class=' answer'><span>Activate S3 server access logging. Use Amazon Athena to create an external table with the log files. Use Athena to create a SQL query to analyze the access patterns.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353995[]' id='answer-id-1382139' class='answer   answerof-353995 ' value='1382139'   \/><label for='answer-id-1382139' id='answer-label-1382139' class=' answer'><span>Invoke an AWS Lambda function for every S3 object access event. Configure the Lambda function to write the file access information, such as user. S3 bucket, and file key, to an Amazon Aurora database. Use an Aurora SQL query to analyze the access patterns.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353995[]' id='answer-id-1382140' class='answer   answerof-353995 ' value='1382140'   \/><label for='answer-id-1382140' id='answer-label-1382140' class=' answer'><span>Record an Amazon CloudWatch Logs log message for every S3 object access event. Configure a CloudWatch Logs log stream to write the file access information, such as user, S3 bucket, and file key, to an Amazon Kinesis Data Analytics for SQL application. Perform a sliding window analysis.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-7' style=';'><div id='questionWrap-7'  class='   watupro-question-id-353996'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>7. <\/span>A company has deployed an application in a production VPC in a single AWS account. The application is popular and is experiencing heavy usage. The company\u2019s security team wants to add additional security, such as AWS WAF, to the application deployment. However, the application's product manager is concerned about cost and does not want to approve the change unless the security team can prove that additional security is necessary. <br \/>\r<br>The security team believes that some of the application's demand might come from users that have IP addresses that are on a deny list. The security team provides the deny list to a DevOps engineer. If any of the IP addresses on the deny list access the application, the security team wants to receive automated notification in near real time so that the security team can document that the application needs additional security. The DevOps engineer creates a VPC flow log for the production VPC. <br \/>\r<br>Which set of additional steps should the DevOps engineer take to meet these requirements MOST cost-effectively?<\/div><input type='hidden' name='question_id[]' id='qID_7' value='353996' \/><input type='hidden' id='answerType353996' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353996[]' id='answer-id-1382141' class='answer   answerof-353996 ' value='1382141'   \/><label for='answer-id-1382141' id='answer-label-1382141' class=' answer'><span>Create a log group in Amazon CloudWatch Logs. Configure the VPC flow log to capture accepted traffic and to send the data to the log group. Create an Amazon CloudWatch metric filter for IP addresses on the deny list. Create a CloudWatch alarmwith the metric filter as input. Set the period to 5 minutes and the datapoints to alarm to 1. Use an Amazon Simple Notification Service (Amazon SNS) topic to send alarm notices to the security team.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353996[]' id='answer-id-1382142' class='answer   answerof-353996 ' value='1382142'   \/><label for='answer-id-1382142' id='answer-label-1382142' class=' answer'><span>Create an Amazon S3 bucket for log files. Configure the VPC flow log to capture all traffic and to send the data to the S3 bucket. Configure Amazon Athena to return all log files in the S3 bucket for IP addresses on the deny list. Configure Amazon QuickSight to accept data from Athena and to publish the data as a dashboard that the security team can access. Create a threshold alert of 1 for successful access. Configure the alert to automatically notify the security team as frequently as possible when the alert threshold is met.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353996[]' id='answer-id-1382143' class='answer   answerof-353996 ' value='1382143'   \/><label for='answer-id-1382143' id='answer-label-1382143' class=' answer'><span>Create an Amazon S3 bucket for log files. Configure the VPC flow log to capture accepted traffic and to send the data to the S3 bucket. Configure an Amazon OpenSearch Service cluster and domain for the log files. Create an AWS Lambda function to retrieve the logs from the S3 bucket, format the logs, and load the logs into the OpenSearch Service cluster. Schedule the Lambda function to run every 5 minutes. Configure an alert and condition in OpenSearch Service to send alerts to the security team through an Amazon Simple Notification Service (Amazon SNS) topic when access from the IP addresses on the deny list is detected.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353996[]' id='answer-id-1382144' class='answer   answerof-353996 ' value='1382144'   \/><label for='answer-id-1382144' id='answer-label-1382144' class=' answer'><span>Create a log group in Amazon CloudWatch Logs. Create an Amazon S3 bucket to hold query results. Configure the VPC flow log to capture all traffic and to send the data to the log group. Deploy an Amazon Athena CloudWatch connector in AWS Lambda. Connect the connector to the log group. Configure Athena to periodically query for all accepted traffic from the IP addresses on the deny list and to store the results in the S3 bucket. Configure an S3 event notification to automatically notify the security team through an Amazon Simple Notification Service (Amazon SNS) topic when new objects are added to the S3 bucket.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-8' style=';'><div id='questionWrap-8'  class='   watupro-question-id-353997'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>8. <\/span>An online retail company based in the United States plans to expand its operations to Europe and Asia in the next six months. Its product currently runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. All data is stored in an Amazon Aurora database instance. <br \/>\r<br>When the product is deployed in multiple regions, the company wants a single product catalog across all regions, but for compliance purposes, its customer information and purchases must be kept in each region. <br \/>\r<br>How should the company meet these requirements with the LEAST amount of application changes?<\/div><input type='hidden' name='question_id[]' id='qID_8' value='353997' \/><input type='hidden' id='answerType353997' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353997[]' id='answer-id-1382145' class='answer   answerof-353997 ' value='1382145'   \/><label for='answer-id-1382145' id='answer-label-1382145' class=' answer'><span>Use Amazon Redshift for the product catalog and Amazon DynamoDB tables for the customer information and purchases.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353997[]' id='answer-id-1382146' class='answer   answerof-353997 ' value='1382146'   \/><label for='answer-id-1382146' id='answer-label-1382146' class=' answer'><span>Use Amazon DynamoDB global tables for the product catalog and regional tables for the customer information and purchases.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353997[]' id='answer-id-1382147' class='answer   answerof-353997 ' value='1382147'   \/><label for='answer-id-1382147' id='answer-label-1382147' class=' answer'><span>Use Aurora with read replicas for the product catalog and additional local Aurora instances in each region for the customer information and purchases.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353997[]' id='answer-id-1382148' class='answer   answerof-353997 ' value='1382148'   \/><label for='answer-id-1382148' id='answer-label-1382148' class=' answer'><span>Use Aurora for the product catalog and Amazon DynamoDB global tables for the customer information and purchases.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-9' style=';'><div id='questionWrap-9'  class='   watupro-question-id-353998'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>9. <\/span>A company's application is currently deployed to a single AWS Region. Recently, the company opened a new office on a different continent. The users in the new office are experiencing high latency. The company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) and uses Amazon DynamoDB as the database layer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. A DevOps engineer is tasked with minimizing application response times and improving availability for users in both Regions. <br \/>\r<br>Which combination of actions should be taken to address the latency issues? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_9' value='353998' \/><input type='hidden' id='answerType353998' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-353998[]' id='answer-id-1382149' class='answer   answerof-353998 ' value='1382149'   \/><label for='answer-id-1382149' id='answer-label-1382149' class=' answer'><span>Create a new DynamoDB table in the new Region with cross-Region replication enabled.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-353998[]' id='answer-id-1382150' class='answer   answerof-353998 ' value='1382150'   \/><label for='answer-id-1382150' id='answer-label-1382150' class=' answer'><span>Create new ALB and Auto Scaling group global resources and configure the new ALB to direct traffic to the new Auto Scaling group.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-353998[]' id='answer-id-1382151' class='answer   answerof-353998 ' value='1382151'   \/><label for='answer-id-1382151' id='answer-label-1382151' class=' answer'><span>Create new ALB and Auto Scaling group resources in the new Region and configure the new ALB to direct traffic to the new Auto Scaling group.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-353998[]' id='answer-id-1382152' class='answer   answerof-353998 ' value='1382152'   \/><label for='answer-id-1382152' id='answer-label-1382152' class=' answer'><span>Create Amazon Route 53 records, health checks, and latency-based routing policies to route to the AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-353998[]' id='answer-id-1382153' class='answer   answerof-353998 ' value='1382153'   \/><label for='answer-id-1382153' id='answer-label-1382153' class=' answer'><span>Create Amazon Route 53 aliases, health checks, and failover routing policies to route to the AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-353998[]' id='answer-id-1382154' class='answer   answerof-353998 ' value='1382154'   \/><label for='answer-id-1382154' id='answer-label-1382154' class=' answer'><span>Convert the DynamoDB table to a global table.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-10' style=';'><div id='questionWrap-10'  class='   watupro-question-id-353999'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>10. <\/span>A company wants to use AWS CloudFormation for infrastructure deployment. The company has strict tagging and resource requirements and wants to limit the deployment to two Regions. Developers will need to deploy multiple versions of the same application. <br \/>\r<br>Which solution ensures resources are deployed in accordance with company policy?<\/div><input type='hidden' name='question_id[]' id='qID_10' value='353999' \/><input type='hidden' id='answerType353999' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353999[]' id='answer-id-1382155' class='answer   answerof-353999 ' value='1382155'   \/><label for='answer-id-1382155' id='answer-label-1382155' class=' answer'><span>Create AWS Trusted Advisor checks to find and remediate unapproved CloudFormation StackSets.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353999[]' id='answer-id-1382156' class='answer   answerof-353999 ' value='1382156'   \/><label for='answer-id-1382156' id='answer-label-1382156' class=' answer'><span>Create a Cloud Formation drift detection operation to find and remediate unapproved CloudFormation StackSets.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353999[]' id='answer-id-1382157' class='answer   answerof-353999 ' value='1382157'   \/><label for='answer-id-1382157' id='answer-label-1382157' class=' answer'><span>Create CloudFormation StackSets with approved CloudFormation templates.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-353999[]' id='answer-id-1382158' class='answer   answerof-353999 ' value='1382158'   \/><label for='answer-id-1382158' id='answer-label-1382158' class=' answer'><span>Create AWS Service Catalog products with approved CloudFormation templates.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-11' style=';'><div id='questionWrap-11'  class='   watupro-question-id-354000'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>11. <\/span>A company wants to migrate its content sharing web application hosted on Amazon EC2 to a serverless architecture. The company currently deploys changes to its application by creating a new Auto Scaling group of EC2 instances and a new Elastic Load Balancer, and then shifting the traffic away using an Amazon Route 53 weighted routing policy. <br \/>\r<br>For its new serverless application, the company is planning to use Amazon API Gateway and AWS Lambda. The company will need to update its deployment processes to work with the new application. It will also need to retain the ability to test new features on a small number of users before rolling the features out to the entire user base. <br \/>\r<br>Which deployment strategy will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_11' value='354000' \/><input type='hidden' id='answerType354000' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354000[]' id='answer-id-1382159' class='answer   answerof-354000 ' value='1382159'   \/><label for='answer-id-1382159' id='answer-label-1382159' class=' answer'><span>Use AWS CDK to deploy API Gateway and Lambda functions. When code needs to be changed, update the AWS CloudFormation stack and deploy the new version of the APIs and Lambda functions. Use a Route 53 failover routing policy for the canary release strategy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354000[]' id='answer-id-1382160' class='answer   answerof-354000 ' value='1382160'   \/><label for='answer-id-1382160' id='answer-label-1382160' class=' answer'><span>Use AWS CloudFormation to deploy API Gateway and Lambda functions using Lambda function versions. When code needs to be changed, update the CloudFormation stack with the new Lambda code and update the API versions using a canary release strategy. Promote the new version when testing is complete.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354000[]' id='answer-id-1382161' class='answer   answerof-354000 ' value='1382161'   \/><label for='answer-id-1382161' id='answer-label-1382161' class=' answer'><span>Use AWS Elastic Beanstalk to deploy API Gateway and Lambda functions. When code needs to be changed, deploy a new version of the API and Lambda functions. Shift traffic gradually using an Elastic Beanstalk blue\/green deployment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354000[]' id='answer-id-1382162' class='answer   answerof-354000 ' value='1382162'   \/><label for='answer-id-1382162' id='answer-label-1382162' class=' answer'><span>Use AWS OpsWorks to deploy API Gateway in the service layer and Lambda functions in a custom layer. When code needs to be changed, use OpsWorks to perform a blue\/green deployment and shift traffic gradually.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-12' style=';'><div id='questionWrap-12'  class='   watupro-question-id-354001'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>12. <\/span>A company runs an application on Amazon EC2 instances. The company uses a series of AWS CloudFormation stacks to define the application resources. A developer performs updates by building and testing the application on a laptop and then uploading the build output and CloudFormation stack templates to Amazon S3. The developer's peers review the changes before the developer performs the CloudFormation stack update and installs a new version of the application onto the EC2 instances. <br \/>\r<br>The deployment process is prone to errors and is time-consuming when the developer updates each EC2 instance with the new application. The company wants to automate as much of the application deployment process as possible while retaining a final manual approval step before the modification of the application or resources. <br \/>\r<br>The company already has moved the source code for the application and the CloudFormation templates to AWS CodeCommit. The company also has created an AWS CodeBuild project to build and test the application. <br \/>\r<br>Which combination of steps will meet the company\u2019s requirements? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_12' value='354001' \/><input type='hidden' id='answerType354001' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354001[]' id='answer-id-1382163' class='answer   answerof-354001 ' value='1382163'   \/><label for='answer-id-1382163' id='answer-label-1382163' class=' answer'><span>Create an application group and a deployment group in AWS CodeDeploy. Install the CodeDeploy agent on the EC2 instances.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354001[]' id='answer-id-1382164' class='answer   answerof-354001 ' value='1382164'   \/><label for='answer-id-1382164' id='answer-label-1382164' class=' answer'><span>Create an application revision and a deployment group in AWS CodeDeploy. Create an environment in CodeDeploy. Register the EC2 instances to the CodeDeploy environment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354001[]' id='answer-id-1382165' class='answer   answerof-354001 ' value='1382165'   \/><label for='answer-id-1382165' id='answer-label-1382165' class=' answer'><span>Use AWS CodePipeline to invoke the CodeBuild job, run the CloudFormation update, and pause for a manual approval step. After approval, start the AWS CodeDeploy deployment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354001[]' id='answer-id-1382166' class='answer   answerof-354001 ' value='1382166'   \/><label for='answer-id-1382166' id='answer-label-1382166' class=' answer'><span>Use AWS CodePipeline to invoke the CodeBuild job, create CloudFormation change sets for each of the application stacks, and pause for a manual approval step. After approval, run the CloudFormation change sets and start the AWS CodeDeploy deployment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354001[]' id='answer-id-1382167' class='answer   answerof-354001 ' value='1382167'   \/><label for='answer-id-1382167' id='answer-label-1382167' class=' answer'><span>Use AWS CodePipeline to invoke the CodeBuild job, create CloudFormation change sets for each of the application stacks, and pause for a manual approval step. After approval, start the AWS CodeDeploy deployment.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-13' style=';'><div id='questionWrap-13'  class='   watupro-question-id-354002'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>13. <\/span>A company is implementing an Amazon Elastic Container Service (Amazon ECS) cluster to run its workload. The company architecture will run multiple ECS services on the cluster. The architecture includes an Application Load Balancer on the front end and uses multiple target groups to route traffic. <br \/>\r<br>A DevOps engineer must collect application and access logs. The DevOps engineer then needs to send the logs to an Amazon S3 bucket for near-real-time analysis. <br \/>\r<br>Which combination of steps must the DevOps engineer take to meet these requirements? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_13' value='354002' \/><input type='hidden' id='answerType354002' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354002[]' id='answer-id-1382168' class='answer   answerof-354002 ' value='1382168'   \/><label for='answer-id-1382168' id='answer-label-1382168' class=' answer'><span>Download the Amazon CloudWatch Logs container instance from AW<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354002[]' id='answer-id-1382169' class='answer   answerof-354002 ' value='1382169'   \/><label for='answer-id-1382169' id='answer-label-1382169' class=' answer'><span>Configure this instance as a task. Update the application service definitions to include the logging task.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354002[]' id='answer-id-1382170' class='answer   answerof-354002 ' value='1382170'   \/><label for='answer-id-1382170' id='answer-label-1382170' class=' answer'><span>Install the Amazon CloudWatch Logs agent on the ECS instances. Change the logging driver in the ECS task definition to awslogs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354002[]' id='answer-id-1382171' class='answer   answerof-354002 ' value='1382171'   \/><label for='answer-id-1382171' id='answer-label-1382171' class=' answer'><span>Use Amazon EventBridge to schedule an AWS Lambda function that will run every 60 seconds and will run the Amazon CloudWatch Logs create-export-task command. Then point the output to the logging S3 bucket.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354002[]' id='answer-id-1382172' class='answer   answerof-354002 ' value='1382172'   \/><label for='answer-id-1382172' id='answer-label-1382172' class=' answer'><span>Activate access logging on the AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354002[]' id='answer-id-1382173' class='answer   answerof-354002 ' value='1382173'   \/><label for='answer-id-1382173' id='answer-label-1382173' class=' answer'><span>Then point the ALB directly to the logging S3 bucket.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354002[]' id='answer-id-1382174' class='answer   answerof-354002 ' value='1382174'   \/><label for='answer-id-1382174' id='answer-label-1382174' class=' answer'><span>Activate access logging on the target groups that the ECS services use. Then send the logs directly to the logging S3 bucket.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354002[]' id='answer-id-1382175' class='answer   answerof-354002 ' value='1382175'   \/><label for='answer-id-1382175' id='answer-label-1382175' class=' answer'><span>Create an Amazon Kinesis Data Firehose delivery stream that has a destination of the logging S3 bucket. Then create an Amazon CloudWatch Logs subscription filter for Kinesis Data Firehose.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-14' style=';'><div id='questionWrap-14'  class='   watupro-question-id-354003'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>14. <\/span>A company has an on-premises application that is written in Go. A DevOps engineer must move the application to AWS. The company's development team wants to enable blue\/green deployments and perform A\/B testing. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_14' value='354003' \/><input type='hidden' id='answerType354003' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354003[]' id='answer-id-1382176' class='answer   answerof-354003 ' value='1382176'   \/><label for='answer-id-1382176' id='answer-label-1382176' class=' answer'><span>Deploy the application on an Amazon EC2 instance, and create an AMI of the instance. Use the AMI to create an automatic scaling launch configuration that is used in an Auto Scaling group. Use Elastic Load Balancing to distribute traffic. When changes are made to the application, a new AMI will be created, which will initiate an EC2 instance refresh.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354003[]' id='answer-id-1382177' class='answer   answerof-354003 ' value='1382177'   \/><label for='answer-id-1382177' id='answer-label-1382177' class=' answer'><span>Use Amazon Lightsail to deploy the application. Store the application in a zipped format in an Amazon S3 bucket. Use this zipped version to deploy new versions of the application to Lightsail. Use Lightsail deployment options to manage the deployment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354003[]' id='answer-id-1382178' class='answer   answerof-354003 ' value='1382178'   \/><label for='answer-id-1382178' id='answer-label-1382178' class=' answer'><span>Use AWS CodeArtifact to store the application code. Use AWS CodeDeploy to deploy the application to a fleet of Amazon EC2 instances. Use Elastic Load Balancing to distribute the traffic to the EC2 instances. When making changes to the application, upload a new version to CodeArtifact and create a new CodeDeploy deployment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354003[]' id='answer-id-1382179' class='answer   answerof-354003 ' value='1382179'   \/><label for='answer-id-1382179' id='answer-label-1382179' class=' answer'><span>Use AWS Elastic Beanstalk to host the application. Store a zipped version of the application in Amazon S3. Use that location to deploy new versions of the application. Use Elastic Beanstalk to manage the deployment options.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-15' style=';'><div id='questionWrap-15'  class='   watupro-question-id-354004'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>15. <\/span>A company runs an application on one Amazon EC2 instance. Application metadata is stored in Amazon S3 and must be retrieved if the instance is restarted. The instance must restart or relaunch automatically if the instance becomes unresponsive. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_15' value='354004' \/><input type='hidden' id='answerType354004' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354004[]' id='answer-id-1382180' class='answer   answerof-354004 ' value='1382180'   \/><label for='answer-id-1382180' id='answer-label-1382180' class=' answer'><span>Create an Amazon CloudWatch alarm for the StatusCheckFailed metric. Use the recover action to stop and start the instance. Use an S3 event notification to push the metadata to the instance when the instance is back up and running.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354004[]' id='answer-id-1382181' class='answer   answerof-354004 ' value='1382181'   \/><label for='answer-id-1382181' id='answer-label-1382181' class=' answer'><span>Configure AWS OpsWorks, and use the auto healing feature to stop and start the instance. Use a lifecycle event in OpsWorks to pull the metadata from Amazon S3 and update it on the instance.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354004[]' id='answer-id-1382182' class='answer   answerof-354004 ' value='1382182'   \/><label for='answer-id-1382182' id='answer-label-1382182' class=' answer'><span>Use EC2 Auto Recovery to automatically stop and start the instance in case of a failure. Use an S3 event notification to push the metadata to the instance when the instance is back up and running.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354004[]' id='answer-id-1382183' class='answer   answerof-354004 ' value='1382183'   \/><label for='answer-id-1382183' id='answer-label-1382183' class=' answer'><span>Use AWS CloudFormation to create an EC2 instance that includes the UserData property for the EC2 resource. Add a command in UserData to retrieve the application metadata from Amazon S3.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-16' style=';'><div id='questionWrap-16'  class='   watupro-question-id-354005'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>16. <\/span>An ecommerce company has chosen AWS to host its new platform. The company's DevOps team has started building an AWS Control Tower landing zone. The DevOps team has set the identity store within AWS IAM Identity Center (AWS Single Sign-On) to external identity provider (IdP) and has configured SAML 2.0. <br \/>\r<br>The DevOps team wants a robust permission model that applies the principle of least privilege. The model must allow the team to build and manage only the team's own resources. <br \/>\r<br>Which combination of steps will meet these requirements? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_16' value='354005' \/><input type='hidden' id='answerType354005' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354005[]' id='answer-id-1382184' class='answer   answerof-354005 ' value='1382184'   \/><label for='answer-id-1382184' id='answer-label-1382184' class=' answer'><span>Create IAM policies that include the required permissions. Include the aws:PrincipalTag condition key.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354005[]' id='answer-id-1382185' class='answer   answerof-354005 ' value='1382185'   \/><label for='answer-id-1382185' id='answer-label-1382185' class=' answer'><span>Create permission sets. Attach an inline policy that includes the required permissions and uses the aws:PrincipalTag condition key to scope the permissions.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354005[]' id='answer-id-1382186' class='answer   answerof-354005 ' value='1382186'   \/><label for='answer-id-1382186' id='answer-label-1382186' class=' answer'><span>Create a group in the Id<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354005[]' id='answer-id-1382187' class='answer   answerof-354005 ' value='1382187'   \/><label for='answer-id-1382187' id='answer-label-1382187' class=' answer'><span>Place users in the group. Assign the group to accounts and the permission sets in IAM Identity Center.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354005[]' id='answer-id-1382188' class='answer   answerof-354005 ' value='1382188'   \/><label for='answer-id-1382188' id='answer-label-1382188' class=' answer'><span>Create a group in the Id<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354005[]' id='answer-id-1382189' class='answer   answerof-354005 ' value='1382189'   \/><label for='answer-id-1382189' id='answer-label-1382189' class=' answer'><span>Place users in the group. Assign the group to OUs and IAM policies.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354005[]' id='answer-id-1382190' class='answer   answerof-354005 ' value='1382190'   \/><label for='answer-id-1382190' id='answer-label-1382190' class=' answer'><span>Enable attributes for access control in IAM Identity Center. Apply tags to users. Map the tags as key-value pairs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354005[]' id='answer-id-1382191' class='answer   answerof-354005 ' value='1382191'   \/><label for='answer-id-1382191' id='answer-label-1382191' class=' answer'><span>Enable attributes for access control in IAM Identity Center. Map attributes from the IdP as key-value pairs.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-17' style=';'><div id='questionWrap-17'  class='   watupro-question-id-354006'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>17. <\/span>A DevOps engineer at a company is supporting an AWS environment in which all users use AWS IAM Identity Center (AWS Single Sign-On). The company wants to immediately disable credentials of any new IAM user and wants the security team to receive a notification. <br \/>\r<br>Which combination of steps should the DevOps engineer take to meet these requirements? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_17' value='354006' \/><input type='hidden' id='answerType354006' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354006[]' id='answer-id-1382192' class='answer   answerof-354006 ' value='1382192'   \/><label for='answer-id-1382192' id='answer-label-1382192' class=' answer'><span>Create an Amazon EventBridge rule that reacts to an IAM CreateUser API call in AWS CloudTrail.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354006[]' id='answer-id-1382193' class='answer   answerof-354006 ' value='1382193'   \/><label for='answer-id-1382193' id='answer-label-1382193' class=' answer'><span>Create an Amazon EventBridge rule that reacts to an IAM GetLoginProfile API call in AWS CloudTrail.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354006[]' id='answer-id-1382194' class='answer   answerof-354006 ' value='1382194'   \/><label for='answer-id-1382194' id='answer-label-1382194' class=' answer'><span>Create an AWS Lambda function that is a target of the EventBridge rule. Configure the Lambda function to disable any access keys and delete the login profiles that are associated with the IAM user.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354006[]' id='answer-id-1382195' class='answer   answerof-354006 ' value='1382195'   \/><label for='answer-id-1382195' id='answer-label-1382195' class=' answer'><span>Create an AWS Lambda function that is a target of the EventBridge rule. Configure the Lambda function to delete the login profiles that are associated with the IAM user.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354006[]' id='answer-id-1382196' class='answer   answerof-354006 ' value='1382196'   \/><label for='answer-id-1382196' id='answer-label-1382196' class=' answer'><span>Create an Amazon Simple Notification Service (Amazon SNS) topic that is a target of the EventBridge rule. Subscribe the security team's group email address to the topic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354006[]' id='answer-id-1382197' class='answer   answerof-354006 ' value='1382197'   \/><label for='answer-id-1382197' id='answer-label-1382197' class=' answer'><span>Create an Amazon Simple Queue Service (Amazon SQS) queue that is a target of the Lambda function. Subscribe the security team's group email address to the queue.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-18' style=';'><div id='questionWrap-18'  class='   watupro-question-id-354007'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>18. <\/span>A company's developers use Amazon EC2 instances as remote workstations. The company is concerned that users can create or modify EC2 security groups to allow unrestricted inbound access. <br \/>\r<br>A DevOps engineer needs to develop a solution to detect when users create unrestricted security group rules. The solution must detect changes to security group rules in near real time, remove unrestricted rules, and send email notifications to the security team. The DevOps engineer has created an AWS Lambda function that checks for security group ID from input, removes rules that grant unrestricted access, and sends notifications through Amazon Simple Notification Service (Amazon SNS). <br \/>\r<br>What should the DevOps engineer do next to meet the requirements?<\/div><input type='hidden' name='question_id[]' id='qID_18' value='354007' \/><input type='hidden' id='answerType354007' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354007[]' id='answer-id-1382198' class='answer   answerof-354007 ' value='1382198'   \/><label for='answer-id-1382198' id='answer-label-1382198' class=' answer'><span>Configure the Lambda function to be invoked by the SNS topic. Create an AWS CloudTrail subscription for the SNS topic. Configure a subscription filter for security group modification events.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354007[]' id='answer-id-1382199' class='answer   answerof-354007 ' value='1382199'   \/><label for='answer-id-1382199' id='answer-label-1382199' class=' answer'><span>Create an Amazon EventBridge scheduled rule to invoke the Lambda function. Define a schedule pattern that runs the Lambda function every hour.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354007[]' id='answer-id-1382200' class='answer   answerof-354007 ' value='1382200'   \/><label for='answer-id-1382200' id='answer-label-1382200' class=' answer'><span>Create an Amazon EventBridge event rule that has the default event bus as the source. Define the rule\u2019s event pattern to match EC2 security group creation and modification events. Configure the rule to invoke the Lambda function.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354007[]' id='answer-id-1382201' class='answer   answerof-354007 ' value='1382201'   \/><label for='answer-id-1382201' id='answer-label-1382201' class=' answer'><span>Create an Amazon EventBridge custom event bus that subscribes to events from all AWS services. Configure the Lambda function to be invoked by the custom event bus.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-19' style=';'><div id='questionWrap-19'  class='   watupro-question-id-354008'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>19. <\/span>A company is hosting a web application in an AWS Region. For disaster recovery purposes, a second region is being used as a standby. Disaster recovery requirements state that session data must be replicated between regions in near-real time and 1% of requests should route to the secondary region to continuously verify system functionality. Additionally, if there is a disruption in service in the main region, traffic should be automatically routed to the secondary region, and the secondary region must be able to scale up to handle all traffic. <br \/>\r<br>How should a DevOps engineer meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_19' value='354008' \/><input type='hidden' id='answerType354008' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354008[]' id='answer-id-1382202' class='answer   answerof-354008 ' value='1382202'   \/><label for='answer-id-1382202' id='answer-label-1382202' class=' answer'><span>In both regions, deploy the application on AWS Elastic Beanstalk and use Amazon DynamoDB global tables for session data. Use an Amazon Route 53 weighted routing policy with health checks to distribute the traffic across the regions.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354008[]' id='answer-id-1382203' class='answer   answerof-354008 ' value='1382203'   \/><label for='answer-id-1382203' id='answer-label-1382203' class=' answer'><span>In both regions, launch the application in Auto Scaling groups and use DynamoDB for session data. Use a Route 53 failover routing policy with health checks to distribute the traffic across the regions.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354008[]' id='answer-id-1382204' class='answer   answerof-354008 ' value='1382204'   \/><label for='answer-id-1382204' id='answer-label-1382204' class=' answer'><span>In both regions, deploy the application in AWS Lambda, exposed by Amazon API Gateway, and use Amazon RDS for PostgreSQL with cross-region replication for session data. Deploy the web application with client-side logic to call the API Gateway directly.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354008[]' id='answer-id-1382205' class='answer   answerof-354008 ' value='1382205'   \/><label for='answer-id-1382205' id='answer-label-1382205' class=' answer'><span>In both regions, launch the application in Auto Scaling groups and use DynamoDB global tables for session data. Enable an Amazon CloudFront weighted distribution across regions. Point the Amazon Route 53 DNS record at the CloudFront distribution.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-20' style=';'><div id='questionWrap-20'  class='   watupro-question-id-354009'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>20. <\/span>A company must encrypt all AMIs that the company shares across accounts. A DevOps engineer has access to a source account where an unencrypted custom AMI has been built. The DevOps engineer also has access to a target account where an Amazon EC2 Auto Scaling group will launch EC2 instances from the AMI. The DevOps engineer must share the AMI with the target account. <br \/>\r<br>The company has created an AWS Key Management Service (AWS KMS) key in the source account. <br \/>\r<br>Which additional steps should the DevOps engineer perform to meet the requirements? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_20' value='354009' \/><input type='hidden' id='answerType354009' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354009[]' id='answer-id-1382206' class='answer   answerof-354009 ' value='1382206'   \/><label for='answer-id-1382206' id='answer-label-1382206' class=' answer'><span>In the source account, copy the unencrypted AMI to an encrypted AM<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354009[]' id='answer-id-1382207' class='answer   answerof-354009 ' value='1382207'   \/><label for='answer-id-1382207' id='answer-label-1382207' class=' answer'><span>Specify the KMS key in the copy action.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354009[]' id='answer-id-1382208' class='answer   answerof-354009 ' value='1382208'   \/><label for='answer-id-1382208' id='answer-label-1382208' class=' answer'><span>In the source account, copy the unencrypted AMI to an encrypted AM<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354009[]' id='answer-id-1382209' class='answer   answerof-354009 ' value='1382209'   \/><label for='answer-id-1382209' id='answer-label-1382209' class=' answer'><span>Specify the default Amazon Elastic Block Store (Amazon EBS) encryption key in the copy action.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354009[]' id='answer-id-1382210' class='answer   answerof-354009 ' value='1382210'   \/><label for='answer-id-1382210' id='answer-label-1382210' class=' answer'><span>In the source account, create a KMS grant that delegates permissions to the Auto Scaling group service-linked role in the target account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354009[]' id='answer-id-1382211' class='answer   answerof-354009 ' value='1382211'   \/><label for='answer-id-1382211' id='answer-label-1382211' class=' answer'><span>In the source account, modify the key policy to give the target account permissions to create a grant. In the target account, create a KMS grant that delegates permissions to the Auto Scaling group service-linked role.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354009[]' id='answer-id-1382212' class='answer   answerof-354009 ' value='1382212'   \/><label for='answer-id-1382212' id='answer-label-1382212' class=' answer'><span>In the source account, share the unencrypted AMI with the target account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354009[]' id='answer-id-1382213' class='answer   answerof-354009 ' value='1382213'   \/><label for='answer-id-1382213' id='answer-label-1382213' class=' answer'><span>In the source account, share the encrypted AMI with the target account.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-21' style=';'><div id='questionWrap-21'  class='   watupro-question-id-354010'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>21. <\/span>A DevOps engineer needs to back up sensitive Amazon S3 objects that are stored within an S3 bucket with a private bucket policy using S3 cross-Region replication functionality. The objects need to be copied to a target bucket in a different AWS Region and account. <br \/>\r<br>Which combination of actions should be performed to enable this replication? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_21' value='354010' \/><input type='hidden' id='answerType354010' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354010[]' id='answer-id-1382214' class='answer   answerof-354010 ' value='1382214'   \/><label for='answer-id-1382214' id='answer-label-1382214' class=' answer'><span>Create a replication IAM role in the source account<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354010[]' id='answer-id-1382215' class='answer   answerof-354010 ' value='1382215'   \/><label for='answer-id-1382215' id='answer-label-1382215' class=' answer'><span>Create a replication I AM role in the target account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354010[]' id='answer-id-1382216' class='answer   answerof-354010 ' value='1382216'   \/><label for='answer-id-1382216' id='answer-label-1382216' class=' answer'><span>Add statements to the source bucket policy allowing the replication IAM role to replicate objects.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354010[]' id='answer-id-1382217' class='answer   answerof-354010 ' value='1382217'   \/><label for='answer-id-1382217' id='answer-label-1382217' class=' answer'><span>Add statements to the target bucket policy allowing the replication IAM role to replicate objects.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354010[]' id='answer-id-1382218' class='answer   answerof-354010 ' value='1382218'   \/><label for='answer-id-1382218' id='answer-label-1382218' class=' answer'><span>Create a replication rule in the source bucket to enable the replication.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354010[]' id='answer-id-1382219' class='answer   answerof-354010 ' value='1382219'   \/><label for='answer-id-1382219' id='answer-label-1382219' class=' answer'><span>Create a replication rule in the target bucket to enable the replication.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-22' style=';'><div id='questionWrap-22'  class='   watupro-question-id-354011'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>22. <\/span>A developer is maintaining a fleet of 50 Amazon EC2 Linux servers. The servers are part of an Amazon EC2 Auto Scaling group, and also use Elastic Load Balancing for load balancing. <br \/>\r<br>Occasionally, some application servers are being terminated after failing ELB HTTP health checks. The developer would like to perform a root cause analysis on the issue, but before being able to access application logs, the server is terminated. <br \/>\r<br>How can log collection be automated?<\/div><input type='hidden' name='question_id[]' id='qID_22' value='354011' \/><input type='hidden' id='answerType354011' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354011[]' id='answer-id-1382220' class='answer   answerof-354011 ' value='1382220'   \/><label for='answer-id-1382220' id='answer-label-1382220' class=' answer'><span>Use Auto Scaling lifecycle hooks to put instances in a Pending:Wait state. Create an Amazon CloudWatch alarm for EC2 Instance Terminate Successful and trigger an AWS Lambda function that invokes an SSM Run Command script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354011[]' id='answer-id-1382221' class='answer   answerof-354011 ' value='1382221'   \/><label for='answer-id-1382221' id='answer-label-1382221' class=' answer'><span>Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an AWS Config rule for EC2 Instance-terminate Lifecycle Action and trigger a step function that invokes a script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354011[]' id='answer-id-1382222' class='answer   answerof-354011 ' value='1382222'   \/><label for='answer-id-1382222' id='answer-label-1382222' class=' answer'><span>Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an Amazon CloudWatch subscription filter for EC2 Instance Terminate Successful and trigger a CloudWatch agent that invokes a script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354011[]' id='answer-id-1382223' class='answer   answerof-354011 ' value='1382223'   \/><label for='answer-id-1382223' id='answer-label-1382223' class=' answer'><span>Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an Amazon EventBridge rule for EC2 Instance-terminate Lifecycle Action and trigger an AWS Lambda function that invokes an SSM Run Command script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-23' style=';'><div id='questionWrap-23'  class='   watupro-question-id-354012'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>23. <\/span>A company has multiple accounts in an organization in AWS Organizations. The company's SecOps team needs to receive an Amazon Simple Notification Service (Amazon SNS) notification if any account in the organization turns off the Block Public Access feature on an Amazon S3 bucket. A DevOps engineer must implement this change without affecting the operation of any AWS accounts. The implementation must ensure that individual member accounts in the organization cannot turn off the notification. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_23' value='354012' \/><input type='hidden' id='answerType354012' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354012[]' id='answer-id-1382224' class='answer   answerof-354012 ' value='1382224'   \/><label for='answer-id-1382224' id='answer-label-1382224' class=' answer'><span>Designate an account to be the delegated Amazon GuardDuty administrator account. Turn on GuardDuty for all accounts across the organization. In the GuardDuty administrator account, create an SNS topic. Subscribe the SecOps team's email address to the SNS topic. In the same account, create an Amazon EventBridge rule that uses an event pattern for GuardDuty findings and a target of the SNS topic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354012[]' id='answer-id-1382225' class='answer   answerof-354012 ' value='1382225'   \/><label for='answer-id-1382225' id='answer-label-1382225' class=' answer'><span>Create an AWS CloudFormation template that creates an SNS topic and subscribes the SecOps team\u2019s email address to the SNS topic. In the template, include an Amazon EventBridge rule that uses an event pattern of CloudTrail activity for s3:PutBucketPublicAccessBlock and a target of the SNS topic. Deploy the stack to every account in the organization by using CloudFormation StackSets.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354012[]' id='answer-id-1382226' class='answer   answerof-354012 ' value='1382226'   \/><label for='answer-id-1382226' id='answer-label-1382226' class=' answer'><span>Turn on AWS Config across the organization. In the delegated administrator account, create an SNS topic. Subscribe the SecOps team's email address to the SNS topic. Deploy a conformance pack that uses the s3-bucket-level-public-access-prohibited AWS Config managed rule in each account and uses an AWS Systems Manager document to publish an event to the SNS topic to notify the SecOps team.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354012[]' id='answer-id-1382227' class='answer   answerof-354012 ' value='1382227'   \/><label for='answer-id-1382227' id='answer-label-1382227' class=' answer'><span>Turn on Amazon Inspector across the organization. In the Amazon Inspector delegated administrator account, create an SNS topic. Subscribe the SecOps team\u2019semail address to the SNS topic. In the same account, create an Amazon EventBridge rule that uses an event pattern for public network exposure of the S3 bucket and publishes an event to the SNS topic to notify the SecOps team.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-24' style=';'><div id='questionWrap-24'  class='   watupro-question-id-354013'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>24. <\/span>A development team is using AWS CodeCommit to version control application code and AWS CodePipeline to orchestrate software deployments. The team has decided to use a remote main branch as the trigger for the pipeline to integrate code changes. A developer has pushed code changes to the CodeCommit repository, but noticed that the pipeline had no reaction, even after 10 minutes. <br \/>\r<br>Which of the following actions should be taken to troubleshoot this issue?<\/div><input type='hidden' name='question_id[]' id='qID_24' value='354013' \/><input type='hidden' id='answerType354013' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354013[]' id='answer-id-1382228' class='answer   answerof-354013 ' value='1382228'   \/><label for='answer-id-1382228' id='answer-label-1382228' class=' answer'><span>Check that an Amazon EventBridge rule has been created for the main branch to trigger the pipeline.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354013[]' id='answer-id-1382229' class='answer   answerof-354013 ' value='1382229'   \/><label for='answer-id-1382229' id='answer-label-1382229' class=' answer'><span>Check that the CodePipeline service role has permission to access the CodeCommit repository.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354013[]' id='answer-id-1382230' class='answer   answerof-354013 ' value='1382230'   \/><label for='answer-id-1382230' id='answer-label-1382230' class=' answer'><span>Check that the developer\u2019s IAM role has permission to push to the CodeCommit repository.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354013[]' id='answer-id-1382231' class='answer   answerof-354013 ' value='1382231'   \/><label for='answer-id-1382231' id='answer-label-1382231' class=' answer'><span>Check to see if the pipeline failed to start because of CodeCommit errors in Amazon CloudWatch Logs.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-25' style=';'><div id='questionWrap-25'  class='   watupro-question-id-354014'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>25. <\/span>A company has an application that runs on Amazon EC2 instances that are in an Auto Scaling group. When the application starts up. the application needs to process data from an Amazon S3 bucket before the application can start to serve requests. <br \/>\r<br>The size of the data that is stored in the S3 bucket is growing. When the Auto Scaling group adds new instances, the application now takes several minutes to download and process the data before the application can serve requests. The company must reduce the time that elapses before new EC2 instances are ready to serve requests. <br \/>\r<br>Which solution is the MOST cost-effective way to reduce the application startup time?<\/div><input type='hidden' name='question_id[]' id='qID_25' value='354014' \/><input type='hidden' id='answerType354014' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354014[]' id='answer-id-1382232' class='answer   answerof-354014 ' value='1382232'   \/><label for='answer-id-1382232' id='answer-label-1382232' class=' answer'><span>Configure a warm pool for the Auto Scaling group with warmed EC2 instances in the Stopped state. Configure an autoscaling:EC2_INSTANCE_LAUNCHING lifecycle hook on the Auto Scaling group. Modify the application to complete the lifecycle hook when the application is ready to serve requests.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354014[]' id='answer-id-1382233' class='answer   answerof-354014 ' value='1382233'   \/><label for='answer-id-1382233' id='answer-label-1382233' class=' answer'><span>Increase the maximum instance count of the Auto Scaling group. Configure an autoscaling:EC2_INSTANCE_LAUNCHING lifecycle hook on the Auto Scaling group. Modify the application to complete the lifecycle hook when the application is ready to serve requests.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354014[]' id='answer-id-1382234' class='answer   answerof-354014 ' value='1382234'   \/><label for='answer-id-1382234' id='answer-label-1382234' class=' answer'><span>Configure a warm pool for the Auto Scaling group with warmed EC2 instances in the Running state. Configure an autoscaling:EC2_INSTANCE_LAUNCHING lifecycle hook on the Auto Scaling group. Modify the application to complete the lifecycle hook when the application is ready to serve requests.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354014[]' id='answer-id-1382235' class='answer   answerof-354014 ' value='1382235'   \/><label for='answer-id-1382235' id='answer-label-1382235' class=' answer'><span>Increase the maximum instance count of the Auto Scaling group. Configure an autoscaling:EC2_INSTANCE_LAUNCHING lifecycle hook on the Auto Scaling group. Modify the application to complete the lifecycle hook and to place the new instance in the Standby state when the application is ready to serve requests.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-26' style=';'><div id='questionWrap-26'  class='   watupro-question-id-354015'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>26. <\/span>A company hosts its staging website using an Amazon EC2 instance backed with Amazon EBS storage. The company wants to recover quickly with minimal data losses in the event of network connectivity issues or power failures on the EC2 instance. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_26' value='354015' \/><input type='hidden' id='answerType354015' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354015[]' id='answer-id-1382236' class='answer   answerof-354015 ' value='1382236'   \/><label for='answer-id-1382236' id='answer-label-1382236' class=' answer'><span>Add the instance to an EC2 Auto Scaling group with the minimum, maximum, and desired capacity set to 1.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354015[]' id='answer-id-1382237' class='answer   answerof-354015 ' value='1382237'   \/><label for='answer-id-1382237' id='answer-label-1382237' class=' answer'><span>Add the instance to an EC2 Auto Scaling group with a lifecycle hook to detach the EBS volume when the EC2 instance shuts down or terminates.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354015[]' id='answer-id-1382238' class='answer   answerof-354015 ' value='1382238'   \/><label for='answer-id-1382238' id='answer-label-1382238' class=' answer'><span>Create an Amazon CloudWatch alarm for the StatusCheckFailed System metric and select the EC2 action to recover the instance.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354015[]' id='answer-id-1382239' class='answer   answerof-354015 ' value='1382239'   \/><label for='answer-id-1382239' id='answer-label-1382239' class=' answer'><span>Create an Amazon CloudWatch alarm for the StatusCheckFailed Instance metric and select the EC2 action to reboot the instance.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-27' style=';'><div id='questionWrap-27'  class='   watupro-question-id-354016'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>27. <\/span>A development team wants to use AWS CloudFormation stacks to deploy an application. However, the developer IAM role does not have the required permissions to provision the resources that are specified in the AWS CloudFormation template. A DevOps engineer needs to implement a solution that allows the developers to deploy the stacks. The solution must follow the principle of least privilege. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_27' value='354016' \/><input type='hidden' id='answerType354016' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354016[]' id='answer-id-1382240' class='answer   answerof-354016 ' value='1382240'   \/><label for='answer-id-1382240' id='answer-label-1382240' class=' answer'><span>Create an IAM policy that allows the developers to provision the required resources. Attach the policy to the developer IAM role.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354016[]' id='answer-id-1382241' class='answer   answerof-354016 ' value='1382241'   \/><label for='answer-id-1382241' id='answer-label-1382241' class=' answer'><span>Create an IAM policy that allows full access to AWS CloudFormation. Attach the policy to the developer IAM role.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354016[]' id='answer-id-1382242' class='answer   answerof-354016 ' value='1382242'   \/><label for='answer-id-1382242' id='answer-label-1382242' class=' answer'><span>Create an AWS CloudFormation service role that has the required permissions. Grant the developer IAM role a cloudformation:* action. Use the new service role during stack deployments.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354016[]' id='answer-id-1382243' class='answer   answerof-354016 ' value='1382243'   \/><label for='answer-id-1382243' id='answer-label-1382243' class=' answer'><span>Create an AWS CloudFormation service role that has the required permissions. Grant the developer IAM role the iam:PassRole permission. Use the new service role during stack deployments.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-28' style=';'><div id='questionWrap-28'  class='   watupro-question-id-354017'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>28. <\/span>A company that uses electronic health records is running a fleet of Amazon EC2 instances with an Amazon Linux operating system. As part of patient privacy requirements, the company must ensure continuous compliance for patches for operating system and applications running on the EC2 instances. <br \/>\r<br>How can the deployments of the operating system and application patches be automated using a default and custom repository?<\/div><input type='hidden' name='question_id[]' id='qID_28' value='354017' \/><input type='hidden' id='answerType354017' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354017[]' id='answer-id-1382244' class='answer   answerof-354017 ' value='1382244'   \/><label for='answer-id-1382244' id='answer-label-1382244' class=' answer'><span>Use AWS Systems Manager to create a new patch baseline including the custom repository. Run the AWS-RunPatchBaseline document using the run command to verify and install patches.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354017[]' id='answer-id-1382245' class='answer   answerof-354017 ' value='1382245'   \/><label for='answer-id-1382245' id='answer-label-1382245' class=' answer'><span>Use AWS Direct Connect to integrate the corporate repository and deploy the patches using Amazon CloudWatch scheduled events, then use the CloudWatch dashboard to create reports.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354017[]' id='answer-id-1382246' class='answer   answerof-354017 ' value='1382246'   \/><label for='answer-id-1382246' id='answer-label-1382246' class=' answer'><span>Use yum-config-manager to add the custom repository under \/etc\/yum.repos.d and run yum-config-manager-enable to activate the repository.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354017[]' id='answer-id-1382247' class='answer   answerof-354017 ' value='1382247'   \/><label for='answer-id-1382247' id='answer-label-1382247' class=' answer'><span>Use AWS Systems Manager to create a new patch baseline including the corporate repository. Run the AWS-AmazonLinuxDefaultPatchBaseline document using the run command to verify and install patches.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-29' style=';'><div id='questionWrap-29'  class='   watupro-question-id-354018'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>29. <\/span>A company has enabled all features for its organization in AWS Organizations. The organization contains 10 AWS accounts. The company has turned on AWS CloudTrail in all the accounts. The company expects the number of AWS accounts in the organization to increase to 500 during the next year. The company plans to use multiple OUs for these accounts. <br \/>\r<br>The company has enabled AWS Config in each existing AWS account in the organization. A DevOps engineer must implement a solution that enables AWS Config automatically for all future AWS accounts that are created in the organization. <br \/>\r<br>Which solution will meet this requirement?<\/div><input type='hidden' name='question_id[]' id='qID_29' value='354018' \/><input type='hidden' id='answerType354018' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354018[]' id='answer-id-1382248' class='answer   answerof-354018 ' value='1382248'   \/><label for='answer-id-1382248' id='answer-label-1382248' class=' answer'><span>In the organization's management account, create an Amazon EventBridge rule that reacts to a CreateAccount API call. Configure the rule to invoke an AWS Lambda function that enables trusted access to AWS Config for the organization.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354018[]' id='answer-id-1382249' class='answer   answerof-354018 ' value='1382249'   \/><label for='answer-id-1382249' id='answer-label-1382249' class=' answer'><span>In the organization's management account, create an AWS CloudFormation stack set to enable AWS Config. Configure the stack set to deploy automatically when an account is created through Organizations.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354018[]' id='answer-id-1382250' class='answer   answerof-354018 ' value='1382250'   \/><label for='answer-id-1382250' id='answer-label-1382250' class=' answer'><span>In the organization's management account, create an SCP that allows the appropriate AWS Config API calls to enable AWS Config. Apply the SCP to the root-level O<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354018[]' id='answer-id-1382251' class='answer   answerof-354018 ' value='1382251'   \/><label for='answer-id-1382251' id='answer-label-1382251' class=' answer'><span>In the organization's management account, create an Amazon EventBridge rule that reacts to a CreateAccount API call. Configure the rule to invoke an AWS Systems Manager Automation runbook to enable AWS Config for the account.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-30' style=';'><div id='questionWrap-30'  class='   watupro-question-id-354019'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>30. <\/span>A company has an AWS CodePipeline pipeline that is configured with an Amazon S3 bucket in the eu-west-1 Region. The pipeline deploys an AWS Lambda application to the same Region. The pipeline consists of an AWS CodeBuild project build action and an AWS CloudFormation deploy action. <br \/>\r<br>The CodeBuild project uses the aws cloudformation package AWS CLI command to build an artifact that contains the Lambda function code\u2019s .zip file and the CloudFormation template. The CloudFormation deploy action references the CloudFormation template from the output artifact of the CodeBuild project\u2019s build action. <br \/>\r<br>The company wants to also deploy the Lambda application to the us-east-1 Region by using the pipeline in eu-west-1. A DevOps engineer has already updated the CodeBuild project to use the aws cloudformation package command to produce an additional output artifact for us-east-1. <br \/>\r<br>Which combination of additional steps should the DevOps engineer take to meet these requirements? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_30' value='354019' \/><input type='hidden' id='answerType354019' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354019[]' id='answer-id-1382252' class='answer   answerof-354019 ' value='1382252'   \/><label for='answer-id-1382252' id='answer-label-1382252' class=' answer'><span>Modify the CloudFormation template to include a parameter for the Lambda function code\u2019s zip file location. Create a new CloudFormation deploy action for us-east-1 in the pipeline. Configure the new deploy action to pass in the us-east-1 artifact location as a parameter override.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354019[]' id='answer-id-1382253' class='answer   answerof-354019 ' value='1382253'   \/><label for='answer-id-1382253' id='answer-label-1382253' class=' answer'><span>Create a new CloudFormation deploy action for us-east-1 in the pipeline. Configure the new deploy action to use the CloudFormation template from the us-east-1 output artifact.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354019[]' id='answer-id-1382254' class='answer   answerof-354019 ' value='1382254'   \/><label for='answer-id-1382254' id='answer-label-1382254' class=' answer'><span>Create an S3 bucket in us-east-1. Configure the S3 bucket policy to allow CodePipeline to have read and write access.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354019[]' id='answer-id-1382255' class='answer   answerof-354019 ' value='1382255'   \/><label for='answer-id-1382255' id='answer-label-1382255' class=' answer'><span>Create an S3 bucket in us-east-1. Configure S3 Cross-Region Replication (CRR) from the S3 bucket in eu-west-1 to the S3 bucket in us-east-1.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354019[]' id='answer-id-1382256' class='answer   answerof-354019 ' value='1382256'   \/><label for='answer-id-1382256' id='answer-label-1382256' class=' answer'><span>Modify the pipeline to include the S3 bucket for us-east-1 as an artifact store. Create a new CloudFormation deploy action for us-east-1 in the pipeline. Configure the new deploy action to use the CloudFormation template from the us-east-1 output artifact.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-31' style=';'><div id='questionWrap-31'  class='   watupro-question-id-354020'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>31. <\/span>A company has a single AWS account that runs hundreds of Amazon EC2 instances in a single AWS Region. New EC2 instances are launched and terminated each hour in the account. The account also includes existing EC2 instances that have been running for longer than a week. <br \/>\r<br>The company's security policy requires all running EC2 instances to use an EC2 instance profile. If an EC2 instance does not have an instance profile attached, the EC2 instance must use a default instance profile that has no IAM permissions assigned. <br \/>\r<br>A DevOps engineer reviews the account and discovers EC2 instances that are running without an instance profile. During the review, the DevOps engineer also observes that new EC2 instances are being launched without an instance profile. <br \/>\r<br>Which solution will ensure that an instance profile is attached to all existing and future EC2 instances in the Region?<\/div><input type='hidden' name='question_id[]' id='qID_31' value='354020' \/><input type='hidden' id='answerType354020' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354020[]' id='answer-id-1382257' class='answer   answerof-354020 ' value='1382257'   \/><label for='answer-id-1382257' id='answer-label-1382257' class=' answer'><span>Configure an Amazon EventBridge rule that reacts to EC2 RunInstances API calls. Configure the rule to invoke an AWS Lambda function to attach the default instance profile to the EC2 instances.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354020[]' id='answer-id-1382258' class='answer   answerof-354020 ' value='1382258'   \/><label for='answer-id-1382258' id='answer-label-1382258' class=' answer'><span>Configure the ec2-instance-profile-attached AWS Config managed rule with a trigger type of configuration changes. Configure an automatic remediation action that invokes an AWS Systems Manager Automation runbook to attach the default instance profile to the EC2 instances.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354020[]' id='answer-id-1382259' class='answer   answerof-354020 ' value='1382259'   \/><label for='answer-id-1382259' id='answer-label-1382259' class=' answer'><span>Configure an Amazon EventBridge rule that reacts to EC2 StartInstances API calls. Configure the rule to invoke an AWS Systems Manager Automation runbook to attach the default instance profile to the EC2 instances.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354020[]' id='answer-id-1382260' class='answer   answerof-354020 ' value='1382260'   \/><label for='answer-id-1382260' id='answer-label-1382260' class=' answer'><span>Configure the iam-role-managed-policy-check AWS Config managed rule with a trigger type of configuration changes. Configure an automatic remediation action that invokes an AWS Lambda function to attach the default instance profile to the EC2 instances.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-32' style=';'><div id='questionWrap-32'  class='   watupro-question-id-354021'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>32. <\/span>A DevOps engineer needs to apply a core set of security controls to an existing set of AWS accounts. The accounts are in an organization in AWS Organizations. Individual teams will administer individual accounts by using the AdministratorAccess AWS managed policy. For all accounts. AWS CloudTrail and AWS Config must be turned on in all available AWS Regions. Individual account administrators must not be able to edit or delete any of the baseline resources. However, individual account administrators must be able to edit or delete their own CloudTrail trails and AWS Config rules. <br \/>\r<br>Which solution will meet these requirements in the MOST operationally efficient way?<\/div><input type='hidden' name='question_id[]' id='qID_32' value='354021' \/><input type='hidden' id='answerType354021' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354021[]' id='answer-id-1382261' class='answer   answerof-354021 ' value='1382261'   \/><label for='answer-id-1382261' id='answer-label-1382261' class=' answer'><span>Create an AWS CloudFormation template that defines the standard account resources. \r\nDeploy the template to all accounts from the organization's management account by using \r\nCloudFormation StackSets. Set the stack policy to deny Update:Delete actions.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354021[]' id='answer-id-1382262' class='answer   answerof-354021 ' value='1382262'   \/><label for='answer-id-1382262' id='answer-label-1382262' class=' answer'><span>Enable AWS Control Tower. Enroll the existing accounts in AWS Control Tower. Grant the individual account administrators access to CloudTrail and AWS Config.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354021[]' id='answer-id-1382263' class='answer   answerof-354021 ' value='1382263'   \/><label for='answer-id-1382263' id='answer-label-1382263' class=' answer'><span>Designate an AWS Config management account. Create AWS Config recorders in all accounts by using AWS CloudFormation StackSets. Deploy AWS Config rules to the organization by using the AWS Config management account. Create a CloudTrail organization trail in the organization\u2019s management account. Deny modification or deletion of the AWS Config recorders by using an SC<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354021[]' id='answer-id-1382264' class='answer   answerof-354021 ' value='1382264'   \/><label for='answer-id-1382264' id='answer-label-1382264' class=' answer'><span>Create an AWS CloudFormation template that defines the standard account resources. Deploy the template to all accounts from the organization's management account by using Cloud Formation StackSets Create an SCP that prevents updates or deletions to CloudTrail resources or AWS Config resources unless the principal is an administrator of the organization's management account.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-33' style=';'><div id='questionWrap-33'  class='   watupro-question-id-354022'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>33. <\/span>A company has many applications. Different teams in the company developed the applications by using multiple languages and frameworks. The applications run on premises and on different servers with different operating systems. Each team has its own release protocol and process. The company wants to reduce the complexity of the release and maintenance of these applications. <br \/>\r<br>The company is migrating its technology stacks, including these applications, to AWS. The company wants centralized control of source code, a consistent and automatic delivery pipeline, and as few maintenance tasks as possible on the underlying infrastructure. <br \/>\r<br>What should a DevOps engineer do to meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_33' value='354022' \/><input type='hidden' id='answerType354022' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354022[]' id='answer-id-1382265' class='answer   answerof-354022 ' value='1382265'   \/><label for='answer-id-1382265' id='answer-label-1382265' class=' answer'><span>Create one AWS CodeCommit repository for all applications. Put each application's code in a different branch. Merge the branches, and use AWS CodeBuild to build the applications. Use AWS CodeDeploy to deploy the applications to one centralized application server.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354022[]' id='answer-id-1382266' class='answer   answerof-354022 ' value='1382266'   \/><label for='answer-id-1382266' id='answer-label-1382266' class=' answer'><span>Create one AWS CodeCommit repository for each of the applications. Use AWS CodeBuild to build the applications one at a time. Use AWS CodeDeploy to deploy the applications to one centralized application server.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354022[]' id='answer-id-1382267' class='answer   answerof-354022 ' value='1382267'   \/><label for='answer-id-1382267' id='answer-label-1382267' class=' answer'><span>Create one AWS CodeCommit repository for each of the applications. Use AWS CodeBuild to build the applications one at a time and to create one AMI for each server. Use AWS CloudFormation StackSets to automatically provision and decommission Amazon EC2 fleets by using these AMIs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354022[]' id='answer-id-1382268' class='answer   answerof-354022 ' value='1382268'   \/><label for='answer-id-1382268' id='answer-label-1382268' class=' answer'><span>Create one AWS CodeCommit repository for each of the applications. Use AWS CodeBuild to build one Docker image for each application in Amazon Elastic Container Registry (Amazon ECR). Use AWS CodeDeploy to deploy the applications to Amazon Elastic Container Service (Amazon ECS) on infrastructure that AWS Fargate manages.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-34' style=';'><div id='questionWrap-34'  class='   watupro-question-id-354023'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>34. <\/span>A DevOps team manages an API running on-premises that serves as a backend for an Amazon API Gateway endpoint. Customers have been complaining about high response latencies, which the development team has verified using the API Gateway latency metrics in Amazon CloudWatch. To identify the cause, the team needs to collect relevant data without introducing additional latency. <br \/>\r<br>Which actions should be taken to accomplish this? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_34' value='354023' \/><input type='hidden' id='answerType354023' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354023[]' id='answer-id-1382269' class='answer   answerof-354023 ' value='1382269'   \/><label for='answer-id-1382269' id='answer-label-1382269' class=' answer'><span>Install the CloudWatch agent server side and configure the agent to upload relevant logs to CloudWatch.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354023[]' id='answer-id-1382270' class='answer   answerof-354023 ' value='1382270'   \/><label for='answer-id-1382270' id='answer-label-1382270' class=' answer'><span>Enable AWS X-Ray tracing in API Gateway, modify the application to capture request segments, and upload those segments to X-Ray during each request.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354023[]' id='answer-id-1382271' class='answer   answerof-354023 ' value='1382271'   \/><label for='answer-id-1382271' id='answer-label-1382271' class=' answer'><span>Enable AWS X-Ray tracing in API Gateway, modify the application to capture request segments, and use the X-Ray daemon to upload segments to X-Ray.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354023[]' id='answer-id-1382272' class='answer   answerof-354023 ' value='1382272'   \/><label for='answer-id-1382272' id='answer-label-1382272' class=' answer'><span>Modify the on-premises application to send log information back to API Gateway with each request.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354023[]' id='answer-id-1382273' class='answer   answerof-354023 ' value='1382273'   \/><label for='answer-id-1382273' id='answer-label-1382273' class=' answer'><span>Modify the on-premises application to calculate and upload statistical data relevant to the API service requests to CloudWatch metrics.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-35' style=';'><div id='questionWrap-35'  class='   watupro-question-id-354024'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>35. <\/span>A company has an application that runs on a fleet of Amazon EC2 instances. The application requires frequent restarts. The application logs contain error messages when a restart is required. The application logs are published to a log group in Amazon CloudWatch Logs. <br \/>\r<br>An Amazon CloudWatch alarm notifies an application engineer through an Amazon Simple Notification Service (Amazon SNS) topic when the logs contain a large number of restart-related error messages. The application engineer manually restarts the application on the instances after the application engineer receives a notification from the SNS topic. <br \/>\r<br>A DevOps engineer needs to implement a solution to automate the application restart on the instances without restarting the instances. <br \/>\r<br>Which solution will meet these requirements in the MOST operationally efficient manner?<\/div><input type='hidden' name='question_id[]' id='qID_35' value='354024' \/><input type='hidden' id='answerType354024' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354024[]' id='answer-id-1382274' class='answer   answerof-354024 ' value='1382274'   \/><label for='answer-id-1382274' id='answer-label-1382274' class=' answer'><span>Configure an AWS Systems Manager Automation runbook that runs a script to restart the application on the instances. Configure the SNS topic to invoke the runbook.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354024[]' id='answer-id-1382275' class='answer   answerof-354024 ' value='1382275'   \/><label for='answer-id-1382275' id='answer-label-1382275' class=' answer'><span>Create an AWS Lambda function that restarts the application on the instances. Configure the Lambda function as an event destination of the SNS topic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354024[]' id='answer-id-1382276' class='answer   answerof-354024 ' value='1382276'   \/><label for='answer-id-1382276' id='answer-label-1382276' class=' answer'><span>Configure an AWS Systems Manager Automation runbook that runs a script to restart the application on the instances. Create an AWS Lambda function to invoke the runbook. Configure the Lambda function as an event destination of the SNS topic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354024[]' id='answer-id-1382277' class='answer   answerof-354024 ' value='1382277'   \/><label for='answer-id-1382277' id='answer-label-1382277' class=' answer'><span>Configure an AWS Systems Manager Automation runbook that runs a script to restart the application on the instances. Configure an Amazon EventBridge rule that reacts when the CloudWatch alarm enters ALARM state. Specify the runbook as a target of the rule.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-36' style=';'><div id='questionWrap-36'  class='   watupro-question-id-354025'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>36. <\/span>A company uses AWS Organizations and AWS Control Tower to manage all the company's AWS accounts. The company uses the Enterprise Support plan. <br \/>\r<br>A DevOps engineer is using Account Factory for Terraform (AFT) to provision new accounts. When new accounts are provisioned, the DevOps engineer notices that the support plan for the new accounts is set to the Basic Support plan. The DevOps engineer needs to implement a solution to provision the new accounts with the Enterprise Support plan. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_36' value='354025' \/><input type='hidden' id='answerType354025' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354025[]' id='answer-id-1382278' class='answer   answerof-354025 ' value='1382278'   \/><label for='answer-id-1382278' id='answer-label-1382278' class=' answer'><span>Use an AWS Config conformance pack to deploy the account-part-of-organizations AWS Config rule and to automatically remediate any noncompliant accounts.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354025[]' id='answer-id-1382279' class='answer   answerof-354025 ' value='1382279'   \/><label for='answer-id-1382279' id='answer-label-1382279' class=' answer'><span>Create an AWS Lambda function to create a ticket for AWS Support to add the account to the Enterprise Support plan. Grant the Lambda function the support:ResolveCase permission.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354025[]' id='answer-id-1382280' class='answer   answerof-354025 ' value='1382280'   \/><label for='answer-id-1382280' id='answer-label-1382280' class=' answer'><span>Add an additional value to the control_tower_parameters input to set the AWSEnterpriseSupport parameter as the organization's management account number.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354025[]' id='answer-id-1382281' class='answer   answerof-354025 ' value='1382281'   \/><label for='answer-id-1382281' id='answer-label-1382281' class=' answer'><span>Set the aft_feature_enterprise_support feature flag to True in the AFT deployment input configuration. Redeploy AFT and apply the changes.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-37' style=';'><div id='questionWrap-37'  class='   watupro-question-id-354026'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>37. <\/span>A company has a mobile application that makes HTTP API calls to an Application Load Balancer (ALB). The ALB routes requests to an AWS Lambda function. Many different versions of the application are in use at any given time, including versions that are in testing by a subset of users. The version of the application is defined in the user-agent header that is sent with all requests to the API. <br \/>\r<br>After a series of recent changes to the API, the company has observed issues with the application. The company needs to gather a metric for each API operation by response code for each version of the application that is in use. A DevOps engineer has modified the Lambda function to extract the API operation name, version information from the user-agent header and response code. <br \/>\r<br>Which additional set of actions should the DevOps engineer take to gather the required metrics?<\/div><input type='hidden' name='question_id[]' id='qID_37' value='354026' \/><input type='hidden' id='answerType354026' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354026[]' id='answer-id-1382282' class='answer   answerof-354026 ' value='1382282'   \/><label for='answer-id-1382282' id='answer-label-1382282' class=' answer'><span>Modify the Lambda function to write the API operation name, response code, and version number as a log line to an Amazon CloudWatch Logs log group. Configure a CloudWatch Logs metric filter that increments a metric for each API operation name. Specify response code and application version as dimensions for the metric.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354026[]' id='answer-id-1382283' class='answer   answerof-354026 ' value='1382283'   \/><label for='answer-id-1382283' id='answer-label-1382283' class=' answer'><span>Modify the Lambda function to write the API operation name, response code, and version number as a log line to an Amazon CloudWatch Logs log group. Configure a CloudWatch Logs Insights query to populate CloudWatch metrics from the log lines. Specify response code and application version as dimensions for the metric.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354026[]' id='answer-id-1382284' class='answer   answerof-354026 ' value='1382284'   \/><label for='answer-id-1382284' id='answer-label-1382284' class=' answer'><span>Configure the ALB access logs to write to an Amazon CloudWatch Logs log group. Modify the Lambda function to respond to the ALB with the API operation name, response code, and version number as response metadata. Configure a CloudWatchLogs metric filter that increments a metric for each API operation name. Specify response code and application version as dimensions for the metric.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354026[]' id='answer-id-1382285' class='answer   answerof-354026 ' value='1382285'   \/><label for='answer-id-1382285' id='answer-label-1382285' class=' answer'><span>Configure AWS X-Ray integration on the Lambda function. Modify the Lambda function to create an X-Ray subsegment with the API operation name, response code, and version number. Configure X-Ray insights to extract an aggregated metric for each API operation name and to publish the metric to Amazon CloudWatch. Specify response code and application version as dimensions for the metric.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-38' style=';'><div id='questionWrap-38'  class='   watupro-question-id-354027'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>38. <\/span>A rapidly growing company wants to scale for developer demand for AWS development environments. Development environments are created manually in the AWS Management Console. The networking team uses AWS CloudFormation to manage the networking infrastructure, exporting stack output values for the Amazon VPC and all subnets. The development environments have common standards, such as Application Load Balancers, Amazon EC2 Auto Scaling groups, security groups, and Amazon DynamoDB tables. <br \/>\r<br>To keep up with demand, the DevOps engineer wants to automate the creation of development environments. Because the infrastructure required to support the application is expected to grow, there must be a way to easily update the deployed infrastructure. CloudFormation will be used to create a template for the development environments. <br \/>\r<br>Which approach will meet these requirements and quickly provide consistent AWS environments for developers?<\/div><input type='hidden' name='question_id[]' id='qID_38' value='354027' \/><input type='hidden' id='answerType354027' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354027[]' id='answer-id-1382286' class='answer   answerof-354027 ' value='1382286'   \/><label for='answer-id-1382286' id='answer-label-1382286' class=' answer'><span>Use Fn::ImportValue intrinsic functions in the Resources section of the template to retrieve Virtual Private Cloud (VPC) and subnet values. Use CloudFormation StackSets for the development environments, using the Count input parameter to indicate the number of environments needed. Use the UpdateStackSet command to update existing development environments.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354027[]' id='answer-id-1382287' class='answer   answerof-354027 ' value='1382287'   \/><label for='answer-id-1382287' id='answer-label-1382287' class=' answer'><span>Use nested stacks to define common infrastructure components. To access the exported values, use TemplateURL to reference the networking team\u2019s template. To retrieve Virtual Private Cloud (VPC) and subnet values, use Fn::ImportValue intrinsic functions in the Parameters section of the root template. Use the CreateChangeSet and ExecuteChangeSet commands to update existing development environments.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354027[]' id='answer-id-1382288' class='answer   answerof-354027 ' value='1382288'   \/><label for='answer-id-1382288' id='answer-label-1382288' class=' answer'><span>Use nested stacks to define common infrastructure components. Use Fn::ImportValue intrinsic functions with the resources of the nested stack to retrieve Virtual Private Cloud (VPC) and subnet values. Use the CreateChangeSet and ExecuteChangeSet commands to update existing development environments.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354027[]' id='answer-id-1382289' class='answer   answerof-354027 ' value='1382289'   \/><label for='answer-id-1382289' id='answer-label-1382289' class=' answer'><span>Use Fn::ImportValue intrinsic functions in the Parameters section of the root template to retrieve Virtual Private Cloud (VPC) and subnet values. Define the development resources in the order they need to be created in the CloudFormation nested stacks. Use the CreateChangeSet. and ExecuteChangeSet commands to update existing development environments.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-39' style=';'><div id='questionWrap-39'  class='   watupro-question-id-354028'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>39. <\/span>A company has its AWS accounts in an organization in AWS Organizations. AWS Config is manually configured in each AWS account. The company needs to implement a solution to centrally configure AWS Config for all accounts in the organization The solution also must record resource changes to a central account. <br \/>\r<br>Which combination of actions should a DevOps engineer perform to meet these requirements? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_39' value='354028' \/><input type='hidden' id='answerType354028' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354028[]' id='answer-id-1382290' class='answer   answerof-354028 ' value='1382290'   \/><label for='answer-id-1382290' id='answer-label-1382290' class=' answer'><span>Configure a delegated administrator account for AWS Config. Enable trusted access for AWS Config in the organization.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354028[]' id='answer-id-1382291' class='answer   answerof-354028 ' value='1382291'   \/><label for='answer-id-1382291' id='answer-label-1382291' class=' answer'><span>Configure a delegated administrator account for AWS Config. Create a service-linked role for AWS Config in the organization\u2019s management account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354028[]' id='answer-id-1382292' class='answer   answerof-354028 ' value='1382292'   \/><label for='answer-id-1382292' id='answer-label-1382292' class=' answer'><span>Create an AWS CloudFormation template to create an AWS Config aggregator. Configure a CloudFormation stack set to deploy the template to all accounts in the organization.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354028[]' id='answer-id-1382293' class='answer   answerof-354028 ' value='1382293'   \/><label for='answer-id-1382293' id='answer-label-1382293' class=' answer'><span>Create an AWS Config organization aggregator in the organization's management account. Configure data collection from all AWS accounts in the organization and from all AWS Regions.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354028[]' id='answer-id-1382294' class='answer   answerof-354028 ' value='1382294'   \/><label for='answer-id-1382294' id='answer-label-1382294' class=' answer'><span>Create an AWS Config organization aggregator in the delegated administrator account. Configure data collection from all AWS accounts in the organization and from all AWS Regions.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-40' style=';'><div id='questionWrap-40'  class='   watupro-question-id-354029'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>40. <\/span>A development team uses AWS CodeCommit, AWS CodePipeline, and AWS CodeBuild to develop and deploy an application. Changes to the code are submitted by pullrequests. The development team reviews and merges the pull requests, and then the pipeline builds and tests the application. <br \/>\r<br>Over time, the number of pull requests has increased. The pipeline is frequently blocked because of failing tests. To prevent this blockage, the development team wants to run the unit and integration tests on each pull request before it is merged. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_40' value='354029' \/><input type='hidden' id='answerType354029' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354029[]' id='answer-id-1382295' class='answer   answerof-354029 ' value='1382295'   \/><label for='answer-id-1382295' id='answer-label-1382295' class=' answer'><span>Create a CodeBuild project to run the unit and integration tests. Create a CodeCommit approval rule template. Configure the template to require the successful invocation of the CodeBuild project. Attach the approval rule to the project's CodeCommit repository.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354029[]' id='answer-id-1382296' class='answer   answerof-354029 ' value='1382296'   \/><label for='answer-id-1382296' id='answer-label-1382296' class=' answer'><span>Create an Amazon EventBridge rule to match pullRequestCreated events from CodeCommit Create a CodeBuild project to run the unit and integration tests. Configure the CodeBuild project as a target of the EventBridge rule that includes a custom event payload with the CodeCommit repository and branch information from the event.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354029[]' id='answer-id-1382297' class='answer   answerof-354029 ' value='1382297'   \/><label for='answer-id-1382297' id='answer-label-1382297' class=' answer'><span>Create an Amazon EventBridge rule to match pullRequestCreated events from CodeCommit. Modify the existing CodePipeline pipeline to not run the deploy steps if the build is started from a pull request. Configure the EventBridge rule to run the pipeline with a custom payload that contains the CodeCommit repository and branch information from the event.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354029[]' id='answer-id-1382298' class='answer   answerof-354029 ' value='1382298'   \/><label for='answer-id-1382298' id='answer-label-1382298' class=' answer'><span>Create a CodeBuild project to run the unit and integration tests. Create a CodeCommit notification rule that matches when a pull request is created or updated. Configure the notification rule to invoke the CodeBuild project.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-41' style=';'><div id='questionWrap-41'  class='   watupro-question-id-354030'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>41. <\/span>A production account has a requirement that any Amazon EC2 instance that has been logged in to manually must be terminated within 24 hours. All applications in the production account are using Auto Scaling groups with the Amazon CloudWatch Logs agent configured. <br \/>\r<br>How can this process be automated?<\/div><input type='hidden' name='question_id[]' id='qID_41' value='354030' \/><input type='hidden' id='answerType354030' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354030[]' id='answer-id-1382299' class='answer   answerof-354030 ' value='1382299'   \/><label for='answer-id-1382299' id='answer-label-1382299' class=' answer'><span>Create a CloudWatch Logs subscription to an AWS Step Functions application. Configure an AWS Lambda function to add a tag to the EC2 instance that produced the login event and mark the instance to be decommissioned. Create an Amazon EventBridge rule to invoke a second Lambda function once a day that will terminate all instances with this tag.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354030[]' id='answer-id-1382300' class='answer   answerof-354030 ' value='1382300'   \/><label for='answer-id-1382300' id='answer-label-1382300' class=' answer'><span>Create an Amazon CloudWatch alarm that will be invoked by the login event. Send the notification to an Amazon Simple Notification Service (Amazon SNS) topic that the operations team is subscribed to, and have them terminate the EC2 instance within 24 hours.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354030[]' id='answer-id-1382301' class='answer   answerof-354030 ' value='1382301'   \/><label for='answer-id-1382301' id='answer-label-1382301' class=' answer'><span>Create an Amazon CloudWatch alarm that will be invoked by the login event. Configure the alarm to send to an Amazon Simple Queue Service (Amazon SQS) queue. Use a group of worker instances to process messages from the queue, which then schedules an Amazon EventBridge rule to be invoked.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354030[]' id='answer-id-1382302' class='answer   answerof-354030 ' value='1382302'   \/><label for='answer-id-1382302' id='answer-label-1382302' class=' answer'><span>Create a CloudWatch Logs subscription to an AWS Lambda function. Configure the function to add a tag to the EC2 instance that produced the login event and mark the instance to be decommissioned. Create an Amazon EventBridge rule to invoke a daily Lambda function that terminates all instances with this tag.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-42' style=';'><div id='questionWrap-42'  class='   watupro-question-id-354031'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>42. <\/span>A company is performing vulnerability scanning for all Amazon EC2 instances across many accounts. The accounts are in an organization in AWS Organizations. Each account's VPCs are attached to a shared transit gateway. The VPCs send traffic to the internet through a central egress VPC. The company has enabled Amazon Inspector in a delegated administrator account and has enabled scanning for all member accounts. <br \/>\r<br>A DevOps engineer discovers that some EC2 instances are listed in the &quot;not scanning&quot; tab in Amazon Inspector. <br \/>\r<br>Which combination of actions should the DevOps engineer take to resolve this issue? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_42' value='354031' \/><input type='hidden' id='answerType354031' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354031[]' id='answer-id-1382303' class='answer   answerof-354031 ' value='1382303'   \/><label for='answer-id-1382303' id='answer-label-1382303' class=' answer'><span>Verify that AWS Systems Manager Agent is installed and is running on the EC2 instances that Amazon Inspector is not scanning.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354031[]' id='answer-id-1382304' class='answer   answerof-354031 ' value='1382304'   \/><label for='answer-id-1382304' id='answer-label-1382304' class=' answer'><span>Associate the target EC2 instances with security groups that allow outbound communication on port 443 to the AWS Systems Manager service endpoint.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354031[]' id='answer-id-1382305' class='answer   answerof-354031 ' value='1382305'   \/><label for='answer-id-1382305' id='answer-label-1382305' class=' answer'><span>Grant inspector:StartAssessmentRun permissions to the IAM role that the DevOps engineer is using.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354031[]' id='answer-id-1382306' class='answer   answerof-354031 ' value='1382306'   \/><label for='answer-id-1382306' id='answer-label-1382306' class=' answer'><span>Configure EC2 Instance Connect for the EC2 instances that Amazon Inspector is not scanning.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354031[]' id='answer-id-1382307' class='answer   answerof-354031 ' value='1382307'   \/><label for='answer-id-1382307' id='answer-label-1382307' class=' answer'><span>Associate the target EC2 instances with instance profiles that grant permissions to communicate with AWS Systems Manager.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354031[]' id='answer-id-1382308' class='answer   answerof-354031 ' value='1382308'   \/><label for='answer-id-1382308' id='answer-label-1382308' class=' answer'><span>Create a managed-instance activation. Use the Activation Code and the Activation ID to register the EC2 instances.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-43' style=';'><div id='questionWrap-43'  class='   watupro-question-id-354032'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>43. <\/span>A company is using AWS CodePipeline to automate its release pipeline. AWS CodeDeploy is being used in the pipeline to deploy an application to Amazon Elastic Container Service (Amazon ECS) using the blue\/green deployment model. The company wants to implement scripts to test the green version of the application before shifting traffic. These scripts will complete in 5 minutes or less. If errors are discovered during these tests, the application must be rolled back. <br \/>\r<br>Which strategy will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_43' value='354032' \/><input type='hidden' id='answerType354032' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354032[]' id='answer-id-1382309' class='answer   answerof-354032 ' value='1382309'   \/><label for='answer-id-1382309' id='answer-label-1382309' class=' answer'><span>Add a stage to the CodePipeline pipeline between the source and deploy stages. Use AWS CodeBuild to create a runtime environment and build commands in the buildspec file to invoke test scripts. If errors are found, use the aws deploy stop-deployment command to stop the deployment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354032[]' id='answer-id-1382310' class='answer   answerof-354032 ' value='1382310'   \/><label for='answer-id-1382310' id='answer-label-1382310' class=' answer'><span>Add a stage to the CodePipeline pipeline between the source and deploy stages. Use this stage to invoke an AWS Lambda function that will run the test scripts. If errors are found, use the aws deploy stop-deployment command to stop the deployment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354032[]' id='answer-id-1382311' class='answer   answerof-354032 ' value='1382311'   \/><label for='answer-id-1382311' id='answer-label-1382311' class=' answer'><span>Add a hooks section to the CodeDeploy AppSpec file. Use the AfterAllowTestTraffic lifecycle event to invoke an AWS Lambda function to run the test scripts. If errors are found, exit the Lambda function with an error to initiate rollback.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354032[]' id='answer-id-1382312' class='answer   answerof-354032 ' value='1382312'   \/><label for='answer-id-1382312' id='answer-label-1382312' class=' answer'><span>Add a hooks section to the CodeDeploy AppSpec file. Use the AfterAllowTraffic lifecycle event to invoke the test scripts. If errors are found, use the aws deploy stop-deployment CLI command to stop the deployment.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-44' style=';'><div id='questionWrap-44'  class='   watupro-question-id-354033'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>44. <\/span>A company runs an application with an Amazon EC2 and on-premises configuration. A DevOps engineer needs to standardize patching across both environments. Company policy dictates that patching only happens during non-business hours. <br \/>\r<br>Which combination of actions will meet these requirements? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_44' value='354033' \/><input type='hidden' id='answerType354033' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354033[]' id='answer-id-1382313' class='answer   answerof-354033 ' value='1382313'   \/><label for='answer-id-1382313' id='answer-label-1382313' class=' answer'><span>Add the physical machines into AWS Systems Manager using Systems Manager Hybrid Activations.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354033[]' id='answer-id-1382314' class='answer   answerof-354033 ' value='1382314'   \/><label for='answer-id-1382314' id='answer-label-1382314' class=' answer'><span>Attach an IAM role to the EC2 instances, allowing them to be managed by AWS Systems Manager.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354033[]' id='answer-id-1382315' class='answer   answerof-354033 ' value='1382315'   \/><label for='answer-id-1382315' id='answer-label-1382315' class=' answer'><span>Create IAM access keys for the on-premises machines to interact with AWS Systems Manager.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354033[]' id='answer-id-1382316' class='answer   answerof-354033 ' value='1382316'   \/><label for='answer-id-1382316' id='answer-label-1382316' class=' answer'><span>Run an AWS Systems Manager Automation document to patch the systems every hour.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354033[]' id='answer-id-1382317' class='answer   answerof-354033 ' value='1382317'   \/><label for='answer-id-1382317' id='answer-label-1382317' class=' answer'><span>Use Amazon EventBridge scheduled events to schedule a patch window.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354033[]' id='answer-id-1382318' class='answer   answerof-354033 ' value='1382318'   \/><label for='answer-id-1382318' id='answer-label-1382318' class=' answer'><span>Use AWS Systems Manager Maintenance Windows to schedule a patch window.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-45' style=';'><div id='questionWrap-45'  class='   watupro-question-id-354034'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>45. <\/span>A company has an application that is using a MySQL-compatible Amazon Aurora Multi-AZ DB cluster as the database. A cross-Region read replica has been created for disaster recovery purposes. A DevOps engineer wants to automate the promotion of the replica so it becomes the primary database instance in the event of a failure. <br \/>\r<br>Which solution will accomplish this?<\/div><input type='hidden' name='question_id[]' id='qID_45' value='354034' \/><input type='hidden' id='answerType354034' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354034[]' id='answer-id-1382319' class='answer   answerof-354034 ' value='1382319'   \/><label for='answer-id-1382319' id='answer-label-1382319' class=' answer'><span>Configure a latency-based Amazon Route 53 CNAME with health checks so it points to both the primary and replica endpoints. Subscribe an Amazon SNS topic to Amazon RDS failure notifications from AWS CloudTrail and use that topic to invoke an AWS Lambda function that will promote the replica instance as the primary.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354034[]' id='answer-id-1382320' class='answer   answerof-354034 ' value='1382320'   \/><label for='answer-id-1382320' id='answer-label-1382320' class=' answer'><span>Create an Aurora custom endpoint to point to the primary database instance. Configure the application to use this endpoint. Configure AWS CloudTrail to run an AWS Lambda function to promote the replica instance and modify the custom endpoint to point to the newly promoted instance.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354034[]' id='answer-id-1382321' class='answer   answerof-354034 ' value='1382321'   \/><label for='answer-id-1382321' id='answer-label-1382321' class=' answer'><span>Create an AWS Lambda function to modify the application's AWS CloudFormation template to promote the replica, apply the template to update the stack, and point the application to the newly promoted instance. Create an Amazon CloudWatch alarm to invoke this Lambda function after the failure event occurs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354034[]' id='answer-id-1382322' class='answer   answerof-354034 ' value='1382322'   \/><label for='answer-id-1382322' id='answer-label-1382322' class=' answer'><span>Store the Aurora endpoint in AWS Systems Manager Parameter Store. Create an Amazon EventBridge event that detects the database failure and runs an AWS Lambda function to promote the replica instance and update the endpoint URL stored in AWS Systems Manager Parameter Store. Code the application to reload the endpoint from Parameter Store if a database connection fails.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-46' style=';'><div id='questionWrap-46'  class='   watupro-question-id-354035'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>46. <\/span>A company has multiple AWS accounts. The company uses AWS IAM Identity Center (AWS Single Sign-On) that is integrated with AWS Toolkit for Microsoft Azure DevOps. The attributes for access control feature is enabled in IAM Identity Center. <br \/>\r<br>The attribute mapping list contains two entries. The department key is mapped to ${path:enterprise.department}. The costCenter key is mapped to ${path:enterprise.costCenter}. <br \/>\r<br>All existing Amazon EC2 instances have a department tag that corresponds to three company departments (d1, d2, d3). A DevOps engineer must create policies based on the matching attributes. The policies must minimize administrative effort and must grant each Azure AD user access to only the EC2 instances that are tagged with the user\u2019s respective department name. <br \/>\r<br>Which condition key should the DevOps engineer include in the custom permissions policies to meet these requirements? <br \/>\r<br>A) <br \/>\r<br><br><img decoding=\"async\" width=522 height=135 id=\"\u56fe\u7247 1\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2024\/09\/image001-5.png\"><br><br \/>\r<br>B) <br \/>\r<br><br><img decoding=\"async\" width=651 height=89 id=\"\u56fe\u7247 2\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2024\/09\/image002-19.jpg\"><br><br \/>\r<br>C) <br \/>\r<br><br><img decoding=\"async\" width=649 height=91 src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2024\/09\/image003-20.jpg\"><br><br \/>\r<br>D) <br \/>\r<br><br><img decoding=\"async\" width=649 height=103 src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2024\/09\/image004-18.jpg\"><br><\/div><input type='hidden' name='question_id[]' id='qID_46' value='354035' \/><input type='hidden' id='answerType354035' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354035[]' id='answer-id-1382323' class='answer   answerof-354035 ' value='1382323'   \/><label for='answer-id-1382323' id='answer-label-1382323' class=' answer'><span>Option A<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354035[]' id='answer-id-1382324' class='answer   answerof-354035 ' value='1382324'   \/><label for='answer-id-1382324' id='answer-label-1382324' class=' answer'><span>Option B<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354035[]' id='answer-id-1382325' class='answer   answerof-354035 ' value='1382325'   \/><label for='answer-id-1382325' id='answer-label-1382325' class=' answer'><span>Option C<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354035[]' id='answer-id-1382326' class='answer   answerof-354035 ' value='1382326'   \/><label for='answer-id-1382326' id='answer-label-1382326' class=' answer'><span>Option D<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-47' style=';'><div id='questionWrap-47'  class='   watupro-question-id-354036'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>47. <\/span>A company is using an Amazon Aurora cluster as the data store for its application. The Aurora cluster is configured with a single DB instance. The application performs read and write operations on the database by using the cluster's instance endpoint. <br \/>\r<br>The company has scheduled an update to be applied to the cluster during an upcoming maintenance window. The cluster must remain available with the least possible interruption during the maintenance window. <br \/>\r<br>What should a DevOps engineer do to meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_47' value='354036' \/><input type='hidden' id='answerType354036' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354036[]' id='answer-id-1382327' class='answer   answerof-354036 ' value='1382327'   \/><label for='answer-id-1382327' id='answer-label-1382327' class=' answer'><span>Add a reader instance to the Aurora cluster. Update the application to use the Aurora cluster endpoint for write operations. Update the Aurora cluster's reader endpoint for reads.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354036[]' id='answer-id-1382328' class='answer   answerof-354036 ' value='1382328'   \/><label for='answer-id-1382328' id='answer-label-1382328' class=' answer'><span>Add a reader instance to the Aurora cluster. Create a custom ANY endpoint for the cluster. Update the application to use the Aurora cluster's custom ANY endpoint for read and write operations.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354036[]' id='answer-id-1382329' class='answer   answerof-354036 ' value='1382329'   \/><label for='answer-id-1382329' id='answer-label-1382329' class=' answer'><span>Turn on the Multi-AZ option on the Aurora cluster. Update the application to use the Aurora cluster endpoint for write operations. Update the Aurora cluster\u2019s reader endpoint for reads.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354036[]' id='answer-id-1382330' class='answer   answerof-354036 ' value='1382330'   \/><label for='answer-id-1382330' id='answer-label-1382330' class=' answer'><span>Turn on the Multi-AZ option on the Aurora cluster. Create a custom ANY endpoint for the cluster. Update the application to use the Aurora cluster's custom ANY endpoint for read and write operations.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-48' style=';'><div id='questionWrap-48'  class='   watupro-question-id-354037'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>48. <\/span>A company is implementing a well-architected design for its globally accessible API stack. The design needs to ensure both high reliability and fast response times for users located in North America and Europe. <br \/>\r<br>The API stack contains the following three tiers: <br \/>\r<br>Amazon API Gateway <br \/>\r<br>AWS Lambda <br \/>\r<br>Amazon DynamoDB <br \/>\r<br>Which solution will meet the requirements?<\/div><input type='hidden' name='question_id[]' id='qID_48' value='354037' \/><input type='hidden' id='answerType354037' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354037[]' id='answer-id-1382331' class='answer   answerof-354037 ' value='1382331'   \/><label for='answer-id-1382331' id='answer-label-1382331' class=' answer'><span>Configure Amazon Route 53 to point to API Gateway APIs in North America and Europe using health checks. Configure the APIs to forward requests to a Lambda function in that Region. Configure the Lambda functions to retrieve and update the data in a DynamoDB table in the same Region as the Lambda function.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354037[]' id='answer-id-1382332' class='answer   answerof-354037 ' value='1382332'   \/><label for='answer-id-1382332' id='answer-label-1382332' class=' answer'><span>Configure Amazon Route 53 to point to API Gateway APIs in North America and Europe using latency-based routing and health checks. Configure the APIs to forward requests to a Lambda function in that Region. Configure the Lambda functions to retrieve and update the data in a DynamoDB global table.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354037[]' id='answer-id-1382333' class='answer   answerof-354037 ' value='1382333'   \/><label for='answer-id-1382333' id='answer-label-1382333' class=' answer'><span>Configure Amazon Route 53 to point to API Gateway in North America, create a disaster recovery API in Europe, and configure both APIs to forward requests to the Lambda functions in that Region. Retrieve the data from a DynamoDB global table. Deploy a Lambda function to check the North America API health every 5 minutes. In the event of a failure, update Route 53 to point to the disaster recovery AP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354037[]' id='answer-id-1382334' class='answer   answerof-354037 ' value='1382334'   \/><label for='answer-id-1382334' id='answer-label-1382334' class=' answer'><span>Configure Amazon Route 53 to point to API Gateway API in North America using latency-based routing. Configure the API to forward requests to the Lambda function in the Region nearest to the user. Configure the Lambda function to retrieve and update the data in a DynamoDB table.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-49' style=';'><div id='questionWrap-49'  class='   watupro-question-id-354038'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>49. <\/span>A company is adopting AWS CodeDeploy to automate its application deployments for a Java-Apache Tomcat application with an Apache Webserver. The development team started with a proof of concept, created a deployment group for a developer environment, and performed functional tests within the application. After completion, the team will create additional deployment groups for staging and production. <br \/>\r<br>The current log level is configured within the Apache settings, but the team wants to change this configuration dynamically when the deployment occurs, so that they can set different log level configurations depending on the deployment group without having a different application revision for each group. <br \/>\r<br>How can these requirements be met with the LEAST management overhead and without requiring different script versions for each deployment group?<\/div><input type='hidden' name='question_id[]' id='qID_49' value='354038' \/><input type='hidden' id='answerType354038' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354038[]' id='answer-id-1382335' class='answer   answerof-354038 ' value='1382335'   \/><label for='answer-id-1382335' id='answer-label-1382335' class=' answer'><span>Tag the Amazon EC2 instances depending on the deployment group. Then place a script into the application revision that calls the metadata service and the EC2 API to identify which deployment group the instance is part of. Use this information to configure the log level settings. Reference the script as part of the AfterInstall lifecycle hook in the appspec.yml file.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354038[]' id='answer-id-1382336' class='answer   answerof-354038 ' value='1382336'   \/><label for='answer-id-1382336' id='answer-label-1382336' class=' answer'><span>Create a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_ NAME to identify which deployment group the instance is part of. Use this information to configure the log level settings. Reference this script as part of the BeforeInstall lifecycle hook in the appspec.yml file.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354038[]' id='answer-id-1382337' class='answer   answerof-354038 ' value='1382337'   \/><label for='answer-id-1382337' id='answer-label-1382337' class=' answer'><span>Create a CodeDeploy custom environment variable for each environment. Then place a script into the application revision that checks this environment variable to identify which deployment group the instance is part of. Use this information to configure the log level settings. Reference this script as part of the ValidateService lifecycle hook in the appspec.yml file.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354038[]' id='answer-id-1382338' class='answer   answerof-354038 ' value='1382338'   \/><label for='answer-id-1382338' id='answer-label-1382338' class=' answer'><span>Create a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_ID to identify which deployment group the instance is part of to configure the log level settings. Reference this script as part of the Install lifecycle hook in the appspec.yml file.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-50' style=';'><div id='questionWrap-50'  class='   watupro-question-id-354039'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>50. <\/span>A DevOps engineer is creating an AWS CloudFormation template to deploy a web service. The web service will run on Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB). The DevOps engineer must ensure that the service can accept requests from clients that have IPv6 addresses. <br \/>\r<br>What should the DevOps engineer do with the CloudFormation template so that IPv6 clients can access the web service?<\/div><input type='hidden' name='question_id[]' id='qID_50' value='354039' \/><input type='hidden' id='answerType354039' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354039[]' id='answer-id-1382339' class='answer   answerof-354039 ' value='1382339'   \/><label for='answer-id-1382339' id='answer-label-1382339' class=' answer'><span>Add an IPv6 CIDR block to the VPC and the private subnet for the EC2 instances. Create route table entries for the IPv6 network, use EC2 instance types that support IPv6, and assign IPv6 addresses to each EC2 instance.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354039[]' id='answer-id-1382340' class='answer   answerof-354039 ' value='1382340'   \/><label for='answer-id-1382340' id='answer-label-1382340' class=' answer'><span>Assign each EC2 instance an IPv6 Elastic IP address. Create a target group, and add the EC2 instances as targets. Create a listener on port 443 of the ALB, and associate the target group with the AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354039[]' id='answer-id-1382341' class='answer   answerof-354039 ' value='1382341'   \/><label for='answer-id-1382341' id='answer-label-1382341' class=' answer'><span>Replace the ALB with a Network Load Balancer (NLB). Add an IPv6 CIDR block to the VPC and subnets for the NLB, and assign the NLB an IPv6 Elastic IP address.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354039[]' id='answer-id-1382342' class='answer   answerof-354039 ' value='1382342'   \/><label for='answer-id-1382342' id='answer-label-1382342' class=' answer'><span>Add an IPv6 CIDR block to the VPC and subnets for the AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354039[]' id='answer-id-1382343' class='answer   answerof-354039 ' value='1382343'   \/><label for='answer-id-1382343' id='answer-label-1382343' class=' answer'><span>Create a listener on port 443. and specify the dualstack IP address type on the AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354039[]' id='answer-id-1382344' class='answer   answerof-354039 ' value='1382344'   \/><label for='answer-id-1382344' id='answer-label-1382344' class=' answer'><span>Create a target group, and add the EC2 instances as targets. Associate the target group with the AL<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-51' style=';'><div id='questionWrap-51'  class='   watupro-question-id-354040'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>51. <\/span>An IT team has built an AWS CloudFormation template so others in the company can quickly and reliably deploy and terminate an application. The template creates an Amazon EC2 instance with a user data script to install the application and an Amazon S3 bucket that the application uses to serve static webpages while it is running. <br \/>\r<br>All resources should be removed when the CloudFormation stack is deleted. However, the team observes that CloudFormation reports an error during stack deletion, and the S3 bucket created by the stack is not deleted. <br \/>\r<br>How can the team resolve the error in the MOST efficient manner to ensure that all resources are deleted without errors?<\/div><input type='hidden' name='question_id[]' id='qID_51' value='354040' \/><input type='hidden' id='answerType354040' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354040[]' id='answer-id-1382345' class='answer   answerof-354040 ' value='1382345'   \/><label for='answer-id-1382345' id='answer-label-1382345' class=' answer'><span>Add a DelelionPolicy attribute to the S3 bucket resource, with the value Delete forcing the bucket to be removed when the stack is deleted.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354040[]' id='answer-id-1382346' class='answer   answerof-354040 ' value='1382346'   \/><label for='answer-id-1382346' id='answer-label-1382346' class=' answer'><span>Add a custom resource with an AWS Lambda function with the DependsOn attribute specifying the S3 bucket, and an IAM role. Write the Lambda function to delete all objects from the bucket when RequestType is Delete.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354040[]' id='answer-id-1382347' class='answer   answerof-354040 ' value='1382347'   \/><label for='answer-id-1382347' id='answer-label-1382347' class=' answer'><span>Identify the resource that was not deleted. Manually empty the S3 bucket and then delete it.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354040[]' id='answer-id-1382348' class='answer   answerof-354040 ' value='1382348'   \/><label for='answer-id-1382348' id='answer-label-1382348' class=' answer'><span>Replace the EC2 and S3 bucket resources with a single AWS OpsWorks Stacks resource. Define a custom recipe for the stack to create and delete the EC2 instance and the S3 bucket.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-52' style=';'><div id='questionWrap-52'  class='   watupro-question-id-354041'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>52. <\/span>A company\u2019s security team requires that all external Application Load Balancers (ALBs) and Amazon API Gateway APIs are associated with AWS WAF web ACLs. The company has hundreds of AWS accounts, all of which are included in a single organization in AWS Organizations. The company has configured AWS Config for the organization. During an audit, the company finds some externally facing ALBs that are not associated with AWS WAF web ACLs. <br \/>\r<br>Which combination of steps should a DevOps engineer take to prevent future violations? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_52' value='354041' \/><input type='hidden' id='answerType354041' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354041[]' id='answer-id-1382349' class='answer   answerof-354041 ' value='1382349'   \/><label for='answer-id-1382349' id='answer-label-1382349' class=' answer'><span>Delegate AWS Firewall Manager to a security account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354041[]' id='answer-id-1382350' class='answer   answerof-354041 ' value='1382350'   \/><label for='answer-id-1382350' id='answer-label-1382350' class=' answer'><span>Delegate Amazon GuardDuty to a security account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354041[]' id='answer-id-1382351' class='answer   answerof-354041 ' value='1382351'   \/><label for='answer-id-1382351' id='answer-label-1382351' class=' answer'><span>Create an AWS Firewall Manager policy to attach AWS WAF web ACLs to any newly created ALBs and API Gateway APIs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354041[]' id='answer-id-1382352' class='answer   answerof-354041 ' value='1382352'   \/><label for='answer-id-1382352' id='answer-label-1382352' class=' answer'><span>Create an Amazon GuardDuty policy to attach AWS WAF web ACLs to any newly created ALBs and API Gateway APIs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354041[]' id='answer-id-1382353' class='answer   answerof-354041 ' value='1382353'   \/><label for='answer-id-1382353' id='answer-label-1382353' class=' answer'><span>Configure an AWS Config managed rule to attach AWS WAF web ACLs to any newly created ALBs and API Gateway APIs.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-53' style=';'><div id='questionWrap-53'  class='   watupro-question-id-354042'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>53. <\/span>A company requires its developers to tag all Amazon Elastic Block Store (Amazon EBS) volumes in an account to indicate a desired backup frequency. This requirement Includes EBS volumes that do not require backups. The company uses custom tags named Backup_Frequency that have values of none, dally, or weekly that correspond to the desired backup frequency. An audit finds that developers are occasionally not tagging the EBS volumes. <br \/>\r<br>A DevOps engineer needs to ensure that all EBS volumes always have the Backup_Frequency tag so that the company can perform backups at least weekly unless a different value is specified. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_53' value='354042' \/><input type='hidden' id='answerType354042' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354042[]' id='answer-id-1382354' class='answer   answerof-354042 ' value='1382354'   \/><label for='answer-id-1382354' id='answer-label-1382354' class=' answer'><span>Set up AWS Config in the account. Create a custom rule that returns a compliance failure for all Amazon EC2 resources that do not have a Backup Frequency tag applied. Configure a remediation action that uses a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354042[]' id='answer-id-1382355' class='answer   answerof-354042 ' value='1382355'   \/><label for='answer-id-1382355' id='answer-label-1382355' class=' answer'><span>Set up AWS Config in the account. Use a managed rule that returns a compliance failure for EC2::Volume resources that do not have a Backup Frequency tag applied. Configure a remediation action that uses a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354042[]' id='answer-id-1382356' class='answer   answerof-354042 ' value='1382356'   \/><label for='answer-id-1382356' id='answer-label-1382356' class=' answer'><span>Turn on AWS CloudTrail in the account. Create an Amazon EventBridge rule that reacts to EBS CreateVolume events. Configure a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly. Specify the runbook as the target of the rule.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354042[]' id='answer-id-1382357' class='answer   answerof-354042 ' value='1382357'   \/><label for='answer-id-1382357' id='answer-label-1382357' class=' answer'><span>Turn on AWS CloudTrail in the account. Create an Amazon EventBridge rule that reacts to EBS CreateVolume events or EBS ModifyVolume events. Configure a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly. Specify the runbook as the target of the rule.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-54' style=';'><div id='questionWrap-54'  class='   watupro-question-id-354043'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>54. <\/span>A company has containerized all of its in-house quality control applications. The company is running Jenkins on Amazon EC2 instances, which require patching and upgrading. The compliance officer has requested a DevOps engineer begin encrypting build artifacts since they contain company intellectual property. <br \/>\r<br>What should the DevOps engineer do to accomplish this in the MOST maintainable manner?<\/div><input type='hidden' name='question_id[]' id='qID_54' value='354043' \/><input type='hidden' id='answerType354043' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354043[]' id='answer-id-1382358' class='answer   answerof-354043 ' value='1382358'   \/><label for='answer-id-1382358' id='answer-label-1382358' class=' answer'><span>Automate patching and upgrading using AWS Systems Manager on EC2 instances and encrypt Amazon EBS volumes by default.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354043[]' id='answer-id-1382359' class='answer   answerof-354043 ' value='1382359'   \/><label for='answer-id-1382359' id='answer-label-1382359' class=' answer'><span>Deploy Jenkins to an Amazon ECS cluster and copy build artifacts to an Amazon S3 bucket with default encryption enabled.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354043[]' id='answer-id-1382360' class='answer   answerof-354043 ' value='1382360'   \/><label for='answer-id-1382360' id='answer-label-1382360' class=' answer'><span>Leverage AWS CodePipeline with a build action and encrypt the artifacts using AWS Secrets Manager.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354043[]' id='answer-id-1382361' class='answer   answerof-354043 ' value='1382361'   \/><label for='answer-id-1382361' id='answer-label-1382361' class=' answer'><span>Use AWS CodeBuild with artifact encryption to replace the Jenkins instance running on EC2 instances.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-55' style=';'><div id='questionWrap-55'  class='   watupro-question-id-354044'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>55. <\/span>A company requires that its internally facing web application be highly available. The architecture is made up of one Amazon EC2 web server instance and one NAT instance that provides outbound internet access for updates and accessing public data. <br \/>\r<br>Which combination of architecture adjustments should the company implement to achieve high availability? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_55' value='354044' \/><input type='hidden' id='answerType354044' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354044[]' id='answer-id-1382362' class='answer   answerof-354044 ' value='1382362'   \/><label for='answer-id-1382362' id='answer-label-1382362' class=' answer'><span>Add the NAT instance to an EC2 Auto Scaling group that spans multiple Availability Zones. Update the route tables.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354044[]' id='answer-id-1382363' class='answer   answerof-354044 ' value='1382363'   \/><label for='answer-id-1382363' id='answer-label-1382363' class=' answer'><span>Create additional EC2 instances spanning multiple Availability Zones. Add an Application Load Balancer to split the load between them.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354044[]' id='answer-id-1382364' class='answer   answerof-354044 ' value='1382364'   \/><label for='answer-id-1382364' id='answer-label-1382364' class=' answer'><span>Configure an Application Load Balancer in front of the EC2 instance. Configure Amazon CloudWatch alarms to recover the EC2 instance upon host failure.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354044[]' id='answer-id-1382365' class='answer   answerof-354044 ' value='1382365'   \/><label for='answer-id-1382365' id='answer-label-1382365' class=' answer'><span>Replace the NAT instance with a NAT gateway in each Availability Zone. Update the route tables.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354044[]' id='answer-id-1382366' class='answer   answerof-354044 ' value='1382366'   \/><label for='answer-id-1382366' id='answer-label-1382366' class=' answer'><span>Replace the NAT instance with a NAT gateway that spans multiple Availability Zones. Update the route tables.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-56' style=';'><div id='questionWrap-56'  class='   watupro-question-id-354045'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>56. <\/span>An ecommerce company is receiving reports that its order history page is experiencing delays in reflecting the processing status of orders. The order processing system consists of an AWS Lambda function that uses reserved concurrency. The Lambda function processes order messages from an Amazon Simple Queue Service (Amazon SQS) queue and inserts processed orders into an Amazon DynamoDB table. The DynamoDB table has auto scaling enabled for read and write capacity. <br \/>\r<br>Which actions should a DevOps engineer take to resolve this delay? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_56' value='354045' \/><input type='hidden' id='answerType354045' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354045[]' id='answer-id-1382367' class='answer   answerof-354045 ' value='1382367'   \/><label for='answer-id-1382367' id='answer-label-1382367' class=' answer'><span>Check the ApproximateAgeOfOldestMessage metric for the SQS queue. Increase the Lambda function concurrency limit.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354045[]' id='answer-id-1382368' class='answer   answerof-354045 ' value='1382368'   \/><label for='answer-id-1382368' id='answer-label-1382368' class=' answer'><span>Check the ApproximateAgeOfOldestMessage metnc for the SQS queue Configure a redrive policy on the SQS queue.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354045[]' id='answer-id-1382369' class='answer   answerof-354045 ' value='1382369'   \/><label for='answer-id-1382369' id='answer-label-1382369' class=' answer'><span>Check the NumberOfMessagesSent metric for the SQS queue. Increase the SQS queue visibility timeout.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354045[]' id='answer-id-1382370' class='answer   answerof-354045 ' value='1382370'   \/><label for='answer-id-1382370' id='answer-label-1382370' class=' answer'><span>Check the WriteThrottleEvents metric for the DynamoDB table. Increase the maximum write capacity units (WCUs) for the table's scaling policy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354045[]' id='answer-id-1382371' class='answer   answerof-354045 ' value='1382371'   \/><label for='answer-id-1382371' id='answer-label-1382371' class=' answer'><span>Check the Throttles metric for the Lambda function. Increase the Lambda function timeout.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-57' style=';'><div id='questionWrap-57'  class='   watupro-question-id-354046'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>57. <\/span>A company uses AWS Storage Gateway in file gateway mode in front of an Amazon S3 bucket that is used by multiple resources. In the morning when business begins, users do not see the objects processed by a third party the previous evening. When a DevOps engineer looks directly at the S3 bucket, the data is there, but it is missing in Storage Gateway. <br \/>\r<br>Which solution ensures that all the updated third-party files are available in the morning?<\/div><input type='hidden' name='question_id[]' id='qID_57' value='354046' \/><input type='hidden' id='answerType354046' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354046[]' id='answer-id-1382372' class='answer   answerof-354046 ' value='1382372'   \/><label for='answer-id-1382372' id='answer-label-1382372' class=' answer'><span>Configure a nightly Amazon EventBridge event to invoke an AWS Lambda function to run the RefreshCache command for Storage Gateway.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354046[]' id='answer-id-1382373' class='answer   answerof-354046 ' value='1382373'   \/><label for='answer-id-1382373' id='answer-label-1382373' class=' answer'><span>Instruct the third party to put data into the S3 bucket using AWS Transfer for SFT<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354046[]' id='answer-id-1382374' class='answer   answerof-354046 ' value='1382374'   \/><label for='answer-id-1382374' id='answer-label-1382374' class=' answer'><span>Modify Storage Gateway to run in volume gateway mode.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354046[]' id='answer-id-1382375' class='answer   answerof-354046 ' value='1382375'   \/><label for='answer-id-1382375' id='answer-label-1382375' class=' answer'><span>Use S3 Same-Region Replication to replicate any changes made directly in the S3 bucket to Storage Gateway.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-58' style=';'><div id='questionWrap-58'  class='   watupro-question-id-354047'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>58. <\/span>A company hosts a security auditing application in an AWS account. The auditing application uses an IAM role to access other AWS accounts. All the accounts are in the same organization in AWS Organizations. <br \/>\r<br>A recent security audit revealed that users in the audited AWS accounts could modify or delete the auditing application's IAM role. The company needs to prevent any modification to the auditing application's IAM role by any entity other than a trusted administrator IAM role. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_58' value='354047' \/><input type='hidden' id='answerType354047' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354047[]' id='answer-id-1382376' class='answer   answerof-354047 ' value='1382376'   \/><label for='answer-id-1382376' id='answer-label-1382376' class=' answer'><span>Create an SCP that includes a Deny statement for changes to the auditing application's IAM role. Include a condition that allows the trusted administrator IAM role to make changes. Attach the SCP to the root of the organization.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354047[]' id='answer-id-1382377' class='answer   answerof-354047 ' value='1382377'   \/><label for='answer-id-1382377' id='answer-label-1382377' class=' answer'><span>Create an SCP that includes an Allow statement for changes to the auditing application's IAM role by the trusted administrator IAM role. Include a Deny statement for changes by all other IAM principals. Attach the SCP to the IAM service in each AWS account where the auditing application has an IAM role.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354047[]' id='answer-id-1382378' class='answer   answerof-354047 ' value='1382378'   \/><label for='answer-id-1382378' id='answer-label-1382378' class=' answer'><span>Create an IAM permissions boundary that includes a Deny statement for changes to the auditing application's IAM role. Include a condition that allows the trusted administrator IAM role to make changes. Attach the permissions boundary to the audited AWS accounts.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354047[]' id='answer-id-1382379' class='answer   answerof-354047 ' value='1382379'   \/><label for='answer-id-1382379' id='answer-label-1382379' class=' answer'><span>Create an IAM permissions boundary that includes a Deny statement for changes to the auditing application\u2019s IAM role. Include a condition that allows the trusted administrator IAM role to make changes. Attach the permissions boundary to the auditing application's IAM role in the AWS accounts.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-59' style=';'><div id='questionWrap-59'  class='   watupro-question-id-354048'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>59. <\/span>A company has developed a serverless web application that is hosted on AWS. The application consists of Amazon S3. Amazon API Gateway, several AWS Lambda functions, and an Amazon RDS for MySQL database. The company is using AWS CodeCommit to store the source code. The source code is a combination of AWS Serverless Application Model (AWS SAM) templates and Python code. <br \/>\r<br>A security audit and penetration test reveal that user names and passwords for authentication to the database are hardcoded within CodeCommit repositories. A DevOps engineer must implement a solution to automatically detect and prevent hardcoded secrets. <br \/>\r<br>What is the MOST secure solution that meets these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_59' value='354048' \/><input type='hidden' id='answerType354048' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354048[]' id='answer-id-1382380' class='answer   answerof-354048 ' value='1382380'   \/><label for='answer-id-1382380' id='answer-label-1382380' class=' answer'><span>Enable Amazon CodeGuru Profiler. Decorate the handler function with @with_lambda_profiler(). Manually review the recommendation report. Write the secret to AWS Systems Manager Parameter Store as a secure string. Update the SAM templates and the Python code to pull the secret from Parameter Store.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354048[]' id='answer-id-1382381' class='answer   answerof-354048 ' value='1382381'   \/><label for='answer-id-1382381' id='answer-label-1382381' class=' answer'><span>Associate the CodeCommit repository with Amazon CodeGuru Reviewer. Manually check the code review for any recommendations. Choose the option to protect the secret. Update the SAM templates and the Python code to pull the secret from AWS Secrets Manager.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354048[]' id='answer-id-1382382' class='answer   answerof-354048 ' value='1382382'   \/><label for='answer-id-1382382' id='answer-label-1382382' class=' answer'><span>Enable Amazon CodeGuru Profiler. Decorate the handler function with @with_lambda_profiler(). Manually review the recommendation report. Choose theoption to protect the secret. Update the SAM templates and the Python code to pull the secret from AWS Secrets Manager.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354048[]' id='answer-id-1382383' class='answer   answerof-354048 ' value='1382383'   \/><label for='answer-id-1382383' id='answer-label-1382383' class=' answer'><span>Associate the CodeCommit repository with Amazon CodeGuru Reviewer. Manually check the code review for any recommendations. Write the secret to AWS Systems Manager Parameter Store as a string. Update the SAM templates and the Python code to pull the secret from Parameter Store.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-60' style=';'><div id='questionWrap-60'  class='   watupro-question-id-354049'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>60. <\/span>A DevOps engineer is building a multistage pipeline with AWS CodePipeline to build, verify, stage, test, and deploy an application. A manual approval stage is required between the test stage and the deploy stage. The development team uses a custom chat tool with webhook support that requires near-real-time notifications. <br \/>\r<br>How should the DevOps engineer configure status updates for pipeline activity and approval requests to post to the chat tool?<\/div><input type='hidden' name='question_id[]' id='qID_60' value='354049' \/><input type='hidden' id='answerType354049' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354049[]' id='answer-id-1382384' class='answer   answerof-354049 ' value='1382384'   \/><label for='answer-id-1382384' id='answer-label-1382384' class=' answer'><span>Create an Amazon CloudWatch Logs subscription that filters on CodePipeline Pipeline Execution State Change. Publish subscription events to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the chat webhook URL to the SNS topic, and complete the subscription validation.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354049[]' id='answer-id-1382385' class='answer   answerof-354049 ' value='1382385'   \/><label for='answer-id-1382385' id='answer-label-1382385' class=' answer'><span>Create an AWS Lambda function that is invoked by AWS CloudTrail events. When a CodePipeline Pipeline Execution State Change event is detected, send the event details to the chat webhook UR<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354049[]' id='answer-id-1382386' class='answer   answerof-354049 ' value='1382386'   \/><label for='answer-id-1382386' id='answer-label-1382386' class=' answer'><span>Create an Amazon EventBridge rule that filters on CodePipeline Pipeline Execution State Change. Publish the events to an Amazon Simple Notification Service (Amazon SNS) topic. Create an AWS Lambda function that sends event details to the chat webhook UR<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354049[]' id='answer-id-1382387' class='answer   answerof-354049 ' value='1382387'   \/><label for='answer-id-1382387' id='answer-label-1382387' class=' answer'><span>Subscribe the function to the SNS topic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354049[]' id='answer-id-1382388' class='answer   answerof-354049 ' value='1382388'   \/><label for='answer-id-1382388' id='answer-label-1382388' class=' answer'><span>Modify the pipeline code to send the event details to the chat webhook URL at the end of each stage. Parameterize the URL so that each pipeline can send to a different URL based on the pipeline environment.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-61' style=';'><div id='questionWrap-61'  class='   watupro-question-id-354050'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>61. <\/span>A company is using an AWS CodeBuild project to build and package an application. The packages are copied to a shared Amazon S3 bucket before being deployed across multiple AWS accounts. <br \/>\r<br>The buildspec.yml file contains the following: <br \/>\r<br><br><img decoding=\"async\" width=650 height=167 src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2024\/09\/image005-18.jpg\"><br><br \/>\r<br>The DevOps engineer has noticed that anybody with an AWS account is able to download the artifacts. <br \/>\r<br>What steps should the DevOps engineer take to stop this?<\/div><input type='hidden' name='question_id[]' id='qID_61' value='354050' \/><input type='hidden' id='answerType354050' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354050[]' id='answer-id-1382389' class='answer   answerof-354050 ' value='1382389'   \/><label for='answer-id-1382389' id='answer-label-1382389' class=' answer'><span>Modify the post_build command to use --acl public-read and configure a bucket policy that grants read access to the relevant AWS accounts only.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354050[]' id='answer-id-1382390' class='answer   answerof-354050 ' value='1382390'   \/><label for='answer-id-1382390' id='answer-label-1382390' class=' answer'><span>Configure a default ACL for the S3 bucket that defines the set of authenticated users as the relevant AWS accounts only and grants read-only access.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354050[]' id='answer-id-1382391' class='answer   answerof-354050 ' value='1382391'   \/><label for='answer-id-1382391' id='answer-label-1382391' class=' answer'><span>Create an S3 bucket policy that grants read access to the relevant AWS accounts and denies read access to the principal \u201c*\u201d.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354050[]' id='answer-id-1382392' class='answer   answerof-354050 ' value='1382392'   \/><label for='answer-id-1382392' id='answer-label-1382392' class=' answer'><span>Modify the post_build command to remove --acl authenticated-read and configure a bucket policy that allows read access to the relevant AWS accounts only.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-62' style=';'><div id='questionWrap-62'  class='   watupro-question-id-354051'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>62. <\/span>A DevOps engineer is building a continuous deployment pipeline for a serverless application that uses AWS Lambda functions. The company wants to reduce the customer impact of an unsuccessful deployment. The company also wants to monitor for issues. <br \/>\r<br>Which deploy stage configuration will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_62' value='354051' \/><input type='hidden' id='answerType354051' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354051[]' id='answer-id-1382393' class='answer   answerof-354051 ' value='1382393'   \/><label for='answer-id-1382393' id='answer-label-1382393' class=' answer'><span>Use an AWS Serverless Application Model (AWS SAM) template to define the serverless application. Use AWS CodeDeploy to deploy the Lambda functions with the Canary10Percent15Minutes Deployment Preference Type. Use Amazon CloudWatch alarms to monitor the health of the functions.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354051[]' id='answer-id-1382394' class='answer   answerof-354051 ' value='1382394'   \/><label for='answer-id-1382394' id='answer-label-1382394' class=' answer'><span>Use AWS CloudFormation to publish a new stack update, and include Amazon CloudWatch alarms on all resources. Set up an AWS CodePipeline approval action for a developer to verify and approve the AWS CloudFormation change set.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354051[]' id='answer-id-1382395' class='answer   answerof-354051 ' value='1382395'   \/><label for='answer-id-1382395' id='answer-label-1382395' class=' answer'><span>Use AWS CloudFormation to publish a new version on every stack update, and include Amazon CloudWatch alarms on all resources. Use the RoutingConfig property of the AWS::Lambda::Alias resource to update the traffic routing during the stack update.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354051[]' id='answer-id-1382396' class='answer   answerof-354051 ' value='1382396'   \/><label for='answer-id-1382396' id='answer-label-1382396' class=' answer'><span>Use AWS CodeBuild to add sample event payloads for testing to the Lambda functions. Publish a new version of the functions, and include Amazon CloudWatch alarms. Update the production alias to point to the new version. Configure rollbacks to occur when an alarm is in the ALARM state.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-63' style=';'><div id='questionWrap-63'  class='   watupro-question-id-354052'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>63. <\/span>A DevOps engineer manages a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group across multiple Availability Zones. <br \/>\r<br>The engineer needs to implement a deployment strategy that: <br \/>\r<br>Launches a second fleet of instances with the same capacity as the original fleet. <br \/>\r<br>Maintains the original fleet unchanged while the second fleet is launched. <br \/>\r<br>Transitions traffic to the second fleet when the second fleet is fully deployed. <br \/>\r<br>Terminates the original fleet automatically 1 hour after transition. <br \/>\r<br>Which solution will satisfy these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_63' value='354052' \/><input type='hidden' id='answerType354052' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354052[]' id='answer-id-1382397' class='answer   answerof-354052 ' value='1382397'   \/><label for='answer-id-1382397' id='answer-label-1382397' class=' answer'><span>Use an AWS CloudFormation template with a retention policy for the ALB set to 1 hour. Update the Amazon Route 53 record to reflect the new AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354052[]' id='answer-id-1382398' class='answer   answerof-354052 ' value='1382398'   \/><label for='answer-id-1382398' id='answer-label-1382398' class=' answer'><span>Use two AWS Elastic Beanstalk environments to perform a blue\/green deployment from the original environment to the new one. Create an application version lifecycle policy to terminate the original environment in 1 hour.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354052[]' id='answer-id-1382399' class='answer   answerof-354052 ' value='1382399'   \/><label for='answer-id-1382399' id='answer-label-1382399' class=' answer'><span>Use AWS CodeDeploy with a deployment group configured with a blue\/green deployment configuration Select the option Terminate the original instances in the deployment group with a waiting period of 1 hour.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354052[]' id='answer-id-1382400' class='answer   answerof-354052 ' value='1382400'   \/><label for='answer-id-1382400' id='answer-label-1382400' class=' answer'><span>Use AWS Elastic Beanstalk with the configuration set to Immutable. Create an .ebextension using the Resources key that sets the deletion policy of the ALB to 1 hour, and deploy the application.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-64' style=';'><div id='questionWrap-64'  class='   watupro-question-id-354053'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>64. <\/span>A company provides an application to customers. The application has an Amazon API Gateway REST API that invokes an AWS Lambda function. On initialization, the Lambda function loads a large amount of data from an Amazon DynamoDB table. The data load process results in long cold-start times of 8-10 seconds. The DynamoDB table has DynamoDB Accelerator (DAX) configured. <br \/>\r<br>Customers report that the application intermittently takes a long time to respond to requests. The application receives thousands of requests throughout the day. In the middle of the day, the application experiences 10 times more requests than at any other time of the day. Near the end of the day, the application's request volume decreases to 10% of its normal total. <br \/>\r<br>A DevOps engineer needs to reduce the latency of the Lambda function at all times of the day. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_64' value='354053' \/><input type='hidden' id='answerType354053' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354053[]' id='answer-id-1382401' class='answer   answerof-354053 ' value='1382401'   \/><label for='answer-id-1382401' id='answer-label-1382401' class=' answer'><span>Configure provisioned concurrency on the Lambda function with a concurrency value of 1. Delete the DAX cluster for the DynamoDB table.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354053[]' id='answer-id-1382402' class='answer   answerof-354053 ' value='1382402'   \/><label for='answer-id-1382402' id='answer-label-1382402' class=' answer'><span>Configure reserved concurrency on the Lambda function with a concurrency value of 0.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354053[]' id='answer-id-1382403' class='answer   answerof-354053 ' value='1382403'   \/><label for='answer-id-1382403' id='answer-label-1382403' class=' answer'><span>Configure provisioned concurrency on the Lambda function. Configure AWS Application Auto Scaling on the Lambda function with provisioned concurrency values set to a minimum of 1 and a maximum of 100.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354053[]' id='answer-id-1382404' class='answer   answerof-354053 ' value='1382404'   \/><label for='answer-id-1382404' id='answer-label-1382404' class=' answer'><span>Configure reserved concurrency on the Lambda function. Configure AWS Application Auto Scaling on the API Gateway API with a reserved concurrency maximum value of 100.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-65' style=';'><div id='questionWrap-65'  class='   watupro-question-id-354054'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>65. <\/span>A company wants to set up a continuous delivery pipeline. The company stores application code in a private GitHub repository. The company needs to deploy the application components to Amazon Elastic Container Service (Amazon ECS). Amazon EC2, and AWS Lambda. The pipeline must support manual approval actions. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_65' value='354054' \/><input type='hidden' id='answerType354054' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354054[]' id='answer-id-1382405' class='answer   answerof-354054 ' value='1382405'   \/><label for='answer-id-1382405' id='answer-label-1382405' class=' answer'><span>Use AWS CodePipeline with Amazon EC<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354054[]' id='answer-id-1382406' class='answer   answerof-354054 ' value='1382406'   \/><label for='answer-id-1382406' id='answer-label-1382406' class=' answer'><span>Amazon EC2, and Lambda as deploy providers.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354054[]' id='answer-id-1382407' class='answer   answerof-354054 ' value='1382407'   \/><label for='answer-id-1382407' id='answer-label-1382407' class=' answer'><span>Use AWS CodePipeline with AWS CodeDeploy as the deploy provider.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354054[]' id='answer-id-1382408' class='answer   answerof-354054 ' value='1382408'   \/><label for='answer-id-1382408' id='answer-label-1382408' class=' answer'><span>Use AWS CodePipeline with AWS Elastic Beanstalk as the deploy provider.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354054[]' id='answer-id-1382409' class='answer   answerof-354054 ' value='1382409'   \/><label for='answer-id-1382409' id='answer-label-1382409' class=' answer'><span>Use AWS CodeDeploy with GitHub integration to deploy the application.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-66' style=';'><div id='questionWrap-66'  class='   watupro-question-id-354055'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>66. <\/span>A development team uses AWS CodeCommit for version control for applications. The development team uses AWS CodePipeline, AWS CodeBuild. and AWS CodeDeploy for CI\/CD infrastructure. In CodeCommit, the development team recently merged pull requests that did not pass long-running tests in the code base. The development team needed to perform rollbacks to branches in the codebase, resulting in lost time and wasted effort. <br \/>\r<br>A DevOps engineer must automate testing of pull requests in CodeCommit to ensure that reviewers more easily see the results of automated tests as part of the pull request review. <br \/>\r<br>What should the DevOps engineer do to meet this requirement?<\/div><input type='hidden' name='question_id[]' id='qID_66' value='354055' \/><input type='hidden' id='answerType354055' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354055[]' id='answer-id-1382410' class='answer   answerof-354055 ' value='1382410'   \/><label for='answer-id-1382410' id='answer-label-1382410' class=' answer'><span>Create an Amazon EventBridge rule that reacts to the pullRequestStatusChanged event. Create an AWS Lambda function that invokes a CodePipeline pipeline with a CodeBuild action that runs the tests for the application. Program the Lambda function to post the CodeBuild badge as a comment on the pull request so that developers will see the badge in their code review.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354055[]' id='answer-id-1382411' class='answer   answerof-354055 ' value='1382411'   \/><label for='answer-id-1382411' id='answer-label-1382411' class=' answer'><span>Create an Amazon EventBridge rule that reacts to the pullRequestCreated event. Create an AWS Lambda function that invokes a CodePipeline pipeline with a CodeBuild action that runs the tests for the application. Program the Lambda function to post the CodeBuild test results as a comment on the pull request when the test results are complete.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354055[]' id='answer-id-1382412' class='answer   answerof-354055 ' value='1382412'   \/><label for='answer-id-1382412' id='answer-label-1382412' class=' answer'><span>Create an Amazon EventBridge rule that reacts to pullRequestCreated and pullRequestSourceBranchUpdated events. Create an AWS Lambda function that invokes a CodePipeline pipeline with a CodeBuild action that runs the tests for the application. Program the Lambda function to post the CodeBuild badge as a comment on the pull request so that developers will see the badge in their code review.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354055[]' id='answer-id-1382413' class='answer   answerof-354055 ' value='1382413'   \/><label for='answer-id-1382413' id='answer-label-1382413' class=' answer'><span>Create an Amazon EventBridge rule that reacts to the pullRequestStatusChanged event. Create an AWS Lambda function that invokes a CodePipeline pipeline with a CodeBuild action that runs the tests for the application. Program the Lambda function to post the CodeBuild test results as a comment on the pull request when the test results are complete.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-67' style=';'><div id='questionWrap-67'  class='   watupro-question-id-354056'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>67. <\/span>A company wants to use AWS development tools to replace its current bash deployment scripts. The company currently deploys a LAMP application to a group of Amazon EC2 instances behind an Application Load Balancer (ALB). During the deployments, the company unit tests the committed application, stops and starts services, unregisters and re-registers instances with the load balancer, and updates file permissions. The company wants to maintain the same deployment functionality through the shift to using AWS services. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_67' value='354056' \/><input type='hidden' id='answerType354056' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354056[]' id='answer-id-1382414' class='answer   answerof-354056 ' value='1382414'   \/><label for='answer-id-1382414' id='answer-label-1382414' class=' answer'><span>Use AWS CodeBuild to test the application. Use bash scripts invoked by AWS CodeDeploy's appspec.yml file to restart services, and deregister and register instances with the AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354056[]' id='answer-id-1382415' class='answer   answerof-354056 ' value='1382415'   \/><label for='answer-id-1382415' id='answer-label-1382415' class=' answer'><span>Use the appspec.yml file to update file permissions without a custom script.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354056[]' id='answer-id-1382416' class='answer   answerof-354056 ' value='1382416'   \/><label for='answer-id-1382416' id='answer-label-1382416' class=' answer'><span>Use AWS CodePipeline to move the application from the AWS CodeCommit repository to AWS CodeDeploy. Use CodeDeploy's deployment group to test the application, unregister and re-register instances with the AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354056[]' id='answer-id-1382417' class='answer   answerof-354056 ' value='1382417'   \/><label for='answer-id-1382417' id='answer-label-1382417' class=' answer'><span>and restart services. Use the appspec.yml file to update file permissions without a custom script.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354056[]' id='answer-id-1382418' class='answer   answerof-354056 ' value='1382418'   \/><label for='answer-id-1382418' id='answer-label-1382418' class=' answer'><span>Use AWS CodePipeline to move the application source code from the AWS CodeCommit repository to AWS CodeDeploy. Use CodeDeploy to test the application. Use CodeDeploy's appspec.yml file to restart services and update permissions without a custom script. Use AWS CodeBuild to unregister and re-register instances with the AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354056[]' id='answer-id-1382419' class='answer   answerof-354056 ' value='1382419'   \/><label for='answer-id-1382419' id='answer-label-1382419' class=' answer'><span>Use AWS CodePipeline to trigger AWS CodeBuild to test the application. Use bash scripts invoked by AWS CodeDeploy's appspec.yml file to restart services. Unregister and re-register the instances in the AWS CodeDeploy deployment group with the AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354056[]' id='answer-id-1382420' class='answer   answerof-354056 ' value='1382420'   \/><label for='answer-id-1382420' id='answer-label-1382420' class=' answer'><span>Update the appspec.yml file to update file permissions without a custom script.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-68' style=';'><div id='questionWrap-68'  class='   watupro-question-id-354057'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>68. <\/span>A company's application development team uses Linux-based Amazon EC2 instances as bastion hosts. Inbound SSH access to the bastion hosts is restricted to specific IP addresses, as defined in the associated security groups. The company's security team wants to receive a notification if the security group rules are modified to allow SSH access from any IP address. <br \/>\r<br>What should a DevOps engineer do to meet this requirement?<\/div><input type='hidden' name='question_id[]' id='qID_68' value='354057' \/><input type='hidden' id='answerType354057' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354057[]' id='answer-id-1382421' class='answer   answerof-354057 ' value='1382421'   \/><label for='answer-id-1382421' id='answer-label-1382421' class=' answer'><span>Create an Amazon EventBridge rule with a source of aws.cloudtrail and the event name AuthorizeSecurityGroupIngress. Define an Amazon Simple Notification Service (Amazon SNS) topic as the target.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354057[]' id='answer-id-1382422' class='answer   answerof-354057 ' value='1382422'   \/><label for='answer-id-1382422' id='answer-label-1382422' class=' answer'><span>Enable Amazon GuardDuty and check the findings for security groups in AWS Security Hub. Configure an Amazon EventBridge rule with a custom pattern that matches GuardDuty events with an output of NON_COMPLIAN<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354057[]' id='answer-id-1382423' class='answer   answerof-354057 ' value='1382423'   \/><label for='answer-id-1382423' id='answer-label-1382423' class=' answer'><span>Define an Amazon Simple Notification Service (Amazon SNS) topic as the target.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354057[]' id='answer-id-1382424' class='answer   answerof-354057 ' value='1382424'   \/><label for='answer-id-1382424' id='answer-label-1382424' class=' answer'><span>Create an AWS Config rule by using the restricted-ssh managed rule to check whether security groups disallow unrestricted incoming SSH traffic. Configure automatic remediation to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354057[]' id='answer-id-1382425' class='answer   answerof-354057 ' value='1382425'   \/><label for='answer-id-1382425' id='answer-label-1382425' class=' answer'><span>Enable Amazon Inspector. Include the Common Vulnerabilities and Exposures-1.1 rules package to check the security groups that are associated with the bastion hosts. Configure Amazon Inspector to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-69' style=';'><div id='questionWrap-69'  class='   watupro-question-id-354058'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>69. <\/span>A company's DevOps engineer uses AWS Systems Manager to perform maintenance tasks during maintenance windows. The company has a few Amazon EC2 instances that require a restart after notifications from AWS Health. The DevOps engineer needs to implement an automated solution to remediate these notifications. The DevOps engineer creates an Amazon EventBridge rule. <br \/>\r<br>How should the DevOps engineer configure the EventBridge rule to meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_69' value='354058' \/><input type='hidden' id='answerType354058' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354058[]' id='answer-id-1382426' class='answer   answerof-354058 ' value='1382426'   \/><label for='answer-id-1382426' id='answer-label-1382426' class=' answer'><span>Configure an event source of AWS Health, a service of EC2. and an event type that indicates instance maintenance. Target a Systems Manager document to restart the EC2 instance.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354058[]' id='answer-id-1382427' class='answer   answerof-354058 ' value='1382427'   \/><label for='answer-id-1382427' id='answer-label-1382427' class=' answer'><span>Configure an event source of Systems Manager and an event type that indicates a maintenance window. Target a Systems Manager document to restart the EC2 instance.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354058[]' id='answer-id-1382428' class='answer   answerof-354058 ' value='1382428'   \/><label for='answer-id-1382428' id='answer-label-1382428' class=' answer'><span>Configure an event source of AWS Health, a service of EC2, and an event type that indicates instance maintenance. Target a newly created AWS Lambda function that registers an automation task to restart the EC2 instance during a maintenance window.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354058[]' id='answer-id-1382429' class='answer   answerof-354058 ' value='1382429'   \/><label for='answer-id-1382429' id='answer-label-1382429' class=' answer'><span>Configure an event source of EC2 and an event type that indicates instance maintenance. Target a newly created AWS Lambda function that registers an automation task to restart the EC2 instance during a maintenance window.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-70' style=';'><div id='questionWrap-70'  class='   watupro-question-id-354059'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>70. <\/span>A company uses AWS CodePipeline pipelines to automate releases of its application A typical pipeline consists of three stages build, test, and deployment. The company has been using a separate AWS CodeBuild project to run scripts for each stage. However, the company now wants to use AWS CodeDeploy to handle the deployment stage of the pipelines. <br \/>\r<br>The company has packaged the application as an RPM package and must deploy the application to a fleet of Amazon EC2 instances. The EC2 instances are in an EC2 Auto Scaling group and are launched from a common AMI. <br \/>\r<br>Which combination of steps should a DevOps engineer perform to meet these requirements? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_70' value='354059' \/><input type='hidden' id='answerType354059' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354059[]' id='answer-id-1382430' class='answer   answerof-354059 ' value='1382430'   \/><label for='answer-id-1382430' id='answer-label-1382430' class=' answer'><span>Create a new version of the common AMI with the CodeDeploy agent installed. Update the IAM role of the EC2 instances to allow access to CodeDeploy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354059[]' id='answer-id-1382431' class='answer   answerof-354059 ' value='1382431'   \/><label for='answer-id-1382431' id='answer-label-1382431' class=' answer'><span>Create a new version of the common AMI with the CodeDeploy agent installed. Create an AppSpec file that contains application deployment scripts and grants access to CodeDeploy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354059[]' id='answer-id-1382432' class='answer   answerof-354059 ' value='1382432'   \/><label for='answer-id-1382432' id='answer-label-1382432' class=' answer'><span>Create an application in CodeDeploy. Configure an in-place deployment type. Specify the Auto Scaling group as the deployment target. Add a step to the CodePipeline pipeline to use EC2 Image Builder to create a new AM<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354059[]' id='answer-id-1382433' class='answer   answerof-354059 ' value='1382433'   \/><label for='answer-id-1382433' id='answer-label-1382433' class=' answer'><span>Configure CodeDeploy to deploy the newly created AM<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354059[]' id='answer-id-1382434' class='answer   answerof-354059 ' value='1382434'   \/><label for='answer-id-1382434' id='answer-label-1382434' class=' answer'><span>Create an application in CodeDeploy. Configure an in-place deployment type. Specify the Auto Scaling group as the deployment target. Update the CodePipeline pipeline to use the CodeDeploy action to deploy the application.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354059[]' id='answer-id-1382435' class='answer   answerof-354059 ' value='1382435'   \/><label for='answer-id-1382435' id='answer-label-1382435' class=' answer'><span>Create an application in CodeDeploy. Configure an in-place deployment type. Specify the EC2 instances that are launched from the common AMI as the deployment target. Update the CodePipeline pipeline to use the CodeDeploy action to deploy the application.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-71' style=';'><div id='questionWrap-71'  class='   watupro-question-id-354060'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>71. <\/span>A company has an organization in AWS Organizations. The organization includes workload accounts that contain enterprise applications. The company centrally manages users from an operations account. No users can be created in the workload accounts. The company recently added an operations team and must provide the operations team members with administrator access to each workload account. <br \/>\r<br>Which combination of actions will provide this access? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_71' value='354060' \/><input type='hidden' id='answerType354060' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354060[]' id='answer-id-1382436' class='answer   answerof-354060 ' value='1382436'   \/><label for='answer-id-1382436' id='answer-label-1382436' class=' answer'><span>Create a SysAdmin role in the operations account. Attach the AdministratorAccess policy to the role. Modify the trust relationship to allow the sts:AssumeRole action from the workload accounts.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354060[]' id='answer-id-1382437' class='answer   answerof-354060 ' value='1382437'   \/><label for='answer-id-1382437' id='answer-label-1382437' class=' answer'><span>Create a SysAdmin role in each workload account. Attach the AdministratorAccess policy to the role. Modify the trust relationship to allow the sts:AssumeRole action from the operations account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354060[]' id='answer-id-1382438' class='answer   answerof-354060 ' value='1382438'   \/><label for='answer-id-1382438' id='answer-label-1382438' class=' answer'><span>Create an Amazon Cognito identity pool in the operations account. Attach the SysAdmin role as an authenticated role.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354060[]' id='answer-id-1382439' class='answer   answerof-354060 ' value='1382439'   \/><label for='answer-id-1382439' id='answer-label-1382439' class=' answer'><span>In the operations account, create an IAM user for each operations team member.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354060[]' id='answer-id-1382440' class='answer   answerof-354060 ' value='1382440'   \/><label for='answer-id-1382440' id='answer-label-1382440' class=' answer'><span>In the operations account, create an IAM user group that is named SysAdmins. Add an IAM policy that allows the sts:AssumeRole action for the SysAdmin role in each workload account. Add all operations team members to the group.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354060[]' id='answer-id-1382441' class='answer   answerof-354060 ' value='1382441'   \/><label for='answer-id-1382441' id='answer-label-1382441' class=' answer'><span>Create an Amazon Cognito user pool in the operations account. Create an Amazon Cognito user for each operations team member.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-72' style=';'><div id='questionWrap-72'  class='   watupro-question-id-354061'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>72. <\/span>To run an application, a DevOps engineer launches an Amazon EC2 instance with public IP addresses in a public subnet. A user data script obtains the application artifacts and installs them on the instances upon launch. A change to the security classification of the application now requires the instances to run with no access to the internet. While the instances launch successfully and show as healthy, the application does not seem to be installed. <br \/>\r<br>Which of the following should successfully install the application while complying with the new rule?<\/div><input type='hidden' name='question_id[]' id='qID_72' value='354061' \/><input type='hidden' id='answerType354061' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354061[]' id='answer-id-1382442' class='answer   answerof-354061 ' value='1382442'   \/><label for='answer-id-1382442' id='answer-label-1382442' class=' answer'><span>Launch the instances in a public subnet with Elastic IP addresses attached. Once the application is installed and running, run a script to disassociate the Elastic IP addresses afterwards.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354061[]' id='answer-id-1382443' class='answer   answerof-354061 ' value='1382443'   \/><label for='answer-id-1382443' id='answer-label-1382443' class=' answer'><span>Set up a NAT gateway. Deploy the EC2 instances to a private subnet. Update the private subnet's route table to use the NAT gateway as the default route.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354061[]' id='answer-id-1382444' class='answer   answerof-354061 ' value='1382444'   \/><label for='answer-id-1382444' id='answer-label-1382444' class=' answer'><span>Publish the application artifacts to an Amazon S3 bucket and create a VPC endpoint for S3. Assign an IAM instance profile to the EC2 instances so they can read the application artifacts from the S3 bucket.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354061[]' id='answer-id-1382445' class='answer   answerof-354061 ' value='1382445'   \/><label for='answer-id-1382445' id='answer-label-1382445' class=' answer'><span>Create a security group for the application instances and allow only outbound traffic to the artifact repository. Remove the security group rule once the install is complete.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-73' style=';'><div id='questionWrap-73'  class='   watupro-question-id-354062'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>73. <\/span>A DevOps engineer has automated a web service deployment by using AWS CodePipeline with the following steps: <br \/>\r<br>1) An AWS CodeBuild project compiles the deployment artifact and runs unit tests. <br \/>\r<br>2) An AWS CodeDeploy deployment group deploys the web service to Amazon EC2 instances in the staging environment. <br \/>\r<br>3) A CodeDeploy deployment group deploys the web service to EC2 instances in the production environment. <br \/>\r<br>The quality assurance (QA) team requests permission to inspect the build artifact before the deployment to the production environment occurs. The QA team wants to run an internal penetration testing tool to conduct manual tests. The tool will be invoked by a REST API call. <br \/>\r<br>Which combination of actions should the DevOps engineer take to fulfill this request? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_73' value='354062' \/><input type='hidden' id='answerType354062' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354062[]' id='answer-id-1382446' class='answer   answerof-354062 ' value='1382446'   \/><label for='answer-id-1382446' id='answer-label-1382446' class=' answer'><span>Insert a manual approval action between the test actions and deployment actions of the pipeline.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354062[]' id='answer-id-1382447' class='answer   answerof-354062 ' value='1382447'   \/><label for='answer-id-1382447' id='answer-label-1382447' class=' answer'><span>Modify the buildspec.yml file for the compilation stage to require manual approval before completion.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354062[]' id='answer-id-1382448' class='answer   answerof-354062 ' value='1382448'   \/><label for='answer-id-1382448' id='answer-label-1382448' class=' answer'><span>Update the CodeDeploy deployment groups so that they require manual approval to proceed.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354062[]' id='answer-id-1382449' class='answer   answerof-354062 ' value='1382449'   \/><label for='answer-id-1382449' id='answer-label-1382449' class=' answer'><span>Update the pipeline to directly call the REST API for the penetration testing tool.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354062[]' id='answer-id-1382450' class='answer   answerof-354062 ' value='1382450'   \/><label for='answer-id-1382450' id='answer-label-1382450' class=' answer'><span>Update the pipeline to invoke an AWS Lambda function that calls the REST API for the penetration testing tool.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-74' style=';'><div id='questionWrap-74'  class='   watupro-question-id-354063'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>74. <\/span>A company has migrated its container-based applications to Amazon EKS and want to establish automated email notifications. The notifications sent to each email address are for specific activities related to EKS components. The solution will include Amazon SNS topics and an AWS Lambda function to evaluate incoming log events and publish messages to the correct SNS topic. <br \/>\r<br>Which logging solution will support these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_74' value='354063' \/><input type='hidden' id='answerType354063' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354063[]' id='answer-id-1382451' class='answer   answerof-354063 ' value='1382451'   \/><label for='answer-id-1382451' id='answer-label-1382451' class=' answer'><span>Enable Amazon CloudWatch Logs to log the EKS components. Create a CloudWatch subscription filter for each component with Lambda as the subscription feed destination.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354063[]' id='answer-id-1382452' class='answer   answerof-354063 ' value='1382452'   \/><label for='answer-id-1382452' id='answer-label-1382452' class=' answer'><span>Enable Amazon CloudWatch Logs to log the EKS components. Create CloudWatch Logs Insights queries linked to Amazon EventBridge events that invoke Lambda.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354063[]' id='answer-id-1382453' class='answer   answerof-354063 ' value='1382453'   \/><label for='answer-id-1382453' id='answer-label-1382453' class=' answer'><span>Enable Amazon S3 logging for the EKS components. Configure an Amazon CloudWatch subscription filter for each component with Lambda as the subscription feed destination.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354063[]' id='answer-id-1382454' class='answer   answerof-354063 ' value='1382454'   \/><label for='answer-id-1382454' id='answer-label-1382454' class=' answer'><span>Enable Amazon S3 logging for the EKS components. Configure S3 PUT Object event notifications with AWS Lambda as the destination.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-75' style=';'><div id='questionWrap-75'  class='   watupro-question-id-354064'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>75. <\/span>A security review has identified that an AWS CodeBuild project is downloading a database population script from an Amazon S3 bucket using an unauthenticated request. The security team does not allow unauthenticated requests to S3 buckets for this project. <br \/>\r<br>How can this issue be corrected in the MOST secure manner?<\/div><input type='hidden' name='question_id[]' id='qID_75' value='354064' \/><input type='hidden' id='answerType354064' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354064[]' id='answer-id-1382455' class='answer   answerof-354064 ' value='1382455'   \/><label for='answer-id-1382455' id='answer-label-1382455' class=' answer'><span>Add the bucket name to the AllowedBuckets section of the CodeBuild project settings. Update the build spec to use the AWS CLI to download the database population script.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354064[]' id='answer-id-1382456' class='answer   answerof-354064 ' value='1382456'   \/><label for='answer-id-1382456' id='answer-label-1382456' class=' answer'><span>Modify the S3 bucket settings to enable HTTPS basic authentication and specify a token. Update the build spec to use cURL to pass the token and download the database population script.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354064[]' id='answer-id-1382457' class='answer   answerof-354064 ' value='1382457'   \/><label for='answer-id-1382457' id='answer-label-1382457' class=' answer'><span>Remove unauthenticated access from the S3 bucket with a bucket policy. Modify the service role for the CodeBuild project to include Amazon S3 access. Use the AWS CLI to download the database population script.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354064[]' id='answer-id-1382458' class='answer   answerof-354064 ' value='1382458'   \/><label for='answer-id-1382458' id='answer-label-1382458' class=' answer'><span>Remove unauthenticated access from the S3 bucket with a bucket policy. Use the AWS CLI to download the database population script using an IAM access key and a secret access key.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-76' style=';'><div id='questionWrap-76'  class='   watupro-question-id-354065'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>76. <\/span>A company uses AWS CloudFormation stacks to deploy updates to its application. The stacks consist of different resources. The resources include AWS Auto Scaling groups, Amazon EC2 instances, Application Load Balancers (ALBs), and other resources that are necessary to launch and maintain independent stacks. Changes to application resources outside of CloudFormation stack updates are not allowed. <br \/>\r<br>The company recently attempted to update the application stack by using the AWS CLI. The stack failed to update and produced the following error message: &quot;ERROR: both the deployment and the CloudFormation stack rollback failed. The deployment failed because the following resource(s) failed to update: [AutoScalingGroup].&quot; <br \/>\r<br>The stack remains in a status of UPDATE_ROLLBACK_FAILED. <br \/>\r<br>* <br \/>\r<br>Which solution will resolve this issue?<\/div><input type='hidden' name='question_id[]' id='qID_76' value='354065' \/><input type='hidden' id='answerType354065' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354065[]' id='answer-id-1382459' class='answer   answerof-354065 ' value='1382459'   \/><label for='answer-id-1382459' id='answer-label-1382459' class=' answer'><span>Update the subnet mappings that are configured for the ALBs. Run the aws cloudformation update-stack-set AWS CLI command.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354065[]' id='answer-id-1382460' class='answer   answerof-354065 ' value='1382460'   \/><label for='answer-id-1382460' id='answer-label-1382460' class=' answer'><span>Update the 1AM role by providing the necessary permissions to update the stack. Run the aws cloudformation continue-update-rollback AWS CLI command.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354065[]' id='answer-id-1382461' class='answer   answerof-354065 ' value='1382461'   \/><label for='answer-id-1382461' id='answer-label-1382461' class=' answer'><span>Submit a request for a quota increase for the number of EC2 instances for the account. Run the aws cloudformation cancel-update-stack AWS CLI command.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354065[]' id='answer-id-1382462' class='answer   answerof-354065 ' value='1382462'   \/><label for='answer-id-1382462' id='answer-label-1382462' class=' answer'><span>Delete the Auto Scaling group resource. Run the aws cloudformation rollback-stack AWS CLI command.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-77' style=';'><div id='questionWrap-77'  class='   watupro-question-id-354066'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>77. <\/span>A company uses AWS Secrets Manager to store a set of sensitive API keys that an AWS Lambda <br \/>\r<br>function uses. When the Lambda function is invoked, the Lambda function retrieves the API keys and makes an API call to an external service. The Secrets Manager secret is encrypted with the default AWS Key Management Service (AWS KMS) key. <br \/>\r<br>A DevOps engineer needs to update the infrastructure to ensure that only the Lambda function's execution role can access the values in Secrets Manager. The solution must apply the principle of least privilege. <br \/>\r<br>Which combination of steps will meet these requirements? (Select TWO.)<\/div><input type='hidden' name='question_id[]' id='qID_77' value='354066' \/><input type='hidden' id='answerType354066' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354066[]' id='answer-id-1382463' class='answer   answerof-354066 ' value='1382463'   \/><label for='answer-id-1382463' id='answer-label-1382463' class=' answer'><span>Update the default KMS key for Secrets Manager to allow only the Lambda function's execution role to decrypt.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354066[]' id='answer-id-1382464' class='answer   answerof-354066 ' value='1382464'   \/><label for='answer-id-1382464' id='answer-label-1382464' class=' answer'><span>Create a KMS customer managed key that trusts Secrets Manager and allows the Lambda function's execution role to decrypt. Update Secrets Manager to use the new customer managed key.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354066[]' id='answer-id-1382465' class='answer   answerof-354066 ' value='1382465'   \/><label for='answer-id-1382465' id='answer-label-1382465' class=' answer'><span>Create a KMS customer managed key that trusts Secrets Manager and allows the account's :root principal to decrypt. Update Secrets Manager to use the new customer managed key.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354066[]' id='answer-id-1382466' class='answer   answerof-354066 ' value='1382466'   \/><label for='answer-id-1382466' id='answer-label-1382466' class=' answer'><span>Ensure that the Lambda function's execution role has the KMS permissions scoped on the resource level. Configure the permissions so that the KMS key can encrypt the Secrets Manager secret.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354066[]' id='answer-id-1382467' class='answer   answerof-354066 ' value='1382467'   \/><label for='answer-id-1382467' id='answer-label-1382467' class=' answer'><span>Remove all KMS permissions from the Lambda function's execution role.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-78' style=';'><div id='questionWrap-78'  class='   watupro-question-id-354067'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>78. <\/span>A company builds a container image in an AWS CodeBuild project by running Docker commands. After the container image is built, the CodeBuild project uploads the container image to an Amazon S3 bucket. The CodeBuild project has an 1AM service role that has permissions to access the S3 bucket. <br \/>\r<br>A DevOps engineer needs to replace the S3 bucket with an Amazon Elastic Container Registry (Amazon ECR) repository to store the container images. The DevOps engineer creates an ECR private image repository in the same AWS Region of the CodeBuild project. The DevOps engineer adjusts the 1AM service role with the permissions that are necessary to work with the new ECR repository. The DevOps engineer also places new repository information into the docker build command and the docker push command that are used in the buildspec.yml file. <br \/>\r<br>When the CodeBuild project runs a build job, the job fails when the job tries to access the ECR repository. <br \/>\r<br>Which solution will resolve the issue of failed access to the ECR repository?<\/div><input type='hidden' name='question_id[]' id='qID_78' value='354067' \/><input type='hidden' id='answerType354067' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354067[]' id='answer-id-1382468' class='answer   answerof-354067 ' value='1382468'   \/><label for='answer-id-1382468' id='answer-label-1382468' class=' answer'><span>Update the buildspec.yml file to log in to the ECR repository by using the aws ecr get-login-password AWS CLI command to obtain an authentication token. Update the docker login command to use the authentication token to access the ECR repository.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354067[]' id='answer-id-1382469' class='answer   answerof-354067 ' value='1382469'   \/><label for='answer-id-1382469' id='answer-label-1382469' class=' answer'><span>Add an environment variable of type SECRETS_MANAGER to the CodeBuild project. In the environment variable, include the ARN of the CodeBuild project's lAM service role. Update the buildspec.yml file to use the new environment variable to log in with the docker login command to access the ECR repository.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354067[]' id='answer-id-1382470' class='answer   answerof-354067 ' value='1382470'   \/><label for='answer-id-1382470' id='answer-label-1382470' class=' answer'><span>Update the ECR repository to be a public image repository. Add an ECR repository policy that allows the 1AM service role to have access.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354067[]' id='answer-id-1382471' class='answer   answerof-354067 ' value='1382471'   \/><label for='answer-id-1382471' id='answer-label-1382471' class=' answer'><span>Update the buildspec.yml file to use the AWS CLI to assume the 1AM service role for ECR operations. Add an ECR repository policy that allows the 1AM service role to have access.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-79' style=';'><div id='questionWrap-79'  class='   watupro-question-id-354068'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>79. <\/span>A company is hosting a static website from an Amazon S3 bucket. The website is available to customers at example.com. The company uses an Amazon Route 53 weighted routing policy with a TTL of 1 day. The company has decided to replace the existing static website with a dynamic web application. The dynamic web application uses an Application Load Balancer (ALB) in front of a fleet of Amazon EC2 instances. <br \/>\r<br>On the day of production launch to customers, the company creates an additional Route 53 weighted DNS record entry that points to the ALB with a weight of 255 and a TTL of 1 hour. Two days later, a DevOps engineer notices that the previous static website is displayed sometimes when customers navigate to example.com. <br \/>\r<br>How can the DevOps engineer ensure that the company serves only dynamic content for example.com?<\/div><input type='hidden' name='question_id[]' id='qID_79' value='354068' \/><input type='hidden' id='answerType354068' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354068[]' id='answer-id-1382472' class='answer   answerof-354068 ' value='1382472'   \/><label for='answer-id-1382472' id='answer-label-1382472' class=' answer'><span>Delete all objects, including previous versions, from the S3 bucket that contains the static website content.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354068[]' id='answer-id-1382473' class='answer   answerof-354068 ' value='1382473'   \/><label for='answer-id-1382473' id='answer-label-1382473' class=' answer'><span>Update the weighted DNS record entry that points to the S3 bucket. Apply a weight of 0. Specify the domain reset option to propagate changes immediately.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354068[]' id='answer-id-1382474' class='answer   answerof-354068 ' value='1382474'   \/><label for='answer-id-1382474' id='answer-label-1382474' class=' answer'><span>Configure webpage redirect requests on the S3 bucket with a hostname that redirects to the AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354068[]' id='answer-id-1382475' class='answer   answerof-354068 ' value='1382475'   \/><label for='answer-id-1382475' id='answer-label-1382475' class=' answer'><span>Remove the weighted DNS record entry that points to the S3 bucket from the example.com hosted zone. Wait for DNS propagation to become complete.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-80' style=';'><div id='questionWrap-80'  class='   watupro-question-id-354069'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>80. <\/span>A company manages multiple AWS accounts in AWS Organizations. The company's security policy states that AWS account root user credentials for member accounts must not be used. The company monitors access to the root user credentials. <br \/>\r<br>A recent alert shows that the root user in a member account launched an Amazon EC2 instance. A DevOps engineer must create an SCP at the organization's root level that will prevent the root user in member accounts from making any AWS service API calls. <br \/>\r<br>Which SCP will meet these requirements? <br \/>\r<br>A) <br \/>\r<br><br><img decoding=\"async\" width=649 height=233 id=\"\u56fe\u7247 8\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2024\/09\/image006-15.jpg\"><br><br \/>\r<br>B) <br \/>\r<br><br><img decoding=\"async\" width=640 height=271 id=\"\u56fe\u7247 7\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2024\/09\/image007-1.png\"><br><br \/>\r<br>C) <br \/>\r<br><br><img decoding=\"async\" width=649 height=243 id=\"\u56fe\u7247 6\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2024\/09\/image008-15.jpg\"><br><br \/>\r<br>D) <br \/>\r<br><br><img decoding=\"async\" width=347 height=265 id=\"\u56fe\u7247 5\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2024\/09\/image009-3.png\"><br><\/div><input type='hidden' name='question_id[]' id='qID_80' value='354069' \/><input type='hidden' id='answerType354069' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354069[]' id='answer-id-1382476' class='answer   answerof-354069 ' value='1382476'   \/><label for='answer-id-1382476' id='answer-label-1382476' class=' answer'><span>Option A<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354069[]' id='answer-id-1382477' class='answer   answerof-354069 ' value='1382477'   \/><label for='answer-id-1382477' id='answer-label-1382477' class=' answer'><span>Option B<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354069[]' id='answer-id-1382478' class='answer   answerof-354069 ' value='1382478'   \/><label for='answer-id-1382478' id='answer-label-1382478' class=' answer'><span>Option C<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354069[]' id='answer-id-1382479' class='answer   answerof-354069 ' value='1382479'   \/><label for='answer-id-1382479' id='answer-label-1382479' class=' answer'><span>Option D<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-81' style=';'><div id='questionWrap-81'  class='   watupro-question-id-354070'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>81. <\/span>A global company manages multiple AWS accounts by using AWS Control Tower. The company hosts internal applications and public applications. <br \/>\r<br>Each application team in the company has its own AWS account for application hosting. The accounts are consolidated in an organization in AWS Organizations. One of the AWS Control Tower member accounts serves as a centralized DevOps account with CI\/CD pipelines that application teams use to deploy applications to their respective target AWS accounts. An 1AM role for deployment exists in the centralized DevOps account. <br \/>\r<br>An application team is attempting to deploy its application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster in an application AWS account. An 1AM role for deployment exists in the application AWS account. The deployment is through an AWS CodeBuild project that is set up in the centralized DevOps account. The CodeBuild project uses an 1AM service role for CodeBuild. The deployment is failing with an Unauthorized error during attempts to connect to the cross-account EKS cluster from CodeBuild. <br \/>\r<br>Which solution will resolve this error?<\/div><input type='hidden' name='question_id[]' id='qID_81' value='354070' \/><input type='hidden' id='answerType354070' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354070[]' id='answer-id-1382480' class='answer   answerof-354070 ' value='1382480'   \/><label for='answer-id-1382480' id='answer-label-1382480' class=' answer'><span>Configure the application account's deployment 1AM role to have a trust relationship with the centralized DevOps account. Configure the trust relationship to allow the sts:AssumeRole action. Configure the application account's deployment 1AM role to have the required access to the EKS cluster. Configure the EKS cluster aws-auth ConfigMap to map the role to the appropriate system permissions.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354070[]' id='answer-id-1382481' class='answer   answerof-354070 ' value='1382481'   \/><label for='answer-id-1382481' id='answer-label-1382481' class=' answer'><span>Configure the centralized DevOps account's deployment I AM role to have a trust relationship with the application account. Configure the trust relationship to allow the sts:AssumeRole action. Configure the centralized DevOps account's deployment 1AM role to allow the required access to CodeBuild.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354070[]' id='answer-id-1382482' class='answer   answerof-354070 ' value='1382482'   \/><label for='answer-id-1382482' id='answer-label-1382482' class=' answer'><span>Configure the centralized DevOps account's deployment 1AM role to have a trust relationship with the application account. Configure the trust relationship to allow the sts:AssumeRoleWithSAML action. Configure the centralized DevOps account's deployment 1AM role to allow the required access to CodeBuild.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354070[]' id='answer-id-1382483' class='answer   answerof-354070 ' value='1382483'   \/><label for='answer-id-1382483' id='answer-label-1382483' class=' answer'><span>Configure the application account's deployment 1AM role to have a trust relationship with the AWS Control Tower management account. Configure the trust relationship to allow the sts:AssumeRole action. Configure the application account's deployment 1AM role to have the required access to the EKS cluster. Configure the EKS cluster aws-auth ConfigMap to map the role to the appropriate system permissions.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-82' style=';'><div id='questionWrap-82'  class='   watupro-question-id-354071'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>82. <\/span>A company is implementing AWS CodePipeline to automate its testing process. <br \/>\r<br>The company wants to be notified when the execution state fails and used the following custom event pattern in Amazon EventBridge: <br \/>\r<br><br><img decoding=\"async\" width=474 height=288 id=\"\u56fe\u7247 4\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2024\/09\/image010-3.png\"><br><br \/>\r<br>Which type of events will match this event pattern?<\/div><input type='hidden' name='question_id[]' id='qID_82' value='354071' \/><input type='hidden' id='answerType354071' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354071[]' id='answer-id-1382484' class='answer   answerof-354071 ' value='1382484'   \/><label for='answer-id-1382484' id='answer-label-1382484' class=' answer'><span>Failed deploy and build actions across all the pipelines<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354071[]' id='answer-id-1382485' class='answer   answerof-354071 ' value='1382485'   \/><label for='answer-id-1382485' id='answer-label-1382485' class=' answer'><span>All rejected or failed approval actions across all the pipelines<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354071[]' id='answer-id-1382486' class='answer   answerof-354071 ' value='1382486'   \/><label for='answer-id-1382486' id='answer-label-1382486' class=' answer'><span>All the events across all pipelines<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354071[]' id='answer-id-1382487' class='answer   answerof-354071 ' value='1382487'   \/><label for='answer-id-1382487' id='answer-label-1382487' class=' answer'><span>Approval actions across all the pipelines<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-83' style=';'><div id='questionWrap-83'  class='   watupro-question-id-354072'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>83. <\/span>A DevOps engineer has implemented a Cl\/CO pipeline to deploy an AWS Cloud Format ion template that provisions a web application. The web application consists of an Application Load Balancer (ALB) a target group, a launch template that uses an Amazon Linux 2 AMI an Auto Scaling group of Amazon EC2 instances, a security group and an Amazon RDS for MySQL database The launch template includes user data that specifies a script to install and start the application. <br \/>\r<br>The initial deployment of the application was successful. The DevOps engineer made changes to update the version of the application with the user data. The CI\/CD pipeline has deployed a new version of the template However, the health checks on the ALB are now failing. The health checks have marked all targets as unhealthy. <br \/>\r<br>During investigation the DevOps engineer notices that the Cloud Formation stack has a status of UPDATE_COMPLETE. However, when the DevOps engineer connects to one of the EC2 instances and checks \/varar\/log messages, the DevOps engineer notices that the Apache web server failed to start successfully because of a configuration error <br \/>\r<br>How can the DevOps engineer ensure that the CloudFormation deployment will fail if the user data fails to successfully finish running?<\/div><input type='hidden' name='question_id[]' id='qID_83' value='354072' \/><input type='hidden' id='answerType354072' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354072[]' id='answer-id-1382488' class='answer   answerof-354072 ' value='1382488'   \/><label for='answer-id-1382488' id='answer-label-1382488' class=' answer'><span>Use the cfn-signal helper script to signal success or failure to CloudFormation Use the WaitOnResourceSignals update policy within the CloudFormation template Set an appropriate timeout for the update policy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354072[]' id='answer-id-1382489' class='answer   answerof-354072 ' value='1382489'   \/><label for='answer-id-1382489' id='answer-label-1382489' class=' answer'><span>Create an Amazon CloudWatch alarm for the UnhealthyHostCount metric. Include an appropriate alarm threshold for the target group Create an Amazon Simple Notification Service (Amazon SNS) topic as the target to signal success or failure to CloudFormation<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354072[]' id='answer-id-1382490' class='answer   answerof-354072 ' value='1382490'   \/><label for='answer-id-1382490' id='answer-label-1382490' class=' answer'><span>Create a lifecycle hook on the Auto Scaling group by using the AWS AutoScaling LifecycleHook resource Create an Amazon Simple Notification Service (Amazon SNS) topic as the target to signal success or failure to CloudFormation Set an appropriate timeout on the lifecycle hook.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354072[]' id='answer-id-1382491' class='answer   answerof-354072 ' value='1382491'   \/><label for='answer-id-1382491' id='answer-label-1382491' class=' answer'><span>Use the Amazon CloudWatch agent to stream the cloud-init logs Create a subscription filter that includes an AWS Lambda function with an appropriate invocation timeout Configure the Lambda function to use the SignalResource API operation to signal success or failure to CloudFormation.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-84' style=';'><div id='questionWrap-84'  class='   watupro-question-id-354073'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>84. <\/span>A company has a legacy application A DevOps engineer needs to automate the process of building the deployable artifact for the legacy application. The solution must store the deployable artifact in an existing Amazon S3 bucket for future deployments to reference <br \/>\r<br>Which solution will meet these requirements in the MOST operationally efficient way?<\/div><input type='hidden' name='question_id[]' id='qID_84' value='354073' \/><input type='hidden' id='answerType354073' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354073[]' id='answer-id-1382492' class='answer   answerof-354073 ' value='1382492'   \/><label for='answer-id-1382492' id='answer-label-1382492' class=' answer'><span>Create a custom Docker image that contains all the dependencies tor the legacy application Store the custom Docker image in a new Amazon Elastic Container Registry (Amazon ECR) repository Configure a new AWS CodeBuild project to use the custom Docker image to build the deployable artifact and to save the artifact to the S3 bucket.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354073[]' id='answer-id-1382493' class='answer   answerof-354073 ' value='1382493'   \/><label for='answer-id-1382493' id='answer-label-1382493' class=' answer'><span>Launch a new Amazon EC2 instance Install all the dependencies (or the legacy application on the EC2 instance Use the EC2 instance to build the deployable artifact and to save the artifact to the S3 bucket.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354073[]' id='answer-id-1382494' class='answer   answerof-354073 ' value='1382494'   \/><label for='answer-id-1382494' id='answer-label-1382494' class=' answer'><span>Create a custom EC2 Image Builder image Install all the dependencies for the legacy application on the image Launch a new Amazon EC2 instance from the image Use the new EC2 instance to build the deployable artifact and to save the artifact to the S3 bucket.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354073[]' id='answer-id-1382495' class='answer   answerof-354073 ' value='1382495'   \/><label for='answer-id-1382495' id='answer-label-1382495' class=' answer'><span>Create an Amazon Elastic Kubernetes Service (Amazon EKS) cluster with an AWS Fargate profile that runs in multiple Availability Zones Create a custom Docker image that contains all the dependencies for the legacy application Store the custom Docker image in a new Amazon Elastic Container Registry (Amazon ECR) repository Use the custom Docker image inside the EKS cluster to build the deployable artifact and to save the artifact to the S3 bucket.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-85' style=';'><div id='questionWrap-85'  class='   watupro-question-id-354074'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>85. <\/span>A company has a data ingestion application that runs across multiple AWS accounts. The accounts are in an organization in AWS Organizations. The company needs to monitor the application and consolidate access to the application. Currently the company is running the application on Amazon EC2 instances from several Auto Scaling groups. The EC2 instances have no access to the internet <br \/>\r<br>because the data is sensitive Engineers have deployed the necessary VPC endpoints. The EC2 instances run a custom AMI that is built specifically tor the application. <br \/>\r<br>To maintain and troubleshoot the application, system administrators need the ability to log in to the EC2 instances. This access must be automated and controlled centrally. The company's security team must receive a notification whenever the instances are accessed. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_85' value='354074' \/><input type='hidden' id='answerType354074' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354074[]' id='answer-id-1382496' class='answer   answerof-354074 ' value='1382496'   \/><label for='answer-id-1382496' id='answer-label-1382496' class=' answer'><span>Create an Amazon EventBridge rule to send notifications to the security team whenever a user logs in to an EC2 instance Use EC2 Instance Connect to log in to the instances. Deploy Auto Scaling groups by using AWS Cloud Formation Use the cfn-init helper script to deploy appropriate VPC routes for external access Rebuild the custom AMI so that the custom AMI includes AWS Systems Manager Agent.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354074[]' id='answer-id-1382497' class='answer   answerof-354074 ' value='1382497'   \/><label for='answer-id-1382497' id='answer-label-1382497' class=' answer'><span>Deploy a NAT gateway and a bastion host that has internet access Create a security group that allows incoming traffic on all the EC2 instances from the bastion host Install AWS Systems Manager Agent on all the EC2 instances Use Auto Scaling group lifecycle hooks for monitoring and auditing access Use Systems Manager Session Manager to log in to the instances Send logs to a log group m Amazon CloudWatch Logs. Export data to Amazon S3 for auditing Send notifications to the security team by using S3 event notifications.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354074[]' id='answer-id-1382498' class='answer   answerof-354074 ' value='1382498'   \/><label for='answer-id-1382498' id='answer-label-1382498' class=' answer'><span>Use EC2 Image Builder to rebuild the custom AMI Include the most recent version of AWS Systems Manager Agent in the Image Configure the Auto Scaling group to attach the AmazonSSMManagedinstanceCore role to all the EC2 instances Use Systems Manager Session Manager to log in to the instances Enable logging of session details to Amazon S3 Create an S3 event notification for new file uploads to send a message to the security team through an Amazon Simple Notification Service (Amazon SNS) topic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354074[]' id='answer-id-1382499' class='answer   answerof-354074 ' value='1382499'   \/><label for='answer-id-1382499' id='answer-label-1382499' class=' answer'><span>Use AWS Systems Manager Automation to build Systems Manager Agent into the custom AMI Configure AWS Configure to attach an SCP to the root organization account to allow the EC2 instances to connect to Systems Manager Use Systems Manager Session Manager to log in to the instances Enable logging of session details to Amazon S3 Create an S3 event notification for new file uploads to send a message to the security team through an Amazon Simple Notification Service (Amazon SNS) topic.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-86' style=';'><div id='questionWrap-86'  class='   watupro-question-id-354075'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>86. <\/span>A company recently migrated its legacy application from on-premises to AWS. The application is hosted on Amazon EC2 instances behind an Application Load Balancer which is behind Amazon API Gateway. The company wants to ensure users experience minimal disruptions during any deployment of a new version of the application. The company also wants to ensure it can quickly roll back updates if there is an issue. <br \/>\r<br>Which solution will meet these requirements with MINIMAL changes to the application?<\/div><input type='hidden' name='question_id[]' id='qID_86' value='354075' \/><input type='hidden' id='answerType354075' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354075[]' id='answer-id-1382500' class='answer   answerof-354075 ' value='1382500'   \/><label for='answer-id-1382500' id='answer-label-1382500' class=' answer'><span>Introduce changes as a separate environment parallel to the existing one Configure API Gateway to use a canary release deployment to send a small subset of user traffic to the new environment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354075[]' id='answer-id-1382501' class='answer   answerof-354075 ' value='1382501'   \/><label for='answer-id-1382501' id='answer-label-1382501' class=' answer'><span>Introduce changes as a separate environment parallel to the existing one Update the application's DNS alias records to point to the new environment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354075[]' id='answer-id-1382502' class='answer   answerof-354075 ' value='1382502'   \/><label for='answer-id-1382502' id='answer-label-1382502' class=' answer'><span>Introduce changes as a separate target group behind the existing Application Load Balancer Configure API Gateway to route user traffic to the new target group in steps.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354075[]' id='answer-id-1382503' class='answer   answerof-354075 ' value='1382503'   \/><label for='answer-id-1382503' id='answer-label-1382503' class=' answer'><span>Introduce changes as a separate target group behind the existing Application Load Balancer Configure API Gateway to route all traffic to the Application Load Balancer which then sends the traffic to the new target group.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-87' style=';'><div id='questionWrap-87'  class='   watupro-question-id-354076'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>87. <\/span>A development team manually builds an artifact locally and then places it in an Amazon S3 bucket. The application has a local cache that must be cleared when a deployment occurs. The team runs a command to do this downloads the artifact from Amazon S3 and unzips the artifact to complete the deployment. <br \/>\r<br>A DevOps team wants to migrate to a CI\/CD process and build in checks to stop and roll back the deployment when a failure occurs. This requires the team to track the progression of the deployment. <br \/>\r<br>Which combination of actions will accomplish this? (Select THREE)<\/div><input type='hidden' name='question_id[]' id='qID_87' value='354076' \/><input type='hidden' id='answerType354076' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354076[]' id='answer-id-1382504' class='answer   answerof-354076 ' value='1382504'   \/><label for='answer-id-1382504' id='answer-label-1382504' class=' answer'><span>Allow developers to check the code into a code repository Using Amazon EventBridge on every pull into the mam branch invoke an AWS Lambda function to build the artifact and store it in Amazon S3.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354076[]' id='answer-id-1382505' class='answer   answerof-354076 ' value='1382505'   \/><label for='answer-id-1382505' id='answer-label-1382505' class=' answer'><span>Create a custom script to clear the cache Specify the script in the Beforelnstall lifecycle hook in the AppSpec file.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354076[]' id='answer-id-1382506' class='answer   answerof-354076 ' value='1382506'   \/><label for='answer-id-1382506' id='answer-label-1382506' class=' answer'><span>Create user data for each Amazon EC2 instance that contains the clear cache script Once deployed test the application If it is not successful deploy it again.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354076[]' id='answer-id-1382507' class='answer   answerof-354076 ' value='1382507'   \/><label for='answer-id-1382507' id='answer-label-1382507' class=' answer'><span>Set up AWS CodePipeline to deploy the application Allow developers to check the code into a code repository as a source tor the pipeline.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354076[]' id='answer-id-1382508' class='answer   answerof-354076 ' value='1382508'   \/><label for='answer-id-1382508' id='answer-label-1382508' class=' answer'><span>Use AWS CodeBuild to build the artifact and place it in Amazon S3 Use AWS CodeDeploy to deploy the artifact to Amazon EC2 instances.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354076[]' id='answer-id-1382509' class='answer   answerof-354076 ' value='1382509'   \/><label for='answer-id-1382509' id='answer-label-1382509' class=' answer'><span>Use AWS Systems Manager to fetch the artifact from Amazon S3 and deploy it to all the instances.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-88' style=';'><div id='questionWrap-88'  class='   watupro-question-id-354077'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>88. <\/span>A DevOps engineer is working on a data archival project that requires the migration of on-premises data to an Amazon S3 bucket. The DevOps engineer develops a script that incrementally archives on-premises data that is older than 1 month to Amazon S3. Data that is transferred to Amazon S3 is deleted from the on-premises location The script uses the S3 PutObject operation. <br \/>\r<br>During a code review the DevOps engineer notices that the script does not verity whether the data was successfully copied to Amazon S3. The DevOps engineer must update the script to ensure that data is not corrupted during transmission. The script must use MD5 checksums to verify data integrity before the on-premises data is deleted. <br \/>\r<br>Which solutions for the script will meet these requirements? (Select TWO.)<\/div><input type='hidden' name='question_id[]' id='qID_88' value='354077' \/><input type='hidden' id='answerType354077' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354077[]' id='answer-id-1382510' class='answer   answerof-354077 ' value='1382510'   \/><label for='answer-id-1382510' id='answer-label-1382510' class=' answer'><span>Check the returned response for the Versioned Compare the returned Versioned against the MD5 checksum.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354077[]' id='answer-id-1382511' class='answer   answerof-354077 ' value='1382511'   \/><label for='answer-id-1382511' id='answer-label-1382511' class=' answer'><span>Include the MD5 checksum within the Content-MD5 parameter. Check the operation call's return status to find out if an error was returned.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354077[]' id='answer-id-1382512' class='answer   answerof-354077 ' value='1382512'   \/><label for='answer-id-1382512' id='answer-label-1382512' class=' answer'><span>Include the checksum digest within the tagging parameter as a URL query parameter.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354077[]' id='answer-id-1382513' class='answer   answerof-354077 ' value='1382513'   \/><label for='answer-id-1382513' id='answer-label-1382513' class=' answer'><span>Check the returned response for the ETag. Compare the returned ETag against the MD5 checksum.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354077[]' id='answer-id-1382514' class='answer   answerof-354077 ' value='1382514'   \/><label for='answer-id-1382514' id='answer-label-1382514' class=' answer'><span>Include the checksum digest within the Metadata parameter as a name-value pair After upload use the S3 HeadObject operation to retrieve metadata from the object.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-89' style=';'><div id='questionWrap-89'  class='   watupro-question-id-354078'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>89. <\/span>A DevOps engineer used an AWS Cloud Formation custom resource to set up AD Connector. The AWS Lambda function ran and created AD Connector, but Cloud Formation is not transitioning from CREATE_IN_PROGRESS to CREATE_COMPLETE. <br \/>\r<br>Which action should the engineer take to resolve this issue?<\/div><input type='hidden' name='question_id[]' id='qID_89' value='354078' \/><input type='hidden' id='answerType354078' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354078[]' id='answer-id-1382515' class='answer   answerof-354078 ' value='1382515'   \/><label for='answer-id-1382515' id='answer-label-1382515' class=' answer'><span>Ensure the Lambda function code has exited successfully.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354078[]' id='answer-id-1382516' class='answer   answerof-354078 ' value='1382516'   \/><label for='answer-id-1382516' id='answer-label-1382516' class=' answer'><span>Ensure the Lambda function code returns a response to the pre-signed UR<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354078[]' id='answer-id-1382517' class='answer   answerof-354078 ' value='1382517'   \/><label for='answer-id-1382517' id='answer-label-1382517' class=' answer'><span>Ensure the Lambda function IAM role has cloudformation UpdateStack permissions for the stack AR<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354078[]' id='answer-id-1382518' class='answer   answerof-354078 ' value='1382518'   \/><label for='answer-id-1382518' id='answer-label-1382518' class=' answer'><span>Ensure the Lambda function IAM role has ds ConnectDirectory permissions for the AWS account.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-90' style=';'><div id='questionWrap-90'  class='   watupro-question-id-354079'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>90. <\/span>A DevOps engineer is working on a project that is hosted on Amazon Linux and has failed a security review. The DevOps manager has been asked to review the company buildspec. yaml die for an AWS <br \/>\r<br>CodeBuild project and provide recommendations. <br \/>\r<br>The buildspec. yaml file is configured as follows: <br \/>\r<br><br><img decoding=\"async\" width=617 height=259 id=\"\u56fe\u7247 3\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2024\/09\/image011-1.png\"><br><br \/>\r<br>What changes should be recommended to comply with AWS security best practices? (Select THREE.)<\/div><input type='hidden' name='question_id[]' id='qID_90' value='354079' \/><input type='hidden' id='answerType354079' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354079[]' id='answer-id-1382519' class='answer   answerof-354079 ' value='1382519'   \/><label for='answer-id-1382519' id='answer-label-1382519' class=' answer'><span>Add a post-build command to remove the temporary files from the container before termination to ensure they cannot be seen by other CodeBuild users.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354079[]' id='answer-id-1382520' class='answer   answerof-354079 ' value='1382520'   \/><label for='answer-id-1382520' id='answer-label-1382520' class=' answer'><span>Update the CodeBuild project role with the necessary permissions and then remove the AWS credentials from the environment variable.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354079[]' id='answer-id-1382521' class='answer   answerof-354079 ' value='1382521'   \/><label for='answer-id-1382521' id='answer-label-1382521' class=' answer'><span>Store the db_password as a SecureString value in AWS Systems Manager Parameter Store and then remove the db_password from the environment variables.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354079[]' id='answer-id-1382522' class='answer   answerof-354079 ' value='1382522'   \/><label for='answer-id-1382522' id='answer-label-1382522' class=' answer'><span>Move the environment variables to the 'db.-deploy-bucket \u2018Amazon S3 bucket, add a prebuild stage to download then export the variables.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354079[]' id='answer-id-1382523' class='answer   answerof-354079 ' value='1382523'   \/><label for='answer-id-1382523' id='answer-label-1382523' class=' answer'><span>Use AWS Systems Manager run command versus sec and ssh commands directly to the instance.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-91' style=';'><div id='questionWrap-91'  class='   watupro-question-id-354080'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>91. <\/span>A DevOps engineer is researching the least expensive way to implement an image batch processing cluster on AWS. The application cannot run in Docker containers and must run on Amazon EC2. The batch job stores checkpoint data on an NFS volume and can tolerate interruptions. Configuring the cluster software from a generic EC2 Linux image takes 30 minutes. <br \/>\r<br>What is the MOST cost-effective solution?<\/div><input type='hidden' name='question_id[]' id='qID_91' value='354080' \/><input type='hidden' id='answerType354080' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354080[]' id='answer-id-1382524' class='answer   answerof-354080 ' value='1382524'   \/><label for='answer-id-1382524' id='answer-label-1382524' class=' answer'><span>Use Amazon EFS (or checkpoint data. To complete the job, use an EC2 Auto Scaling group and an On-Demand pricing model to provision EC2 instances temporally.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354080[]' id='answer-id-1382525' class='answer   answerof-354080 ' value='1382525'   \/><label for='answer-id-1382525' id='answer-label-1382525' class=' answer'><span>Use GlusterFS on EC2 instances for checkpoint data. To run the batch job configure EC2 instances manually When the job completes shut down the instances manually.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354080[]' id='answer-id-1382526' class='answer   answerof-354080 ' value='1382526'   \/><label for='answer-id-1382526' id='answer-label-1382526' class=' answer'><span>Use Amazon EFS for checkpoint data Use EC2 Fleet to launch EC2 Spot Instances and utilize user data to configure the EC2 Linux instance on startup.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354080[]' id='answer-id-1382527' class='answer   answerof-354080 ' value='1382527'   \/><label for='answer-id-1382527' id='answer-label-1382527' class=' answer'><span>Use Amazon EFS for checkpoint data Use EC2 Fleet to launch EC2 Spot Instances Create a custom AMI for the cluster and use the latest AMI when creating instances.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-92' style=';'><div id='questionWrap-92'  class='   watupro-question-id-354081'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>92. <\/span>A company has a guideline that every Amazon EC2 instance must be launched from an AMI that the company's security team produces Every month the security team sends an email message with the latest approved AMIs to all the development teams. <br \/>\r<br>The development teams use AWS CloudFormation to deploy their applications. When developers launch a new service they have to search their email for the latest AMIs that the security department sent. A DevOps engineer wants to automate the process that the security team uses to provide the AMI IDs to the development teams. <br \/>\r<br>What is the MOST scalable solution that meets these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_92' value='354081' \/><input type='hidden' id='answerType354081' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354081[]' id='answer-id-1382528' class='answer   answerof-354081 ' value='1382528'   \/><label for='answer-id-1382528' id='answer-label-1382528' class=' answer'><span>Direct the security team to use CloudFormation to create new versions of the AMIs and to list! the AMI ARNs in an encrypted Amazon S3 object as part of the stack's Outputs Section Instruct the developers to use a cross-stack reference to load the encrypted S3 object and obtain the most recent AMI ARNs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354081[]' id='answer-id-1382529' class='answer   answerof-354081 ' value='1382529'   \/><label for='answer-id-1382529' id='answer-label-1382529' class=' answer'><span>Direct the security team to use a CloudFormation stack to create an AWS CodePipeline pipeline that builds new AMIs and places the latest AMI ARNs in an encrypted Amazon S3 object as part of the pipeline output Instruct the developers to use a cross-stack reference within their own CloudFormation template to obtain the S3 object location and the most recent AMI ARNs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354081[]' id='answer-id-1382530' class='answer   answerof-354081 ' value='1382530'   \/><label for='answer-id-1382530' id='answer-label-1382530' class=' answer'><span>Direct the security team to use Amazon EC2 Image Builder to create new AMIs and to place the AMI ARNs as parameters in AWS Systems Manager Parameter Store Instruct the developers to specify a parameter of type SSM in their CloudFormation stack to obtain the most recent AMI ARNs from Parameter Store.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354081[]' id='answer-id-1382531' class='answer   answerof-354081 ' value='1382531'   \/><label for='answer-id-1382531' id='answer-label-1382531' class=' answer'><span>Direct the security team to use Amazon EC2 Image Builder to create new AMIs and to create an Amazon Simple Notification Service (Amazon SNS) topic so that every development team can receive notifications. When the development teams receive a notification instruct them to write an AWS Lambda function that will update their CloudFormation stack with the most recent AMI ARNs.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-93' style=';'><div id='questionWrap-93'  class='   watupro-question-id-354082'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>93. <\/span>A DevOps team is merging code revisions for an application that uses an Amazon RDS Multi-AZ DB cluster for its production database. The DevOps team uses continuous integration to periodically verify that the application works. The DevOps team needs to test the changes before the changes are deployed to the production database. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_93' value='354082' \/><input type='hidden' id='answerType354082' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354082[]' id='answer-id-1382532' class='answer   answerof-354082 ' value='1382532'   \/><label for='answer-id-1382532' id='answer-label-1382532' class=' answer'><span>Use a buildspec file in AWS CodeBuild to restore the DB cluster from a snapshot of the production database run integration tests, and drop the restored database after verification.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354082[]' id='answer-id-1382533' class='answer   answerof-354082 ' value='1382533'   \/><label for='answer-id-1382533' id='answer-label-1382533' class=' answer'><span>Deploy the application to production. Configure an audit log of data control language (DCL) operations to capture database activities to perform if verification fails.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354082[]' id='answer-id-1382534' class='answer   answerof-354082 ' value='1382534'   \/><label for='answer-id-1382534' id='answer-label-1382534' class=' answer'><span>Create a snapshot of the DB duster before deploying the application Use the Update requires Replacement property on the DB instance in AWS CloudFormation to deploy the application and apply the changes.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354082[]' id='answer-id-1382535' class='answer   answerof-354082 ' value='1382535'   \/><label for='answer-id-1382535' id='answer-label-1382535' class=' answer'><span>Ensure that the DB cluster is a Multi-AZ deployment. Deploy the application with the updates. Fail over to the standby instance if verification fails.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-94' style=';'><div id='questionWrap-94'  class='   watupro-question-id-354083'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>94. <\/span>A company is divided into teams Each team has an AWS account and all the accounts are in an organization in AWS Organizations. Each team must retain full administrative rights to its AWS account. Each team also must be allowed to access only AWS services that the company approves for use AWS services must gam approval through a request and approval process. <br \/>\r<br>How should a DevOps engineer configure the accounts to meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_94' value='354083' \/><input type='hidden' id='answerType354083' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354083[]' id='answer-id-1382536' class='answer   answerof-354083 ' value='1382536'   \/><label for='answer-id-1382536' id='answer-label-1382536' class=' answer'><span>Use AWS CloudFormation StackSets to provision IAM policies in each account to deny access to restricted AWS services. In each account configure AWS Config rules that ensure that the policies are attached to IAM principals in the account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354083[]' id='answer-id-1382537' class='answer   answerof-354083 ' value='1382537'   \/><label for='answer-id-1382537' id='answer-label-1382537' class=' answer'><span>Use AWS Control Tower to provision the accounts into OUs within the organization Configure AWS Control Tower to enable AWS IAM identity Center (AWS Single Sign-On). Configure 1AM Identity Center to provide administrative access Include deny policies on user roles for restricted AWS services.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354083[]' id='answer-id-1382538' class='answer   answerof-354083 ' value='1382538'   \/><label for='answer-id-1382538' id='answer-label-1382538' class=' answer'><span>Place all the accounts under a new top-level OU within the organization Create an SCP that denies access to restricted AWS services Attach the SCP to the O<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354083[]' id='answer-id-1382539' class='answer   answerof-354083 ' value='1382539'   \/><label for='answer-id-1382539' id='answer-label-1382539' class=' answer'><span>Create an SCP that allows access to only approved AWS services. Attach the SCP to the root OU of the organization. Remove the FullAWSAccess SCP from the root OU of the organization.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-95' style=';'><div id='questionWrap-95'  class='   watupro-question-id-354084'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>95. <\/span>An Amazon EC2 instance is running in a VPC and needs to download an object from a restricted Amazon S3 bucket. When the DevOps engineer tries to download the object, an AccessDenied error is received, <br \/>\r<br>What are the possible causes tor this error? (Select TWO,)<\/div><input type='hidden' name='question_id[]' id='qID_95' value='354084' \/><input type='hidden' id='answerType354084' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354084[]' id='answer-id-1382540' class='answer   answerof-354084 ' value='1382540'   \/><label for='answer-id-1382540' id='answer-label-1382540' class=' answer'><span>The 53 bucket default encryption is enabled.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354084[]' id='answer-id-1382541' class='answer   answerof-354084 ' value='1382541'   \/><label for='answer-id-1382541' id='answer-label-1382541' class=' answer'><span>There is an error in the S3 bucket policy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354084[]' id='answer-id-1382542' class='answer   answerof-354084 ' value='1382542'   \/><label for='answer-id-1382542' id='answer-label-1382542' class=' answer'><span>The object has been moved to S3 Glacier.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354084[]' id='answer-id-1382543' class='answer   answerof-354084 ' value='1382543'   \/><label for='answer-id-1382543' id='answer-label-1382543' class=' answer'><span>There is an error in the IAM role configuration.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-354084[]' id='answer-id-1382544' class='answer   answerof-354084 ' value='1382544'   \/><label for='answer-id-1382544' id='answer-label-1382544' class=' answer'><span>S3 Versioning is enabled.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-96' style=';'><div id='questionWrap-96'  class='   watupro-question-id-354085'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>96. <\/span>A company uses a single AWS account lo test applications on Amazon EC2 instances. The company has turned on AWS Config in the AWS account and has activated the restricted-ssh AWS Config managed rule. <br \/>\r<br>The company needs an automated monitoring solution that will provide a customized notification in real time if any security group in the account is not compliant with the restricted-ssh rule. The customized notification must contain the name and ID of the noncompliant security group. <br \/>\r<br>A DevOps engineer creates an Amazon Simple Notification Service (Amazon SNS) topic in the account and subscribes the appropriate personnel to the topic. <br \/>\r<br>What should me DevOps engineer do next to meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_96' value='354085' \/><input type='hidden' id='answerType354085' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354085[]' id='answer-id-1382545' class='answer   answerof-354085 ' value='1382545'   \/><label for='answer-id-1382545' id='answer-label-1382545' class=' answer'><span>Create an Amazon EventBridge rule that matches an AWS Config evaluation result of NON_COMPLIANT tor the restricted-ssh rule. Configure an input transformer for the EventBridge rule Configure the EventBridge rule to publish a notification to the SNS topic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354085[]' id='answer-id-1382546' class='answer   answerof-354085 ' value='1382546'   \/><label for='answer-id-1382546' id='answer-label-1382546' class=' answer'><span>Configure AWS Config to send all evaluation results for the restricted-ssh rule to the SNS topic. Configure a filter policy on the SNS topic to send only notifications that contain the text of NON_COMPLIANT in the notification to subscribers.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354085[]' id='answer-id-1382547' class='answer   answerof-354085 ' value='1382547'   \/><label for='answer-id-1382547' id='answer-label-1382547' class=' answer'><span>Create an Amazon EventBridge rule that matches an AWS Config evaluation result of NON_COMPLlANT for the restricted-ssh rule Configure the EventBridge rule to invoke AWS Systems Manager Run Command on the SNS topic to customize a notification and to publish the notification to the SNS topic<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354085[]' id='answer-id-1382548' class='answer   answerof-354085 ' value='1382548'   \/><label for='answer-id-1382548' id='answer-label-1382548' class=' answer'><span>Create an Amazon EventBridge rule that matches all AWS Config evaluation results of NON_COMPLIANT Configure an input transformer for the restricted-ssh rule Configure the EventBridge rule to publish a notification to the SNS topic.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-97' style=';'><div id='questionWrap-97'  class='   watupro-question-id-354086'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>97. <\/span>A DevOps engineer is architecting a continuous development strategy for a company's software as a service (SaaS) web application running on AWS. For application and security reasons users subscribing to this application are distributed across multiple. Application Load Balancers (ALBs) each of which has a dedicated Auto Scaling group and fleet of Amazon EC2 instances The application does not require a build stage and when it is committed to AWS CodeCommit, the application must trigger a simultaneous deployment to all ALBs Auto Scaling groups and EC2 fleets. <br \/>\r<br>Which architecture will meet these requirements with the LEAST amount of configuration?<\/div><input type='hidden' name='question_id[]' id='qID_97' value='354086' \/><input type='hidden' id='answerType354086' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354086[]' id='answer-id-1382549' class='answer   answerof-354086 ' value='1382549'   \/><label for='answer-id-1382549' id='answer-label-1382549' class=' answer'><span>Create a single AWS CodePipeline pipeline that deploys the application in parallel using unique AWS CodeDeploy applications and deployment groups created for each ALB-Auto Scaling group pair.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354086[]' id='answer-id-1382550' class='answer   answerof-354086 ' value='1382550'   \/><label for='answer-id-1382550' id='answer-label-1382550' class=' answer'><span>Create a single AWS CodePipeline pipeline that deploys the application using a single AWS CodeDeploy application and single deployment group.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354086[]' id='answer-id-1382551' class='answer   answerof-354086 ' value='1382551'   \/><label for='answer-id-1382551' id='answer-label-1382551' class=' answer'><span>Create a single AWS CodePipeline pipeline that deploys the application in parallel using a single AWS CodeDeploy application and unique deployment group for each ALB-Auto Scaling group pair.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354086[]' id='answer-id-1382552' class='answer   answerof-354086 ' value='1382552'   \/><label for='answer-id-1382552' id='answer-label-1382552' class=' answer'><span>Create an AWS CodePipeline pipeline for each ALB-Auto Scaling group pair that deploys the application using an AWS CodeDeploy application and deployment group created for the same ALB-Auto Scaling group pair.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-98' style=';'><div id='questionWrap-98'  class='   watupro-question-id-354087'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>98. <\/span>A company recently created a new AWS Control Tower landing zone in a new organization in AWS Organizations. The landing zone must be able to demonstrate compliance with the Center tor Internet Security (CIS) Benchmarks tor AWS Foundations. <br \/>\r<br>The company's security team wants to use AWS Security Hub to view compliance across all accounts Only the security team can be allowed to view aggregated Security Hub Findings. In addition specific users must be able to view findings from their own accounts within the organization All accounts must be enrolled m Security Hub after the accounts are created. <br \/>\r<br>Which combination of steps will meet these requirements in the MOST automated way? (Select THREE.) <br \/>\r<br>A. Turn on trusted access for Security Hub in the organization's management account. Create a new security account by using AWS Control Tower Configure the new security account as the delegated administrator account for Security Hub. In the new security account provide. Security Hub with the CIS Benchmarks for AWS Foundations standards. <br \/>\r<br>B. Turn on trusted access for Security Hub in the organ ration's management account. From the management account, provide Security Hub with the CIS Benchmarks for AWS Foundations standards. <br \/>\r<br>C. Create an AWS IAM identity Center (AWS Single Sign-On) permission set that includes the required permissions Use the CreateAccountAssignment API operation to associate the security team users with the permission set and with the delegated security account. <br \/>\r<br>D. Create an SCP that explicitly denies any user who is not on the security team from accessing Security Hub. <br \/>\r<br>E. In Security Hub, turn on automatic enablement. <br \/>\r<br>F. In the organization's management account create an Amazon EventBridge rule that reacts to the CreateManagedAccount event Create an AWS Lambda function that uses the Security Hub CreateMembers API operation to add new accounts to Security Hub. Configure the EventBridge rule to invoke the Lambda function.<\/div><input type='hidden' name='question_id[]' id='qID_98' value='354087' \/><input type='hidden' id='answerType354087' value='textarea'><!-- end question-content--><\/div><div class='question-choices '><p><textarea name='answer-354087[]' id='textarea_q_354087' class='watupro-textarea-medium' rows='5' cols='80'><\/textarea>\n<\/p><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-99' style=';'><div id='questionWrap-99'  class='   watupro-question-id-354088'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>99. <\/span>A highly regulated company has a policy that DevOps engineers should not log in to their Amazon EC2 instances except in emergencies. It a DevOps engineer does log in the security team must be notified within 15 minutes of the occurrence. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_99' value='354088' \/><input type='hidden' id='answerType354088' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354088[]' id='answer-id-1382554' class='answer   answerof-354088 ' value='1382554'   \/><label for='answer-id-1382554' id='answer-label-1382554' class=' answer'><span>Install the Amazon Inspector agent on each EC2 instance Subscribe to Amazon EventBridge notifications Invoke an AWS Lambda function to check if a message is about user logins If it is send a notification to the security team using Amazon SN<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354088[]' id='answer-id-1382555' class='answer   answerof-354088 ' value='1382555'   \/><label for='answer-id-1382555' id='answer-label-1382555' class=' answer'><span>Install the Amazon CloudWatch agent on each EC2 instance Configure the agent to push all logs to Amazon CloudWatch Logs and set up a CloudWatch metric filter that searches for user logins. If a login is found send a notification to the security team using Amazon SN<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354088[]' id='answer-id-1382556' class='answer   answerof-354088 ' value='1382556'   \/><label for='answer-id-1382556' id='answer-label-1382556' class=' answer'><span>Set up AWS CloudTrail with Amazon CloudWatch Logs. Subscribe CloudWatch Logs to Amazon Kinesis Attach AWS Lambda to Kinesis to parse and determine if a log contains a user login If it does, send a notification to the security team using Amazon SN<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354088[]' id='answer-id-1382557' class='answer   answerof-354088 ' value='1382557'   \/><label for='answer-id-1382557' id='answer-label-1382557' class=' answer'><span>Set up a script on each Amazon EC2 instance to push all logs to Amazon S3 Set up an S3 event to invoke an AWS Lambda function which invokes an Amazon Athena query to run. The Athena query checks tor logins and sends the output to the security team using Amazon SN<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-100' style=';'><div id='questionWrap-100'  class='   watupro-question-id-354089'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>100. <\/span>A company wants to ensure that their EC2 instances are secure. They want to be notified if any new vulnerabilities are discovered on their instances and they also want an audit trail of all login activities on the instances. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_100' value='354089' \/><input type='hidden' id='answerType354089' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354089[]' id='answer-id-1382558' class='answer   answerof-354089 ' value='1382558'   \/><label for='answer-id-1382558' id='answer-label-1382558' class=' answer'><span>Use AWS Systems Manager to detect vulnerabilities on the EC2 instances Install the Amazon Kinesis Agent to capture system logs and deliver them to Amazon S3.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354089[]' id='answer-id-1382559' class='answer   answerof-354089 ' value='1382559'   \/><label for='answer-id-1382559' id='answer-label-1382559' class=' answer'><span>Use AWS Systems Manager to detect vulnerabilities on the EC2 instances Install the Systems Manager Agent to capture system logs and view login activity in the CloudTrail console.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354089[]' id='answer-id-1382560' class='answer   answerof-354089 ' value='1382560'   \/><label for='answer-id-1382560' id='answer-label-1382560' class=' answer'><span>Configure Amazon CloudWatch to detect vulnerabilities on the EC2 instances Install the AWS Config daemon to capture system logs and view them in the AWS Config console.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-354089[]' id='answer-id-1382561' class='answer   answerof-354089 ' value='1382561'   \/><label for='answer-id-1382561' id='answer-label-1382561' class=' answer'><span>Configure Amazon Inspector to detect vulnerabilities on the EC2 instances Install the Amazon CloudWatch Agent to capture system logs and record them via Amazon CloudWatch Logs.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div style='display:none' id='question-101'>\n\t<div class='question-content'>\n\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\" alt=\"Loading...\" title=\"Loading...\" \/>&nbsp;Loading...\t<\/div>\n<\/div>\n\n<br \/>\n\t\n\t\t\t<div class=\"watupro_buttons flex \" id=\"watuPROButtons9021\" >\n\t\t  <div id=\"prev-question\" style=\"display:none;\"><input type=\"button\" value=\"&lt; Previous\" onclick=\"WatuPRO.nextQuestion(event, 'previous');\"\/><\/div>\t\t  \t\t  \t\t   \n\t\t   \t  \t\t<div><input type=\"button\" name=\"action\" class=\"watupro-submit-button\" onclick=\"WatuPRO.submitResult(event)\" id=\"action-button\" value=\"Submit\"  \/>\n\t\t<\/div>\n\t\t<\/div>\n\t\t\n\t<input type=\"hidden\" name=\"quiz_id\" value=\"9021\" id=\"watuPROExamID\"\/>\n\t<input type=\"hidden\" name=\"start_time\" id=\"startTime\" value=\"2026-05-11 15:06:18\" \/>\n\t<input type=\"hidden\" name=\"start_timestamp\" id=\"startTimeStamp\" value=\"1778511978\" \/>\n\t<input type=\"hidden\" name=\"question_ids\" value=\"\" \/>\n\t<input type=\"hidden\" name=\"watupro_questions\" value=\"353990:1382114,1382115,1382116,1382117,1382118 | 353991:1382119,1382120,1382121,1382122 | 353992:1382123,1382124,1382125,1382126 | 353993:1382127,1382128,1382129,1382130,1382131,1382132 | 353994:1382133,1382134,1382135,1382136 | 353995:1382137,1382138,1382139,1382140 | 353996:1382141,1382142,1382143,1382144 | 353997:1382145,1382146,1382147,1382148 | 353998:1382149,1382150,1382151,1382152,1382153,1382154 | 353999:1382155,1382156,1382157,1382158 | 354000:1382159,1382160,1382161,1382162 | 354001:1382163,1382164,1382165,1382166,1382167 | 354002:1382168,1382169,1382170,1382171,1382172,1382173,1382174,1382175 | 354003:1382176,1382177,1382178,1382179 | 354004:1382180,1382181,1382182,1382183 | 354005:1382184,1382185,1382186,1382187,1382188,1382189,1382190,1382191 | 354006:1382192,1382193,1382194,1382195,1382196,1382197 | 354007:1382198,1382199,1382200,1382201 | 354008:1382202,1382203,1382204,1382205 | 354009:1382206,1382207,1382208,1382209,1382210,1382211,1382212,1382213 | 354010:1382214,1382215,1382216,1382217,1382218,1382219 | 354011:1382220,1382221,1382222,1382223 | 354012:1382224,1382225,1382226,1382227 | 354013:1382228,1382229,1382230,1382231 | 354014:1382232,1382233,1382234,1382235 | 354015:1382236,1382237,1382238,1382239 | 354016:1382240,1382241,1382242,1382243 | 354017:1382244,1382245,1382246,1382247 | 354018:1382248,1382249,1382250,1382251 | 354019:1382252,1382253,1382254,1382255,1382256 | 354020:1382257,1382258,1382259,1382260 | 354021:1382261,1382262,1382263,1382264 | 354022:1382265,1382266,1382267,1382268 | 354023:1382269,1382270,1382271,1382272,1382273 | 354024:1382274,1382275,1382276,1382277 | 354025:1382278,1382279,1382280,1382281 | 354026:1382282,1382283,1382284,1382285 | 354027:1382286,1382287,1382288,1382289 | 354028:1382290,1382291,1382292,1382293,1382294 | 354029:1382295,1382296,1382297,1382298 | 354030:1382299,1382300,1382301,1382302 | 354031:1382303,1382304,1382305,1382306,1382307,1382308 | 354032:1382309,1382310,1382311,1382312 | 354033:1382313,1382314,1382315,1382316,1382317,1382318 | 354034:1382319,1382320,1382321,1382322 | 354035:1382323,1382324,1382325,1382326 | 354036:1382327,1382328,1382329,1382330 | 354037:1382331,1382332,1382333,1382334 | 354038:1382335,1382336,1382337,1382338 | 354039:1382339,1382340,1382341,1382342,1382343,1382344 | 354040:1382345,1382346,1382347,1382348 | 354041:1382349,1382350,1382351,1382352,1382353 | 354042:1382354,1382355,1382356,1382357 | 354043:1382358,1382359,1382360,1382361 | 354044:1382362,1382363,1382364,1382365,1382366 | 354045:1382367,1382368,1382369,1382370,1382371 | 354046:1382372,1382373,1382374,1382375 | 354047:1382376,1382377,1382378,1382379 | 354048:1382380,1382381,1382382,1382383 | 354049:1382384,1382385,1382386,1382387,1382388 | 354050:1382389,1382390,1382391,1382392 | 354051:1382393,1382394,1382395,1382396 | 354052:1382397,1382398,1382399,1382400 | 354053:1382401,1382402,1382403,1382404 | 354054:1382405,1382406,1382407,1382408,1382409 | 354055:1382410,1382411,1382412,1382413 | 354056:1382414,1382415,1382416,1382417,1382418,1382419,1382420 | 354057:1382421,1382422,1382423,1382424,1382425 | 354058:1382426,1382427,1382428,1382429 | 354059:1382430,1382431,1382432,1382433,1382434,1382435 | 354060:1382436,1382437,1382438,1382439,1382440,1382441 | 354061:1382442,1382443,1382444,1382445 | 354062:1382446,1382447,1382448,1382449,1382450 | 354063:1382451,1382452,1382453,1382454 | 354064:1382455,1382456,1382457,1382458 | 354065:1382459,1382460,1382461,1382462 | 354066:1382463,1382464,1382465,1382466,1382467 | 354067:1382468,1382469,1382470,1382471 | 354068:1382472,1382473,1382474,1382475 | 354069:1382476,1382477,1382478,1382479 | 354070:1382480,1382481,1382482,1382483 | 354071:1382484,1382485,1382486,1382487 | 354072:1382488,1382489,1382490,1382491 | 354073:1382492,1382493,1382494,1382495 | 354074:1382496,1382497,1382498,1382499 | 354075:1382500,1382501,1382502,1382503 | 354076:1382504,1382505,1382506,1382507,1382508,1382509 | 354077:1382510,1382511,1382512,1382513,1382514 | 354078:1382515,1382516,1382517,1382518 | 354079:1382519,1382520,1382521,1382522,1382523 | 354080:1382524,1382525,1382526,1382527 | 354081:1382528,1382529,1382530,1382531 | 354082:1382532,1382533,1382534,1382535 | 354083:1382536,1382537,1382538,1382539 | 354084:1382540,1382541,1382542,1382543,1382544 | 354085:1382545,1382546,1382547,1382548 | 354086:1382549,1382550,1382551,1382552 | 354087:1382553 | 354088:1382554,1382555,1382556,1382557 | 354089:1382558,1382559,1382560,1382561\" \/>\n\t<input type=\"hidden\" name=\"no_ajax\" value=\"0\">\t\t\t<\/form>\n\t<p>&nbsp;<\/p>\n<\/div>\n\n<script type=\"text\/javascript\">\n\/\/jQuery(document).ready(function(){\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \t\nvar question_ids = \"353990,353991,353992,353993,353994,353995,353996,353997,353998,353999,354000,354001,354002,354003,354004,354005,354006,354007,354008,354009,354010,354011,354012,354013,354014,354015,354016,354017,354018,354019,354020,354021,354022,354023,354024,354025,354026,354027,354028,354029,354030,354031,354032,354033,354034,354035,354036,354037,354038,354039,354040,354041,354042,354043,354044,354045,354046,354047,354048,354049,354050,354051,354052,354053,354054,354055,354056,354057,354058,354059,354060,354061,354062,354063,354064,354065,354066,354067,354068,354069,354070,354071,354072,354073,354074,354075,354076,354077,354078,354079,354080,354081,354082,354083,354084,354085,354086,354087,354088,354089\";\nWatuPROSettings[9021] = {};\nWatuPRO.qArr = question_ids.split(',');\nWatuPRO.exam_id = 9021;\t    \nWatuPRO.post_id = 96262;\nWatuPRO.store_progress = 0;\nWatuPRO.curCatPage = 1;\nWatuPRO.requiredIDs=\"0\".split(\",\");\nWatuPRO.hAppID = \"0.12803400 1778511978\";\nvar url = \"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/show_exam.php\";\nWatuPRO.examMode = 1;\nWatuPRO.siteURL=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-admin\/admin-ajax.php\";\nWatuPRO.emailIsNotRequired = 0;\nWatuPROIntel.init(9021);\nWatuPRO.inCategoryPages=1;});    \t \n<\/script>\n","protected":false},"excerpt":{"rendered":"<p>The AWS Certified DevOps Engineer &#8211; Professional certification is valuable to validate your technical expertise in provisioning, operating, and managing distributed application systems on the AWS platform, giving them increased confidence and credibility with peers, stakeholders, and customers. To achieve success, you should download the DOP-C02 dumps PDF from DumpsBase for learning. We updated the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[175,15684],"tags":[2773,18285],"class_list":["post-96262","post","type-post","status-publish","format-standard","hentry","category-amazon","category-aws-certified-professional","tag-aws-certified-devops-engineer-professional-exam-questions","tag-dop-c02-dumps-pdf"],"_links":{"self":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/96262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/comments?post=96262"}],"version-history":[{"count":1,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/96262\/revisions"}],"predecessor-version":[{"id":96263,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/96262\/revisions\/96263"}],"wp:attachment":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/media?parent=96262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/categories?post=96262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/tags?post=96262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}