A company is implementing flaws CodePipeline to automate its testing process. The company wants to be notified when the execution state fails and used the following custom event pattern in Amazon CloudWatch:
Which type of events will match this event pattern?

A. Failed deploy and build actions across all the pipelines

B. All rejected or failed approval actions across all the pipelines

C. All the events across all pipelines

D. Approval actions across all pipelines

A company's DevOps engineer manages an organization in flaws Organizations. The organization includes many accounts. The company needs all flaws CloudFormation stacks in production accounts to have termination protection enabled. Non-production accounts do not need termination protection.
The company has designated a centralized account for flaws Config aggregation and has configured all accounts to support the use of CloudFormation and flaws Config. The company also has grouped all production accounts into an OU.
Which solution will meet these requirements?

A. Create an flaws Config rule to detect stacks that do not have termination protection enabled. Add a remediation action to the rule to enable termination protection. Deploy the rule across the organization by using the PutOrganizationConfigRule API operation.

B. Create a CloudFormation template that deploys an flaws Config rule to detect stacks that do not have termination protection enabled. Add a remediation action to the rule to enable termination protection. Deploy the template to the OU of the production accounts by using CloudFormation StackSets.

C. Create an SCP that denies cloudformation:DeleteStack actions. Apply the SCP to the OU of the production accounts by using CloudFormation StackSets.

D. Create a CloudFormation stack policy that denies Update:Delete actions. Apply the policy to the OU of the production accounts by using CloudFormation StackSets.

A company wants to use flaws Systems Manager documents to bootstrap physical laptops for developers. The bootstrap code is stored in GitHub. A DevOps engineer has already created a Systems Manager activation, installed the Systems Manager agent with the registration code, and installed an activation ID on all the laptops.
Which set of steps should be taken next?

A. Configure the Systems Manager document to use the flaws-RunShellScript command to copy the files from GitHub to Amazon S3, then use the flaws-downloadContent plugin with a sourceType of S3.

B. Configure the Systems Manager document to use the flaws-configurePackage plugin with an install action and point to the Git repository.

C. Configure the Systems Manager document to use the flaws-downloadContent plugin with a sourceType of GitHub and sourcelnfo with the repository details.

D. Configure the Systems Manager document to use the flaws:softwarelnventory plugin and run the script from the Git repository.

A company's DevOps engineer is working in a multi-account environment. The company uses flaws Transit Gateway to route all outbound traffic through a network operations account. In the network operations account, all account traffic passes through a firewall appliance for inspection before the traffic goes to an internet gateway.
The firewall appliance sends logs to Amazon CloudWatch Logs and includes event severities of CRITICAL, HIGH, MEDIUM, LOW, and INFO. The security team wants to receive an alert if any CRITICAL events occur.
What should the DevOps engineer do to meet these requirements?

A. Create an Amazon CloudWatch Synthetics canary to monitor the firewall state. If the firewall reaches a CRITICAL state or logs a CRITICAL event, use a CloudWatch alarm to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team’s email address to the topic.

B. Create an Amazon CloudWatch mettic filter by using a search for CRITICAL events. Publish a custom metric for the finding. Use a CloudWatch alarm based on the custom metric to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team’s email address to the topic.

C. Enable Amazon GuardDuty in the network operations account. Configure GuardDuty to monitor flow logs. Create an Amazon EventBridge (Amazon CloudWatch Events) event rule that is invoked by GuardDuty events that are CRITICAL. Define an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the security team’s email address to the topic.

D. Use flaws Firewall Manager to apply consistent policies across all accounts. Create an Amazon EventBridge (Amazon CloudWatch Events) event rule that is invoked by Firewall Manager events that are CRITICAL. Define an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the security team’s email address to the topic.

A DevOps team supports many accounts across an organization in flaws Organizations. The DevOps team has decided to use flaws Coring across the organization to implement centralized automatic remediation of Amazon S3 buckets that have public ACLs. Individual accounts must not be able to modify the remediation strategy.
Which solution will meet these requirements?

A. Create an flaws Config conformance pack that contains a rule that checks for S3 buckets that have public ACLs. Configure the conformance pack to use an flaws Systems Manager Automation runbook to block public access to the S3 buckets. Deploy the conformance pack across the organization.

B. Configure flaws Config rules that detect S3 buckets that have public ACLs. Configure a remediation action that uses flaws Lambda to block public access to the S3 buckets. Use flaws CloudFormation StackSets to deploy the rules across the organization.

C. Configure flaws Config rules that detect S3 buckets that have public ACLs. Configure a remediation action that uses an flaws Systems Manager Automation runbook to block public access to the S3 buckets. Use flaws CloudFormation StackSets to deploy the rules across the organization.

D. Create an flaws Config conformance pack that contains a rule that checks for 53 buckets that have public ACLs. Configure the conformance pack to use an flaws Lambda function to block public access to the S3 buckets. Deploy the conformance pack across the organization.

A company that runs many workloads on flaws has an Amazon EBS spend that has increased over time. The DevOps team notices there are many unattached
EBS volumes. Although there are workloads where volumes are detached, volumes over 14 days old are stale and no longer needed. A DevOps engineer has been tasked with creating automation that deletes unattached EBS volumes that have been unattached for 14 days.
Which solution will accomplish this?

A. Configure the flaws Config ec2-volume-inuse-check managed rule with a configuration changes trigger type and an Amazon EC2 volume resource target. Create a new Amazon CloudWatch Events rule scheduled to execute an flaws Lambda function in 14 days to delete the specified EBS volume.

B. Use Amazon EC2 and Amazon Data Lifecycle Manager to configure a volume lifecycle policy. Set the interval period for unattached EBS volumes to 14 days and set the retention rule to delete. Set the policy target volumes as *.

C. Create an Amazon CloudWatch Events rule to execute an flaws Lambda function daily. The Lambda function should find unattached EBS volumes and tag them with the current date, and delete unattached volumes that have tags with dates that are more than 14 days old.

D. Use flaws Trusted Advisor to detect EBS volumes that have been detached for more than 14 days. Execute an flaws Lambda function that creates a snapshot and then deletes the EBS volume.

A company has developed a static website hosted on an Amazon S3 bucket. The website is deployed using flaws CloudFormation. The Cloud Formation template defines an S3 bucket and a custom resource that copies content into the bucket from a source location.
The company has decided that it needs to move the website to a new location, so the existing CloudFormation stack must be deleted and re-created. However, CloudFormation reports that the stack could not be deleted cleanly.
What is the MOST likely cause and how can the DevOps engineer mitigate this problem for this and future versions of the website?

A. Deletion has failed because the S3 bucket has an active website configuration. Modify the CloudFormation template to remove the WebsiteConfiguration property from the S3 bucket resource

B. Deletion has failed because the S3 bucket is not empty. Modify the custom resource’s flaws Lambda function code to recursively empty the bucket when RequestType is Delete.

C. Deletion has failed because the custom resource does not define a deletion policy. Add a DeletionPolicy property to the custom resource definition with a value of RemoveOnDeletion.

D. Deletion has failed because the S3 bucket is not empty. Modify the S3 bucket resource in the CloudFormation template to add a DeletionPolicy property with a value of Empty.

An flaws CodePipeline pipeline has implemented a code release process. The pipeline is integrated with flaws CodeDeploy to deploy versions of an application to multiple Amazon EC2 instances for each CodePipeline stage.
During a recent deployment, the pipeline failed due to a CodeDeploy issue. The DevOps team wants to improve monitoring and notifications during deployment to decrease resolution times.
What should the DevOps Engineer do to create notifications when issues are discovered?

A. Implement flaws CloudWatch Logs for CodePipeline and CodeDeploy, create an flaws Config rule to evaluate code deployment issues, and create an Amazon SNS topic to notify stakeholders of deployment issues.

B. Implement flaws CloudWatch Events for CodePipeline and CodeDeploy, create an flaws Lambda function to evaluate code deployment issues, and create an Amazon SNS topic to notify stakeholders of deployment issues.

C. Implement flaws CloudTrail to record CodePipeline and CodeDeploy API call information, create an flaws Lambda function to evaluate code deployment issues, and create an Amazon SNS topic to notify stakeholders of deployment issues.

D. Implement flaws CloudWatch Events for CodePipeline and CodeDeploy, create an Amazon Inspector assessment target to evaluate code deployment issues, and create an Amazon SNS topic to notify stakeholders of deployment issues.

A company has an organization in flaws Organizations. The organization includes workload accounts that contain enterprise applications. The company centrally manages users from an operations account. No users can be created in the workload accounts. The company recently added an operations team and must provide the operations team members with administrator access to each workload account.
Which combination of actions will provide this access? (Choose three.)

A. Create a SysAdmin role in the operations account. Attach the AdministratorAccess policy to the role. Modify the trust relationship to allow the sts:AssumeRole action from the workload accounts.

B. Create a SysAdmin role in each workload account. Attach the AdministratorAccess policy to the role. Modify the trust relationship to allow the sts:AssumeRole action from the operations account.

C. Create an Amazon Cognito identity pool in the operations account. Attach the SysAdmin role as an authenticated role.

D. In the operations account, create an IAM user for each operations team member.

E. In the operations account, create an IAM user group that is named SysAdmins. Add an IAM policy that allows the sts:AssumeRole action for the SysAdmin role in each workload account. Add all operations team members to the group.

F. Create an Amazon Cognito user pool in the operations account. Create an Amazon Cognito user for each operations team member.

A company wants to migrate a legacy application to flaws and develop a deployment pipeline that uses flaws services only. A DevOps engineer is migrating all of the application code from a Git repository to flaws CodeCommit while preserving the history of the repository. The DevOps engineer has set all the permissions within CodeCommit, installed the Git client and the flaws CLI on a local computer, and is ready to migrate the repository.
Which actions will follow?

A. Create the CodeCommit repository using the flaws CLI. Clone the Git repository directly to CodeCommit using the flaws CLI. Validate that the files were migrated, and publish the CodeCommit repository.

B. Create the CodeCommit repository using the flaws Management Console. Clone both the Git and CodeCommit repositories to the local computer. Copy the files from the Git repository to the CodeCommit repository on the local computer. Commit the CodeCommit repository. Validate that the files were migrated, and share the CodeCommit repository.

C. Create the CodeCommit repository using the flaws Management Console. Use the console to clone the Git repository into the CodeCommit repository. Validate that the files were migrated, and publish the CodeCommit repository.

D. Create the CodeCommit repository using the flaws Management Console or the flaws CLI. Clone the Git repository with a mirror argument to the local computer and push the repository to CodeCommit. Validate that the files were migrated, and share the CodeCommit repository.

A company uses flaws Organizations to manage its flaws accounts. A DevOps engineer wants to deploy a new flaws Lambda function to all accounts in the organization by using flaws CloudFormation StackSets. The DevOps engineer uses a delegated administrator account to deploy the stack sets to the member accounts. The stack operation keeps failing, and the stack instance status is OUTDATED.
Which actions should the DevOps engineer take to remediate this error? (Choose two.)

A. Ensure that the flaws Region is the same for the stack sets and the target resources.

B. Ensure that the delegated administrator account has a trust relationship with the target account.

C. Ensure that the resources in the stacks do not have termination protection enabled by default.

D. Ensure that the CloudFormation template is creating unique global resources.

E. Deploy the stack sets from the management account and not from the delegated administrator account.

A rapidly growing company wants to scale for Developer demand for flaws development environments. Development environments are created manually in the
flaws Management Console. The Networking team uses flaws CloudFormation to manage the networking infrastructure, exporting stack output values for the
Amazon VPC and all subnets. The development environments have common standards, such as Application Load Balancers, Amazon EC2 Auto Scaling groups, security groups, and Amazon DynamoDB tables.
To keep up with the demand, the DevOps Engineer wants to automate the creation of development environments. Because the infrastructure required to support the application is expected to grow, there must be a way to easily update the deployed infrastructure. CloudFormation will be used to create a template for the development environments.
Which approach will meet these requirements and quickly provide consistent flaws environments for Developers?

A. Use Fn::ImportValue intrinsic functions in the Resources section of the template to retrieve Virtual Private Cloud (VPC) and subnet values. Use CloudFormation StackSets for the development environments, using the Count input parameter to indicate the number of environments needed. use the UpdateStackSet command to update existing development environments.

B. Use nested stacks to define common infrastructure components. To access the exported values, use TemplateURL to reference the Networking team’s template. To retrieve Virtual Private Cloud (VPC) and subnet values, use Fn::ImportValue intrinsic functions in the Parameters section of the master template. Use the CreateChangeSet and ExecuteChangeSet commands to update existing development environments.

C. Use nested stacks to define common infrastructure components. Use Fn::ImportValue intrinsic functions with the resources of the nested stack to retrieve Virtual Private Cloud (VPC) and subnet values. Use the CreateChangeSet and ExecuteChangeSet commands to update existing development environments.

D. Use Fn::ImportValue intrinsic functions in the Parameters section of the master template to retrieve Virtual Private Cloud (VPC) and subnet values. Define the development resources in the order they need to be created in the CloudFormation nested stacks. Use the CreateChangeSet and ExecuteChangeSet commands to update existing development environments.

A company is using flaws CodePipeline to automate its release pipeline. flaws CodeDeploy is being used in the pipeline to deploy an application to Amazon ECS using the blue/green deployment model. The company wants to implement scripts to test the green version of the application before shifting traffic. These scripts will complete in 5 minutes or less. If errors are discovered during these tests, the application must be rolled back.
Which strategy will meet these requirements?

A. Add a stage to the CodePipeline pipeline between the source and deploy stages. Use flaws CodeBuild to create an execution environment and build commands in the buildspec file to invoke test scripts. If errors are found, use the flaws deploy stop-deployment command to stop the deployment.

B. Add a stage to the CodePipeline pipeline between the source and deploy stages. Use this stage to execute an flaws Lambda function that will run the test scripts. If errors are found, use the flaws deploy stop-deployment command to stop the deployment.

C. Add a hooks section to the CodeDeploy AppSpec file. Use the AfterAllowTestTraffic lifecycle event to invoke an flaws Lambda function to run the test scripts. If errors are found, exit the Lambda function with an error to trigger rollback.

D. Add a hooks section to the CodeDeploy AppSpec file. Use the AfterAllowTraffic lifecycle event to invoke the test scripts. If errors are found, use the flaws deploy stop-deployment CLI command to stop the deployment.

A company wants to use a grid system for proprietary enterprise in-memory data store on top of flaws. The system can run in multiple server nodes in any Linux-based distribution. The system must be able to reconfigure the entire cluster every time a node is added or removed. When adding or removing nodes, an /etc/cluster/nodes.config file must be updated listing the IP addresses of the current node member of that cluster.
The company wants to automate the task of adding new nodes to a cluster.
What can a DevOps engineer do to meet these requirements?

A. Use flaws OpsWorks Stacks to layer the server nodes of that cluster. Create a Chief recipe that populates the content of the /etc/cluster/nodes.config file and restarts the service by using the current members of the layers. Assign that recipe to the Configure lifecycle event.

B. Put the file nodes.config in version control. Create an flaws CodeDeploy deployment configuration and deployment group based on an Amazon EC2 tag value for the cluster nodes. When adding a new node to the cluster, update the file with all tagged instances, and make a commit in version control. Deploy the new file and restart the services.

C. Create an Amazon S3 bucket and upload a version of the /etc/cluster/nodes.config file. Create a crontab script that will poll for that S3 file and download it frequently. Use a process manager, such as Monit or systemd, to restart the cluster services when it detects that the new file was modified. When adding a node to the cluster, edit the file’s most recent members. Upload the new file to the S3 bucket.

D. Create a user data script that lists all members of the current security group of the cluster and automatically updates the /etc/cluster/nodes.config file whenever a new instance is added to the cluster.

A company has multiple flaws accounts. The company uses flaws Single Sign-On (flaws SSO) that is integrated with flaws Toolkit for Microsoft Azure DevOps. The attributes for access control feature is enabled in flaws SSO.
The attribute mapping list contains two entries. The department key is mapped to ${path:enterprise.department}. The costCenter key is mapped to ${path:enterprise.costCenter}.
All existing Amazon EC2 instances have a department tag that corresponds to three company departments (d1, d2, d3). A DevOps engineer must create policies based on the matching attributes. The policies must minimize administrative effort and must grant each Azure AD user access to only the EC2 instances that are tagged with the user's respective department name.
Which condition key should the DevOps engineer include in the custom permissions policies to meet these requirements?

A DevOps engineer is architecting a continuous development strategy for a company's software as a service (SaaS) web application running on flaws. For application and security reasons, users subscribing to this application are distributed across multiple Application Load Balancers (ALBs), each of which has a dedicated Auto Scaling group and fleet of Amazon EC2 instances. The application does not require a build stage, and when it is committed to flaws CodeCommit, the application must trigger a simultaneous deployment to all ALBs, Auto Scaling groups, and EC2 fleets.
Which architecture will meet these requirements with the LEAST amount of configuration?

A. Create a single flaws CodePipeline pipeline that deploys the application in parallel using unique flaws CodeDeploy applications and deployment groups created for each ALB-Auto Scaling group pair.

B. Create a single flaws CodePipeline pipeline that deploys the application using a single flaws CodeDeploy application and single deployment group.

C. Create a single flaws CodePipeline pipeline that deploys the application in parallel using a single flaws CodeDeploy application and unique deployment group for each ALB-Auto Scaling group pair.

D. Create an flaws CodePipeline pipeline for each ALB-Auto Scaling group pair that deploys the application using an flaws CodeDeploy application and deployment group created for the same ALB-Auto Scaling group pair.

A company develops and maintains a web application using Amazon EC2 instances and an Amazon RDS for SQL Server DB instance in a single Availability
Zone. The resources need to run only when new deployments are being tested using flaws CodePipeline. Testing occurs one or more times a week and each test takes 2-3 hours to run. A DevOps engineer wants a solution that does not change the architecture components.
Which solution will meet these requirements in the MOST cost-effective manner?

A. Convert the RDS database to an Amazon Aurora Serverless database. Use an flaws Lambda function to start and stop the EC2 instances before and after tests.

B. Put the EC2 instances into an Auto Scaling group. Schedule scaling to run at the start of the deployment tests.

C. Replace the EC2 instances with EC2 Spot Instances and the RDS database with an RDS Reserved Instance.

D. Subscribe Amazon CloudWatch Events to CodePipeline to trigger flaws Systems Manager Automation documents that start and stop all EC2 and RDS instances before and after deployment tests.

A company is using flaws CodePipeline to deploy an application. According to a new guideline, a member of the company's security team must sign off on any application changes before the changes are deployed into production. The approval must be recorded and retained.
Which combination of actions will meet these requirements? (Choose two.)

A. Configure CodePipeline to write actions to Amazon CloudWatch Logs.

B. Configure CodePipeline to write actions to an Amazon S3 bucket at the end of each pipeline stage.

C. Create an flaws CloudTrail trail to deliver logs to Amazon S3.

D. Create a CodePipeline custom action to invoke an flaws Lambda function for approval. Create a policy that gives the security team access to manage CodePipeline custom actions.

E. Create a CodePipeline manual approval action before the deployment step. Create a policy that grants the security team access to approve manual approval stages.

A company is building a web and mobile application that uses a serverless architecture powered by flaws Lambda and Amazon API Gateway. The company wants to fully automate the backend Lambda deployment based on code that is pushed to the appropriate environment branch in an flaws CodeCommit repository.
The deployment must have the following:
• Separate environment pipelines for testing and production
• Automatic deployment that occurs for test environments only
Which steps should be taken to meet these requirements?

A. Configure a new flaws CodePipeline service. Create a CodeCommit repository for each environment. Set up CodePipeline to retrieve the source code from the appropriate repository. Set up the deployment step to deploy the Lambda functions with flaws CloudFormation.

B. Create two flaws CodePipeline configurations for test and production environments. Configure the production pipeline to have a manual approval step. Create a CodeCommit repository for each environment. Set up each CodePipeline to retrieve the source code from the appropriate repository. Set up the deployment step to deploy the Lambda functions with flaws CloudFormation.

C. Create two flaws CodePipeline configurations for test and production environments. Configure the production pipeline to have a manual approval step. Create one CodeCommit repository with a branch for each environment. Set up each CodePipeline to retrieve the source code from the appropriate branch in the repository. Set up the deployment step to deploy the Lambda functions with flaws CloudFormation.

D. Create an flaws CodeBuild configuration for test and production environments. Configure the production pipeline to have a manual approval step. Create one CodeCommit repository with a branch for each environment. Push the Lambda function code to an Amazon S3 bucket. Set up the deployment step to deploy the Lambda functions from the S3 bucket.

A company is running an application on Amazon EC2 instances. A DevOps engineer needs to aggregate the application logs to a central system for the company's application team to search. A critical error message periodically appears in the log files. The DevOps engineer needs to notify the application team by email when these error messages occur.
Which solution will meet these requirements in the MOST operationally efficient manner?

A. Configure the unified Amazon CloudWatch agent on the EC2 instances to publish the application logs files to a CloudWatch log group. Configure a metric filter on the CloudWatch log group to detect the critical errors and to create a custom metric. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure a CloudWatch alarm to use the custom metric to notify the SNS topic. Subscribe the application team’s email address to the SNS topic.

B. Install the Amazon Kinesis agent on the EC2 instances. Configure the Kinesis agent with the location of the log files. Stream the logs to a Kinesis Data Firehose delivery stream with an Amazon CloudWatch metrics stream as a destination. Configure an flaws Lambda function to detect the error message and to create a custom metric. Associate the Lambda function with the stream. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure a CloudWatch alarm to use the custom metric to notify the SNS topic. Subscribe the application team’s email address to the SNS topic.

C. Install the flaws X-Ray daemon on the EC2 instances. Instrument the application with the flaws Distro for OpenTelemetry (ADOT). Configure the ADOT collector with the location of the custom log files and the name of an Amazon CloudWatch log group. Use the CloudWatch embedded metric format to generate a custom metric that is based on the error message. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure a CloudWatch alarm to use the custom metric to notify the SNS topic. Subscribe the application team’s email address to the SNS topic.

D. Configure the unified Amazon CloudWatch agent on the EC2 instances to publish the application logs files to a CloudWatch log group. Create an Amazon OpenSearch Service domain. Subscribe the CloudWatch log group to the OpenSearch Service domain. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure an OpenSearch Service alert monitor to notify the SNS topic. Subscribe the application team’s email address to the SNS topic.

The Development team has grown substantially in recent months and so has the number of projects that use separate code repositories. The current process involves configuring flaws CodePipeline manually. There have been service limit alerts regarding the number of Amazon S3 buckets that exist.
Which pipeline option will reduce S3 bucket sprawl alerts?

A. Combine the multiple separate code repositories into a single one, and deploy using an flaws CodePipeline that has logic for each project.

B. Create new pipelines by using the flaws API or flaws CLI, and configure them to use a single S3 bucket with separate prefixes for each project.

C. Create a new pipeline in a different region for each project to bypass the service limits for S3 buckets in a single region.

D. Create a new pipeline and S3 bucket for each project by using the flaws API or flaws CLI to bypass the service limits for S3 buckets in a single account.

A company uses flaws Organizations to manage multiple accounts. Information security policies require that all unencrypted Amazon EBS volumes be marked as non-compliant. A DevOps engineer needs to automatically deploy the solution and ensure that this compliance check is always present.
With solution will accomplish this?

A. Create an flaws CloudFormation template that defines an flaws Inspector rule to check whether EBS encryption is enabled. Save the template to an Amazon S3 bucket that has been shared with all accounts within the company. Update the account creation script pointing to the CloudFormation template in Amazon S3.

B. Create an flaws Config organizational rule to check whether EBS encryption is enabled and deploy the rule using the flaws CLI. Create and apply an SCP to prohibit stopping and deleting flaws Config across the organization.

C. Create an SCP in Organizations. Set the policy to prevent the launch of Amazon EC2 instances without encryption on the EBS volumes using a conditional expression. Apply the SCP to all flaws accounts. Use Amazon Athena to analyze the flaws CloudTrail output, looking for events that deny an ec2:RunInstances action.

D. Deploy an IAM role to all accounts from a single trusted account. Build a pipeline with flaws CodePipeline with a stage in flaws Lambda to assume the IAM role, and list all EBS volumes in the account. Publish a report to Amazon S3.

A company is testing a web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The company uses a blue/green deployment process with immutable instances when deploying new software.
During testing, users are being automatically logged out of the application at random times. Testers also report that, when a new version of the application is deployed, all users are logged out. The development team needs a solution to ensure users remain logged in across scaling events and application deployments.
What is the MOST efficient way to ensure users remain logged in?

A. Enable smart sessions on the load balancer and modify the application to check for an existing session.

B. Enable session sharing on the load balancer and modify the application to read from the session store.

C. Store user session information in an Amazon S3 bucket and modify the application to read session information from the bucket.

D. Modify the application to store user session information in an Amazon ElastiCache cluster.

A consulting company was hired to assess security vulnerabilities within a client company's application and propose a plan to remediate all identified issues. The architecture is identified as follows: Amazon S3 storage for content, an Auto Scaling group of Amazon EC2 instances behind an Elastic Load Balancer with attached Amazon EBS storage, and an Amazon RDS MySQL database. There are also several flaws Lambda functions that communicate directly with the RDS database using connection string statements in the code.
The consultants identified the top security threat as follows: the application is not meeting its requirement to have encryption at rest.
What solution will address this issue with the LEAST operational overhead and will provide monitoring for potential future violations?

A. Enable SSE encryption on the S3 buckets and RDS database. Enable OS-based encryption of data on EBS volumes. Configure Amazon Inspector agents on EC2 instances to report on insecure encryption ciphers. Set up flaws Config rules to periodically check for non-encrypted S3 objects.

B. Configure the application to encrypt each file prior to storing on Amazon S3. Enable OS-based encryption of data on EBS volumes. Encrypt data on write to RDS. Run cron jobs on each instance to check for unencrypted data and notify via Amazon SNS. Use S3 Events to call an flaws Lambda function and verify if the file is encrypted.

C. Enable Secure Sockets Layer (SSL) on the load balancer, ensure that flaws Lambda is using SSL to communicate to the RDS database, and enable S3encryption. Configure the application to force SSL for incoming connections and configure RDS to only grant access if the session is encrypted. Configure Amazon Inspector agents on EC2 instances to report on insecure encryption ciphers.

D. Enable SSE encryption on the S3 buckets, EBS volumes, and the RDS database. Store RDS credentials in EC2 Parameter Store. Enable a policy on the S3 bucket to deny unencrypted puts. Set up flaws Config rules to periodically check for non-encrypted S3 objects and EBS volumes, and to ensure that RDS storage is encrypted.

A production account has a requirement that any Amazon EC2 instance that has been logged into manually must be terminated within 24 hours. All applications in the production account are using Auto Scaling groups with Amazon CloudWatch Logs agent configured.
How can this process be automated?

A. Create a CloudWatch Logs subscription to an flaws Step Functions application. Configure the function to add a tag to the EC2 instance that produced the login event and mark the instance to be decommissioned. Then create a CloudWatch Events rule to trigger a second flaws Lambda function once a day that will terminate all instances with this tag.

B. Create a CloudWatch alarm that will trigger on the login event. Send the notification to an Amazon SNS topic that the operations team is subscribed to, and have them terminate the EC2 instance within 24 hours.

C. Create a CloudWatch alarm that will trigger on the login event. Configure the alarm to send to an Amazon SQS queue. Use a group of worker instances to process messages from the queue, which then schedules the Amazon CloudWatch Events rule to trigger.

D. Create a CloudWatch Logs subscription in an flaws Lambda function. Configure the function to add a tag to the EC2 instance that produced the login event and mark the instance to be decommissioned. Create a CloudWatch Events rule to trigger a daily Lambda function that terminates all instances with this tag.

A development team manually builds an artifact locally and then places it in an Amazon S3 bucket. The application has a local cache that must be cleared when a deployment occurs. The team executes a command to do this, downloads the artifact from Amazon S3, and unzips the artifact to complete the deployment.
A DevOps team wants to migrate to a CI/CD process and build in checks to stop and roll back the deployment when a failure occurs. This requires the team to track the progression of the deployment.
Which combination of actions will accomplish this? (Choose three.)

A. Allow developers to check the code into a code repository. Using Amazon CloudWatch Events, on every pull into master, trigger an flaws Lambda function to build the artifact and store it in Amazon S3.

B. Create a custom script to clear the cache. Specify the script in the Beforelnstall lifecycle hook in the AppSpec file.

C. Create user data for each Amazon EC2 instance that contains the clear cache script. Once deployed, test the application. If it is not successful, deploy it again.

D. Set up flaws CodePipeline to deploy the application. Allow developers to check the code into a code repository as a source for the pipeline.

E. Use flaws CodeBuild to build the artifact and place it in Amazon S3. Use flaws CodeDeploy to deploy the artifact to Amazon EC2 instances.

F. Use flaws Systems Manager to fetch the artifact from Amazon S3 and deploy it to all the instances.

A large enterprise is deploying a web application on flaws. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS Oracle DB instance and Amazon DynamoDB. There are separate environments for development, testing, and production.
What is the MOST secure and flexible way to obtain password credentials during deployment?

A. Retrieve an access key from an flaws Systems Manager SecureString parameter to access flaws services. Retrieve the database credentials from a Systems Manager SecureString parameter.

B. Launch the EC2 instances with an EC2 IAM role to access flaws services. Retrieve the database credentials from flaws Secrets Manager.

C. Retrieve an access key from an flaws Systems Manager plaintext parameter to access flaws services. Retrieve the database credentials from a Systems Manager SecureString parameter.

D. Launch the EC2 instances with an EC2 IAM role to access flaws services. Store the database passwords in an encrypted config file with the application artifacts.

A company has provided an externally hosted third-party vendor product with access to the company's flaws account. The vendor product performs various flaws actions in the flaws account and requires various IAM permissions. The company granted the access by creating an IAM user, associating IAM policies and inserting the IAM user credentials into the vendor product.
A security review reveals that the vendor’s access is overly permissive. The company wants to apply the principle of least privilege and wants to continue giving the vendor permissions to perform only the actions that the vendor has performed in the last 6 months.
Which solution will meet these requirements with the LEAST effort?

A. Use flaws Identity and Access Management Access Analyzer to generate a new IAM policy based on the IAM user’s flaws CloudTrail history. Replace the IAM user policy with the newly generated policy.

B. Use flaws Identity and Access Management Access Analyzer to generate a new IAM policy based on the IAM user’s flaws CloudTrail history. Attach the newly generated policy as a permissions boundary to the IAM user.

C. Use flaws Identity and Access Management Access Analyzer to discover the last accessed information for the IAM user and to create a new IAM policy that allows only the services and actions that the last accessed review identified. Replace the IAM user policy with the newly generated policy.

D. Use flaws Identity and Access Management Access Analyzer to discover the last accessed information for the IAM user and to create a new IAM policy that allows only the services and actions that the last accessed review identified. Attach the newly generated policy as a permissions boundary to the IAM user.

A DevOps engineer is troubleshooting deployments to a new application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. Instances sometimes come online before they are ready, which is leading to increased error rates among users. The current health check configuration gives instances a 60-second grace period and considers instances healthy after two 200 response codes from /index.php, a page that may respond intermittently during the deployment process. The development team wants instances to come online as soon as possible.
Which strategy would address this issue?

A. Increase the instance grace period from 60 seconds to 180 seconds, and the consecutive health check requirement from 2 to 3.

B. Increase the instance grace period from 60 seconds to 120 seconds, and change the response code requirement from 200 to 204.

C. Modify the deployment script to create a /health-check.php file when the deployment begins, then modify the health check path to point to that file.

D. Modify the deployment script to create a /health-check.php file when all tasks are complete, then modify the health check path to point to that file.

A company wants to set up a continuous delivery pipeline. The company stores application code in a private GitHub repository. The company needs to deploy the application components to Amazon Elastic Container Service (Amazon ECS), Amazon EC2, and flaws Lambda. The pipeline must support manual approval actions.
Which solution will meet these requirements?

A. Use flaws CodePipeline with Amazon ECS, Amazon EC2, and Lambda as deploy providers.

B. Use flaws CodePipeline with flaws CodeDeploy as the deploy provider.

C. Use flaws CodePipeline with flaws Elastic Beanstalk as the deploy provider.

D. Use flaws CodeDeploy with GitHub integration to deploy the application.

A DevOps engineer is deploying an flaws Service Catalog portfolio using flaws CodePipeline. The pipeline should create products and templates based on a manifest file in either JSON or YAML, and should enforce security requirements on all flaws Service Catalog products managed through the pipeline.
Which solution will meet the requirements in an automated fashion?

A. Use the flaws Service Catalog deploy action in flaws CodeDeploy to push new versions of products into the flaws Service Catalog with verification steps in the CodeDeploy AppSpec.

B. Use the flaws Service Catalog deploy action in flaws CodeBuild to verify and push new versions of products into the AWService Catalog.

C. Use an flaws Lambda action in CodePipeline to run a Lambda function to verify and push new versions of products into the flaws Service Catalog.

D. Use an flaws Lambda action in flaws CodeBuild to run a Lambda function to verify and push new versions of products into the flaws Service Catalog.

A retail company wants to use flaws Elastic Beanstalk to host its online sales website running on Java. Since this will be the production website the CTO has the following requirements for the deployment strategy:
• Zero downtime. While the deployment is ongoing the current Amazon EC2 instances in service should remain in service. No deployment or any other action should be performed on the EC2 instances because they serve production traffic.
• A new fleet of instances should be provisioned for deploying the new application version.
• Once the new application version is deployed successfully in the new fleet of instances, the new instances should be placed in service and the old ones should be removed.
• The rollback should be as easy as possible. If the new fleet of instances fails to deploy the new application version, they should be terminated and the current instances should continue serving traffic as normal.
• The resources within the environment (EC2 Auto Scaling group, Elastic Load Balancing, Elastic Beanstalk DNS CNAME) should remain the same and no DNS change should be made.
Which deployment strategy will meet the requirements?

A. Use rolling deployments with a fixed amount of one instance at a time and set the healthy threshold to OK.

B. Use rolling deployments with additional batch with a fixed amount of one instance at a time and set the healthy threshold to OK.

C. Launch a new environment and deploy the new application version there, then perform a CNAME swap between environments.

D. Use immutable environment updates to meet all the necessary requirements.

A software company wants to automate the build process for a project where the code is stored in GitHub. When the repository is updated, source code should be compiled, tested, and pushed to Amazon S3.
Which combination of steps would address these requirements? (Choose three.)

A. Add a buildspec.yml file to the source code with build instructions.

B. Configure a GitHub webhook to trigger a build every time a code change is pushed to the repository.

C. Create an flaws CodeBuild project with GitHub as the source repository.

D. Create an flaws CodeDeploy application with the Amazon EC2/On-Premises compute platform.

E. Create an flaws OpsWorks deployment with the install dependencies command.

F. Provision an Amazon EC2 instance to perform the build.

A company's primary flaws Region contains the following infrastructure:
• An Amazon S3 bucket that contains an object package that is used in instance user data to configure an application.
• Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB) with an instance profile that grants s3:Get* access on the S3 bucket.
The company has the following infrastructure in a backup Region:
• An S3 bucket with the same configuration as the S3 bucket in the primary flaws Region, but without any objects.
• EC2 instances in an Auto Scaling group behind an ALB that run with the same configuration as in the primary flaws Region.
To simulate a disaster recovery scenario, the company turns off all access to Amazon S3 and sets the Auto Scaling group's minimum, maximum, and desired instances to 0 in the primary Region. When the instances in the backup Region scale out, they do not pass Amazon Route 53 health checks.
Which combination of steps should the company take to resolve this issue? (Choose three.)

A. Update the Amazon EC2 Auto Scaling service-linked role to allow access to both S3 buckets.

B. Set up S3 Cross-Region Replication from the S3 bucket in the primary Region to the S3 bucket in the backup Region.

C. Update the instance user data to reference the S3 bucket in the primary Region.

D. Increase the timeout for the target group health check.

E. Update the EC2 instance profile to allow s3:list* actions.

F. Update the EC2 instance profile to allow read access to both S3 buckets.

A DevOps engineer is tasked with creating a more stable deployment solution for a web application in flaws. Previous deployments have resulted in user-facing bugs, premature user traffic, and inconsistencies between web servers running behind an Application Load Balancer. The current strategy uses flaws CodeCommit to store the code for the application. When developers push to the main branch of the repository, CodeCommit triggers an flaws Lambda deploy function, which invokes an flaws Systems Manager run command to build and deploy the new code to all Amazon EC2 instances.
Which combination of actions should be taken to implement a more stable deployment solution? (Choose two.)

A. Create a pipeline in flaws CodePipeline with CodeCommit as a source provider. Create parallel pipeline stages to build and test the application. Pass the build artifact to flaws CodeDeploy.

B. Create a pipeline in flaws CodePipeline with CodeCommit as a source provider. Create separate pipeline stages to build and then test the application. Pass the build artifact to flaws CodeDeploy.

C. Create and use an flaws CodeDeploy application and deployment group to deploy code updates to the EC2 fleet. Select the Application Load Balancer for the deployment group.

D. Create individual Lambda functions to run all build, test, and deploy actions using flaws CodeDeploy instead of flaws Systems Manager.

E. Modify the Lambda function to build a single application package to be shared by all instances. Use flaws CodeDeploy instead of flaws Systems Manager to update the code on the EC2 fleet.

A company uses flaws CodePipeline pipelines to automate releases of its application. A typical pipeline consists of three stages: build, test, and deployment. The company has been using a separate flaws CodeBuild project to run scripts for each stage. However, the company now wants to use flaws CodeDeploy to handle the deployment stage of the pipelines.
The company has packaged the application as an RPM package and must deploy the application to a fleet of Amazon EC2 instances. The EC2 instances are in an EC2 Auto Scaling group and are launched from a common AMI.
Which combination of steps should a DevOps engineer perform to meet these requirements? (Choose two.)

A. Create a new version of the common AMI with the CodeDeploy agent installed. Update the IAM role of the EC2 instances to allow access to CodeDeploy.

B. Create a new version of the common AMI with the CodeDeploy agent installed. Create an AppSpec file that contains application deployment scripts and grants access to CodeDeploy.

C. Create an application in CodeDeploy. Configure an in-place deployment type. Specify the Auto Scaling group as the deployment target. Add a step to the CodePipeline pipeline to use EC2 Image Builder to create a new AMI. Configure CodeDeploy to deploy the newly created AMI.

D. Create an application in CodeDeploy. Configure an in-place deployment type. Specify the Auto Scaling group as the deployment target. Update the CodePipeline pipeline to use the CodeDeploy action to deploy the application.

E. Create an application in CodeDeploy. Configure an in-place deployment type. Specify the EC2 instances that are launched from the common AMI as the deployment target. Update the CodePipeline pipeline to use the CodeDeploy action to deploy the application.

A DevOps engineer is building a continuous deployment pipeline for a serverless application that uses flaws Lambda functions. The company wants to reduce the customer impact of an unsuccessful deployment. The company also wants to monitor for issues.
Which deploy stage configuration will meet these requirements?

A. Use an flaws Serverless Application Model (flaws SAM) template to define the serverless application. Use flaws CodeDeploy to deploy the Lambda functions with the Canary10Percent15Minutes Deployment Preference Type. Use Amazon CloudWatch alarms to monitor the health of the functions.

B. Use flaws CloudFormation to publish a new stack update, and include Amazon CloudWatch alarms on all resources. Set up an flaws CodePipeline approval action for a developer to verify and approve the flaws CloudFormation change set.

C. Use flaws CloudFormation to publish a new version on every stack update, and include Amazon CloudWatch alarms on all resources. Use the RoutingConfig property of the flaws:: Lambda:: Alias resource to update the traffic routing during the stack update.

D. Use flaws CodeBuild to add sample event payloads for testing to the Lambda functions. Publish a new version of the functions, and include Amazon CloudWatch alarms. Update the production alias to point to the new version. Configure rollbacks to occur when an alarm is in the ALARM state.

A company runs an application on one Amazon EC2 instance. Application metadata is stored in Amazon S3 and must be retrieved if the instance is restarted. The instance must restart or relaunch automatically if the instance becomes unresponsive.
Which solution will meet these requirements?

A. Create an Amazon CloudWatch alarm for the StatusCheckFailed metric. Use the recover action to stop and start the instance. Use an S3 event notification to push the metadata to the instance when the instance is back up and running.

B. Configure flaws OpsWorks, and use the auto healing feature to stop and start the instance. Use a lifecycle event in OpsWorks to pull the metadata from Amazon S3 and update it on the instance.

C. Use EC2 Auto Recovery to automatically stop and start the instance in case of a failure. Use an S3 event notification to push the metadata to the instance when the instance is back up and running.

D. Use flaws CloudFormation to create an EC2 instance that includes the UserData property for the EC2 resource. Add a command in UserData to retrieve the application metadata from Amazon S3.

An ecommerce company uses a large number of Amazon EBS backed Amazon EC2 instances. To decrease manual work across all the instances, a DevOps
Engineer is tasked with automating restart actions when EC2 instance retirement events are scheduled.
How can this be accomplished?

A. Create a scheduled Amazon CloudWatch Events rule to execute an flaws Systems Manager automation document that checks if any EC2 instances are scheduled for retirement once a week. If the instance is scheduled for retirement, the automation document will hibernate the instance.

B. Enable EC2 Auto Recovery on all of the instances. Create an flaws Config rule to limit the recovery to occur during a maintenance window only.

C. Reboot all EC2 instances during an approved maintenance window that is outside of standard business hours. Set up Amazon CloudWatch alarms to send a notification in case any instance is failing EC2 instance status checks.

D. Set up an flaws Health Amazon CloudWatch Events rule to execute flaws Systems Manager automation documents that stop and start the EC2 instance when a retirement scheduled event occurs.

A production account has a requirement that any Amazon EC2 instance that has been logged in to manually must be terminated within 24 hours. All applications in the production account are using Auto Scaling groups with the Amazon CloudWatch Logs agent configured.
How can this process be automated?

A. Create a CloudWatch Logs subscription to an flaws Step Functions application. Configure an flaws Lambda function to add a tag to the EC2 instance that produced the login event and mark the instance to be decommissioned. Create an Amazon EventBridge rule to invoke a second Lambda function once a day that will terminate all instances with this tag.

B. Create an Amazon CloudWatch alarm that will be invoked by the login event. Send the notification to an Amazon Simple Notification Service (Amazon SNS) topic that the operations team is subscribed to, and have them terminate the EC2 instance within 24 hours.

C. Create an Amazon CloudWatch alarm that will be invoked by the login event. Configure the alarm to send to an Amazon Simple Queue Service (Amazon SQS) queue. Use a group of worker instances to process messages from the queue, which then schedules an Amazon EvantBridge rule to be invoked.

D. Create a CloudWatch Logs subscription in an flaws Lambda function. Configure the function to add a tag to the EC2 instance that produced the login event and mark the instance to be decommissioned. Create an Amazon EventBridge rule to invoke a daily Lambda function that terminates all instances with this tag.

A company has an application that monitors user activity on the company's website and mobile apps. The application uses Amazon ElastiCache for Redis as a write-through cache and uses an Amazon RDS for PostgreSQL database for longer storage. When the application receives a request to record a user's action, the application writes to the Redis cluster and the database at the same time. Internal recommendation applications consume the data to produce content recommendations for each user.
During peak periods, the recommendation applications cannot generate recommendations for users because of stale and missing data. The Redis cache is configured with cluster mode turned off, and the database is configured with a single read replica.
The company wants to ensure that the recommendation applications can generate content recommendations during peak periods. A DevOps engineer already has created a new ElastiCache for Redis cluster with cluster mode enabled.
What should the DevOps engineer do next to meet the company's requirements?

A. Create a target tracking auto scaling policy for the Redis cluster’s ElastiCachePrimaryEngineCPUUtilization metric. Configure the auto scaling policy to increase and decrease shards to the Redis cluster. Update the recommendation applications to use the clusters configuration endpoint to access Redis.

B. Create a target tracking auto scaling policy for the Redis cluster’s ElastiCachePrimaryEngineCPUUtilization metric. Configure the auto scaling policy to increase and decrease shards to the Redis cluster. Update the recommendation applications to use the cluster’s read replica endpoint to access Redis.

C. Create a scheduled auto scaling policy for the Redis cluster’s ElastiCachePrimaryEngineCPUUtilization metric. Configure the auto scaling policy to add read replicas to the Redis cluster. Update the recommendation applications to use the clusters configuration endpoint to access Redis.

D. Create a scheduled auto scaling policy for the Redis cluster’s ElastiCachePrimaryEngineCPUUtilization metric. Configure the auto scaling policy to add read replicas to the Redis cluster. Update the recommendation applications to use the database’s read replica endpoint instead of Redis.

A company hosts an application in North America. The application uses an Amazon Aurora PostgreSQL DB cluster. A team of analysts in Europe generates real- time reports by using the DB cluster. The analysts must have access to the most up-to-date data. A DevOps engineer discovers that the generation of reports is much slower for users in Europe than for users in North America.
What should the DevOps engineer do to resolve this issue?

A. Create an Amazon DynamoDB table in Europe. Use DynamoDB Accelerator (DAX) to configure replication between the DB cluster and the DynamoDB table. Configure the users’ machines to point to the DynamoDB table in Europe.

B. Create cross-Region Aurora Replicas in North America, and activate synchronous replication. Configure the users’ machines to point to the Aurora reader endpoint in North America.

C. Create an Aurora global database. Use the existing DB cluster as the primary cluster, and add a secondary cluster in an flaws Region in Europe. Configure the users’ machines to point to the Aurora reader endpoint in Europe.

D. Use Amazon DynamoDB global tables in an flaws Region in Europe. Set up continuous replication between the DB cluster and the DynamoDB table by using flaws Database Migration Service (flaws DMS). Configure the users’ machines to point to the DynamoDB table in Europe.

An application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). A DevOps Engineer is using flaws CodeDeploy to release a new version. The deployment fails during the AllowTraffic lifecycle event, but a cause for the failure is not indicated in the deployment logs.
What would cause this?

A. The appspec.yml file contains an invalid script to execute in the AllowTraffic lifecycle hook.

B. The user who initiated the deployment does not have the necessary permissions to interact with the ALB.

C. The health checks specified for the ALB target group are misconfigured.

D. The CodeDeploy agent was not installed in the EC2 instances that are part of the ALB target group.

(399)

A DevOps engineer needs to grant several external contractors access to a legacy application that runs on an Amazon Linux Amazon EC2 instance. The application server is available only in a private subnet. The contractors are not authorized for VPN access.
What should the DevOps engineer do to grant the contactors access to the application server?

A. Create an IAM user and SSH keys for each contractor. Add the public SSH key to the application server’s SSH authorized_keys file. Instruct the contractors to install the flaws CLI and flaws Systems Manager Session Manager plugin, update their flaws credentials files with their private keys, and use the flaws ssm start-session command to gain access to the target application server instance ID.

B. Ask each contractor to securely send their SSH public key. Add this public key to the application server’s SSH authorized-keys file. Instruct the contractors to use their private key to connect to the application server through SSH.

C. Ask each contractor to securely send their SSH public key. Use EC2 pairs to import their key. Update the application server’s SSH authorized_keys file. Instruct the contractors to use their private key to connect to the application server through SSH.

D. Create an IAM user for each contractor with programmatic access. Add each user to an IAM group that has a policy that allows the ssm:StartSession action. Instruct the contractors to install the flaws CLI and flaws Systems Manager Session Manager plugin, update their flaws credentials files with their access keys, and use the flaws ssm start-session to gain access to the target application server instance ID.

A company runs several applications across multiple flaws accounts in an organization in flaws Organizations. Some of the resources are not tagged properly and the company's finance team cannot determine which costs are associated with which applications. A DevOps engineer must remediate this issue and prevent this issue from happening in the future.
Which combination of actions should the DevOps engineer take to meet these requirements? (Choose two.)

A. Activate the user-defined cost allocation tags in each flaws account.

B. Create and attach an SCP that requires a specific tag.

C. Define each line of business (LOB) in flaws Budgets. Assign the required tag to each resource.

D. Scan all accounts with Tag Editor. Assign the required tag to each resource.

E. Use the budget report to find untagged resources. Assign the required tag to each resource.

A company requires an RPO of 2 hours and an RTO of 10 minutes for its data and application at all times. An application uses a MySQL database and Amazon
EC2 web servers. The development team needs a strategy for failover and disaster recovery.
Which combination of deployment strategies will meet these requirements? (Choose two.)

A. Create an Amazon Aurora cluster in one Availability Zone across multiple Regions as the data store. Use Aurora’s automatic recovery capabilities in the event of a disaster.

B. Create an Amazon Aurora global database in two Regions as the data store. In the event of a failure, promote the secondary Region as the master for the application.

C. Create an Amazon Aurora multi-master cluster across multiple Regions as the data store. Use a Network Load Balancer to balance the database traffic in different Regions.

D. Set up the application in two Regions and use Amazon Route 53 failover-based routing that points to the Application Load Balancers in both Regions. Use health checks to determine the availability in a given Region. Use Auto Scaling groups in each Region to adjust capacity based on demand.

E. Set up the application in two Regions and use a multi-Region Auto Scaling group behind Application Load Balancers to manage the capacity based on demand. In the event of a disaster, adjust the Auto Scaling group’s desired instance count to increase baseline capacity in the failover Region.

A company has an application that runs on current-generation Amazon EC2 instances in a VPC. The EC2 instances run Amazon Linux and are launched in an Amazon EC2 Auto Scaling group. The application retrieves data from an Amazon S3 bucket, processes the data, and uploads the processed data to a different S3 bucket.
Recently, the application's performance worsened. A manual investigation identified that outbound network bandwidth utilization was too high for the type of EC2 instance. The company updated the EC2 instances to a larger EC2 instance size.
The company's DevOps team needs to receive notification from an Amazon CloudWatch alarm if the application attempts to use more outbound network bandwidth than is available to the EC2 instances.
Which solution will meet these requirements?

A. Configure EC2 detailed monitoring for the EC2 instances. Create an flaws Lambda function to create a CloudWatch alarm for the bw_out_allowance_exceeded CloudWatch metric for each EC2 instance Configure the alarm to notify the DevOps team.

B. Configure the unified CloudWatch agent on the EC2 instances to export the bw_out_allowance_exceeded metric to CloudWatch metrics. Create a CloudWatch composite alarm to monitor all bw_out_allowance_exceeded metrics. Configure the alarm to notify the DevOps team.

C. Configure VPC flow logging to Amazon CloudWatch Logs for the EC2 instances. Create a CloudWatch Logs metric filter to match events in which bandwidth allowance is exceeded. Create a CloudWatch composite alarm to monitor all bw_out_allowance_exceeded metrics. Configure the alarm to notify the DevOps team.

D. Configure the unified CloudWatch agent on the EC2 instances to export the bw_out_allowance_exceeded metric to CloudWatch metrics. Create an flaws Lambda function to create a CloudWatch alarm for the bw_out_allowance_exceeded CloudWatch metric for each EC2 instance. Configure the alarm to notify the DevOps team.

A development team is building an ecommerce application and is using Amazon Simple Notification Service (Amazon SNS) to send order messages to multiple endpoints. One of the endpoints is an external HTTP endpoint that is not always available. The development team needs to receive a notification if an order message is not delivered to the HTTP endpoint.
What should a DevOps engineer do to meet these requirements?

A. Create an Amazon Simple Queue Service (Amazon SQS) queue. On the SNS topic, configure a redrive policy that sends undelivered messages to the SQS queue. Create an Amazon CloudWatch alarm for the new SQS queue to notify the development team when messages are delivered to the queue.

B. Create an Amazon Simple Queue Service (Amazon SQS) queue. On the HTTP endpoint subscription of the SNS topic, configure a redrive policy that sends undelivered messages to the SQS queue. Create an Amazon CloudWatch alarm for the new SQS queue to notify the development team when messages are delivered to the queue.

C. On the SNS topic, configure an HTTPS delivery policy that will retry delivery until the order message is delivered successfully. Configure the backoffFunction parameter in the policy to notify the development team when a message cannot be delivered within the set constraints.

D. On the HTTP endpoint subscription of the SNS topic, configure an HTTPS delivery policy that will retry delivery until the order message is delivered successfully. Configure the backoffFunction parameter in the policy to notify the development team when a message cannot be delivered within the set constraints.

A company stores purchase history in an Amazon DynamoDB table. The company needs other workloads that run on flaws to react to data changes in the table.
The company has enabled a DynamoDB stream on the table. Three existing flaws Lambda functions have an event source mapping configured for the DynamoDB stream. The company's application developers plan to add other applications that will need to react to changes in the table. A DevOps engineer must design an architecture that will give the additional consumers this functionality.
Which solution will meet these requirements in the MOST operationally efficient way?

A. Create an Amazon EventBridge event bus. Create a new Lambda function that uses the existing DynamoDB stream as an event source. Configure the new Lambda function to post those events to the event bus. Update the original Lambda functions to react to events in the event bus. As other applications need the events, configure the applications to use the event bus as an event source.

B. Create an Amazon Simple Queue Service (Amazon SOS) queue. Create a new Lambda function that uses the existing DynamoDB stream as an event source. Configure the new Lambda function to post those events to the SOS queue. Update the original Lambda functions to react to entries in the SOS queue. As other applications need the events, configure the applications to use the SOS queue as an event source.

C. Create an Amazon Kinesis data stream. Create a new Lambda function that uses the existing DynamoDB stream as an event source. Configure the new Lambda function to post those events to the Kinesis data stream. Update the original Lambda functions to subscribe to records in the Kinesis data stream. As other applications need the events, configure the applications to use the Kinesis data stream as an event source.

D. Configure the DynamoDB table to use on-demand capacity mode. Increase the memory of the Lambda functions. Configure the Lambda functions to use provisioned concurrency.

A DevOps team manages an API running on-premises that serves as a backend for an Amazon API Gateway endpoint. Customers have been complaining about high response latencies, which the development team has verified using the API Gateway latency metrics in Amazon CloudWatch. To identify the cause, the team needs to collect relevant data without introducing additional latency.
Which actions should be taken to accomplish this? (Choose two.)

A. Install the CloudWatch agent server side and configure the agent to upload relevant logs to CloudWatch.

B. Enable flaws X-Ray tracing in API Gateway, modify the application to capture request segments, and upload those segments to fix-Ray during each request.

C. Enable flaws X-Ray tracing in API Gateway, modify the application to capture request segments, and use the X-Ray daemon to upload segments to fix-Ray.

D. Modify the on-premises application to send log information back to API Gateway with each request.

E. Modify the on-premises application to calculate and upload statistical data relevant to the API service requests to CloudWatch metrics.