A company that runs many workloads on AWS has an Amazon EBS spend that has increased over time. The DevOps team notices there are many unattached EBS volumes. Although there are workloads where volumes are detached, volumes over 14 days old are stale and no longer needed. A DevOps engineer has been tasked with creating automation that deletes unattached EBS volumes that have been unattached for 14 days.
Which solution will accomplish this?

1. A. Configure the AWS Config ec2-vo!ume-inuse-check managed rule with a configuration changes trigger type and an Amazon EC2 volume resource targe
2. B. Create a new Amazon CloudWatch Events rule scheduled to execute an AWS Lambda function in 14 days to delete the specified EBS volume.
3. C. Use Amazon EC2 and Amazon Data Lifecycle Manager to configure a volume lifecycle polic
4. D. Set the interval period for unattached EBS volumes to 14 days and set the retention rule to delet
5. E. Set the policy target volumes as
6. F. Create an Amazon CloudWatch Events rule to execute an AWS Lambda function dail
7. G. The Lambda function should find unattached EBS volumes and tag them with the current date, and delete unattached volumes that have tags with dates that are more than 14 days old.
8. H. Use AWS Trusted Advisor to detect EBS volumes that have been detached for more than 14 days.Execute an AWS Lambda function that creates a snapshot and then deletes the EBS volume.

Correct Answer: C

A company is hosting a web application in an AWS Region. For disaster recovery purposes, a second region is being used as a standby. Disaster recovery requirements state that session data must be replicated between regions in near-real time and 1% of requests should route to the secondary region to continuously verify system functionality. Additionally, if there is a disruption in service in the main region, traffic should be automatically routed to the secondary region, and the secondary region must be able to scale up to handle all traffic.
How should a DevOps Engineer meet these requirements?

1. A. In both regions, deploy the application on AWS Elastic Beanstalk and use Amazon DynamoDB global tables for session dat
2. B. Use an Amazon Route 53 weighted routing policy with health checks to distribute the traffic across the regions.
3. C. In both regions, launch the application in Auto Scaling groups and use DynamoDB for session dat
4. D. Use a Route 53 failover routing policy with health checks to distribute the traffic across the regions.
5. E. In both regions, deploy the application in AWS Lambda, exposed by Amazon API Gateway, and use Amazon RDS PostgreSQL with cross-region replication for session dat
6. F. Deploy the web applicationwith client-side logic to call the API Gateway directly.
7. G. In both regions, launch the application in Auto Scaling groups and use DynamoDB global tables for session dat
8. H. Enable an Amazon CloudFront weighted distribution across region
9. I. Point the Amazon Route 53 DNS record at the CloudFront distribution.

Correct Answer: B

A company requires that its internally facing web application be nighty available The architecture is made up of one Amazon EC2 web server instance and one NAT instance that provides outbound internet access for updates and accessing public data
Which combination of architecture adjustments should the company implement to achieve high availability? (Select TWO.)

1. A. Add the NAT instance to an EC2 Auto Scaling group that spans multiple Availability Zones Update the route tables
2. B. Create additional EC2 instances spanning multiple Availability Zones Add an Application Load Balancer to split the load between them
3. C. Configure an Application Load Balancer in front of the EC2 instance Configure Amazon CloudWatch alarms to recover the EC2 instance upon host failure
4. D. Replace the NAT instance with a NAT gateway in each Availability Zone Update the route tables
5. E. Replace the NAT instance with a NAT gateway that spans multiple Availability Zones Update the route tables

Correct Answer: AD

A company is adopting serverless computing and is migrating some of its existing applications to AWS Lambda A DevOps engineer must come up with an automated deployment strategy using AWS CodePipeline that should include proper version controls, branching strategies, and rollback methods
Which combination of steps should the DevOps engineer follow when setting up the pipeline? (Select THREE)

1. A. Use Amazon S3 as the source code repository
2. B. Use AWS CodeCommit as the source code repository
3. C. Use AWS CloudFormation to create an AWS Serverless Application Model (AWS SAM) template for deployment.
4. D. Use AWS CodeBuild to create an AWS Serverless Application Model (AWS SAM) template for deployment
5. E. Use AWS CloudFormation to deploy the application
6. F. Use AWS CodeDeploy to deploy the application.

Correct Answer: ABC

A DevOps Engineer is working on a project that is hosted on Amazon Linux and has failed a security review. The DevOps Manager has been asked to review the company buildspec.yaml file for an AWS CodeBuild project and provide recommendations. The buildspec.yaml file is configured as follows:

What changes should be recommended to comply with AWS security best practices? (Select THREE.)

1. A. Add a post-build command to remove the temporary files from the container before termination to ensure they cannot be seen by other CodeBuild users.
2. B. Update the CodeBuild project role with the necessary permissions and then remove the AWS credentials from the environment variable.
3. C. Store the DB_PASSWORD as a SecureString value in AWS Systems Manager Parameter Store and then remove the DB_PASSWORD from the environment variables.
4. D. Move the environment variables to the "˜db-deploy-bucket' Amazon S3 bucket, add a prebuild stage to download, then export the variables.
5. E. Use AWS Systems Manager run command versus scp and ssh commands directly to the instance.
6. F. Scramble the environment variables using XOR followed by Base64, add a section to install, and then run XOR and Base64 to the build phase.

Correct Answer: BCE
https://aws.amazon.com/codebuild/faqs/