A healthcare services company is concerned about the growing costs of software licensing for an application for monitoring patient wellness. The company wants to create an audit process to ensure that the application is running exclusively on Amazon EC2 Dedicated Hosts. A DevOps Engineer must create a workflow to audit the application to ensure compliance.
What steps should the Engineer take to meet this requirement with the LEAST administrative overhead?

1. A. Use AWS Systems Manager Configuration Complianc
2. B. Use calls to the put-compliance- items API action to scan and build a database of noncompliant EC2 instances based on their host placement configuratio
3. C. Use an Amazon DynamoDB table to store these instance IDs for fast acces
4. D. Generate a report through Systems Manager by calling the list-compliance- summaries API action.
5. E. Use custom Java code running on an EC2 instanc
6. F. Set up EC2 Auto Scaling for the instance depending on the number of instances to be checke
7. G. Send the list of noncompliant EC2 instance IDs to an Amazon SQS queu
8. H. Set up another worker instance to process instance IDs from the SQS queue and write them to Amazon DynamoD
9. I. Use an AWS Lambda function to terminate noncompliant instance IDs obtained from the queue, and send them to an Amazon SNS email topic for distribution.
10. J. Use AWS Confi
11. K. Identify all EC2 instances to be audited by enabling Config Recording on all Amazon EC2 resources for the regio
12. L. Create a custom AWS Config rule that triggers an AWS Lambda function by using the "config-rule-change-triggered" blueprin
13. M. Modify the Lambda evaluateCompliance () function to verify host placement to return a NON_COMPLIANT result if the instance is not running on an EC2 Dedicated Hos
14. N. Use the AWS Config report to address noncompliant instances.
15. O. Use AWS CloudTrai
16. P. Identify all EC2 instances to be audited by analyzing all calls to the EC2 RunCommand API actio
17. Q. Invoke an AWS Lambda function that analyzes the host placement of the instanc
18. R. Store the EC2 instance ID of noncompliant resources in an Amazon RDS MySOL DB instanc
19. S. Generate a report by querying the RDS instance and exporting the query results to a CSV text file.

Correct Answer: C

A DevOps Engineer is implementing a mechanism for canary testing an application on AWS. The application was recently modified and went through security, unit, and functional testing. The application needs to be deployed on an AutoScaling group and must use a Classic Load Balancer.
Which design meets the requirement for canary testing?

1. A. Create a different Classic Load Balancer and Auto Scaling group for blue/green environment
2. B. Use Amazon Route 53 and create weighted A records on Classic Load Balancer.
3. C. Create a single Classic Load Balancer and an Auto Scaling group for blue/green environment
4. D. Use Amazon Route 53 and create A records for Classic Load Balancer IP
5. E. Adjust traffic using A records.
6. F. Create a single Classic Load Balancer and an Auto Scaling group for blue/green environment
7. G. Create an Amazon CloudFront distribution with the Classic Load Balancer as the origi
8. H. Adjust traffic using CloudFront.
9. I. Create a different Classic Load Balancer and Auto Scaling group for blue/green environment
10. J. Create an Amazon API Gateway with a separate stage for the Classic Load Balance
11. K. Adjust traffic by giving weights to this stage.

Correct Answer: A

The Development team at an online retailer has moved to Business support and want to take advantage of the AWS Health Dashboard and the AWS Health API to automate remediation actions for issues with the health of AWS resources. The first use case is to respond to AWS detecting an IAM access key that is listed on a public code repository site. The automated response will be to delete the IAM access key and send a notification to the Security team.
How should this be achieved?

1. A. Create an AWS Lambda function to delete the IAM access ke
2. B. Send AWS CloudTrail logs to AWS CloudWatch log
3. C. Create a CloudWatch Logs metric filter for the AWS_RISK_CREDENTIALS_EXPOSED event with two actions: first, run the Lambda function; second, use Amazon SNS to send a notification to the Security team.
4. D. Create an AWS Lambda function to delete the IAM access ke
5. E. Create an AWS Config rule for changes to aws.health and the AWS_RISK_CREDENTIALS_EXPOSED event with two actions: first, run the Lambda function; second, use Amazon SNS to send a notification to the Security team.
6. F. Use AWS Step Functions to create a function to delete the IAM access key, and then use Amazon SNS to send a notification to the Security tea
7. G. Create an AWS Personal Health Dashboard rule for the AWS_RISK_CREDENTIALS_EXPOSED event; set the target of the Personal Health Dashboard rule to Step Functions.
8. H. Use AWS Step Functions to create a function to delete the IAM access key, and then use Amazon SNS to send a notification to the Security tea
9. I. Create an Amazon CloudWatch Events rule with an aws.health event source and the AWS_RISK_CREDENTIALS_EXPOSED event, set the target of the CloudWatch Events rule to Step Functions.

Correct Answer: A

A DevOps engineer is architecting a continuous development strategy for a company's software as a service (SaaS) web application running on AWS. For application and security reasons, users subscribing to this application are distributed across multiple Application Load Balancers (ALBs), each of which has a dedicated Auto Scaling group and fleet of Amazon EC2 instances. The application does not require a build stage, and when it is committed to AWS CodeCommit, the application must trigger a simultaneous deployment to all ALBs. Auto Scaling groups, and EC2 fleets.
Which architecture will meet these requirements with the LEAST amount of configuration?

1. A. Create a single AWS CodePipeline pipeline that deploys the application in parallel using unique AWS CodeDeploy applications and deployment groups created for each ALB-Auto Scaling group pair.
2. B. Create a single AWS CodePipeline pipeline that deploys the application using a single AWS CodeDeploy application and single deployment group.
3. C. Create a single AWS CodePipeline pipeline that deploys the application in parallel using a single AWS CodeDeploy application and unique deployment group for each ALB-Auto Scaling group pair.
4. D. Create an AWS CodePipeline pipeline for each ALB-Auto Scaling group pair that deploys the application using an AWS CodeDeploy application and deployment group created for the same ALB-Auto Scaling group pair.

Correct Answer: C

A DevOps Engineer is responsible for the deployment of a PHP application. The Engineer is working in a hybrid deployment, with the application running on both on-premises servers and Amazon EC2 instances. The application needs access to a database containing highly confidential information. Application instances need access to database credentials, which must be encrypted at rest and in transit before reaching the instances.
How should the Engineer automate the deployment process while also meeting the security requirements?

1. A. Use AWS Elastic Beanstalk with a PHP platform configuration to deploy application packages to theinstance
2. B. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data typ
3. C. Define an IAM role for Amazon EC2 allowing access, and decrypt only the database credential
4. D. Associate this role to all the instances.
5. E. Use AWS CodeDeploy to deploy application packages to the instance
6. F. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data typ
7. G. Define an IAM policy for allowing access, and decrypt only the database credential
8. H. Attach the IAM policy to the role associated to the instance profile for CodeDeploy-managed instances, and to the role used for on-premises instances registration on CodeDeploy.
9. I. Use AWS CodeDeploy to deploy application packages to the instance
10. J. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data typ
11. K. Define an IAM role with an attached policy that allows decryption of the database credential
12. L. Associate this role to all the instances and on-premises servers.
13. M. Use AWS CodeDeploy to deploy application packages to the instance
14. N. Store database credentials in the AppSpec fil
15. O. Define an IAM policy for allowing access to only the database credential
16. P. Attach the IAM policy to the role associated to the instance profile for CodeDeploy-managed instances and the role used for on-premises instances registration on CodeDeploy

Correct Answer: B