A company has a hybrid architecture solution in which some legacy systems remain on-premises, while a specific cluster of servers is moved to AWS. The company cannot reconfigure the legacy systems, so the cluster nodes must have a fixed hostname and local IP address for each server that is part of the cluster.
The DevOps Engineer must automate the configuration for a six-node cluster with high availability across three Availability Zones (AZs), placing two elastic network interfaces in a specific subnet for each AZ. Each node's hostname and local IP address should remain the same between reboots or instance failures.
Which solution involves the LEAST amount of effort to automate this task?

1. A. Create an AWS Elastic Beanstalk application and a specific environment for each server of the cluster.For each environment, give the hostname, elastic network interface, and AZ as input parameter
2. B. Use the local health agent to name the instance and attach a specific elastic network interface based on the current environment.
3. C. Create a reusable AWS CloudFormation template to manage an Amazon EC2 Auto Scaling group with a minimum size of 1 and a maximum size of 1. Give the hostname, elastic network interface, and AZ as stack parameter
4. D. Use those parameters to set up an EC2 instance with EC2 Auto Scaling and a user datascript to attach to the specific elastic network interfac
5. E. Use CloudFormation nested stacks to nest the template six times for a total of six nodes needed for the cluster, and deploy using the master template.
6. F. Create an Amazon DynamoDB table with the list of hostnames subnets, and elastic network interfaces to be use
7. G. Create a single AWS CloudFormation template to manage an Auto Scaling group with a minimum size of 6 and a maximum size of 6. Create a programmatic solution that is installed in each instance that will lock/release the assignment of each hostname and local IP address, depending on the subnet in which a new instance will be launched.
8. H. Create a reusable AWS CLI script to launch each instance individually, which will name the instance, place it in a specific AZ, and attach a specific elastic network interfac
9. I. Monitor the instances and in the event of failure, replace the missing instance manually by running the script again.

Correct Answer: B

An online retail company based in the United States plans to expand its operations to Europe and Asia in the next six months. Its product currently runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. All data is stored in an Amazon Aurora database instance.
When the product is deployed in multiple regions, the company wants a single product catalog across all regions, but for compliance purposes, its customer information and purchases must be kept in each region.
How should the company meet these requirements with the LEAST amount of application changes?

1. A. Use Amazon Redshift for the product catalog and Amazon DynamoDB tables for the customer information and purchases.
2. B. Use Amazon DynamoDB global tables for the product catalog and regional tables for the customer information and purchases
3. C. Use Aurora with read replicas for the product catalog and additional local Aurora instances in each region for the customer information and purchases.
4. D. Use Aurora for the product catalog and Amazon DynamoDB global tables for the customer information and purchases.

Correct Answer: C

A development team wants to deploy an application using AWS CloudFormation stacks, but the developer IAM role does not currently have the required permissions to provision the resources specified in the CloudFormation template. A DevOps engineer is tasked with allowing developers to deploy the stacks while following the principal of least privilege.
Which solution will meet these requirements?

1. A. Create an IAM policy that allows developers to provision the required resource
2. B. Attach the policy to the developer role.
3. C. Create an IAM policy that allows full access to CloudFormatio
4. D. Attach the policy to the developer role.
5. E. Create a new IAM role with the required permissions to use as a CloudFormation service rol
6. F. Grant the developer role a cloudformation:* action.
7. G. Create a new IAM role with the required permissions to use as a CloudFormation service rol
8. H. Grant the developer role the iam:PassRole permission.

Correct Answer: C
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html

An application is running on Amazon EC2. It has an attached IAM role that is receiving an AccessDenied error while trying to access a SecureString parameter resource in the AWS Systems Manager Parameter Store. The SecureString parameter is encrypted with a customer-managed Customer Master Key (CMK),
What steps should the DevOps Engineer take to grant access to the role while granting least privilege? (Select three.)

1. A. Set ssm:GetParamter for the parameter resource in the instance role's IAM policy.
2. B. Set kms:Decrypt for the instance role in the customer-managed CMK policy.
3. C. Set kms:Decrypt for the customer-managed CMK resource in the role's IAM policy.
4. D. Set ssm:DecryptParameter for the parameter resource in the instance role IAM policy.
5. E. Set kms:GenerateDataKey for the user on the AWS managed SSM KMS key.
6. F. Set kms:Decrypt for the parameter resource in the customer-managed CMK policy.

Correct Answer: ABC

A DevOps engineer is currently running a container-based workload on-premises The engineer wants to move the application to AWS, but needs to keep the on-premises solution active because not all APIs will move at the same time. The traffic between AWS and the on-premises network should be secure and encrypted at all times. Low management overload is also a requirement.
Which combination of actions will meet these criteria? (Select THREE.)

1. A. Create a Network Load Balancer an
2. B. for each service, create a listener that points to the correct set of containers either in AWS or on-premises.
3. C. Create an Application Load Balancer and, for each service, create a listener that points to the correct set of containers either in AWS or on-premises.
4. D. Host the AWS containers in Amazon ECS with an EC2 launch type.
5. E. Host the AWS containers in Amazon ECS with a Fargate launch type
6. F. Use Amazon API Gateway to front the workload, and create a VPC link so API Gateway can forward API calls to the on-premises network through a VPN connection.
7. G. Use Amazon API Gateway to front the workload, and set up public endpoints for the on-premises APIs so API Gateway can access them.

Correct Answer: BDF