A DevOps engineer has automated a web service deployment using AWS CodePipelme with the following steps:
• An AWS CodeBuild project compiles the deployment artifact and runs unit tests.
• An AWS CodeDeploy deployment group deploys the web service to Amazon EC2 instances in the staging environment.
• A CodeDeploy deployment group deploys the web service to EC2 instances in the production environment The quality assurance (QA) team has asked for permission to inspect the build artifact before the deployment to the production environment occurs. The OA team wants to run an internal automated penetration testing tool (invoked using a REST API call) to run some manual tests.
Which combination of actions will fulfill this request? (Select TWO.)

1. A. Insert a manual approval action between the test and deployment actions of Jtue pipeline.
2. B. Modify the buildspec.yml file for the compilation stage to require manual approval before completion.
3. C. Update the CodeDeploy deployment group so it requires manual approval to proceed
4. D. Update the pipeline to directly trigger the REST API for the automated penetration testing tool.
5. E. Update the pipeline to invoke a Lambda function that triggers the REST API for the automated penetration testing tool.

Correct Answer: BD

A company develops and maintains a web application using Amazon EC2 instances and an Amazon RDS for SQL Server DB instance in a single Availability Zone The resources need to run only when new deployments are being tested using AWS CodePipeline. Testing occurs one or more times a week and each test takes 2-3 hours to run. A DovOps engineer wants a solution that does not change the architecture components.
Which solution will meet these requirements in the MOST cost-effective manner?

1. A. Convert the RDS database to an Amazon Aurora Serverless database Use an AWS Lambda function to start and stop the EC2 instances before and after tests
2. B. Put the EC2 instances into an Auto Scaling grou
3. C. Schedule scaling to run at the start of the deployment tests.
4. D. Replace the EC2 instances with EC2 Spot Instances and the RDS database with an RDS Reserved Instance.
5. E. Subscribe Amazon CloudWatch Events to CodePipeline to trigger AWS Systems Manager Automation documents that start and stop all EC2 and RDS instances before and after deployment tests.

Correct Answer: A

You have deployed an application to AWS which makes use of Autoscaling to launch new instances. You now want to change the instance type for the new instances. Which of the following is one of the action items to achieve this deployment?

1. A. Use Elastic Beanstalk to deploy the new application with the new instance type
2. B. Use Cloudformation to deploy the new application with the new instance type
3. C. Create a new launch configuration with the new instance type
4. D. Create new EC2 instances with the new instance type and attach it to the Autoscaling Group

Correct Answer: C
The ideal way is to create a new launch configuration, attach it to the existing Auto Scaling group, and terminate the running instances.
Option A is invalid because Clastic beanstalk cannot launch new instances on demand. Since the current scenario requires Autoscaling, this is not the ideal option
Option B is invalid because this will be a maintenance overhead, since you just have an Autoscaling Group.
There is no need to create a whole Cloudformation
template for this.
Option D is invalid because Autoscaling Group will still launch CC2 instances with the older launch configuration
For more information on Autoscaling Launch configuration, please refer to the below document link: from AWS
http://docs.aws.amazon.com/autoscaling/latest/userguide/l_aunchConfiguration.html

A Developer is maintaining a fleet of 50 Amazon EC2 Linux servers. The servers are part of an Amazon EC2 Auto Scaling group, and also use Elastic Load Balancing for load balancing.
Occasionally, some application servers are being terminated after failing ELB HTTP health checks. The Developer would like to perform a root cause analysis on the issue, but before being able to access application logs, the server is terminated.
How can log collection be automated?

1. A. Use Auto Scaling lifecycle hooks to put instances in a Pending:Wait stat
2. B. Create an Amazon CloudWatch Alarm for EC2 Instance Terminate and trigger an AWS Lambda function that executes an SSM Run Command script to collect logs, push them to Amazon S3, and complete the Successful lifecycle action once logs are collected.
3. C. Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait stat
4. D. Create a Config rule for EC2 Instance-terminate Lifecycle and trigger a step function that executes a script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collecte
5. E. Action
6. F. Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait stat
7. G. Create an Amazon CloudWatch subscription filter for EC2 Instance and trigger a CloudWatch agent that executes a script to called logs, push them to Amazon S3, and complete the lifecycle action Terminate Successful once logs are collected.
8. H. Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait stat
9. I. Create an Amazon CloudWatch Events rule for EC2 Instance- and trigger an AWS Lambda function that executes a SSM Run Command script to collect logs, push them to Amazon S3, terminate Lifecycle Action and complete the lifecycle action once logs are collected.

Correct Answer: D
https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html

For auditing, analytics, and troubleshooting purposes, a DevOps Engineer for a data analytics application needs to collect all of the application and Linux system logs from the Amazon EC2 instances before termination. The company, on average, runs 10,000 instances in an Auto Scaling group. The company requires the ability to quickly find logs based on instance IDs and date ranges.
Which is the MOST cost-effective solution?

1. A. Create an EC2 Instance-terminate Lifecycle Action on the group, write a termination script for pushing logs into Amazon S3, and trigger an AWS Lambda function based on S3 PUT to create a catalog of log files in an Amazon DynamoDB table with the primary key being Instance ID and sort key being Instance Termination Date.
2. B. Create an EC2 Instance-terminate Lifecycle Action on the group, write a termination script for pushing logs into Amazon CloudWatch Logs, create a CloudWatch Events rule to trigger an AWS Lambda function to create a catalog of log files in an Amazon DynamoDB table with the primary key being Instance ID and sort key being Instance Termination Date.
3. C. Create an EC2 Instance-terminate Lifecycle Action on the group, create an Amazon CloudWatch Events rule based on it to trigger an AWS Lambda function for storing the logs in Amazon S3, and create a catalog of log files in an Amazon DynamoDB table with the primary key being Instance ID and sort key being Instance Termination Date.
4. D. Create an EC2 Instance-terminate Lifecycle Action on the group, push the logs into Amazon Kinesis Data Firehouse, and select Amazon ES as the destination for providing storage and search capability.

Correct Answer: C
https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html