An IT team has built an AWS CloudFormation template so others in the company can quickly and reliably deploy and terminate an application. The template creates an Amazon EC2 instance with a user data script to install the application and an Amazon S3 bucket that the application uses to serve static webpages while it is running.
All resources should be removed when the CloudFormation stack is deleted. However, the team observes that CloudFormation reports an error during stack deletion, and the S3 bucket created by the stack is not deleted.
How can the team resolve the error in the MOST efficient manner to ensure that all resources are deleted without errors?

1. A. Add a DelelionPolicy attribute to the S3 bucket resource, with the value Delete forcing the bucket to be removed when the stack is deleted.
2. B. Add a custom resource with an AWS Lambda function with the DependsOn attribute specifying the S3 bucket, and an IAM rol
3. C. Write the Lambda function to delete all objects from the bucket when RequestType is Delete.
4. D. Identify the resource that was not delete
5. E. Manually empty the S3 bucket and then delete it.
6. F. Replace the EC2 and S3 bucket resources with a single AWS OpsWorks Stacks resourc
7. G. Define a custom recipe for the stack to create and delete the EC2 instance and the S3 bucket.

Correct Answer: B
https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-s3-custom-resources/

A DevOps engineer is building a continuous deployment pipeline for a serverless application that uses AWS Lambda functions. The company wants to reduce the customer impact of an unsuccessful deployment. The company also wants to monitor for issues.
Which deploy stage configuration will meet these requirements?

1. A. Use an AWS Serverless Application Model (AWS SAM) template to define the serverless applicatio
2. B. Use AWS CodeDeploy to deploy the Lambda functions with the Canary10Percent15Minutes Deployment Preference Typ
3. C. Use Amazon CloudWatch alarms to monitor the health of the functions.
4. D. Use AWS CloudFormation to publish a new stack update, and include Amazon CloudWatch alarms on all resource
5. E. Set up an AWS CodePipeline approval action for a developer to verify and approve the AWS CloudFormation change set.
6. F. Use AWS CloudFormation to publish a new version on every stack update, and include Amazon CloudWatch alarms on all resource
7. G. Use the RoutingConfig property of the AWS::Lambda::Alias resource to update the traffic routing during the stack update.
8. H. Use AWS CodeBuild to add sample event payloads for testing to the Lambda function
9. I. Publish a new version of the functions, and include Amazon CloudWatch alarm
10. J. Update the production alias to point to the new versio
11. K. Configure rollbacks to occur when an alarm is in the ALARM state.

Correct Answer: D
Use routing configuration on an alias to send a portion of traffic to a second function version. For example, you can reduce the risk of deploying a new version by configuring the alias to send most of the traffic to the existing version, and only a small percentage of traffic to the new version. https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html
The following are the steps involved in the deploy stage configuration that will meet the requirements:
✑ Use AWS CodeBuild to add sample event payloads for testing to the Lambda
functions.
✑ Publish a new version of the functions, and include Amazon CloudWatch alarms.
✑ Update the production alias to point to the new version.
✑ Configure rollbacks to occur when an alarm is in the ALARM state.
This configuration will help to reduce the customer impact of an unsuccessful deployment
by deploying the new version of the functions to a staging environment first. This will allow the DevOps engineer to test the new version of the functions before deploying it to production.
The configuration will also help to monitor for issues by including Amazon CloudWatch alarms. These alarms will alert the DevOps engineer if there are any problems with the new version of the functions.

A company's DevOps engineer is working in a multi-account environment. The company uses AWS Transit Gateway to route all outbound traffic through a network operations account. In the network operations account all account traffic passes through a firewall appliance for inspection before the traffic goes to an internet gateway.
The firewall appliance sends logs to Amazon CloudWatch Logs and includes event
seventies of CRITICAL, HIGH, MEDIUM, LOW, and INFO. The security team wants to receive an alert if any CRITICAL events occur.
What should the DevOps engineer do to meet these requirements?

1. A. Create an Amazon CloudWatch Synthetics canary to monitor the firewall stat
2. B. If the firewall reaches a CRITICAL state or logs a CRITICAL event use a CloudWatch alarm to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic Subscribe the security team's email address to the topic.
3. C. Create an Amazon CloudWatch metric filter by using a search for CRITICAL events Publish a custom metric for the findin
4. D. Use a CloudWatch alarm based on the custom metric to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topi
5. E. Subscribe the security team's email address to the topic.
6. F. Enable Amazon GuardDuty in the network operations accoun
7. G. Configure GuardDuty to monitor flow logs Create an Amazon EventBridge event rule that is invoked by GuardDuty events that are CRITICAL Define an Amazon Simple Notification Service (Amazon SNS) topic as a target Subscribe the security team's email address to the topic.
8. H. Use AWS Firewall Manager to apply consistent policies across all account
9. I. Create an Amazo
10. J. EventBridge event rule that is invoked by Firewall Manager events that are CRITICAL Define an Amazon Simple Notification Service (Amazon SNS) topic as a target Subscribe the security team's email address to the topic.

Correct Answer: B
"The firewall appliance sends logs to Amazon CloudWatch Logs and includes event severities of CRITICAL, HIGH, MEDIUM, LOW, and INFO"

A company is testing a web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The company uses a blue green deployment process with immutable instances when deploying new software.
During testing users are being automatically logged out of the application at random times. Testers also report that when a new version of the application is deployed all users are logged out. The development team needs a solution to ensure users remain logged m across scaling events and application deployments.
What is the MOST operationally efficient way to ensure users remain logged in?

1. A. Enable smart sessions on the load balancer and modify the application to check tor an existing session.
2. B. Enable session sharing on the toad balancer and modify the application to read from the session store.
3. C. Store user session information in an Amazon S3 bucket and modify the application to read session information from the bucket.
4. D. Modify the application to store user session information in an Amazon ElastiCache cluster.

Correct Answer: D
https://aws.amazon.com/caching/session-management/

A company wants to use AWS CloudFormation for infrastructure deployment. The company has strict tagging and resource requirements and wants to limit the deployment to two Regions. Developers will need to deploy multiple versions of the same application.
Which solution ensures resources are deployed in accordance with company policy?

1. A. Create AWS Trusted Advisor checks to find and remediate unapproved CloudFormation StackSets.
2. B. Create a Cloud Formation drift detection operation to find and remediate unapproved CloudFormation StackSets.
3. C. Create CloudFormation StackSets with approved CloudFormation templates.
4. D. Create AWS Service Catalog products with approved CloudFormation templates.

Correct Answer: D
service catalog uses stacksets and can enforce tag and restrict resources AWS Customer case with tag enforcement https://aws.amazon.com/ko/blogs/apn/enforce-centralized-tag-compliance-using-aws-service-catalog-amazon-dynamodb-aws-lambda- and-amazon-cloudwatch-events/ And Youtube video showing how to restrict resources per user with portfolio https://www.youtube.com/watch?v=LzvhTcqqyog