A company has deployed a critical application in two AWS Regions. The application uses an Application Load Balancer (ALB) in both Regions. The company has Amazon Route 53 alias DNS records for both ALBs.
The company uses Amazon Route 53 Application Recovery Controller to ensure that the application can fail over between the two Regions. The Route 53 ARC configuration includes a routing control for both Regions. The company uses Route 53 ARC to perform quarterly disaster recovery (DR) tests.
During the most recent DR test, a DevOps engineer accidentally turned off both routing controls. The company needs to ensure that at least one routing control is turned on at all times.
Which solution will meet these requirements?

1. A. In Route 53 AR
2. B. create a new assertion safety rul
3. C. Apply the assertion safety rule to the two routing control
4. D. Configure the rule with the ATLEAST type with a threshold of 1.
5. E. In Route 53 ARC, create a new gating safety rul
6. F. Apply the assertion safety rule to the two routing control
7. G. Configure the rule with the OR type with a threshold of 1.
8. H. In Route 53 ARC, create a new resource se
9. I. Configure the resource set with an AWS: Route53: HealthCheck resource typ
10. J. Specify the ARNs of the two routing controls as the target resourc
11. K. Create a new readiness check for the resource set.
12. L. In Route 53 ARC, create a new resource se
13. M. Configure the resource set with an AWS: Route53RecoveryReadiness: DNSTargetResource resource typ
14. N. Add the domain names of the two Route 53 alias DNS records as the target resourc
15. O. Create a new readiness check for the resource set.

Correct Answer: A
The correct solution is to create a new assertion safety rule in Route 53 ARC and apply it to the two routing controls. An assertion safety rule is a type of safety rule that ensures that a minimum number of routing controls are always enabled. The ATLEAST type of assertion safety rule specifies the minimum number of routing controls that must be enabled for the rule to evaluate as healthy. By setting the threshold to 1, the rule ensures that at least one routing control is always turned on. This prevents the scenario where both routing controls are accidentally turned off and the application becomes unavailable in both Regions.
The other solutions are incorrect because they do not use safety rules to prevent both routing controls from being turned off. A gating safety rule is a type of safety rule that prevents routing control state changes that violate the rule logic. The OR type of gating safety rule specifies that one or more routing controls must be enabled for the rule to evaluate as healthy. However, this rule does not prevent a user from turning off both routing controls manually. A resource set is a collection of resources that are tested for readiness by Route 53 ARC. A readiness check is a test that verifies that all the resources in a resource set are operational. However, these concepts are not related to routing control states or safety rules. Therefore, creating a new resource set and a new readiness check will not ensure that at least one routing control is turned on at all times. References:
✑ Routing control in Amazon Route 53 Application Recovery Controller
✑ Viewing and updating routing control states in Route 53 ARC
✑ Creating a control panel in Route 53 ARC
✑ Creating safety rules in Route 53 ARC

A company is examining its disaster recovery capability and wants the ability to switch over its daily operations to a secondary AWS Region. The company uses AWS CodeCommit as a source control tool in the primary Region.
A DevOps engineer must provide the capability for the company to develop code in the secondary Region. If the company needs to use the secondary Region, developers can add an additional remote URL to their local Git configuration.
Which solution will meet these requirements?

1. A. Create a CodeCommit repository in the secondary Regio
2. B. Create an AWS CodeBuild project to perform a Git mirror operation of the primary Region's CodeCommit repository to the secondary Region's CodeCommit repositor
3. C. Create an AWS Lambda function that invokes the CodeBuild projec
4. D. Create an Amazon EventBridge rule that reacts to merge events in the primary Region's CodeCommit repositor
5. E. Configure the EventBridge rule to invoke the Lambda function.
6. F. Create an Amazon S3 bucket in the secondary Regio
7. G. Create an AWS Fargate task to perform a Git mirror operation of the primary Region's CodeCommit repository and copy the result to the S3 bucke
8. H. Create an AWS Lambda function that initiates the Fargate tas
9. I. Create an Amazon EventBridge rule that reacts to merge events in the CodeCommitrepositor
10. J. Configure the EventBridge rule to invoke the Lambda function.
11. K. Create an AWS CodeArtifact repository in the secondary Regio
12. L. Create an AWS CodePipeline pipeline that uses the primary Region's CodeCommit repository for the source actio
13. M. Create a Cross-Region stage in the pipeline that packages the CodeCommit repository contents and stores the contents in the CodeArtifact repository when a pull request is merged into the CodeCommit repository.
14. N. Create an AWS Cloud9 environment and a CodeCommit repository in the secondary Regio
15. O. Configure the primary Region's CodeCommit repository as a remote repository in the AWS Cloud9 environmen
16. P. Connect the secondary Region's CodeCommit repository to the AWS Cloud9 environment.

Correct Answer: A
The best solution to meet the disaster recovery capability and allow developers to switch over to a secondary AWS Region for code development is option A. This involves creating a CodeCommit repository in the secondary Region and setting up an AWS CodeBuild project to perform a Git mirror operation of the primary Region’s CodeCommit repository to the secondary Region’s repository. An AWS Lambda function is then created to invoke the CodeBuild project. Additionally, an Amazon EventBridge rule is configured to react to merge events in the primary Region’s CodeCommit repository and invoke the Lambda function12. This setup ensures that the secondary Region’s repository is always up-to-date with the primary repository, allowing for a seamless transition in case of a disaster recovery event1.
References:
✑ AWS CodeCommit User Guide on resilience and disaster recovery1.
✑ AWS Documentation on monitoring CodeCommit events in Amazon EventBridge and Amazon CloudWatch Events2.

A DevOps engineer has implemented a Cl/CO pipeline to deploy an AWS Cloud Format ion template that provisions a web application. The web application consists of an Application Load Balancer (ALB) a target group, a launch template that uses an Amazon Linux 2 AMI an Auto Scaling group of Amazon EC2 instances, a security group and an Amazon RDS for MySQL database The launch template includes user data that specifies a script to install and start the application.
The initial deployment of the application was successful. The DevOps engineer made changes to update the version of the application with the user data. The CI/CD pipeline has deployed a new version of the template However, the health checks on the ALB are now failing The health checks have marked all targets as unhealthy.
During investigation the DevOps engineer notices that the Cloud Formation stack has a status of UPDATE_COMPLETE. However, when the DevOps engineer connects to one of the EC2 instances and checks /varar/log messages, the DevOps engineer notices that the Apache web server failed to start successfully because of a configuration error
How can the DevOps engineer ensure that the CloudFormation deployment will fail if the user data fails to successfully finish running?

1. A. Use the cfn-signal helper script to signal success or failure to CloudFormation Use the WaitOnResourceSignals update policy within the CloudFormation template Set an appropriate timeout for the update policy.
2. B. Create an Amazon CloudWatch alarm for the UnhealthyHostCount metri
3. C. Include an appropriate alarm threshold for the target group Create an Amazon Simple Notification Service (Amazon SNS) topic as the target to signal success or failure to CloudFormation
4. D. Create a lifecycle hook on the Auto Scaling group by using the AWS AutoScaling LifecycleHook resource Create an Amazon Simple Notification Service (Amazon SNS) topic as the target to signal success or failure to CloudFormation Set an appropriate timeout on the lifecycle hook.
5. E. Use the Amazon CloudWatch agent to stream the cloud-init logs Create a subscription filter that includes an AWS Lambda function with an appropriate invocation timeout Configure the Lambda function to use the SignalResource API operation to signal success or failure to CloudFormation.

Correct Answer: A
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html

A company's DevOps engineer uses AWS Systems Manager to perform maintenance tasks during maintenance windows. The company has a few Amazon EC2 instances that require a restart after notifications from AWS Health. The DevOps engineer needs to implement an automated solution to remediate these notifications. The DevOps engineer creates an Amazon EventBridge rule.
How should the DevOps engineer configure the EventBridge rule to meet these requirements?

1. A. Configure an event source of AWS Health, a service of EC2. and an event type that indicates instance maintenanc
2. B. Target a Systems Manager document to restart the EC2 instance.
3. C. Configure an event source of Systems Manager and an event type that indicates a maintenance windo
4. D. Target a Systems Manager document to restart the EC2 instance.
5. E. Configure an event source of AWS Health, a service of EC2, and an event type that indicates instance maintenanc
6. F. Target a newly created AWS Lambda function thatregisters an automation task to restart the EC2 instance during a maintenance window.
7. G. Configure an event source of EC2 and an event type that indicates instance maintenanc
8. H. Target a newly created AWS Lambda function that registers an automation task to restart the EC2 instance during a maintenance window.

Correct Answer: C
AWS Health provides real-time events and information related to your AWS infrastructure. It can be integrated with Amazon EventBridge to act upon the health events automatically. If the maintenance notification from AWS Health indicates that an EC2 instance requires a restart, you can set up an EventBridge rule to respond to such events. In this case, the target of this rule would be a Lambda function that would trigger a Systems Manager automation to restart the EC2 instance during a maintenance window. Remember, AWS Health is the source of the events (not EC2 or Systems Manager), and AWS Lambda can be used to execute complex remediation tasks, such as scheduling maintenance tasks via Systems Manager.
The following are the steps involved in configuring the EventBridge rule to meet these requirements:
✑ Configure an event source of AWS Health, a service of EC2, and an event type that indicates instance maintenance.
✑ Target a newly created AWS Lambda function that registers an automation task to restart the EC2 instance during a maintenance window.
The AWS Lambda function will be triggered by the event from AWS Health. The function will then register an automation task to restart the EC2 instance during the next maintenance window.

A DevOps engineer needs to apply a core set of security controls to an existing set of AWS accounts. The accounts are in an organization in AWS Organizations. Individual teams will administer individual accounts by using the AdministratorAccess AWS managed policy. For all accounts. AWS CloudTrail and AWS Config must be turned on in all available AWS Regions. Individual account administrators must not be able to edit or delete any of the baseline resources. However, individual account administrators must be able to edit or delete their own CloudTrail trails and AWS Config rules.
Which solution will meet these requirements in the MOST operationally efficient way?

1. A. Create an AWS CloudFormation template that defines the standard account resource
2. B. Deploy the template to all accounts from the organization's management account by using CloudFormation StackSet
3. C. Set the stack policy to deny Update:Delete actions.
4. D. Enable AWS Control Towe
5. E. Enroll the existing accounts in AWS Control Towe
6. F. Grant the individual account administrators access to CloudTrail and AWS Config.
7. G. Designate an AWS Config management accoun
8. H. Create AWS Config recorders in all accounts by using AWS CloudFormation StackSet
9. I. Deploy AWS Config rules to the organization by using the AWS Config management accoun
10. J. Create a CloudTrail organization trail in the organization’s management accoun
11. K. Deny modification or deletion of the AWS Config recorders by using an SCP.
12. L. Create an AWS CloudFormation template that defines the standard account resource
13. M. Deploy the template to all accounts from the organization's management account by using Cloud Formation StackSets Create an SCP that prevents updates or deletions to CloudTrail resources or AWS Config resources unless the principal is an administrator of the organization's management account.

Correct Answer: D