A DevOps engineer has automated a web service deployment using AWS CodePipelme with the following steps:
* An AWS CodeBuild project compiles the deployment artifact and runs unit tests.
* An AWS CodeDeploy deployment group deploys the web service to Amazon EC2 instances in the staging environment.
* A CodeDeploy deployment group deploys the web service to EC2 instances in the production environment
The quality assurance (QA) team has asked for permission to inspect the build artifact before the deployment to the production environment occurs. The OA team wants to run an internal automated penetration testing tool (invoked using a REST API call) to run some manual tests.
Which combination of actions will fulfill this request? (Select TWO.)

• A.Insert a manual approval action between the test and deployment actions of Jtue pipeline.
• B.Update the CodeDeploy deployment group so it requires manual approval to proceed
• C.Modify the buildspec.yml file for the compilation stage to require manual approval before completion.
• D.Update the pipeline to invoke a Lambda function that triggers the REST API for the automated penetration testing tool.
• E.Update the pipeline to directly trigger the REST API for the automated penetration testing tool.

Comment: *

Name: *

Email: *

Verification: *

You run a 2000-engineer organization. You are about to begin using AWS at a large scale for the first time. You want to integrate with your existing identity management system running on Microsoft Active Directory, because your organization is a power-user of Active Directory. How should you manage your AWS identities in the most simple manner?

• A.Use a large AWS Directory Service Simple AD.
• B.Use a large AWS Directory Service AD Connector.
• C.Use an Sync Domain running on AWS Directory Service.
• D.Use an AWS Directory Sync Domain running on AWS Lambda

Comment: *

Name: *

Email: *

Verification: *

A company is using AWS Organizations and wants to implement a governance strategy with the following requirements:
* AWS resource access is restricted to the same two Regions for all accounts.
* AWS services are limited to a specific group of authorized services for all accounts.
* Authentication is provided by Active Directory.
* Access permissions are organized by job function and are identical in each account.
Which solution will meet these requirements?

• A.Establish a service control policy in the master account to restrict Regions and authorized services. Use CloudFormation StackSet to provision roles with permissions for each job function, including an IAM trust policy for IAM identity provider authentication in each account.
• B.Establish a permission boundary in the master account to restrict Regions and authorized services. Use AWS CloudFormation StackSet to provision roles with permissions for each job function, including an IAM trust policy for IAM identity provider authentication in each account.
• C.Establish a service control policy in the master account to restrict Regions and authorized services. Use AWS Resource Access Manager to share master account roles with permissions for each job function, including AWS SSO for authentication in each account.
• D.Establish an organizational unit (OU) with group policies in the master account to restrict Regions and authorized services. Use AWS Cloud Formation StackSets to provision roles with permissions for each job function, including an IAM trust policy for IAM identity provider authentication in each account.

Comment: *

Name: *

Email: *

Verification: *

A DevOps Engineer needs to deploy a scalable three-tier Node.js application in AWS. The application must have zero downtime during deployments and be able to roll back to previous versions. Other applications will also connect to the same MySQL backend database.
The CIO has provided the following guidance for logging:
* Centrally view all current web access server logs.
* Search and filter web and application logs in near-real time.
* Retain log data for three months.
How should these requirements be met?

• A.Deploy the application on Amazon EC2. Configure Elastic Load Balancing and Auto Scaling. Use an Amazon RDS MySQL instance for the database tier. Configure the application to load streaming log data using Amazon Kinesis Data Firehouse into Amazon ES. Delete and create a new Amazon ES domain every
  90 days.
• B.Deploy the application on Amazon EC2. Configure Elastic Load Balancing and Auto Scaling. Use an Amazon RDS MySQL instance for the database tier. Configure the application to store log files in Amazon S3. Use Amazon EMR to search and filter the data. Set an Amazon S3 lifecycle rule to expire objects after
  90 days.
• C.Deploy the application using AWS Elastic Beanstalk. Configure the environment type for Elastic Load Balancing and Auto Scaling. Create an Amazon RDS MySQL instance inside the Elastic Beanstalk stack.
  Configure the Elastic Beanstalk log options to stream logs to Amazon CloudWatch Logs. Set retention to 90 days.
• D.Deploy the application using AWS Elastic Beanstalk. Configure the environment type for Elastic Load Balancing and Auto Scaling. Create the Amazon RDS MySQL instance outside the Elastic Beanstalk stack.
  Configure the Elastic Beanstalk log options to stream logs to Amazon CloudWatch Logs. Set retention to 90 days.

Comment: *

Name: *

Email: *

Verification: *

A company using AWS CodeCommit for source control wants to automate its continuous integration and continuous deployment pipeline on AWS in its development environment. The company has three requirements:
1. There must be a legal and a security review of any code change to make sure sensitive information is not leaked through the source code.
2. Every change must go through unit testing.
3. Every change must go through a suite of functional testing to ensure functionality.
In addition, the company has the following requirements for automation:
1. Code changes should automatically trigger the CI/CD pipellline.
2. Any failure in the pipeline should notify [email protected].
3. There must be an approval to stage the assets to Amazon S3 after tests have been performed.
What should a DevOps Engineer do to meet all of these requirements while following CI/CD best practices?

• A.Commit to the development branch and trigger AWS CodePipeline from the development branch. Make an individual stage in CodePipeline for security review, unit tests, functional tests, and manual approval.
  Use Amazon CloudWatch Events to detect changes in pipeline stages and Amazon SNS for emailing devops- [email protected].
• B.Commit to mainline and trigge r AWS CodePipeline from mainline. Make an individual stage in CodePipeline for security review, unit tests, functional tests, and manual approval. Use AWS CloudTrail logs to detect changes in pipeline stages and Amazon SNS for emailing [email protected].
• C.Commit to mainline and trigger AWS CodePipeline from mainline. Make an individual stage in CodePipeline for security review, unit tests, functional tests, and manual approval. Use Amazon CloudWatch Events to detect changes in pipeline stages and Amazon SES for emailing [email protected].
• D.Commit to the development branch and trigger AWS CodePipeline from the development branch. Make an individual stage in CodePipeline for security review, unit tests, functional tests, and manual approval.
  Use Amazon CloudWatch metrics to detect changes in pipeline stages and Amazon SES for emailing devops- [email protected].

Comment: *

Name: *

Email: *

Verification: *