An education company has a Docker-based application running on multiple Amazon EC2 instances in an Amazon ECS cluster. When deploying a new version of the application, the Developer, pushes a new image to a private Docker container registry, and then stops and starts all tasks to ensure that they all have the latest version of the application. The Developer discovers that the new tasks are, occasionally running with an old image.
How can this issue be prevented?

• A.Use Amazon ECR for a Docker container registry.
• B.Update the digest on the task definition when pushing the new image.
• C.Use "latest" for the Docker image tag in the task definition.
• D.After pushing the new image, restart ECS Agent, and then start the tasks.

Comment: *

Name: *

Email: *

Verification: *

A gaming company adopted AWS Cloud Formation to automate load-testing of theirgames. They have created an AWS Cloud Formation template for each gaming environment and one for the load-testing stack. The load-testing stack creates an Amazon Relational Database Service (RDS) Postgres database and two web servers running on Amazon Elastic Compute Cloud (EC2) that send HTTP requests, measure response times, and write the results into the database. A test run usually takes between 15 and 30 minutes. Once the tests are done, the AWS Cloud Formation stacks are torn down immediately. The test results written to the Amazon RDS database must remain accessible for visualization and analysis.
Select possible solutions that allow access to the test results after the AWS Cloud Formation load -testing stack is deleted.
Choose 2 answers.

• A.Define an Amazon RDS Read-Replica in theload-testing AWS Cloud Formation stack and define a dependency relation betweenmaster and replica via the Depends On attribute.
• B.Define an update policy to prevent deletionof the Amazon RDS database after the AWS Cloud Formation stack is deleted.
• C.Define a deletion policy of type Retain forthe Amazon RDS resource to assure that the RDS database is not deleted with theAWS Cloud Formation stack.
• D.Define a deletion policy of type Snapshotfor the Amazon RDS resource to assure that the RDS database can be restoredafter the AWS Cloud Formation stack is deleted.
• E.Defineautomated backups with a backup retention period of 30 days for the Amazon RDSdatabase and perform point-in-time recovery of the database after the AWS CloudFormation stack is deleted.

Comment: *

Name: *

Email: *

Verification: *

A DevOps Engineer is responsible for the deployment of a PHP application. The Engineer is working in a hybrid deployment, with the application running on both on-premises servers and Amazon EC2 instances. The application needs access to a database containing highly confidential information. Application instances need access to database credentials, which must be encrypted at rest and in transit before reaching the instances.
How should the Engineer automate the deployment process while also meeting the security requirements?

• A.Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM policy for allowing access, and decrypt only the database credentials. Attach the IAM policy to the role associated to the instance profile for CodeDeploy-managed instances, and to the role used for on-premises instances registration on CodeDeploy.
• B.Use AWS Elastic Beanstalk with a PHP platform configuration to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM role for Amazon EC2 allowing access, and decrypt only the database credentials.
  Associate this role to all the instances.
• C.Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials in the AppSpec file. Define an IAM policy for allowing access to only the database credentials. Attach the IAM policy to the role associated to the instance profile for CodeDeploy-managed instances and the role used for on-premises instances registration on CodeDeploy.
• D.Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM role with an attached policy that allows decryption of the database credentials. Associate this role to all the instances and on-premises servers.

Comment: *

Name: *

Email: *

Verification: *

Your application uses Cloud Formation to orchestrate your application's resources. During your testing phase before the application went live, your Amazon RDS instance type was changed and caused the instance to be re-created, resulting In the loss of test data. How should you prevent this from occurring in the future?

• A.Within the AWS CloudFormation parameter with which users can select the Amazon RDS instance type, set AllowedValues to only contain the current instance type.
• B.Use an AWS CloudFormation stack policy to deny updates to the instance. Only allow UpdateStack permission to 1AM principals that are denied SetStackPolicy.
• C.In the AWS CloudFormation template, set the AWS::RDS::DBInstance's DBInstanceClass property to be read-only.
• D.Subscribe to the AWS CloudFormation notification "BeforeResourcellpdate," and call CancelStackUpdate if the resource identified is the Amazon RDS instance.
• E.Update the stack using ChangeSets

Comment: *

Name: *

Email: *

Verification: *

Your company has recently extended its datacenter into a VPC on AWS. There is a requirement for
on-premise users manage AWS resources from the AWS console. You don't want to create 1AM users for
them again. Which of the below options will fit your needs for authentication?

• A.UseOAuth 2.0 to retrieve temporary AWS security credentials to enable your membersto sign in to the
  AWS Management Console.
• B.Useweb Identity Federation to retrieve AWS temporary security credentials toenable your members to
  sign in to the AWS Management Console.
• C.Useyour on-premises SAML 2 O-compliant identity provider (IDP) to grant themembers federated
  access to the AWS Management Console via the AWS singlesign-on (SSO) endpoint.
• D.Useyour on-premises SAML2.0-compliant identity provider (IDP) to retrieve temporarysecurity
  credentials to enable members to sign in to the AWS ManagementConsole.

Comment: *

Name: *

Email: *

Verification: *