A company is deploying a container-based application using AWS CodeBuild. The security team mandates that all containers are scanned for vulnerabilities prior to deployment using a password-protected endpoint. All sensitive information must be stored securely.
Which solution should be used to meet these requirements?

• A.Encrypt the password using AWS KMS. Store the encrypted password in the buildspec.yml file as an environment variable under the variables mapping. Reference the environment variable to initiate scanning.
• B.Import the password into an AWS CloudHSM key. Reference the CloudHSM key in the buildpec.yml file as an environment variable under the variables mapping. Reference the environment variable to initiate scanning.
• C.Use the AWS Encryption SDK to encrypt the password and embed in the buildspec.yml file as a variable under the secrets mapping. Attach a policy to CodeBuild to enable access to the required decryption key.
• D.Store the password in the AWS Systems Manager Parameter Store as a secure string. Add the Parameter Store key to the buildspec.yml file as an environment variable under the parameter-store mapping. Reference the environment variable to initiate scanning.

Comment: *

Name: *

Email: *

Verification: *

A company has established tagging and configuration standatrds for its infrastructure resources running on AWS. A DevOps Engineer is developing a design that will provide a near-real-time dashboard of the compliance posture with the ability to highlight violations.
Which approach meets the stated requirements?

• A.Define the resource configurations in AWS Service Catalog, and monitor the AWS Service Catalog compliance and violations in Amazon CloudWatch. Then, set up and share a live CloudWatch dashboard. Set up Amazon SNS notifications for violations and corrections.
• B.Use AWS Config to record configuration changes and output the data to an Amazon S3 bucket.
  Create an Amazon QuickSight analysis of the dataset, and use the information on dashboards and mobile devices.
• C.Create a resource group that displays resources with the specified tags and those without tags.
  Use the AWS Management Console to view compliant and non-compliant resources.
• D.Define the compliance and tagging requirements in Amazon inspector. Output the results to Amazon CloudWatch Logs. Build a metric filter to isolate the monitored elements of interest and present the data in a CloudWatch dashboard.

Comment: *

Name: *

Email: *

Verification: *

You have decided to migrate your application to the cloud. You cannot afford any downtime. You want to gradually migrate so that you can test the application with a small percentage of users and increase over time.
Which of these options should you implement?

• A.Use Direct Connect to route traffic to the on-premise location. In DirectConnect, configure the amount of traffic to be routed to the on-premise location.
• B.Implement a Route 53 failover routing policy that sends traffic back to the on-premises application if the AWS application fails.
• C.Configure an Elastic Load Balancer to distribute the traffic between the on-premises application and the AWS application.
• D.Implement a Route 53 weighted routing policy that distributes the traffic between your on-premises application and the AWS application depending on weight.

Comment: *

Name: *

Email: *

Verification: *

A DevOps Engineer is leading the implementation for automating patching of Windows-based workstations in a hybrid cloud environment by using AWS Systems Manager (SSM). What steps should the Engineer follow to set up Systems Manager to automate patching in this environment? (Select TWO.)

• A.Create multiple IAM service roles for Systems Manager so that the ssm.amazonaws.com service can execute the AssumeRole operation on every instance. Register the role on a per-resource level to enable the creation of a service token. Perform managed-instance activation with the newly created service role attached to each managed instance.
• B.Create an IAM service role for Systems Manager so that the ssm.amazonaws.com service can execute the AssumeRole operation. Register the role to enable the creation of a service token. Perform managed-instance activation with the newly created service role.
• C.Using previously obtained activation codes and activation IDs, download and install the SSM Agent on the hybrid servers, and register the servers or virtual machines on the Systems Manager service. Hybrid instances will show with an "mi-" prefix in the SSM console.
• D.Using previously obtained activation codes and activation IDs, download and install the SSM Agent on the hybrid servers, and register the servers or virtual machines on the Systems Manager service. Hybrid instances will show with an "i-" prefix in the SSM console as if they were provisioned as a regular Amazon EC2 instance.
• E.Run AWS Config to create a list of instances that are unpatched and not compliant. Create an instance scheduler job, and through an AWS Lambda function, perform the instance patching to bring them up to compliance.

Comment: *

Name: *

Email: *

Verification: *

A user has created a new EBS volume from an existing snapshot. The user mounts the volume on the instance to which it is attached. Which of the below mentioned options is a required step before the user can mount the volume?

• A.Run a cyclic check on the device for data consistency
• B.Create the file system of the volume
• C.Resize the volume as per the original snapshot size
• D.No step is required. The user can directly mount the device

Comment: *

Name: *

Email: *

Verification: *