Question 36
A DevOps Engineer just joined a new company that is already running workloads on Amazon EC2 instances. AWS has been adopted incrementally with no central governance. The Engineer must now assess how well the existing deployments comply with the following requirements:
- EC2 instances are running only approved AMIs.
- Amazon EBS volumes are encrypted.
- EC2 instances have an Owner tag.
- Root login over SSH is disabled on EC2 instances.
Which services should the Engineer use to perform this assessment with the LEAST amount of effort? (Select TWO.)
Question 37
You need to deploy an AWS stack in a repeatable manner across multiple environments. You have
selected CloudFormation as the right tool to accomplish this, but have found that there is a resource type
you need to create and model, but is unsupported by CloudFormation. How should you overcome this
challenge?
Question 38
You are in charge of designing Cloudformation templates for your company. One of the key requirements is to ensure that if a Cloudformation stack is deleted, a snapshot of the relational database is created which is part of the stack. How can you achieve this in the best possible way?
Question 39
A user has created a new EBS volume from an existing snapshot. The user mounts the volume on the instance to which it is attached. Which of the below mentioned options is a required step before the user can mount the volume?
Question 40
A company has developed a static website hosted on an Amazon S3 bucket. The website is deployed using AWS CloudFormation. The CloudFormation template defines an S3 bucket and a custom resource that copies content into the bucket from a source location. The company has decided that it needs to move the website to a new location, so the existing CloudFormation stack must be deleted and re-created. However, CloudFormation reports that the stack could not be deleted cleanly.
What is the MOST likely cause and how can the DevOps Engineer mitigate this problem for this and future versions of the website?