Skip to main content

Questions 41 - 60

Question 41

How should a DevOps engineer configure near-real-time status updates and manual approval requests from AWS CodePipeline to post to a custom chat tool with webhook support?

Options:

A: Create a CloudWatch Logs subscription filtering on CodePipeline State Change, publish to SNS, and subscribe the chat webhook URL directly to SNS.

B: Create an AWS Lambda function invoked by AWS CloudTrail events. On detection of CodePipeline State Change, send details to the chat webhook.

C: Create an Amazon EventBridge rule filtering on CodePipeline State Change, publish events to an Amazon SNS topic, and use an AWS Lambda function subscribed to SNS to format and send event details to the chat webhook URL.

D: Modify the pipeline code to send event details to the chat webhook URL at the end of each stage.

Answer C

Question 42

A company needs to be notified if a security group associated with Linux-based Amazon EC2 bastion hosts is modified to allow inbound SSH access from any IP address ($0.0.0.0/0$). Which approach should a DevOps engineer take to automate this notification?

A: Create an Amazon EventBridge rule that triggers on aws.cloudtrail events with the name AuthorizeSecurityGroupIngress. Define an Amazon Simple Notification Service (Amazon SNS) topic as the target.

B: Enable Amazon GuardDuty and monitor findings in AWS Security Hub. Use an EventBridge rule to match GuardDuty events marked as NON_COMPLIANT and target an Amazon SNS topic.

C: Create an AWS Config rule using the restricted-ssh managed rule to detect unrestricted SSH traffic. Configure automatic remediation to publish a message to an Amazon SNS topic.

D: Enable Amazon Inspector with the Common Vulnerabilities and Exposures-1.1 rules package to scan the security groups and configure it to publish messages to an Amazon SNS topic.

Answer C

Question 43

A DevOps team manages an API running on-premises that serves as a backend for an Amazon API Gateway endpoint. Customers have been complaining about high response latencies, which the development team has verified using the API Gateway latency metrics in Amazon CloudWatch. To identify the cause, the team needs to collect relevant data without introducing additional latency. Which actions should be taken to accomplish this? (Choose two.)

A. Install the CloudWatch agent server side and configure the agent to upload relevant logs to CloudWatch. Most Voted

B. Enable AWS X-Ray tracing in API Gateway, modify the application to capture request segments, and upload those segments to X-Ray during each request.

C. Enable AWS X-Ray tracing in API Gateway, modify the application to capture request segments, and use the X-Ray daemon to upload segments to X-Ray. Most Voted

D. Modify the on-premises application to send log information back to API Gateway with each request.

E. Modify the on-premises application to calculate and upload statistical data relevant to the API service requests to CloudWatch metrics.

Correct Answer: AC

Question 44

A application is using Aurora Multi-AZ DB cluster. How to configure it so that it will promote one of the replicas as the primary DB when the original primary DB goes down?

A. Configure a latency-based Amazon Route 53 CNAME with health checks so it points to both the primary and replica endpoints. Subscribe an Amazon SNS topic to Amazon RDS failure notifications from AWS CloudTrail and use that topic to invoke an AWS Lambda function that will promote the replica instance as the primary.

B. Create an Aurora custom endpoint to point to the primary database instance. Configure the application to use this endpoint. Configure AWS CloudTrail to run an AWS Lambda function to promote the replica instance and modify the custom endpoint to point to the newly promoted instance.

C. Create an AWS Lambda function to modify the application's AWS CloudFormation template to promote the replica, apply the template to update the stack, and point the application to the newly promoted instance. Create an Amazon CloudWatch alarm to invoke this Lambda function after the failure event occurs.

D. Store the Aurora endpoint in AWS Systems Manager Parameter Store. Create an Amazon EventBridge event that detects the database failure and runs an AWS Lambda function to promote the replica instance and update the endpoint URL stored in AWS Systems Manager Parameter Store. Code the application to reload the endpoint from Parameter Store if a database connection fails.

Correct Answer: D

Back to top