Skip to main content

Questions 41 - 60

Question 41

How should a DevOps engineer configure near-real-time status updates and manual approval requests from AWS CodePipeline to post to a custom chat tool with webhook support?

Options:

A: Create a CloudWatch Logs subscription filtering on CodePipeline State Change, publish to SNS, and subscribe the chat webhook URL directly to SNS.

B: Create an AWS Lambda function invoked by AWS CloudTrail events. On detection of CodePipeline State Change, send details to the chat webhook.

C: Create an Amazon EventBridge rule filtering on CodePipeline State Change, publish events to an Amazon SNS topic, and use an AWS Lambda function subscribed to SNS to format and send event details to the chat webhook URL.

D: Modify the pipeline code to send event details to the chat webhook URL at the end of each stage.

Answer C

Question 42

A company needs to be notified if a security group associated with Linux-based Amazon EC2 bastion hosts is modified to allow inbound SSH access from any IP address ($0.0.0.0/0$). Which approach should a DevOps engineer take to automate this notification?

A: Create an Amazon EventBridge rule that triggers on aws.cloudtrail events with the name AuthorizeSecurityGroupIngress. Define an Amazon Simple Notification Service (Amazon SNS) topic as the target.

B: Enable Amazon GuardDuty and monitor findings in AWS Security Hub. Use an EventBridge rule to match GuardDuty events marked as NON_COMPLIANT and target an Amazon SNS topic.

C: Create an AWS Config rule using the restricted-ssh managed rule to detect unrestricted SSH traffic. Configure automatic remediation to publish a message to an Amazon SNS topic.

D: Enable Amazon Inspector with the Common Vulnerabilities and Exposures-1.1 rules package to scan the security groups and configure it to publish messages to an Amazon SNS topic.

Answer C

Question 43

A DevOps team manages an API running on-premises that serves as a backend for an Amazon API Gateway endpoint. Customers have been complaining about high response latencies, which the development team has verified using the API Gateway latency metrics in Amazon CloudWatch. To identify the cause, the team needs to collect relevant data without introducing additional latency. Which actions should be taken to accomplish this? (Choose two.)

A. Install the CloudWatch agent server side and configure the agent to upload relevant logs to CloudWatch. Most Voted

B. Enable AWS X-Ray tracing in API Gateway, modify the application to capture request segments, and upload those segments to X-Ray during each request.

C. Enable AWS X-Ray tracing in API Gateway, modify the application to capture request segments, and use the X-Ray daemon to upload segments to X-Ray. Most Voted

D. Modify the on-premises application to send log information back to API Gateway with each request.

E. Modify the on-premises application to calculate and upload statistical data relevant to the API service requests to CloudWatch metrics.

Correct Answer: AC

Back to top