Home/Directory/devops engineer professional

devops engineer professional Practice Questions

Page 2 of 3 (240 total questions)

Your data science team needs a fully managed environment to build, train, and deploy custom machine learning models using TensorFlow. Which platform provides these end-to-end MLOps capabilities?
View Question & Answer ➔
Scenario: To minimize the risk of a single point of failure in your global application, you want to route users to the healthiest and closest region using Anycast technology. Solution ?
View Question & Answer ➔
Your organization wants to implement 'Attribute-based Access Control' (ABAC) in AWS to simplify permission management. They want to ensure that developers can only start/stop virtual machines that have a 'ProjectID' tag matching the 'ProjectID' tag on the developer's IAM user. Which IAM policy condition key enables this dynamic comparison?
View Question & Answer ➔
An enterprise wants to implement 'Service Control Policies' (SCPs) in AWS Organizations to prevent any user (including the root user) from deleting the 'CloudTrail' logs in any member account. How should this SCP be applied?
View Question & Answer ➔
To ensure that all data stored in Amazon S3 is encrypted using 'Customer-Managed Keys' (CMK) in AWS KMS, which AWS service can be used to automatically identify and block the creation of non-compliant buckets?
View Question & Answer ➔
Your organization wants to automate the 'Rotation' of an IAM Access Key for a developer whose keys have not been changed in 90 days. Which combination of AWS services is best for this automation?
View Question & Answer ➔
An organization wants to centrally manage and evaluation findings from multiple security services (GuardDuty, Inspector, Macie) across hundreds of AWS accounts. Which service provides this unified dashboard?
View Question & Answer ➔
To protect against a large-scale Ransomware attack that modifies or deletes objects in your S3 buckets, which feature should you enable to ensure that data remains immutable for a specified period?
View Question & Answer ➔
Scenario: To minimize the risk of data exfiltration, you want to ensure that all communication between your private subnet and S3 stays within the AWS network and does not use the public internet. Solution ?
View Question & Answer ➔
Which AWS service allows you to automatically audit and evaluate the IAM policies in your account to identify 'Over-privileged' roles and provide specific recommendations for downsizing permissions?
View Question & Answer ➔
You are designing a CI/CD pipeline. You need a service to compile source code, run tests, and produce software packages that are ready to deploy. Which service handles the build phase?
View Question & Answer ➔
To ensure that all AWS accounts created in your organization have a specific 'Security Admin' role with a trust relationship to your central security account, which feature of AWS Organizations should you use?
View Question & Answer ➔
Scenario: To minimize the risk of an 'Insider Threat' accidentally deleting a production database, you want to require 'MFA' for any delete operation performed via the AWS CLI or SDK. How can you enforce this?
View Question & Answer ➔
Which AWS service provides a 'No-Code' experience to audit and evaluation your AWS environment against industry standards like 'NIST' or 'PCI DSS' and provides a detailed compliance report?
View Question & Answer ➔
To protect your application from 'DDoS' attacks that target the 'Transport' and 'Network' layers (L3/L4), which AWS service provides 'Automatic' mitigation as part of its standard offering?
View Question & Answer ➔
An organization following 'Infrastructure as Code' wants to ensure that any change to the production environment's 'Config' settings requires an approval from a second administrator. Solution ?
View Question & Answer ➔
Which AWS security service allows you to automatically rotate your database passwords every 30 days and provides a managed way to inject these secrets into your application without human intervention?
View Question & Answer ➔
Which AWS Systems Manager feature allows you to perform an interactive shell session on an EC2 instance without opening port 22 (SSH) or using an IGW?
View Question & Answer ➔
Your organization wants to implement 'CloudFormation Macros' to automatically inject common security groups into every template deployed in the account. Which AWS service is used to host the logic for these macros?
View Question & Answer ➔
An organization wants to use 'CodeBuild Report Groups' to aggregate and visualize the results of their JUnit tests across multiple build projects. How do they specify the test files in the buildspec.yml?
View Question & Answer ➔
Your team wants to automate the provisioning of infrastructure to ensure consistency across environments. You need to define your infrastructure as code (IaC) using declarative templates. Which service should you use?
View Question & Answer ➔
To reduce the cost of X-Ray tracing for a high-volume application while still capturing statistically significant data, which X-Ray feature should you use to adjust the data collection rate dynamically?
View Question & Answer ➔
To improve the performance profile of an application which has highly variable traffic, you want to scale your EC2 fleet based on a custom metric like 'Number of messages in SQS queue'. How should you configure this?
View Question & Answer ➔
Which ALERT service allows you to automatically detect 'Suspicious activity' in your AWS account by analyzing CloudTrail, VPC Flow Logs, and DNS logs across your entire AWS organization using AI?
View Question & Answer ➔
An organization wants to implement 'Zero Trust' networking for their hybrid cloud environment and wants to ensure that all branch connectivity is centralized, encrypted, and monitored. Which AWS service fits?
View Question & Answer ➔
Scenario: To minimize the risk of an admin accidentally deleting a production resource group (stack), you want to ensure that no one can perform a 'Delete' operation without first removing a specific 'Stack Policy' from the resource. Solution ?
View Question & Answer ➔
Which AWS security service allow you to automatically check if any IAM roles in your organization have been compromised by analyzing billions of signals daily to detect 'Impossible Travel' or 'Leaked Credentials'?
View Question & Answer ➔
An organization following the 'Least Privilege' principle wants to ensure that developers can only provision EC2 instances if they apply a 'CostCenter' tag. How should they implement this organizational control?
View Question & Answer ➔
Which AWS tool provides a 'Developer Roadmap' to identify and troubleshoot issues in your application by correlating logs, traces, and metrics into a single unified dashboard?
View Question & Answer ➔
To improve the performance of your global application, you want to maintain a 'Multi-Region Active-Active' architecture. Which AWS service is essential for globally distributing and load-balancing traffic across regions?
View Question & Answer ➔
Which AWS security service allows you to automatically evaluate your AWS account against the 'CIS AWS Foundations Benchmark' and provide a detailed compliance report with remediation guidance?
View Question & Answer ➔
Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What AWS IAM feature should you use?
View Question & Answer ➔
An organization building a serverless data pipeline wants to ensure that all data stored in S3 is automatically encrypted at rest and that every 'Decrypt' operation by an engineer is logged for auditing. Solution ?
View Question & Answer ➔
Scenario: To minimize the risk of a misconfiguration during a CloudFormation deployment, you decide to use a 'Stack Policy' that explicitly denies all update actions for your production RDS instances. Solution ?
View Question & Answer ➔
Which AWS service provides a 'No-Code' experience to identify and troubleshoot operational issues by aggregating alerts from CloudWatch, Config, and CloudTrail into a single 'Operational Hub'?
View Question & Answer ➔
Your organization wants to deploy an application across 50 AWS accounts using AWS CodePipeline. They want to ensure that a central 'Release' account manages the pipeline, and artifacts are stored in a central S3 bucket accessible by all member accounts. Which combination of S3 bucket policies and IAM roles is required?
View Question & Answer ➔
An organization wants to use AWS CodeDeploy to manage deployments to their on-premises Windows servers. They want to ensure that the deployment process is identical to their EC2 deployments. Which component must be installed on the on-premises servers?
View Question & Answer ➔
To implement a 'GitOps' workflow for a serverless application, you want a specific AWS CodeCommit branch to automatically trigger a CodePipeline only when a file matching the pattern 'infra/*.yml' is modified. How can you implement this filtering logic?
View Question & Answer ➔
Your organization wants to share 'IAM Roles' and 'CloudWatch Alarms' across 100 accounts in a specific Organizational Unit (OU). They want new accounts added to the OU to automatically receive these resources. Solution ?
View Question & Answer ➔
Which AWS service allows you to centrally manage and share 'SAML' and 'OIDC' identities (like Azure AD or Okta) across multiple AWS accounts, providing a unified single sign-on experience for developers?
View Question & Answer ➔
Your application requires high CPU performance for compute-intensive workloads like video encoding. Which Amazon EC2 instance type is optimized for this?
View Question & Answer ➔
Scenario: To minimize the risk of a 'Deployment Stagnation' (where a failed deployment leaves the environment in an inconsistent state), you want to ensure that CodeDeploy automatically rolls back to the last known healthy version if any life-cycle hook fails. Solution ?
View Question & Answer ➔
An organization wants to implement 'Infrastructure as Code' for their multi-region AWS environment. They want to use a tool that allow them to deploy CloudFormation stacks into hundreds of accounts across multiple regions with a single operation. Which feature should they use?
View Question & Answer ➔
Your team is using AWS CodeDeploy to update a 'Lambda' function. They want to ensure that a 'Validation' function runs after the traffic is fully shifted to the new version. Which AppSpec hook should they use?
View Question & Answer ➔
An organization wants to use 'AWS Systems Manager Automation' to automatically fix 'Non-Compliant' S3 buckets detected by AWS Config. How do they pass the 'ResourceID' from Config to the Automation document?
View Question & Answer ➔
To implement 'Feature Flags' in an application running on EC2, you decide to use AWS AppConfig. You want to ensure that the application receives updates without polling a central API constantly. Which method should the application use?
View Question & Answer ➔
Which AWS service allows you to centrally manage 'SSH Keys' for your EC2 fleet and provides an audit log of who accessed which instance and when?
View Question & Answer ➔
Scenario: You are using AWS OpsWorks for Chef to manage your application servers. You want to run a specific recipe only when a new instance 'Joins' the stack. Which lifecycle event should you use?
View Question & Answer ➔
An organization wants to use 'AWS CloudMap' to provide service discovery for their containerized microservices. How weight-based routing can be implemented for 'Blue/Green' deployments within CloudMap?
View Question & Answer ➔
To monitor the performance of your 'Elastic Beanstalk' environment, you want to enable 'Enhanced Health Reporting'. Where do you configure the specific metrics to be collected?
View Question & Answer ➔
Your application requires persistent block storage that survives Amazon EC2 instance termination. Which service should you use?
View Question & Answer ➔
You need to create a backup of your Amazon EBS volume for disaster recovery. What feature should you use?
View Question & Answer ➔
Which AWS security service allows you to automatically assess your ECR container images for software vulnerabilities whenever they are pushed to the registry?
View Question & Answer ➔
Scenario: You want to ensure that any change to a 'KMS Key Policy' requires an approval from a senior security engineer. Since KMS doesn't support approval rules directly, how can you implement this?
View Question & Answer ➔
An organization wants to implement 'Continuous Compliance' for their multi-account environment. They want a report that shows the compliance status of all accounts against the 'PCI DSS' standard. Which service provides this at scale?
View Question & Answer ➔
Which AWS tool provides a 'No-Code' experience to audit and evaluation your AWS environment against industry standards like 'NIST' or 'ISO' and provides a detailed compliance report?
View Question & Answer ➔
To protect your public-facing web applications from 'Session Hijacking' and other advanced attacks, you want to implement a solution that provides 'WAF' protection and integrates with 'Cognito' for user authentication. Solution ?
View Question & Answer ➔
An organization following SRE principles wants to implement 'Error Budgets' for their serverless microservices. They want to calculate the 'Success Rate' of their Lambda functions. Which CloudWatch feature facilitates this calculation across multiple services?
View Question & Answer ➔
Which AWS service allows you to centrally manage and evaluation your 'IAM' usage to identify 'Dormant' users and 'Unused' permissions across your entire organization?
View Question & Answer ➔
To improve the performance of your high-traffic web application which has globally distributed users, you decide to use 'AWS Global Accelerator'. How does it differ from a standard CloudFront setup?
View Question & Answer ➔
You need to create a logically isolated section of your cloud environment where you can launch resources in a virtual network that you define. Which service provides this?
View Question & Answer ➔
Which AWS security service can automatically identify 'Personally Identifiable Information' (PII) in your S3 buckets and provide a risk assessment of your data exposure?
View Question & Answer ➔
Scenario: To minimize the risk of 'Accidental Resource Deletion' during a CloudFormation stack deletion, you want to ensure that specific resources (like S3 buckets or RDS instances) are retained. Which attribute should you add to the resource definition?
View Question & Answer ➔
Which AWS Systems Manager feature allows you to securely manage 'Patching' for your fleet of both Linux and Windows instances using a centralized policy and schedule?
View Question & Answer ➔
An organization wants to implement 'Canary' monitoring for their web endpoints. They want a script that simulates a user 'Logging In' and 'Adding a Product to Cart' every 5 minutes. Which service provides this feature?
View Question & Answer ➔
To improve the performance of your serverless microservices architecture, you decide to use 'AWS X-Ray' for distributed tracing. How do you instrument your Lambda function code?
View Question & Answer ➔
Which AWS service provides a 'No-Code' experience to visualize and troubleshoot application performance by aggregating traces from X-Ray and metrics from CloudWatch into a single 'Service Map'?
View Question & Answer ➔
Your organization wants to implement a 'Point-to-Point' integration between an Amazon SQS queue and an enrichment Lambda function without writing custom polling logic. Which AWS service provides this serverless integration with built-in filtering?
View Question & Answer ➔
An organization wants to schedule a recurring administrative task (e.g., triggering a Lambda every night at 2 AM) across thousands of different time zones globally. Which service is optimized for this high-scale scheduling?
View Question & Answer ➔
Your organization wants to stream CloudWatch metrics in real-time to a 3rd-party analytics platform with low latency. Which CloudWatch feature provides a managed, continuous stream of metric data to a destination like Kinesis Data Firehose?
View Question & Answer ➔
You need stateful firewall rules at the Amazon EC2 instance level. What should you configure?
View Question & Answer ➔
An organization wants to perform 'A/B Testing' and 'Feature Flagging' for their new web application. They want a managed AWS service that can automatically handle traffic shifting and provide statistical analysis of the performance of different versions. Which service fits?
View Question & Answer ➔
To monitor the real-world performance of a web application from the perspective of actual users (e.g., page load times, JavaScript errors), which CloudWatch feature should you implement?
View Question & Answer ➔
Your team is running a large microservices architecture on Amazon EKS. They want a managed solution to collect, aggregate, and visualize container-level metrics (CPU, memory, networking) without managing a Prometheus server. Which feature should they enable?
View Question & Answer ➔
An organization wants to analyze why their AWS Lambda functions are experiencing occasional 'Cold Starts' and high latency. They want a managed service that automatically detects and visualizes performance bottlenecks in their serverless code. Which feature should they enable?
View Question & Answer ➔
Scenario: To minimize the time to debug 'Dependency Failures' in a complex application, you want a visualization that correlates traces, metrics, and logs in a single unified view. Solution ?
View Question & Answer ➔
Which CloudWatch Logs feature allows you to perform SQL-like queries across log groups to identify the 'Top 10 IP addresses' causing 403 errors in your VPC Flow Logs?
View Question & Answer ➔
An organization wants to track the 'Top Talkers' in their network (e.g., which users are consuming the most bandwidth) in real-time. Which CloudWatch feature identifies these 'high-cardinality' contributors?
View Question & Answer ➔
To reduce the cost of storing millions of log lines that are rarely accessed, you want to automatically transition logs from 'Standard' storage to 'Infrequent Access' or 'Archive' in CloudWatch. How can you implement this?
View Question & Answer ➔
Scenario: To minimize the risk of a 'Partial Outage' going unnoticed, you want to set up an alarm that triggers only if the 'Error Rate' exceeds 1% AND the 'Request Volume' is at least 100 requests per minute (to avoid false positives with low traffic). Solution ?
View Question & Answer ➔
You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?
View Question & Answer ➔
You need stateless firewall rules at the subnet level in your Amazon VPC. What should you configure?
View Question & Answer ➔
To improve the observability of internet-facing applications, you want to monitor the internet traffic and identify performance issues caused by 'Internet Service Providers' (ISPs) between your users and AWS. Which service should you use?
View Question & Answer ➔
Your team wants to automate the creation of CI/CD pipelines for their serverless applications using 'SAM Pipelines'. Which command-line tool provides a guided experience to generate these pipeline configurations?
View Question & Answer ➔
Which AWS service allows you to centrally manage and automate the deployment of 'Service Control Policies' (SCPs) across multiple AWS accounts in an organization, ensuring that only specific actions (e.g., no deleting S3 buckets) are allowed?
View Question & Answer ➔
To ensure that all new AWS accounts created in your organization follow a baseline 'Security Configuration' (e.g., CloudTrail enabled, GuardDuty enabled), which AWS service should you use to automate the account provisioning process?
View Question & Answer ➔
An organization wants to implement 'Zero-Trust' security for their internal applications. They want to ensure that all traffic between their microservices is encrypted and authorized using mutually authenticated TLS (mTLS). Solution ?
View Question & Answer ➔
Which AWS tool provides a 'Low-Code' way to design and automate complex business logic workflows (e.g., processing insurance claims with multiple approval steps) using a visual designer?
View Question & Answer ➔
Your organization wants to implement 'Approval Rules' for pull requests in AWS CodeCommit. They want to ensure that any change to the 'Production' branch requires at least two approvals from a specific IAM group. How can you automate this enforcement?
View Question & Answer ➔
An organization wants to monitor the health of their containerized microservices running on Amazon ECS (Fargate). They want to receive an alert if the 'CPU Utilization' of any service exceeds 80% for more than 3 consecutive minutes. Which CloudWatch feature should they use?
View Question & Answer ➔
You need to monitor CPU utilization of your Amazon EC2 instances and set up alarms for automated actions. Which service should you use?
View Question & Answer ➔
Your application running on Amazon EC2 needs a central location for log aggregation and real-time analysis. Which Amazon CloudWatch capability should you use?
View Question & Answer ➔
To improve the security of their CI/CD pipeline, an architect recommends using 'VPC Endpoints' for all AWS Code* services to ensure traffic never leaves the AWS global network. Which type of VPC endpoint is used for CodePipeline and CodeBuild?
View Question & Answer ➔
Your team wants to implement 'Feature Toggles' for their application using AWS AppConfig. They want to ensure that a configuration change is rolled back automatically if it triggers a CloudWatch alarm during the deployment. Which AppConfig feature enables this?
View Question & Answer ➔
An organization wants to perform 'Canary' testing for their web application. They want to route 5% of global traffic to a new experimental region for 2 hours before deciding whether to failover completely. Which AWS service facilitates this global traffic shifting?
View Question & Answer ➔
Which AWS Systems Manager feature allows you to centrally manage and evaluate findings from multiple security services (GuardDuty, Inspector, Macie) and provides a 'Compliance Score' for your resources?
View Question & Answer ➔
Scenario: To minimize the risk of 'Configuration Drift' in your multi-account environment, you want a service that automatically scans your CloudFormation stacks and alerts you if any resources have been modified outside of CloudFormation. Solution ?
View Question & Answer ➔
Which AWS security service allows you to automatically audit and evaluate the IAM policies in your account to identify 'Over-privileged' roles and provide specific recommendations for downsizing permissions?
View Question & Answer ➔
An organization wants to use 'AWS Proton' to manage infrastructure for their serverless microservices. They want to ensure that when a developer updates a 'Service Template', it automatically triggers an update for all 'Service Instances'. How is this automated?
View Question & Answer ➔
Which AWS networking service allows you to create a secure, high-speed connection between your on-premises network and AWS over the internet with the ability to dynamically route traffic using BGP?
View Question & Answer ➔

← PreviousPage 2 of 3Next →

devops engineer professional Practice Questions

Your data science team needs a fully managed environment to build, train, and deploy custom machine learning models using TensorFlow. Which platform provides these end-to-end MLOps capabilities?

Scenario: To minimize the risk of a single point of failure in your global application, you want to route users to the healthiest and closest region using Anycast technology. Solution ?

An enterprise wants to implement 'Service Control Policies' (SCPs) in AWS Organizations to prevent any user (including the root user) from deleting the 'CloudTrail' logs in any member account. How should this SCP be applied?

To ensure that all data stored in Amazon S3 is encrypted using 'Customer-Managed Keys' (CMK) in AWS KMS, which AWS service can be used to automatically identify and block the creation of non-compliant buckets?

Your organization wants to automate the 'Rotation' of an IAM Access Key for a developer whose keys have not been changed in 90 days. Which combination of AWS services is best for this automation?

An organization wants to centrally manage and evaluation findings from multiple security services (GuardDuty, Inspector, Macie) across hundreds of AWS accounts. Which service provides this unified dashboard?

To protect against a large-scale Ransomware attack that modifies or deletes objects in your S3 buckets, which feature should you enable to ensure that data remains immutable for a specified period?

Scenario: To minimize the risk of data exfiltration, you want to ensure that all communication between your private subnet and S3 stays within the AWS network and does not use the public internet. Solution ?

Which AWS service allows you to automatically audit and evaluate the IAM policies in your account to identify 'Over-privileged' roles and provide specific recommendations for downsizing permissions?

You are designing a CI/CD pipeline. You need a service to compile source code, run tests, and produce software packages that are ready to deploy. Which service handles the build phase?

To ensure that all AWS accounts created in your organization have a specific 'Security Admin' role with a trust relationship to your central security account, which feature of AWS Organizations should you use?

Scenario: To minimize the risk of an 'Insider Threat' accidentally deleting a production database, you want to require 'MFA' for any delete operation performed via the AWS CLI or SDK. How can you enforce this?

Which AWS service provides a 'No-Code' experience to audit and evaluation your AWS environment against industry standards like 'NIST' or 'PCI DSS' and provides a detailed compliance report?

To protect your application from 'DDoS' attacks that target the 'Transport' and 'Network' layers (L3/L4), which AWS service provides 'Automatic' mitigation as part of its standard offering?

An organization following 'Infrastructure as Code' wants to ensure that any change to the production environment's 'Config' settings requires an approval from a second administrator. Solution ?

Which AWS security service allows you to automatically rotate your database passwords every 30 days and provides a managed way to inject these secrets into your application without human intervention?

Which AWS Systems Manager feature allows you to perform an interactive shell session on an EC2 instance without opening port 22 (SSH) or using an IGW?

Your organization wants to implement 'CloudFormation Macros' to automatically inject common security groups into every template deployed in the account. Which AWS service is used to host the logic for these macros?

An organization wants to use 'CodeBuild Report Groups' to aggregate and visualize the results of their JUnit tests across multiple build projects. How do they specify the test files in the buildspec.yml?

Your team wants to automate the provisioning of infrastructure to ensure consistency across environments. You need to define your infrastructure as code (IaC) using declarative templates. Which service should you use?

To reduce the cost of X-Ray tracing for a high-volume application while still capturing statistically significant data, which X-Ray feature should you use to adjust the data collection rate dynamically?

To improve the performance profile of an application which has highly variable traffic, you want to scale your EC2 fleet based on a custom metric like 'Number of messages in SQS queue'. How should you configure this?

Which ALERT service allows you to automatically detect 'Suspicious activity' in your AWS account by analyzing CloudTrail, VPC Flow Logs, and DNS logs across your entire AWS organization using AI?

An organization wants to implement 'Zero Trust' networking for their hybrid cloud environment and wants to ensure that all branch connectivity is centralized, encrypted, and monitored. Which AWS service fits?

Scenario: To minimize the risk of an admin accidentally deleting a production resource group (stack), you want to ensure that no one can perform a 'Delete' operation without first removing a specific 'Stack Policy' from the resource. Solution ?

Which AWS security service allow you to automatically check if any IAM roles in your organization have been compromised by analyzing billions of signals daily to detect 'Impossible Travel' or 'Leaked Credentials'?

An organization following the 'Least Privilege' principle wants to ensure that developers can only provision EC2 instances if they apply a 'CostCenter' tag. How should they implement this organizational control?

Which AWS tool provides a 'Developer Roadmap' to identify and troubleshoot issues in your application by correlating logs, traces, and metrics into a single unified dashboard?

To improve the performance of your global application, you want to maintain a 'Multi-Region Active-Active' architecture. Which AWS service is essential for globally distributing and load-balancing traffic across regions?

Which AWS security service allows you to automatically evaluate your AWS account against the 'CIS AWS Foundations Benchmark' and provide a detailed compliance report with remediation guidance?

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What AWS IAM feature should you use?

An organization building a serverless data pipeline wants to ensure that all data stored in S3 is automatically encrypted at rest and that every 'Decrypt' operation by an engineer is logged for auditing. Solution ?

Scenario: To minimize the risk of a misconfiguration during a CloudFormation deployment, you decide to use a 'Stack Policy' that explicitly denies all update actions for your production RDS instances. Solution ?

Which AWS service provides a 'No-Code' experience to identify and troubleshoot operational issues by aggregating alerts from CloudWatch, Config, and CloudTrail into a single 'Operational Hub'?

An organization wants to use AWS CodeDeploy to manage deployments to their on-premises Windows servers. They want to ensure that the deployment process is identical to their EC2 deployments. Which component must be installed on the on-premises servers?

To implement a 'GitOps' workflow for a serverless application, you want a specific AWS CodeCommit branch to automatically trigger a CodePipeline only when a file matching the pattern 'infra/*.yml' is modified. How can you implement this filtering logic?

Your organization wants to share 'IAM Roles' and 'CloudWatch Alarms' across 100 accounts in a specific Organizational Unit (OU). They want new accounts added to the OU to automatically receive these resources. Solution ?

Which AWS service allows you to centrally manage and share 'SAML' and 'OIDC' identities (like Azure AD or Okta) across multiple AWS accounts, providing a unified single sign-on experience for developers?

Your application requires high CPU performance for compute-intensive workloads like video encoding. Which Amazon EC2 instance type is optimized for this?

Scenario: To minimize the risk of a 'Deployment Stagnation' (where a failed deployment leaves the environment in an inconsistent state), you want to ensure that CodeDeploy automatically rolls back to the last known healthy version if any life-cycle hook fails. Solution ?

An organization wants to implement 'Infrastructure as Code' for their multi-region AWS environment. They want to use a tool that allow them to deploy CloudFormation stacks into hundreds of accounts across multiple regions with a single operation. Which feature should they use?

Your team is using AWS CodeDeploy to update a 'Lambda' function. They want to ensure that a 'Validation' function runs after the traffic is fully shifted to the new version. Which AppSpec hook should they use?

An organization wants to use 'AWS Systems Manager Automation' to automatically fix 'Non-Compliant' S3 buckets detected by AWS Config. How do they pass the 'ResourceID' from Config to the Automation document?

To implement 'Feature Flags' in an application running on EC2, you decide to use AWS AppConfig. You want to ensure that the application receives updates without polling a central API constantly. Which method should the application use?

Which AWS service allows you to centrally manage 'SSH Keys' for your EC2 fleet and provides an audit log of who accessed which instance and when?

Scenario: You are using AWS OpsWorks for Chef to manage your application servers. You want to run a specific recipe only when a new instance 'Joins' the stack. Which lifecycle event should you use?

An organization wants to use 'AWS CloudMap' to provide service discovery for their containerized microservices. How weight-based routing can be implemented for 'Blue/Green' deployments within CloudMap?

To monitor the performance of your 'Elastic Beanstalk' environment, you want to enable 'Enhanced Health Reporting'. Where do you configure the specific metrics to be collected?

Your application requires persistent block storage that survives Amazon EC2 instance termination. Which service should you use?

You need to create a backup of your Amazon EBS volume for disaster recovery. What feature should you use?

Which AWS security service allows you to automatically assess your ECR container images for software vulnerabilities whenever they are pushed to the registry?

Scenario: You want to ensure that any change to a 'KMS Key Policy' requires an approval from a senior security engineer. Since KMS doesn't support approval rules directly, how can you implement this?

An organization wants to implement 'Continuous Compliance' for their multi-account environment. They want a report that shows the compliance status of all accounts against the 'PCI DSS' standard. Which service provides this at scale?

Which AWS tool provides a 'No-Code' experience to audit and evaluation your AWS environment against industry standards like 'NIST' or 'ISO' and provides a detailed compliance report?

To protect your public-facing web applications from 'Session Hijacking' and other advanced attacks, you want to implement a solution that provides 'WAF' protection and integrates with 'Cognito' for user authentication. Solution ?

An organization following SRE principles wants to implement 'Error Budgets' for their serverless microservices. They want to calculate the 'Success Rate' of their Lambda functions. Which CloudWatch feature facilitates this calculation across multiple services?

Which AWS service allows you to centrally manage and evaluation your 'IAM' usage to identify 'Dormant' users and 'Unused' permissions across your entire organization?

To improve the performance of your high-traffic web application which has globally distributed users, you decide to use 'AWS Global Accelerator'. How does it differ from a standard CloudFront setup?

You need to create a logically isolated section of your cloud environment where you can launch resources in a virtual network that you define. Which service provides this?

Which AWS security service can automatically identify 'Personally Identifiable Information' (PII) in your S3 buckets and provide a risk assessment of your data exposure?

Scenario: To minimize the risk of 'Accidental Resource Deletion' during a CloudFormation stack deletion, you want to ensure that specific resources (like S3 buckets or RDS instances) are retained. Which attribute should you add to the resource definition?

Which AWS Systems Manager feature allows you to securely manage 'Patching' for your fleet of both Linux and Windows instances using a centralized policy and schedule?

An organization wants to implement 'Canary' monitoring for their web endpoints. They want a script that simulates a user 'Logging In' and 'Adding a Product to Cart' every 5 minutes. Which service provides this feature?

To improve the performance of your serverless microservices architecture, you decide to use 'AWS X-Ray' for distributed tracing. How do you instrument your Lambda function code?

Which AWS service provides a 'No-Code' experience to visualize and troubleshoot application performance by aggregating traces from X-Ray and metrics from CloudWatch into a single 'Service Map'?

Your organization wants to implement a 'Point-to-Point' integration between an Amazon SQS queue and an enrichment Lambda function without writing custom polling logic. Which AWS service provides this serverless integration with built-in filtering?

An organization wants to schedule a recurring administrative task (e.g., triggering a Lambda every night at 2 AM) across thousands of different time zones globally. Which service is optimized for this high-scale scheduling?

Your organization wants to stream CloudWatch metrics in real-time to a 3rd-party analytics platform with low latency. Which CloudWatch feature provides a managed, continuous stream of metric data to a destination like Kinesis Data Firehose?

You need stateful firewall rules at the Amazon EC2 instance level. What should you configure?

An organization wants to perform 'A/B Testing' and 'Feature Flagging' for their new web application. They want a managed AWS service that can automatically handle traffic shifting and provide statistical analysis of the performance of different versions. Which service fits?

To monitor the real-world performance of a web application from the perspective of actual users (e.g., page load times, JavaScript errors), which CloudWatch feature should you implement?

Your team is running a large microservices architecture on Amazon EKS. They want a managed solution to collect, aggregate, and visualize container-level metrics (CPU, memory, networking) without managing a Prometheus server. Which feature should they enable?

An organization wants to analyze why their AWS Lambda functions are experiencing occasional 'Cold Starts' and high latency. They want a managed service that automatically detects and visualizes performance bottlenecks in their serverless code. Which feature should they enable?

Scenario: To minimize the time to debug 'Dependency Failures' in a complex application, you want a visualization that correlates traces, metrics, and logs in a single unified view. Solution ?

Which CloudWatch Logs feature allows you to perform SQL-like queries across log groups to identify the 'Top 10 IP addresses' causing 403 errors in your VPC Flow Logs?

An organization wants to track the 'Top Talkers' in their network (e.g., which users are consuming the most bandwidth) in real-time. Which CloudWatch feature identifies these 'high-cardinality' contributors?

To reduce the cost of storing millions of log lines that are rarely accessed, you want to automatically transition logs from 'Standard' storage to 'Infrequent Access' or 'Archive' in CloudWatch. How can you implement this?

Scenario: To minimize the risk of a 'Partial Outage' going unnoticed, you want to set up an alarm that triggers only if the 'Error Rate' exceeds 1% AND the 'Request Volume' is at least 100 requests per minute (to avoid false positives with low traffic). Solution ?

You need to explicitly deny traffic from a specific IP address to your Amazon EC2 instances. Can Security Groups natively handle explicit deny rules?