NEW QUESTION 1
During metric analysis, your team has determined that the company's website during peak hours is experiencing response times higher than anticipated. You currently rely on Auto Scaling to make sure that you are scaling your environment during peak windows. How can you improve your Auto Scaling policy to reduce this high response time? Choose 2 answers.

• A. Push custom metrics to CloudWatch to monitor your CPU and network bandwidth from your servers, which will allow your Auto Scaling policy to have betterfine-grain insight.
• B. IncreaseyourAutoScalinggroup'snumberofmaxservers.
• C. Create a script that runs and monitors your servers; when it detects an anomaly in load, it posts to an Amazon SNS topic that triggers Elastic Load Balancing to add more servers to the load balancer.
• D. Push custom metrics to CloudWatch for your application that include more detailed information about your web application, such as how many requests it is handling and how many are waiting to be processed.

Answer: BD

Explanation:
Option B makes sense because maybe the max servers is low hence the application cannot handle the peak load.
Option D helps in ensuring Autoscaling can scale the group on the right metrics.
For more information on Autoscaling health checks, please refer to the below document link: from AWS
http://docs.aws.amazon.com/autoscaling/latest/userguide/healthcheck.html

NEW QUESTION 2
You have an Opswork stack setup in AWS. You want to install some updates to the Linux instances in the stack. Which of the following can be used to publish those updates. Choose 2 answers from the options given below

• A. Create and start new instances to replace your current online instance
• B. Then delete the current instances.
• C. Use Auto-scaling to launch new instances and then delete the older instances
• D. On Linux-based instances in Chef 11.10 or older stacks, run the Update Dependencies stack command
• E. Delete the stack and create a new stack with the instances and their relavant updates

Answer: AC

Explanation:
As per AWS documentation.
By default, AWS OpsWorks Stacks automatically installs the latest updates during setup, after an instance finishes booting. AWS OpsWorks Stacks does not automatically install updates after an instance is online, to avoid interruptions such as restarting application servers. Instead, you manage updates to your online instances yourself, so you can minimize any disruptions.
We recommend that you use one of the following to update your online instances.
•Create and start new instances to replace your current online instances. Then delete the current instances.
The new instances will have the latest set of security patches installed during setup.
•On Linux-based instances in Chef 11.10 or older stacks, run the Update Dependencies stack command, which installs the current set of security patches and other updates
on the specified instances.
More information is available at: https://docs.aws.amazon.com/opsworks/latest/userguide/workingsecurity-updates.html

NEW QUESTION 3
You currently have an Autoscalinggroup that has the following settings Min capacity-2
Desired capacity - 2 Maximum capacity - 4
The current number of instances running in the Autoscaling Group is 2. You have been notified that for a duration of an hour, you need to ensure that no new instances are launched by the Autoscaling Group Which of the below 2 actions can be carried out to fulfil this requirement

• A. Change the Maximum capacity to 2
• B. Change the Desired capacity to 4
• C. Suspend the Launch process of the Autoscaling Group
• D. Change the Minimum capacity to 2

Answer: AC

Explanation:
You can temporarily suspend the creation of new instances by either reducing the Maximum capacity to 2, so that the current instances running which is 2, matches the maximum limit.
Secondly you can suspend the launch process of the Autoscaling Group The AWS Documentation mentions
Scaling Processes
Amazon CC2 Auto Scaling supports the following scaling processes:
Launch Adds a new CC2 instance to the group, increasing its capacity. Warning
If you suspend Launch, this disrupts other processes. For example, you can't return an instance in a standby state to service if the Launch process is suspended, because the group can't scale. For more information on Autoscaling Suspend and Resume, please visit the below URL:
◆ http://docs.aws.amazon.com/autoscaling/latest/userguide/as-suspend-resume-processes.html

NEW QUESTION 4
You're building a mobile application game. The application needs permissions for each user to communicate and store data in DynamoDB tables. What is the best method for granting each mobile device that installs your application to access DynamoDB tables for storage when required? Choose the correct answer from the options below

• A. During the install and game configuration process, have each user create an 1AM credential and assign the 1AM user to a group with proper permissions to communicate with DynamoDB.
• B. Create an 1AM group that only gives access to your application and to the DynamoDB table
• C. Then, when writing to DynamoDB, simply include the unique device ID to associate the data with that specific user.
• D. Create an 1AM role with the proper permission policy to communicate with the DynamoDB tabl
• E. Use web identity federation, which assumes the 1AM role using AssumeRoleWithWebldentity, when the user signs in, granting temporary security credentials using STS.
• F. Create an Active Directory server and an AD user for each mobile application use
• G. When the user signs in to the AD sign-on, allow the AD server to federate using SAML 2.0 to 1AM and assign a role to the AD user which is the assumed with AssumeRoleWithSAML

Answer: C

Explanation:
Answer - C
For access to any AWS service, the ideal approach for any application is to use Roles. This is the first preference.
For more information on 1AM policies please refer to the below link:
http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
Next for any web application, you need to use web identity federation. Hence option D is the right option. This along with the usage of roles is highly stressed in the aws documentation.
The AWS documentation mentions the following
When developing a web application it is recommend not to embed or distribute long-term AWS credentials with apps that a user downloads to a device, even in an encrypted store. Instead, build your app so that it requests temporary AWS security credentials dynamically when needed using web identity federation. The
supplied temporary credentials map to an AWS role that has only the permissions needed to perform the tasks required by the mobile app.
For more information on web identity federation please refer to the below link: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html

NEW QUESTION 5
Your company is planning to develop an application in which the front end is in .Net and the backend is in DynamoDB. There is an expectation of a high load on the application. How could you ensure the scalability of the application to reduce the load on the DynamoDB database? Choose an answer from the options below.

• A. Add more DynamoDB databases to handle the load.
• B. Increase write capacity of Dynamo DB to meet the peak loads
• C. Use SQS to assist and let the application pull messages and then perform the relevant operation in DynamoDB.
• D. Launch DynamoDB in Multi-AZ configuration with a global index to balance writes

Answer: C

Explanation:
When the idea comes for scalability then SQS is the best option. Normally DynamoDB is scalable, but since one is looking for a cost effective solution, the messaging in SQS can assist in managing the situation mentioned in the question.
Amazon Simple Queue Service (SQS) is a fully-managed message queuing service for reliably communicating among distributed software components and microservices - at any scale. Building applications from individual components that each perform a discrete function improves scalability and reliability, and is best practice design for modern applications. SQS makes it simple and cost- effective to decouple and coordinate the components of a cloud application. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be always available
For more information on SQS, please refer to the below URL:
• https://aws.amazon.com/sqs/

NEW QUESTION 6
If I want Cloud Formation stack status updates to show up in a continuous delivery system in as close to real time as possible, how should I achieve this?

• A. Use a long-poll on the Resources object in your Cloud Formation stack and display those state changes in the Ul for the system.
• B. Use a long-poll on the ListStacksAPI call for your CloudFormation stack and display those state changes in the Ul for the system.
• C. Subscribe your continuous delivery system to an SNS topic that you also tell your CloudFormation stack to publish events int
• D. Subscribe your continuous delivery system to an SQS queue that you also tell your CloudFormation stack to publish events into.

Answer: C

Explanation:
Answer - C
You can monitor the progress of a stack update by viewing the stack's events. The console's Cvents tab displays each major step in the creation and update of the stack sorted by the time of each event with latest events on top. The start of the stack update process is marked with an UPDATE_IN_PROGRCSS event for the stack For more information on Monitoring your stack, please visit the below URL:
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/using-cfn-updating-stacks- monitor-stack. html

NEW QUESTION 7
Your company has an application sitting on EC2 Instances behind an Elastic Load balancer. The EC2 Instances are being launched as part of an Autoscaling Group. Which of the following is an example of Blue Green Deployments in AWS?

• A. Usea Cloudformation stack to deploy your resource
• B. Use 2 Cloudformation stacks.Whenever you want to switch over, deploy and use the resources in the secondCloudformation stack.
• C. Usethe Elastic beanstalk service to deploy your resource
• D. Use 2 Elastic beanstalkenvironments.Use Rolling deployments to switch between the environments.
• E. Re-deployyour application behind a load balancer that uses Auto Scaling groups, create anew identical Auto Scaling group, and associate it to the load balance
• F. Duringdeployment, set the desired number of instances on the old Auto Scalinggroupto zero, and when all instances have terminated, delete the old Auto Scalinggroup.
• G. Usethe Opsworks sen/ice to deploy your resource
• H. Use 2 Opswork layers to deploy 2versions of your applicatio
• I. When the time comes for the switch, change to thealternate layer in the Opswork stack

Answer: C

Explanation:
This deployment technique is given in the AWS Whitepaper

As you scale up the green Auto Scaling group, you can take blue Auto Scaling group instances out of service by either terminating them or putting them in Standby state. Standby is a good option because if you need to roll back to the blue environment, you only have to put your blue server instances back in service and they're ready to go.14 As soon as the green group is scaled up without issues, you can decommission the blue group by adjusting the group size to zero. If you need to roll back, detach the load balancer from the green group or reduce the group size of the green group to zero. For more information on Blue Green deployments, please visit the below URL:
• https://dOawsstatic.com/whitepapers/AWS_Blue_Green_Deployments.pdf

NEW QUESTION 8
Explain what the following resource in a CloudFormation template does? Choose the best possible answer.

• A. Createsan SNS topic which allows SQS subscription endpoints to be added as a parameteron thetemplate
• B. Createsan SNS topic that allow SQS subscription endpoints
• C. Createsan SNS topic and then invokes the call to create an SQS queue with a logicalresource name of SQSQueue
• D. Creates an SNS topic and adds asubscription ARN endpoint for the SQS resource created under the logical nameSQSQueue

Answer: D

Explanation:
The intrinsic function Fn::GetAtt returns the value of an attribute from a resource in the template. This has nothing to do with adding parameters (Option A is wrong) or allowing endpoints (Option B is wrong) or invoking relevant calls (Option C is wrong)
For more information on Fn:: GetAtt function please refer to the below link
http://docs.aws.a mazon.com/AWSCIoudFormation/latest/UserGuide/intrinsic-function -reference- getatt.htm I

NEW QUESTION 9
You have a set of EC2 instances hosted in AWS. You have created a role named DemoRole and assigned that role to a policy, but you are unable to use that role with an instance. Why is this the case.

• A. You need to create an instance profile and associate it with that specific role.
• B. You are not able to associate an 1AM role with an instanceC You won't be able to use that role with an instance unless you also create a user and associate it with that specific role
• C. You won't be able to use that role with an instance unless you also create a usergroup and associate it with that specific role.

Answer: A

Explanation:
An instance profile is a container for an 1AM role that you can use to pass role information to an CC2 instance when the instance starts.
Option B is invalid because you can associate a role with an instance
Option C and D are invalid because using users or user groups is not a pre-requisite For more information on instance profiles, please visit the link:
• http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-ro le-ec2_instance- profiles.htm I

NEW QUESTION 10
Which of the below is not a lifecycle event in Opswork?

• A. Setup
• B. Uninstall
• C. Configure
• D. Shutdown

Answer: B

Explanation:
Below are the Lifecycle events of Opsstack
1) Setup - This event occurs after a started instance has finished booting.
2) Configure - This event occurs on all of the stack's instances when one of the following occurs:
a) An instance enters or leaves the online state.
b) You associate an Clastic IP address with an instance or disassociate one from an instance.
c) You attach an Clastic Load Balancing load balancer to a layer, or detach one from a layer.
3) Deploy - This event occurs when you run a Deploy command, typically to deploy an application to a set of application server instances.
4) Undeploy - This event occurs when you delete an app or run an Undeploy command to remove an app from a set of application server instances.
5) Shutdown - This event occurs after you direct AWS Ops Works Stacks to shut an instance down but before the associated Amazon CC2 instance is actually terminated
For more information on Opswork lifecycle events, please visit the below URL:
• http://docs.aws.amazon.com/opsworks/latest/userguide/workingcookbook-events.htm I

NEW QUESTION 11
If you're trying to configure an AWS Elastic Beanstalk worker tier for easy debugging if there are problems finishing queue jobs, what should you configure?

• A. ConfigureRolling Deployments.
• B. ConfigureEnhanced Health Reporting.
• C. ConfigureBlue-Green Deployments.
• D. Configure a Dead Letter Queue.

Answer: D

Explanation:
The AWS documentation mentions the following on dead-letter queues
Amazon SQS supports dead-letter queues. A dead-letter queue is a queue that other (source) queues can target for messages that can't be processed (consumed)
successfully. You can set aside and isolate these messages in the dead-letter queue to determine why their processing doesn't succeed.
For more information on dead letter queues please visit the below link http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter- queues. html

NEW QUESTION 12
As part of your deployment pipeline, you want to enable automated testing of your AWS CloudFormation template. What testing should be performed to enable faster feedback while minimizing costs and risk? Select three answers from the options given below

• A. Usethe AWS CloudFormation Validate Template to validate the syntax of the template
• B. Usethe AWS CloudFormation Validate Template to validate the properties ofresources defined in the template.
• C. Validatethe template's is syntax using a generalJSON parser.
• D. Validatethe AWS CloudFormation template against the official XSD scheme definitionpublished by Amazon Web Services.
• E. Updatethe stack with the templat
• F. If the template fails rollback will return thestack and its resources to exactly the same state.
• G. When creating the stack, specify an Amazon SNS topic to which your testing system is subscribe
• H. Your testing system runs tests when it receives notification that the stack is created or updated.

Answer: AEF

Explanation:
The AWS documentation mentions the following
The aws cloudformation validate-template command is designed to check only the syntax of your template. It does not ensure that the property values that you have specified for a resource are valid for that resource. Nor does it determine the number of resources that will exist when the stack is created.
To check the operational validity, you need to attempt to create the stack. There is no sandbox or test area for AWS Cloud Formation stacks, so you are charged for the resources you create during testing. Option F is needed for notification.
For more information on Cloudformation template validation, please visit the link:
http://docs.aws.a mazon.com/AWSCIoudFormation/latest/UserGuide/using-cfn-va I idate- template.htm I

NEW QUESTION 13
Your development team wants account-level access to production instances in order to do live debugging of a highly secure environment. Which of the following should you do?

• A. Place the credentials provided by Amazon Elastic Compute Cloud (EC2) into a secure Amazon Sample Storage Service (S3) bucket with encryption enable
• B. Assign AWS Identity and Access Management (1AM) users to each developer so they can download the credentials file.
• C. Place an internally created private key into a secure S3 bucket with server-side encryption using customer keys andconfiguration management, create a service account on al I the instances using this private key, and assign I AM users to each developer so they can download the fi le.
• D. Place each developer's own public key into a private S3 bucket, use instance profiles and configuration management to create a user account for each developer on all instances, and place the user's public keys into the appropriate accoun
• E. ^/
• F. Place the credentials provided by Amazon EC2 onto an MFA encrypted USB drive, and physically share it with each developer so that the private key never leaves the office.

Answer: C

Explanation:
An instance profile is a container for an 1AM role that you can use to pass role information to an CC2 instance when the instance starts.
A private S3 bucket can be created for each developer, the keys can be stored in the bucket and then assigned to the instance profile.
Option A and D are invalid, because the credentials should not be provided by a AWS EC2 Instance. Option B is invalid because you would not create a service account, instead you should create an instance profile.
For more information on Instance profiles, please refer to the below document link: from AWS
• http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-ro le-ec2_instance- profiles.htm I

NEW QUESTION 14
Which of the following will you need to consider so you can set up a solution that incorporates single sign-on from your corporate AD or LDAP directory and restricts access for each user to a designated user folder in a bucket? Choose 3 Answers from the options below

• A. Setting up a federation proxy or identity provider
• B. Using AWS Security Token Service to generate temporary tokens
• C. Tagging each folder in the bucket
• D. Configuring 1AM role
• E. Setting up a matching 1AM user for every user in your corporate directory that needs access to a folder in the bucket

Answer: ABD

Explanation:
The below diagram showcases how authentication is carried out when having an identity broker. This is an example of a SAML connection, but the same concept
holds true for getting access to an AWS resource.

For more information on federated access, please visit the below link: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_com mon-scenarios_federated- users.htm I
https://docs.aws.a mazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_sam I. html?icmpid=docs_iam_console
https://aws.ama zon.com/blogs/secu rity/writing-iam-policies-grant-access-to-user-specific-folders-in-an-amazon-s3-bucket/

NEW QUESTION 15
You have deployed an Elastic Beanstalk application in a new environment and want to save the current state of your environment in a document. You want to be able to restore your environment to the current state later or possibly create a new environment. You also want to make sure you have a restore point. How can you achieve this?

• A. Use CloudFormation templates
• B. Configuration Management Templates
• C. Saved Configurations
• D. Saved Templates

Answer: C

Explanation:
You can save your environment's configuration as an object in Amazon S3 that can be applied to other environments during environment creation, or applied to a running environment. Saved configurations are YAML formatted templates that define an environment's platform configuration, tier, configuration option settings,
and tags.
For more information on Saved Configurations please refer to the below link:
• http://docs.aws.a mazon.com/elasticbeanstalk/latest/dg/envi ronment-configuration- savedconfig.html

NEW QUESTION 16
Which of the following services can be used in conjunction with Cloudwatch Logs. Choose the 3 most viable services from the options given below

• A. Amazon Kinesis
• B. Amazon S3
• C. Amazon SQS
• D. Amazon Lambda

Answer: ABD

Explanation:
The AWS Documentation the following products which can be integrated with Cloudwatch logs
1) Amazon Kinesis - Here data can be fed for real time analysis
2) Amazon S3 - You can use CloudWatch Logs to store your log data in highly durable storage such as S3.
3) Amazon Lambda - Lambda functions can be designed to work with Cloudwatch log For more information on Cloudwatch Logs, please refer to the below link: link:http://docs^ws.amazon.com/AmazonCloudWatch/latest/logs/WhatlsCloudWatchLogs.html

NEW QUESTION 17
You have just developed a new mobile application that handles analytics workloads on large scale datasets that are stored on Amazon Redshift. Consequently, the application needs to access Amazon Redshift tables. Which of the below methods would be the best, both practically and security-wise, to access the tables? Choose the correct answer from the options below

• A. Createan 1AM user and generate encryption keys for that use
• B. Create a policy for RedShiftread- only acces
• C. Embed the keys in the application.
• D. Createa HSM client certificate in Redshift and authenticate using this certificate.
• E. Createa RedShift read-only access policy in 1AM and embed those credentials in theapplication.
• F. Useroles that allow a web identity federated user to assume a role that allowsaccess to the RedShift table by providing temporary credentials.

Answer: D

Explanation:
For access to any AWS service, the ideal approach for any application is to use Roles. This is the first preference. Hence option A and C are wrong.
For more information on 1AM policies please refer to the below link: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
Next for any web application, you need to use web identity federation. Hence option D is the right option. This along with the usage of roles is highly stressed in the AWS documentation.
"When you write such an app, you'll make requests to AWS services that must be signed with an AWS access key. However, we strongly recommend that you do not embed or distribute long-term AWS credentials with apps that a user downloads to a device, even in an encrypted store. Instead, build your app so that it requests temporary AWS security credentials dynamically when needed using web identity federation. The supplied temporary credentials map to an AWS role that has only
the permissions needed to perform the tasks required by the mobile app".
For more information on web identity federation please refer to the below link: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html

NEW QUESTION 18
You are a Devops Engineer and are designing an Opswork stack in AWS. The company has some custom recipes that are part of their on-premise Chef configuration. These same recipes need to be run whenever an instance is launched in Opsworks. Which of the following steps need to be carried out to to ensure this requirement gets fulfilled. Choose 2 answers from the options given below

• A. Ensurethe custom cookbooks option is set in Opswork stack.
• B. Ensurethe custom cookbooks option is set in Opswork layer.
• C. Ensurethe recipe is placed as part of the Setup Lifecycle event as part of the Layersetting.
• D. Ensurethe recipe is placed as part of the Setup Lifecycle event as part of the Stacksetting.

Answer: AC

Explanation:
The AWS Documentation mentions the below
Each layer has a set of built-in recipes assigned to each lifecycle event, although some layers lack Undeploy recipes. When a lifecycle event occurs on an instance,
AWS OpsWorks Stacks runs the appropriate set of recipes for the associated layer.
The below diagram shows a snapshot in the stack settings where you can enable custom cookbooks

For more information on automating recipe's, please visit the below URL: http://docs.aws.amazon.com/opsworks/latest/userguide/workingcookbook-assigningcustom.html

NEW QUESTION 19
You are currently planning on using Autoscaling to launch instances which have an application installed. Which of the following methods will help ensure the instances are up and running in the shortest span of time to take in traffic from the users?

• A. Loginto each instance and install the software.
• B. UseUserData to launch scripts to install the software.
• C. UseDocker containers to launch the software.
• D. UseAMI's which already have the software installed.

Answer: D

Explanation:
The AM I will be the fatest because it will already have the software installed. You can customize the instance that you launch from a public AMI and then save that configuration as a custom AMI for your own use. Instances that you launch from your AMI use all the custom izations that you've made.
For more information on AMI'S please refer to the below link http://docs.aws.amazon.com/AWSCC2/latest/UserGuide/AMIs.html

NEW QUESTION 20
You are using lifecycle hooks in your AutoScaling Group. Because there is a lifecycle hook, the instance is put in the Pending:Wait state, which means that it is not available to handle traffic yet. When the instance enters the wait state, other scaling actions are suspended. After some time, the instance state is changed to Pending:Proceed, and finally InService where the instances that are part of the Autoscaling Group can start serving up traffic. But you notice that the bootstrapping process on the instances finish much earlier, long before the state is changed to PendingiProceed.
What can you do to ensure the instances are placed in the right state after the bootstrapping process is complete?

• A. Use the complete-lifecycle-action call to complete the lifecycle actio
• B. Run this command from another EC2 Instance.
• C. Use the complete-lifecycle-action call to complete the lifecycle actio
• D. Run this command from the Command line interfac
• E. -^C Use the complete-lifecycle-action call to complete the lifecycle actio
• F. Run this command from the Simple Notification service.
• G. Use the complete-lifecycle-action call to complete the lifecycle actio
• H. Run this command from a SQS queue

Answer: B

Explanation:
The AWS Documentation mentions the following
3. If you finish the custom action before the timeout period ends, use the complete-1ifecycle-action command so that the Auto Scalinggroup can continue launching
or terminating the instance. You can specify the lifecycle action token, as shown in the following command:
3. If you finish the custom action before the timeout period ends, use the complete-lifecycle-action command so that Auto Scaling can continue launching or terminating the instance. You can specify the lifecycle action token, as shown in the following command:

For more information on lifecycle hooks, please refer to the below URL:
• http://docs.aws.amazon.com/autoscaling/latest/userguide/lifecycle-hooks.htm I

NEW QUESTION 21
Which of the following is a reliable and durable logging solution to track changes made to your AWS resources?

• A. Createa new CloudTrail trail with one new S3 bucket to store the logs and with theglobal services option selecte
• B. Use 1AM roles S3 bucket policies and MultiFactor Authentication (MFA) Delete on the S3 bucket that stores your log
• C. V
• D. Createa new CloudTrail with one new S3 bucket to store the log
• E. Configure SNS tosend log file delivery notifications to your management syste
• F. Use 1AM rolesand S3 bucket policies on the S3 bucket that stores your logs.
• G. Createa new CloudTrail trail with an existing S3 bucket to store the logs and withthe global services option selecte
• H. Use S3 ACLs and Multi FactorAuthentication (M FA) Delete on the S3 bucket that stores your logs.
• I. Createthree new CloudTrail trails with three new S3 buckets to store the logs one forthe AWS Management console, one for AWS SDKs and one for command line tools.Use 1AM roles and S3 bucket policies on the S3 buckets that store your logs.

Answer: A

Explanation:
AWS Identity and Access Management (1AM) is integrated with AWS CloudTrail, a sen/ice that logs AWS events made by or on behalf of your AWS account. CloudTrail logs authenticated AWS API calls and also AWS sign-in events, and collects this event information in files that are delivered to Amazon S3 buckets. You need to ensure that all services are included. Hence option B is partially correct.
Option B and D is wrong because it just adds an overhead for having 3 S3 buckets and SNS notifications.
For more information on Cloudtrail, please visit the below URL:
• http://docs.aws.a mazon.com/IAM/latest/UserGuide/cloudtrail-integration.htm I

NEW QUESTION 22
You have a development team that is continuously spending a lot of time rolling back updates for an application. They work on changes, and if the change fails, they spend more than 5-6h in rolling back the update. Which of the below options can help reduce the time for rolling back application versions.

• A. Use Elastic Beanstalk and re-deploy using Application Versions
• B. Use S3 to store each version and then re-deploy with Elastic Beanstalk
• C. Use CloudFormation and update the stack with the previous template
• D. Use OpsWorks and re-deploy using rollback feature.

Answer: A

Explanation:
Option B is invalid because Clastic Beanstalk already has the facility to manage various versions and you don't need to use S3 separately for this.
Option C is invalid because in Cloudformation you will need to maintain the versions. Clastic Beanstalk can so that automatically for you.
Option D is good for production scenarios and Clastic Beanstalk is great for development scenarios. AWS beanstalk is the perfect solution for developers to maintain application versions.
With AWS Clastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud without worrying about the infrastructure that runs those
applications. AWS Clastic Beanstalk reduces management complexity without restricting choice or control. You simply upload your application, and AWS Clastic
Beanstalk automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring.
For more information on AWS Beanstalk please refer to the below link: https://aws.amazon.com/documentation/elastic-beanstalk/

NEW QUESTION 23
When deploying applications to Elastic Beanstalk, which of the following statements is false with regards to application deployment

• A. Theapplication can be bundled in a zip file
• B. Caninclude parent directories
• C. Shouldnot exceed 512 MB in size
• D. Canbe a war file which can be deployed to the application server

Answer: B

Explanation:
The AWS Documentation mentions
When you use the AWS Clastic Beanstalk console to deploy a new application or an application version, you'll need to upload a source bundle. Your source bundle must meet the following requirements:
Consist of a single ZIP file or WAR file (you can include multiple WAR files inside your ZIP file) Not exceed 512 MB
Not include a parent folder or top-level directory (subdirectories are fine)
For more information on deploying applications to Clastic Beanstalk please see the below link: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/applications-sourcebundle.html

NEW QUESTION 24
......