SDLC Automation questions on this certification test your ability to deploy and manage sdlc automation concepts in scenario-based situations.
Start practicing
SDLC Automation — choose a session length
Free · No account required
Domain overview
Use this page to practise SDLC Automation questions for this certification. Focus on how the exam tests sdlc automation in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.
Exam objectives
Core SDLC Automation concepts and how they apply in real-world cloud scenarios.
How to deploy sdlc automation correctly and verify the outcome.
Troubleshooting sdlc automation issues by interpreting error output and system state.
Cloud best practices and SDLC Automation design trade-offs tested by this certification.
Selecting the most expensive service when a simpler managed option meets the requirement.
Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
Choosing a global service fix when the issue is region-specific.
Overlooking cost implications of cross-region data transfer in architecture questions.
Click any question to see the full explanation and answer options, or start a focused practice session above.
A company uses AWS CodePipeline with a multi-branch strategy. A new feature branch triggers a pipeline that runs unit tests and deploys to a test environment. The deployment step uses AWS CodeDeploy with a deployment group configured for in-place deployment to Amazon EC2 instances. The deployment fails intermittently with the error 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems.' The instances are healthy and pass health checks. What is the most likely cause?
2A development team uses AWS CodeBuild to compile a Java application and run unit tests. The build takes 30 minutes, but the team wants to reduce build time. The codebase has not changed significantly, and dependencies are stable. Which action would be MOST effective in reducing build time?
3A company uses AWS CodePipeline with multiple stages: Source (Amazon S3), Build (AWS CodeBuild), and Deploy (AWS CodeDeploy). The build stage runs a series of tests, and if they pass, the pipeline proceeds to deploy. Recently, a developer committed a change that passed all tests but caused a production outage. The team wants to add an approval step before the deploy stage, but they also want to ensure that only changes from specific branches can be deployed. What is the MOST secure and maintainable way to enforce this?
4A company uses AWS CodeCommit for source control. Developers frequently push large binary files (e.g., compiled JARs) to the repository, causing the repository size to grow rapidly and slowing down clone operations. The team wants to enforce a policy to reject pushes that contain files larger than 50 MB. Which approach should be used?
5An organization uses AWS CodePipeline to orchestrate deployments to multiple environments (dev, test, prod). Each environment uses a different AWS account. The pipeline uses cross-account actions with IAM roles. Recently, the pipeline failed at the deploy stage for the prod account with the error 'Access Denied' when assuming the cross-account role. The role ARN is correct and the trust policy allows the pipeline's service role. What is the MOST likely cause?
6A team uses AWS CodeDeploy to deploy a web application to an Auto Scaling group. The deployment strategy is Blue/Green. During a recent deployment, the new instances passed all health checks, but traffic was not routed to them. What is the most likely reason?
7A company uses AWS CodePipeline with a source stage from Amazon S3 and a deploy stage to AWS Elastic Beanstalk. The pipeline has been working for months, but recently the deploy stage started failing with the error 'The S3 object does not exist.' The source artifact is uploaded to the S3 bucket by an external system. Which TWO actions should be taken to resolve this issue? (Choose TWO.)
8A DevOps team is designing a CI/CD pipeline for a microservices application. Each microservice has its own code repository and build artifacts. The team wants to use AWS CodePipeline with multiple parallel actions to build and test all microservices simultaneously. They also want to ensure that if one microservice's build fails, the pipeline does not block other microservices. Which THREE steps should the team take? (Choose THREE.)
9A large enterprise uses a multi-account AWS strategy with a centralized DevOps account. The DevOps account hosts an AWS CodePipeline that deploys a critical application to production account (111111111111) using AWS CodeDeploy. The pipeline has three stages: Source (CodeCommit), Build (CodeBuild), and Deploy (CodeDeploy). The deploy stage uses a cross-account role (arn:aws:iam::111111111111:role/CrossAccountDeployRole) to perform the deployment. The trust policy on that role allows the DevOps account's CodePipeline service role (arn:aws:iam::222222222222:role/CodePipelineServiceRole) to assume it. The pipeline has been working for months, but after a recent security audit, the security team tightened permissions. Now the deploy stage fails with the error: 'User: arn:aws:sts::222222222222:assumed-role/CodePipelineServiceRole/AWS-CodePipeline-xxx is not authorized to perform: codedeploy:CreateDeployment on resource: arn:aws:codedeploy:us-east-1:111111111111:deploymentgroup:MyApp/MyDG'. The DevOps team has verified that the CrossAccountDeployRole has a permissions policy that allows 'codedeploy:*' on all resources. The CodePipelineServiceRole has a permissions policy that allows 'sts:AssumeRole' on the CrossAccountDeployRole. What is the most likely cause and what action should be taken to resolve the issue?
10A development team uses AWS CodeCommit for source control and AWS CodePipeline for CI/CD. They have configured a CodeBuild project that triggers on pushes to the 'develop' branch. The build runs unit tests and packages the application. However, developers report that the pipeline fails intermittently with a 'BUILD_FAILED' status due to test failures, but the tests pass locally. What is the MOST likely cause of this discrepancy?
11A DevOps engineer is setting up an AWS CodePipeline to deploy a web application to an EC2 instance using AWS CodeDeploy. The deployment group uses an in-place deployment configuration. The pipeline's deploy stage fails with the error: 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available, or some instances in your deployment group are experiencing problems.' The engineer checks the CodeDeploy logs on the instance and finds that the 'BeforeInstall' lifecycle hook script is failing. The script attempts to download a package from an Amazon S3 bucket that is encrypted with SSE-KMS. What is the MOST likely cause of the failure?
12A company uses AWS CodeBuild to compile a Java application. The buildspec.yml includes a 'pre_build' phase that runs SonarQube for static code analysis. The analysis requires access to a private SonarQube server hosted on an EC2 instance in the same VPC. The CodeBuild project is configured with a VPC ID, subnet IDs, and security group IDs. However, the build fails with a timeout when trying to connect to the SonarQube server. The security group for the SonarQube server allows inbound traffic on port 9000 from the CodeBuild security group. What is the MOST likely reason for the failure?
13An organization uses AWS CodePipeline with multiple stages: Source, Build, Test, and Deploy. The Test stage runs integration tests in CodeBuild. Recently, the pipeline failed because the Test stage took longer than expected, causing a pipeline execution timeout. The pipeline has a default timeout of 7 days. What is the MOST efficient way to set a maximum execution time for the Test stage without affecting other stages?
14Which AWS service is primarily used to automate the building, testing, and deployment of code changes to AWS infrastructure based on a defined release process?
15A DevOps engineer needs to implement a CI/CD pipeline that builds a Docker image, scans it for vulnerabilities, and deploys it to Amazon ECS. The scanning must be integrated into the pipeline before the image is pushed to Amazon ECR. Which approach meets these requirements?
16A company uses AWS CodeCommit as a source repository and wants to enforce that all commits are signed using GPG keys. The DevOps team configures a pre-receive hook in CodeCommit to validate commit signatures. However, the hook rejects all commits even when valid GPG signatures are present. What is the most likely cause?
17A DevOps team is designing a deployment pipeline for a microservices application on Amazon ECS using AWS CodePipeline. They want to implement a canary deployment strategy where a small percentage of traffic is routed to the new version before fully promoting it. Which AWS service or feature should they use to achieve this?
18A company uses AWS CloudFormation to manage infrastructure. They need to implement a CI/CD pipeline that automatically updates CloudFormation stacks when changes are pushed to a CodeCommit repository. The pipeline must use change sets to review changes before execution. Which pipeline configuration meets these requirements?
19Which of the following are valid strategies for implementing continuous integration in AWS? (Choose two.)
20A DevOps engineer is designing a deployment pipeline for a serverless application using AWS SAM. The pipeline must include the following stages: source, build, deploy to a development environment, run integration tests, and promote to production after manual approval. Which AWS services and features should be used to implement this pipeline? (Choose two.)
21A company uses AWS CodePipeline with Amazon S3 as the source stage. The pipeline triggers on object creation events in the S3 bucket. The development team notices that the pipeline does not trigger when multiple files are uploaded simultaneously. What is the most likely cause?
22A DevOps engineer is designing a CI/CD pipeline using AWS CodePipeline. The source stage is AWS CodeCommit, and the build stage uses AWS CodeBuild. The pipeline must only trigger on changes to the main branch. However, the engineer notices that the pipeline is also triggering on changes to feature branches that are merged via pull requests. What configuration change should the engineer make to ensure the pipeline only triggers on direct commits to the main branch?
23A company uses AWS CodeDeploy for deploying applications to an Auto Scaling group of Amazon EC2 instances. The deployment is failing with the error 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available, or some instances in your deployment group are experiencing problems.' Which two actions should the DevOps engineer take to troubleshoot and resolve the issue? (Choose two.)
24A DevOps engineer is managing a CI/CD pipeline using AWS CodePipeline with multiple stages: Source (CodeCommit), Build (CodeBuild), Test (CodeBuild), and Deploy (CodeDeploy). The engineer wants to add manual approval steps before the Test and Deploy stages. Additionally, the pipeline should automatically roll back the deployment if the Deploy stage fails. Which two actions should the engineer take to implement these requirements? (Choose two.)
25Match each AWS service or feature to its correct description in the context of SDLC automation. Drag and drop the items on the left to the matching descriptions on the right.
26Drag and drop the steps to configure an AWS Elastic Load Balancer (ALB) with HTTPS listeners and target groups.
27Match each AWS deployment strategy to its description.
28A company uses AWS CodePipeline to deploy a web application to an Elastic Beanstalk environment. The pipeline has a source stage from CodeCommit, a build stage using CodeBuild, and a deploy stage to Elastic Beanstalk. Recently, deployments started failing with an error: 'The deployment failed because the Elastic Beanstalk environment is in an UPDATE_ROLLBACK_IN_PROGRESS state.' What is the MOST likely cause?
29A DevOps engineer is designing a CI/CD pipeline for a microservices application running on Amazon ECS with Fargate. The team wants to use a blue/green deployment strategy to minimize downtime. Which combination of AWS services and configurations should be used to implement this?
30A company uses AWS CodeBuild to run unit tests and package a Java application. The build process takes 15 minutes. The team wants to reduce build time by caching dependencies. Which approach should the engineer recommend?
31A development team uses AWS CodeCommit as a source control repository. A developer accidentally pushed a commit that contains sensitive information (e.g., AWS access keys) to the main branch. The team wants to remove the sensitive data from the repository history completely. Which action should the engineer take?
32A company runs a critical application on Amazon EC2 instances behind an Application Load Balancer. The application is deployed using AWS CodeDeploy with an in-place deployment configuration. During a recent deployment, the deployment failed because the new application version caused a health check failure, and CodeDeploy did not automatically roll back. What should the engineer do to ensure automatic rollback on health check failure?
33A team uses AWS CloudFormation to manage infrastructure. They want to deploy a stack that creates an S3 bucket and a DynamoDB table. The S3 bucket name must be unique across all AWS accounts. Which CloudFormation intrinsic function should be used to generate a unique bucket name?
34A company uses AWS CodePipeline to orchestrate a multi-stage deployment. The pipeline has a source, build, test, and deploy stage. The test stage runs integration tests against a temporary environment. The team wants to ensure that the deploy stage only runs if the test stage succeeds. What configuration is needed?
35A company deploys a serverless application using AWS SAM. The application includes an API Gateway REST API and multiple Lambda functions. The team wants to implement canary deployments for the API to gradually shift traffic to a new version. Which SAM template configuration should be used?
36A developer is setting up AWS CodeBuild to compile a Go application. The build fails with the error: 'go: command not found'. What is the MOST likely cause?
37Which TWO actions should a DevOps engineer take to implement a CI/CD pipeline that automatically deploys a containerized application to Amazon ECS using AWS CodePipeline and AWS CodeBuild? (Choose TWO.)
38Which THREE components are required to set up a fully automated CI/CD pipeline for a static website hosted on Amazon S3 using AWS CodePipeline? (Choose THREE.)
39Which TWO best practices should be followed when configuring AWS CodeBuild projects to improve build performance and security? (Choose TWO.)
40A DevOps engineer is reviewing the IAM policy attached to a CodeBuild service role. The policy allows starting builds and viewing logs. However, when CodeBuild tries to download artifacts from an S3 bucket in the same account, it fails with an access denied error. What is the missing permission?
41A CodeDeploy deployment group is configured as shown in the exhibit. During a deployment, the deployment fails because the instances are not found. What is the MOST likely reason?
42A CloudFormation stack creation failed as shown in the exhibit. What is the MOST likely cause of the failure?
43A company uses AWS CodeBuild to compile and test code. The build takes 30 minutes, but the team wants to reduce build time by caching dependencies. Which approach should be used?
44A team uses AWS CodePipeline with a source action from an Amazon S3 bucket. The pipeline triggers on changes to the S3 bucket, but sometimes runs twice for a single commit. What is the most likely cause?
45A development team wants to automate infrastructure provisioning using AWS CloudFormation. Which tool is specifically designed to manage CloudFormation templates as part of a deployment pipeline?
46A company uses AWS CodeDeploy to deploy a web application to an Auto Scaling group. After a deployment, some instances fail the health check and are terminated by the Auto Scaling group. What should the DevOps engineer do to prevent this?
47A DevOps team wants to run unit tests in parallel across multiple build environments using AWS CodeBuild. Which build specification configuration allows this?
48A company uses AWS CodeCommit as a Git repository. Developers want to enforce that all commits are signed with GPG keys. How can this be achieved?
49A team uses AWS CodePipeline to deploy a microservices application. The pipeline has a deploy action that uses AWS CloudFormation. The CloudFormation template creates an Amazon ECS service. The deployment fails because the ECS service cannot be updated. What is the most likely cause?
50A company uses AWS CodeBuild to run security scans. The scans require access to a private Amazon ECR repository. The build project is configured with a service role. What is the correct way to provide access to ECR?
51A DevOps engineer needs to automatically roll back a CodeDeploy deployment if the number of failed instances exceeds a threshold. Which deployment configuration should be used?
52Which TWO options are valid ways to trigger an AWS CodePipeline execution automatically?
53Which THREE steps are required to set up cross-account access for AWS CodePipeline using a customer-managed KMS key?
54Which TWO AWS services can be used to implement a blue/green deployment for an application running on Amazon EC2 instances?
55Refer to the exhibit. A DevOps engineer created this IAM policy for a CodeDeploy service role. The deployment fails with an 'AccessDenied' error when attempting to register instances with an Auto Scaling group. What is the likely cause?
56Refer to the exhibit. A DevOps engineer runs this AWS CLI command to list all CodeBuild projects with 'production' in their name. The command returns an empty list, but the engineer knows there are projects named 'production-app' and 'production-backend'. What is the most likely reason?
57Refer to the exhibit. A CloudFormation template creates a Lambda function. After deployment, the function fails with a timeout error. Logs are not being created in CloudWatch. What is the most likely cause?
58A development team uses AWS CodeCommit for source control and wants to automatically run unit tests on every push to the main branch. Which AWS service should they use to trigger the tests?
59A company uses AWS CodeBuild to compile a Java application. The build specification includes a pre-build phase to download dependencies. Which file defines the commands for each build phase?
60A DevOps engineer notices that a CodePipeline execution fails at the deploy stage when deploying a Lambda function using AWS CloudFormation. The error message indicates that the stack update failed because the Lambda function's code is too large. What is the most likely cause?
61A company uses AWS CodeCommit and wants to enforce that all commits to the main branch are signed. What must be configured to enforce this requirement?
62A DevOps team is implementing a blue/green deployment strategy for a microservice running on Amazon ECS with AWS CodeDeploy. They want to shift 10% of traffic to the new task set for 5 minutes, then shift the remaining 90%. Which deployment configuration should they use?
63A company uses AWS CloudFormation to manage infrastructure. They want to deploy a stack that creates an Amazon RDS DB instance. The database password must be stored securely and rotated automatically. Which approach meets these requirements?
64A company uses AWS CodePipeline with multiple stages: Source, Build, Test, Deploy. The Test stage runs integration tests using AWS CodeBuild. If the Test stage fails, what happens to the pipeline execution?
65A DevOps engineer wants to use AWS CodeDeploy to deploy an application to an Auto Scaling group. The deployment must ensure that only a certain percentage of instances are taken out of service at a time. Which deployment configuration supports this requirement?
66A company uses AWS CodeStar to manage software development projects. The team wants to integrate a third-party issue tracking system with CodeStar. Which AWS service should they use to achieve this integration?
67A company is designing a CI/CD pipeline for a serverless application using AWS CodePipeline. Which TWO actions are valid ways to deploy an AWS Lambda function?
68A DevOps team uses AWS CloudFormation to manage infrastructure. They want to implement a change management process that requires approval before making changes to production stacks. Which TWO approaches can be used to enforce this?
69A company uses AWS CodeBuild to build and test a Node.js application. The buildspec.yml currently runs npm install and npm test. They want to also run a security scan using a third-party tool. Which THREE steps are required to integrate the security scan into the CodeBuild build?
70An IAM policy is attached to a user who needs to manually start a CodePipeline execution. The pipeline uses an S3 bucket named 'my-artifact-bucket' for artifacts. The user reports that they cannot start the pipeline. Which action is missing from the policy?
71A DevOps engineer runs the above AWS CLI commands and notices that the CodeBuild project 'my-project' exists but builds fail with the error 'Access Denied' when trying to fetch source code from CodeCommit. The IAM role 'CodeBuildServiceRole' has a policy that allows 'codecommit:GitPull' on all repositories. What is the most likely cause of the failure?
72A DevOps engineer creates a CloudFormation stack with the above template. After creation, they want to update the Lambda function code by uploading a new zip file to the S3 bucket and updating the S3Key property. However, the stack update fails because the Lambda function is published as a version and the alias points to that version. What is the most likely reason for the update failure?
73A DevOps team uses AWS CodeBuild to compile code and run unit tests. The team notices that builds are failing with a timeout error after 60 minutes. What is the most likely cause and solution?
74A development team uses AWS CodePipeline to orchestrate builds and deployments. They want to automatically deploy to a staging environment only if a manual approval step is granted. Which configuration should they use?
75A company uses AWS CodeCommit for source control. Developers frequently push large binary files (e.g., compiled binaries, datasets) to the repository, causing repository size to grow and clone operations to become slow. What is the BEST approach to manage this?
76A team uses AWS CodeDeploy to deploy an application to an Auto Scaling group. The deployment fails with the error: 'The overall deployment failed because too many individual instances failed deployment.' The instances are healthy and can connect to the CodeDeploy service. What is the most likely cause?
77A company uses AWS CloudFormation to manage infrastructure. They want to update a stack but need to ensure that critical database resources are not accidentally replaced during the update. What is the BEST way to protect these resources?
78An organization uses AWS CodePipeline with multiple stages: Source, Build, Deploy to Test, Deploy to Prod. They want to implement a canary deployment strategy for the production deployment. Which approach should they use?
79A DevOps engineer is troubleshooting a failed build in AWS CodeBuild. The build log shows: 'Error: Cannot find module 'lodash'.' The buildspec.yml file lists 'npm install' as a command. What is the most likely cause?
80A company uses AWS Elastic Beanstalk for deploying web applications. They want to automate deployments whenever a new commit is pushed to the master branch of their CodeCommit repository. Which AWS service should they use to trigger the deployment?
81A team uses AWS CloudFormation to deploy a stack that includes an Amazon RDS DB instance. During a stack update, they need to modify the DB instance class but want to avoid downtime. Which update policy should they use?
82Which TWO AWS services can be used as sources in an AWS CodePipeline? (Choose two.)
83Which THREE actions can be performed using the AWS CLI for CodeDeploy? (Choose three.)
84Which TWO are valid deployment configurations in AWS CodeDeploy? (Choose two.)
85Refer to the exhibit. An IAM policy is attached to a user. The user reports that they cannot push to the 'MyRepo' repository. What is the likely reason?
86Refer to the exhibit. A CodeBuild project uses this buildspec. The build fails with the error: 'The runtime version specified is not supported in this environment.' What change should be made?
87Refer to the exhibit. A DevOps engineer runs the AWS CLI command to list deployments for an application. The output shows only 2 deployments, but the team knows there are more. How can the engineer retrieve the remaining deployments?
88A company uses AWS CodePipeline with a multi-branch strategy. Developers push to feature branches, which should trigger a pipeline that runs unit tests and then deploys to a staging environment. However, the pipeline only triggers on the main branch. What should be done to enable pipeline execution for feature branches?
89A DevOps team is designing a CI/CD pipeline for a microservices application. Each service is stored in a separate repository. The team wants to build and test only the services that changed in a given commit. Which AWS solution is MOST efficient and cost-effective?
90A developer wants to automate the creation of a new Amazon ECS service whenever a new Docker image is pushed to Amazon ECR. Which AWS service should be used to orchestrate this workflow?
91An organization uses AWS CodeBuild to run integration tests. The tests require a large amount of memory and CPU, and they often timeout after the default 60 minutes. What is the MOST efficient way to increase the timeout and allocate more resources?
92A company has a multi-account AWS environment using AWS Organizations. The DevOps team wants to deploy a CloudFormation stack set to all accounts in the organization. Which IAM permissions are REQUIRED for the stack set execution role?
93A developer wants to automatically deploy a new version of an AWS Lambda function whenever code is pushed to a specific branch in AWS CodeCommit. Which combination of services should be used?
94A company uses AWS CodeDeploy with a blue/green deployment strategy for an Amazon EC2 Auto Scaling group. During deployment, the new instances are failing health checks and the deployment is rolling back. What is the MOST likely cause?
95A team uses AWS CodePipeline to deploy a serverless application using AWS SAM. The pipeline includes a build stage that runs 'sam build' and a deploy stage that runs 'sam deploy'. The deployment fails with an error: 'The security token included in the request is invalid.' What is the MOST likely cause?
96A company wants to enforce that all infrastructure changes go through a CI/CD pipeline. Which AWS service can be used to prevent direct changes to production resources?
97A DevOps engineer is troubleshooting a failed CodePipeline execution. The pipeline has a source stage from CodeCommit, a build stage using CodeBuild, and a deploy stage using CodeDeploy. The build stage succeeds, but the deploy stage fails with 'No deployments found for the specified deployment group.' Which TWO actions should the engineer take to resolve this?
98A company uses AWS CodeBuild to run security scans on code. The scan requires access to a private Amazon ECR repository for downloading scanning tools. The CodeBuild project is configured with a VPC and uses an IAM role. However, the build fails with 'Error: unable to pull image from registry.' Which TWO steps should be taken to resolve this?
99A company wants to implement a CI/CD pipeline for an application that runs on Amazon ECS with Fargate. The pipeline should build a Docker image, push it to Amazon ECR, and deploy a new task definition to ECS. Which THREE AWS services are required to build this pipeline?
100Refer to the exhibit. A CodePipeline service role has this IAM policy attached. The pipeline's deploy stage uses CodeDeploy to perform an ECS blue/green deployment. The deployment fails with an access denied error. What is the MOST likely missing permission?
101Refer to the exhibit. A developer runs this buildspec in CodeBuild to deploy a CDK application. The build succeeds, but the CDK stack is not deployed. What is the MOST likely reason?
102Refer to the exhibit. A DevOps engineer sees this output when listing pipelines. The pipeline 'my-app-pipeline' has execution mode set to 'QUEUED'. The team reports that when multiple commits are pushed simultaneously, only the latest commit is deployed, and earlier ones are skipped. How should the pipeline execution mode be changed to ensure all commits are deployed?
103A company uses AWS CodePipeline with an S3 source action and a CodeBuild project. The pipeline fails intermittently during the build stage with an error indicating that the source code archive is corrupt. Which action should the DevOps engineer take to resolve this issue?
104A DevOps team is implementing a CI/CD pipeline for a microservices architecture on AWS ECS. They want to ensure zero-downtime deployments and automatic rollback if health checks fail. Which combination of services should they use?
105A developer wants to automatically run unit tests when a pull request is created in AWS CodeCommit. Which AWS service should be used to trigger the tests?
106A company is using AWS CodePipeline to deploy a static website to Amazon S3. The pipeline includes a CodeBuild step that minifies JavaScript files. Recently, the build step started failing with an error: 'Error: ENOENT: no such file or directory, open 'index.js''. What is the most likely cause?
107A team uses AWS CodePipeline with multiple parallel actions in a stage. They notice that when one action fails, the entire stage fails and no further actions are attempted. They want the pipeline to continue with the remaining actions even if one fails, and then report the failure at the end. Which feature should they use?
108A company uses AWS CodeBuild to build a Docker image and push it to Amazon ECR. The buildspec.yml includes a 'post_build' phase command to tag the image. The build fails with 'unauthorized: authentication required'. What must be done to resolve this?
109A DevOps engineer is designing a CI/CD pipeline for a serverless application using AWS Lambda. They want to automatically deploy the latest version of the Lambda function to production after running integration tests. The source code is in AWS CodeCommit. Which pipeline configuration should they use?
110A company has a multi-account AWS environment with separate accounts for development, staging, and production. They want to implement a CI/CD pipeline that deploys to each account sequentially after manual approvals. Which setup allows cross-account deployment with CodePipeline?
111A developer is using AWS CodeCommit as a source repository for a CodePipeline. They want to automatically start the pipeline when changes are pushed to the main branch. What is the simplest way to achieve this?
112Which TWO actions are best practices when designing a CI/CD pipeline for a containerized application on Amazon ECS? (Choose two.)
113Which THREE steps are required to set up a cross-account CodePipeline that deploys to an EC2 instance in a target account? (Choose three.)
114Which TWO are valid use cases for using AWS CodeArtifact in a CI/CD pipeline? (Choose two.)
115Which THREE practices help ensure the security of a CI/CD pipeline that deploys to production? (Choose three.)
116A DevOps engineer is creating a CodePipeline service role. The above IAM policy is attached to the role. The pipeline fails when trying to download artifacts from the S3 bucket. What is the issue?
117A DevOps engineer is reviewing the CodePipeline structure above. The pipeline fails during the Deploy stage with an error: 'The deployment group could not be found.' What is the most likely cause?
118A company is using AWS CodeCommit for source control and wants to automatically trigger a build in AWS CodeBuild whenever a pull request is created against the main branch. Which AWS service should be used to connect CodeCommit events to CodeBuild?
119A DevOps team is designing a CI/CD pipeline for a microservices application. Each microservice has its own CodeCommit repository and must be built and deployed independently. The team wants to minimize manual configuration and ensure that adding a new microservice automatically creates the corresponding pipeline stages. Which approach should the team use?
120An organization has a AWS CodePipeline that deploys a critical application. The pipeline uses a manual approval step before deploying to production. The team wants to ensure that only authorized users can approve the deployment, and that the approval action is logged for compliance. Which combination of actions should the team take? (Select TWO.)
121A development team uses AWS CodeBuild to run unit tests on every commit to the develop branch. The tests take a long time because they download dependencies each time. What should the team do to reduce build time?
122A company is implementing a blue/green deployment strategy for an application running on Amazon ECS with AWS Fargate. The team wants to use AWS CodeDeploy to orchestrate the deployment. What is the minimum IAM permissions needed for CodeDeploy to register the new task set and shift traffic?
123A team uses AWS CodePipeline with multiple stages: Source, Build, Test, and Deploy. The Test stage runs integration tests against a staging environment. Occasionally, the tests fail due to environment issues, not code issues. The team wants to automatically retry the Test stage up to two times if it fails, but not the Deploy stage. How can this be achieved?
124A company wants to ensure that all code changes are reviewed before being merged to the main branch in AWS CodeCommit. Which feature should be enabled?
125During a deployment using AWS CodeDeploy, the deployment fails with the error 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available, or some instances in your deployment group are experiencing problems.' The deployment group is configured with a minimum healthy instances of 75%. What could be the cause?
126A company is migrating from Jenkins to AWS CodeBuild. They have hundreds of Jenkins jobs that run on a schedule. Some jobs take hours and must not overlap. What is the most efficient way to migrate these jobs to CodeBuild while ensuring no overlapping builds?
127An IAM policy is attached to a user. The user is trying to push a commit to the 'main' branch of the 'MyRepo' repository. The push is denied. What is the most likely reason?
128A developer is troubleshooting a failed CodeBuild build. The build is triggered by a pull request from a forked repository. The buildspec includes a command to fetch pull request references. What is the most likely cause of the failure?
129A CloudFormation stack is created with the template above and the parameter Environment set to 'dev'. Later, the stack is deleted. What happens to the S3 bucket?
130A DevOps engineer is setting up a CI/CD pipeline for a Node.js application. The application must be built, tested, and deployed to an Amazon ECS cluster. The team wants to use AWS CodeBuild to run unit tests and package the application as a Docker image, and AWS CodePipeline to orchestrate the workflow. Which artifact type should CodeBuild output to be used by a subsequent CodePipeline action?
131A company uses AWS CodePipeline with a GitHub source action. They want to automatically start the pipeline when a pull request is merged to the main branch. However, the pipeline also starts on every push to any branch. How can they limit the pipeline to only trigger on push events to the main branch?
132A team uses AWS CodeBuild to run security scans on code before deployment. They want to ensure that if the security scan fails, the build is marked as FAILED and no further pipeline stages execute. What should they add to the buildspec?
133A development team is using AWS CodeCommit as a source control repository. They want to automate code builds and run unit tests every time a developer pushes code to the 'develop' branch. Which AWS service should they use to trigger the build automatically?
134A company is using AWS CodeBuild to compile a Java application. The build takes over 30 minutes, causing timeouts. The team has already increased the build timeout to the maximum. Which action would MOST effectively reduce the build time?
135A DevOps engineer is designing a CI/CD pipeline for a microservices architecture. The pipeline must deploy to Amazon ECS using blue/green deployments. The team wants to automatically roll back if the new deployment fails health checks. Which combination of AWS services and configurations should the engineer use?
136A team uses AWS CodePipeline to deploy a static website to Amazon S3. The pipeline has a deployment stage that uses AWS CodeDeploy to copy files to an S3 bucket. However, the deployment fails because the S3 bucket is not configured for static website hosting. What is the MOST likely cause of the failure?
137A company is using AWS CodeBuild to run integration tests. The tests require access to an Amazon RDS instance in a private subnet. The CodeBuild project is configured with a VPC ID, subnet IDs, and security group IDs. However, the tests fail with a connection timeout. What is the MOST likely cause?
138A company has a CI/CD pipeline that deploys to Amazon ECS using AWS CodePipeline. The pipeline includes a manual approval step before deployment to production. The security team requires that all approvals be logged in AWS CloudTrail and that the approver's identity be verified. Which action should the DevOps engineer take to meet these requirements?
139A development team uses AWS CodeCommit as a Git repository. They want to automatically trigger a build in AWS CodeBuild when a pull request is created or updated. Which configuration should the team use?
140A company uses AWS CodePipeline to deploy a Node.js application to AWS Elastic Beanstalk. The pipeline includes a build stage that runs 'npm install' and 'npm test'. The team notices that the build stage often fails due to network timeouts when downloading npm packages. Which action would MOST reliably resolve this issue?
141A company is using AWS CodePipeline with a deployment stage that uses AWS CloudFormation to deploy infrastructure. The team wants to ensure that if the CloudFormation stack update fails, the pipeline automatically rolls back to the previous version of the stack. Which configuration should the DevOps engineer implement?
142A DevOps team is designing a CI/CD pipeline for a microservices application that runs on Amazon ECS. They need to implement automated canary deployments. Which TWO AWS services would be essential for this implementation?
143A company uses AWS CodePipeline to deploy a serverless application using AWS SAM. The pipeline includes a build stage that runs 'sam build' and a deploy stage that runs 'sam deploy'. The team wants to automatically test the deployed application before promoting it to production. Which THREE steps should be included in the pipeline?
144A company is using AWS CodeBuild to build a Docker image and push it to Amazon ECR. The buildspec.yaml includes commands to build and tag the image. However, the push to ECR fails with an authentication error. Which TWO actions should the DevOps engineer take to resolve this?
145A DevOps team uses AWS CodePipeline with a multi-branch strategy. The pipeline should deploy to production only from the 'main' branch, but run unit tests for all branches. How should the team configure the pipeline?
146A company uses AWS CodeBuild to run integration tests. The tests require access to an RDS database in a private subnet. CodeBuild runs in a VPC but the build times out waiting for the database connection. What is the MOST likely cause?
147A team uses AWS CloudFormation to manage infrastructure. They want to reuse a common set of resources (e.g., VPC, subnets) across multiple stacks. Which CloudFormation feature should they use?
148A development team uses AWS CodeCommit for source control. They want to enforce that all commits include a JIRA issue key in the commit message. What is the MOST efficient way to achieve this?
149A company runs a critical application on Amazon ECS with Fargate. They use blue/green deployments via AWS CodeDeploy. During a recent deployment, the new task set failed health checks and CodeDeploy automatically rolled back. However, the old task set also became unhealthy shortly after rollback. What could explain this?
150A team wants to automate the creation of a CI/CD pipeline using a JSON/YAML file that defines source, build, and deploy stages. Which AWS service should they use?
151A company uses AWS CodePipeline with a source stage from Amazon S3. The pipeline triggers on changes to the S3 bucket. However, the pipeline does not trigger when a new object is uploaded. What is the MOST likely cause?
152A company uses AWS CodeBuild to run builds for a Java application. The buildspec includes a 'mvn test' command. The build succeeds but the tests fail. The team wants to fail the build if any test fails. What should they do?
153A team wants to automatically deploy a new version of a Lambda function when code is pushed to a CodeCommit repository. Which AWS service should orchestrate this workflow?
154A DevOps engineer is designing a CI/CD pipeline for a microservices architecture. The pipeline must ensure that only code that passes security scanning can proceed to deployment. Which TWO actions should the engineer take? (Choose TWO.)
155A company uses AWS CloudFormation to deploy a multi-tier application. The stack creation fails with a 'CREATE_FAILED' error for a resource. The engineer wants to troubleshoot the issue. Which THREE steps should the engineer take? (Choose THREE.)
156A team uses AWS CodeBuild to build a Node.js application. The buildspec.yml file is at the root of the repository. The build fails with 'Error: Cannot find module 'aws-sdk''. Which TWO actions could resolve the issue? (Choose TWO.)
157Refer to the exhibit. An IAM policy is attached to a role used by a CI/CD system. The policy is intended to allow starting the pipeline 'MyPipeline' from the same account. However, the CI/CD system receives an 'AccessDenied' error when trying to start the pipeline. What is the problem?
158Refer to the exhibit. A DevOps engineer sees the following error when trying to update a CloudFormation stack: 'Stack [arn:aws:cloudformation:us-west-2:123456789012:stack/MyStack/abc123] is in ROLLBACK_COMPLETE state and can not be updated.' What should the engineer do to proceed?
159Refer to the exhibit. A team uses this buildspec.yml in AWS CodeBuild. The build fails because the 'dist' directory does not exist after the build phase. What is the most likely cause?
160A development team uses AWS CodeCommit for source control and AWS CodePipeline for CI/CD. The pipeline has a source stage that pulls from a CodeCommit repository, a build stage using AWS CodeBuild, and a deploy stage that uses AWS CodeDeploy to deploy to an EC2 Auto Scaling group. The team notices that the pipeline frequently fails at the deploy stage with the error 'The deployment failed because the deployment group's deployment configuration specifies a minimum healthy host count of 1, but 0 healthy hosts are available.' What is the MOST likely cause of this issue?
161A company runs a microservices architecture on Amazon ECS with Fargate launch type. Each microservice is deployed using AWS CodePipeline with a source stage from CodeCommit, a build stage in CodeBuild, and a deploy stage that updates the ECS service. The team wants to implement a blue/green deployment strategy to reduce downtime and enable quick rollbacks. Which combination of AWS services and configurations should be used?
162A DevOps engineer is configuring a webhook trigger in AWS CodePipeline to automatically start a pipeline when changes are pushed to a specific branch in a CodeCommit repository. The webhook is created and the trigger is set to the 'main' branch. However, when a developer pushes a commit to the 'main' branch, the pipeline does not start. What is the MOST likely reason?
163A company uses AWS CodeBuild to compile and test Java code. The buildspec.yml file includes a 'pre_build' phase that runs unit tests. The build occasionally fails with the error 'No space left on device.' The build environment is a general1.medium EC2 instance with 160 GB of disk space. What is the MOST effective solution to resolve this issue?
164A company uses AWS CodePipeline to deploy a serverless application using AWS SAM. The pipeline has a source stage from CodeCommit, a build stage that runs 'sam build', and a deploy stage that runs 'sam deploy --no-confirm-changeset'. The deploy stage fails with the error 'The security token included in the request is invalid.' What is the MOST likely cause?
165A development team uses AWS CodeStar to set up a continuous delivery pipeline for a web application. The application is deployed to an Elastic Beanstalk environment. After a successful deployment, the team wants to automatically run integration tests against the deployed application. What is the SIMPLEST way to achieve this?
166A company uses AWS CodePipeline to deploy a static website to an S3 bucket. The pipeline includes a source stage (S3), a build stage (CodeBuild) that minifies assets, and a deploy stage that copies files to the production S3 bucket. The deploy stage uses 's3 sync' command. After a recent deployment, some users report seeing old content. What is the MOST likely cause?
167A team uses AWS CodePipeline to deploy a containerized application to Amazon ECS. The pipeline uses a source stage from CodeCommit, a build stage that builds a Docker image and pushes it to Amazon ECR, and a deploy stage that updates an ECS service. The team wants to add a manual approval step before the deploy stage to allow QA to verify the image. What is the BEST way to implement this?
168A company uses AWS CodeCommit for source control. Developers work on feature branches and create pull requests to merge into the 'develop' branch. The company wants to enforce that all commits to the 'develop' branch are signed. Which AWS service or feature should be used to enforce this policy?
169A company is using AWS CodeBuild to run builds for a Java application. The build takes a long time because it downloads Maven dependencies every time. The team wants to speed up the build by caching dependencies. Which TWO actions should be taken? (Choose 2)
170A company uses AWS CodePipeline with multiple stages: Source (CodeCommit), Build (CodeBuild), Test (CodeBuild), and Deploy (CodeDeploy to EC2). The Test stage runs integration tests that require network access to a private database in a VPC. The CodeBuild project is configured to use a VPC. However, the Test stage fails intermittently with timeout errors. Which TWO actions would MOST likely resolve the issue? (Choose 2)
171A DevOps engineer is setting up a CI/CD pipeline for a Python application using AWS CodePipeline. The pipeline includes a build stage with CodeBuild and a deploy stage that runs an AWS CLI command to update a Lambda function. Which THREE steps are necessary to ensure the pipeline can update the Lambda function? (Choose 3)
172Your company uses AWS CodePipeline to automate the deployment of a critical web application. The pipeline consists of a source stage (CodeCommit), a build stage (CodeBuild), and a deploy stage (CodeDeploy) that deploys to an Auto Scaling group of EC2 instances running Amazon Linux 2. The deployment strategy is 'AllAtOnce'. Recently, the team noticed that during deployments, the application becomes completely unavailable for a few minutes until the new instances are registered with the load balancer. The business requires zero downtime during deployments. You need to modify the deployment process to achieve zero downtime while minimizing cost and complexity. The Auto Scaling group currently has a minimum of 2 instances and a maximum of 4 instances. The application is stateless and sessions are stored in ElastiCache. Which solution should you implement?
173You are a DevOps engineer for a company that uses AWS CodePipeline to deploy a microservice to Amazon ECS with Fargate. The pipeline has a source stage (CodeCommit), a build stage (CodeBuild) that builds a Docker image and pushes it to Amazon ECR, and a deploy stage that uses an ECS task definition update. Recently, the deploy stage started failing intermittently with the error 'The task definition does not have a compatibilities attribute set correctly.' The task definition is generated dynamically during the build stage and uses the 'FARGATE' launch type. The error occurs only when a new task definition revision is created. You suspect the issue is related to how the task definition is generated. Upon reviewing the buildspec, you see that the task definition JSON is created using environment variables for the image URI. What is the MOST likely cause and solution?
174A development team is using AWS CodeCommit as the source for a CI/CD pipeline. They want to automatically trigger a build in AWS CodeBuild whenever a developer pushes changes to any branch in the repository. Which pipeline configuration should be used?
175A company uses AWS CodePipeline to deploy a microservices application to Amazon ECS. The pipeline has a source stage (CodeCommit), a build stage (CodeBuild), and a deploy stage (CodeDeploy). Recently, deployments have been failing intermittently during the deploy stage with the error: 'The service has reached its maximum number of running tasks.' How should a DevOps engineer resolve this issue?
176A DevOps engineer is designing a CI/CD pipeline that must enforce a policy: any change to the production branch in CodeCommit must be reviewed and approved by two senior developers before the change can be merged. The pipeline must also automatically build and deploy to a staging environment after approval. Which combination of AWS services and configurations should be used?
177A DevOps team uses AWS CodeBuild to compile a Java application. The build environment is managed by AWS and runs on Linux. The team wants to speed up the build process by caching dependency directories across builds. Which configuration should the team use?
178A development team is implementing a CI/CD pipeline using AWS CodePipeline. The pipeline has a Source stage connected to an Amazon S3 bucket, a Build stage using AWS CodeBuild, and a Deploy stage that deploys to an Amazon ECS cluster. The team notices that the pipeline fails intermittently during the Build stage with a 'BUILD_CONTAINER_UNABLE_TO_PULL_IMAGE' error. What is the most likely cause?
179A company is implementing a CI/CD pipeline using AWS CodePipeline to deploy a serverless application using the AWS Serverless Application Model (SAM). The pipeline must build and package the application, then deploy it to multiple environments (dev, test, prod) sequentially with manual approval gates before production. Which stage configuration should be used?
180A company is using AWS CodeDeploy to deploy a web application to an Auto Scaling group of Amazon EC2 instances. The deployment strategy is Blue/Green. After a successful deployment, the team notices that the new instances are receiving traffic but the application returns errors. The old instances are still serving traffic correctly. The team wants to roll back immediately. What should be done?
181An organization uses AWS CodeCommit for source control and AWS CodePipeline for CI/CD. Developers complain that their pipeline executions often fail because the source stage cannot access the CodeCommit repository. The IAM role used by CodePipeline has the following policy attached. What is the MOST likely cause of the failure? Policy: {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["codecommit:GetBranch","codecommit:GetCommit","codecommit:UploadArchive","codecommit:GetUploadArchiveStatus"],"Resource":"*"}]}
182A DevOps engineer is setting up an AWS CodeBuild project that needs to access resources in a VPC, such as an Amazon RDS database. The engineer has configured the CodeBuild project to run in the VPC. Which additional configuration is required for CodeBuild to pull the build Docker image?
183A company uses AWS CodeBuild to run unit tests and package a Node.js application. The buildspec.yml file includes commands to install dependencies using npm. The build is failing with the error: 'npm ERR! code EACCES'. How should a DevOps engineer resolve this issue?
184A DevOps team uses AWS CodePipeline to deploy a static website to an Amazon S3 bucket. The pipeline has a source stage (CodeCommit), a build stage (CodeBuild that runs a build tool), and a deploy stage (S3). After a recent code change, the build stage succeeded but the deploy stage failed with the error: 'Access Denied' when uploading artifacts to the S3 bucket. What should the team do to fix the issue?
185A company is using AWS CodePipeline with multiple stages that include source, build, and deploy. The pipeline uses an Amazon S3 bucket as the source action. The team notices that the pipeline is not automatically starting when new files are uploaded to the S3 bucket. The S3 bucket has versioning enabled. What is the most likely reason?
186A company is using AWS CodeCommit with multiple repositories. Developers are required to create pull requests for all changes, and the pull request must be associated with a JIRA issue key (e.g., PROJ-123) in the commit message. A DevOps engineer needs to enforce this policy automatically. Which approach meets the requirement with minimal operational overhead?
187A team is using AWS CloudFormation to manage infrastructure. They want to implement a change management process where any modifications to the stack must be reviewed and approved. Which feature should they use?
188Which TWO actions should a DevOps engineer take to ensure that an AWS CodeBuild project can access a private Amazon S3 bucket to download build artifacts? (Choose two.)
189A company uses AWS CodeBuild to run unit tests as part of a CI pipeline. The buildspec.yaml file is located in the root of the source repository. The build takes 30 minutes to complete. The team wants to speed up the build by caching dependencies. Which approach should they take?
190Which THREE steps are required to set up a continuous deployment pipeline using AWS CodePipeline that deploys a Docker-based application to Amazon ECS? (Choose three.)
191Which TWO approaches can be used to automatically roll back a failed deployment in AWS CodeDeploy? (Choose two.)
192An organization uses AWS CodePipeline to deploy a serverless application using AWS Lambda and Amazon API Gateway. The pipeline includes a manual approval action. The team wants to ensure that the approval email is sent to multiple approvers and that any one of them can approve or reject. How should the approval action be configured?
193A company has a CI/CD pipeline using AWS CodePipeline that deploys a critical web application to an Auto Scaling group of EC2 instances. The pipeline includes a deploy stage using AWS CodeDeploy. Recently, the deployment failed because the new application version caused an increase in HTTP 500 errors. The operations team manually rolled back the deployment by redeploying the previous version. However, the team wants to automate this process so that future failed deployments are automatically rolled back. Additionally, they want to ensure that if the rollback itself fails, the system should alert the on-call engineer. Currently, the deployment group is configured with 'rollback when a deployment fails' disabled. The team has also set up a CloudWatch alarm that triggers when the HTTP 500 error rate exceeds a threshold. What should a DevOps engineer do to meet these requirements with minimal operational overhead?
194A company is implementing a CI/CD pipeline using AWS CodePipeline. The source code is stored in an AWS CodeCommit repository. The pipeline must automatically start whenever a change is pushed to any branch. Which configuration is required?
195A company uses AWS CodeCommit, CodeBuild, and CodePipeline to manage a multi-module Java application. The pipeline has a single build stage that runs tests and packages the application into a JAR file. Recently, the team split the application into multiple microservices, each in its own CodeCommit repository. They want to create a single pipeline that can build all microservices in parallel and then deploy them together to an Amazon ECS cluster. The pipeline should trigger when any of the repositories receives a push. Currently, the pipeline is configured with a single source stage pointing to one repository. The build stage uses a single build project. The team wants to minimize changes to the existing pipeline structure. What should a DevOps engineer do to achieve this?
196A DevOps engineer is creating an AWS CloudFormation template to deploy a stack that includes an Amazon EC2 instance. The instance needs to be launched in a specific subnet. How should the engineer reference the subnet ID in the template?
197A startup is using AWS CodePipeline to deploy a Python web application to AWS Elastic Beanstalk. The pipeline has a source stage (CodeCommit), a build stage (CodeBuild), and a deploy stage (Elastic Beanstalk). The build stage runs unit tests and creates a deployable zip file. The deploy stage uses the Elastic Beanstalk deploy provider. Recently, the deploy stage started failing with the error: 'The API call 'elasticbeanstalk:CreateApplicationVersion' failed with status 403.' The CodePipeline service role has the following permissions: 'elasticbeanstalk:DescribeApplications', 'elasticbeanstalk:DescribeEnvironments', 'elasticbeanstalk:UpdateEnvironment'. What should the DevOps engineer do to resolve the issue?
198Which TWO actions should a DevOps engineer take to ensure that an AWS CodeBuild project's artifacts are automatically deployed to an Amazon S3 bucket with server-side encryption using AWS KMS? (Choose 2.)
199A development team is using AWS CodeCommit as a source control repository. They want to automate the creation of a new feature branch whenever a developer creates a new Jira issue with a specific label. Which AWS service should be used to listen for Jira webhooks and trigger the branch creation?
200A company uses AWS CodePipeline with multiple stages: source, build, test, and deploy. The test stage takes 45 minutes to complete. Developers complain that the pipeline takes too long to provide feedback. The team wants to run tests in parallel across multiple environments. Which approach should be taken to reduce the pipeline execution time?
201Which THREE steps are required to set up a cross-account CI/CD pipeline where the source stage is in Account A (CodeCommit) and the deploy stage is in Account B (ECS)? (Choose 3.)
202Which TWO criteria must be met for an AWS CloudFormation stack update to be successful? (Choose 2.)
203An organization is using AWS CodeDeploy to deploy an application to an Auto Scaling group. The deployment fails because the target group is not configured correctly. Which CodeDeploy component is responsible for registering instances with the load balancer?
204A DevOps engineer is troubleshooting a failed AWS CloudFormation stack update. The stack contains an AWS::Lambda::Function resource. The update failed with the error 'Resource creation cancelled' after a timeout. The engineer wants to view the logs from the Lambda function during the stack update to diagnose the issue. What should the engineer do?
205A development team is using AWS CodeCommit as a source repository and AWS CodePipeline to automate their CI/CD pipeline. The pipeline includes a build stage that runs on AWS CodeBuild. The team wants to automatically trigger the pipeline when changes are pushed to the 'develop' branch of the CodeCommit repository. Which configuration change should be made to the pipeline?
206A company uses AWS CodePipeline with a source stage from Amazon S3. The pipeline deploys a static website to an S3 bucket. The deployment must ensure that the website is always available and that rollbacks happen automatically if the deployment fails. Which TWO actions should the company take?
207A company uses AWS CodePipeline to deploy a serverless application. The pipeline has a source stage (CodeCommit), a build stage (CodeBuild), and a deploy stage (CloudFormation). The deployment consistently fails because the Lambda function's IAM role is not created before the function. The team uses a single CloudFormation template. Which action should be taken to resolve this dependency issue?
208An IAM policy is attached to a service role used by AWS CodePipeline. Which TWO statements about this policy are correct?
209A DevOps engineer is setting up a CI/CD pipeline using AWS CodePipeline and AWS CodeBuild. The build environment requires specific software packages that are not available in the default CodeBuild environment. What is the MOST efficient way to customize the build environment?
210A DevOps team is implementing a CI/CD pipeline for a microservices architecture. Each microservice is built and deployed independently. The team wants to ensure that only one build runs per microservice at a time to avoid resource contention, and that the build artifacts are stored securely. Which THREE steps should the team take?
211A team uses AWS CodeDeploy to deploy an application to an Auto Scaling group. The deployment is configured with a deployment configuration that uses the 'CodeDeployDefault.OneAtATime' traffic routing. However, during deployment, the new instances are failing health checks and the deployment is rolling back. The team wants to minimize the impact on users. What should the team do to detect issues earlier?
212A company uses AWS CodeCommit for source control. Developers need to automatically run tests on every push to a feature branch, but only if the push includes changes to the 'src/' directory. Which TWO AWS services can be used together to achieve this?
213A company uses AWS CloudFormation to manage infrastructure. The development team wants to promote changes from a development environment to a production environment using change sets. They need to ensure that the production stack is not updated if there are any changes to the stack's IAM policies. Which approach should the team use?
214Refer to the exhibit. An AWS CloudFormation template includes a Lambda function with the ARN shown. The function is part of a custom resource to create an S3 bucket. The stack creation fails with the error 'Function not found: arn:aws:lambda:us-east-1:123456789012:function:my-function'. The Lambda function exists in the same account and region. What is the most likely cause?
215A developer is using AWS CodeBuild to compile code. The build takes a long time because dependencies are downloaded each time. What can the developer do to reduce build time?
216A company runs a critical e-commerce application on AWS. They use AWS CodePipeline to manage deployments. The pipeline has a source stage (CodeCommit), a build stage (CodeBuild), and a deploy stage (CodeDeploy to an Auto Scaling group). Recently, a deployment caused a 5-minute outage because the new application version had a bug that caused the health checks to fail. The Auto Scaling group marked instances as unhealthy and replaced them, but during the replacement, traffic was routed to the remaining instances, which also failed health checks, causing a full outage. The company wants to implement a deployment strategy that prevents any traffic from being routed to unhealthy instances and automatically rolls back if the deployment fails. They also want to minimize deployment time and cost. Which solution should the DevOps team implement?
217A company uses AWS CloudFormation to manage infrastructure as code. They have a stack that creates an Amazon RDS database instance. The database password is stored as a parameter in AWS Systems Manager Parameter Store. The CloudFormation template references the parameter using the 'resolve:ssm' dynamic reference. Recently, a security audit found that the password was exposed in plaintext in the CloudFormation stack outputs. The team wants to prevent sensitive information from being displayed in stack outputs or logs. Which approach should be taken?
218An organization uses AWS CodePipeline to deploy a web application. The pipeline includes a test stage that runs integration tests using AWS CodeBuild. The tests are flaky and sometimes fail due to external dependencies. The team wants to automatically retry failed tests before marking the stage as failed. How should this be achieved?
219A startup is using AWS CodeBuild to build and test their application. The build process takes about 10 minutes. Recently, they noticed that some builds are failing randomly with the error 'Could not download dependencies'. The build environment uses a custom Docker image stored in Amazon ECR. The team suspects that the issue is due to network connectivity problems when pulling the Docker image or dependencies from the internet. They want to ensure reliable and faster builds. Which solution should they implement?
220A company uses AWS CodeCommit and wants to enforce that all commits to the 'main' branch are signed with a GPG key. Which steps should the DevOps engineer take to enforce this?
221A company uses AWS CodePipeline to deploy a web application to an Elastic Beanstalk environment. The pipeline has a source stage (S3), a build stage (CodeBuild), and a deploy stage (Elastic Beanstalk). Recently, the deployment started failing with the error 'The Elastic Beanstalk environment is not in a ready state'. The team found that the environment was in an 'Updating' state because a previous deployment was still in progress. They need a solution that prevents concurrent deployments and ensures that the environment is ready before starting a new deployment. Which action should the DevOps engineer take?
222A DevOps engineer is tasked with automating the deployment of a microservices architecture. Each service is packaged as a Docker container. The team wants to use AWS CodePipeline and AWS CodeBuild to build Docker images and push them to Amazon ECR, then deploy to Amazon ECS. What should the CodeBuild buildspec file include to push the image to ECR?
223A large enterprise uses AWS CodePipeline with multiple stages including source, build, test, and deploy. The test stage runs a suite of integration tests that take 30 minutes. The team wants to reduce the overall pipeline execution time by running the test stage in parallel across different test environments (e.g., different browsers, operating systems). However, they also need to aggregate the test results into a single report. Which approach should they use?
224A company is implementing a CI/CD pipeline using AWS CodePipeline. The pipeline has a source stage from GitHub, a build stage using AWS CodeBuild, and a deploy stage using AWS Elastic Beanstalk. The team wants to ensure that the pipeline only proceeds if the code quality checks pass and unit tests are successful. Which TWO actions should be taken?
225A company uses AWS CloudFormation to deploy infrastructure. They have a template that creates an Amazon EC2 instance and an Elastic IP address. The template uses the AWS::EC2::EIP resource. The team notices that when they delete the stack, the Elastic IP address is not released, leading to charges. They want to ensure that the Elastic IP is automatically released when the stack is deleted. What should they do?
226A DevOps team is using AWS CodeBuild to run integration tests against a test database. The database is an Amazon RDS instance in a private subnet. The CodeBuild project is configured to run in a VPC. Which THREE steps are required to allow CodeBuild to access the RDS instance?
227A DevOps team uses AWS CodePipeline with an S3 source action and CodeBuild as a build provider. The pipeline has a manual approval step before deployment. Recently, the team noticed that the pipeline automatically starts when a new object is uploaded to the S3 bucket, even if the object is not the source code. They want to ensure that the pipeline only triggers on changes to the source code directory. What is the MOST efficient solution?
228An organization uses AWS CodePipeline to deploy a static website to Amazon S3. The pipeline has a source stage (CodeCommit), a build stage (CodeBuild that minifies assets), and a deploy stage (S3 deployment). The team wants to add a stage for running security vulnerability scans on the code. Which TWO options are viable?
229A company is using AWS CodeDeploy to deploy a web application to an Auto Scaling group. The deployment fails with the error 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available, or some instances in your deployment group are experiencing problems.' The deployment configuration uses a linear traffic shifting with a 10-minute interval. The application logs show that the new version of the application crashes on startup. What is the MOST effective way to handle this situation to ensure successful future deployments?
230A company is using AWS CodeBuild to compile and test code. The buildspec.yml file includes a pre_build phase that installs dependencies and a build phase that runs the compilation. The tests are run in the post_build phase. The team wants to improve the security of the build process by ensuring that sensitive information such as database passwords is not exposed in the build logs. Which TWO actions should the team take? (Choose two.)
231Refer to the exhibit. A DevOps engineer runs the command to get the pipeline definition. The pipeline has a source stage from an S3 bucket and a build stage with CodeBuild. The CodeBuild project is configured to output artifacts to a specific S3 bucket. However, the pipeline fails at the build stage with an error: 'Artifact 'BuildArtifact' is not found'. What is the most likely cause?
232A company uses AWS CloudFormation to provision infrastructure. They have a stack that creates an Amazon RDS DB instance. They want to update the stack to change the DB instance class from db.t2.micro to db.t3.medium. Which THREE of the following must be true for the update to succeed? (Choose three.)
233Refer to the exhibit. An IAM policy is attached to a CodeBuild service role. The CodeBuild project is used to build code from a CodeCommit repository and output artifacts to an S3 bucket. However, the build fails with an error: 'Unable to download source from CodeCommit'. What is the missing permission?
234A company runs a containerized microservices application on Amazon ECS with Fargate. The application is deployed using AWS CodePipeline with CodeBuild as the build stage and ECS as the deploy stage. The pipeline uses a deployment controller of type CODE_DEPLOY with a blue/green deployment strategy. Recently, the team noticed that during deployments, the new task set fails health checks and the deployment is rolled back. The application logs indicate that the new containers fail because they cannot connect to the Redis cluster, which is a required dependency. The Redis cluster is running on Amazon ElastiCache and is in the same VPC as the ECS tasks. The team has verified that the security group for the ElastiCache cluster allows inbound traffic from the ECS tasks' security group. The ECS task definition includes the Redis endpoint as an environment variable. What is the MOST likely cause of the connection failure?
235Refer to the exhibit. A DevOps engineer created a CloudFormation stack that includes a Lambda function. The stack creation failed and rolled back. The error message for the Lambda function says 'Resource creation cancelled'. What is the most likely cause?
236A company uses AWS CodeCommit as a Git repository and CodeBuild for continuous integration. The buildspec.yml file includes steps to run unit tests and package the application. The team wants to ensure that only code from the main branch is deployed to production. They have set up a CodePipeline that triggers on changes to any branch. The pipeline includes a build stage that runs CodeBuild, and then a deploy stage that deploys to production. The team noticed that code from feature branches is being deployed to production accidentally. The team wants to modify the pipeline to prevent this. What is the MOST effective solution?
237A DevOps team uses AWS CodePipeline to deploy a microservices application. The pipeline includes a CodeBuild project that runs unit tests. Recently, builds have been failing intermittently due to test timeouts. The team wants to improve the reliability of the pipeline without increasing the build timeout. Which action should the team take?
238A developer is using AWS CloudFormation to deploy a stack that includes an AWS Lambda function. The Lambda function code is stored in an S3 bucket. The CloudFormation template references the S3 bucket and object key. The developer wants to update the Lambda function code by uploading a new zip file to S3 and then updating the stack. The developer updates the S3 object with a new version, but the stack update does not automatically use the new code. What should the developer do to ensure the stack update uses the new code?
239An organization uses AWS CloudFormation to manage infrastructure across multiple accounts using AWS Organizations. They want to enforce that all S3 buckets are encrypted with SSE-S3. A DevOps engineer creates a service control policy (SCP) to deny the creation of any S3 bucket without encryption. However, CloudFormation stack creation fails with an access denied error even when the template includes encryption. What is the most likely cause?
240A company uses AWS CodePipeline to automate the deployment of a static website hosted on Amazon S3. The pipeline includes a source stage that pulls from a CodeCommit repository and a deploy stage that uses CodeBuild to sync the files to an S3 bucket. The team noticed that the website is not updating after a successful pipeline run. The CodeBuild logs show that the 'aws s3 sync' command completed successfully. However, the website still shows the old content. What is the MOST likely cause?
241A company uses AWS CodeCommit for source control. Developers frequently push large binary files, causing the repository size to exceed the recommended limit. What is the most efficient way to manage this situation?
242A team uses AWS CodePipeline with a multi-branch strategy. They want to run different build projects based on the branch name: 'main' triggers a production build, 'develop' triggers a staging build, and feature branches trigger a test build. Which CodePipeline feature should they use?
243An organization uses AWS Elastic Beanstalk to deploy a web application. The deployment fails with a '502 Bad Gateway' error after the environment update. The health status shows 'Severe'. Investigation reveals that the application is not binding to the port that the nginx proxy expects. What is the most efficient way to diagnose and resolve this issue?
244A company uses AWS Systems Manager Automation to patch EC2 instances. The automation document 'AWS-RunPatchBaseline' runs successfully but some instances are not patched because they are not managed by Systems Manager. What is the most likely reason?
245A DevOps team uses AWS CodeDeploy to deploy an application to an Auto Scaling group. The deployment fails with a 'HealthCheckFailed' error. The application is running, but the health check endpoint returns HTTP 500. What should the team do to resolve this issue?
246A company uses AWS CloudFormation to create a stack with a Lambda function that uses a VPC. The stack creation fails with 'CREATE_FAILED: The provided execution role does not have permissions to call ec2:CreateNetworkInterface on the resource'. What is the likely cause?
247A development team uses AWS CodeBuild to compile a Java application. The build fails during the 'Install' phase with an error: 'Error: JAVA_HOME is not set'. How should the team fix this?
248A company uses AWS CodePipeline to automate deployments. The pipeline consists of Source, Build, and Deploy stages. The Build stage uses CodeBuild, and the Deploy stage uses CodeDeploy. Recently, the pipeline failed at the Deploy stage with an error: 'The deployment group does not exist'. Which TWO actions should the team take to resolve this issue?
249A company uses AWS CloudFormation with nested stacks to manage a microservices application. The root stack creates a VPC, and nested stacks create ECS services. A developer updates the root stack, but the update fails with 'UPDATE_ROLLBACK_IN_PROGRESS'. The rollback also fails. Which THREE steps should the team take to recover the stack? (Choose THREE.)
250A DevOps team uses AWS OpsWorks for Chef Automate to manage configuration. They want to ensure that all EC2 instances automatically register with OpsWorks and are assigned to the correct layer. Which THREE steps are required? (Choose THREE.)
251The exhibit shows the output of the AWS CLI command 'batch-get-builds' for a CodeBuild build. The build failed. What is the most likely cause of the failure?
252The exhibit shows an IAM policy attached to an AWS Lambda execution role. The Lambda function is triggered by an S3 event and writes to the same bucket. However, the function fails with a permission error when trying to write to 'my-bucket'. What is the likely issue?
253The exhibit shows a CloudFormation stack event. The stack creation failed with 'Resource creation cancelled'. What is the most likely reason for this cancellation?
254A DevOps team is using AWS CodePipeline to automate build, test, and deploy phases. The team notices that the pipeline is failing intermittently during the deploy stage due to a timeout when updating an Auto Scaling group. The deploy stage uses CodeDeploy with a blue/green deployment configuration. What is the MOST likely cause and solution?
255An organization uses AWS CodeBuild to compile a Java application. The buildspec.yml includes a pre_build phase that runs unit tests. Recently, the build started failing with 'NoClassDefFoundError' for certain test dependencies, even though the pom.xml includes them. The build environment uses an Amazon Linux 2 Docker image. What is the MOST likely cause?
256A company uses AWS CloudFormation to manage infrastructure. The DevOps team wants to deploy a stack across multiple accounts using AWS CodePipeline. Which approach is BEST for automating cross-account deployments?
257A company uses AWS CodeCommit for source control. Developers report that their local branches are out of sync with the remote repository, and they are unable to push changes because of 'non-fast-forward' errors. What should the developers do to fix this?
258A DevOps team is implementing a CI/CD pipeline using AWS CodePipeline. The pipeline has a Source stage using CodeCommit, a Build stage using CodeBuild, and a Deploy stage using CloudFormation. The team wants to add manual approval before the Deploy stage for production deployments. How should this be configured?
259A company uses AWS Elastic Beanstalk to deploy a web application. The deployment fails with a '502 Bad Gateway' error. The developer checks the logs and sees that the application is running but returns errors. The environment uses a load balancer. What is the MOST likely cause?
260A DevOps engineer needs to automate the creation of a new AWS CodeCommit repository when a new project starts. The engineer wants to use infrastructure as code. Which service should be used?
261An organization uses AWS CodeDeploy for automated deployments to EC2 instances. The deployment is failing with the error 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems.' The deployment group has a minimum healthy hosts setting of 75%. The application has 4 instances. What is the MOST likely issue?
262A company uses AWS CodePipeline with a cross-account action where the source account (Account A) triggers a deploy action in a target account (Account B). The pipeline is failing with an 'Access Denied' error when trying to assume the deployment role. What is the MOST likely cause?
263Which THREE actions should a DevOps team take to ensure a CI/CD pipeline using AWS CodePipeline is secure? (Choose three.)
264Which TWO options are valid ways to trigger an AWS CodePipeline execution automatically? (Choose two.)
265Which THREE factors should be considered when designing a deployment strategy using AWS CodeDeploy to minimize downtime during updates? (Choose three.)
266Refer to the exhibit. The above IAM policy is attached to an IAM role used by a CI/CD pipeline. Which action is this policy allowing?
267Refer to the exhibit. A DevOps engineer ran the above AWS CLI command after a CloudFormation stack update. What does the status 'ROLLBACK_COMPLETE' indicate?
268Refer to the exhibit. The above buildspec.yml is used in AWS CodeBuild. The build is failing during the 'build' phase with a 'FileNotFoundError: setup.py' error. What is the MOST likely cause?
269A development team uses AWS CodeCommit as a Git repository. They want to automatically trigger a build in AWS CodeBuild whenever a pull request is created or updated. Which AWS service should be used to detect the pull request events and start the build?
270A DevOps engineer is designing a CI/CD pipeline for a microservices application using AWS CodePipeline. Each microservice has its own CodeCommit repository. The engineer wants to run unit tests in parallel for all services when any repository receives a push, then run integration tests only after all unit tests pass. Which pipeline structure should the engineer use?
271A company uses AWS CodeDeploy to deploy a web application to an Auto Scaling group. The deployment fails during the 'ValidateService' lifecycle event. The CloudWatch Agent reports that the target process is running but the health check endpoint returns HTTP 503. The CodeDeploy agent logs show no errors. What is the most likely cause of the failure?
272A DevOps team uses AWS CodePipeline to deploy a static website to Amazon S3. The pipeline has a source stage from CodeCommit, a build stage using CodeBuild that generates the website files, and a deploy stage that copies files to an S3 bucket. The team wants to add a manual approval step before the deploy stage. What should the engineer do?
273A company uses AWS CloudFormation to manage infrastructure. The DevOps engineer wants to ensure that stack updates are rolled back if a new Amazon RDS instance fails to be created. Which CloudFormation feature should the engineer use?
274A DevOps engineer is troubleshooting a slow AWS CodeBuild project. The build is a Java application that compiles source code and runs tests. The build environment uses a general1.large compute type. The build duration has increased from 5 minutes to 15 minutes over the past month. The engineer notices that the build logs show 'Downloading...' messages for Maven dependencies for several minutes. What is the most cost-effective way to reduce the build time?
275A company uses AWS CodeDeploy with a blue/green deployment configuration. The engineer wants to automatically roll back the deployment if the new instances fail the health check for 5 minutes. Which setting should the engineer configure?
276A development team uses AWS CodeCommit and wants to enforce that all commits include a JIRA issue key in the commit message. They want to reject any push that does not contain a valid JIRA key. Which approach should the engineer use?
277A company uses AWS CodePipeline with an Amazon S3 source action. The pipeline deploys to an Amazon ECS Fargate service. The engineer notices that the pipeline does not automatically start when a new object is uploaded to the S3 bucket. The S3 bucket versioning is enabled. What is the most likely cause?
278A DevOps engineer is designing a CI/CD pipeline for a containerized application using AWS CodeBuild and Amazon ECS. Which TWO actions will help reduce the frequency of Docker image pulls from the public Docker Hub registry?
279A company uses AWS CloudFormation to deploy a multi-tier application. The engineer wants to ensure that the stack is not accidentally deleted and that critical resources like databases are retained even if the stack is deleted. Which THREE steps should the engineer take?
280A DevOps team uses AWS CodePipeline with an Amazon S3 source action. The pipeline deploys a static website to an S3 bucket. The engineer wants to ensure that only approved changes are deployed to production. The team uses Git feature branches and wants to deploy only when a pull request is merged to the main branch. Which THREE actions should the engineer take?
281Refer to the exhibit. A DevOps engineer is troubleshooting a cross-account deployment where an AWS CodeBuild project in Account A needs to upload build artifacts to an S3 bucket in Account B. The engineer attaches this IAM policy to the CodeBuild service role in Account A. However, the upload fails. What is the most likely reason?
282Refer to the exhibit. A DevOps engineer runs the above commands. The build project 'my-project' uses an S3 bucket as source and another S3 bucket for artifacts. The build fails with an 'Access Denied' error when trying to download the source code. What is the most likely cause?
283Refer to the exhibit. A DevOps engineer deploys this CloudFormation template. The EC2 instance launches, but the httpd service does not start. The engineer connects to the instance and finds that the user data script did not run. What is the most likely cause?
284A company uses AWS CodePipeline with an Amazon S3 source, AWS CodeBuild, and AWS CodeDeploy. The deployment stage fails intermittently with the error 'Deployment failed because the deployment group does not exist'. The pipeline has been working for months. What is the MOST likely cause?
285A development team uses AWS CodeCommit as a source repository for their AWS CodePipeline. They want to automatically trigger a pipeline execution when a new branch is created. Which solution should they implement?
286An organization uses AWS CodeBuild to compile and test their code. They want to reuse build artifacts across multiple build projects to reduce build time. What is the BEST approach?
287A team uses AWS CodeDeploy to deploy a web application to an Auto Scaling group. The deployment fails with the error 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available, or some instances in your deployment group are experiencing problems.' The team checks the logs and finds that the application installation script fails on some instances due to missing dependencies. What is the BEST long-term solution?
288A company has a monorepo in AWS CodeCommit with multiple microservices. They want to use AWS CodePipeline to build and deploy only the microservice that changed. What is the MOST efficient approach?
289A DevOps engineer needs to automate the creation of a CI/CD pipeline using infrastructure as code. Which AWS service is BEST suited to define and provision the pipeline resources?
290A team uses AWS CodeBuild to run unit tests. They notice that builds are taking longer than expected. The build environment includes many dependencies that are downloaded every time. Which change would MOST reduce build time?
291An organization uses AWS CodePipeline with multiple stages: Source, Build, Test, and Deploy. The Test stage runs integration tests that take 30 minutes. The team wants to speed up feedback without skipping tests. Which action should they take?
292A company uses AWS CodeDeploy with a blue/green deployment configuration. After a deployment, the new instances are not registered with the load balancer, causing downtime. What is the MOST likely cause?
293A company uses AWS CodePipeline to deploy a critical application. The pipeline has a manual approval step before deployment. Which TWO actions should be taken to improve security and auditability? (Choose two.)
294Which THREE AWS services can be used as a source action in AWS CodePipeline? (Choose three.)
295A DevOps team is designing a CI/CD pipeline for a containerized application. Which THREE components are essential for a complete pipeline? (Choose three.)
296Refer to the exhibit. A DevOps engineer attaches this IAM policy to a user. The user reports that they cannot start a pipeline execution for 'my-pipeline' using the AWS CLI. What is the MOST likely reason?
297Refer to the exhibit. A developer runs the AWS CLI command to start a build in AWS CodeBuild. The build project 'my-project' uses an S3 bucket as the source. What is the MOST likely cause of the error?
298Refer to the exhibit. A team uses this buildspec.yml file in AWS CodeBuild. After the build, they expect the artifacts to be placed in a folder structure, but all files are in the root of the output artifact. What is the reason?
299A development team uses AWS CodeCommit for source control and AWS CodePipeline for CI/CD. The pipeline has a Source stage that polls the repository for changes. Recently, developers have noticed that the pipeline does not always trigger when code is pushed to the main branch. What is the most likely cause?
300A company uses AWS CodeBuild to compile and test code. The buildspec.yaml includes a pre_build phase that runs 'aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789012.dkr.ecr.us-east-1.amazonaws.com'. The build fails with 'Error: Cannot connect to the Docker daemon'. What is the most likely cause?
Deep-dive questions
The most-searched questions in this domain — detailed explanations, worked examples, full answer breakdowns.
SDLC Automation questions on this certification test your ability to deploy and manage sdlc automation concepts in scenario-based situations.
The Courseiva DOP-C02 question bank contains 300 questions in the SDLC Automation domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the SDLC Automation domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included