Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← SDLC Automation practice sets

DOP-C02 SDLC Automation • Complete Question Bank

DOP-C02 SDLC Automation — All Questions With Answers

Complete DOP-C02 SDLC Automation question bank — all 0 questions with answers and detailed explanations.

397
Questions
Free
No signup
Certifications/DOP-C02/Practice Test/SDLC Automation/All Questions
Question 1mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with a multi-branch strategy. A new feature branch triggers a pipeline that runs unit tests and deploys to a test environment. The deployment step uses AWS CodeDeploy with a deployment group configured for in-place deployment to Amazon EC2 instances. The deployment fails intermittently with the error 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems.' The instances are healthy and pass health checks. What is the most likely cause?

Question 2easymultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodeBuild to compile a Java application and run unit tests. The build takes 30 minutes, but the team wants to reduce build time. The codebase has not changed significantly, and dependencies are stable. Which action would be MOST effective in reducing build time?

Question 3hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with multiple stages: Source (Amazon S3), Build (AWS CodeBuild), and Deploy (AWS CodeDeploy). The build stage runs a series of tests, and if they pass, the pipeline proceeds to deploy. Recently, a developer committed a change that passed all tests but caused a production outage. The team wants to add an approval step before the deploy stage, but they also want to ensure that only changes from specific branches can be deployed. What is the MOST secure and maintainable way to enforce this?

Question 4mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeCommit for source control. Developers frequently push large binary files (e.g., compiled JARs) to the repository, causing the repository size to grow rapidly and slowing down clone operations. The team wants to enforce a policy to reject pushes that contain files larger than 50 MB. Which approach should be used?

Question 5hardmultiple choice
Read the full SDLC Automation explanation →

An organization uses AWS CodePipeline to orchestrate deployments to multiple environments (dev, test, prod). Each environment uses a different AWS account. The pipeline uses cross-account actions with IAM roles. Recently, the pipeline failed at the deploy stage for the prod account with the error 'Access Denied' when assuming the cross-account role. The role ARN is correct and the trust policy allows the pipeline's service role. What is the MOST likely cause?

Question 6easymultiple choice
Review the full routing breakdown →

A team uses AWS CodeDeploy to deploy a web application to an Auto Scaling group. The deployment strategy is Blue/Green. During a recent deployment, the new instances passed all health checks, but traffic was not routed to them. What is the most likely reason?

Question 7mediummulti select
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with a source stage from Amazon S3 and a deploy stage to AWS Elastic Beanstalk. The pipeline has been working for months, but recently the deploy stage started failing with the error 'The S3 object does not exist.' The source artifact is uploaded to the S3 bucket by an external system. Which TWO actions should be taken to resolve this issue? (Choose TWO.)

Question 8hardmulti select
Read the full SDLC Automation explanation →

A DevOps team is designing a CI/CD pipeline for a microservices application. Each microservice has its own code repository and build artifacts. The team wants to use AWS CodePipeline with multiple parallel actions to build and test all microservices simultaneously. They also want to ensure that if one microservice's build fails, the pipeline does not block other microservices. Which THREE steps should the team take? (Choose THREE.)

Question 9hardmultiple choice
Read the full SDLC Automation explanation →

A large enterprise uses a multi-account AWS strategy with a centralized DevOps account. The DevOps account hosts an AWS CodePipeline that deploys a critical application to production account (111111111111) using AWS CodeDeploy. The pipeline has three stages: Source (CodeCommit), Build (CodeBuild), and Deploy (CodeDeploy). The deploy stage uses a cross-account role (arn:aws:iam::111111111111:role/CrossAccountDeployRole) to perform the deployment. The trust policy on that role allows the DevOps account's CodePipeline service role (arn:aws:iam::222222222222:role/CodePipelineServiceRole) to assume it. The pipeline has been working for months, but after a recent security audit, the security team tightened permissions. Now the deploy stage fails with the error: 'User: arn:aws:sts::222222222222:assumed-role/CodePipelineServiceRole/AWS-CodePipeline-xxx is not authorized to perform: codedeploy:CreateDeployment on resource: arn:aws:codedeploy:us-east-1:111111111111:deploymentgroup:MyApp/MyDG'. The DevOps team has verified that the CrossAccountDeployRole has a permissions policy that allows 'codedeploy:*' on all resources. The CodePipelineServiceRole has a permissions policy that allows 'sts:AssumeRole' on the CrossAccountDeployRole. What is the most likely cause and what action should be taken to resolve the issue?

Question 10easymultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodeCommit for source control and AWS CodePipeline for CI/CD. They have configured a CodeBuild project that triggers on pushes to the 'develop' branch. The build runs unit tests and packages the application. However, developers report that the pipeline fails intermittently with a 'BUILD_FAILED' status due to test failures, but the tests pass locally. What is the MOST likely cause of this discrepancy?

Question 11easymultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is setting up an AWS CodePipeline to deploy a web application to an EC2 instance using AWS CodeDeploy. The deployment group uses an in-place deployment configuration. The pipeline's deploy stage fails with the error: 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available, or some instances in your deployment group are experiencing problems.' The engineer checks the CodeDeploy logs on the instance and finds that the 'BeforeInstall' lifecycle hook script is failing. The script attempts to download a package from an Amazon S3 bucket that is encrypted with SSE-KMS. What is the MOST likely cause of the failure?

Question 12mediummultiple choice
Review the full subnetting walkthrough →

A company uses AWS CodeBuild to compile a Java application. The buildspec.yml includes a 'pre_build' phase that runs SonarQube for static code analysis. The analysis requires access to a private SonarQube server hosted on an EC2 instance in the same VPC. The CodeBuild project is configured with a VPC ID, subnet IDs, and security group IDs. However, the build fails with a timeout when trying to connect to the SonarQube server. The security group for the SonarQube server allows inbound traffic on port 9000 from the CodeBuild security group. What is the MOST likely reason for the failure?

Question 13mediummultiple choice
Read the full SDLC Automation explanation →

An organization uses AWS CodePipeline with multiple stages: Source, Build, Test, and Deploy. The Test stage runs integration tests in CodeBuild. Recently, the pipeline failed because the Test stage took longer than expected, causing a pipeline execution timeout. The pipeline has a default timeout of 7 days. What is the MOST efficient way to set a maximum execution time for the Test stage without affecting other stages?

Question 14easymultiple choice
Read the full SDLC Automation explanation →

Which AWS service is primarily used to automate the building, testing, and deployment of code changes to AWS infrastructure based on a defined release process?

Question 15mediummultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer needs to implement a CI/CD pipeline that builds a Docker image, scans it for vulnerabilities, and deploys it to Amazon ECS. The scanning must be integrated into the pipeline before the image is pushed to Amazon ECR. Which approach meets these requirements?

Question 16hardmultiple choice
Read the full NAT/PAT explanation →

A company uses AWS CodeCommit as a source repository and wants to enforce that all commits are signed using GPG keys. The DevOps team configures a pre-receive hook in CodeCommit to validate commit signatures. However, the hook rejects all commits even when valid GPG signatures are present. What is the most likely cause?

Question 17mediummultiple choice
Review the full routing breakdown →

A DevOps team is designing a deployment pipeline for a microservices application on Amazon ECS using AWS CodePipeline. They want to implement a canary deployment strategy where a small percentage of traffic is routed to the new version before fully promoting it. Which AWS service or feature should they use to achieve this?

Question 18hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CloudFormation to manage infrastructure. They need to implement a CI/CD pipeline that automatically updates CloudFormation stacks when changes are pushed to a CodeCommit repository. The pipeline must use change sets to review changes before execution. Which pipeline configuration meets these requirements?

Question 19mediummulti select
Read the full SDLC Automation explanation →

Which of the following are valid strategies for implementing continuous integration in AWS? (Choose two.)

Question 20hardmulti select
Read the full SDLC Automation explanation →

A DevOps engineer is designing a deployment pipeline for a serverless application using AWS SAM. The pipeline must include the following stages: source, build, deploy to a development environment, run integration tests, and promote to production after manual approval. Which AWS services and features should be used to implement this pipeline? (Choose two.)

Question 21mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with Amazon S3 as the source stage. The pipeline triggers on object creation events in the S3 bucket. The development team notices that the pipeline does not trigger when multiple files are uploaded simultaneously. What is the most likely cause?

Question 22hardmultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is designing a CI/CD pipeline using AWS CodePipeline. The source stage is AWS CodeCommit, and the build stage uses AWS CodeBuild. The pipeline must only trigger on changes to the main branch. However, the engineer notices that the pipeline is also triggering on changes to feature branches that are merged via pull requests. What configuration change should the engineer make to ensure the pipeline only triggers on direct commits to the main branch?

Question 23mediummulti select
Read the full SDLC Automation explanation →

A company uses AWS CodeDeploy for deploying applications to an Auto Scaling group of Amazon EC2 instances. The deployment is failing with the error 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available, or some instances in your deployment group are experiencing problems.' Which two actions should the DevOps engineer take to troubleshoot and resolve the issue? (Choose two.)

Question 24hardmulti select
Read the full SDLC Automation explanation →

A DevOps engineer is managing a CI/CD pipeline using AWS CodePipeline with multiple stages: Source (CodeCommit), Build (CodeBuild), Test (CodeBuild), and Deploy (CodeDeploy). The engineer wants to add manual approval steps before the Test and Deploy stages. Additionally, the pipeline should automatically roll back the deployment if the Deploy stage fails. Which two actions should the engineer take to implement these requirements? (Choose two.)

Question 25hardmultiple choice
Read the full SDLC Automation explanation →

Match each AWS service or feature to its correct description in the context of SDLC automation. Drag and drop the items on the left to the matching descriptions on the right.

Question 26mediumdrag order
Read the full SDLC Automation explanation →

Drag and drop the steps to configure an AWS Elastic Load Balancer (ALB) with HTTPS listeners and target groups.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 27mediummatching
Read the full SDLC Automation explanation →

Match each AWS deployment strategy to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Two identical environments; traffic switches after validation

Incremental rollout to a small subset before full release

Updates instances in batches to minimize downtime

Replaces entire instances with new ones; no in-place changes

Deploys to all instances simultaneously (fastest but riskier)

Question 28mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline to deploy a web application to an Elastic Beanstalk environment. The pipeline has a source stage from CodeCommit, a build stage using CodeBuild, and a deploy stage to Elastic Beanstalk. Recently, deployments started failing with an error: 'The deployment failed because the Elastic Beanstalk environment is in an UPDATE_ROLLBACK_IN_PROGRESS state.' What is the MOST likely cause?

Question 29hardmultiple choice
Read the full NAT/PAT explanation →

A DevOps engineer is designing a CI/CD pipeline for a microservices application running on Amazon ECS with Fargate. The team wants to use a blue/green deployment strategy to minimize downtime. Which combination of AWS services and configurations should be used to implement this?

Question 30easymultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeBuild to run unit tests and package a Java application. The build process takes 15 minutes. The team wants to reduce build time by caching dependencies. Which approach should the engineer recommend?

Question 31mediummultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodeCommit as a source control repository. A developer accidentally pushed a commit that contains sensitive information (e.g., AWS access keys) to the main branch. The team wants to remove the sensitive data from the repository history completely. Which action should the engineer take?

Question 32hardmultiple choice
Read the full SDLC Automation explanation →

A company runs a critical application on Amazon EC2 instances behind an Application Load Balancer. The application is deployed using AWS CodeDeploy with an in-place deployment configuration. During a recent deployment, the deployment failed because the new application version caused a health check failure, and CodeDeploy did not automatically roll back. What should the engineer do to ensure automatic rollback on health check failure?

Question 33easymultiple choice
Read the full SDLC Automation explanation →

A team uses AWS CloudFormation to manage infrastructure. They want to deploy a stack that creates an S3 bucket and a DynamoDB table. The S3 bucket name must be unique across all AWS accounts. Which CloudFormation intrinsic function should be used to generate a unique bucket name?

Question 34mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline to orchestrate a multi-stage deployment. The pipeline has a source, build, test, and deploy stage. The test stage runs integration tests against a temporary environment. The team wants to ensure that the deploy stage only runs if the test stage succeeds. What configuration is needed?

Question 35hardmultiple choice
Read the full SDLC Automation explanation →

A company deploys a serverless application using AWS SAM. The application includes an API Gateway REST API and multiple Lambda functions. The team wants to implement canary deployments for the API to gradually shift traffic to a new version. Which SAM template configuration should be used?

Question 36easymultiple choice
Read the full SDLC Automation explanation →

A developer is setting up AWS CodeBuild to compile a Go application. The build fails with the error: 'go: command not found'. What is the MOST likely cause?

Question 37mediummulti select
Read the full SDLC Automation explanation →

Which TWO actions should a DevOps engineer take to implement a CI/CD pipeline that automatically deploys a containerized application to Amazon ECS using AWS CodePipeline and AWS CodeBuild? (Choose TWO.)

Question 38hardmulti select
Read the full SDLC Automation explanation →

Which THREE components are required to set up a fully automated CI/CD pipeline for a static website hosted on Amazon S3 using AWS CodePipeline? (Choose THREE.)

Question 39mediummulti select
Read the full SDLC Automation explanation →

Which TWO best practices should be followed when configuring AWS CodeBuild projects to improve build performance and security? (Choose TWO.)

Question 40mediummultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is reviewing the IAM policy attached to a CodeBuild service role. The policy allows starting builds and viewing logs. However, when CodeBuild tries to download artifacts from an S3 bucket in the same account, it fails with an access denied error. What is the missing permission?

Exhibit

Refer to the exhibit.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "codebuild:StartBuild",
                "codebuild:BatchGetBuilds"
            ],
            "Resource": "arn:aws:codebuild:us-east-1:123456789012:project/my-project"
        },
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}
Question 41hardmultiple choice
Read the full SDLC Automation explanation →

A CodeDeploy deployment group is configured as shown in the exhibit. During a deployment, the deployment fails because the instances are not found. What is the MOST likely reason?

Network Topology
$ aws deploy get-deployment-groupapplication-name MyAppdeployment-group-name MyDGRefer to the exhibit."deploymentGroupInfo": {"applicationName": "MyApp","deploymentGroupName": "MyDG","deploymentConfigName": "CodeDeployDefault.AllAtOnce","ec2TagFilters": ["Key": "Environment","Value": "Production","Type": "KEY_AND_VALUE"],"autoScalingGroups": [],"serviceRoleArn": "arn:aws:iam::123456789012:role/CodeDeployServiceRole","targetRevision": {"revisionType": "S3","s3Location": {"bucket": "my-app-bucket","key": "my-app.zip","bundleType": "zip"},"deploymentStyle": {"deploymentType": "IN_PLACE","deploymentOption": "WITH_TRAFFIC_CONTROL""loadBalancerInfo": {"elbInfoList": ["name": "my-alb"
Question 42mediummultiple choice
Read the full SDLC Automation explanation →

A CloudFormation stack creation failed as shown in the exhibit. What is the MOST likely cause of the failure?

Network Topology
$ aws cloudformation describe-stack-eventsstack-name MyStackRefer to the exhibit."StackEvents": ["StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/MyStack/abc123","EventId": "Event-1","StackName": "MyStack","LogicalResourceId": "MyStack","PhysicalResourceId": "arn:aws:cloudformation:us-east-1:123456789012:stack/MyStack/abc123","ResourceType": "AWS::CloudFormation::Stack","Timestamp": "2024-01-15T10:00:00.000Z","ResourceStatus": "CREATE_IN_PROGRESS"},"EventId": "Event-2","LogicalResourceId": "MyVPC","PhysicalResourceId": "vpc-12345678","ResourceType": "AWS::EC2::VPC","Timestamp": "2024-01-15T10:01:00.000Z","ResourceStatus": "CREATE_COMPLETE""EventId": "Event-3","LogicalResourceId": "MySubnet","PhysicalResourceId": "subnet-12345678","ResourceType": "AWS::EC2::Subnet","Timestamp": "2024-01-15T10:02:00.000Z","ResourceStatus": "CREATE_FAILED",
Question 43mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeBuild to compile and test code. The build takes 30 minutes, but the team wants to reduce build time by caching dependencies. Which approach should be used?

Question 44hardmultiple choice
Read the full SDLC Automation explanation →

A team uses AWS CodePipeline with a source action from an Amazon S3 bucket. The pipeline triggers on changes to the S3 bucket, but sometimes runs twice for a single commit. What is the most likely cause?

Question 45easymultiple choice
Read the full SDLC Automation explanation →

A development team wants to automate infrastructure provisioning using AWS CloudFormation. Which tool is specifically designed to manage CloudFormation templates as part of a deployment pipeline?

Question 46hardmultiple choice
Read the full NAT/PAT explanation →

A company uses AWS CodeDeploy to deploy a web application to an Auto Scaling group. After a deployment, some instances fail the health check and are terminated by the Auto Scaling group. What should the DevOps engineer do to prevent this?

Question 47easymultiple choice
Read the full SDLC Automation explanation →

A DevOps team wants to run unit tests in parallel across multiple build environments using AWS CodeBuild. Which build specification configuration allows this?

Question 48mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeCommit as a Git repository. Developers want to enforce that all commits are signed with GPG keys. How can this be achieved?

Question 49mediummultiple choice
Read the full SDLC Automation explanation →

A team uses AWS CodePipeline to deploy a microservices application. The pipeline has a deploy action that uses AWS CloudFormation. The CloudFormation template creates an Amazon ECS service. The deployment fails because the ECS service cannot be updated. What is the most likely cause?

Question 50hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeBuild to run security scans. The scans require access to a private Amazon ECR repository. The build project is configured with a service role. What is the correct way to provide access to ECR?

Question 51easymultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer needs to automatically roll back a CodeDeploy deployment if the number of failed instances exceeds a threshold. Which deployment configuration should be used?

Question 52mediummulti select
Read the full SDLC Automation explanation →

Which TWO options are valid ways to trigger an AWS CodePipeline execution automatically?

Question 53hardmulti select
Read the full SDLC Automation explanation →

Which THREE steps are required to set up cross-account access for AWS CodePipeline using a customer-managed KMS key?

Question 54mediummulti select
Read the full SDLC Automation explanation →

Which TWO AWS services can be used to implement a blue/green deployment for an application running on Amazon EC2 instances?

Question 55hardmultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A DevOps engineer created this IAM policy for a CodeDeploy service role. The deployment fails with an 'AccessDenied' error when attempting to register instances with an Auto Scaling group. What is the likely cause?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "codedeploy:*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "autoscaling:CompleteLifecycleAction",
        "autoscaling:DescribeLifecycleHooks",
        "autoscaling:RecordLifecycleActionHeartbeat"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "iam:PassRole",
      "Resource": "arn:aws:iam::123456789012:role/CodeDeployServiceRole"
    }
  ]
}
Question 56mediummultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A DevOps engineer runs this AWS CLI command to list all CodeBuild projects with 'production' in their name. The command returns an empty list, but the engineer knows there are projects named 'production-app' and 'production-backend'. What is the most likely reason?

Network Topology
aws codebuild list-projectsquery "projects[?contains(@, 'production')]"region us-east-1Refer to the exhibit.
Question 57hardmultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A CloudFormation template creates a Lambda function. After deployment, the function fails with a timeout error. Logs are not being created in CloudWatch. What is the most likely cause?

Exhibit

Refer to the exhibit.

Resources:
  MyLambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        S3Bucket: my-bucket
        S3Key: function.zip
      Handler: index.handler
      Role: !GetAtt LambdaExecutionRole.Arn
      Runtime: python3.9
  LambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: LambdaPolicy
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action: logs:CreateLogGroup
                Resource: arn:aws:logs:us-east-1:123456789012:*
              - Effect: Allow
                Action: logs:CreateLogStream
                Resource: arn:aws:logs:us-east-1:123456789012:*
              - Effect: Allow
                Action: logs:PutLogEvents
                Resource: arn:aws:logs:us-east-1:123456789012:*
Question 58easymultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodeCommit for source control and wants to automatically run unit tests on every push to the main branch. Which AWS service should they use to trigger the tests?

Question 59easymultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeBuild to compile a Java application. The build specification includes a pre-build phase to download dependencies. Which file defines the commands for each build phase?

Question 60mediummultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer notices that a CodePipeline execution fails at the deploy stage when deploying a Lambda function using AWS CloudFormation. The error message indicates that the stack update failed because the Lambda function's code is too large. What is the most likely cause?

Question 61mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeCommit and wants to enforce that all commits to the main branch are signed. What must be configured to enforce this requirement?

Question 62hardmultiple choice
Read the full SDLC Automation explanation →

A DevOps team is implementing a blue/green deployment strategy for a microservice running on Amazon ECS with AWS CodeDeploy. They want to shift 10% of traffic to the new task set for 5 minutes, then shift the remaining 90%. Which deployment configuration should they use?

Question 63hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CloudFormation to manage infrastructure. They want to deploy a stack that creates an Amazon RDS DB instance. The database password must be stored securely and rotated automatically. Which approach meets these requirements?

Question 64easymultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with multiple stages: Source, Build, Test, Deploy. The Test stage runs integration tests using AWS CodeBuild. If the Test stage fails, what happens to the pipeline execution?

Question 65mediummultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer wants to use AWS CodeDeploy to deploy an application to an Auto Scaling group. The deployment must ensure that only a certain percentage of instances are taken out of service at a time. Which deployment configuration supports this requirement?

Question 66hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeStar to manage software development projects. The team wants to integrate a third-party issue tracking system with CodeStar. Which AWS service should they use to achieve this integration?

Question 67easymulti select
Read the full SDLC Automation explanation →

A company is designing a CI/CD pipeline for a serverless application using AWS CodePipeline. Which TWO actions are valid ways to deploy an AWS Lambda function?

Question 68mediummulti select
Read the full SDLC Automation explanation →

A DevOps team uses AWS CloudFormation to manage infrastructure. They want to implement a change management process that requires approval before making changes to production stacks. Which TWO approaches can be used to enforce this?

Question 69mediummulti select
Read the full SDLC Automation explanation →

A company uses AWS CodeBuild to build and test a Node.js application. The buildspec.yml currently runs npm install and npm test. They want to also run a security scan using a third-party tool. Which THREE steps are required to integrate the security scan into the CodeBuild build?

Question 70mediummultiple choice
Read the full SDLC Automation explanation →

An IAM policy is attached to a user who needs to manually start a CodePipeline execution. The pipeline uses an S3 bucket named 'my-artifact-bucket' for artifacts. The user reports that they cannot start the pipeline. Which action is missing from the policy?

Exhibit

Refer to the exhibit.

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "codepipeline:StartPipelineExecution",
        "codepipeline:GetPipeline"
      ],
      "Resource": "arn:aws:codepipeline:us-east-1:123456789012:MyPipeline"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject"
      ],
      "Resource": "arn:aws:s3:::my-artifact-bucket/*"
    }
  ]
}
```
Question 71hardmultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer runs the above AWS CLI commands and notices that the CodeBuild project 'my-project' exists but builds fail with the error 'Access Denied' when trying to fetch source code from CodeCommit. The IAM role 'CodeBuildServiceRole' has a policy that allows 'codecommit:GitPull' on all repositories. What is the most likely cause of the failure?

Network Topology
$ aws codebuild batch-get-projectsnames my-projectRefer to the exhibit.```$ aws codebuild list-projects"projects": ["my-project""name": "my-project","source": {"type": "CODECOMMIT","location": "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/my-repo"},"environment": {"type": "LINUX_CONTAINER","image": "aws/codebuild/standard:5.0","computeType": "BUILD_GENERAL1_SMALL","environmentVariables": []"serviceRole": "arn:aws:iam::123456789012:role/CodeBuildServiceRole","artifacts": {"type": "S3","location": "my-build-artifacts"
Question 72hardmultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer creates a CloudFormation stack with the above template. After creation, they want to update the Lambda function code by uploading a new zip file to the S3 bucket and updating the S3Key property. However, the stack update fails because the Lambda function is published as a version and the alias points to that version. What is the most likely reason for the update failure?

Exhibit

Refer to the exhibit.

```
Resources:
  MyLambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        S3Bucket: my-lambda-bucket
        S3Key: my-function.zip
      Handler: index.handler
      Role: !GetAtt LambdaExecutionRole.Arn
      Runtime: python3.9
  MyLambdaVersion:
    Type: AWS::Lambda::Version
    Properties:
      FunctionName: !Ref MyLambdaFunction
  MyAlias:
    Type: AWS::Lambda::Alias
    Properties:
      FunctionName: !Ref MyLambdaFunction
      FunctionVersion: !Ref MyLambdaVersion
      Name: prod
  LambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
```
Question 73easymultiple choice
Read the full SDLC Automation explanation →

A DevOps team uses AWS CodeBuild to compile code and run unit tests. The team notices that builds are failing with a timeout error after 60 minutes. What is the most likely cause and solution?

Question 74mediummultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodePipeline to orchestrate builds and deployments. They want to automatically deploy to a staging environment only if a manual approval step is granted. Which configuration should they use?

Question 75hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeCommit for source control. Developers frequently push large binary files (e.g., compiled binaries, datasets) to the repository, causing repository size to grow and clone operations to become slow. What is the BEST approach to manage this?

Question 76easymultiple choice
Read the full SDLC Automation explanation →

A team uses AWS CodeDeploy to deploy an application to an Auto Scaling group. The deployment fails with the error: 'The overall deployment failed because too many individual instances failed deployment.' The instances are healthy and can connect to the CodeDeploy service. What is the most likely cause?

Question 77mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CloudFormation to manage infrastructure. They want to update a stack but need to ensure that critical database resources are not accidentally replaced during the update. What is the BEST way to protect these resources?

Question 78hardmultiple choice
Read the full SDLC Automation explanation →

An organization uses AWS CodePipeline with multiple stages: Source, Build, Deploy to Test, Deploy to Prod. They want to implement a canary deployment strategy for the production deployment. Which approach should they use?

Question 79easymultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is troubleshooting a failed build in AWS CodeBuild. The build log shows: 'Error: Cannot find module 'lodash'.' The buildspec.yml file lists 'npm install' as a command. What is the most likely cause?

Question 80mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS Elastic Beanstalk for deploying web applications. They want to automate deployments whenever a new commit is pushed to the master branch of their CodeCommit repository. Which AWS service should they use to trigger the deployment?

Question 81hardmultiple choice
Read the full SDLC Automation explanation →

A team uses AWS CloudFormation to deploy a stack that includes an Amazon RDS DB instance. During a stack update, they need to modify the DB instance class but want to avoid downtime. Which update policy should they use?

Question 82mediummulti select
Read the full SDLC Automation explanation →

Which TWO AWS services can be used as sources in an AWS CodePipeline? (Choose two.)

Question 83hardmulti select
Read the full SDLC Automation explanation →

Which THREE actions can be performed using the AWS CLI for CodeDeploy? (Choose three.)

Question 84easymulti select
Read the full SDLC Automation explanation →

Which TWO are valid deployment configurations in AWS CodeDeploy? (Choose two.)

Question 85mediummultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. An IAM policy is attached to a user. The user reports that they cannot push to the 'MyRepo' repository. What is the likely reason?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "codecommit:GitPull",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "codecommit:GitPush",
      "Resource": "arn:aws:codecommit:us-east-1:123456789012:MyRepo"
    }
  ]
}
Question 86hardmultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A CodeBuild project uses this buildspec. The build fails with the error: 'The runtime version specified is not supported in this environment.' What change should be made?

Exhibit

Refer to the exhibit.

# Buildspec.yml
version: 0.2
phases:
  install:
    runtime-versions:
      nodejs: 12
    commands:
      - npm install
  build:
    commands:
      - npm run build
artifacts:
  files:
    - '**/*'
Question 87mediummultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A DevOps engineer runs the AWS CLI command to list deployments for an application. The output shows only 2 deployments, but the team knows there are more. How can the engineer retrieve the remaining deployments?

Network Topology
$ aws deploy list-deploymentsapplication-name MyAppdeployment-group-name MyDGmax-items 5Refer to the exhibit."deployments": ["d-ABCDEFGHI","d-JKLMNOPQR"],"nextToken": "abc123"
Question 88mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with a multi-branch strategy. Developers push to feature branches, which should trigger a pipeline that runs unit tests and then deploys to a staging environment. However, the pipeline only triggers on the main branch. What should be done to enable pipeline execution for feature branches?

Question 89hardmultiple choice
Read the full SDLC Automation explanation →

A DevOps team is designing a CI/CD pipeline for a microservices application. Each service is stored in a separate repository. The team wants to build and test only the services that changed in a given commit. Which AWS solution is MOST efficient and cost-effective?

Question 90easymultiple choice
Read the full SDLC Automation explanation →

A developer wants to automate the creation of a new Amazon ECS service whenever a new Docker image is pushed to Amazon ECR. Which AWS service should be used to orchestrate this workflow?

Question 91mediummultiple choice
Read the full SDLC Automation explanation →

An organization uses AWS CodeBuild to run integration tests. The tests require a large amount of memory and CPU, and they often timeout after the default 60 minutes. What is the MOST efficient way to increase the timeout and allocate more resources?

Question 92hardmultiple choice
Read the full SDLC Automation explanation →

A company has a multi-account AWS environment using AWS Organizations. The DevOps team wants to deploy a CloudFormation stack set to all accounts in the organization. Which IAM permissions are REQUIRED for the stack set execution role?

Question 93easymultiple choice
Read the full NAT/PAT explanation →

A developer wants to automatically deploy a new version of an AWS Lambda function whenever code is pushed to a specific branch in AWS CodeCommit. Which combination of services should be used?

Question 94mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeDeploy with a blue/green deployment strategy for an Amazon EC2 Auto Scaling group. During deployment, the new instances are failing health checks and the deployment is rolling back. What is the MOST likely cause?

Question 95hardmultiple choice
Read the full SDLC Automation explanation →

A team uses AWS CodePipeline to deploy a serverless application using AWS SAM. The pipeline includes a build stage that runs 'sam build' and a deploy stage that runs 'sam deploy'. The deployment fails with an error: 'The security token included in the request is invalid.' What is the MOST likely cause?

Question 96easymultiple choice
Read the full SDLC Automation explanation →

A company wants to enforce that all infrastructure changes go through a CI/CD pipeline. Which AWS service can be used to prevent direct changes to production resources?

Question 97mediummulti select
Read the full SDLC Automation explanation →

A DevOps engineer is troubleshooting a failed CodePipeline execution. The pipeline has a source stage from CodeCommit, a build stage using CodeBuild, and a deploy stage using CodeDeploy. The build stage succeeds, but the deploy stage fails with 'No deployments found for the specified deployment group.' Which TWO actions should the engineer take to resolve this?

Question 98hardmulti select
Read the full SDLC Automation explanation →

A company uses AWS CodeBuild to run security scans on code. The scan requires access to a private Amazon ECR repository for downloading scanning tools. The CodeBuild project is configured with a VPC and uses an IAM role. However, the build fails with 'Error: unable to pull image from registry.' Which TWO steps should be taken to resolve this?

Question 99mediummulti select
Read the full SDLC Automation explanation →

A company wants to implement a CI/CD pipeline for an application that runs on Amazon ECS with Fargate. The pipeline should build a Docker image, push it to Amazon ECR, and deploy a new task definition to ECS. Which THREE AWS services are required to build this pipeline?

Question 100mediummultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A CodePipeline service role has this IAM policy attached. The pipeline's deploy stage uses CodeDeploy to perform an ECS blue/green deployment. The deployment fails with an access denied error. What is the MOST likely missing permission?

Exhibit

Refer to the exhibit.

# IAM Policy for CodePipeline Service Role
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "codedeploy:CreateDeployment",
        "codedeploy:GetDeployment",
        "codedeploy:GetDeploymentGroup"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ecs:DescribeServices"
      ],
      "Resource": "arn:aws:ecs:us-east-1:123456789012:service/my-service"
    }
  ]
}
Question 101hardmultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A developer runs this buildspec in CodeBuild to deploy a CDK application. The build succeeds, but the CDK stack is not deployed. What is the MOST likely reason?

Network Topology
- npx cdk deployrequire-approval neverRefer to the exhibit.# CodeBuild buildspec.ymlversion: 0.2phases:install:runtime-versions:nodejs: 14commands:- npm installbuild:- npm run build- npx cdk synthpost_build:artifacts:files:- '**/*'base-directory: 'cdk.out'
Question 102mediummultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A DevOps engineer sees this output when listing pipelines. The pipeline 'my-app-pipeline' has execution mode set to 'QUEUED'. The team reports that when multiple commits are pushed simultaneously, only the latest commit is deployed, and earlier ones are skipped. How should the pipeline execution mode be changed to ensure all commits are deployed?

Exhibit

Refer to the exhibit.

# AWS CLI output from 'aws codepipeline list-pipelines'
{
  "pipelines": [
    {
      "name": "my-app-pipeline",
      "version": 5,
      "created": 1620000000.0,
      "pipelineType": "V1",
      "executionMode": "QUEUED"
    }
  ]
}
Question 103mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with an S3 source action and a CodeBuild project. The pipeline fails intermittently during the build stage with an error indicating that the source code archive is corrupt. Which action should the DevOps engineer take to resolve this issue?

Question 104hardmultiple choice
Read the full NAT/PAT explanation →

A DevOps team is implementing a CI/CD pipeline for a microservices architecture on AWS ECS. They want to ensure zero-downtime deployments and automatic rollback if health checks fail. Which combination of services should they use?

Question 105easymultiple choice
Read the full SDLC Automation explanation →

A developer wants to automatically run unit tests when a pull request is created in AWS CodeCommit. Which AWS service should be used to trigger the tests?

Question 106mediummultiple choice
Read the full SDLC Automation explanation →

A company is using AWS CodePipeline to deploy a static website to Amazon S3. The pipeline includes a CodeBuild step that minifies JavaScript files. Recently, the build step started failing with an error: 'Error: ENOENT: no such file or directory, open 'index.js''. What is the most likely cause?

Question 107hardmultiple choice
Read the full SDLC Automation explanation →

A team uses AWS CodePipeline with multiple parallel actions in a stage. They notice that when one action fails, the entire stage fails and no further actions are attempted. They want the pipeline to continue with the remaining actions even if one fails, and then report the failure at the end. Which feature should they use?

Question 108easymultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeBuild to build a Docker image and push it to Amazon ECR. The buildspec.yml includes a 'post_build' phase command to tag the image. The build fails with 'unauthorized: authentication required'. What must be done to resolve this?

Question 109mediummultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is designing a CI/CD pipeline for a serverless application using AWS Lambda. They want to automatically deploy the latest version of the Lambda function to production after running integration tests. The source code is in AWS CodeCommit. Which pipeline configuration should they use?

Question 110hardmultiple choice
Read the full SDLC Automation explanation →

A company has a multi-account AWS environment with separate accounts for development, staging, and production. They want to implement a CI/CD pipeline that deploys to each account sequentially after manual approvals. Which setup allows cross-account deployment with CodePipeline?

Question 111easymultiple choice
Read the full SDLC Automation explanation →

A developer is using AWS CodeCommit as a source repository for a CodePipeline. They want to automatically start the pipeline when changes are pushed to the main branch. What is the simplest way to achieve this?

Question 112mediummulti select
Read the full SDLC Automation explanation →

Which TWO actions are best practices when designing a CI/CD pipeline for a containerized application on Amazon ECS? (Choose two.)

Question 113hardmulti select
Read the full SDLC Automation explanation →

Which THREE steps are required to set up a cross-account CodePipeline that deploys to an EC2 instance in a target account? (Choose three.)

Question 114mediummulti select
Read the full SDLC Automation explanation →

Which TWO are valid use cases for using AWS CodeArtifact in a CI/CD pipeline? (Choose two.)

Question 115hardmulti select
Read the full SDLC Automation explanation →

Which THREE practices help ensure the security of a CI/CD pipeline that deploys to production? (Choose three.)

Question 116mediummultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is creating a CodePipeline service role. The above IAM policy is attached to the role. The pipeline fails when trying to download artifacts from the S3 bucket. What is the issue?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-bucket/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "codedeploy:CreateDeployment",
        "codedeploy:GetDeployment"
      ],
      "Resource": "*"
    }
  ]
}
Question 117hardmultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is reviewing the CodePipeline structure above. The pipeline fails during the Deploy stage with an error: 'The deployment group could not be found.' What is the most likely cause?

Exhibit

Refer to the exhibit.

{
  "source": [
    {
      "provider": "S3",
      "bucket": "my-source-bucket",
      "object_key": "source.zip",
      "region": "us-east-1"
    }
  ],
  "stages": [
    {
      "name": "Build",
      "actions": [
        {
          "name": "Build",
          "provider": "CodeBuild",
          "project": "my-project",
          "region": "us-east-1"
        }
      ]
    },
    {
      "name": "Deploy",
      "actions": [
        {
          "name": "Deploy",
          "provider": "CodeDeploy",
          "application": "my-app",
          "deployment_group": "my-group",
          "region": "us-west-2"
        }
      ]
    }
  ]
}
Question 118easymultiple choice
Read the full SDLC Automation explanation →

A company is using AWS CodeCommit for source control and wants to automatically trigger a build in AWS CodeBuild whenever a pull request is created against the main branch. Which AWS service should be used to connect CodeCommit events to CodeBuild?

Question 119mediummultiple choice
Read the full SDLC Automation explanation →

A DevOps team is designing a CI/CD pipeline for a microservices application. Each microservice has its own CodeCommit repository and must be built and deployed independently. The team wants to minimize manual configuration and ensure that adding a new microservice automatically creates the corresponding pipeline stages. Which approach should the team use?

Question 120hardmultiple choice
Read the full NAT/PAT explanation →

An organization has a AWS CodePipeline that deploys a critical application. The pipeline uses a manual approval step before deploying to production. The team wants to ensure that only authorized users can approve the deployment, and that the approval action is logged for compliance. Which combination of actions should the team take? (Select TWO.)

Question 121easymultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodeBuild to run unit tests on every commit to the develop branch. The tests take a long time because they download dependencies each time. What should the team do to reduce build time?

Question 122mediummultiple choice
Read the full SDLC Automation explanation →

A company is implementing a blue/green deployment strategy for an application running on Amazon ECS with AWS Fargate. The team wants to use AWS CodeDeploy to orchestrate the deployment. What is the minimum IAM permissions needed for CodeDeploy to register the new task set and shift traffic?

Question 123hardmultiple choice
Read the full SDLC Automation explanation →

A team uses AWS CodePipeline with multiple stages: Source, Build, Test, and Deploy. The Test stage runs integration tests against a staging environment. Occasionally, the tests fail due to environment issues, not code issues. The team wants to automatically retry the Test stage up to two times if it fails, but not the Deploy stage. How can this be achieved?

Question 124easymultiple choice
Read the full SDLC Automation explanation →

A company wants to ensure that all code changes are reviewed before being merged to the main branch in AWS CodeCommit. Which feature should be enabled?

Question 125mediummultiple choice
Read the full SDLC Automation explanation →

During a deployment using AWS CodeDeploy, the deployment fails with the error 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available, or some instances in your deployment group are experiencing problems.' The deployment group is configured with a minimum healthy instances of 75%. What could be the cause?

Question 126hardmultiple choice
Read the full SDLC Automation explanation →

A company is migrating from Jenkins to AWS CodeBuild. They have hundreds of Jenkins jobs that run on a schedule. Some jobs take hours and must not overlap. What is the most efficient way to migrate these jobs to CodeBuild while ensuring no overlapping builds?

Question 127mediummultiple choice
Read the full SDLC Automation explanation →

An IAM policy is attached to a user. The user is trying to push a commit to the 'main' branch of the 'MyRepo' repository. The push is denied. What is the most likely reason?

Exhibit

Refer to the exhibit.
```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "codecommit:GitPull",
        "codecommit:GitPush"
      ],
      "Resource": "arn:aws:codecommit:us-east-1:123456789012:MyRepo",
      "Condition": {
        "StringEquals": {
          "codecommit:References": ["refs/heads/main"]
        }
      }
    }
  ]
}
```
Question 128hardmultiple choice
Read the full SDLC Automation explanation →

A developer is troubleshooting a failed CodeBuild build. The build is triggered by a pull request from a forked repository. The buildspec includes a command to fetch pull request references. What is the most likely cause of the failure?

Exhibit

Refer to the exhibit.
```
Starting build...
[Container] 2024/01/15 10:00:00 Phase complete: DOWNLOAD_SOURCE State: FAILED
[Container] 2024/01/15 10:00:00 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: git fetch origin +refs/pull/*:refs/remotes/origin/pr/*. Reason: exit status 128
```
Question 129mediummultiple choice
Read the full SDLC Automation explanation →

A CloudFormation stack is created with the template above and the parameter Environment set to 'dev'. Later, the stack is deleted. What happens to the S3 bucket?

Exhibit

Refer to the exhibit.
```
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": {
    "Environment": {
      "Type": "String",
      "AllowedValues": ["dev", "prod"]
    }
  },
  "Conditions": {
    "IsProd": {"Fn::Equals": [{"Ref": "Environment"}, "prod"]}
  },
  "Resources": {
    "MyBucket": {
      "Type": "AWS::S3::Bucket",
      "DeletionPolicy": {"Fn::If": ["IsProd", "Retain", "Delete"]}
    }
  }
}
```
Question 130easymultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is setting up a CI/CD pipeline for a Node.js application. The application must be built, tested, and deployed to an Amazon ECS cluster. The team wants to use AWS CodeBuild to run unit tests and package the application as a Docker image, and AWS CodePipeline to orchestrate the workflow. Which artifact type should CodeBuild output to be used by a subsequent CodePipeline action?

Question 131hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with a GitHub source action. They want to automatically start the pipeline when a pull request is merged to the main branch. However, the pipeline also starts on every push to any branch. How can they limit the pipeline to only trigger on push events to the main branch?

Question 132mediummultiple choice
Read the full SDLC Automation explanation →

A team uses AWS CodeBuild to run security scans on code before deployment. They want to ensure that if the security scan fails, the build is marked as FAILED and no further pipeline stages execute. What should they add to the buildspec?

Question 133easymultiple choice
Read the full SDLC Automation explanation →

A development team is using AWS CodeCommit as a source control repository. They want to automate code builds and run unit tests every time a developer pushes code to the 'develop' branch. Which AWS service should they use to trigger the build automatically?

Question 134mediummultiple choice
Read the full SDLC Automation explanation →

A company is using AWS CodeBuild to compile a Java application. The build takes over 30 minutes, causing timeouts. The team has already increased the build timeout to the maximum. Which action would MOST effectively reduce the build time?

Question 135hardmultiple choice
Read the full NAT/PAT explanation →

A DevOps engineer is designing a CI/CD pipeline for a microservices architecture. The pipeline must deploy to Amazon ECS using blue/green deployments. The team wants to automatically roll back if the new deployment fails health checks. Which combination of AWS services and configurations should the engineer use?

Question 136easymultiple choice
Read the full SDLC Automation explanation →

A team uses AWS CodePipeline to deploy a static website to Amazon S3. The pipeline has a deployment stage that uses AWS CodeDeploy to copy files to an S3 bucket. However, the deployment fails because the S3 bucket is not configured for static website hosting. What is the MOST likely cause of the failure?

Question 137mediummultiple choice
Review the full subnetting walkthrough →

A company is using AWS CodeBuild to run integration tests. The tests require access to an Amazon RDS instance in a private subnet. The CodeBuild project is configured with a VPC ID, subnet IDs, and security group IDs. However, the tests fail with a connection timeout. What is the MOST likely cause?

Question 138hardmultiple choice
Read the full SDLC Automation explanation →

A company has a CI/CD pipeline that deploys to Amazon ECS using AWS CodePipeline. The pipeline includes a manual approval step before deployment to production. The security team requires that all approvals be logged in AWS CloudTrail and that the approver's identity be verified. Which action should the DevOps engineer take to meet these requirements?

Question 139easymultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodeCommit as a Git repository. They want to automatically trigger a build in AWS CodeBuild when a pull request is created or updated. Which configuration should the team use?

Question 140mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline to deploy a Node.js application to AWS Elastic Beanstalk. The pipeline includes a build stage that runs 'npm install' and 'npm test'. The team notices that the build stage often fails due to network timeouts when downloading npm packages. Which action would MOST reliably resolve this issue?

Question 141hardmultiple choice
Read the full SDLC Automation explanation →

A company is using AWS CodePipeline with a deployment stage that uses AWS CloudFormation to deploy infrastructure. The team wants to ensure that if the CloudFormation stack update fails, the pipeline automatically rolls back to the previous version of the stack. Which configuration should the DevOps engineer implement?

Question 142mediummulti select
Read the full SDLC Automation explanation →

A DevOps team is designing a CI/CD pipeline for a microservices application that runs on Amazon ECS. They need to implement automated canary deployments. Which TWO AWS services would be essential for this implementation?

Question 143hardmulti select
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline to deploy a serverless application using AWS SAM. The pipeline includes a build stage that runs 'sam build' and a deploy stage that runs 'sam deploy'. The team wants to automatically test the deployed application before promoting it to production. Which THREE steps should be included in the pipeline?

Question 144easymulti select
Read the full SDLC Automation explanation →

A company is using AWS CodeBuild to build a Docker image and push it to Amazon ECR. The buildspec.yaml includes commands to build and tag the image. However, the push to ECR fails with an authentication error. Which TWO actions should the DevOps engineer take to resolve this?

Question 145mediummultiple choice
Read the full SDLC Automation explanation →

A DevOps team uses AWS CodePipeline with a multi-branch strategy. The pipeline should deploy to production only from the 'main' branch, but run unit tests for all branches. How should the team configure the pipeline?

Question 146hardmultiple choice
Review the full subnetting walkthrough →

A company uses AWS CodeBuild to run integration tests. The tests require access to an RDS database in a private subnet. CodeBuild runs in a VPC but the build times out waiting for the database connection. What is the MOST likely cause?

Question 147easymultiple choice
Review the full subnetting walkthrough →

A team uses AWS CloudFormation to manage infrastructure. They want to reuse a common set of resources (e.g., VPC, subnets) across multiple stacks. Which CloudFormation feature should they use?

Question 148mediummultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodeCommit for source control. They want to enforce that all commits include a JIRA issue key in the commit message. What is the MOST efficient way to achieve this?

Question 149hardmultiple choice
Read the full SDLC Automation explanation →

A company runs a critical application on Amazon ECS with Fargate. They use blue/green deployments via AWS CodeDeploy. During a recent deployment, the new task set failed health checks and CodeDeploy automatically rolled back. However, the old task set also became unhealthy shortly after rollback. What could explain this?

Question 150easymultiple choice
Read the full SDLC Automation explanation →

A team wants to automate the creation of a CI/CD pipeline using a JSON/YAML file that defines source, build, and deploy stages. Which AWS service should they use?

Question 151mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with a source stage from Amazon S3. The pipeline triggers on changes to the S3 bucket. However, the pipeline does not trigger when a new object is uploaded. What is the MOST likely cause?

Question 152hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeBuild to run builds for a Java application. The buildspec includes a 'mvn test' command. The build succeeds but the tests fail. The team wants to fail the build if any test fails. What should they do?

Question 153easymultiple choice
Read the full SDLC Automation explanation →

A team wants to automatically deploy a new version of a Lambda function when code is pushed to a CodeCommit repository. Which AWS service should orchestrate this workflow?

Question 154mediummulti select
Read the full SDLC Automation explanation →

A DevOps engineer is designing a CI/CD pipeline for a microservices architecture. The pipeline must ensure that only code that passes security scanning can proceed to deployment. Which TWO actions should the engineer take? (Choose TWO.)

Question 155hardmulti select
Read the full SDLC Automation explanation →

A company uses AWS CloudFormation to deploy a multi-tier application. The stack creation fails with a 'CREATE_FAILED' error for a resource. The engineer wants to troubleshoot the issue. Which THREE steps should the engineer take? (Choose THREE.)

Question 156easymulti select
Read the full SDLC Automation explanation →

A team uses AWS CodeBuild to build a Node.js application. The buildspec.yml file is at the root of the repository. The build fails with 'Error: Cannot find module 'aws-sdk''. Which TWO actions could resolve the issue? (Choose TWO.)

Question 157hardmultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. An IAM policy is attached to a role used by a CI/CD system. The policy is intended to allow starting the pipeline 'MyPipeline' from the same account. However, the CI/CD system receives an 'AccessDenied' error when trying to start the pipeline. What is the problem?

Exhibit

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "codepipeline:StartPipelineExecution",
      "Resource": "arn:aws:codepipeline:us-east-1:123456789012:MyPipeline"
    },
    {
      "Effect": "Deny",
      "Action": "codepipeline:*",
      "Resource": "*",
      "Condition": {
        "StringNotEquals": {
          "aws:SourceAccount": "123456789012"
        }
      }
    }
  ]
}
Question 158mediummultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A DevOps engineer sees the following error when trying to update a CloudFormation stack: 'Stack [arn:aws:cloudformation:us-west-2:123456789012:stack/MyStack/abc123] is in ROLLBACK_COMPLETE state and can not be updated.' What should the engineer do to proceed?

Exhibit

arn:aws:cloudformation:us-west-2:123456789012:stack/MyStack/abc123
Question 159easymultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A team uses this buildspec.yml in AWS CodeBuild. The build fails because the 'dist' directory does not exist after the build phase. What is the most likely cause?

Exhibit

buildspec.yml:
version: 0.2
phases:
  install:
    runtime-versions:
      python: 3.8
    commands:
      - pip install -r requirements.txt
  build:
    commands:
      - python setup.py build
artifacts:
  files:
    - '**/*'
  base-directory: 'dist'
Question 160mediummultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodeCommit for source control and AWS CodePipeline for CI/CD. The pipeline has a source stage that pulls from a CodeCommit repository, a build stage using AWS CodeBuild, and a deploy stage that uses AWS CodeDeploy to deploy to an EC2 Auto Scaling group. The team notices that the pipeline frequently fails at the deploy stage with the error 'The deployment failed because the deployment group's deployment configuration specifies a minimum healthy host count of 1, but 0 healthy hosts are available.' What is the MOST likely cause of this issue?

Question 161hardmultiple choice
Read the full NAT/PAT explanation →

A company runs a microservices architecture on Amazon ECS with Fargate launch type. Each microservice is deployed using AWS CodePipeline with a source stage from CodeCommit, a build stage in CodeBuild, and a deploy stage that updates the ECS service. The team wants to implement a blue/green deployment strategy to reduce downtime and enable quick rollbacks. Which combination of AWS services and configurations should be used?

Question 162easymultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is configuring a webhook trigger in AWS CodePipeline to automatically start a pipeline when changes are pushed to a specific branch in a CodeCommit repository. The webhook is created and the trigger is set to the 'main' branch. However, when a developer pushes a commit to the 'main' branch, the pipeline does not start. What is the MOST likely reason?

Question 163mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeBuild to compile and test Java code. The buildspec.yml file includes a 'pre_build' phase that runs unit tests. The build occasionally fails with the error 'No space left on device.' The build environment is a general1.medium EC2 instance with 160 GB of disk space. What is the MOST effective solution to resolve this issue?

Question 164hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline to deploy a serverless application using AWS SAM. The pipeline has a source stage from CodeCommit, a build stage that runs 'sam build', and a deploy stage that runs 'sam deploy --no-confirm-changeset'. The deploy stage fails with the error 'The security token included in the request is invalid.' What is the MOST likely cause?

Question 165easymultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodeStar to set up a continuous delivery pipeline for a web application. The application is deployed to an Elastic Beanstalk environment. After a successful deployment, the team wants to automatically run integration tests against the deployed application. What is the SIMPLEST way to achieve this?

Question 166mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline to deploy a static website to an S3 bucket. The pipeline includes a source stage (S3), a build stage (CodeBuild) that minifies assets, and a deploy stage that copies files to the production S3 bucket. The deploy stage uses 's3 sync' command. After a recent deployment, some users report seeing old content. What is the MOST likely cause?

Question 167hardmultiple choice
Read the full SDLC Automation explanation →

A team uses AWS CodePipeline to deploy a containerized application to Amazon ECS. The pipeline uses a source stage from CodeCommit, a build stage that builds a Docker image and pushes it to Amazon ECR, and a deploy stage that updates an ECS service. The team wants to add a manual approval step before the deploy stage to allow QA to verify the image. What is the BEST way to implement this?

Question 168mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeCommit for source control. Developers work on feature branches and create pull requests to merge into the 'develop' branch. The company wants to enforce that all commits to the 'develop' branch are signed. Which AWS service or feature should be used to enforce this policy?

Question 169mediummulti select
Read the full SDLC Automation explanation →

A company is using AWS CodeBuild to run builds for a Java application. The build takes a long time because it downloads Maven dependencies every time. The team wants to speed up the build by caching dependencies. Which TWO actions should be taken? (Choose 2)

Question 170hardmulti select
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with multiple stages: Source (CodeCommit), Build (CodeBuild), Test (CodeBuild), and Deploy (CodeDeploy to EC2). The Test stage runs integration tests that require network access to a private database in a VPC. The CodeBuild project is configured to use a VPC. However, the Test stage fails intermittently with timeout errors. Which TWO actions would MOST likely resolve the issue? (Choose 2)

Question 171easymulti select
Study the full Python automation breakdown →

A DevOps engineer is setting up a CI/CD pipeline for a Python application using AWS CodePipeline. The pipeline includes a build stage with CodeBuild and a deploy stage that runs an AWS CLI command to update a Lambda function. Which THREE steps are necessary to ensure the pipeline can update the Lambda function? (Choose 3)

Question 172hardmultiple choice
Read the full SDLC Automation explanation →

Your company uses AWS CodePipeline to automate the deployment of a critical web application. The pipeline consists of a source stage (CodeCommit), a build stage (CodeBuild), and a deploy stage (CodeDeploy) that deploys to an Auto Scaling group of EC2 instances running Amazon Linux 2. The deployment strategy is 'AllAtOnce'. Recently, the team noticed that during deployments, the application becomes completely unavailable for a few minutes until the new instances are registered with the load balancer. The business requires zero downtime during deployments. You need to modify the deployment process to achieve zero downtime while minimizing cost and complexity. The Auto Scaling group currently has a minimum of 2 instances and a maximum of 4 instances. The application is stateless and sessions are stored in ElastiCache. Which solution should you implement?

Question 173mediummultiple choice
Read the full NAT/PAT explanation →

You are a DevOps engineer for a company that uses AWS CodePipeline to deploy a microservice to Amazon ECS with Fargate. The pipeline has a source stage (CodeCommit), a build stage (CodeBuild) that builds a Docker image and pushes it to Amazon ECR, and a deploy stage that uses an ECS task definition update. Recently, the deploy stage started failing intermittently with the error 'The task definition does not have a compatibilities attribute set correctly.' The task definition is generated dynamically during the build stage and uses the 'FARGATE' launch type. The error occurs only when a new task definition revision is created. You suspect the issue is related to how the task definition is generated. Upon reviewing the buildspec, you see that the task definition JSON is created using environment variables for the image URI. What is the MOST likely cause and solution?

Question 174easymultiple choice
Read the full SDLC Automation explanation →

A development team is using AWS CodeCommit as the source for a CI/CD pipeline. They want to automatically trigger a build in AWS CodeBuild whenever a developer pushes changes to any branch in the repository. Which pipeline configuration should be used?

Question 175mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline to deploy a microservices application to Amazon ECS. The pipeline has a source stage (CodeCommit), a build stage (CodeBuild), and a deploy stage (CodeDeploy). Recently, deployments have been failing intermittently during the deploy stage with the error: 'The service has reached its maximum number of running tasks.' How should a DevOps engineer resolve this issue?

Question 176hardmultiple choice
Read the full NAT/PAT explanation →

A DevOps engineer is designing a CI/CD pipeline that must enforce a policy: any change to the production branch in CodeCommit must be reviewed and approved by two senior developers before the change can be merged. The pipeline must also automatically build and deploy to a staging environment after approval. Which combination of AWS services and configurations should be used?

Question 177easymultiple choice
Read the full SDLC Automation explanation →

A DevOps team uses AWS CodeBuild to compile a Java application. The build environment is managed by AWS and runs on Linux. The team wants to speed up the build process by caching dependency directories across builds. Which configuration should the team use?

Question 178mediummultiple choice
Read the full SDLC Automation explanation →

A development team is implementing a CI/CD pipeline using AWS CodePipeline. The pipeline has a Source stage connected to an Amazon S3 bucket, a Build stage using AWS CodeBuild, and a Deploy stage that deploys to an Amazon ECS cluster. The team notices that the pipeline fails intermittently during the Build stage with a 'BUILD_CONTAINER_UNABLE_TO_PULL_IMAGE' error. What is the most likely cause?

Question 179mediummultiple choice
Read the full SDLC Automation explanation →

A company is implementing a CI/CD pipeline using AWS CodePipeline to deploy a serverless application using the AWS Serverless Application Model (SAM). The pipeline must build and package the application, then deploy it to multiple environments (dev, test, prod) sequentially with manual approval gates before production. Which stage configuration should be used?

Question 180hardmultiple choice
Read the full SDLC Automation explanation →

A company is using AWS CodeDeploy to deploy a web application to an Auto Scaling group of Amazon EC2 instances. The deployment strategy is Blue/Green. After a successful deployment, the team notices that the new instances are receiving traffic but the application returns errors. The old instances are still serving traffic correctly. The team wants to roll back immediately. What should be done?

Question 181hardmultiple choice
Read the full SDLC Automation explanation →

An organization uses AWS CodeCommit for source control and AWS CodePipeline for CI/CD. Developers complain that their pipeline executions often fail because the source stage cannot access the CodeCommit repository. The IAM role used by CodePipeline has the following policy attached. What is the MOST likely cause of the failure? Policy: {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["codecommit:GetBranch","codecommit:GetCommit","codecommit:UploadArchive","codecommit:GetUploadArchiveStatus"],"Resource":"*"}]}

Question 182easymultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is setting up an AWS CodeBuild project that needs to access resources in a VPC, such as an Amazon RDS database. The engineer has configured the CodeBuild project to run in the VPC. Which additional configuration is required for CodeBuild to pull the build Docker image?

Question 183easymultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeBuild to run unit tests and package a Node.js application. The buildspec.yml file includes commands to install dependencies using npm. The build is failing with the error: 'npm ERR! code EACCES'. How should a DevOps engineer resolve this issue?

Question 184mediummultiple choice
Read the full SDLC Automation explanation →

A DevOps team uses AWS CodePipeline to deploy a static website to an Amazon S3 bucket. The pipeline has a source stage (CodeCommit), a build stage (CodeBuild that runs a build tool), and a deploy stage (S3). After a recent code change, the build stage succeeded but the deploy stage failed with the error: 'Access Denied' when uploading artifacts to the S3 bucket. What should the team do to fix the issue?

Question 185hardmultiple choice
Read the full SDLC Automation explanation →

A company is using AWS CodePipeline with multiple stages that include source, build, and deploy. The pipeline uses an Amazon S3 bucket as the source action. The team notices that the pipeline is not automatically starting when new files are uploaded to the S3 bucket. The S3 bucket has versioning enabled. What is the most likely reason?

Question 186hardmultiple choice
Read the full SDLC Automation explanation →

A company is using AWS CodeCommit with multiple repositories. Developers are required to create pull requests for all changes, and the pull request must be associated with a JIRA issue key (e.g., PROJ-123) in the commit message. A DevOps engineer needs to enforce this policy automatically. Which approach meets the requirement with minimal operational overhead?

Question 187mediummultiple choice
Read the full SDLC Automation explanation →

A team is using AWS CloudFormation to manage infrastructure. They want to implement a change management process where any modifications to the stack must be reviewed and approved. Which feature should they use?

Question 188easymulti select
Read the full SDLC Automation explanation →

Which TWO actions should a DevOps engineer take to ensure that an AWS CodeBuild project can access a private Amazon S3 bucket to download build artifacts? (Choose two.)

Question 189easymultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeBuild to run unit tests as part of a CI pipeline. The buildspec.yaml file is located in the root of the source repository. The build takes 30 minutes to complete. The team wants to speed up the build by caching dependencies. Which approach should they take?

Question 190mediummulti select
Read the full SDLC Automation explanation →

Which THREE steps are required to set up a continuous deployment pipeline using AWS CodePipeline that deploys a Docker-based application to Amazon ECS? (Choose three.)

Question 191hardmulti select
Read the full SDLC Automation explanation →

Which TWO approaches can be used to automatically roll back a failed deployment in AWS CodeDeploy? (Choose two.)

Question 192hardmultiple choice
Read the full SDLC Automation explanation →

An organization uses AWS CodePipeline to deploy a serverless application using AWS Lambda and Amazon API Gateway. The pipeline includes a manual approval action. The team wants to ensure that the approval email is sent to multiple approvers and that any one of them can approve or reject. How should the approval action be configured?

Question 193mediummultiple choice
Read the full SDLC Automation explanation →

A company has a CI/CD pipeline using AWS CodePipeline that deploys a critical web application to an Auto Scaling group of EC2 instances. The pipeline includes a deploy stage using AWS CodeDeploy. Recently, the deployment failed because the new application version caused an increase in HTTP 500 errors. The operations team manually rolled back the deployment by redeploying the previous version. However, the team wants to automate this process so that future failed deployments are automatically rolled back. Additionally, they want to ensure that if the rollback itself fails, the system should alert the on-call engineer. Currently, the deployment group is configured with 'rollback when a deployment fails' disabled. The team has also set up a CloudWatch alarm that triggers when the HTTP 500 error rate exceeds a threshold. What should a DevOps engineer do to meet these requirements with minimal operational overhead?

Question 194mediummultiple choice
Read the full SDLC Automation explanation →

A company is implementing a CI/CD pipeline using AWS CodePipeline. The source code is stored in an AWS CodeCommit repository. The pipeline must automatically start whenever a change is pushed to any branch. Which configuration is required?

Question 195hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeCommit, CodeBuild, and CodePipeline to manage a multi-module Java application. The pipeline has a single build stage that runs tests and packages the application into a JAR file. Recently, the team split the application into multiple microservices, each in its own CodeCommit repository. They want to create a single pipeline that can build all microservices in parallel and then deploy them together to an Amazon ECS cluster. The pipeline should trigger when any of the repositories receives a push. Currently, the pipeline is configured with a single source stage pointing to one repository. The build stage uses a single build project. The team wants to minimize changes to the existing pipeline structure. What should a DevOps engineer do to achieve this?

Question 196easymultiple choice
Review the full subnetting walkthrough →

A DevOps engineer is creating an AWS CloudFormation template to deploy a stack that includes an Amazon EC2 instance. The instance needs to be launched in a specific subnet. How should the engineer reference the subnet ID in the template?

Question 197easymultiple choice
Study the full Python automation breakdown →

A startup is using AWS CodePipeline to deploy a Python web application to AWS Elastic Beanstalk. The pipeline has a source stage (CodeCommit), a build stage (CodeBuild), and a deploy stage (Elastic Beanstalk). The build stage runs unit tests and creates a deployable zip file. The deploy stage uses the Elastic Beanstalk deploy provider. Recently, the deploy stage started failing with the error: 'The API call 'elasticbeanstalk:CreateApplicationVersion' failed with status 403.' The CodePipeline service role has the following permissions: 'elasticbeanstalk:DescribeApplications', 'elasticbeanstalk:DescribeEnvironments', 'elasticbeanstalk:UpdateEnvironment'. What should the DevOps engineer do to resolve the issue?

Question 198hardmulti select
Read the full SDLC Automation explanation →

Which TWO actions should a DevOps engineer take to ensure that an AWS CodeBuild project's artifacts are automatically deployed to an Amazon S3 bucket with server-side encryption using AWS KMS? (Choose 2.)

Question 199mediummultiple choice
Read the full SDLC Automation explanation →

A development team is using AWS CodeCommit as a source control repository. They want to automate the creation of a new feature branch whenever a developer creates a new Jira issue with a specific label. Which AWS service should be used to listen for Jira webhooks and trigger the branch creation?

Question 200hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with multiple stages: source, build, test, and deploy. The test stage takes 45 minutes to complete. Developers complain that the pipeline takes too long to provide feedback. The team wants to run tests in parallel across multiple environments. Which approach should be taken to reduce the pipeline execution time?

Question 201mediummulti select
Read the full SDLC Automation explanation →

Which THREE steps are required to set up a cross-account CI/CD pipeline where the source stage is in Account A (CodeCommit) and the deploy stage is in Account B (ECS)? (Choose 3.)

Question 202easymulti select
Read the full SDLC Automation explanation →

Which TWO criteria must be met for an AWS CloudFormation stack update to be successful? (Choose 2.)

Question 203easymultiple choice
Read the full SDLC Automation explanation →

An organization is using AWS CodeDeploy to deploy an application to an Auto Scaling group. The deployment fails because the target group is not configured correctly. Which CodeDeploy component is responsible for registering instances with the load balancer?

Question 204mediummultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is troubleshooting a failed AWS CloudFormation stack update. The stack contains an AWS::Lambda::Function resource. The update failed with the error 'Resource creation cancelled' after a timeout. The engineer wants to view the logs from the Lambda function during the stack update to diagnose the issue. What should the engineer do?

Question 205mediummultiple choice
Read the full SDLC Automation explanation →

A development team is using AWS CodeCommit as a source repository and AWS CodePipeline to automate their CI/CD pipeline. The pipeline includes a build stage that runs on AWS CodeBuild. The team wants to automatically trigger the pipeline when changes are pushed to the 'develop' branch of the CodeCommit repository. Which configuration change should be made to the pipeline?

Question 206hardmulti select
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with a source stage from Amazon S3. The pipeline deploys a static website to an S3 bucket. The deployment must ensure that the website is always available and that rollbacks happen automatically if the deployment fails. Which TWO actions should the company take?

Question 207hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline to deploy a serverless application. The pipeline has a source stage (CodeCommit), a build stage (CodeBuild), and a deploy stage (CloudFormation). The deployment consistently fails because the Lambda function's IAM role is not created before the function. The team uses a single CloudFormation template. Which action should be taken to resolve this dependency issue?

Question 208mediummulti select
Read the full SDLC Automation explanation →

An IAM policy is attached to a service role used by AWS CodePipeline. Which TWO statements about this policy are correct?

Exhibit

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "codepipeline:StartPipelineExecution",
        "codepipeline:PutJobSuccessResult",
        "codepipeline:PutJobFailureResult"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "codebuild:StartBuild",
        "codebuild:BatchGetBuilds"
      ],
      "Resource": "arn:aws:codebuild:us-east-1:123456789012:project/my-project"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-artifact-bucket/*"
    }
  ]
}
Question 209easymultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is setting up a CI/CD pipeline using AWS CodePipeline and AWS CodeBuild. The build environment requires specific software packages that are not available in the default CodeBuild environment. What is the MOST efficient way to customize the build environment?

Question 210mediummulti select
Read the full SDLC Automation explanation →

A DevOps team is implementing a CI/CD pipeline for a microservices architecture. Each microservice is built and deployed independently. The team wants to ensure that only one build runs per microservice at a time to avoid resource contention, and that the build artifacts are stored securely. Which THREE steps should the team take?

Question 211mediummultiple choice
Review the full routing breakdown →

A team uses AWS CodeDeploy to deploy an application to an Auto Scaling group. The deployment is configured with a deployment configuration that uses the 'CodeDeployDefault.OneAtATime' traffic routing. However, during deployment, the new instances are failing health checks and the deployment is rolling back. The team wants to minimize the impact on users. What should the team do to detect issues earlier?

Question 212easymulti select
Read the full SDLC Automation explanation →

A company uses AWS CodeCommit for source control. Developers need to automatically run tests on every push to a feature branch, but only if the push includes changes to the 'src/' directory. Which TWO AWS services can be used together to achieve this?

Question 213hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CloudFormation to manage infrastructure. The development team wants to promote changes from a development environment to a production environment using change sets. They need to ensure that the production stack is not updated if there are any changes to the stack's IAM policies. Which approach should the team use?

Question 214hardmultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. An AWS CloudFormation template includes a Lambda function with the ARN shown. The function is part of a custom resource to create an S3 bucket. The stack creation fails with the error 'Function not found: arn:aws:lambda:us-east-1:123456789012:function:my-function'. The Lambda function exists in the same account and region. What is the most likely cause?

Exhibit

arn:aws:lambda:us-east-1:123456789012:function:my-function
Question 215easymultiple choice
Read the full SDLC Automation explanation →

A developer is using AWS CodeBuild to compile code. The build takes a long time because dependencies are downloaded each time. What can the developer do to reduce build time?

Question 216hardmultiple choice
Review the full routing breakdown →

A company runs a critical e-commerce application on AWS. They use AWS CodePipeline to manage deployments. The pipeline has a source stage (CodeCommit), a build stage (CodeBuild), and a deploy stage (CodeDeploy to an Auto Scaling group). Recently, a deployment caused a 5-minute outage because the new application version had a bug that caused the health checks to fail. The Auto Scaling group marked instances as unhealthy and replaced them, but during the replacement, traffic was routed to the remaining instances, which also failed health checks, causing a full outage. The company wants to implement a deployment strategy that prevents any traffic from being routed to unhealthy instances and automatically rolls back if the deployment fails. They also want to minimize deployment time and cost. Which solution should the DevOps team implement?

Question 217mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CloudFormation to manage infrastructure as code. They have a stack that creates an Amazon RDS database instance. The database password is stored as a parameter in AWS Systems Manager Parameter Store. The CloudFormation template references the parameter using the 'resolve:ssm' dynamic reference. Recently, a security audit found that the password was exposed in plaintext in the CloudFormation stack outputs. The team wants to prevent sensitive information from being displayed in stack outputs or logs. Which approach should be taken?

Question 218mediummultiple choice
Read the full SDLC Automation explanation →

An organization uses AWS CodePipeline to deploy a web application. The pipeline includes a test stage that runs integration tests using AWS CodeBuild. The tests are flaky and sometimes fail due to external dependencies. The team wants to automatically retry failed tests before marking the stage as failed. How should this be achieved?

Question 219easymultiple choice
Read the full SDLC Automation explanation →

A startup is using AWS CodeBuild to build and test their application. The build process takes about 10 minutes. Recently, they noticed that some builds are failing randomly with the error 'Could not download dependencies'. The build environment uses a custom Docker image stored in Amazon ECR. The team suspects that the issue is due to network connectivity problems when pulling the Docker image or dependencies from the internet. They want to ensure reliable and faster builds. Which solution should they implement?

Question 220hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeCommit and wants to enforce that all commits to the 'main' branch are signed with a GPG key. Which steps should the DevOps engineer take to enforce this?

Question 221mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline to deploy a web application to an Elastic Beanstalk environment. The pipeline has a source stage (S3), a build stage (CodeBuild), and a deploy stage (Elastic Beanstalk). Recently, the deployment started failing with the error 'The Elastic Beanstalk environment is not in a ready state'. The team found that the environment was in an 'Updating' state because a previous deployment was still in progress. They need a solution that prevents concurrent deployments and ensures that the environment is ready before starting a new deployment. Which action should the DevOps engineer take?

Question 222easymultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is tasked with automating the deployment of a microservices architecture. Each service is packaged as a Docker container. The team wants to use AWS CodePipeline and AWS CodeBuild to build Docker images and push them to Amazon ECR, then deploy to Amazon ECS. What should the CodeBuild buildspec file include to push the image to ECR?

Question 223hardmultiple choice
Read the full SDLC Automation explanation →

A large enterprise uses AWS CodePipeline with multiple stages including source, build, test, and deploy. The test stage runs a suite of integration tests that take 30 minutes. The team wants to reduce the overall pipeline execution time by running the test stage in parallel across different test environments (e.g., different browsers, operating systems). However, they also need to aggregate the test results into a single report. Which approach should they use?

Question 224mediummulti select
Read the full SDLC Automation explanation →

A company is implementing a CI/CD pipeline using AWS CodePipeline. The pipeline has a source stage from GitHub, a build stage using AWS CodeBuild, and a deploy stage using AWS Elastic Beanstalk. The team wants to ensure that the pipeline only proceeds if the code quality checks pass and unit tests are successful. Which TWO actions should be taken?

Question 225easymultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CloudFormation to deploy infrastructure. They have a template that creates an Amazon EC2 instance and an Elastic IP address. The template uses the AWS::EC2::EIP resource. The team notices that when they delete the stack, the Elastic IP address is not released, leading to charges. They want to ensure that the Elastic IP is automatically released when the stack is deleted. What should they do?

Question 226hardmulti select
Review the full subnetting walkthrough →

A DevOps team is using AWS CodeBuild to run integration tests against a test database. The database is an Amazon RDS instance in a private subnet. The CodeBuild project is configured to run in a VPC. Which THREE steps are required to allow CodeBuild to access the RDS instance?

Question 227hardmultiple choice
Read the full SDLC Automation explanation →

A DevOps team uses AWS CodePipeline with an S3 source action and CodeBuild as a build provider. The pipeline has a manual approval step before deployment. Recently, the team noticed that the pipeline automatically starts when a new object is uploaded to the S3 bucket, even if the object is not the source code. They want to ensure that the pipeline only triggers on changes to the source code directory. What is the MOST efficient solution?

Question 228mediummulti select
Read the full SDLC Automation explanation →

An organization uses AWS CodePipeline to deploy a static website to Amazon S3. The pipeline has a source stage (CodeCommit), a build stage (CodeBuild that minifies assets), and a deploy stage (S3 deployment). The team wants to add a stage for running security vulnerability scans on the code. Which TWO options are viable?

Question 229mediummultiple choice
Read the full SDLC Automation explanation →

A company is using AWS CodeDeploy to deploy a web application to an Auto Scaling group. The deployment fails with the error 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available, or some instances in your deployment group are experiencing problems.' The deployment configuration uses a linear traffic shifting with a 10-minute interval. The application logs show that the new version of the application crashes on startup. What is the MOST effective way to handle this situation to ensure successful future deployments?

Question 230hardmulti select
Read the full SDLC Automation explanation →

A company is using AWS CodeBuild to compile and test code. The buildspec.yml file includes a pre_build phase that installs dependencies and a build phase that runs the compilation. The tests are run in the post_build phase. The team wants to improve the security of the build process by ensuring that sensitive information such as database passwords is not exposed in the build logs. Which TWO actions should the team take? (Choose two.)

Question 231mediummultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A DevOps engineer runs the command to get the pipeline definition. The pipeline has a source stage from an S3 bucket and a build stage with CodeBuild. The CodeBuild project is configured to output artifacts to a specific S3 bucket. However, the pipeline fails at the build stage with an error: 'Artifact 'BuildArtifact' is not found'. What is the most likely cause?

Network Topology
aws codepipeline get-pipelinename my-app-pipelineRefer to the exhibit.```"pipeline": {"name": "my-app-pipeline","roleArn": "arn:aws:iam::123456789012:role/CodePipelineServiceRole","stages": ["name": "Source","actions": ["actionTypeId": {"provider": "S3","category": "Source"},"configuration": {"S3Bucket": "my-source-bucket","S3ObjectKey": "app.zip""outputArtifacts": ["name": "SourceArtifact""name": "Build","provider": "CodeBuild","category": "Build""ProjectName": "my-build-project""inputArtifacts": [
Question 232mediummulti select
Read the full SDLC Automation explanation →

A company uses AWS CloudFormation to provision infrastructure. They have a stack that creates an Amazon RDS DB instance. They want to update the stack to change the DB instance class from db.t2.micro to db.t3.medium. Which THREE of the following must be true for the update to succeed? (Choose three.)

Question 233hardmultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. An IAM policy is attached to a CodeBuild service role. The CodeBuild project is used to build code from a CodeCommit repository and output artifacts to an S3 bucket. However, the build fails with an error: 'Unable to download source from CodeCommit'. What is the missing permission?

Exhibit

Refer to the exhibit.

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "codebuild:StartBuild",
                "codebuild:BatchGetBuilds"
            ],
            "Resource": "arn:aws:codebuild:us-east-1:123456789012:project/my-project"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": "arn:aws:s3:::my-artifact-bucket/*"
        }
    ]
}
```
Question 234hardmultiple choice
Read the full SDLC Automation explanation →

A company runs a containerized microservices application on Amazon ECS with Fargate. The application is deployed using AWS CodePipeline with CodeBuild as the build stage and ECS as the deploy stage. The pipeline uses a deployment controller of type CODE_DEPLOY with a blue/green deployment strategy. Recently, the team noticed that during deployments, the new task set fails health checks and the deployment is rolled back. The application logs indicate that the new containers fail because they cannot connect to the Redis cluster, which is a required dependency. The Redis cluster is running on Amazon ElastiCache and is in the same VPC as the ECS tasks. The team has verified that the security group for the ElastiCache cluster allows inbound traffic from the ECS tasks' security group. The ECS task definition includes the Redis endpoint as an environment variable. What is the MOST likely cause of the connection failure?

Question 235easymultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A DevOps engineer created a CloudFormation stack that includes a Lambda function. The stack creation failed and rolled back. The error message for the Lambda function says 'Resource creation cancelled'. What is the most likely cause?

Network Topology
$ aws cloudformation describe-stack-eventsstack-name my-stackRefer to the exhibit.```"StackEvents": ["EventId": "Event-1","StackName": "my-stack","LogicalResourceId": "my-stack","ResourceStatus": "ROLLBACK_IN_PROGRESS","Timestamp": "2024-01-01T00:00:00Z"},"EventId": "Event-2","LogicalResourceId": "MyLambdaFunction","ResourceStatus": "CREATE_FAILED","ResourceStatusReason": "Resource creation cancelled",
Question 236mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeCommit as a Git repository and CodeBuild for continuous integration. The buildspec.yml file includes steps to run unit tests and package the application. The team wants to ensure that only code from the main branch is deployed to production. They have set up a CodePipeline that triggers on changes to any branch. The pipeline includes a build stage that runs CodeBuild, and then a deploy stage that deploys to production. The team noticed that code from feature branches is being deployed to production accidentally. The team wants to modify the pipeline to prevent this. What is the MOST effective solution?

Question 237mediummultiple choice
Read the full SDLC Automation explanation →

A DevOps team uses AWS CodePipeline to deploy a microservices application. The pipeline includes a CodeBuild project that runs unit tests. Recently, builds have been failing intermittently due to test timeouts. The team wants to improve the reliability of the pipeline without increasing the build timeout. Which action should the team take?

Question 238easymultiple choice
Read the full SDLC Automation explanation →

A developer is using AWS CloudFormation to deploy a stack that includes an AWS Lambda function. The Lambda function code is stored in an S3 bucket. The CloudFormation template references the S3 bucket and object key. The developer wants to update the Lambda function code by uploading a new zip file to S3 and then updating the stack. The developer updates the S3 object with a new version, but the stack update does not automatically use the new code. What should the developer do to ensure the stack update uses the new code?

Question 239hardmultiple choice
Read the full SDLC Automation explanation →

An organization uses AWS CloudFormation to manage infrastructure across multiple accounts using AWS Organizations. They want to enforce that all S3 buckets are encrypted with SSE-S3. A DevOps engineer creates a service control policy (SCP) to deny the creation of any S3 bucket without encryption. However, CloudFormation stack creation fails with an access denied error even when the template includes encryption. What is the most likely cause?

Question 240easymultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline to automate the deployment of a static website hosted on Amazon S3. The pipeline includes a source stage that pulls from a CodeCommit repository and a deploy stage that uses CodeBuild to sync the files to an S3 bucket. The team noticed that the website is not updating after a successful pipeline run. The CodeBuild logs show that the 'aws s3 sync' command completed successfully. However, the website still shows the old content. What is the MOST likely cause?

Question 241easymultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeCommit for source control. Developers frequently push large binary files, causing the repository size to exceed the recommended limit. What is the most efficient way to manage this situation?

Question 242mediummultiple choice
Read the full SDLC Automation explanation →

A team uses AWS CodePipeline with a multi-branch strategy. They want to run different build projects based on the branch name: 'main' triggers a production build, 'develop' triggers a staging build, and feature branches trigger a test build. Which CodePipeline feature should they use?

Question 243hardmultiple choice
Read the full SDLC Automation explanation →

An organization uses AWS Elastic Beanstalk to deploy a web application. The deployment fails with a '502 Bad Gateway' error after the environment update. The health status shows 'Severe'. Investigation reveals that the application is not binding to the port that the nginx proxy expects. What is the most efficient way to diagnose and resolve this issue?

Question 244easymultiple choice
Read the full NAT/PAT explanation →

A company uses AWS Systems Manager Automation to patch EC2 instances. The automation document 'AWS-RunPatchBaseline' runs successfully but some instances are not patched because they are not managed by Systems Manager. What is the most likely reason?

Question 245mediummultiple choice
Read the full SDLC Automation explanation →

A DevOps team uses AWS CodeDeploy to deploy an application to an Auto Scaling group. The deployment fails with a 'HealthCheckFailed' error. The application is running, but the health check endpoint returns HTTP 500. What should the team do to resolve this issue?

Question 246hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CloudFormation to create a stack with a Lambda function that uses a VPC. The stack creation fails with 'CREATE_FAILED: The provided execution role does not have permissions to call ec2:CreateNetworkInterface on the resource'. What is the likely cause?

Question 247easymultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodeBuild to compile a Java application. The build fails during the 'Install' phase with an error: 'Error: JAVA_HOME is not set'. How should the team fix this?

Question 248mediummulti select
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline to automate deployments. The pipeline consists of Source, Build, and Deploy stages. The Build stage uses CodeBuild, and the Deploy stage uses CodeDeploy. Recently, the pipeline failed at the Deploy stage with an error: 'The deployment group does not exist'. Which TWO actions should the team take to resolve this issue?

Question 249hardmulti select
Read the full SDLC Automation explanation →

A company uses AWS CloudFormation with nested stacks to manage a microservices application. The root stack creates a VPC, and nested stacks create ECS services. A developer updates the root stack, but the update fails with 'UPDATE_ROLLBACK_IN_PROGRESS'. The rollback also fails. Which THREE steps should the team take to recover the stack? (Choose THREE.)

Question 250mediummulti select
Read the full SDLC Automation explanation →

A DevOps team uses AWS OpsWorks for Chef Automate to manage configuration. They want to ensure that all EC2 instances automatically register with OpsWorks and are assigned to the correct layer. Which THREE steps are required? (Choose THREE.)

Question 251mediummultiple choice
Read the full SDLC Automation explanation →

The exhibit shows the output of the AWS CLI command 'batch-get-builds' for a CodeBuild build. The build failed. What is the most likely cause of the failure?

Network Topology
$ aws codebuild batch-get-buildsids "build-project:example-build-id"Refer to the exhibit.```"builds": ["id": "build-project:example-build-id","buildStatus": "FAILED","phases": ["phase-type": "SUBMITTED","phase-status": "SUCCEEDED","start-time": "2023-01-01T00:00:00","end-time": "2023-01-01T00:00:05"},"phase-type": "QUEUED","start-time": "2023-01-01T00:00:05","end-time": "2023-01-01T00:00:10""phase-type": "PROVISIONING","start-time": "2023-01-01T00:00:10","end-time": "2023-01-01T00:00:20""phase-type": "DOWNLOAD_SOURCE","phase-status": "FAILED","start-time": "2023-01-01T00:00:20","end-time": "2023-01-01T00:01:30"],"source": {"type": "S3","location": "my-bucket/source.zip"
Question 252hardmultiple choice
Read the full SDLC Automation explanation →

The exhibit shows an IAM policy attached to an AWS Lambda execution role. The Lambda function is triggered by an S3 event and writes to the same bucket. However, the function fails with a permission error when trying to write to 'my-bucket'. What is the likely issue?

Exhibit

Refer to the exhibit.
```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "lambda:InvokeFunction",
      "Resource": "arn:aws:lambda:us-east-1:123456789012:function:my-function"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-bucket/*"
    }
  ]
}
```
Question 253easymultiple choice
Read the full SDLC Automation explanation →

The exhibit shows a CloudFormation stack event. The stack creation failed with 'Resource creation cancelled'. What is the most likely reason for this cancellation?

Network Topology
$ aws cloudformation describe-stack-eventsstack-name my-stackRefer to the exhibit.```"StackEvents": ["StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/my-stack/abc123","EventId": "Event-1","StackName": "my-stack","LogicalResourceId": "my-stack","PhysicalResourceId": "arn:aws:cloudformation:us-east-1:123456789012:stack/my-stack/abc123","ResourceType": "AWS::CloudFormation::Stack","Timestamp": "2023-01-01T00:00:00Z","ResourceStatus": "CREATE_FAILED","ResourceStatusReason": "Resource creation cancelled"
Question 254mediummultiple choice
Read the full SDLC Automation explanation →

A DevOps team is using AWS CodePipeline to automate build, test, and deploy phases. The team notices that the pipeline is failing intermittently during the deploy stage due to a timeout when updating an Auto Scaling group. The deploy stage uses CodeDeploy with a blue/green deployment configuration. What is the MOST likely cause and solution?

Question 255hardmultiple choice
Read the full SDLC Automation explanation →

An organization uses AWS CodeBuild to compile a Java application. The buildspec.yml includes a pre_build phase that runs unit tests. Recently, the build started failing with 'NoClassDefFoundError' for certain test dependencies, even though the pom.xml includes them. The build environment uses an Amazon Linux 2 Docker image. What is the MOST likely cause?

Question 256easymultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CloudFormation to manage infrastructure. The DevOps team wants to deploy a stack across multiple accounts using AWS CodePipeline. Which approach is BEST for automating cross-account deployments?

Question 257easymultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeCommit for source control. Developers report that their local branches are out of sync with the remote repository, and they are unable to push changes because of 'non-fast-forward' errors. What should the developers do to fix this?

Question 258mediummultiple choice
Read the full SDLC Automation explanation →

A DevOps team is implementing a CI/CD pipeline using AWS CodePipeline. The pipeline has a Source stage using CodeCommit, a Build stage using CodeBuild, and a Deploy stage using CloudFormation. The team wants to add manual approval before the Deploy stage for production deployments. How should this be configured?

Question 259hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS Elastic Beanstalk to deploy a web application. The deployment fails with a '502 Bad Gateway' error. The developer checks the logs and sees that the application is running but returns errors. The environment uses a load balancer. What is the MOST likely cause?

Question 260easymultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer needs to automate the creation of a new AWS CodeCommit repository when a new project starts. The engineer wants to use infrastructure as code. Which service should be used?

Question 261mediummultiple choice
Read the full SDLC Automation explanation →

An organization uses AWS CodeDeploy for automated deployments to EC2 instances. The deployment is failing with the error 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems.' The deployment group has a minimum healthy hosts setting of 75%. The application has 4 instances. What is the MOST likely issue?

Question 262hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with a cross-account action where the source account (Account A) triggers a deploy action in a target account (Account B). The pipeline is failing with an 'Access Denied' error when trying to assume the deployment role. What is the MOST likely cause?

Question 263mediummulti select
Read the full SDLC Automation explanation →

Which THREE actions should a DevOps team take to ensure a CI/CD pipeline using AWS CodePipeline is secure? (Choose three.)

Question 264mediummulti select
Read the full SDLC Automation explanation →

Which TWO options are valid ways to trigger an AWS CodePipeline execution automatically? (Choose two.)

Question 265hardmulti select
Read the full SDLC Automation explanation →

Which THREE factors should be considered when designing a deployment strategy using AWS CodeDeploy to minimize downtime during updates? (Choose three.)

Question 266easymultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. The above IAM policy is attached to an IAM role used by a CI/CD pipeline. Which action is this policy allowing?

Exhibit

Refer to the exhibit.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "codebuild:StartBuild",
        "codebuild:BatchGetBuilds"
      ],
      "Resource": "arn:aws:codebuild:us-east-1:123456789012:project/MyProject"
    }
  ]
}
Question 267mediummultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A DevOps engineer ran the above AWS CLI command after a CloudFormation stack update. What does the status 'ROLLBACK_COMPLETE' indicate?

Network Topology
$ aws cloudformation describe-stacksstack-name myapp-stackquery "Stacks[0].StackStatus"Refer to the exhibit."StackStatus": "ROLLBACK_COMPLETE"
Question 268hardmultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. The above buildspec.yml is used in AWS CodeBuild. The build is failing during the 'build' phase with a 'FileNotFoundError: setup.py' error. What is the MOST likely cause?

Exhibit

Refer to the exhibit.
version: 0.2
phases:
  install:
    runtime-versions:
      python: 3.8
  pre_build:
    commands:
      - pip install flake8
      - flake8 src/
  build:
    commands:
      - python setup.py build
  post_build:
    commands:
      - python -m unittest discover
artifacts:
  files:
    - '**/*'
  discard-paths: yes
Question 269easymultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodeCommit as a Git repository. They want to automatically trigger a build in AWS CodeBuild whenever a pull request is created or updated. Which AWS service should be used to detect the pull request events and start the build?

Question 270mediummultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is designing a CI/CD pipeline for a microservices application using AWS CodePipeline. Each microservice has its own CodeCommit repository. The engineer wants to run unit tests in parallel for all services when any repository receives a push, then run integration tests only after all unit tests pass. Which pipeline structure should the engineer use?

Question 271hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeDeploy to deploy a web application to an Auto Scaling group. The deployment fails during the 'ValidateService' lifecycle event. The CloudWatch Agent reports that the target process is running but the health check endpoint returns HTTP 503. The CodeDeploy agent logs show no errors. What is the most likely cause of the failure?

Question 272easymultiple choice
Read the full SDLC Automation explanation →

A DevOps team uses AWS CodePipeline to deploy a static website to Amazon S3. The pipeline has a source stage from CodeCommit, a build stage using CodeBuild that generates the website files, and a deploy stage that copies files to an S3 bucket. The team wants to add a manual approval step before the deploy stage. What should the engineer do?

Question 273mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CloudFormation to manage infrastructure. The DevOps engineer wants to ensure that stack updates are rolled back if a new Amazon RDS instance fails to be created. Which CloudFormation feature should the engineer use?

Question 274hardmultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is troubleshooting a slow AWS CodeBuild project. The build is a Java application that compiles source code and runs tests. The build environment uses a general1.large compute type. The build duration has increased from 5 minutes to 15 minutes over the past month. The engineer notices that the build logs show 'Downloading...' messages for Maven dependencies for several minutes. What is the most cost-effective way to reduce the build time?

Question 275easymultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeDeploy with a blue/green deployment configuration. The engineer wants to automatically roll back the deployment if the new instances fail the health check for 5 minutes. Which setting should the engineer configure?

Question 276mediummultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodeCommit and wants to enforce that all commits include a JIRA issue key in the commit message. They want to reject any push that does not contain a valid JIRA key. Which approach should the engineer use?

Question 277hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with an Amazon S3 source action. The pipeline deploys to an Amazon ECS Fargate service. The engineer notices that the pipeline does not automatically start when a new object is uploaded to the S3 bucket. The S3 bucket versioning is enabled. What is the most likely cause?

Question 278easymulti select
Read the full SDLC Automation explanation →

A DevOps engineer is designing a CI/CD pipeline for a containerized application using AWS CodeBuild and Amazon ECS. Which TWO actions will help reduce the frequency of Docker image pulls from the public Docker Hub registry?

Question 279mediummulti select
Read the full SDLC Automation explanation →

A company uses AWS CloudFormation to deploy a multi-tier application. The engineer wants to ensure that the stack is not accidentally deleted and that critical resources like databases are retained even if the stack is deleted. Which THREE steps should the engineer take?

Question 280hardmulti select
Read the full SDLC Automation explanation →

A DevOps team uses AWS CodePipeline with an Amazon S3 source action. The pipeline deploys a static website to an S3 bucket. The engineer wants to ensure that only approved changes are deployed to production. The team uses Git feature branches and wants to deploy only when a pull request is merged to the main branch. Which THREE actions should the engineer take?

Question 281easymultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A DevOps engineer is troubleshooting a cross-account deployment where an AWS CodeBuild project in Account A needs to upload build artifacts to an S3 bucket in Account B. The engineer attaches this IAM policy to the CodeBuild service role in Account A. However, the upload fails. What is the most likely reason?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::my-bucket/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-acl": "bucket-owner-full-control"
        }
      }
    }
  ]
}
Question 282mediummultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A DevOps engineer runs the above commands. The build project 'my-project' uses an S3 bucket as source and another S3 bucket for artifacts. The build fails with an 'Access Denied' error when trying to download the source code. What is the most likely cause?

Network Topology
$ aws codebuild batch-get-projectsnames my-projectRefer to the exhibit.$ aws codebuild list-projects"projects": ["my-project""name": "my-project","source": {"type": "S3","location": "my-bucket/my-key.zip"},"artifacts": {"location": "my-artifact-bucket/""environment": {"computeType": "BUILD_GENERAL1_SMALL","image": "aws/codebuild/standard:5.0","type": "LINUX_CONTAINER""serviceRole": "arn:aws:iam::123456789012:role/service-role/codebuild-service-role","encryptionKey": "arn:aws:kms:us-east-1:123456789012:alias/aws/s3"
Question 283hardmultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A DevOps engineer deploys this CloudFormation template. The EC2 instance launches, but the httpd service does not start. The engineer connects to the instance and finds that the user data script did not run. What is the most likely cause?

Exhibit

Refer to the exhibit.

Resources:
  MyEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-0abcdef1234567890
      InstanceType: t2.micro
      UserData:
        Fn::Base64: !Sub |
          #!/bin/bash
          yum install -y httpd
          systemctl start httpd
          systemctl enable httpd
      Tags:
        - Key: Name
          Value: MyInstance
Question 284hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with an Amazon S3 source, AWS CodeBuild, and AWS CodeDeploy. The deployment stage fails intermittently with the error 'Deployment failed because the deployment group does not exist'. The pipeline has been working for months. What is the MOST likely cause?

Question 285mediummultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodeCommit as a source repository for their AWS CodePipeline. They want to automatically trigger a pipeline execution when a new branch is created. Which solution should they implement?

Question 286easymultiple choice
Read the full SDLC Automation explanation →

An organization uses AWS CodeBuild to compile and test their code. They want to reuse build artifacts across multiple build projects to reduce build time. What is the BEST approach?

Question 287mediummultiple choice
Read the full SDLC Automation explanation →

A team uses AWS CodeDeploy to deploy a web application to an Auto Scaling group. The deployment fails with the error 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available, or some instances in your deployment group are experiencing problems.' The team checks the logs and finds that the application installation script fails on some instances due to missing dependencies. What is the BEST long-term solution?

Question 288hardmultiple choice
Read the full SDLC Automation explanation →

A company has a monorepo in AWS CodeCommit with multiple microservices. They want to use AWS CodePipeline to build and deploy only the microservice that changed. What is the MOST efficient approach?

Question 289easymultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer needs to automate the creation of a CI/CD pipeline using infrastructure as code. Which AWS service is BEST suited to define and provision the pipeline resources?

Question 290mediummultiple choice
Read the full SDLC Automation explanation →

A team uses AWS CodeBuild to run unit tests. They notice that builds are taking longer than expected. The build environment includes many dependencies that are downloaded every time. Which change would MOST reduce build time?

Question 291hardmultiple choice
Read the full SDLC Automation explanation →

An organization uses AWS CodePipeline with multiple stages: Source, Build, Test, and Deploy. The Test stage runs integration tests that take 30 minutes. The team wants to speed up feedback without skipping tests. Which action should they take?

Question 292mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeDeploy with a blue/green deployment configuration. After a deployment, the new instances are not registered with the load balancer, causing downtime. What is the MOST likely cause?

Question 293hardmulti select
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline to deploy a critical application. The pipeline has a manual approval step before deployment. Which TWO actions should be taken to improve security and auditability? (Choose two.)

Question 294easymulti select
Read the full SDLC Automation explanation →

Which THREE AWS services can be used as a source action in AWS CodePipeline? (Choose three.)

Question 295mediummulti select
Read the full SDLC Automation explanation →

A DevOps team is designing a CI/CD pipeline for a containerized application. Which THREE components are essential for a complete pipeline? (Choose three.)

Question 296mediummultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A DevOps engineer attaches this IAM policy to a user. The user reports that they cannot start a pipeline execution for 'my-pipeline' using the AWS CLI. What is the MOST likely reason?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "codebuild:StartBuild",
        "codebuild:BatchGetBuilds"
      ],
      "Resource": "arn:aws:codebuild:us-east-1:123456789012:project/my-project"
    },
    {
      "Effect": "Allow",
      "Action": [
        "codepipeline:StartPipelineExecution",
        "codepipeline:GetPipelineState"
      ],
      "Resource": "arn:aws:codepipeline:us-east-1:123456789012:my-pipeline"
    }
  ]
}
Question 297hardmultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A developer runs the AWS CLI command to start a build in AWS CodeBuild. The build project 'my-project' uses an S3 bucket as the source. What is the MOST likely cause of the error?

Network Topology
$ aws codebuild start-buildproject-name my-projectRefer to the exhibit.
Question 298mediummultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A team uses this buildspec.yml file in AWS CodeBuild. After the build, they expect the artifacts to be placed in a folder structure, but all files are in the root of the output artifact. What is the reason?

Exhibit

Refer to the exhibit.

version: 0.2
phases:
  install:
    runtime-versions:
      nodejs: 12
    commands:
      - npm install
  build:
    commands:
      - npm run build
artifacts:
  files:
    - '**/*'
  discard-paths: yes
Question 299mediummultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodeCommit for source control and AWS CodePipeline for CI/CD. The pipeline has a Source stage that polls the repository for changes. Recently, developers have noticed that the pipeline does not always trigger when code is pushed to the main branch. What is the most likely cause?

Question 300hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeBuild to compile and test code. The buildspec.yaml includes a pre_build phase that runs 'aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789012.dkr.ecr.us-east-1.amazonaws.com'. The build fails with 'Error: Cannot connect to the Docker daemon'. What is the most likely cause?

Question 301easymultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is setting up a CI/CD pipeline for a microservices application using AWS CodePipeline. The pipeline includes a Test stage that runs integration tests against a staging environment. The engineer wants to ensure that manual approval is required before deploying to production. Which action should be taken?

Question 302mediummultiple choice
Read the full SDLC Automation explanation →

A team uses AWS CloudFormation to manage infrastructure. They have a stack that creates an Amazon RDS instance. During an update, the stack fails with 'CREATE_FAILED' for the DB instance resource, and the error message indicates 'The DB instance already exists.' What is the most likely cause?

Question 303hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeDeploy to deploy an application to an Auto Scaling group. The deployment fails with the error 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems.' The deployment is set to 'AllAtOnce'. The application revision is a simple index.html. What is the most likely cause?

Question 304easymultiple choice
Read the full SDLC Automation explanation →

A developer wants to automate the testing of a serverless application built with AWS Lambda and Amazon API Gateway. Which AWS service is best suited for running integration tests as part of a CI/CD pipeline?

Question 305mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS Elastic Beanstalk for deploying a web application. The development team wants to implement a blue/green deployment strategy to minimize downtime. Which approach should they use?

Question 306hardmultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is troubleshooting a CodePipeline that has a Build stage using AWS CodeBuild. The build logs show 'Error: No such file or directory' for a file that is present in the source repository. What is the most likely cause?

Question 307easymultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CloudFormation to manage a stack that includes an Amazon SQS queue. The queue name must be unique. The developer wants to define the queue name in the CloudFormation template. Which intrinsic function should be used to generate a unique name?

Question 308mediummulti select
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with multiple stages. The pipeline includes a Beta stage that deploys to a test environment and a Prod stage. The team wants to require manual approval before the Prod stage. Which TWO actions should be taken to implement this? (Choose TWO.)

Question 309hardmulti select
Read the full SDLC Automation explanation →

A DevOps team uses AWS CloudFormation with nested stacks. They are experiencing stack update failures because changes to a nested stack cause resource conflicts. Which THREE best practices should they follow to manage nested stack updates? (Choose THREE.)

Question 310easymulti select
Read the full SDLC Automation explanation →

A company uses AWS CodeBuild to run unit tests. The buildspec.yaml file includes commands to install dependencies and run tests. Which TWO environment variables are automatically set by CodeBuild and can be used in the build commands? (Choose TWO.)

Question 311mediummultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A developer has the IAM policy shown. The developer can push code to the CodeCommit repository and start the pipeline. However, the pipeline fails at the Source stage with an access denied error. What additional permission is needed?

Exhibit

Refer to the exhibit.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "codepipeline:StartPipelineExecution",
                "codepipeline:GetPipeline"
            ],
            "Resource": "arn:aws:codepipeline:us-east-1:123456789012:MyPipeline"
        },
        {
            "Effect": "Allow",
            "Action": [
                "codecommit:GitPush"
            ],
            "Resource": "arn:aws:codecommit:us-east-1:123456789012:MyRepo"
        }
    ]
}
Question 312hardmultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A DevOps engineer runs the CLI command to view stack events. The output shows that a Lambda function update was cancelled by the stack update. What is the most likely cause?

Network Topology
aws cloudformation describe-stack-eventsstack-name MyStackRefer to the exhibit."StackEvents": ["StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/MyStack/abc123","EventId": "Event1","StackName": "MyStack","LogicalResourceId": "MyLambdaFunction","PhysicalResourceId": "MyLambdaFunction-ABC123","ResourceType": "AWS::Lambda::Function","Timestamp": "2023-01-01T00:00:00.000Z","ResourceStatus": "UPDATE_FAILED",},"EventId": "Event2","LogicalResourceId": "MyStack","PhysicalResourceId": "arn:aws:cloudformation:us-east-1:123456789012:stack/MyStack/abc123","ResourceType": "AWS::CloudFormation::Stack","ResourceStatus": "UPDATE_ROLLBACK_IN_PROGRESS"
Question 313easymultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A developer has a buildspec.yaml for a React application. The build completes successfully, but the artifacts output is empty. What is the most likely cause?

Exhibit

Refer to the exhibit.

buildspec.yaml:
version: 0.2
phases:
  install:
    runtime-versions:
      nodejs: 14
    commands:
      - npm install
  build:
    commands:
      - npm run build
artifacts:
  files:
    - '**/*'
  base-directory: build
  discard-paths: no
Question 314mediummultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodeCommit and AWS CodePipeline for CI/CD. They notice that a pipeline execution failed due to a code review rejection in the 'Approve' stage. The pipeline is configured with a manual approval action. What is the most likely cause of the failure?

Question 315hardmultiple choice
Review the full subnetting walkthrough →

A company uses AWS CodeBuild to run integration tests as part of a pipeline. The tests require access to an Amazon RDS database. The RDS instance is in a private subnet with no public access. The CodeBuild project is configured with a VPC. Which additional configuration is necessary to ensure the build can connect to the database?

Question 316easymultiple choice
Read the full SDLC Automation explanation →

A team wants to automate the deployment of a serverless application using AWS SAM. They have a template.yaml file defining Lambda functions, an API Gateway, and a DynamoDB table. Which command should they use to build and deploy the application?

Question 317mediummultiple choice
Read the full SDLC Automation explanation →

An organization uses AWS CodePipeline with a multi-branch strategy. They want to run unit tests on every push to any branch, but only deploy to production on pushes to the 'main' branch. What is the most efficient way to achieve this?

Question 318hardmultiple choice
Read the full SDLC Automation explanation →

A company is using AWS CodeDeploy with a blue/green deployment strategy for an Amazon ECS service. After a deployment, the new task set fails health checks, and CodeDeploy automatically rolls back to the original task set. However, the rollback fails because the original task set's desired count is set to 0. What is the most likely cause?

Question 319mediummultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer needs to automate the creation of an AWS CodeStar project for a new microservice. The engineer wants to use AWS CloudFormation to define the project and its resources. Which CloudFormation resource should be used?

Question 320easymultiple choice
Read the full SDLC Automation explanation →

A team is using AWS CodeCommit as their version control system. They want to ensure that all commits are signed with a GPG key. What is the simplest way to enforce this?

Question 321hardmultiple choice
Read the full SDLC Automation explanation →

An organization uses AWS CodePipeline to deploy a web application to Amazon EC2 instances behind an Application Load Balancer. The deployment uses a CodeDeploy action with an in-place deployment configuration. After a recent deployment, some instances are running the old version while others are running the new version. What is the most likely cause?

Question 322mediummultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodeBuild to compile a Java application. The build takes 15 minutes on average, but recently it started taking over 30 minutes. The buildspec.yml file is unchanged. What is the most likely cause?

Question 323mediummulti select
Read the full SDLC Automation explanation →

Which TWO actions can be used to improve the security of a CI/CD pipeline that uses AWS CodePipeline? (Choose two.)

Question 324hardmulti select
Read the full SDLC Automation explanation →

Which THREE considerations are important when designing a CI/CD pipeline for a microservices architecture using AWS CodePipeline? (Choose three.)

Question 325easymulti select
Read the full SDLC Automation explanation →

Which TWO AWS services can be used as source actions in AWS CodePipeline to automatically trigger a pipeline when changes are made? (Choose two.)

Question 326mediummultiple choice
Read the full SDLC Automation explanation →

A development team is using AWS CodeCommit to store source code and AWS CodePipeline to automate builds and deployments. The team wants to ensure that builds and tests are triggered only when code is pushed to specific branches, and that manual approval is required before deploying to production. Which CodePipeline configuration should the team implement?

Question 327hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeBuild to compile a Java application. The buildspec.yml includes a pre_build phase that runs unit tests and a build phase that packages the application. Recently, builds have been failing intermittently with 'OutOfMemoryError' during the test phase. The build environment is set to 'BUILD_GENERAL1_SMALL'. What is the MOST cost-effective solution?

Question 328easymultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is setting up a CI/CD pipeline for a microservices architecture. The team uses AWS CodeCommit, CodeBuild, and CodeDeploy. The engineer needs to ensure that the pipeline can automatically roll back the deployment if the health checks fail after deployment. Which action should the engineer take?

Question 329mediummultiple choice
Read the full NAT/PAT explanation →

A company uses AWS CloudFormation to manage infrastructure. The DevOps engineer wants to implement a CI/CD pipeline that builds and tests a CloudFormation template and then deploys it across multiple AWS accounts. Which combination of services should the engineer use?

Question 330hardmultiple choice
Read the full SDLC Automation explanation →

An organization uses AWS CodeDeploy to deploy a web application to an Auto Scaling group. The deployment fails with the error 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems.' The engineer reviews the deployment logs and finds that the AppSpec file is correctly formatted and the scripts run successfully on some instances. What is the MOST likely cause?

Question 331easymultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer is designing a CI/CD pipeline for a serverless application using AWS Lambda and Amazon API Gateway. The team wants to automate deployment across multiple environments (dev, test, prod) with environment-specific configuration. Which approach should the engineer use?

Question 332mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline to orchestrate builds and deployments. The build stage uses CodeBuild to run unit tests and generate a report. The team wants to fail the pipeline if the test coverage drops below 80%. How should the engineer configure this?

Question 333hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeCommit for source control and wants to enforce that all commits to the main branch are signed. The DevOps team has configured Git commit signing using GPG keys. However, some developers are able to push unsigned commits to main. What should the engineer do to enforce signed commits?

Question 334easymultiple choice
Read the full SDLC Automation explanation →

A team uses AWS CodeBuild to build Docker images and push them to Amazon ECR. The buildspec.yml includes a post_build step that runs a security scan. The team wants to ensure that only images that pass the security scan are tagged as 'latest'. Which approach should be used?

Question 335mediummulti select
Read the full SDLC Automation explanation →

A company is implementing a CI/CD pipeline for a containerized application using AWS CodePipeline, CodeBuild, and Amazon ECS. The pipeline should automatically deploy to a staging environment and then, after manual approval, to production. The production environment uses an ECS service with rolling update deployment. Which TWO actions are necessary to achieve this?

Question 336hardmulti select
Read the full SDLC Automation explanation →

A DevOps engineer is building a CI/CD pipeline for a PHP application that uses Amazon RDS for MySQL. The pipeline must run database migrations as part of the deployment. The team wants to ensure that if a migration fails, the deployment is rolled back and the database is restored to its previous state. Which THREE steps should the engineer implement?

Question 337easymulti select
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline to deploy a static website to Amazon S3 and CloudFront. The pipeline currently uses CodeBuild to run tests and then deploys to an S3 bucket. The team wants to add a stage that invalidates the CloudFront cache after deployment. Which TWO actions achieve this?

Question 338mediummultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. An IAM policy is attached to a CodePipeline service role. When the pipeline tries to start a CodeBuild project, it fails with an 'AccessDenied' error. The CodeBuild project uses a different service role (arn:aws:iam::123456789012:role/CodeBuildServiceRole2). What is the MOST likely cause?

Exhibit

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-codepipeline-bucket/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "codebuild:StartBuild",
        "codebuild:BatchGetBuilds"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "iam:PassRole",
      "Resource": "arn:aws:iam::123456789012:role/CodeBuildServiceRole",
      "Condition": {
        "StringEquals": {
          "iam:PassedToService": "codebuild.amazonaws.com"
        }
      }
    }
  ]
}
Question 339hardmultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A CodeBuild project uses this buildspec.yml to build and push a Docker image to Amazon ECR. The build fails at the pre_build phase with the error 'Error: Cannot perform an interactive login from a non TTY device'. What is the MOST likely issue?

Network Topology
- aws ecr get-login-passwordregion $AWS_DEFAULT_REGIONusername AWSpassword-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.combuildspec.yml:version: 0.2phases:pre_build:commands:build:- docker tag myapp:latest $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/myapp:latestpost_build:- docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/myapp:latest
Question 340mediummultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A CloudTrail log shows a failed GitPush event to a CodeCommit repository by the IAM user 'jenkins'. The DevOps engineer has attached the following IAM policy to the user:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "codecommit:*",
      "Resource": "*"
    }
  ]
}

What is the MOST likely reason for the failure?

Exhibit

{
  "eventVersion": "1.05",
  "userIdentity": {
    "type": "IAMUser",
    "arn": "arn:aws:iam::123456789012:user/jenkins"
  },
  "eventTime": "2023-01-15T10:00:00Z",
  "eventSource": "codecommit.amazonaws.com",
  "eventName": "GitPush",
  "awsRegion": "us-east-1",
  "sourceIPAddress": "203.0.113.5",
  "userAgent": "git/2.30.0",
  "requestParameters": {
    "repositoryName": "my-repo",
    "branchName": "main"
  },
  "responseElements": null,
  "errorCode": "AccessDeniedException",
  "errorMessage": "User: arn:aws:iam::123456789012:user/jenkins is not authorized to perform: codecommit:GitPush on resource: arn:aws:codecommit:us-east-1:123456789012:my-repo"
}
Question 341easymultiple choice
Read the full SDLC Automation explanation →

A development team is using AWS CodeCommit as the source for a CI/CD pipeline. They want to automatically run unit tests when a pull request is created, but only for changes to the 'src' directory. Which approach should they use?

Question 342mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeBuild to compile Java applications. The builds often fail due to insufficient memory. The buildspec currently specifies 'compute-type: BUILD_GENERAL1_SMALL'. What is the most cost-effective solution to resolve the memory issues without changing the build logic?

Question 343hardmultiple choice
Read the full NAT/PAT explanation →

A DevOps engineer is designing a deployment pipeline for a microservices application on Amazon ECS. The team wants to use blue/green deployments with automatic rollback if CloudWatch alarms are triggered during the deployment. Which combination of services and configurations should the engineer use?

Question 344easymultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline to deploy a static website to Amazon S3. The pipeline has a Source stage from CodeCommit and a Deploy stage that syncs the contents to an S3 bucket. The deployment fails intermittently with a 'BucketNotEmpty' error. What is the most likely cause?

Question 345mediummultiple choice
Read the full SDLC Automation explanation →

A team uses AWS CloudFormation to manage infrastructure. They want to automatically update the stack when a new version of a Docker image is pushed to Amazon ECR. Which approach should they use?

Question 346hardmultiple choice
Read the full SDLC Automation explanation →

A company has a CI/CD pipeline using AWS CodePipeline and AWS CodeBuild. The build stage runs unit tests and produces a JUnit report. The pipeline includes a test action that publishes results to an S3 bucket. Recently, the pipeline started failing with the error: 'The action could not be started because the artifact bucket policy is misconfigured.' What is the most likely cause?

Question 347easymultiple choice
Read the full SDLC Automation explanation →

A DevOps team is implementing infrastructure as code using AWS CloudFormation. They want to ensure that stack updates are reviewed and approved before execution. Which feature should they use?

Question 348mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with a manual approval stage before deploying to production. The approval notification is sent via Amazon SNS. The approvers report that they are not receiving the email notifications. What should the DevOps engineer check first?

Question 349hardmultiple choice
Review the full subnetting walkthrough →

A team uses AWS CodeBuild to run integration tests that require access to an Amazon RDS database. The database is in a private subnet. The CodeBuild project is configured to use a VPC. However, the builds are failing with a timeout connecting to the database. What could be the issue?

Question 350mediummulti select
Read the full SDLC Automation explanation →

A company is implementing a CI/CD pipeline for a microservices architecture on Amazon ECS. The pipeline must deploy to multiple environments (dev, test, prod) in sequence with manual approval gates between environments. Which two AWS services should be used together to meet these requirements? (Choose TWO.)

Question 351hardmulti select
Read the full SDLC Automation explanation →

A DevOps team is using AWS CloudFormation to deploy a three-tier web application. The stack includes an Application Load Balancer, an Auto Scaling group, and an RDS database. They want to update the stack to change the instance type of the Auto Scaling group without downtime. Which three steps should they take? (Choose THREE.)

Question 352easymulti select
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline to automate their software release process. They want to add a stage that runs security scanning on the code before deployment. Which two AWS services can be integrated into the pipeline for this purpose? (Choose TWO.)

Question 353mediummultiple choice
Read the full SDLC Automation explanation →

Your company has a CI/CD pipeline for a Java web application using AWS CodePipeline, CodeBuild, and CodeDeploy. The pipeline has three stages: Source (CodeCommit), Build (CodeBuild), and Deploy (CodeDeploy to EC2 instances in an Auto Scaling group). Recently, after a change to the buildspec, the Build stage succeeds but the Deploy stage fails with the error 'The deployment failed because the deployment group exceeded the minimum healthy host count.' The CodeDeploy deployment configuration uses a 'OneAtATime' deployment with a minimum healthy host count of 1. The Auto Scaling group has a minimum size of 2 and a maximum size of 4. The application runs on Amazon Linux 2 instances. The CodeDeploy agent is installed and running on all instances. What is the most likely cause of the failure?

Question 354hardmultiple choice
Read the full SDLC Automation explanation →

You are a DevOps engineer for a company that runs a containerized microservices application on Amazon ECS with Fargate. The CI/CD pipeline uses AWS CodePipeline, with CodeBuild for building Docker images and pushing them to Amazon ECR, and CodeDeploy for deploying to ECS. The pipeline has a manual approval step before production deployment. Recently, the production deployment failed after approval, with the error: 'The service my-service could not be deployed because the task definition arn:aws:ecs:us-east-1:123456789012:task-definition/my-task:5 references an image that does not exist in the repository.' The image was built and pushed successfully in the Build stage. The task definition is updated by CodeDeploy to reference the new image URI. The ECS service is configured with 'deploymentController: CODE_DEPLOY' and uses a blue/green deployment. The CodeDeploy deployment group uses a 'Lambda' compute platform (incorrectly set). The pipeline uses the default CodeDeploy provider for ECS. What is the most likely cause of the failure?

Question 355mediummultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodePipeline with multiple stages including source, build, and deploy. The pipeline uses an Amazon S3 source action that triggers on changes to a specific bucket. Recently, the pipeline stopped triggering automatically. The IAM role for CodePipeline has the necessary permissions. What is the most likely cause?

Question 356hardmultiple choice
Read the full SDLC Automation explanation →

A company is implementing a blue/green deployment strategy for a microservice hosted on AWS Elastic Beanstalk. They want to minimize downtime and be able to quickly roll back in case of issues. The deployment must support traffic shifting gradually. Which configuration should they use?

Question 357easymultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer needs to automate the creation of an Amazon ECS cluster using AWS CloudFormation. The cluster will run a web application that requires a load balancer. Which resource should be used to define the ECS cluster?

Question 358hardmultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeBuild to run unit tests as part of their CI/CD pipeline. The tests are memory-intensive and occasionally fail due to insufficient memory. The buildspec.yml file uses the default compute type. What is the most cost-effective solution to resolve the memory issue?

Question 359mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodeDeploy to deploy a web application to an Auto Scaling group of Amazon EC2 instances. The deployment fails with the error 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems.' The application is deployed to the instances using an in-place deployment. The instances are running Amazon Linux 2. What should the DevOps engineer check first?

Question 360easymultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer wants to automate the creation and cleanup of temporary development environments on AWS. Each environment consists of an Amazon EC2 instance and an Amazon RDS database. The environments should be isolated and cost-effective. Which AWS service is best suited for this?

Question 361mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline with a GitHub source action. The pipeline is configured to trigger on changes to the main branch. After a recent commit, the pipeline did not trigger. The DevOps engineer verified that the webhook is configured correctly and the IAM role has the necessary permissions. What is the most likely cause?

Question 362hardmultiple choice
Read the full SDLC Automation explanation →

A company is using AWS CodeBuild to compile a Java application. The build takes over 30 minutes, which is too long. The project uses the standard build environment. The source code is stored in an S3 bucket. What is the most effective way to reduce build time?

Question 363easymultiple choice
Read the full SDLC Automation explanation →

A DevOps engineer needs to deploy a serverless application using AWS CodeDeploy with a Lambda deployment group. The application uses AWS Lambda functions. The engineer wants to shift 10% of traffic to the new version initially, then gradually increase to 100%. Which deployment configuration should be used?

Question 364mediummulti select
Read the full SDLC Automation explanation →

A company has a CI/CD pipeline that builds a Docker image and pushes it to Amazon ECR. The build step uses AWS CodeBuild. The engineer wants to ensure that the ECR repository has a lifecycle policy to expire untagged images after 14 days. Which TWO actions are required? (Choose 2.)

Question 365hardmulti select
Read the full SDLC Automation explanation →

A company is migrating to a microservices architecture on Amazon ECS with AWS Fargate. They want to automate the deployment process using AWS CodePipeline. The pipeline should build a Docker image, push it to Amazon ECR, and deploy the updated service to ECS. Which THREE components are required in the pipeline? (Choose 3.)

Question 366mediummulti select
Study the full Python automation breakdown →

A DevOps engineer is designing a CI/CD pipeline for a Python application using AWS CodeBuild and AWS CodeDeploy. The application is deployed to an Auto Scaling group of EC2 instances. The engineer wants to ensure that the deployment does not impact availability. Which TWO strategies can be used? (Choose 2.)

Question 367hardmultiple choice
Read the full NAT/PAT explanation →

You are a DevOps engineer at a company that runs a critical web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application is deployed using AWS CodeDeploy with an in-place deployment strategy. The deployment group contains 10 EC2 instances in an Auto Scaling group. Recently, a deployment failed with the error 'The overall deployment failed because too many individual instances failed deployment.' You check the CodeDeploy agent logs on one of the failed instances and see the error 'Script at /opt/codedeploy-agent/deployment-root/deployment-logs/scripts/application_start.sh failed with exit code 1.' The application_start.sh script is part of the AppSpec file. The script attempts to restart the web server. You notice that the script uses a path that exists only on some instances. What should you do to resolve this issue and prevent future failures?

Question 368mediummultiple choice
Read the full SDLC Automation explanation →

Your organization uses AWS CodePipeline to orchestrate a multi-stage pipeline for a Java application. The pipeline has a source stage (Amazon S3), a build stage (CodeBuild), and a deploy stage (CodeDeploy to EC2). Recently, the build stage started failing with the error 'BUILD_CONTAINER_UNABLE_TO_PULL_IMAGE'. The build project uses a managed image for Java. You checked the CodeBuild project settings and confirmed that the image is correct. No changes were made to the build project. What is the most likely cause?

Question 369easymultiple choice
Read the full SDLC Automation explanation →

A startup is using AWS CloudFormation to manage their infrastructure. They have a stack that creates an Amazon S3 bucket and an Amazon DynamoDB table. The stack was created successfully, but when they try to update the stack to add a new S3 bucket, the update fails with the error 'CREATE_FAILED - S3 bucket already exists'. The new bucket name is unique and does not exist. The template uses the same AWS::S3::Bucket resource type. What is the most likely cause?

Question 370easymultiple choice
Read the full SDLC Automation explanation →

A development team uses AWS CodeCommit to store source code and AWS CodePipeline to automate builds and deployments. The team wants to ensure that every commit to the main branch triggers a build and deployment to a test environment. Which action should be taken?

Question 371mediummultiple choice
Read the full SDLC Automation explanation →

An organization uses AWS CodeDeploy to deploy applications to Amazon EC2 instances. The deployment is failing consistently with the error 'ScriptMissing' for the AppSpec lifecycle hook 'ApplicationStop'. The scripts are located in the /opt/scripts directory on the instances. What is the most likely cause of this error?

Question 372hardmultiple choice
Read the full SDLC Automation explanation →

A company has a monolith application that takes over an hour to build. The DevOps team wants to implement continuous integration using AWS CodeBuild. The build environment requires a large amount of dependencies that are rarely updated. Which strategy will MINIMIZE build time and cost?

Question 373mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CloudFormation to manage infrastructure. They have a stack that creates an Amazon RDS instance. The stack creation fails with the error: 'The following resource(s) failed to create: [DBInstance]'. The CloudFormation template includes a parameter for the DB instance class. Which troubleshooting step should be taken FIRST?

Question 374easymulti select
Read the full SDLC Automation explanation →

A company is designing a CI/CD pipeline using AWS CodePipeline. They want to automatically run unit tests when a pull request is created in AWS CodeCommit. Which TWO actions should be taken to implement this?

Question 375mediummulti select
Read the full SDLC Automation explanation →

A DevOps engineer is managing infrastructure as code using AWS CloudFormation. The engineer wants to automatically update a stack when changes are pushed to a Git repository. Which THREE services can be used together to achieve this?

Question 376hardmulti select
Review the full routing breakdown →

An organization uses AWS CodeDeploy to deploy a web application to an Auto Scaling group. The deployment strategy is 'Blue/Green'. After a successful deployment, traffic is routed to the new instances. However, the application experiences errors because the new instances cannot connect to the database. Which TWO configuration changes could resolve this issue?

Question 377mediummultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. An IAM policy is attached to a user who needs to start a CodePipeline pipeline and view its details. The user reports that they cannot see the pipeline in the AWS Management Console. What is the MOST likely reason?

Exhibit

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "codepipeline:StartPipelineExecution",
        "codepipeline:GetPipeline"
      ],
      "Resource": "arn:aws:codepipeline:us-east-1:123456789012:MyPipeline"
    }
  ]
}
Question 378hardmultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A developer is troubleshooting a failed AWS CodeBuild build. The buildspec file contains the following build commands: 'pre_build' - run linting, 'build' - './gradlew build', 'post_build' - package artifact. The error occurs in the build phase. Which of the following is the MOST likely cause?

Exhibit

Build complete
[Container] 2024/03/15 14:30:00 Phase complete: BUILD State: FAILED
[Container] 2024/03/15 14:30:00 Phase context: statusCode: COMMAND_EXECUTION_ERROR, Message: Error while executing command: ./gradlew build. Reason: exit status 1
Question 379easymultiple choice
Read the full SDLC Automation explanation →

A startup is using AWS CodeCommit to store their application code. They have set up a CI/CD pipeline with AWS CodePipeline and AWS CodeBuild. The pipeline consists of a source stage from CodeCommit, a build stage using CodeBuild, and a deploy stage using AWS CodeDeploy to deploy to an Auto Scaling group of EC2 instances. Recently, a developer committed code that introduced a critical bug, and the pipeline automatically deployed the bug to production, causing an outage. The team wants to implement a manual approval step before production deployment. They also want to ensure that the approval step is only required for deployments to the production environment, not for development or testing. Which solution should they implement?

Question 380mediummultiple choice
Review the full subnetting walkthrough →

A large enterprise is using AWS CloudFormation to manage their infrastructure. They have a master template that orchestrates nested stacks for different components: VPC, application, and database. The VPC stack creates subnets, route tables, and security groups. The application stack creates EC2 instances and an Application Load Balancer. The database stack creates an RDS instance. The master template uses parameters to pass configuration values. Recently, when updating the application stack, the update failed because the security group ID from the VPC stack changed, and the application stack references the old security group ID. The team wants to ensure that when the VPC stack is updated, dependent stacks are automatically updated to use the new outputs. Which approach should they take?

Question 381hardmultiple choice
Read the full NAT/PAT explanation →

A company uses AWS CodeBuild to compile and test their Java application. The build takes about 20 minutes. They have enabled Amazon S3 cache to store the Maven repository to speed up subsequent builds. However, they notice that the build time has not improved significantly. The buildspec file includes the 'cache' section with 'paths' pointing to '/root/.m2'. The CodeBuild project has cache type set to 'S3' and a valid bucket. The build logs show that the cache is being downloaded and uploaded, but the Maven dependencies are still being downloaded from the internet each time. What is the most likely cause?

Question 382mediummultiple choice
Read the full SDLC Automation explanation →

A team is using AWS CodePipeline to deploy a serverless application using AWS Lambda and Amazon API Gateway. The pipeline has a source stage from CodeCommit, a build stage using CodeBuild (which runs unit tests and packages the Lambda code), and a deploy stage using AWS CloudFormation to update a stack that contains the Lambda function and API Gateway. The deployment stage uses a CloudFormation template that creates the Lambda function and API Gateway. Recently, the deployment stage started failing with the error: 'The API Gateway deployment already exists'. The team has not changed the template. What is the most likely cause?

Question 383hardmultiple choice
Read the full SDLC Automation explanation →

A company uses multiple AWS accounts: one for development, one for testing, and one for production. They want to implement a CI/CD pipeline using AWS CodePipeline that deploys the same application to all three accounts. The source code is stored in a CodeCommit repository in the development account. The pipeline should first build the application, then deploy to development, then after approval, deploy to testing, and finally after another approval, deploy to production. The deployment uses AWS CodeDeploy to deploy to EC2 instances in each account. The pipeline will be created in the development account. Which configuration will allow the pipeline to deploy to the testing and production accounts?

Question 384mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS Elastic Beanstalk to deploy a web application. They have set up a CI/CD pipeline using AWS CodePipeline. The pipeline has a source stage from GitHub (using the GitHub source action) and a deploy stage that deploys to Elastic Beanstalk. The deployment is configured to use the 'Immutable' deployment policy. Recently, the deployment started failing with the error: 'The environment is in an unhealthy state. The deployment failed.' The developer checks the Elastic Beanstalk environment and sees that the new instances are not passing health checks. The application logs show that the new instances cannot connect to the existing Amazon RDS database. What is the most likely cause?

Question 385easymulti select
Read the full SDLC Automation explanation →

A DevOps team is implementing a CI/CD pipeline for a microservices application deployed on Amazon ECS. They want to automatically build, test, and deploy container images to Amazon ECR and then update the ECS service. Which TWO steps are essential to achieve this goal?

Question 386hardmulti select
Read the full SDLC Automation explanation →

A company is using AWS CodePipeline with multiple stages: Source (GitHub), Build (CodeBuild), Test (CodeBuild), and Deploy (CloudFormation). The deployment stage is failing intermittently with a 'Rate exceeded' error. The team needs to reduce deployment failures. Which TWO actions should the team take?

Question 387mediummulti select
Read the full NAT/PAT explanation →

A company uses AWS CodeCommit for source control and AWS CodeBuild for building a Java application. They want to enforce that every commit triggers a build, but only if the commit message contains a specific pattern 'BUILD:'. Which THREE steps are required?

Question 388easymulti select
Read the full SDLC Automation explanation →

A company is using AWS CodeDeploy to deploy an application to an Auto Scaling group. The deployment is failing because the new instances are not passing the health checks. The team wants to automatically roll back the deployment if health checks fail. Which THREE steps should the team take?

Question 389hardmultiple choice
Review the full routing breakdown →

A company runs a critical application on Amazon EC2 instances managed by an Auto Scaling group behind an Application Load Balancer. They use AWS CodeDeploy for blue/green deployments. The deployment process creates a new Auto Scaling group (green) and routes traffic to it after a successful deployment. Recently, the deployment succeeded but the green instances are not receiving traffic; users are still served by the old (blue) instances. The deployment logs show that the 'AllowTraffic' step succeeded. The team checked the ALB target groups; the green target group has healthy instances but the ALB listener default action still points to the blue target group. What is the most likely cause and remediation?

Question 390mediummultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CloudFormation to manage infrastructure. They have a stack that creates an Amazon RDS DB instance with automated backups enabled. The DevOps team needs to modify the DB instance to use a larger instance type. They update the CloudFormation template and execute a stack update. The update fails with the error: 'Cannot modify DB instance class because the instance is in a state that does not allow modification.' The DB instance is in the 'available' state. The team needs to successfully update the instance type without data loss. What should the team do?

Question 391easymultiple choice
Read the full SDLC Automation explanation →

A company uses AWS CodePipeline to automate builds and deployments. The pipeline has a source stage (Amazon S3) and a build stage (AWS CodeBuild). The build stage is failing with the error: 'Error: Unable to download artifact from S3: Access Denied'. The artifacts are stored in an S3 bucket that is encrypted with AWS KMS. The CodeBuild service role has permissions to read from the S3 bucket and use the KMS key. The team checks that the S3 bucket policy and the KMS key policy allow the CodeBuild role. What is the most likely cause of the failure?

Question 392mediummultiple choice
Read the full NAT/PAT explanation →

A company is using AWS OpsWorks for configuration management. They have a stack with a PHP application layer and a MySQL layer. The DevOps team needs to update the PHP version across all instances. They create a custom Chef recipe that updates the PHP package and add it to the lifecycle events. After running the 'Setup' lifecycle event on the layer, the instances are updated but the application stops working because the new PHP version is incompatible with some custom PHP extensions. The team needs to roll back the PHP version to the previous one quickly and minimize downtime. The instances are in an Auto Scaling group with a desired count of 4. What should the team do?

Question 393hardmultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. A CodePipeline deployment fails at the CloudFormation stage. The Lambda function creation is cancelled. What is the MOST likely cause?

Exhibit

CodePipeline execution details:
- Source: CodeCommit (branch: main)
- Build: CodeBuild (buildspec.yml)
- Deploy: CloudFormation (template.yml)
- Status: Failed at Deploy stage
- Error message: "The following resource(s) failed to create: [MyLambdaFunction]. WaitCondition received 1 unique messages. UniqueId count: 1. Received: 'CREATE_FAILED'"
- CloudFormation stack events: "Resource creation cancelled" for a Lambda function with a VPC configuration.
- Build logs show: "npm install succeeded, tests passed"
Question 394mediummultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. After a deployment at 10:00, the error rate increases steadily. What is the MOST likely cause?

Network Topology
|CloudWatch Logs Insights query result:fields @timestamp, @message| filter @message like /ERROR/| stats count() by bin(5m)| limit 20Result:
Question 395hardmultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. Why does the build fail?

Network Topology
- aws cloudfront create-invalidationdistribution-id E123paths '/*'deletebuildspec.yml:version: 0.2phases:install:runtime-versions:nodejs: 14commands:- npm installbuild:- npm run buildpost_build:CodeBuild logs:Build status: FAILED
Question 396mediummultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. Despite scaling up, CPU utilization remains high. What is the MOST likely cause?

Exhibit

CloudFormation template snippet:
Resources:
  MyAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      LaunchConfigurationName: !Ref MyLaunchConfig
      MinSize: '2'
      MaxSize: '10'
      DesiredCapacity: '4'
      AvailabilityZones:
        - us-east-1a
        - us-east-1b
  MyLaunchConfig:
    Type: AWS::AutoScaling::LaunchConfiguration
    Properties:
      ImageId: ami-12345678
      InstanceType: t2.micro
      UserData:
        Fn::Base64: !Sub |
          #!/bin/bash
          systemctl start myapp
  MyScalingPolicy:
    Type: AWS::AutoScaling::ScalingPolicy
    Properties:
      AutoScalingGroupName: !Ref MyAutoScalingGroup
      PolicyType: TargetTrackingScaling
      TargetTrackingConfiguration:
        PredefinedMetricSpecification:
          PredefinedMetricType: ASGAverageCPUUtilization
        TargetValue: 50.0

CloudWatch alarm: CPUUtilization > 60% for 5 minutes triggers scale-up. After 1 hour, the ASG has 8 instances but CPU stays around 70%.
Question 397hardmultiple choice
Read the full SDLC Automation explanation →

Refer to the exhibit. The deployment succeeded but the application fails. What is the MOST likely cause?

Exhibit

CodePipeline execution history:
Pipeline: MyPipeline
Date: 2024-03-01
Stage: Deploy
Action: DeployToECS

Execution ID: e-123456789
Status: Succeeded

Revision: commit SHA abc123
Deployment details:
  - ECS service: my-service
  - Task definition: my-task:12
  - Desired count: 2
  - Running count: 2
  - Pending count: 0

After deployment, application health checks fail. Rolling back to previous revision (task definition my-task:11) resolves the issue.

CloudWatch Logs from ECS tasks:
[ERROR] Failed to connect to database: TimeoutError: connect ETIMEDOUT 10.0.0.5:5432

Practice tests

Scored 10-question sessions with instant feedback and explanations.

DOP-C02 Practice Test 1 — 10 Questions→DOP-C02 Practice Test 2 — 10 Questions→DOP-C02 Practice Test 3 — 10 Questions→DOP-C02 Practice Test 4 — 10 Questions→DOP-C02 Practice Test 5 — 10 Questions→DOP-C02 Practice Exam 1 — 20 Questions→DOP-C02 Practice Exam 2 — 20 Questions→DOP-C02 Practice Exam 3 — 20 Questions→DOP-C02 Practice Exam 4 — 20 Questions→Free DOP-C02 Practice Test 1 — 30 Questions→Free DOP-C02 Practice Test 2 — 30 Questions→Free DOP-C02 Practice Test 3 — 30 Questions→DOP-C02 Practice Questions 1 — 50 Questions→DOP-C02 Practice Questions 2 — 50 Questions→DOP-C02 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Configuration Management and IaCResilient Cloud SolutionsMonitoring and LoggingIncident and Event ResponseSecurity and ComplianceSDLC Automation

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All SDLC Automation setsAll SDLC Automation questionsDOP-C02 Practice Hub