1. What would you set in your Cloud Formation template to fire up different instance sizes based off of environment type?

A) Outputs
B) Resources
C) Mappings
D) conditions



2. You are Dev ops Engineer for a large organization. The company wants to start using Cloud formation templates to start building their resources in AWS. You are getting requirements for the templates from various departments, such as the networking, security, application etc. What is the best way to architect these Cloud formation templates.

A) Create separate logical templates . for example. a separate template for networking, security, application etc. Then nest the relevant templates.
B) Consider using Opsworks to create your environments since Cloud formation is not built for such customization.
C) Use a single Cloud formation template, since this would reduce the maintenance overhead on the templates itself.
D) Consider using Elastic beanstalk to create your environments since Cloud formation is not built for such customization.



3. You are in charge of designing a number of Cloud formation templates for your organization. You need to ensure that no one can update the stack production based resources. How can this be achieved In the most efficient way?

A) Use 53 bucket policies to protect the resources.
B) Use a Stack based policy to protect the production based resources.
C) Use MFA to protect the resources
D) Create tags for the resources and then create lAM policies to protect the resources.



4. A company has recently started using Docker cloud. This is a SaaS solution for managing docker containers on the AWS(Amazon Web Service) cloud and the solution provider is also on the same cloud platform. There is a requirement for the SaaS solution to access AWS(Amazon Web Service) resources. Which of the following would meet the requirement for enabling the SaaS solution to work with AWS(Amazon Web Service) resources in the most secured manner? Please select:

A) Create an lAM user within the enterprise account assign a user policy to the lAM user that allows only the actions required by the SaaS application. Create a new access and secret key for the user and provide these credentials to the SaaS provider.
B) From the AWS(Amazon Web Service) Management Console. navigate to the Security Credentials page and retrieve the access and secret key for your account.
C) Create an lAM role for cross-account access allows the SaaS providers account to assume the role and assign it a policy that allows only the actions required by the SaaS application.
D) Create an lAM role for EC2 instances, assign it a policy mat allows only the actions required tor the Saas application to work. provide the role ARM to the SaaS provider to use when launching their application Instances. Many SaaS platforms can access aws resources via a Cross account access created in aws. If you go to Roles in your identity management, you will see the ability to add a cross account role.



5. You are writing an AWS(Amazon Web Service) Cloud Formation template and you want to assign values to properties that will not be available until runtime. You know that you can use intrinsic functions to do this but are unsure as to which part of the template they can be used in. Which of the following is correct in describing how you can currently use intrinsic functions in an AWS(Amazon Web Service) Cloud Formation template?

A) You can use intrinsic functions only in the resource properties part of a template.
B) You can use intrinsic functions in any part of a template. except AWS(Amazon Web Service) Template Format Version
C) You can use intrinsic functions in any part of a template.
D) You can only use intrinsic functions in specific parts of a template. You can use intrinsic functions in resource properties. metadata attributes, and update policy attributes.