Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium Amazon Web Services SOA-C02 Dumps Questions Answers

Page: 1 / 19
Total 485 questions

AWS Certified SysOps Administrator - Associate (SOA-C02) Questions and Answers

Question 1

A company is rolling out a new version of its website. Management wants to deploy the new website in a limited rollout to 20% of the company's customers. The company uses Amazon Route 53 for its website's DNS solution.

Which configuration will meet these requirements?

Options:

A.

Create a failover routing policy. Within the policy, configure 80% of the website traffic to be sent to the original resource. Configure the remaining 20% of traffic as the failover record that points to the new resource.

B.

Create a multivalue answer routing policy. Within the policy, create 4 records with the name and IP address of the original resource. Configure 1 record with the name and IP address of the new resource.

C.

Create a latency-based routing policy. Within the policy, configure a record pointing to the original resource with a weight of 80. Configure a record pointing to the new resource with a weight of 20.

D.

Create a weighted routing policy. Within the policy, configure a weight of 80 for the record pointing to the original resource. Configure a weight of 20 for the record pointing to the new resource.

Buy Now
Question 2

A company uses AWS Organizations to manage multiple AWS accounts with consolidated billing enabled. Organization member account owners want the benefits of Reserved Instances (RIs) but do not want to share RIs with other accounts.

Which solution will meet these requirements?

Options:

A.

Purchase RIs in individual member accounts. Disable Rl discount sharing in the management account.

B.

Purchase RIs in individual member accounts. Disable Rl discount sharing in the member accounts.

C.

Purchase RIs in the management account. Disable Rl discount sharing in the management account.

D.

Purchase RIs in the management account. Disable Rl discount sharing in the member accounts.

Question 3

A development team recently deployed a new version of a web application to production After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data

Which AWS service will mitigate this issue?

Options:

A.

AWS Shield Standard

B.

AWS WAF

C.

Elastic Load Balancing

D.

Amazon Cognito

Question 4

A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company’s AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database.

What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?

Options:

A.

Enter the DB instance connection string into the VPC1 route table.

B.

Configure VPC peering between the two VPCs.

C.

Add the same IPv4 CIDR range for both VPCs.

D.

Connect to the DB instance by using the DB instance’s public IP address.

Question 5

A SysOps administrator noticed that a large number of Elastic IP addresses are being created on the company's AWS account, but they are not being associated with Amazon EC2 instances, and are incurring Elastic IP address charges in the monthly bill.

How can the administrator identify who is creating the Elastic IP addresses?

Options:

A.

Attach a cost-allocation tag to each requested Elastic IP address with the IAM user name of the developer who creates it.

B.

Query AWS CloudTrail logs by using Amazon Athena to search for Elastic IP address events.

C.

Create a CloudWatch alarm on the ElPCreated metric and send an Amazon SNS notification when the alarm triggers.

D.

Use Amazon Inspector to get a report of all Elastic IP addresses created in the last 30 days.

Question 6

While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS The customer gateway device resides in a data center with a NAT gateway in front of it

What address should be used to create the customer gateway resource?

Options:

A.

The private IP address of the customer gateway device

B.

The MAC address of the NAT device in front of the customer gateway device

C.

The public IP address of the customer gateway device

D.

The public IP address of the NAT device in front of the customer gateway device

Question 7

A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Users are reporting random logouts from the web application.

Which combination of actions should a SysOps administrator take to resolve this problem? (Select TWO.)

Options:

A.

Change to the least outstanding requests algorithm on the ALB target group.

B.

Configure cookie forwarding in the CloudFront distribution cache behavior.

C.

Configure header forwarding in the CloudFront distribution cache behavior.

D.

Enable group-level stickiness on the ALB listener rule.

E.

Enable sticky sessions on the ALB target group.

Question 8

A company's public website is hosted in an Amazon S3 bucket in the us-east-1 Region behind an Amazon CloudFront distribution. The company wants to ensure that the website is protected from DDoS attacks. A SysOps administrator needs to deploy a solution that gives the company the ability to maintain control over the rate limit at which DDoS protections are applied.

Which solution will meet these requirements?

Options:

A.

Deploy a global-scoped AWS WAF web ACL with an allow default action. Configure an AWS WAF rate-based rule to block matching traffic. Associate the web ACL with the CloudFront distribution.

B.

Deploy an AWS WAF web ACL with an allow default action in us-east-1. Configure an AWS WAF rate-based rule to block matching traffic. Associate the web ACL with the S3 bucket.

C.

Deploy a global-scoped AWS WAF web ACL with a block default action. Configure an AWS WAF rate-based rule to allow matching traffic. Associate the web ACL with the CloudFront distribution.

D.

Deploy an AWS WAF web ACL with a block default action in us-east-1. Configure an AWS WAF rate-based rule to allow matching traffic. Associate the web ACL with the S3 bucket.

Question 9

A company's SysOps administrator needs to change the AWS Support plan for one of the company's AWS accounts. The account has multi-factor authentication (MFA) activated, and the MFA device is lost.

What should the SysOps administrator do to sign in?

Options:

A.

Sign in as a root user by using email and phone verification. Set up a new MFA device. Change the root user password.

B.

Sign in as an 1AM user with administrator permissions. Resynchronize the MFA token by using the 1AM console.

C.

Sign in as an 1AM user with administrator permissions. Reset the MFA device for the root user by adding a new device.

D.

Use the forgot-password process to verify the email address. Set up a new password and MFA device.

Question 10

A user is connected to an Amazon EC2 instance in a private subnet. The user is unable to access the internet from the instance by using the following curl command: curl

A SysOps administrator reviews the VPC configuration and learns the following information:

• The private subnet has a route to a NAT gateway for CIDR 0.0.0.0/0

• The outbound security group for the EC2 instance contains one rule: outbound for port 443 to CIDR 0.0.0.0/0

• The inbound security group for the EC2 instance allows ports 22 and 443 from the user's IP address.

• The inbound network ACL for the subnet allows port 22 and port range 1024-65535 from CIDR 0.0.0.0/0

Which action will allow the user to complete the curl request successfully?

Options:

A.

Add an additional inbound network ACL rule for port 80 to CIDR 0.0.0.0/0.

B.

Add an additional inbound security group rule for port 80 to CIDR 0.0.0.0/0.

C.

Add an additional outbound security group rule for port 80 to CIDR 0.0.0.0/0.

D.

Add an additional outbound security group rule for port 80 to the user's IP address.

Question 11

A SysOps administrator needs to design a disaster recovery (DR) plan for an application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The application uses an Amazon Aurora PostgreSQL database. The recovery time objective (RTO) and recovery point objective (RPO) are 15 minutes each.

Which combination of steps should the SysOps administrator take to meet these requirements MOST cost-effectively? (Select TWO.)

Options:

A.

Configure Aurora backups to be exported to the DR Region.

B.

Configure the Aurora cluster to replicate data to the DR Region by using the Aurora global database option.

C.

Configure the DR Region with an ALB and an Auto Scaling group. Use the same configuration as in the primary Region.

D.

Configure the DR Region with an ALB and an Auto Scaling group. Set the Auto Scaling group's minimum capacity, maximum capacity, and desired capacity to 1.

E.

Manually launch a new ALB and a new Auto Scaling group by using AWS CloudFormation during a failover activity.

Question 12

The company needs EC2 instances in the VPC to resolve DNS names for on-premises hosts using Direct Connect.

Options:

Options:

A.

Create an Amazon Route 53 private hosted zone. Populate the zone with the hostnames and IP addresses of the hosts in the on-premises data center.

B.

Create an Amazon Route 53 Resolver outbound endpoint. Add the IP addresses of an on-premises DNS server for the domain names that need to be forwarded.

C.

Set up a forwarding rule for reverse DNS queries in Amazon Route 53 Resolver. Set the enableDnsHostnames attribute to true for the VPC.

D.

Add the hostnames and IP addresses for the on-premises hosts to the /etc/hosts file of each EC2 instance.

Question 13

A SysOps administrator needs to monitor a process that runs on Linux Amazon EC2 instances. If the process stops, the process must restart automatically. The Amazon CloudWatch agent is already installed on all the EC2 Instances.

Which solution will meet these requirements?

Options:

A.

Add a procstat monitoring configuration to the CloudWatch agent for the process. Create an Amazon EventBridge event rule that initiates an AWS Systems Manager Automation runbook to restart the process after the process stops.

B.

Add a StatsD monitoring configuration to the CloudWatch agent for the process. Create a CloudWatch alarm that initiates an AWS Systems Manager Automation runbook to restart the process after the process stops.

C.

Add a StatsD monitoring configuration to the CloudWatch agent for the process. Create an Amazon EventBridge event rule that initiates an AWS Systems Manager Automation runbook to restart the process after the process stops.

D.

Add a procstat monitoring configuration to the CloudWatch agent for the process. Create a CloudWatch alarm that initiates an AWS Systems Manager Automation runbook to restart the process after the process stops.

Question 14

A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. A SysOpe administrator notices that some of these EC2 instances show up as heathy in the Auto Scaling g-out but show up as unhealthy in the ALB target group.

What is a possible reason for this issue?

Options:

A.

Security groups ate rot allowing traffic between the ALB and the failing EC2 instances

B.

The Auto Seating group health check is configured for EC2 status checks

C.

The EC2 instances are failing to launch and failing EC2 status checks.

D.

The target group health check is configured with an incorrect port or path

Question 15

A company runs an application on Amazon EC2 instances behind an Application Load Balancer. The EC2 instances are in an Auto Scaling group. The application sometimes becomes slow and unresponsive. Amazon CloudWatch metrics show that some EC2 instances are experiencing high CPU load.

A SysOps administrator needs to create a CloudWatch dashboard that can automatically display CPU metrics of all the EC2 instances. The metrics must include new instances that are launched as part of the Auto Scaling group.

What should the SysOps administrator do to meet these requirements in the MOST operationally efficient way?

Options:

A.

Create a CloudWatch dashboard. Use activity notifications from the Auto Scaling group to invoke a custom AWS Lambda function. Use the Lambda function to update the CloudWatch dashboard to monitor the CPUUtilization metric for the new instance IDs.

B.

Create a CloudWatch dashboard. Run a custom script on each EC2 instance to stream the CPU utilization to the dashboard.

C.

Use CloudWatch metrics explorer to filter by the aws:autoscaling:groupName tag and to create a visualization for the CPUUtilization metric. Add the visualization to a CloudWatch dashboard.

D.

Use CloudWatch metrics explorer to filter by instance state and to create a visualization for the CPUUtilization metric. Add the visualization to a CloudWatch dashboard.

Question 16

A SysOps administrator is investigating a company's web application for performance problems The application runs on Amazon EC2 instances that are in an Auto Scaling group. The application receives large traffic increases at random times throughout the day. During periods of rapid traffic increases, the Auto Scaling group is not adding capacity fast enough. As a result, users are experiencing poor performance.

The company wants to minimize costs without adversely affecting the user experience when web traffic surges quickly. The company needs a solution that adds more capacity to me Auto Scaling group for larger traffic increases than for smaller traffic increases.

How should the SysOps administrator configure the Auto Scaling group to meet these requirements?

Options:

A.

Create a simple scaling policy with settings to make larger adjustments in capacity when the system is under heavy load

B.

Create a step scaling policy with settings to make larger adjustments in capacity when the system is under heavy load.

C.

Create a target tracking scaling policy with settings to make larger adjustments in capacity when the system is under heavy load

D.

Use Amazon EC2 Auto Scaling lifecycle hooks Adjust the Auto Scaling group's maximum number of instances after every scaling event

Question 17

A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin. After a week of monitoring the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load.

What are possible causes for this problem? (Choose two.)

Options:

A.

CloudFront does not have the ALB configured as the origin access identity.

B.

The DNS is still pointing to the ALB instead of the CloudFront distribution.

C.

The ALB security group is not permitting inbound traffic from CloudFront.

D.

The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on the CloudFront distribution.

E.

The target groups associated with the ALB are configured for sticky sessions.

Question 18

A company's SysOps administrator is troubleshooting communication between the components of an application. The company configured VPC flow logs to be published to Amazon CloudWatch Logs However, there are no logs in CloudWatch Logs

What could be blocking the VPC flow logs from being published to CloudWatch Logs?

Options:

A.

The 1AM policy that is attached to the 1AM role for the flow log is missing the logs:CreateLogGroup permission.

B.

The 1AM policy that is attached to the 1AM role for the flow log is missing the logs:CreateExportTask permission.

C.

The VPC is configured for IPv6 addresses.

D.

The VPC is peered with another VPC in the AWS account.

Question 19

A SysOps administrator has used AWS Cloud Formal ion to deploy a serverless application Into a production VPC. The application consists of an AWS Lambda function an Amazon DynamoDB table, and an Amazon API Gateway API. The SysOps administrator must delete the AWS Cloud Formation stack without deleting the DynamoDB table.

Which action should the SysOps administrator take before deleting the AWS Cloud Formation stack?

Options:

A.

Add a Retain deletion policy to the DynamoDB resource in the AWS CloudFormation stack

B.

Add a Snapshot deletion policy to the DynamoDB resource in the AWS CloudFormation stack.

C.

Enable termination protection on the AWS Cloud Formation stack.

D.

Update the application's IAM policy with a Deny statement for the dynamodb:DeleteTabie action.

Question 20

After creating a presigned URL for an S3 object, users can no longer access the file after a few days.

Options (Select TWO):

Options:

A.

The presigned URL's expiration date and time have passed.

B.

The SysOps administrator's access key is no longer valid.

C.

The S3 bucket's Block Public Access settings are enabled.

D.

The S3 object's ACL does not include READ access for the All Users group.

E.

The S3 object's ACL does not include READ_ACP access for the All Users group.

Question 21

A company has an application that runs only on Amazon EC2 Spot Instances. The instances run in an Amazon EC2 Auto Scaling group with scheduled scaling actions.

However, the capacity does not always increase at the scheduled times, and instances terminate many times a day. A Sysops administrator must ensure that the instances launch on time and have fewer interruptions.

Which action will meet these requirements?

Options:

A.

Specify the capacity-optimized allocation strategy for Spot Instances. Add more instance types to the Auto Scaling group.

B.

Specify the capacity-optimized allocation strategy for Spot Instances. Increase the size of the instances in the Auto Scaling group.

C.

Specify the lowest-price allocation strategy for Spot Instances. Add more instance types to the Auto Scaling group.

D.

Specify the lowest-price allocation strategy for Spot Instances. Increase the size of the instances in the Auto Scaling group.

Question 22

A SysOps administrator is creating two AWS CloudFormation templates. The first template will create a VPC with associated resources, such as subnets, route tables, and an internet gateway. The second template will deploy application resources within the VPC that was created by the first template. The second template should refer to the resources created by the first template.

How can this be accomplished with the LEAST amount of administrative effort?

Options:

A.

Add an export field to the outputs of the first template and import the values in the second template.

B.

Create a custom resource that queries the stack created by the first template and retrieves the required values.

C.

Create a mapping in the first template that is referenced by the second template.

D.

Input the names of resources in the first template and refer to those names in the second template as a parameter.

Question 23

A company has deployed AWS Security Hub and AWS Config in a newly implemented organization in AWS Organizations. A SysOps administrator must implement a solution to restrict all member accounts in the organization from deploying Amazon EC2 resources in the ap-southeast-2 Region. The solution must be implemented from a single point and must govern an current and future accounts. The use of root credentials also must be restricted in member accounts.

Which AWS feature should the SysOps administrator use to meet these requirements?

Options:

A.

AWS Config aggregator

B.

IAM user permissions boundaries

C.

AWS Organizations service control policies (SCPs)

D.

AWS Security Hub conformance packs

Question 24

A large company is using AWS Organizations to manage its multi-account AWS environment. According to company policy, all users should have read-level access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be available outside the organization. A SysOps administrator must set up the permissions and add a bucket policy to the S3 bucket.

Which parameters should be specified to accomplish this in the MOST efficient manner?

Options:

A.

Specify "' as the principal and PrincipalOrgld as a condition.

B.

Specify all account numbers as the principal.

C.

Specify PrincipalOrgld as the principal.

D.

Specify the organization's management account as the principal.

Question 25

A SysOps administrator created an AWS Cloud Formation template that provisions Amazon EC2 instances, an Elastic Load Balancer (ELB), and an Amazon RDS DB instance. During stack creation, the creation of the EC2 instances and the creation of the ELB are successful. However, the creation of the DB instance fails.

What is the default behavior of CloudFormation in this scenario?

Options:

A.

CloudFormation will roll back the stack and delete the stack.

B.

CloudFormation will roll back the stack but will not delete the stack.

C.

CloudFormation will prompt the user to roll back the stack or continue.

D.

CloudFormation will successfully complete the stack but will report a failed status for the DB instance.

Question 26

A company is expanding its use of AWS services across its portfolios The company wants to provision AWS accounts for each team to ensure a separation of business processes for security compliance and billing Account creation and bootstrapping should be completed m a scalable and efficient way so new accounts are created with a defined baseline and governance guardrails in place A SysOps administrator needs to design a provisioning process that saves time and resources

Which action should be taken to meet these requirements?

Options:

A.

Automate using AWS Elastic Beanstalk to provision the AWS accounts set up infrastructure and integrate with AWS Organizations

B.

Create bootstrapping scripts in AWS OpsWorks and combine them with AWS CloudFormation templates to provision accounts and infrastructure

C.

Use AWS Config to provision accounts and deploy instances using AWS Service Catalog

D.

Use AWS Control Tower to create a template in Account Factory and use the template to provision new accounts

Question 27

The SysOps administrator needs to deploy auditing software on all existing and new EC2 instances across multiple Regions, using AWS Systems Manager.

Options:

Options:

A.

Create a Systems Manager Distributor package that includes the auditing software. Store the package in an Amazon S3 bucket. Create a Systems Manager State Manager association in each Region to install the software package on all managed instances in the company's AWS account.

B.

Load the installer for the auditing software into an Amazon S3 bucket. Connect to every instance by using Systems Manager Fleet Manager Remote Desktop. Download the installer by using the AWS CLI. Run the installer manually.

C.

Create an AWS Lambda function that calls the software installer. Merge the auditing software into the Lambda function by using Lambda layers. Run the Lambda function from each instance by using a scheduled Amazon EventBridge rule.

D.

Create an Amazon EventBridge rule to react to Amazon EC2 RunInstances events. Configure the rule to modify the events to include a step that runs the software installer. Reboot all the instances.

Question 28

A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an

EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.

Which condition should be used with the alarm?

Options:

A.

AWS/ApplicationELB HealthyHostCount <= 0

B.

AWS/ApplicationELB UnhealthyHostCount >= 1

C.

AWS/EC2 StatusCheckFailed <= 0

D.

AWS/EC2 StatusCheckFailed >= 1

Question 29

A Sysops administrator needs to configure automatic rotation for Amazon RDS database credentials. The credentials must rotate every 30 days. The solution must integrate with Amazon RDS.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Store the credentials in AWS Systems Manager Parameter Store as a secure string. Configure automatic rotation with a rotation interval of 30 days.

B.

Store the credentials in AWS Secrets Manager. Configure automatic rotation with a rotation interval of 30 days.

C.

Store the credentials in a file in an Amazon S3 bucket. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.

D.

Store the credentials in AWS Secrets Manager. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.

Question 30

A software development company has multiple developers who work on the same product. Each developer must have their own development environment, and these development environments must be identical. Each development environment consists of Amazon EC2 instances and an Amazon RDS DB instance. The development environments should be created only when necessary, and they must be terminated each night to minimize costs.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessary. Schedule a nightly cron job on each development instance to stop all running processes to reduce CPU utilization to nearly zero.

B.

Provide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to delete the AWS CloudFormation stacks.

C.

Provide developers with CLI commands so that they can provision their own development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to terminate all EC2 instances and the DB instance.

D.

Provide developers with CLI commands so that they can provision their own development environment when necessary. Schedule a nightly Amazon EventBridge (Amazon CloudWatch Events) rule to cause AWS CloudFormation to delete all of the development environment resources.

Question 31

The company needs a shared file solution for EC2 Windows instances in a Multi-AZ deployment that uses native Windows storage capabilities and maximizes consistency.

Options:

Options:

A.

Create an Amazon FSx for Windows File Server Multi-AZ file system. Map file shares on the instances by using the file system's DNS name.

B.

Grant the instances access to a shared Amazon S3 bucket. Use Windows Task Scheduler to synchronize the contents of the S3 bucket locally to each instance periodically.

C.

Create an Amazon Elastic File System (Amazon EFS) file system that uses the EFS Standard storage class. Mount the file system to the instances by using the file system's DNS name and the EFS mount helper.

D.

Create a new Amazon Elastic Block Store (Amazon EBS) Multi-Attach volume. Attach the EBS volume as an additional drive to each instance.

Question 32

A SysOps administrator manages the caching of an Amazon CloudFront distribution that serves pages of a website. The SysOps administrator needs to configure the distribution so that the TTL of individual pages can vary. The TTL of the individual pages must remain within the maximum TTL and the minimum TTL that are set for the distribution.

Which solution will meet these requirements?

Options:

A.

Create an AWS Lambda function that calls the Create Invalid at ion API operation when a change in cache time is necessary.

B.

Add a Cache-Control: max-age directive to the object at the origin when content is being returned to CloudFront.

C.

Add a no-cache header through a Lambda@Edge function in response to the Viewer response.

D.

Add an Expires header through a CloudFront function in response to the Viewer response.

Question 33

The security team is concerned because the number of AWS Identity and Access Management (IAM) policies being used in the environment is increasing. The team tasked a SysOps administrator to report on the current number of IAM policies in use and the total available IAM policies.

Which AWS service should the administrator use to check how current IAM policy usage compares to current service limits?

Options:

A.

AWS Trusted Advisor

B.

Amazon Inspector

C.

AWS Config

D.

AWS Organizations

Question 34

A SysOps administrator needs to configure a solution that will deliver digital content to a set of authorized users through Amazon CloudFront. Unauthorized users must be restricted from access.

Which solution will meet these requirements?

Options:

A.

Store the digital content in an Amazon S3 bucket that does not have public access blocked. Use signed URLs to access the S3 bucket through CloudFront.

B.

Store the digital content in an Amazon S3 bucket that has public access blocked. Use an origin access identity (OAI) to deliver the content through CloudFront. Restrict S3 bucket access with signed URLs in CloudFront.

C.

Store the digital content in an Amazon S3 bucket that has public access blocked. Use an origin access identity (OAI) to deliver the content through CloudFront. Enable field-level encryption.

D.

Store the digital content in an Amazon S3 bucket that does not have public access blocked. Use signed cookies for restricted delivery of the content through CloudFront.

Question 35

A SysOps administrator is notified that an Amazon EC2 instance has stopped responding The AWS Management Console indicates that the system status checks are failing What should the administrator do first to resolve this issue?

Options:

A.

Reboot the EC2 instance so it can be launched on a new host

B.

Stop and then start the EC2 instance so that it can be launched on a new host

C.

Terminate the EC2 instance and relaunch it

D.

View the AWS CloudTrail log to investigate what changed on the EC2 instance

Question 36

A company is using Amazon S3 to set up a temporary static website that is public. A SysOps administrator creates an S3 bucket by using the default settings. The SysOps administrator updates the S3 bucket properties to configure static website hosting. The SysOps administrator then uploads objects that contain content for index.html and error.html.

When the SysOps administrator navigates to the website URL. the SysOps administrator receives an HTTP Status Code 403: Forbidden (Access Denied) error.

What should the SysOps administrator do to resolve this error?

Options:

A.

Create an Amazon Route 53 DNS entry. Point the entry to the S3 bucket.

B.

Edit the S3 bucket permissions by turning off Block Public Access settings. Create a bucket policy to allow GetObject access on the S3 bucket.

C.

Edit the permissions on the index html and error html files for read access

D.

Edit the S3 bucket permissions by turning off Block Public Access settings. Create a bucket policy to allow PutObject access on the S3 bucket.

Question 37

A SysOps administrator needs to update an AWS accoun1 name What should the SysOps administrator do to accomplish this goal?

Options:

A.

Add the Administrator Access policy to the SysOps administrator's 1AM user.

B.

Add the AWS_ConfigRole policy to the SysOps administrator's 1AM user.

C.

Change the AWS account name through the AWS Trusted Advisor interface.

D.

Sign in as the AWS account root user to make the change.

Question 38

A company runs a high performance computing (HPC) application on an Amazon EC2 instance The company needs to scale this architecture to two or more EC2 instances. The EC2 instances wilt need to communicate with each other at high speeds with low latency to support the application.

The company wants to ensure that the network performance can support the required communication between the EC2 instances.

What should a SysOps administrator do to meet these requirements?

Options:

A.

Create a cluster placement group. Back up the existing EC2 instance to an Amazon Machine Image (AMI). Restore the EC2 instance from the AMI into the placement group Launch the additional EC2 instances into the placement group

B.

Back up the existing EC2 instance to an Amazon Machine Image (AMI). Create a launch template from the existing EC2 instance by specifying the AMI. Create an Auto Scaling group and configure the desired instance count.

C.

Create a Network Load Balancer (NLB) and a target group. Launch the new EC2 instances and register them with the target group Register the existing EC2 instance with the target group. Pass all application traffic through the NLB.

D.

Back up the existing EC2 Instance to an Amazon Machine Image (AMI). Create additional clones of the EC2 instance from the AMI in the same Availability Zone where the existing EC2 instance is located.

Question 39

Application A runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The EC2 instances are in an Auto Scaling group and are in the same subnet that is associated with the NLB. Other applications from an on-premises environment cannot communicate with Application A on port 8080.

To troubleshoot the issue, a SysOps administrator analyzes the flow logs. The flow logs include the following records:

What is the reason for the rejected traffic?

Options:

A.

The security group of the EC2 instances has no Allow rule for the traffic from the NLB.

B.

The security group of the NLB has no Allow rule for the traffic from the on-premises environment.

C.

The ACL of the on-premises environment does not allow traffic to the AWS environment.

D.

The network ACL that is associated with the subnet does not allow outbound traffic for the ephemeral port range.

Question 40

A SysOps administrator needs to share a new AMI with all accounts within an organization managed through AWS Organizations.

Options:

Options:

A.

Make the AMI public. Reference the AMI ID from within the member accounts of the organization.

B.

Share the AMI's associated snapshots with all the accounts in the organization.

C.

Share the AMI with the organization by specifying the organization Amazon Resource Name (ARN).

D.

Upload the AMI to AWS Marketplace. Search for the uploaded AMI when an instance is launched from a member account in the organization.

Question 41

A SysOps administrator is tasked with deploying a company's infrastructure as code. The SysOps administrator want to write a single template that can be reused for multiple environments.

How should the SysOps administrator use AWS CloudFormation to create a solution?

Options:

A.

Use Amazon EC2 user data in a CloudFormation template

B.

Use nested stacks to provision resources

C.

Use parameters in a CloudFormation template

D.

Use stack policies to provision resources

Question 42

The SysOps administrator needs to prevent any account within an AWS Organization from leaving the organization.

Options:

Options:

A.

Create a service control policy (SCP) that denies the LeaveOrganization action. Apply the SCP to the root organizational unit (OU).

B.

Create a service control policy (SCP) that denies the RemoveAccountFromOrganization action. Apply the SCP to the root organizational unit (OU).

C.

Deploy an AWS Lambda function in each member account to remove any Organizations permissions when a user is created.

D.

Turn on AWS Config. Set up the account-part-of-organizations managed rule. Configure the rule to run every hour.

Question 43

A company has an AWS Cloud Formation template that creates an Amazon S3 bucket. A user authenticates to the corporate AWS account with their Active Directory credentials and attempts to deploy the Cloud Formation template. However, the stack creation fails.

Which factors could cause this failure? (Select TWO.)

Options:

A.

The user's IAM policy does not allow the cloudformation:CreateStack action.

B.

The user's IAM policy does not allow the cloudformation:CreateStackSet action.

C.

The user's IAM policy does not allow the s3:CreateBucket action.

D.

The user's IAM policy explicitly denies the s3:ListBucket action.

E.

The user's IAM policy explicitly denies the s3:PutObject action

Question 44

A SysOps administrator is deploying an application on 10 Amazon EC2 instances. The application must be highly available. The instances must be placed on distinct underlying hardware.

What should the SysOps administrator do to meet these requirements?

Options:

A.

Launch the instances into a cluster placement group in a single AWS Region.

B.

Launch the instances into a partition placement group in multiple AWS Regions.

C.

Launch the instances into a spread placement group in multiple AWS Regions.

D.

Launch the instances into a spread placement group in single AWS Region

Question 45

A SysOps administrator has used AWS Cloud Formation to deploy a sereness application into a production VPC. The application consists of an AWS Lambda function, an Amazon DynamoOB table, and an Amazon API Gateway API. The SysOps administrator must delete the AWS Cloud Formation stack without deleting the DynamoOB table.

Which action should the SysOps administrator take before deleting the AWS Cloud Formation stack?

Options:

A.

Add a Retain deletion policy to the DynamoOB resource in the AWS CloudFormation stack.

B.

Add a Snapshot deletion policy to the DynamoOB resource In the AWS CloudFormation stack.

C.

Enable termination protection on the AWS Cloud Formation stack.

D.

Update the application's IAM policy with a Deny statement for the dynamodb:DeleteTabie action.

Question 46

A company has a public website that recently experienced problems. Some links led to missing webpages, and other links rendered incorrect webpages. The application infrastructure was running properly, and all the provisioned resources were healthy. Application logs and dashboards did not show any errors, and no monitoring alarms were raised. Systems administrators were not aware of any problems until end users reported the issues.

The company needs to proactively monitor the website for such issues in the future and must implement a solution as soon as possible.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Rewrite the application to surface a custom error to the application log when issues occur. Automatically parse logs for errors. Create an Amazon CloudWatch alarm to provide alerts when issues are detected.

B.

Create an AWS Lambda function to test the website. Configure the Lambda function to emit an Amazon CloudWatch custom metric when errors are detected. Configure a CloudWatch alarm to provide alerts when issues are detected.

C.

Create an Amazon CloudWatch Synthetics canary. Use the CloudWatch Synthetics Recorder plugin to generate the script for the canary run. Configure the canary in line with requirements. Create an alarm to provide alerts when issues are detected.

Question 47

A company uses an Amazon Simple Queue Service (Amazon SQS) standard queue with its application. The application sends messages to the queue with unique message bodies The company decides to switch to an SQS FIFO queue

What must the company do to migrate to an SQS FIFO queue?

Options:

A.

Create a new SQS FIFO gueue Turn on content based deduplication on the new FIFO queue Update the application to include a message group ID in the messages

B.

Create a new SQS FIFO queue Update the application to include the DelaySeconds parameter in the messages

C.

Modify the queue type from SQS standard to SQS FIFO Turn off content-based deduplication on the queue Update the application to include a message group ID in the messages

D.

Modify the queue type from SQS standard to SQS FIFO Update the application to send messages with identical message bodies and to include the DelaySeconds parameter in the messages

Question 48

A data storage company provides a service that gives users the ability to upload and download files as needed. The files are stored in Amazon S3 Standard and must be immediately retrievable for 1 year. Users access files frequently during the first 30 days after the files are stored. Users rarely access files after 30 days.

The company's SysOps administrator must use S3 Lifecycle policies to implement a solution that maintains object availability and minimizes cost.

Which solution will meet these requirements?

Options:

A.

Move objects to S3 Glacier after 30 days.

B.

Move objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.

C.

Move objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.

D.

Move objects to S3 Standard-Infrequent Access (S3 Standard-IA) immediately.

Question 49

A company has an Auto Scaling group of Amazon EC2 instances that scale based on average CPU utilization. The Auto Scaling group events log indicates an InsufficientlnstanceCapacity error.

Which actions should a SysOps administrator take to remediate this issue? (Select TWO.

Options:

A.

Change the instance type that the company is using.

B.

Configure the Auto Scaling group in different Availability Zones.

C.

Configure the Auto Scaling group to use different Amazon Elastic Block Store (Amazon EBS) volume sizes.

D.

Increase the maximum size of the Auto Scaling group.

E.

Request an increase in the instance service quota.

Question 50

A company uses AWS Organizations to host several applications across multiple AWS accounts. Several teams are responsible for building and maintaining the infrastructure of the applications across the AWS accounts.

A SysOps administrator must implement a solution to ensure that user accounts and permissions are centrally managed. The solution must be integrated with the company's existing on-premises Active Directory environment. The SysOps administrator already has enabled AWS 1AM Identity Center (AWS Single Sign-On) and has set up an AWS Direct Connect connection.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Create a Simple AD domain, and establish a forest trust relationship with the on-premises Active Directory domain. Set the Simple AD domain as the identity source for 1AM Identity Center. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.

B.

Create an Active Directory domain controller on an Amazon EC2 instance that is joined to the on-premises Active Directory domain. Set the Active Directory domain controller as the identity source for 1AM Identity Center. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.

C.

Create an AD Connector that is associated with the on-premises Active Directory domain. Set the AD Connector as the identity source for 1AM Identity Center. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.

D.

Use the built-in SSO directory as the identity source for 1AM Identity Center. Copy the users and groups from the on-premises Active Directory domain. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.

Question 51

A SysOps administrator is responsible for more than 50 Amazon EC2 instances mat are deployed in a single production AWS account The EC2 instances are running several different operating systems The company's standards require patching to be completed at least once a month.

The SysOps administrator wants to use AWS Systems Manager to reduce the number of hours the company spends on operating system patching each month.

Which combination of steps should the SysOps administrator take to meet these requirements? (Select THREE.)

Options:

A.

Group similar EC2 instances together into resource groups by using AWS Resource Groups

B.

Create a schedule in Systems Manager Patch Manager. Specify the appropriate resource group as the target

C.

Specify Systems Manager Automation runbooks to patch the operating systems. Register the runbooks as tasks in the maintenance window. Specify the appropriate resource group as the target

D.

Create a Systems Manager Automation runbook to monitor and control the state of the patches required. Apply the runbook to Systems Manager Patch Manager

E.

Create a single Systems Manager maintenance window for each resource group.

F.

Configure Systems Manager Fleet Manager to apply a Systems Manager Automation runbook to the appropriate resource group.

Question 52

A company wants to track its AWS costs in all member accounts that are part of an organization in AWS Organizations. Managers of the

member accounts want to receive a notification when the estimated costs exceed a predetermined amount each month. The managers

are unable to configure a billing alarm. The IAM permissions for all users are correct.

What could be the cause of this issue?

Options:

A.

The management/payer account does not have billing alerts turned on.

B.

The company has not configured AWS Resource Access Manager (AWS RAM) to share billing information between the member accounts and the management/payer account.

C.

Amazon GuardDuty is turned on for all the accounts.

D.

The company has not configured an AWS Config rule to monitor billing.

Question 53

A SysOps administrator deployed a three-tier web application to a OA environment and is now evaluating the high availability of the application. The SysOps administrator notices that, when they simulate an unavailable Availability Zone, the application fails to respond. The application stores data in Amazon RDS and Amazon DynamoDB.

How should the SysOps administrator resolve this issue?

Options:

A.

Add addilional subnets lo the RDS instance subnet group.

B.

Add an Elastic Load Balancer in front of the RDS instance.

C.

Distribute the data in DynamoDB across Availability Zones.

D.

Enable Multi-AZ for the RDS instance.

Question 54

A company with multiple AWS accounts needs to obtain recommendations for AWS Lambda functions and identify optimal resource configurations for each Lambda function. How should a SysOps administrator provide these recommendations?

Options:

A.

Create an AWS Serverless Application Repository and export the Lambda function recommendations.

B.

Enable AWS Compute Optimizer and export the Lambda function recommendations

C.

Enable all features of AWS Organization and export the recommendations from AWS CloudTrail Insights.

D.

Run AWS Trusted Advisor and export the Lambda function recommendations

Question 55

A company maintains a large set of sensitive data in an Amazon S3 bucket. The company's security team asks a SyeOps administrator to help verify that all current objects in the S3 bucket are encrypted.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Create a script that runs against the S3 bucket and outputs the status of each object.

B.

Create an S3 Inventory configuration on the S3 bucket Induce the appropriate status fields.

C.

Provide the security team with an IAM user that has read access to the S3 bucket.

D.

Use the AWS CLI to output a list of all objects in the S3 bucket.

Question 56

The company needs a solution to provide failover for a Single-AZ RDS for MySQL DB instance to minimize application downtime.

Options:

Options:

A.

Modify the DB instance to be a Multi-AZ DB instance deployment.

B.

Add a read replica in the same Availability Zone where the DB instance is deployed.

C.

Add the DB instance to an Auto Scaling group that has a minimum capacity of 2 and a desired capacity of 2.

D.

Use RDS Proxy to configure a proxy in front of the DB instance.

Question 57

A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the administrator to alter the application code.

The MOST effective way to reduce latency is to relaunch the EC2 instances in:

Options:

A.

a dedicated VPC.

B.

a single subnet inside the VPC.

C.

a placement group.

D.

a single Availability Zone.

Question 58

A SysOps administrator launches an Amazon EC2 Linux instance in a public subnet. When the instance is running, the SysOps administrator obtains the public IP address and attempts to remotely connect to the instance multiple times. However, the SysOps administrator always receives a timeout error.

Which action will allow the SysOps administrator to remotely connect to the instance?

Options:

A.

Add a route table entry in the public subnet for the SysOps administrator's IP address.

B.

Add an outbound network ACL rule to allow TCP port 22 for the SysOps administrator's IP address.

C.

Modify the instance security group to allow inbound SSH traffic from the SysOps administrator's IP address.

D.

Modify the instance security group to allow outbound SSH traffic to the SysOps administrator's IP address.

Question 59

An application team uses an Amazon Aurora MySQL DB cluster with one Aurora Replica. The application team notices that the application read performance degrades when user connections exceed 200. The number of user connections is typically consistent around 180. with occasional sudden increases above 200 connections. The application team wants the application to automatically scale as user demand increases or decreases.

Which solution will meet these requirements?

Options:

A.

Migrate to a new Aurora multi-master DB cluster. Modify the application database connection string.

B.

Modify the DB cluster by changing to serverless mode whenever user connections exceed 200.

C.

Create an auto scaling policy with a target metric of 195 DatabaseConnections

D.

Modify the DB cluster by increasing the Aurora Replica instance size.

Question 60

A SysOps administrator needs to give users the ability to upload objects to an Amazon S3 bucket. The SysOps administrator creates a presigned URL and provides the URL to a user, but the user cannot upload an object to the S3 bucket. The presigned URL has not expired, and no bucket policy is applied to the S3 bucket.

Which of the following could be the cause of this problem?

Options:

A.

The user has not properly configured the AWS CLI with their access key and secret access key.

B.

The SysOps administrator does not have the necessary permissions to upload the object to the S3 bucket.

C.

The SysOps administrator must apply a bucket policy to the S3 bucket to allow the user to upload the object.

D.

The object already has been uploaded through the use of the presigned URL, so the presigned URL is no longer valid.

Question 61

A SysOps administrator is using AWS CloudFormation StackSets to create AWS resources in two AWS Regions in the same AWS account. A stack operation fails in one Region and returns the stack instance status of OUTDATED.

What is the cause of this failure?

Options:

A.

The CloudFormation template changed on the local disk and has not been submitted to Cloud Formation.

B.

The CloudFormation template is trying to create a global resource that is not unique

C.

The stack has not yet been deployed to the Region.

D.

The SysOps administrator is using an old version of the CloudFormation API.

Question 62

A company is using an Amazon EC2 Auto Scaling group to support a workload A Sytfhe company now needs to centruito Scaling group is configured with two similar scaling policies dP) to centrally manage access to One scaling policy adds 5 instances when CPU utilization reaches 80%. The other sctrator can connect to the extemahen CPU utilization leaches 80%.

What will happen when CPU utilization reaches the 80% threshold?

Options:

A.

Amazon EC2 Auto Scaling will add 5 instances

B.

Amazon EC2 Auto Scaling will add 10 instances

C.

Amazon EC2 Auto Scaling will add 15 instances.

D.

The Auto Scaling group will not scale because of conflicting policies

Question 63

A SysOps administrator needs to configure the Amazon Route 53 hosted zone for example.com and to point to an Application Load Balancer (ALB). Which combination of actions should the SysOps administrator take to meet these requirements? (Select TWO.)

Options:

A.

Configure anArecordforexample.com to point to the IP address of the ALB.

B.

Configure an A record for www.example.com to point to the IP address of the ALB.

C.

Configure an alias record for example.com to point to the CNAME of the ALB.

D.

Configure an alias record for www.example.com to point to the Route 53 example.com record.

E.

Configure a CNAME record for example com to point to the CNAME of the ALB.

Question 64

A company is using Amazon Elastic Container Sen/ice (Amazon ECS) to run a containerized application on Amazon EC2 instances. A SysOps administrator needs to monitor only traffic flows between the ECS tasks.

Which combination of steps should the SysOps administrator take to meet this requirement? (Select TWO.)

Options:

A.

Configure Amazon CloudWatch Logs on the elastic network interface of each task.

B.

Configure VPC Flow Logs on the elastic network interface of each task.

C.

Specify the awsvpc network mode in the task definition.

D.

Specify the bridge network mode in the task definition.

E.

Specify the host network mode in the task definition.

Question 65

A company hosts a static website in an Amazon S3 bucket. The website is accessed globally. The company has configured an Amazon CloudFront distribution and has set the S3 bucket as the distribution's origin. The Cache-Control max-age header is set to 1 hour The Maximum TTL is set to 5 minutes.

A SysOps administrator observes that website performance is lower than expected. CloudFront is not caching objects for the amount of time that is configured.

What is the reason for this issue?

Options:

A.

The Expires header has been set to 3 hours

B.

Cached assets are not expiring in the edge location.

C.

Cache invalidation is missing in the CloudFront configuration.

D.

Cache-duration settings conflict with each other

Question 66

A company wants to be alerted through email when IAM CreateUser API calls are made within its AWS account.

Which combination of actions should a SysOps administrator take to meet this requirement? (Choose two.)

Options:

A.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS CloudTrail as the event source and IAM CreateUser as the specific API call for the event pattern.

B.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule with Amazon CloudSearch as the event source and IAM CreateUser as the specific API call for the event pattern.

C.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS IAM Access Analyzer as the event source and IAM CreateUser as the specific API call for the event pattern.

D.

Use an Amazon Simple Notification Service (Amazon SNS) topic as an event target with an email subscription.

E.

Use an Amazon Simple Email Service (Amazon SES) notification as an event target with an email subscription.

Question 67

A SysOps administrator has created an AWS Service Catalog portfolio and has shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.

Which action will the administrator of the second account be able to perform?

Options:

A.

Add a product from the imported portfolio to a local portfolio.

B.

Add new products to the imported portfolio.

C.

Change the launch role for the products contained in the imported portfolio.

D.

Customize the products in the imported portfolio.

Question 68

A company has an initiative to reduce costs associated with Amazon EC2 and AWS Lambda. Which action should a SysOps administrator take to meet these requirements?

Options:

A.

Analyze the AWS Cost and Usage Report by using Amazon Athena to identity cost savings.

B.

Create an AWS Budgets alert to alarm when account spend reaches 80% of the budget.

C.

Purchase Reserved Instances through the Amazon EC2 console.

D.

Use AWS Compute Optimizer and take action on the provided recommendations.

Question 69

A SysOps administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a company’s account. The administrator must be alerted to potential issues.

What should the administrator do to receive email alerts before low storage space affects EC2 instance performance?

Options:

A.

Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications

B.

Use AWS CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic.

C.

Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic.

D.

Use AWS Trusted Advisor and enable email notification alerts for EC2 disk space

Question 70

A SysOps administrator needs to track the costs of data transfer between AWS Regions. The SysOps administrator must implement a solution to send alerts to an email distribution list when transfer costs reach 75% of a specific threshold.

What should the SysOps administrator do to meet these requirements?

Options:

A.

Create an AWS Cost and Usage Report. Analyze the results in Amazon Athena. Configure an alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic when costs reach 75% of the threshold. Subscribe the email distribution list to the topic.

B.

Create an Amazon CloudWatch billing alarm to detect when costs reach 75% of the threshold. Configure the alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the email distribution list to the topic.

C.

Use AWS Budgets to create a cost budget for data transfer costs. Set an alert at 75% of the budgeted amount. Configure the budget to send a notification to the email distribution list when costs reach 75% of the threshold.

D.

Set up a VPC flow log. Set up a subscription filter to an AWS Lambda function to analyze data transfer. Configure the Lambda function to send a notification to the email distribution list when costs reach 75% of the threshold.

Question 71

A company has deployed an application on AWS. The application runs on a fleet of Linux Amazon EC2 instances that are in an Auto Scaling group. The Auto Scaling group is configured to use launch templates. The launch templates launch Amazon Elastic Block Store (Amazon EBS) backed EC2 instances that use General Purpose SSD (gp3) EBS volumes for primary storage.

A SysOps administrator needs to implement a solution to ensure that all the EC2 instances can share the same underlying files. The solution also must ensure that the data is consistent.

Which solution will meet these requirements?

Options:

A.

Create an Amazon Elastic File System (Amazon EFS) file system. Create a new launch template version that includes user data that mounts the EFS file system. Update the Auto Scaling group to use the new launch template version to cycle in newer EC2 instances and to terminate the older EC2 instances.

B.

Enable Multi-Attach on the EBS volumes. Create a new launch template version that includes user data that mounts the EBS volume. Update the Auto Scaling group to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances.

C.

Create a cron job that synchronizes the data between the EBS volumes for all the EC2 instances in the Auto Scaling group. Create a lifecycle hook during instance launch to configure the cron job on all the EC2 instances. Rotate out the older EC2 instances.

D.

Create a new launch template version that creates an Amazon Elastic File System (Amazon EFS) file system. Update the Auto Scaling group to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances.

Question 72

Users of a company's internal web application recently experienced application performance issues for a brief period The application includes frontend web servers that run in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster The application also includes a bacKend Amazon Aurora PostgreSQL DB cluster that includes one DB instance.

A SysOps administrator determines that the source of the performance issues was high utilization of the DB cluster. The single writer instance experienced more than 90% utilization for 11 minutes The cause of the high utilization was an automated report that is scheduled to run one time each week

What should the SysOps administrator do to ensure that users do not experience performance Issues each week when the report runs?

Options:

A.

Increase the size of the DB instance. Monitor the performance during the next scheduled run of the report

B.

Add a reader instance. Change the database connection string of the report application to use the newly created reader instance.

C.

Add another writer instance Change the database connection string of the report application to use the newly created writer instance.

D.

Configure auto scaling for the DB cluster Set the minimum capacity units, maximum capacity units, and target utilization

Question 73

A company uses an Amazon Elastic File System (Amazon EFS) file system to share files across many Linux Amazon EC2 instances. A SysOps administrator notices that the file system's PercentIOLimit metric is consistently at 100% for 15 minutes or longer. The SysOps administrator also notices that the application that reads and writes to that file system is performing poorly. They application requires high throughput and IOPS while accessing the file system.

What should the SysOps administrator do to remediate the consistently high PercentIOLimit metric?

Options:

A.

Create a new EFS file system that uses Max I/O performance mode. Use AWS DataSync to migrate data to the new EFS file system.

B.

Create an EFS lifecycle policy to transition future files to the Infrequent Access (IA) storage class to improve performance. Use AWS DataSync to migrate existing data to IA storage.

C.

Modify the existing EFS file system and activate Max I/O performance mode.

D.

Modify the existing EFS file system and activate Provisioned Throughput mode.

Question 74

You need to update an existing AWS CloudFormation stack. If needed, a copy to the CloudFormation template is available in an Amazon SB bucket named cloudformation-bucket

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:

a) Change the EC2 instance type to us-east-t2.nano.

b) Allow SSH to connect to the EC2 instance from the IP address range

192.168.100.0/30.

c) Replace the instance profile IAM role with IamRoleB.

4. Deploy the changes by updating the stack using the CFServiceR01e role.

5. Edit the stack options to prevent accidental deletion.

6. Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

Options:

Question 75

If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the

console by using the AWS Management Console shortcut from the VM desktop.

If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V.

Configure Amazon EventBridge to meet the following requirements.

1. use the us-east-2 Region for all resources,

2. Unless specified below, use the default configuration settings.

3. Use your own resource naming unless a resource

name is specified below.

4. Ensure all Amazon EC2 events in the default event

bus are replayable for the past 90 days.

5. Create a rule named RunFunction to send the exact message every 1 5 minutes to an existing AWS Lambda function named LogEventFunction.

6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2

Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:

Input Path:

{“instance” : “$.detail.instance-id”}

Input template:

“ The EC2 Spot Instance has been on account.

Options:

Question 76

A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site.

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. There is an existing hosted zone named lab-

751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB.

4. Configure the existing S3 bucket named lab-751906329398-26023898.com as a static hosted website using the object named index.html as the index document

5. For the index-html object, configure the S3 ACL to allow for public read access. Ensure public access to the S3 bucketjs allowed.

6. In Amazon Route 53, change the A record for domain lab-751906329398-26023898.com to a primary record for a failover routing policy. Configure the record so that it evaluates the health of the ALB to determine failover.

7. Create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing 53 bucket.

Options:

Page: 1 / 19
Total 485 questions