Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: myex65

Home > Amazon Web Services > AWS Certified Associate > SOA-C02

SOA-C02 AWS Certified SysOps Administrator - Associate (SOA-C02) Question and Answers

Question # 4

After creating a presigned URL for an S3 object, users can no longer access the file after a few days.

Options (Select TWO):

A.

The presigned URL's expiration date and time have passed.

B.

The SysOps administrator's access key is no longer valid.

C.

The S3 bucket's Block Public Access settings are enabled.

D.

The S3 object's ACL does not include READ access for the All Users group.

E.

The S3 object's ACL does not include READ_ACP access for the All Users group.

Full Access
Question # 5

A company is running a development application on an Amazon EC2 instance. The application uploads 500.000 files that are 1 GB in size into a large! Amazon S3 bucket that has default encryption enabled The EC2 instance is in the same AWS Region where the S3 bucket is deployed.

The company uses performance logging that is built into the application software. The logs show that the application is constantly waiting for the files to be written to the S3 bucket. A SysOps administrator needs to improve the application's throughput performance. The SysOps administrator validates that the networking on the EC2 instance is not constrained.

What should the SysOps administrator do to improve the S3 upload performance''

A.

Enable S3 Transfer Acceleration on the S3 bucket.

B.

Split the S3 write operations to use multiple bucket prefixes to write items in parallel.

C.

Configure AWS PrivateLink for Amazon S3 Turn off encryption on the S3 bucket

D.

Configure AWS Global Accelerator in the Region. Turn off encryption on the S3 bucket.

Full Access
Question # 6

A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team's applications later process these files.

A SysOps administrator sets up a new S3 bucket. DOC-EXAMPLE-BUCKET, to support a new workload. The new S3 bucket also receives regular uploads of large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing S3 buckets provide.

What should the SysOps administrator do to remediate this issue?

A.

Provision an Amazon ElasliCache for Redis cluster for the new S3 bucket. Provide the developers with the configuration endpoint of the cluster for use in their API calls.

B.

Add the new S3 bucket to a new Amazon CloudFront distribution. Provide the developers with the domain name of the new distribution for use in their API calls.

C.

Enable S3 Transfer Acceleration for the new S3 bucket. Verify that the developers are using the DOC-EXAMPLE-BUCKET.s3-accelerate.amazonaws.com endpoint name in their API calls.

D.

Use S3 multipart upload for the new S3 bucket. Verify that the developers are using Region-specific S3 endpoint names such as D0C-EXAMPLE-BUCKET.s3. [RegionJ.amazonaws.com in their API calls.

Full Access
Question # 7

A company's backend infrastructure contains an Amazon EC2 instance in a private subnet. The private subnet has a route to the internet through a NAT gateway in a public subnet. The instance must allow connectivity to a secure web server on the internet to retrieve data at regular intervals.

The client software times out with an error message that indicates that the client software could not establish the TCP connection.

What should a SysOps administrator do to resolve this error?

A.

Add an inbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP, Source - 0.0.0.0/0.

B.

Add an inbound rule to the security group for the EC2 instance with the following parameters: Type - HTTPS, Source - 0.0.0.0/0.

C.

Add an outbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP, Destination - 0.0.0.0/0.

D.

Add an outbound rule to the security group for the EC2 instance with the following parameters: Type - HTTPS. Destination - 0.0.0.0/0.

Full Access
Question # 8

A Sysops administrator creates an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that uses AWS Fargate. The cluster is deployed successfully. The Sysops administrator needs to manage the cluster by using the kubect1 command line tool.

Which of the following must be configured on the Sysops administrator's machine so that kubect1 can communicate with the cluster API server?

A.

The kubeconfig file

B.

The kube-proxy Amazon EKS add-on

C.

The Fargate profile

D.

The eks-connector.yaml file

Full Access
Question # 9

A company has deployed AWS Security Hub and AWS Config in a newly implemented organization in AWS Organizations. A SysOps administrator must implement a solution to restrict all member accounts in the organization from deploying Amazon EC2 resources in the ap-southeast-2 Region. The solution must be implemented from a single point and must govern an current and future accounts. The use of root credentials also must be restricted in member accounts.

Which AWS feature should the SysOps administrator use to meet these requirements?

A.

AWS Config aggregator

B.

IAM user permissions boundaries

C.

AWS Organizations service control policies (SCPs)

D.

AWS Security Hub conformance packs

Full Access
Question # 10

A company runs several workloads on AWS. The company identifies five AWS Trusted Advisor service quota metrics to monitor in a specific AWS Region. The company wants to receive email notification each time resource usage exceeds 60% of one of the service quotas.

Which solution will meet these requirements?

A.

Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metric. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas.

B.

Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metric. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas.

C.

Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas.

D.

Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas.

Full Access
Question # 11

An organization with a large IT department has decided to migrate to AWS With different job functions in the IT department it is not desirable to give all users access to all AWS resources Currently the organization handles access via LDAP group membership

What is the BEST method to allow access using current LDAP credentials?

A.

Create an AWS Directory Service Simple AD Replicate the on-premises LDAP directory to Simple AD

B.

Create a Lambda function to read LDAP groups and automate the creation of IAM users

C.

Use AWS CloudFormation to create IAM roles Deploy Direct Connect to allow access to the on-premises LDAP server

D.

Federate the LDAP directory with IAM using SAML Create different IAM roles to correspond to different LDAP groups to limit permissions

Full Access
Question # 12

A company has a VPC with public and private subnets. An Amazon EC2 based application resides in the private subnets and needs to process raw .csv files stored in an Amazon S3 bucket. A SysOps administrator has set up the correct IAM role with the required permissions for the application to access the S3 bucket, but the application is unable to communicate with the S3 bucket.

Which action will solve this problem while adhering to least privilege access?

A.

Add a bucket policy to the S3 bucket permitting access from the IAM role.

B.

Attach an S3 gateway endpoint to the VPC. Configure the route table for the private subnet.

C.

Configure the route table to allow the instances on the private subnet access through the internet gateway.

D.

Create a NAT gateway in a private subnet and configure the route table for the private subnets.

Full Access
Question # 13

A company needs to deploy instances of an application and associated infrastructure to multiple AWS Regions. The company wants to use a single AWS CloudFormation template to achieve this goal. The company uses AWS Organizations and wants to administer and run this template from a central administration account.

What should a SysOps administrator do to meet these requirements?

A.

Create a CloudFormation template that is stored in Amazon S3. Configure Cross-Region Replication (CRR) on the S3 bucket. Reference the required accounts and remote Regions in the input template parameters.

B.

In the central administration account, create a CloudFormation primary template that loads CloudFormation nested stacks from Amazon S3 buckets in the target Regions.

C.

Create CloudFormation nested stacks by using a primary template in the central administration account. Configure the required accounts and Regions for deployment of the nested stacks.

D.

Create a CloudFormation stack set that includes service-managed permissions. Deploy the stack set into the required accounts and Regions from the central administration account.

Full Access
Question # 14

A company uses an Amazon Simple Queue Service (Amazon SQS) standard queue with its application. The application sends messages to the queue with unique message bodies The company decides to switch to an SQS FIFO queue

What must the company do to migrate to an SQS FIFO queue?

A.

Create a new SQS FIFO gueue Turn on content based deduplication on the new FIFO queue Update the application to include a message group ID in the messages

B.

Create a new SQS FIFO queue Update the application to include the DelaySeconds parameter in the messages

C.

Modify the queue type from SQS standard to SQS FIFO Turn off content-based deduplication on the queue Update the application to include a message group ID in the messages

D.

Modify the queue type from SQS standard to SQS FIFO Update the application to send messages with identical message bodies and to include the DelaySeconds parameter in the messages

Full Access
Question # 15

A SysOps administrator is investigating a company's web application for performance problems The application runs on Amazon EC2 instances that are in an Auto Scaling group. The application receives large traffic increases at random times throughout the day. During periods of rapid traffic increases, the Auto Scaling group is not adding capacity fast enough. As a result, users are experiencing poor performance.

The company wants to minimize costs without adversely affecting the user experience when web traffic surges quickly. The company needs a solution that adds more capacity to me Auto Scaling group for larger traffic increases than for smaller traffic increases.

How should the SysOps administrator configure the Auto Scaling group to meet these requirements?

A.

Create a simple scaling policy with settings to make larger adjustments in capacity when the system is under heavy load

B.

Create a step scaling policy with settings to make larger adjustments in capacity when the system is under heavy load.

C.

Create a target tracking scaling policy with settings to make larger adjustments in capacity when the system is under heavy load

D.

Use Amazon EC2 Auto Scaling lifecycle hooks Adjust the Auto Scaling group's maximum number of instances after every scaling event

Full Access
Question # 16

A company uses AWS Organizations to manage multiple AWS accounts. Corporate policy mandates that only specific AWS Regions can be used to store and process customer data. A SysOps administrator must prevent the provisioning of Amazon EC2 instances in unauthorized Regions by anyone in the company.

What is the MOST operationally efficient solution that meets these requirements?

A.

Configure AWS CloudTrail in all Regions to record all API activity Create an Amazon EventBridge rule in all unauthorized Regions for ec2:Runlnstances events. Use AWS Lambda to terminate the launched EC2 instances.

B.

In each AWS account, create a managed 1AM policy that uses a Region condition to deny the ec2:Runlnstances action in all unauthorized Regions. Attach this policy to all 1AM groups in each AWS account.

C.

In each AWS account, create an 1AM permissions boundary policy that uses a Region condition to deny the ec2:Runlnstances action in all unauthorized Regions. Attach the permissions boundary policy to all 1AM users in each AWS account.

D.

Create a service control policy (SCP) in AWS Organizations to deny the ec2:Runlnstances action in all unauthorized Regions. Attach this policy to the root level of the organization.

Full Access
Question # 17

A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps administrator inspects the VPC flow logs and finds the following entry:

2 111122223333 eni-<###> 192.0.2.15 203.0.113.56 40711 443 6 1 40 1418530010 1418530070 REJECT OK

What is a possible cause of these failed connections?

A.

A security group is denying traffic on port 443.

B.

The EC2 instance is shut down.

C.

The network ACL is blocking HTTPS traffic.

D.

The VPC has no internet gateway attached.

Full Access
Question # 18

A company with multiple AWS accounts needs to obtain recommendations for AWS Lambda functions and identify optimal resource configurations for each Lambda function. How should a SysOps administrator provide these recommendations?

A.

Create an AWS Serverless Application Repository and export the Lambda function recommendations.

B.

Enable AWS Compute Optimizer and export the Lambda function recommendations

C.

Enable all features of AWS Organization and export the recommendations from AWS CloudTrail Insights.

D.

Run AWS Trusted Advisor and export the Lambda function recommendations

Full Access
Question # 19

A recent organizational audit uncovered an existing Amazon RDS database that is not currently configured for high availability. Given the critical nature of this database, it must be configured for high availability as soon as possible.

How can this requirement be met?

A.

Switch to an active/passive database pair using the create-db-instance-read-replica with the --availability-zone flag.

B.

Specify high availability when creating a new RDS instance, and live-migrate the data.

C.

Modify the RDS instance using the console to include the Multi-AZ option.

D.

Use the modify-db-instance command with the --na flag.

Full Access
Question # 20

An errant process is known to use an entire processor and run at 100% A SysOps administrator wants to automate restarting the instance once the problem occurs for more than 2 minutes

How can this be accomplished?

A.

Create an Amazon CloudWatch alarm for the Amazon EC2 instance with basic monitoring Enable an action to restart the instance

B.

Create a CloudWatch alarm for the EC2 instance with detailed monitoring Enable an action to restart the instance

C.

Create an AWS Lambda function to restart the EC2 instance triggered on a scheduled basis every 2 minutes

D.

Create a Lambda function to restart the EC2 instance, triggered by EC2 health checks

Full Access
Question # 21

A SysOps administrator is examining the following AWS CloudFormation template:

Why will the stack creation fail?

A.

The Outputs section of the Cloud Formation template was omitted.

B.

The Parameters section of the CtoudFormation template was omitted.

C.

The PnvateDnsName cannot be set from a CloudFormation template.

D.

The VPC was not specified in the CloudFormation template.

Full Access
Question # 22

A large company is using AWS Organizations to manage its multi-account AWS environment. According to company policy, all users should have read-level access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be available outside the organization. A SysOps administrator must set up the permissions and add a bucket policy to the S3 bucket.

Which parameters should be specified to accomplish this in the MOST efficient manner?

A.

Specify "' as the principal and PrincipalOrgld as a condition.

B.

Specify all account numbers as the principal.

C.

Specify PrincipalOrgld as the principal.

D.

Specify the organization's management account as the principal.

Full Access
Question # 23

A company has multiple AWS accounts. The company uses AWS Organizations with an organizational unit (OU) for the production account and another OU for the development account. Corporate policies state that developers may use only approved AWS services in the production account.

What is the MOST operationally efficient solution to control the production account?

A.

Create a customer managed policy in AWS Identity and Access Management (IAM). Apply the policy to all users within the production account.

B.

Create a job function policy in AWS Identity and Access Management (IAM). Apply the policy to all users within the production OU.

C.

Create a service control policy (SCP). Apply the SCP to the production OU.

D.

Create an IAM policy. Apply the policy in Amazon API Gateway to restrict the production account.

Full Access
Question # 24

A company’s application on EC2 instances relies on a Single-AZ RDS for MySQL DB instance. The SysOps administrator needs to ensure failover to minimize downtime.

Options:

A.

Modify the DB instance to be a Multi-AZ DB instance deployment.

B.

Add a read replica in the same Availability Zone where the DB instance is deployed.

C.

Add the DB instance to an Auto Scaling group that has a minimum capacity of 2 and a desired capacity of 2.

D.

Use RDS Proxy to configure a proxy in front of the DB instance.

Full Access
Question # 25

A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.

What is the SIMPLEST approach the SysOps administrator can take to ensure S3 buckets in those accounts can never be deleted?

A.

Set up MFA Delete on all the S3 buckets to prevent the buckets from being deleted.

B.

Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.

C.

Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.

D.

Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.

Full Access
Question # 26

A company must migrate its applications to AWS The company is using Chef recipes for configuration management The company wants to continue to use the existing Chef recipes after the applications are migrated to AWS.

What is the MOST operationally efficient solution that meets these requirements?

A.

Use AWS Cloud Format ion to create an Amazon EC2 instance, install a Chef server, and add Chef recipes.

B.

Use AWS CloudFormation to create a stack and add layers for Chef recipes.

C.

Use AWS Elastic Beanstalk with the Docker platform to upload Chef recipes.

D.

Use AWS OpsWorks to create a stack and add layers with Chef recipes.

Full Access
Question # 27

A SysOps administrator needs to implement a backup strategy for Amazon EC2 resources and Amazon RDS resources. The backup strategy must meet the following retention requirements:

• Daily backups: must be kept for 6 days

• Weekly backups: must be kept for 4 weeks:

• Monthly backups: must be kept for 11 months

• Yearly backups: must be kept for 7 years

Which backup strategy will meet these requirements with the LEAST administrative effort?

A.

Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (Amazon EBS) snapshot policy. Create tags on each resource that needs to be backed up. Create multiple schedules according to the requirements within the policy. Set the appropriate frequency and retention period.

B.

Use AWS Backup to create a new backup plan for each retention requirement with a backup frequency of daily, weekly, monthly, or yearly. Set the retention period to match the requirement. Create tags on each resource that needs to be backed up. Set up resource assignment by using the tags.

C.

Create an AWS Lambda function. Program the Lambda function to use native tooling to take backups of file systems in Amazon EC2 and to make copies of databases in Amazon RDS. Create an Amazon EventBridge rule to invoke the Lambda function.

D.

Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (Amazon EBS) snapshot policy. Create tags on each resource that needs to be backed up. Set up resource assignment by using the tags. Create multiple schedules according to the requirements within the policy. Set the appropriate frequency and retention period. In Amazon RDS, activate automated backups on the required DB instances.

Full Access
Question # 28

A company has an application that runs only on Amazon EC2 Spot Instances. The instances run in an Amazon EC2 Auto Scaling group with scheduled scaling actions.

However, the capacity does not always increase at the scheduled times, and instances terminate many times a day. A Sysops administrator must ensure that the instances launch on time and have fewer interruptions.

Which action will meet these requirements?

A.

Specify the capacity-optimized allocation strategy for Spot Instances. Add more instance types to the Auto Scaling group.

B.

Specify the capacity-optimized allocation strategy for Spot Instances. Increase the size of the instances in the Auto Scaling group.

C.

Specify the lowest-price allocation strategy for Spot Instances. Add more instance types to the Auto Scaling group.

D.

Specify the lowest-price allocation strategy for Spot Instances. Increase the size of the instances in the Auto Scaling group.

Full Access
Question # 29

A SysOps administrator must create an IAM policy for a developer who needs access to specific AWS services. Based on the requirements, the SysOps administrator creates the following policy:

Which actions does this policy allow? (Select TWO.)

A.

Create an AWS Storage Gateway.

B.

Create an IAM role for an AWS Lambda function.

C.

Delete an Amazon Simple Queue Service (Amazon SQS) queue.

D.

Describe AWS load balancers.

E.

Invoke an AWS Lambda function.

Full Access
Question # 30

A company uses AWS Organizations to host several applications across multiple AWS accounts. Several teams are responsible for building and maintaining the infrastructure of the applications across the AWS accounts.

A SysOps administrator must implement a solution to ensure that user accounts and permissions are centrally managed. The solution must be integrated with the company's existing on-premises Active Directory environment. The SysOps administrator already has enabled AWS 1AM Identity Center (AWS Single Sign-On) and has set up an AWS Direct Connect connection.

What is the MOST operationally efficient solution that meets these requirements?

A.

Create a Simple AD domain, and establish a forest trust relationship with the on-premises Active Directory domain. Set the Simple AD domain as the identity source for 1AM Identity Center. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.

B.

Create an Active Directory domain controller on an Amazon EC2 instance that is joined to the on-premises Active Directory domain. Set the Active Directory domain controller as the identity source for 1AM Identity Center. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.

C.

Create an AD Connector that is associated with the on-premises Active Directory domain. Set the AD Connector as the identity source for 1AM Identity Center. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.

D.

Use the built-in SSO directory as the identity source for 1AM Identity Center. Copy the users and groups from the on-premises Active Directory domain. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.

Full Access
Question # 31

A company uploaded its website files to an Amazon S3 bucket that has S3 Versioning enabled. The company uses an Amazon CloudFront distribution with the S3 bucket as the origin. The company recently modified the tiles, but the object names remained the same. Users report that old content is still appearing on the website.

How should a SysOps administrator remediate this issue?

A.

Create a CloudFront invalidation, and add the path of the updated files.

B.

Create a CloudFront signed URL to update each object immediately.

C.

Configure an S3 origin access identity (OAI) to display only the updated files to users.

D.

Disable S3 Versioning on the S3 bucket so that the updated files can replace the old files.

Full Access
Question # 32

A company is migrating its production file server to AWS. All data that is stored on the file server must remain accessible if an Availability Zone becomes unavailable or when system maintenance is performed. Users must be able to interact with the file server through the SMB protocol. Users also must have the ability to manage file permissions by using Windows ACLs.

Which solution will net these requirements?

A.

Create a single AWS Storage Gateway file gateway.

B.

Create an Amazon FSx for Windows File Server Multi-AZ file system.

C.

Deploy two AWS Storage Gateway file gateways across two Availability Zones. Configure an Application Load Balancer in front of the file gateways.

D.

Deploy two Amazon FSx for Windows File Server Single-AZ 2 file systems. Configure Microsoft Distributed File System Replication (DFSR).

Full Access
Question # 33

A SysOps administrator wants to manage a web server application with AWS Elastic Beanstalk. The Elastic Beanstalk service must maintain full capacity for new deployments at all times.

Which deployment policies satisfy this requirement? (Select TWO.)

A.

All at once

B.

Immutable

C.

Rebuild

D.

Rolling

E.

Rolling with additional batch

Full Access
Question # 34

A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance.

Which of the following are possible causes of this issue? (Choose two.)

A.

A network ACL associated with the bastion's subnet is blocking the network traffic.

B.

The instance does not have a private IP address.

C.

The route table associated with the bastion's subnet does not have a route to the internet gateway.

D.

The security group for the instance does not have an inbound rule on port 22.

E.

The security group for the instance does not have an outbound rule on port 3389.

Full Access
Question # 35

The SysOps administrator needs to prevent any account within an AWS Organization from leaving the organization.

Options:

A.

Create a service control policy (SCP) that denies the LeaveOrganization action. Apply the SCP to the root organizational unit (OU).

B.

Create a service control policy (SCP) that denies the RemoveAccountFromOrganization action. Apply the SCP to the root organizational unit (OU).

C.

Deploy an AWS Lambda function in each member account to remove any Organizations permissions when a user is created.

D.

Turn on AWS Config. Set up the account-part-of-organizations managed rule. Configure the rule to run every hour.

Full Access
Question # 36

A company runs its web application on multiple Amazon EC2 instances that are part of an Auto Scaling group. The company wants the Auto Scaling group to scale out as soon as CPU utilization rises above 50% for the instances.

How should a SysOps administrator configure the Auto Scaling group to meet these requirements?

A.

Configure the Auto Scaling group to scale based on events.

B.

Configure the Auto Scaling group to scale based on a schedule.

C.

Configure the Auto Scaling group to scale dynamically based on demand.

D.

Configure the Auto Scaling group to use predictive scaling.

Full Access
Question # 37

A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin. After a week of monitoring the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load.

What are possible causes for this problem? (Choose two.)

A.

CloudFront does not have the ALB configured as the origin access identity.

B.

The DNS is still pointing to the ALB instead of the CloudFront distribution.

C.

The ALB security group is not permitting inbound traffic from CloudFront.

D.

The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on the CloudFront distribution.

E.

The target groups associated with the ALB are configured for sticky sessions.

Full Access
Question # 38

A SysOps administrator is re-architecting an application. The SysOps administrator has moved the database from a public subnet, where the database used a public endpoint. into a private subnet to restrict access from the public network. After this change, an AWS Lambda function that requires read access to the database cannot connect to the database. The SysOps administrator must resolve this issue without compromising security.

Which solution meets these requirements?

A.

Create an AWS PrivateLink interface endpoint for the Lambda function. Connect to the database using its private endpoint.

B.

Connect the Lambda function to the database VPC. Connect to the database using its private endpoint.

C.

Attach an 1AM role to the Lambda function with read permissions to the database.

D.

Move the database to a public subnet. Use security groups for secure access.

Full Access
Question # 39

A SysOps administrator is preparing to deploy an application to Amazon EC2 instances that are in an Auto Scaling group. The application requires dependencies to be installed. Application updates are Issued weekly.

The SysOps administrator needs to implement a solution to incorporate the application updates on a regular basis. The solution also must conduct a vulnerability scan during Amazon Machine Image (AMI) creation.

What is the MOST operationally efficient solution that meets these requirements?

A.

Create a script that uses Packer. Schedule a cron job to run the script.

B.

Install the application and its dependencies on an EC2 instance. Create an AMI of the H£2 instance.

C.

Use EC2 Image Builder with a custom recipe to install the application and its dependencies.

D.

Invoke the EC2 Createlmage API operation by using an Amazon EventBridge scheduled rule.

Full Access
Question # 40

A company is running an application on premises and wants to use AWS for data backup All of the data must be available locally The backup application can write only to block-based storage that is compatible with the Portable Operating System Interface (POSIX)

Which backup solution will meet these requirements?

A.

Configure the backup software to use Amazon S3 as the target for the data backups

B.

Configure the backup software to use Amazon S3 Glacier as the target for the data backups

C.

Use AWS Storage Gateway, and configure it to use gateway-cached volumes

D.

Use AWS Storage Gateway, and configure it to use gateway-stored volumes

Full Access
Question # 41

A SysOps administrator notices a scale-up event for an Amazon EC2 Auto Scaling group Amazon CloudWatch shows a spike in the RequestCount metric for the associated Application Load Balancer The administrator would like to know the IP addresses for the source of the requests

Where can the administrator find this information?

A.

Auto Scaling logs

B.

AWS CloudTrail logs

C.

EC2 instance logs

D.

Elastic Load Balancer access logs

Full Access
Question # 42

A SysOps administrator wants to monitor the free disk space that is available on a set of Amazon EC2 instances that have Amazon Elastic Block Store (Amazon EBS) volumes attached. The SysOps administrator wants to receive a notification when the used disk space of the EBS volumes exceeds a threshold value, but only when the DiskReadOps metric also exceeds a threshold value The SysOps administrator has set up an Amazon Simple Notification Service (Amazon SNS) topic.

How can the SysOps administrator receive notification only when both metrics exceed their threshold values?

A.

Install the Amazon CloudWatch agent on the EC2 instances. Create a metric alarm for the disk space and a metric alarm for the DiskReadOps metric. Create a composite alarm that includes the two metric alarms to publish a notification to the SNS topic.

B.

Install the Amazon CloudWatch agent on the EC2 instances. Create a metric alarm for the disk space and a metric alarm for the DiskReadOps metric. Configure each alarm to publish a notification to the SNS topic.

C.

Create a metric alarm for the EBSByteBalance% metric and a metric alarm for the DiskReadOps metric. Create a composite alarm that includes the two metric alarms to publish a notification to the SNS topic.

D.

Configure detailed monitoring for the EC2 instances. Create a metric alarm for the disk space and a metric alarm for the DiskReadOps metric. Create a composite alarm that includes the two metric alarms to publish a notification to the SNS topic.

Full Access
Question # 43

A SysOps administrator needs to give users the ability to upload objects to an Amazon S3 bucket. The SysOps administrator creates a presigned URL and provides the URL to a user, but the user cannot upload an object to the S3 bucket. The presigned URL has not expired, and no bucket policy is applied to the S3 bucket.

Which of the following could be the cause of this problem?

A.

The user has not properly configured the AWS CLI with their access key and secret access key.

B.

The SysOps administrator does not have the necessary permissions to upload the object to the S3 bucket.

C.

The SysOps administrator must apply a bucket policy to the S3 bucket to allow the user to upload the object.

D.

The object already has been uploaded through the use of the presigned URL, so the presigned URL is no longer valid.

Full Access
Question # 44

A company has an organization in AWS Organizations. The company uses shared VPCs to provide networking resources across accounts A SysOps administrator has been able to successfully launch and manage Amazon EC2 instances in a participant account However the SysOps administrator is now receiving an InstanceLimitExceeded error when the SysOps administrator tries to launch a new EC2 instance

What should the SysOps administrator do to resolve this error')

A.

Request an instance quota increase from the account that owns the VPC

B.

Launch additional EC2 instances in a different AWS Region

C.

Request an instance quota increase from the parte pant account

D.

Launch additional EC2 instances by using a different Amazon Machine image (AMI)

Full Access
Question # 45

A company is attempting to manage its costs in the AWS Cloud. A SysOps administrator needs specific company-defined tags that are assigned to resources to appear on the billing report.

What should the SysOps administrator do to meet this requirement?

A.

Activate the tags as AWS generated cost allocation tags.

B.

Activate the tags as user-defined cost allocation tags.

C.

Create a new cost category. Select the account billing dimension.

D.

Create a new AWS Cost and Usage Report. Include the resource IDs.

Full Access
Question # 46

A SysOps administrator is managing a Memcached cluster in Amazon ElastiCache. The cluster has been heavily used recently, and the administrator wants to use a larger instance type with more memory.

What should the administrator use to make this change?

A.

Use the ModifycacheCluster API and specify a new cacheNodeType.

B.

Use the createcacheciuster API and specify a new cacheNodeType.

C.

Use the Modi fyCacheParameterGcoup API and specify a new CacheNodeType.

D.

Use the Rebootcacheclustcr API and specify a new CacheNodeType.

Full Access
Question # 47

A company uses an Amazon Elastic File System (Amazon EFS) file system to share files across many Linux Amazon EC2 instances. A SysOps administrator notices that the file system's PercentIOLimit metric is consistently at 100% for 15 minutes or longer. The SysOps administrator also notices that the application that reads and writes to that file system is performing poorly. They application requires high throughput and IOPS while accessing the file system.

What should the SysOps administrator do to remediate the consistently high PercentIOLimit metric?

A.

Create a new EFS file system that uses Max I/O performance mode. Use AWS DataSync to migrate data to the new EFS file system.

B.

Create an EFS lifecycle policy to transition future files to the Infrequent Access (IA) storage class to improve performance. Use AWS DataSync to migrate existing data to IA storage.

C.

Modify the existing EFS file system and activate Max I/O performance mode.

D.

Modify the existing EFS file system and activate Provisioned Throughput mode.

Full Access
Question # 48

A company is running a flash sale on its website. The website is hosted on burstable performance Amazon EC2 instances in an Auto Scaling group. The Auto Scaling group is configured to launch instances when the CPU utilization is above 70%.

A couple of hours into the sale, users report slow load times and error messages for refused connections. A SysOps administrator reviews Amazon CloudWatch metrics and notices that the CPU utilization is at 20% across the entire fleet of instances.

The SysOps administrator must restore the website's functionality without making changes to the network infrastructure.

Which solution will meet these requirements?

A.

Activate unlimited mode for the instances in the Auto Scaling group.

B.

Implement an Amazon CloudFront distribution to offload the traffic from the Auto Scaling group.

C.

Move the website to a different AWS Region that is closer to the users.

D.

Reduce the desired size of the Auto Scaling group to artificially increase CPU average utilization.

Full Access
Question # 49

A company hosts several write-intensive applications. These applications use a MySQL database that runs on a single Amazon EC2 instance. The company asks a SysOps administrator to implement a highly available database solution that is ideal for multi-tenant workloads.

Which solution should the SysOps administrator implement to meet these requirements?

A.

Create a second EC2 instance for MySQL. Configure the second instance to be a read replica.

B.

Migrate the database to an Amazon Aurora DB cluster. Add an Aurora Replica.

C.

Migrate the database to an Amazon Aurora multi-master DB cluster.

D.

Migrate the database to an Amazon RDS for MySQL DB instance.

Full Access
Question # 50

A company is running Amazon RDS for PostgreSOL Multi-AZ DB clusters. The company uses an AWS Cloud Formation template to create the databases individually with a default size of 100 GB. The company creates the databases every Monday and deletes the databases every Friday.

Occasionally, the databases run low on disk space and initiate an Amazon CloudWatch alarm. A SysOps administrator must prevent the databases from running low on disk space in the future.

Which solution will meet these requirements with the FEWEST changes to the application?

A.

Modify the CloudFormation template to use Amazon Aurora PostgreSOL as the DB engine.

B.

Modify the CloudFormation template to use Amazon DynamoDB as the database. Activate storage auto scaling during creation of the tables

C.

Modify the Cloud Formation template to activate storage auto scaling on the existing DB instances.

D.

Create a CloudWatch alarm to monitor DB instance storage space. Configure the alarm to invoke the VACUUM command.

Full Access
Question # 51

A company uses AWS CloudFormation to deploy its application infrastructure Recently, a user accidentally changed a property of a database in a CloudFormation template and performed a stack update that caused an interruption to the application A SysOps administrator must determine how to modify the deployment process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.

Which solution will meet these requirements?

A.

Set up an AWS Config rule to alert based on changes to any CloudFormation stack An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation

B.

Set up an Amazon CloudWatch Events event with a rule to trigger based on any CloudFormation API call An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation

C.

Launch the CloudFormation templates using a stack policy with an explicit allow for all resources and an explicit deny of the protected resources with an action of Update

D.

Attach an IAM policy to the DevOps team role that prevents a CloudFormation stack from updating, with a condition based on the specific Amazon Resource Names (ARNs) of the protected resources

Full Access
Question # 52

A company currently runs its infrastructure within a VPC in a single Availability Zone The VPC is connected to the company's on-premises data center through an AWS Site-to-SIte VPN connection attached to a virtual pnvate gateway. The on-premises route tables route all VPC networks to the VPN connection Communication between the two environments is working correctly. A SysOps administrator created new VPC subnets within a new Availability Zone, and deployed new resources within the subnets. However, communication cannot be established between the new resources and the on-premises environment.

Which steps should the SysOps administrator take to resolve the issue?

A.

Add a route to the route tables of the new subnets that send on-premises traffic to the virtual private gateway.

B.

Create a ticket with AWS Support to request adding Availability Zones to the Site-to-Site VPN route configuration.

C.

Establish a new Site-to-Site VPN connection between a virtual private gateway attached to the new Availability Zone and the on-premises data center

D.

Replace the Site-to-Site VPN connection with an AWS Direct Connect connection.

Full Access
Question # 53

A company's SysOps administrator attempts to restore an Amazon Elastic Block Store (Amazon EBS) snapshot. However, the snapshot is missing because another system administrator accidentally deleted the snapshot. The company needs the ability to recover snapshots for a specified period of time after snapshots are deleted.

Which solution will provide this functionality?

A.

Turn on deletion protection on individual EBS snapshots that need to be kept.

B.

Create an 1AM policy that denies the deletion of EBS snapshots by using a condition statement for the snapshot age Apply the policy to all users

C.

Create a Recycle Bin retention rule for EBS snapshots for the desired retention period.

D.

Use Amazon EventBridge (Amazon CloudWatch Events) to schedule an AWS Lambda function to copy EBS snapshots to Amazon S3 Glacier.

Full Access
Question # 54

A company runs its applications on a large number of Amazon EC2 instances. A SysOps administrator must implement a solution to notify the operations team whenever an EC2 instance slate changes.

What is the MOST operationally efficient solution that meets these requirements?

A.

Create a script that captures instance state changes and publishes a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Use AWS Systems Manager Run Command to run the script on all EC2 instances.

B.

Create an Amazon EventBridge event rule that captures EC2 instance state changes. Set an Amazon Simple Notification Service (Amazon SNS) topic as the target.

C.

Create an Amazon EventBridge event rule that captures EC2 instance state changes. Set as the target an AWS Lambda function that publishes a notification to an Amazon Simple Notification Service (Amazon SNS) topic.

D.

Create an AWS Config custom rule that evaluates instance state changes with automatic remediation. Use the rule to invoke an AWS Lambda function that publishes a notification to an Amazon Simple Notification Service (Amazon SNS) topic.

Full Access
Question # 55

A global company operates out of five AWS Regions. A SysOps administrator wants to identify all the company's tagged and untagged Amazon EC2 instances.

The company requires the output to display the instance ID and tags.

What is the MOST operationally efficient way for the SysOps administrator to meet these requirements?

A.

Create a tag-based resource group in AWS Resource Groups.

B.

Use AWS Trusted Advisor. Export the EC2 On-Demand Instances check results from Trusted Advisor.

C.

Use Cost Explorer. Choose a service type of EC2-Instances, and group by Resource.

D.

Use Tag Editor in AWS Resource Groups. Select all Regions, and choose a resource type of AWS::EC2::Instance.

Full Access
Question # 56

Accompany wants to monitor the number of Amazon EC2 instances that it is running. The company also wants to automate a service quota increase when the number of instances reaches a specific threshold.

Which solution meets these requirements?

A.

Create an Amazon CloudWatch alarm to monitor Service Quotas. Configure the alarm to invoke an AWS Lambda function to request a quota increase when the alarm reaches the threshold.

B.

Create an AWS Config rule to monitor Service Quotas. Call an AWS Lambda function to remediate the action and increase the quota.

C.

Create an Amazon CloudWateh alarm to monitor the AWS Health Dashboard. Configure the alarm to invoke an AWS Lambda function to request a quota increase when the alarm reaches the threshold.

D.

Create an Amazon CloudWatch alarm to monitor AWS Trusted Advisor service quotas. Configure the alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to increase the quota.

Full Access
Question # 57

A company plans to deploy a database on an Amazon Aurora MySQL DB cluster. The database will store data for a demonstration environment. The data must be reset on a daily basis.

What is the MOST operationally efficient solution that meets these requirements?

A.

Create a manual snapshot of the DB cluster after the data has been populated. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basis. Configure the function to restore the snapshot and then delete the previous DB cluster.

B.

Enable the Backtrack feature during the creation of the DB cluster. Specify a target backtrack window of 48 hours. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basis. Configure the function to perform a backtrack operation.

C.

Export a manual snapshot of the DB cluster to an Amazon S3 bucket after the data has been populated. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basis. Configure the function to restore the snapshot from Amazon S3.

D.

Set the DB cluster backup retention period to 2 days. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basis. Configure the function to restore the DB cluster to a point in time and then delete the previous DB cluster.

Full Access
Question # 58

A company has a production application that runs on large compute optimized Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group. The Auto Scaling group has a desired capacity of 2, a maximum capacity of 2. and a minimum capacity of 1.

The application is CPU-bound. The EC2 instances show consistent CPU utilization of 90% or greater during peak usage periods. These peak usage periods are unpredictable and cause performance issues and latency issues.

Which solution will automate the resolution of these issues?

A.

Deploy additional instances outside the Auto Scaling group. Create a new target group that includes the existing instances and the additional instances as targets. Reconfigure the ALB to direct traffic to the new target group.

B.

Increase the maximum capacity of the Auto Scaling group. Change the instances to a burstable instance type

C.

Increase the maximum capacity of the Auto Scaling group. Configure a scaling policy to add instances when instance CPU utilization is greater than 80%.

D.

Increase the desired capacity of the Auto Scaling group. Configure a scaling policy to add instances when instance CPU utilization is greater than 80%.

Full Access
Question # 59

The SysOps administrator needs to prevent launching EC2 instances without a specific tag in the application OU.

Options:

A.

Create an IAM group that has a policy allowing ec2:RunInstances when the CostCenter-Project tag is present. Place all IAM users in this group.

B.

Create a service control policy (SCP) that denies ec2:RunInstances when the CostCenter-Project tag is missing. Attach the SCP to the application OU.

C.

Create an IAM role with a policy that allows ec2:RunInstances when the CostCenter-Project tag is present. Attach the IAM role to users in the application OU accounts.

D.

Create a service control policy (SCP) that denies ec2:RunInstances when the CostCenter-Project tag is missing. Attach the SCP to the root OU.

Full Access
Question # 60

A global company handles a large amount of personally identifiable information (Pll) through an internal web portal. The company's application runs in a corporate data center that is connected to AWS through an AWS Direct Connect connection. The application stores the Pll in Amazon S3. According to a compliance requirement, traffic from the web portal to Amazon S3 must not travel across the internet.

What should a SysOps administrator do to meet the compliance requirement?

A.

Provision an interface VPC endpoint for Amazon S3. Modify the application to use the interface endpoint.

B.

Configure AWS Network Firewall to redirect traffic to the internal S3 address.

C.

Modify the application to use the S3 path-style endpoint.

D.

Set up a range of VPC network ACLs to redirect traffic to the Internal S3 address.

Full Access
Question # 61

A company has migrated its application to AWS. The company will host the application on Amazon EC2 instances of multiple instance families.

During initial testing, a SysOps administrator identifies performance issues on selected EC2 instances. The company has a strict budget allocation policy, so the

SysOps administrator must use the right resource types with the performance characteristics to match the workload.

What should the SysOps administrator do to meet this requirement?

A.

Purchase regional Reserved Instances (RIs) for immediate cost savings. Review and take action on the EC2 rightsizing recommendations in Cost Explorer. Exchange the RIs for the optimal instance family after rightsizing.

B.

Purchase zonal Reserved Instances (RIs) for the existing instances. Monitor the RI utilization in the AWS Billing and Cost Management console. Make adjustments to instance sizes to optimize utilization.

C.

Review and take action on AWS Compute Optimizer recommendations. Purchase Compute Savings Plans to reduce the cost that is required to run the compute resources. Most Voted

D.

Review resource utilization metrics in the AWS Cost and Usage Report. Rightsize the EC2 instances. Create On-Demand Capacity Reservations for the rightsized resources.

Full Access
Question # 62

The company needs to minimize network latency for a cluster of EC2 instances running custom software for advanced statistical analysis.

Options:

A.

Place all the EC2 instances into a cluster placement group.

B.

Configure and assign two Elastic IP addresses for each EC2 instance.

C.

Configure jumbo frames on all the EC2 instances in the cluster.

D.

Place all the EC2 instances into a spread placement group in the same AWS Region.

Full Access
Question # 63

A company is hosting applications on Amazon EC2 instances. The company is hosting a database on an Amazon RDS for PostgreSQL DB instance. The company requires all connections to the DB instance to be encrypted.

What should a SysOps administrator do to meet this requirement?

A.

Allow SSL connections to the database by using an inbound security group rule.

B.

Encrypt the database by using an AWS Key Management Service (AWS KMS) encryption key.

C.

Enforce SSL connections to the database by using a custom parameter group.

D.

Patch the database with SSL/TLS by using a custom PostgreSQL extension.

Full Access
Question # 64

A SysOps administrator uses AWS Systems Manager Session Manager to connect to instances After the SysOps administrator launches a new Amazon EC2 instance the EC2 instance does not appear in the Session Manager list of systems that are available for connection. The SysOps administrator verities that Systems Manager Agent is installed updated and running on the EC2 instance

What is the reason for this issue?

A.

The SysOps administrator does not have access to the key pair that is required for connection

B.

The SysOps administrator has not attached a security group to the EC2 instance to allow SSH on port 22.

C.

The EC2 instance does not have an attached IAM role that allows Session Manager to connect to the EC2 instance.

D.

The EC2 instance ID has not been entered into the Session Manager configuration

Full Access
Question # 65

Users of a company's internal web application recently experienced application performance issues for a brief period The application includes frontend web servers that run in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster The application also includes a bacKend Amazon Aurora PostgreSQL DB cluster that includes one DB instance.

A SysOps administrator determines that the source of the performance issues was high utilization of the DB cluster. The single writer instance experienced more than 90% utilization for 11 minutes The cause of the high utilization was an automated report that is scheduled to run one time each week

What should the SysOps administrator do to ensure that users do not experience performance Issues each week when the report runs?

A.

Increase the size of the DB instance. Monitor the performance during the next scheduled run of the report

B.

Add a reader instance. Change the database connection string of the report application to use the newly created reader instance.

C.

Add another writer instance Change the database connection string of the report application to use the newly created writer instance.

D.

Configure auto scaling for the DB cluster Set the minimum capacity units, maximum capacity units, and target utilization

Full Access
Question # 66

A company has a public website that recently experienced problems. Some links led to missing webpages, and other links rendered incorrect webpages. The application infrastructure was running properly, and all the provisioned resources were healthy. Application logs and dashboards did not show any errors, and no monitoring alarms were raised. Systems administrators were not aware of any problems until end users reported the issues.

The company needs to proactively monitor the website for such issues in the future and must implement a solution as soon as possible.

Which solution will meet these requirements with the LEAST operational overhead?

A.

Rewrite the application to surface a custom error to the application log when issues occur. Automatically parse logs for errors. Create an Amazon CloudWatch alarm to provide alerts when issues are detected.

B.

Create an AWS Lambda function to test the website. Configure the Lambda function to emit an Amazon CloudWatch custom metric when errors are detected. Configure a CloudWatch alarm to provide alerts when issues are detected.

C.

Create an Amazon CloudWatch Synthetics canary. Use the CloudWatch Synthetics Recorder plugin to generate the script for the canary run. Configure the canary in line with requirements. Create an alarm to provide alerts when issues are detected.

Full Access
Question # 67

A company has a critical serverless application that uses multiple AWS Lambda functions. Each Lambda function generates 1 GB of log data daily in its own Amazon CloudWatch Logs log group. The company's security team asks for a count of application errors, grouped by type, across all of the log groups.

What should a SysOps administrator do to meet this requirement?

A.

Perform a CloudWatch Logs Insights query that uses the stats command and count function.

B.

Perform a CloudWatch Logs search that uses the groupby keyword and count function.

C.

Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords.

D.

Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.

Full Access
Question # 68

A SysOps administrator is troubleshooting connection timeouts to an Amazon EC2 instance that has a public IP address. The instance has a private IP address of 172.31.16.139. When the SysOps administrator tries to ping the instance's public IP address from the remote IP address 203.0.113.12, the response is "request timed out." The flow logs contain the following information:

What is one cause of the problem?

A.

Inbound security group deny rule

B.

Outbound security group deny rule

C.

Network ACL inbound rules

D.

Network ACL outbound rules

Full Access
Question # 69

A company has an AWS Config rule that identifies open SSH ports in security groups. The rule has an automatic remediation action to delete the SSH inbound rule for noncompliant security groups. However, business units require SSH access and can provide a list of trusted IPs to restrict access.

Options:

A.

Create a new AWS Systems Manager Automation runbook that adds an IP set to the security group's inbound rule. Update the AWS Config rule to change the automatic remediation action to use the new runbook.

B.

Create a new AWS Systems Manager Automation runbook that updates the security group’s inbound rule with the IP addresses from the business units. Update the AWS Config rule to change the automatic remediation action to use the new runbook.

C.

Create an AWS Lambda function that adds an IP set to the security group's inbound rule. Update the AWS Config rule to change the automatic remediation action to use the Lambda function.

D.

Create an AWS Lambda function that updates the security group's inbound rule with the IP addresses from the business units. Update the AWS Config rule to change the automatic remediation action to use the Lambda function.

Full Access
Question # 70

A SysOps administrator is using AWS Systems Manager Patch Manager to patch a fleet of Amazon EC2 instances. The SysOps administrator has configured a patch baseline and a maintenance window. The SysOps administrator also has used an instance tag to identify which instances to patch.

The SysOps administrator must give Systems Manager the ability to access the EC2 instances.

Which additional action must the SysOps administrator perform to meet this requirement?

A.

Add an inbound rule to the instances' security group.

B.

Attach an 1AM instance profile with access to Systems Manager to the instances.

C.

Create a Systems Manager activation Then activate the fleet of instances.

D.

Manually specify the instances to patch Instead of using tag-based selection.

Full Access
Question # 71

A company's SysOps administrator manages a fleet of Windows Amazon EC2 instances that run in a single AWS account. The instances have a tag that includes a key of "OS" and a value of "Windows." The company uses AWS Systems Manager to patch the instances.

The company has installed the Amazon CloudWatch agent on the instances, but the configuration is inconsistent. The SysOps administrator needs to reconfigure every instance to use the same predefined CloudWatch configuration

Which combination of steps will meet these requirements? (Select TWO.)

A.

Store the CloudWatch agent configuration file in an Amazon S3 bucket.

B.

Store the contents of the CloudWatch agent configuration file in Systems Manager OpsCenter

C.

Store the contents of the CloudWatch agent configuration file in Systems Manager Parameter Store.

D.

Create a Systems Manager State Manager association to run the AmazonCloudWatch-ManageAgent Systems Manager Run Command document Select Systems Manager as an optional configuration source. Target the instances based on tag values.

E.

Create a Systems Manager State Manager association to run the AmazonCloudWatch-ManageAgent Systems Manager Run Command document. Configure the document to use the S3 bucket location as the configuration source Target the instances based on tag values.

Full Access
Question # 72

A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company’s on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors.

Which solution will give the application the ability to resolve the internal domain names?

A.

Launch EC2 instances in the VPC. On the EC2 instances, deploy a custom DNS forwarder that forwards all DNS requests to the on-premises DNS server. Create an Amazon Route 53 private hosted zone that uses the EC2 instances for name servers.

B.

Create an Amazon Route 53 Resolver outbound endpoint. Configure the outbound endpoint to forward DNS queries against the on-premises domain to the on-premises DNS server.

C.

Set up two AWS Direct Connect connections between the AWS environment and the on-premises network. Set up a link aggregation group (LAG) that includes the two connections. Change the VPC resolver address to point to the on-premises DNS server.

D.

Create an Amazon Route 53 public hosted zone for the on-premises domain. Configure the network ACLs to forward DNS requests against the on-premises domain to the Route 53 public hosted zone.

Full Access
Question # 73

If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the

console by using the AWS Management Console shortcut from the VM desktop.

If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V.

Configure Amazon EventBridge to meet the following requirements.

1. use the us-east-2 Region for all resources,

2. Unless specified below, use the default configuration settings.

3. Use your own resource naming unless a resource

name is specified below.

4. Ensure all Amazon EC2 events in the default event

bus are replayable for the past 90 days.

5. Create a rule named RunFunction to send the exact message every 1 5 minutes to an existing AWS Lambda function named LogEventFunction.

6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2

Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:

Input Path:

{“instance” : “$.detail.instance-id”}

Input template:

“ The EC2 Spot Instance has been on account.

Full Access
Question # 74

You need to update an existing AWS CloudFormation stack. If needed, a copy to the CloudFormation template is available in an Amazon SB bucket named cloudformation-bucket

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:

a) Change the EC2 instance type to us-east-t2.nano.

b) Allow SSH to connect to the EC2 instance from the IP address range

192.168.100.0/30.

c) Replace the instance profile IAM role with IamRoleB.

4. Deploy the changes by updating the stack using the CFServiceR01e role.

5. Edit the stack options to prevent accidental deletion.

6. Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

Full Access
Question # 75

A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site.

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. There is an existing hosted zone named lab-

751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB.

4. Configure the existing S3 bucket named lab-751906329398-26023898.com as a static hosted website using the object named index.html as the index document

5. For the index-html object, configure the S3 ACL to allow for public read access. Ensure public access to the S3 bucketjs allowed.

6. In Amazon Route 53, change the A record for domain lab-751906329398-26023898.com to a primary record for a failover routing policy. Configure the record so that it evaluates the health of the ALB to determine failover.

7. Create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing 53 bucket.

Full Access