Amazon SOA-C02 Question Answers

What is Amazon SOA-C02?

Amazon SOA-C02 is a necessary certification exam to get certified. The certification is a reward to the deserving candidate with perfect results. The AWS Sysops Administrator Certification validates a candidate's expertise to work with Amazon. In this fast-paced world, a certification is the quickest way to gain your employer's approval. Try your luck in passing the AWS Certified SysOps Administrator - Associate (SOA-C02) Exam and becoming a certified professional today. Salesforcexamdumps.com is always eager to extend a helping hand by providing approved and accepted Amazon SOA-C02 Practice Questions. Passing AWS Certified SysOps Administrator - Associate (SOA-C02) will be your ticket to a better future!

Pass with Amazon SOA-C02 Braindumps!

Contrary to the belief that certification exams are generally hard to get through, passing AWS Certified SysOps Administrator - Associate (SOA-C02) is incredibly easy. Provided you have access to a reliable resource such as Salesforcexamdumps.com Amazon SOA-C02 PDF. We have been in this business long enough to understand where most of the resources went wrong. Passing Amazon AWS Sysops Administrator certification is all about having the right information. Hence, we filled our Amazon SOA-C02 Dumps with all the necessary data you need to pass. These carefully curated sets of AWS Certified SysOps Administrator - Associate (SOA-C02) Practice Questions target the most repeated exam questions. So, you know they are essential and can ensure passing results. Stop wasting your time waiting around and order your set of Amazon SOA-C02 Braindumps now!

We aim to provide all AWS Sysops Administrator certification exam candidates with the best resources at minimum rates. You can check out our free demo before pressing down the download to ensure Amazon SOA-C02 Practice Questions are what you wanted. And do not forget about the discount. We always provide our customers with a little extra.

Why Choose Amazon SOA-C02 PDF?

Unlike other websites, Salesforcexamdumps.com prioritize the benefits of the AWS Certified SysOps Administrator - Associate (SOA-C02) candidates. Not every Amazon exam candidate has full-time access to the internet. Plus, it's hard to sit in front of computer screens for too many hours. Are you also one of them? We understand that's why we are here with the AWS Sysops Administrator solutions. Amazon SOA-C02 Question Answers offers two different formats PDF and Online Test Engine. One is for customers who like online platforms for real-like Exam stimulation. The other is for ones who prefer keeping their material close at hand. Moreover, you can download or print Amazon SOA-C02 Dumps with ease.

If you still have some queries, our team of experts is 24/7 in service to answer your questions. Just leave us a quick message in the chat-box below or email at support@salesforcexamdumps.com.

Question # 1

A SysOps administrator needs to configure an Amazon S3 bucket to host a web application. The SysOps administrator has created the S3 bucket and has copied the static files for the web application to the S3 bucket. The company has a policy that all S3 buckets must not be public. What should the SysOps administrator do to meet these requirements? 
 

A. Create an Amazon CloudFront distribution. Configure the S3 bucket as an origin with anorigin access identity (OAI). Give the OAI the s3:GetObject permission in the S3 bucketpolicy.
B. Configure static website hosting in the S3 bucket. Use Amazon Route 53 to create aDNS CNAME to point to the S3 website endpomt.
C. Create an Application Load Balancer (ALB). Change the protocol to HTTPS in the ALBlistener configuration. Forward the traffic to the S3 bucket.
D. Create an accelerator in AWS Global Accelerator. Set up a listener configuration for port443. Set the endpoint type to forward the traffic to the S3 bucket.

Show / Hide Answer

---

Question # 2

A company uses AWS Organizations to host several applications across multiple AWS accounts. Several teams are responsible for building and maintaining the infrastructure of the applications across the AWS accounts. A SysOps administrator must implement a solution to ensure that user accounts and permissions are centrally managed. The solution must be integrated with the company's existing on-premises Active Directory environment. The SysOps administrator already has enabled AWS 1AM Identity Center (AWS Single Sign-On) and has set up an AWS Direct Connect connection. What is the MOST operationally efficient solution that meets these requirements? 

A. Create a Simple AD domain, and establish a forest trust relationship with the onpremisesActive Directory domain. Set the Simple AD domain as the identity source for1AM Identity Center. Create the required role-based permission sets. Assign each group ofusers to the AWS accounts that the group will manage.
B. Create an Active Directory domain controller on an Amazon EC2 instance that is joinedto the on-premises Active Directory domain. Set the Active Directory domain controller asthe identity source for 1AM Identity Center. Create the required role-based permission sets.Assign each group of users to the AWS accounts that the group will manage.
C. Create an AD Connector that is associated with the on-premises Active Directorydomain. Set the AD Connector as the identity source for 1AM Identity Center. Create therequired role-based permission sets. Assign each group of users to the AWS accounts thatthe group will manage.
D. Use the built-in SSO directory as the identity source for 1AM Identity Center. Copy theusers and groups from the on-premises Active Directory domain. Create the required rolebasedpermission sets. Assign each group of users to the AWS accounts that the group willmanage.

Show / Hide Answer

---

Question # 3

A SysOps administrator is investigating a company's web application for performance problems The application runs on Amazon EC2 instances that are in an Auto Scaling group. The application receives large traffic increases at random times throughout the day. During periods of rapid traffic increases, the Auto Scaling group is not adding capacity fast enough. As a result, users are experiencing poor performance. The company wants to minimize costs without adversely affecting the user experience when web traffic surges quickly. The company needs a solution that adds more capacity to me Auto Scaling group for larger traffic increases than for smaller traffic increases. How should the SysOps administrator configure the Auto Scaling group to meet these requirements? 

A. Create a simple scaling policy with settings to make larger adjustments in capacity whenthe system is under heavy load
B. Create a step scaling policy with settings to make larger adjustments in capacity whenthe system is under heavy load.
C. Create a target tracking scaling policy with settings to make larger adjustments incapacity when the system is under heavy load
D. Use Amazon EC2 Auto Scaling lifecycle hooks Adjust the Auto Scaling group'smaximum number of instances after every scaling event

Show / Hide Answer

---

Question # 4

A company hosts an application on Amazon EC2 instances The instances are in an Amazon EC2 Auto Scaling group that uses a launch template The amount of application traffic changes throughout the day. Scaling events happen frequently. A SysOps administrator needs to help developers troubleshoot the application. When a scaling event removes an instance. EC2 Auto Scaling terminates the instance before the developers can log in to the instance to diagnose issues. Which solution will prevent termination of the instance so that the developers can log in to the instance? 

A. Ensure that the Delete on termination setting is turned off in the UserData section of thelaunch template
B. Update the Auto Scaling group by enabling instance scale-in protection for newlylaunched instances.
C. Use Amazon Inspector to configure a rules package to protect the instances fromtermination.
D. Use Amazon GuardDuty to configure rules to protect the instances from termination.

Show / Hide Answer

---

Question # 5

A company is creating a new multi-account environment in AWS Organizations. The company will use AWS Control Tower to deploy the environment. Users must be able tocreate resources in approved AWS Regions only. The company must configure and govern all accounts by using a standard baseline configuration Which combination of steps will meet these requirements in the MOST operationally efficient way? (Select TWO.) 

A. Create a permission set and a custom permissions policy in AWS IAM Identity Center(AWS Single Sign-On) for each user to prevent each user from creating resources inunapproved Regions.
B. Deploy AWS Config rules in each AWS account to govern the account's securitycompliance and to delete any resources that are created in unapproved Regions.
C. Deploy AWS Lambda functions to configure security settings across all accounts in theorganization and to delete any resources that are created in unapproved Regions.
D. Implement a service control policy (SCP) to deny any access to AWS based on therequested Region.
E. Modify the AWS Control Tower landing zone settings to govern the approved Regions.

Show / Hide Answer

---

Question # 6

A company runs a high performance computing (HPC) application on an Amazon EC2 instance The company needs to scale this architecture to two or more EC2 instances. The EC2 instances wilt need to communicate with each other at high speeds with low latency to support the application. The company wants to ensure that the network performance can support the required communication between the EC2 instances. What should a SysOps administrator do to meet these requirements? 

A. Create a cluster placement group. Back up the existing EC2 instance to an AmazonMachine Image (AMI). Restore the EC2 instance from the AMI into the placement groupLaunch the additional EC2 instances into the placement group
B. Back up the existing EC2 instance to an Amazon Machine Image (AMI). Create a launchtemplate from the existing EC2 instance by specifying the AMI. Create an Auto Scalinggroup and configure the desired instance count.
C. Create a Network Load Balancer (NLB) and a target group. Launch the new EC2instances and register them with the target group Register the existing EC2 instance withthe target group. Pass all application traffic through the NLB.
D. Back up the existing EC2 Instance to an Amazon Machine Image (AMI). Createadditional clones of the EC2 instance from the AMI in the same Availability Zone where theexisting EC2 instance is located.

Show / Hide Answer

---

Question # 7

A SysOps administrator wants to securely share an object from a private Amazon S3 bucket with a group of users who do not have an AWS account. What is the MOST operationally efficient solution that will meet this requirement? 

A. Attach an S3 bucket policy that only allows object downloads from the users' IP addresses.
B. Create an 1AM role that has access to the object. Instruct the users to assume the role.
C. Create an 1AM user that has access to the object. Share the credentials with the users.
D. Generate a presigned URL for the object. Share the URL with the users.

Show / Hide Answer

---

Question # 8

A company migrates a write-once, read-many (WORM) drive to an Amazon S3 bucket that has S3 Object Lock configured in governance mode. During the migration, the company copies unneeded data to the S3 bucket. A SysOps administrator attempts to delete the unneeded data from the S3 bucket by using the AWS CLI. However, the SysOps administrator receives an error. Which combination of steps should the SysOps administrator take to successfully delete the unneeded data? (Select TWO.) 

A. Increase the Retain Until Date.
B. Assume a role that has the s3:BypassLegalRetention permission.
C. Assume a role that has the s3:BypassGovernanceRetention permission.
D. Include the x-amz-bypass-governance-retention:true header in the request when issuingthe delete command.
E. Include the x-amz-bypass-legal-retention:true header in the request when issuing thedelete command.

Show / Hide Answer

---

Question # 9

A company has a secure website running on Amazon EC2 instances behind an Application Load Balancer (ALB). An SSL certificate from AWS Certificate Manager (ACM) is used on the ALB. Users with legacy web browsers are experiencing issues with the website. How should the SysOps administrator resolve these issues in the MOST operationally efficient manner? 

A. Create a new SSL certificate in ACM and install the new certificate on the ALB tosupport legacy web browsers.
B. Create a second ALB and install a custom SSL certificate with a different domain nameon the second ALB to support legacy web browsers.
C. Remove the ALB from the configuration and install a custom SSL certificate on eachweb server.
D. Update the SSL negotiation configuration of the ALB with a security policy that containsciphers for legacy web browsers.

Show / Hide Answer

---

Question # 10

A company has an application that is deployed 10 two AWS Regions in an active-passive configuration. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) in each Region. The instances are in an Amazon EC2 Auto Scaling group in each Region. The application uses an Amazon Route 53 hosted zone (or DNS. A SysOps administrator needs to configure automatic failover to the secondary Region. What should the SysOps administrator do to meet these requirements 

A. Configure Route 53 alias records that point to each ALB. Choose a failover routingpolicy. Set Evaluate Target Health to Yes.
B. Configure CNAME records that point to each ALB. Choose a failover routing policy. SetEvaluate Target Health to Yes.
C. Configure Elastic Load Balancing (ELB) health checks for the Auto Scaling group. Add a target group to the ALB in the primary Region. Include the EC2 instances in the secondaryRegion astargets.
D. Configure EC2 health checks for the Auto Scaling group. Add a target group to the ALBin the primary Region. Include the EC2 instances in the secondary Region as targets.

Show / Hide Answer

---

Question # 11

A company receives an alert from an Amazon CloudWatch alarm The alarm indicates that a web application that Is running on Amazon EC2 instances is not responding to requestsThe EC2 instances have a Red Hat Enterprise Linux operating system and are in an Auto Scaling group. The Auto Scaling group has a minimum capacity of 2 and a maximum capacity of 5. An Investigation reveals that the web application is experiencing oul-of-memory errors. The company adds memory lo the web application and wants to track operating system memory utilization. A CloudWatch memory metric does not currently exist tor the EC2 Instances in the Auto Scaling group What should a SysOps administrator do to provide a CloudWatch memory metric for the EC2 instances? 

A. Use an Amazon Machine Image (AMI) that includes the CloudWatch agent.
B. Turn on CloudWatch detailed monitoring
C. Turn on Instance Metadata Service Version 2 (IMOSv2).
D. Use an Amazon Machine Image (AMI) that is based on Amazon Linux.

Show / Hide Answer

---

Question # 12

A company runs an application on hundreds of Amazon EC2 instances in three Availability Zones The application calls a third-parly API over the public internet A SysOps administrator must provide the third party with a list of static IP addresses so that the third party can allow traffic from the application Which solution will meet these requirements? 

A. Add a NAT gateway in the public subnet of each Availability Zone. Make the NATgateway the default route of all private subnets In those Availability Zones.
B. Allocate one Elastic IP address in each Availability Zone. Associate the Elastic IPaddress with all the instances in the Availability Zone
C. Place the instances behind a Network Load Balancer (NLB). Send the traffic to theinterne! through the private IP address of the NLB
D. Update the main route table to send the traffic to the internet through an Elastic IPaddress that is assigned to each instance.

Show / Hide Answer

---

Question # 13

A company has a cluster of Linux Amazon EC2 Spot Instances that read many files from and write many files to attached Amazon Elastic Block Store (Amazon EBS) volumes. The EC2 instances are frequently started and stopped. As part of the process when an EC2 instance starts, an EBS volume is restored from a snapshot. EBS volumes that are restored from snapshots are experiencing initial performance that is lower than expected. The company's workload needs almost all the provisioned IOPS on the attached EBS volumes. The EC2 instances are unable to support the workload when the performance of the EBS volumes is too low. A SysOps administrator must implement a solution to ensure that the EBS volumes provide the expected performance when they are restored from snapshots. Which solution will meet these requirements? 

A. Configure fast snapshot restore (FSR) on the snapshots that are used.
B. Restore each snapshot onto an unencrypted EBS volume. Encrypt the EBS volume when the performance stabilizes.
C. Format the EBS volumes as XFS file systems before restoring the snapshots.
D. Increase the Linux read-ahead buffer to 1 MiB.

Show / Hide Answer

---

Question # 14

A SysOps administrator manages policies for many AWS member accounts in an AWS Organizations structure. Administrators on other teams have access to the account root user credentials of the member accounts. The SysOps administrator must prevent all teams, including their administrators, from using Amazon DynamoDB. The solution must not affect the ability of the teams to access other AWS services. Which solution will meet these requirements? 

A. In all member accounts, configure 1AM policies that deny access to all DynamoDBresources for all users, including the root user.
B. Create a service control policy (SCP) in the management account to deny allDynamoDB actions. Apply the SCP to the root of the organization
C. In all member accounts, configure 1AM policies that deny AmazonDynamoDBFullAccess to all users, including the root user.
D. Remove the default service control policy (SCP) in the management account. Create areplacement SCP that includes a single statement that denies all DynamoDB actions.

Show / Hide Answer

---

Question # 15

A Sysops administrator launches an Amazon EC2 instance from a Windows Amazon Machine Image (AMI). The EC2 instance includes additional Amazon Elastic Block Store (Amazon EBS) volumes. When the instance is launched, none of the additional Amazon Elastic Block Store (Amazon EBS) volumes are initialized and ready for use through a drive letter. The SysOps administrator needs to automate the EBS volume initialization. Which solution will meet these requirements in the MOST operationally efficient way? 

A. Create an Amazon EventBridge rule. Configure an AWS Systems Manager Automationrunbook as a target of the EventBridge rule to initialize the disks after an EC2 instancelaunch event.
B. Create an AmazolkventBridge rule. Configure an AWS Lambda function as a target ofthe EventBridge rule to initialize the drives after the AMI is launched.
C. Create an AWS Config rule to automatically initialize the EBS volumes on Windows EC2instances.
D. Add the secondary volume configuration to the DriveLetterMappingConfig.json file.Configure the InitializeDisks.ps1 Windows PowerShell script to run at launch. Create a newAMI from the running EC2 instance.

Show / Hide Answer

---

Question # 16

A company stores its data in an Amazon S3 bucket. The company is required to classify the data and find any sensitive personal information in its S3 files. Which solution will meet these requirements? 

A. Create an AWS Config rule to discover sensitive personal information in the S3 files andmark them as noncompliant.
B. Create an S3 event-driven artificial intelligence/machine learning (AI/ML) pipeline toclassify sensitive personal information by using Amazon Recognition.
C. Enable Amazon GuardDuty. Configure S3 protection to monitor all data inside Amazon S3.
D. Enable Amazon Macie. Create a discovery job that uses the managed data identifier.

Show / Hide Answer

---

Question # 17

A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company uses Amazon Route 53 to route traffic. The company also has a static website that is configured in an Amazon S3 bucket. A SysOps administrator must use the static website as a backup to the web application. The failover to the static website must be fully automated. Which combination of actions will meet these requirements? (Choose two.) 

A. Create a primary failover routing policy record. Configure the value to be the ALB.
B. Create an AWS Lambda function to switch from the primary website to the secondarywebsite when the health check fails.
C. Create a primary failover routing policy record. Configure the value to be the ALB.Associate the record with a Route 53 health check.
D. Create a secondary failover routing policy record. Configure the value to be the staticwebsite. Associate the record with a Route 53 health check.
E. Create a secondary failover routing policy record. Configure the value to be the staticwebsite.

Show / Hide Answer

---

Question # 18

A company is using AWS Certificate Manager (ACM) to manage public SSL/TLS certificates. A SysOps administrator needs to send an email notification when a certificate has less than 14 days until expiration. Which solution will meet this requirement with the LEAST operational overhead? 

A. Create an Amazon CloudWatch custom metric to monitor certificate expiration for allACM certificates. Create an Amazon EventBridge rule that has an event source of a ws.cloud watch Configure the rule to send an event to a target Amazon Simple NotificationService (Amazon SNS) topic if the DaysToExpiry metric is less than 14. Subscribe theappropriate email addresses to the SNS topic.
B. Create an Amazon EventBridge rule that has an event source of aws.acm. Configure therule to evaluate the DaysToExpiry melric for all ACM certificates.Configure the rule to send an event to a target Amazon Simple Notification Service(Amazon SNS) topic if DaysToExpiry is less than 14. Subscribe the appropriate emailaddresses to the SNS topic.
C. Create an Amazon CloudWatch dashboard that displays the DaysToExpiry metric for allACM certificates. If DaysToExpiry is less than 14, send an emailmessage to the appropriate email addresses. Send the email message by running apredefined CLI command to publish to an Amazon Simple Notification Service (AmazonSNS) topic.
D. Create an Amazon EventBridge rule that has an event source of aws.acm. Configure therule to evaluate the DaysToExpiry metric for all ACM certificates. Configure a target SMSidentity that uses a predefined email template. Configure the rule to send an event to thetarget SMS identity if DaysToExpiry is less than 14.

Show / Hide Answer

---

Question # 19

A company wants to monitor the security groups of its Amazon EC2 instances to ensure that SSH is not open to the public. If the port is opened, the company needs to close the port as soon as possible. Which combination of actions should a SysOps administrator take to meet these requirements? (Select TWO.) 

A. Add an Amazon CloudWatch alarm to detect the security groups that allow SSH.
B. Add an AWS Config rule to detect the security groups that allow SSH.
C. Add an assessment template to Amazon Inspector to detect the security groups that allow SSH
D. Call an AWS Systems Manager Automation runbook to close the port.
E. Call AWS Systems Manager Run Command to close the port.

Show / Hide Answer

---

Question # 20

A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A SysOps administrator needs to keep the instances and all of the instances’ data, even if someone deletes the stack. Which solution will meet these requirements? 

A. Set the DeletionPolicy attribute to Snapshot for the EC2 instance resource in theCloudFormation template.
B. Automate backups by using Amazon Data Lifecycle Manager (Amazon DLM).
C. Create a backup plan in AWS Backup.
D. Set the DeletionPolicy attribute to Retain for the EC2 instance resource in theCloudFormation template.

Show / Hide Answer

---

Question # 21

A company has a compliance requirement that no security groups can allow SSH ports to be open to all IP addresses. A SysOps administrator must implement a solution that will notify the company's SysOps team when a security group rule violates this requirement. The solution also must remediate the security group rule automatically. Which solution will meet these requirements? 

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes anAWS Lambda function when a security group changes. Configure the Lambda function to evaluate the security group for compliance, remove all inbound security group rules on allports, and notify the SysOps team if the security group is noncompliant.
B. Create an AWS CloudTrail metric filter for security group changes. Create an AmazonCloudWatch alarm to notify the SysOps team through an Amazon Simple NotificationService (Amazon SNS) topic when (he metric is greater than 0. Subscribe an AWS Lambdafunction to the SNS topic to remediate the security group rule by removing the rule.
C. Activate the AWS Config restricted-ssh managed rule. Add automatic remediation to theAWS Config rule by using the AWS Systems Manager Automation AWSDisablePublicAccessForSecurityGrouprunbook. Create an Amazon EventBridge (AmazonCloudWatch Events) rule to notify the SysOps team when the rule is noncompliant.
D. Create an AWS CloudTrail metric filter for security group changes. Create an AmazonCloudWatch alarm for when the metric is greater than 0. Add an AWS Systems Manageraction to the CloudWatch alarm to suspend the security group by using the SystemsManager Automation AWS-DisablePublicAccessForSecurityGroup runbook when the alarmis in ALARM state. Add an Amazon Simple Notification Service (Amazon SNS) topic as asecond target to notify the SysOps team.

Show / Hide Answer

---

Question # 22

A SysOps administrator manages a company's Amazon S3 buckets. The SysOps administrator has identified 5 GB of incomplete multipart uploads in an S3 bucket in the company's AWS account. The SysOps administrator needs to reduce the number of incomplete multipart upload objects in the S3 bucket. Which solution will meet this requirement? 

A. Create an S3 Lifecycle rule on the S3 bucket to delete expired markers or incompletemultipart uploads
B. Require users that perform uploads of files into Amazon S3 to use the S3 TransferUtility.
C. Enable S3 Versioning on the S3 bucket that contains the incomplete multipart uploads.
D. Create an S3 Object Lambda Access Point to delete incomplete multipart uploads.

Show / Hide Answer

---

Question # 23

A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company’s AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database. What should the SysOps administrator do to give the EC2 instance the ability to connect to the database? 

A. Enter the DB instance connection string into the VPC1 route table.
B. Configure VPC peering between the two VPCs.
C. Add the same IPv4 CIDR range for both VPCs.
D. Connect to the DB instance by using the DB instance’s public IP address.

Show / Hide Answer

---

Question # 24

A company has a policy that requires all Amazon EC2 instances to have a specific set of tags. If an EC2 instance does not have the required tags, the noncompliant instance should be terminated. What is the MOST operationally efficient solution that meets these requirements? 

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all EC2instance state changes to an AWS Lambda function to determine if each instance iscompliant. Terminate any noncompliant instances.
B. Create an IAM policy that enforces all EC2 instance tag requirements. If the requiredtags are not in place for an instance, the policy will terminate noncompliant instance.
C. Create an AWS Lambda function to determine if each EC2 instance is compliant andterminate an instance if it is noncompliant. Schedule the Lambda function to invoke every 5minutes.
D. Create an AWS Config rule to check if the required tags are present. If an EC2 instanceis noncompliant, invoke an AWS Systems Manager Automation document to terminate theinstance.

Show / Hide Answer

---

Question # 25

A company is using an Amazon CloudWatch alarm lo monitor the FreeLocalStorage metric for an Amazon Aurora PostgreSQL production database The alarm goes into ALARM state and indicates that the database is running low on temporary storage. A SysOps administrator discovers that a weekly report is using most of the temporary storage that is currently allocated. What should the SysOps administrator do to solve this problem? 

A. Turn on Aurora PostgreSQL query plan management.
B. Modify the configuration of the DB cluster to turn on storage auto scaling.
C. Add an Aurora read replica to the DB cluster. Modify the report lo use the new read replica.
D. Modify the DB instance class for each DB instance In the DB cluster to increase the instance size.

Show / Hide Answer

---

Question # 26

A SysOps administrator is responsible for more than 50 Amazon EC2 instances mat are deployed in a single production AWS account The EC2 instances are running several different operating systems The company's standards require patching to be completed at least once a month. The SysOps administrator wants to use AWS Systems Manager to reduce the number of hours the company spends on operating system patching each month. Which combination of steps should the SysOps administrator take to meet these requirements? (Select THREE.) 

A. Group similar EC2 instances together into resource groups by using AWS ResourceGroups
B. Create a schedule in Systems Manager Patch Manager. Specify the appropriateresource group as the target
C. Specify Systems Manager Automation runbooks to patch the operating systems.Register the runbooks as tasks in the maintenance window. Specify the appropriateresource group as the target
D. Create a Systems Manager Automation runbook to monitor and control the state of thepatches required. Apply the runbook to Systems Manager Patch Manager
E. Create a single Systems Manager maintenance window for each resource group
F. Configure Systems Manager Fleet Manager to apply a Systems Manager Automationrunbook to the appropriate resource group.

Show / Hide Answer

---

Question # 27

A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented a strict IP allow list that requires all build uploads to come from a single IP address. What change should the systems administrator make to the existing build fleet to comply with this new requirement? 

A. Move all of the EC2 instances behind a NAT gateway and provide the gateway IPaddress to the service.
B. Move all of the EC2 instances behind an internet gateway and provide the gateway IPaddress to the service.
C. Move all of the EC2 instances into a single Availability Zone and provide the AvailabilityZone IP address to the service.
D. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to theservice.

Show / Hide Answer

---

Question # 28

A Sysops administrator wants to share a copy of a production database with a migration account. The production database is hosted on an Amazon RDS DB instance and is encrypted at rest with an AWS Key Management Service (AWS KMS) key that has an alias of What must the Sysops administrator do to meet these requirements with the LEAST administrative overhead? 

A. Take a snapshot of the RDS DB instance in the production account. Amend the KMSkey policy of the production-rds-key KMS key to give access to the migration account's rootuser. Share the snapshot with the migration account.
B. Create an RDS read replica in the migration account. Configure the KMS key policy toreplicate the production-rds-key KMS key to the migration account.
C. Take a snapshot of the RDS DB instance in the production account. Share the snapshotwith the migration account. In the migration account, create a new KMS key that has anidentical alias.
D. Use native database toolsets to export the RDS DB instance to Amazon S3. Create anS3 bucket and an S3 bucket policy for cross-account access between the productionaccount and the migration account. Use native database toolsets to import the databasefrom Amazon S3 to a new RDS DB instance.

Show / Hide Answer

---

Question # 29

A company runs a web application on three Amazon EC2 instances behind an Application Load Balancer (ALB). Web traffic increases significantly during the same 9-hour period every day and causes a decrease in the application's performance. A SysOps administrator must scale the application ahead of the changes in demand to accommodate the increased traffic. Which solution will meet these requirements? 

A. Create an Amazon CloudWatch alarm to monitor application latency. Configure an alarmaction to increase the size of each EC2 instance if the latency threshold is reached.
B. Create an Amazon EventBridge rule to monitor application latency. Configure the rule toadd an EC2 instance to the ALB if the latency threshold is reached
C. Deploy the application to an EC2 Auto Scaling group that uses a target tracking scalingpolicy. Attach the ALB to the Auto Scaling group.
D. Deploy the application to an EC2 Auto Scaling group that uses a scheduled scalingpolicy. Attach the ALB to the Auto Scaling group.

Show / Hide Answer

---

Question # 30

ASysOps administrator configures an application to run on Amazon EC2 instances behind an Application Load Balancer (ALB) in a simple scaling Auto Scaling group with the default settings. The Auto Scaling group is configured to use the RequestCountPerTarget metric for scaling. The SysOps administrator notices that the RequestCountPerTarget metric exceeded the specified limit twice in 180 seconds. How will the number of EC2 instances in this Auto Scaling group be affected in this scenario? 

A. The Auto Scaling group will launch an additional EC2 instance every time theRequestCountPerTarget metric exceeds the predefined limit.
B. The Auto Scaling group will launch one EC2 instance and will wait for the defaultcooldown period before launching another instance.
C. The Auto Scaling group will send an alert to the ALB to rebalance the traffic and not addnew EC2 instances until the load is normalized.
D. The Auto Scaling group will try to distribute the traffic among all EC2 instances beforelaunching another instance.

Show / Hide Answer

---

Question # 31

A company's SysOps administrator maintains a highly available environment. The environment includes Amazon EC2 instances and an Amazon RDS Multi-AZ database. The EC2 instances are in an Auto Scaling group behind an Application Load Balancer. Recently, the company conducted a failover test. The SysOps administrator needs to decrease the failover time of the RDS database by at least 10%. Which solution will meet this requirement?




 

A. Increase the RDS instance size.
B. Modify the RDS cluster to run in a single Availability Zone.
C. Create a read replica in another AWS Region. Promote the read replica in case offailure.
D. Create an RDS proxy. Point the application to the proxy endpoint.

Show / Hide Answer

---

Question # 32

A company has developed a service that is deployed on a fleet of Linux-based Amazon EC2 instances that are in an Auto Scaling group. The service occasionally fails unexpectedly because of an error in the application code. The company's engineering team determines that resolving the underlying cause of the service failure could take several weeks. A SysOps administrator needs to create a solution to automate recovery if the service crashes on any of the EC2 instances. Which solutions will meet this requirement? (Select TWO.) 

A. Install the Amazon CloudWatch agent on the EC2 instances. Configure the CloudWatchagent to monitor the service. Set the CloudWatch action to restart if the service healthcheck fails.
B. Tag the EC2 instances. Create an AWS Lambda function that uses AWS SystemsManager Session Manager to log in to the tagged EC2 instances and restart the service.Schedule the Lambda function to run every 5 minutes.
C. Tag the EC2 instances. Use AWS Systems Manager State Manager to create anassociation that uses the AWS-RunSheIIScript document. Configure the associationcommand with a script that checks if the service is running and that starts the service if theservice is not running. For targets, specify the EC2 instance tag. Schedule the associationto run every 5 minutes.
D. Update the EC2 user data that is specified in the Auto Scaling group's launch templateto include a script that runs on a cron schedule every 5 minutes.
E. Update the EC2 user data that is specified in the Auto Scaling group's launch templateto ensure that the service runs during startup. Redeploy all the EC2 instances in the AutoScaling group with the updated launch template.

Show / Hide Answer

---

Question # 33

Users of a company's internal web application recently experienced application performance issues for a brief period The application includes frontend web servers that run in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster The application also includes a bacKend Amazon Aurora PostgreSQL DB cluster that includes one DB instance. A SysOps administrator determines that the source of the performance issues was high utilization of the DB cluster. The single writer instance experienced more than 90% utilization for 11 minutes The cause of the high utilization was an automated report that is scheduled to run one time each week What should the SysOps administrator do to ensure that users do not experience performance Issues each week when the report runs? 

A. Increase the size of the DB instance. Monitor the performance during the nextscheduled run of the report
B. Add a reader instance. Change the database connection string of the report applicationto use the newly created reader instance.
C. Add another writer instance Change the database connection string of the reportapplication to use the newly created writer instance.
D. Configure auto scaling for the DB cluster Set the minimum capacity units, maximumcapacity units, and target utilization

Show / Hide Answer

---

Question # 34

A company has an application that collects notifications from thousands of alarm systems. The notifications include alarm notifications and information notifications. The information notifications include the system arming processes, disarming processes, and sensor status. All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS) queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. A SysOps administrator needs to implement a solution that prioritizes alarm notifications over information notifications. Which solution will meet these requirements? 

A. Adjust the Auto Scaling group to scale faster when a high number of messages is in thequeue.
B. Use the Amazon Simple Notification Service (Amazon SNS) fanout feature with AmazonSQS to send the notifications in parallel to all the EC2 instances.
C. Add an Amazon DynamoDB stream to accelerate the message processing.
D. Create a queue for alarm notifications and a queue for information notifications. Updatethe application to collect messages from the alarm notifications queue first.

Show / Hide Answer

---

Question # 35

A company that uses AWS Organizations recently implemented AWS Control Tower The company now needs to centralize identity management A SysOps administrator must federate AWS 1AM Identity Center with an external SAML 2.0 identity provider (IdP) to centrally manage access to all the company's accounts and cloud applications Which prerequisites must the SysOps administrator have so that the SysOps administrator can connect to the external IdP? (Select TWO.) 

A. A copy of the 1AM Identity Center SAML metadata
B. The IdP metadata, including the public X.509 certificate
C. The IP address of the IdP
D. Root access to the management account
E. Administrative permissions to the member accounts of the organization

Show / Hide Answer

---

Question # 36

A company uses AWS Organizations to manage its multi-account environment. The organization contains a dedicated account for security and a dedicated account for logging. A SysOps administrator needs to implement a centralized solution that provides alerts when a resource metric in any account crosses a standard defined threshold. Which solution will meet these requirements? 

A. Deploy an AWS CloudFormation stack set to the accounts in the organization. Use atemplate that creates the required Amazon CloudWatch alarms and references an AmazonSimple Notification Service (Amazon SNS) topic in the logging account with publishpermissions for all the accounts.
B. Deploy an AWS CloudFormation stack in each account. Use the stack to deploy therequired Amazon CloudWalch alarms and the required Amazon Simple Notification Service(Amazon SNS) topic.
C. Deploy an AWS Lambda function on a cron job in each account. Configure the Lambdafunction to read resources that are in the account and to invoke an Amazon SimpleNotification Service (Amazon SNS) topic if any metrics cross the defined threshold.
D. Deploy an AWS CloudFormation change set to the organization. Use a template tocreate the required Amazon CloudWatch alarms and to send alerts to a verified AmazonSimple Email Service (Amazon SES) identity.

Show / Hide Answer

---

Question # 37

A company hosts a production MySQL database on an Amazon Aurora single-node DB cluster. The database is queried heavily for reporting purposes. The DB cluster is experiencing periods of performance degradation because of high CPU utilization and maximum connections errors. A SysOps administrator needs to improve the stability of the database. Which solution will meet these requirements? 

A. Create an Aurora Replica node. Create an Auto Scaling policy to scale replicas basedon CPU utilization. Ensure that all reporting requests use the read-only connection string.
B. Create a second Aurora MySQL single-node DB cluster in a second Availability Zone.Ensure that all reporting requests use the connection string for this additional node.
C. Create an AWS Lambda function that caches reporting requests. Ensure that allreporting requests call the Lambda function.
D. Create a multi-node Amazon ElastiCache cluster. Ensure that all reporting requests usethe ElastiCache cluster. Use the database if the data is not in the cache.

Show / Hide Answer

---

Question # 38

A company runs its web application on multiple Amazon EC2 instances that are part of an Auto Scaling group. The company wants the Auto Scaling group to scale out as soon as CPU utilization rises above 50% for the instances. How should a SysOps administrator configure the Auto Scaling group to meet these requirements? 

A. Configure the Auto Scaling group to scale based on events.
B. Configure the Auto Scaling group to scale based on a schedule.
C. Configure the Auto Scaling group to scale dynamically based on demand.
D. Configure the Auto Scaling group to use predictive scaling.

Show / Hide Answer

---

Question # 39

A company manages its production applications across several AWS accounts. The company hosts the production applications on Amazon EC2 instances that run Amazon Linux 2. The EC2 instances are spread across multiple VPCs. Each VPC uses its own Amazon Route 53 private hosted zone for private DNS. A VPC from Account A needs to resolve private DNS records from a private hosted zone that is associated with a different VPC in Account B. What should a SysOps administrator do to meet these requirements? 

A. In Account A, create an AWS Systems Manager document that updates the/etc/resolv.conf file across all EC2 instances to point to the AWS provided default DNSresolver for the VPC in Account B.
B. In Account A, create an AWS CloudFormation template that associates the privatehosted zone from Account B with the private hosted zone in Account A.
C. In Account A, use the AWS CLI to create a VPC association authorization. When theassociation is created, use the AWS CLI in Account B to associate the VPC from AccountA with the private hosted zone in Account B.
D. In Account B, use the AWS CLI to create a VPC association authorization. When the association is created, use the AWS CLI in Account A to associate the VPC from AccountB with the private hosted zone in Account A.

Show / Hide Answer

---

Question # 40

A company is running production workloads that use a Multi-AZ deployment of an Amazon RDS for MySQL db.m6g.xlarge (general purpose) standard DB instance. Users report that they are frequently encountering a "too many connections" error. A SysOps administrator observes that the number of connections on the database is high. The SysOps administrator needs to resolve this issue while keeping code changes to a minimum. Which solution will meet these requirements MOST cost-effectively? 

A. Modify the RDS for MySQL DB instance to a larger instance size.
B. Migrate the RDS for MySQL DB instance to Amazon DynamoDB.
C. Configure RDS Proxy. Modify the application configuration file to use the RDS Proxy endpoint.
D. Modify the RDS for MySQL DB instance to a memory optimized DB instance.

Show / Hide Answer

---

Question # 41

A company's social media application has strict data residency requirements. The company wants to use Amazon Route 53 to provide the application with DNS services. A SysOps administrator must implement a solution that routes requests to a defined list of AWS Regions. The routing must be based on the user's location. Which solution will meet these requirements? 

A. Configure a Route 53 latency routing policy.
B. Configure a Route 53 multivalue answer routing policy.
C. Configure a Route 53 geolocation routing policy.
D. Configure a Route 53 IP-based routing policy.

Show / Hide Answer

---

Question # 42

A company is running Amazon EC2 On-Demand Instances in an Auto Scaling group. The instances process messages from an Amazon Simple Queue Service (Amazon SQS) queue. The Auto Scaling group is set to scale based on the number of messages in the queue. Messages can take up to 12 hours to process completely. A SysOps administrator must ensure that instances are not interrupted during message processing. What should the SysOps administrator do to meet these requirements? 

A. Enable instance scale-in protection for the specific instance in the Auto Scaling group atthe start of message processing by calling the Amazon EC2 Auto Scaling API from theprocessing script. Disable instance scale-in protection after message processing iscomplete by calling the Amazon EC2 Auto Scaling API from the processing script.
B. Set the Auto Scaling group's termination policy to OldestInstance.
C. Set the Auto Scaling group's termination policy to OldestLaunchConfiguration.
D. Suspend the Launch and Terminate scaling processes for the specific instance in theAuto Scaling group at the start of message processing by calling the Amazon EC2 AutoScaling API from the processing script. Resume the scaling processes after messageprocessing is complete by calling the Amazon EC2 Auto Scaling API from the processingscript.

Show / Hide Answer

---

Question # 43

A company deployed a new web application on multiple Amazon EC2 instances behind an Application Load Balancer (ALB). The EC2 instances run in an Auto Scaling group. Users report that they are frequently being prompted to log in. What should a SysOps administrator do to resolve this issue? 

A. Configure an Amazon CloudFront distribution with the ALB as the origin.
B. Enable sticky sessions (session affinity) for the target group of EC2 instances.
C. Redeploy the EC2 instances in a spread placement group.
D. Replace the ALB with a Network Load Balancer.

Show / Hide Answer

---

Question # 44

A company is implementing a monitoring solution that is based on machine learning. The monitoring solution consumes Amazon EventBridge (Amazon CloudWatch Events) events that are generated by Amazon EC2 Auto Scaling. The monitoring solution provides detection of anomalous behavior such as unanticipated scaling events and is configured as an EventBridge (CloudWatch Events) API destination. During initial testing, the company discovers that the monitoring solution is not receiving events. However, Amazon CloudWatch is showing that the EventBridge (CloudWatch Events) rule is being invoked. A SysOps administrator must implement a solution to retrieve client error details to help resolve this issue. Which solution will meet these requirements with the LEAST operational effort? 

A. Create an EventBridge (CloudWatch Events) archive for the event pattern to replay theevents. Increase the logging on the monitoring solution. Use replay to invoke themonitoring solution. Examine the error details.
B. Add an Amazon Simple Queue Service (Amazon SQS) standard queue as a dead-letterqueue for the target. Process the messages in the dead-letter queue to retrieve errordetails.
C. Create a second EventBridge (CloudWatch Events) rule for the same event pattern totarget an AWS Lambda function. Configure the Lambda function to invoke the monitoringsolution and to record the results to Amazon CloudWatch Logs. Examine the errors in thelogs.
D. Configure the EventBridge (CloudWatch Events) rule to send error messages to anAmazon Simple Notification Service (Amazon SNS) topic.

Show / Hide Answer

---

Question # 45

A company is using an Amazon EC2 Auto Scaling group to support a workload A Sytfhe company now needs to centruito Scaling group is configured with two similar scaling policies dP) to centrally manage access to One scaling policy adds 5 instances when CPU utilization reaches 80%. The other sctrator can connect to the extemahen CPU utilization leaches 80%. What will happen when CPU utilization reaches the 80% threshold? 

A. Amazon EC2 Auto Scaling will add 5 instances
B. Amazon EC2 Auto Scaling will add 10 instances
C. Amazon EC2 Auto Scaling will add 15 instances.
D. The Auto Scaling group will not scale because of conflicting policies

Show / Hide Answer

---

Question # 46

A global company operates out of five AWS Regions. A SysOps administrator wants to identify all the company's tagged and untagged Amazon EC2 instance The company requires the output to display the instance ID and tags. What is the MOST operationally efficient way for the SysOps administrator to meet these requirements? 

A. Create a tag-based resource group in AWS Resource Groups.
B. Use AWS Trusted Advisor. Export the EC2 On-Demand Instances check results from Trusted Advisor.
C. Use Cost Explorer. Choose a service type of EC2-Instances, and group by Resource.
D. Use Tag Editor in AWS Resource Groups. Select all Regions, and choose a resourcetype of AWS::EC2::Instance.

Show / Hide Answer

---

Question # 47

A Sysops administrator configured AWS Backup to capture snapshots from a single Amazon EC2 instance that has one Amazon Elastic Block Store (Amazon EBS) volume attached. On the first snapshot, the EBS volume has 10 GiB of data. On the second snapshot, the EBS volume still contains 10 GiB of data, but 4 GiB have changed. On the third snapshot, 2 GiB of data have been added to the volume, for a total of 12 GiB. How much total storage is required to store these snapshots? 

A. 12 GiB
B. 16 GiB
C. 26 GiB
D. 32 GiB

Show / Hide Answer

---

Question # 48

A SysOps administrator has set up a new Amazon EC2 instance as a web server in a public subnet. The instance uses HTTP port 80 and HTTPS port 443. The SysOps administrator has confirmed internet connectivity by downloading operating system updates and software from public repositories. However, the SysOps administrator cannot access the instance from a web browser on the internet. Which combination of steps should the SysOps administrator take to troubleshoot this issue? (Select THREE.) 

A. Ensure that the inbound rules of the instance's security group allow traffic on ports 80 and 443.
B. Ensure that the outbound rules of the instance's security group allow traffic on ports 80 and 443.
C. Ensure that ephemeral ports 1024-65535 are allowed in the inbound rules of thenetwork ACL that is associated with the instance's subnet.
D. Ensure that ephemeral ports 1024-65535 are allowed in the outbound rules of thenetwork ACL that is associated with the instance's subnet.
E. Ensure that the filtering rules for any firewalls that are running on the instance allowinbound traffic on ports 80 and 443.
F. Ensure that AWS WAF is turned on for the instance and is blocking web traffic.

Show / Hide Answer

---

Question # 49

A SysOps administrator needs to ensure that an Amazon RDS for PostgreSQL DB instance has available backups The DB instance has automated backups turned on with a backup retention period of 7 days. However, no automated backups for the DB instance have been created in the past month. What could be the cause of the lack of automated backups? 
 

A. The Amazon S3 bucket that stores the backups is full
B. The DB instance is in the STORAGE_FULL state
C. The DB instance is not configured for Multi-AZ.
D. The backup retention period must be 30 days.

Show / Hide Answer

---

Question # 50

A company needs to monitor the disk utilization of Amazon Elastic Block Store (Amazon EBS) volumes The EBS volumes are attached to Amazon EC2 Linux Instances A SysOps administrator must set up an Amazon CloudWatch alarm that provides an alert when disk utilization increases to more than 80%. Which combination of steps must the SysOps administrator lake lo meet these requirements? (Select THREE.) 

A. Create an 1AM role that includes the Cloud Watch AgentServerPol icy AWS managedpolicy Attach me role to the instances
B. Create an 1AM role that includes the CloudWatchApplicationInsightsReadOnlyAccessAWS managed policy. Attach the role to the instances
C. Install and start the CloudWatch agent by using AWS Systems Manager or thecommand line
D. Install and start the CloudWatch agent by using an 1AM role. Attach the Cloud WatchAgentServerPolicy AWS managed policy to the role.
E. Configure a CloudWatch alarm to enter ALARM state when the disk_used_percentCloudWatch metric is greater than 80%.
F. Configure a CloudWatch alarm to enter ALARM state when the disk_used CloudWatchmetric is greater than 80% or when the disk_free CloudWatch metric is less than 20%.

Show / Hide Answer

---

Question # 51

A company is experiencing issues with legacy software running on Amazon EC2 instances. Errors occur when the total CPU utilization on the EC2 instances exceeds 80%. A shortterm solution is required while the software is being rewritten. A SysOps administrator is tasked with creating a solution to restart the instances when the CPU utilization rises above 80%. Which solution meets these requirements with the LEAST operational overhead? 

A. Write a script that monitors the CPU utilization of the EC2 instances and reboots theinstances when utilization exceeds 80%. Run the script as a cron job.
B. Add an Amazon CloudWatch alarm for CPU utilization and configure the alarm action toreboot the EC2 instances.
C. Create an Amazon EventBridge rule using the predefined patterns for CPU utilization ofthe EC2 instances. When utilization exceeds 80%, invoke an AWS Lambda function torestart the instances.
D. Add an Amazon CloudWatch alarm for CPU utilization and configure an AWS SystemsManager Automation runbook to reboot the EC2 instances when utilization exceeds 80%.

Show / Hide Answer

---

Question # 52

A company has an on-premises DNS solution and wants to resolve DNS records in an Amazon Route 53 private hosted zone for example.com. The company has set up an AWS Direct Connect connection for network connectivity between the on-premises network and the VPC. A SysOps administrator must ensure that an on-premises server can query records in the example.com domain. What should the SysOps administrator do to meet these requirements? 

A. Create a Route 53 Resolver inbound endpoint Attach a security group to the endpoint toallow inbound traffic on TCP/UDP port 53 from the on-premises DNS servers.
B. Create a Route 53 Resolver inbound endpoint. Attach a security group to the endpoint toallow outbound traffic on TCP/UDP port 53 to the on-premises DNSservers.
C. Create a Route 53 Resolver outbound endpoint. Attach a security group to the endpointto allow inbound traffic on TCP/UDP port 53 from the on-premises DNS servers.
D. Create a Route 53 Resolver outbound endpoint. Attach a security group to the endpointto allow outbound traffic on TCP/UDP port 53 to the on-premises DNS servers.

Show / Hide Answer

---

Question # 53

A company is supposed to receive a data file every hour in an Amazon S3 bucket. An S3 event notification invokes an AWS Lambda function each time a file arrives. The function processes the data for use by an application. The application team notices that sometimes the file does not arrive. The application team wants to receive a notification whenever the file does not arrive. What is the MOST operationally efficient solution that meets these requirements? 

A. Add an S3 Lifecycle rule on the S3 bucket with a scope that is limited to objects thatwere created in the last hour. Configure another S3 event notification to be invoked by thelifecycle transition when the number of objects transitioned is zero. Publish a message toan Amazon Simple Notification Service (Amazon SNS) topic to notify the application team.
B. Configure another S3 event notification to invoke a Lambda function that posts amessage to an Amazon Simple Queue Service (Amazon SQS) queue. Create an AmazonCloudWatch alarm to publish a message to an Amazon Simple Notification Service(Amazon SNS) topic to notify the application team when theApproximateAgeOfOldestMessage metric of the queue is greater than 1 hour.
C. Create an Amazon CloudWatch alarm to publish a message to an Amazon SimpleNotification Service (Amazon SNS) topic to alert the application team when the Invocationsmetric of the Lambda function is zero for an hour. Configure the alarm to treat missing dataas breaching.
D. Create a new Lambda function to get the timestamp of the newest file in the S3 bucket.If the timestamp is more than 1 hour ago, publish a message to an Amazon SimpleNotification Service (Amazon SNS) topic to notify the application team. Create an AmazonEventBridge (Amazon CloudWatch Events) rule to invoke the new function hourly.

Show / Hide Answer

---

Question # 54

A SysOps administrator maintains the security and compliance of a company's AWS account. To ensure the company's Amazon EC2 instances are following company policy, a SysOps administrator wants to terminate any EC2 instance that do not contain a department tag. Noncompliant resources must be terminated in near real time. Which solution will meet these requirements? 

A. Create an AWS Config rule with the required-tags managed rule to identify noncompliantresources. Configure automatic remediation to run the AWS-TerminateEC2lnstanceautomation runbook to terminate noncompliant resources.
B. Create a new Amazon EventBridge rule to monitor when new EC2 instances arecreated. Send the event to an Simple Notification Service (Amazon SNS) topic forautomatic remediation.
C. Ensure all users who can create EC2 instances also have the permissions to use theec2:CreateTags and ec2:DescribeTags actions. Change the instance's shutdown behaviorto terminate.
D. Ensure AWS Systems Manager Compliance is configured to manage the EC2instances. Call the AWS-StopEC2lnstances automation runbook to stop noncompliantresources.

Show / Hide Answer

---

Question # 55

A company is running an application on a group of Amazon EC2 instances behind an Application Load Balancer The EC2 instances run across three Availability Zones The company needs to provide the customers with a maximum of two static IP addresses for their applications How should a SysOps administrator meet these requirement? 

A. Add AWS Global Accelerator in front of the Application Load Balancer
B. Add an internal Network Load Balancer behind the Application Load Balancer
C. Configure the Application Load Balancer in only two Availability Zones.
D. Create two Elastic IP addresses and assign them to the Application Load Balancer.

Show / Hide Answer

---

Question # 56

A company wants to reduce costs for jobs that can be completed at any time. The jobs currently run by using multiple Amazon EC2 On-Demand Instances, and the jobs take slightly less than 2 hours to complete. If a job fails for any reason, it must be restarted from the beginning. Which solution will meet these requirements MOST cost-effectively? 

A. Purchase Reserved Instances for the jobs.
B. Submit a request for a one-time Spot Instance for the jobs.
C. Submit a request for Spot Instances with a defined duration for the jobs.
D. Use a mixture of On-Demand Instances and Spot Instances for the jobs.

Show / Hide Answer

---

Question # 57

A SysOps administrator is examining the following AWS CloudFormation template:


Why will the stack creation fail?

A. The Outputs section of the Cloud Formation template was omitted.
B. The Parameters section of the CtoudFormation template was omitted.
C. The PnvateDnsName cannot be set from a CloudFormation template.
D. The VPC was not specified in the CloudFormation template.

Show / Hide Answer

---

Question # 58

A company manages a set of accounts on AWS by using AWS Organizations. The company's security team wants to use a native AWS service to regularly scan all AWS accounts against the Center for Internet Security (CIS) AWS Foundations Benchmark. What is the MOST operationally efficient way to meet these requirements? 

A. Designate a central security account as the AWS Security Hub administrator account.Create a script that sends an invitation from the Security Hub administrator account andaccepts the invitation from the member account. Run the script every time a new account iscreated. Configure Security Hub to run the CIS AWS Foundations Benchmark scans.
B. Run the CIS AWS Foundations Benchmark across all accounts by using AmazonInspector.
C. Designate a central security account as the Amazon GuardDuty administrator account.Create a script that sends an invitation from the GuardDuty administrator account andaccepts the invitation from the member account. Run the script every time a new account iscreated. Configure GuardDuty to run the CIS AWS Foundations Benchmark scans.
D. Designate an AWS Security Hub administrator account. Configure new accounts in theorganization to automatically become member accounts. Enable CIS AWS FoundationsBenchmark scans.

Show / Hide Answer

---

Question # 59

A SysOps administrator must ensure that all of a company's current and future Amazon S3 buckets have logging enabled If an S3 bucket does not have logging enabled an automated process must enable logging for the S3 bucket. Which solution will meet these requirements? 

A. Use AWS Trusted Advisor 10 perform a check for S3 buckets that do not have loggingenabled Configure the check to enable logging for S3 buckets that do not have loggingenabled.
B. Configure an S3 bucket policy that requires all current and future S3 buckets to havelogging enabled
C. Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediationaction that uses an AWS Lambda function to enable logging.
D. Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediationaction that uses the AWS-ConfigureS3BucketLoggmg AWS Systems Manager Automationrunbook to enable logging.

Show / Hide Answer

---

Question # 60

An application is deployed in a VPC in both the us-east-2 and eu-west-1 Regions. A significant amount of data needs to be transferred between the two Regions. What is the MOST cost-effective way to set up the data transfer? 

A. Establish a VPN connection between the Regions using third-party VPN products from AWS Marketplace.
B. Establish Amazon CloudFront distributions tor the Amazon EC2 instances from both Regions.
C. Establish an inter-Region VPC peering connection between the VPCs.
D. Establish an AWS PrivateLinK connection between the two Regions.

Show / Hide Answer

---

Question # 61

A company is running distributed computing software to manage a fleet of 20 Amazon EC2 instances for calculations. The fleet includes 2 control nodes and 18 task nodes to run the calculations. Control nodes can automatically start the task nodes. Currently, all the nodes run on demand. The control nodes must be available 24 hours a day, 7 days a week. The task nodes run for 4 hours each day. A SysOps administrator needs to optimize the cost of this solution. Which combination of actions will meet these requirements? (Choose two.) 

A. Purchase EC2 Instance Savings Plans for the control nodes.
B. Use Dedicated Hosts for the control nodes.
C. Use Reserved Instances for the task nodes.
D. Use Spot Instances for the control nodes. Use On-Demand Instances if there is no Spot availability.
E. Use Spot Instances for the task nodes. Use On-Demand Instances if there is no Spot availability.

Show / Hide Answer

---

Question # 62

A user is connected to an Amazon EC2 instance in a private subnet. The user is unable to access the internet from the instance by using the following curl command: curl http:/www.example.com. A SysOps administrator reviews the VPC configuration and learns the following information: • The private subnet has a route to a NAT gateway for CIDR 0.0.0.0/0 • The outbound security group for the EC2 instance contains one rule: outbound for port 443 to CIDR 0.0.0.0/0 • The inbound security group for the EC2 instance allows ports 22 and 443 from the user's IP address. • The inbound network ACL for the subnet allows port 22 and port range 1024-65535 from CIDR 0.0.0.0/0 Which action will allow the user to complete the curl request successfully? 

A. Add an additional inbound network ACL rule for port 80 to CIDR 0.0.0.0/0.
B. Add an additional inbound security group rule for port 80 to CIDR 0.0.0.0/0.
C. Add an additional outbound security group rule for port 80 to CIDR 0.0.0.0/0.
D. Add an additional outbound security group rule for port 80 to the user's IP address.

Show / Hide Answer

---

Question # 63

A company runs a worker process on three Amazon EC2 instances. The instances are in an Auto Scaling group that is configured to use a simple scaling policy. The instances process messages from an Amazon Simple Queue Service (Amazon SOS) queue. Random periods of increased messages are causing a decrease in the performance of the worker process. A SysOps administrator must scale the instances to accommodate the increased number of messages. Which solution will meet these requirements? 

A. Use CloudWatch to create a metric math expression to calculate the approximate age ofthe oldest message in the SQS queue. Create a target tracking scaling policy for the metricmath expression to modify the Auto Scaling group.
B. Use CloudWatch to create a metric math expression to calculate the approximatenumber of messages visible in the SQS queue for each instance. Create a target trackingscaling policy for the metric math expression to modify the Auto Scaling group.
C. Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group.Create a target tracking scaling policy for the ALBRequestCountPerTarget metric to modifythe Auto Scaling group.
D. Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group.Create a scheduled scaling policy for the Auto Scaling group.

Show / Hide Answer

---

Question # 64

A company runs a single-page web application on AWS The application uses Amazon CloudFront lo deliver static content from an Amazon S3 bucket origin The application also uses an Amazon Elastic Kubemetes Service (Amazon EKS) duster to serve API calls Users sometimes report that the website is not operational, even when monitoring shows that the index page is reachable and that the EKS cluster is healthy. A SysOps administrator must Implement additional monitoring that can delect when the website is not operational before users report the problem. Which solution will meet these requirements? 

A. Create an Amazon CloudWatch Synthetics heartbeat monitor canary that points to thefully qualified domain name (FQDN) of the website.
B. Create an Amazon CloudWatch Synthetics API canary that monitors the availability ofAPI endpoints from the EKS cluster.
C. Create an Amazon CloudWatch RUM app monitor that points to the fully qualifieddomain name (FQDN) of the website. Configure the app monitor to collect performancetelemetry and JavaScript errors
D. Create an Amazon CloudWatch RUM app monitor that uses the API endpoints from theEKS cluster

Show / Hide Answer

---

Question # 65

A new application runs on Amazon EC2 instances and accesses data in an Amazon RDS database instance. When fully deployed in production, the application fails. The database can be queried from a console on a bastion host. When looking at the web server logs, the following error is repeated multiple times: "** Error Establishing a Database Connection Which of the following may be causes of the connectivity problems? {Select TWO.) 

A. The security group for the database does not have the appropriate egress rule from thedatabase to the web server.
B. The certificate used by the web server is not trusted by the RDS instance.
C. The security group for the database does not have the appropriate ingress rule from theweb server to the database.
D. The port used by the application developer does not match the port specified in the RDSconfiguration.
E. The database is still being created and is not available for connectivity.

Show / Hide Answer

---

Question # 66

A company has many accounts in an organization in AWS Organizations The company must automate resource provisioning from the organization's management account to the member accounts. Which solution will meet this requirement? 

A. Create an AWS CkHJdFormation change set Deploy the change set to all memberaccounts
B. Create an AWS CtoudFormation nested stack Deploy the nested stack to all memberaccounts.
C. Create an AWS CtoudFormation stack set Deploy the stack set to all member accounts.
D. Create an AWS Serverless Application Model (AWS SAM) template. Deploy thetemplate to all member accounts.

Show / Hide Answer

---

Question # 67

A SysOps administrator must analyze Amazon CloudWatch logs across 10 AWS Lambda functions for historical errors. The logs are in JSON format and are stored in Amazon S3. Errors sometimes do not appear in the same field, but all errors begin with the same string prefix. What is the MOST operationally efficient way for the SysOps administrator to analyze the log files? 

A. Use S3 Select to write a query to search for errors. Run the query across all log groupsof interest.
B. Create an AWS Glue processing job to index the logs of interest. Run a query inAmazon Athena to search for errors.
C. Use Amazon CloudWatch Logs Insights to write a query to search for errors. Run thequery across all log groups of interest.
D. Use Amazon CloudWatch Contributor Insights to create a rule. Apply the rule across alllog groups of interest.

Show / Hide Answer

---

Question # 68

A company has 50 AWS accounts and wants to create an identical Amazon VPC in each account. Any changes the company makes to the VPCs in the future must be implemented on every VPC. What is the MOST operationally efficient method to deploy and update the VPCs in each account? 

A. Create an AWS Cloud Formation template that defines the VPC. Sign in to the AWSManagement Console under each account. Create a stack from the template.
B. Create a shell script that configures the VPC using the AWS CLI. Provide a list ofaccounts to the shell script from a text file. Create the VPC in every account in the list.
C. Create an AWS Lambda function that configures the VPC. Store the account informationin Amazon DynamoDB. Grant Lambda access to the DynamoDB table. Create the VPC inevery account in the list.
D. Create an AWS Cloud Formation template that defines the VPC. Create an AWSCloudFormation StackSet based on the template. Deploy the template to all accounts usingthe stack set.

Show / Hide Answer

---

Question # 69

A development team created and deployed a new AWS Lambda function 15 minutes ago. Although the function was invoked many times. Amazon CloudWatch Logs are not showing any log messages. What is one cause of this? 

A. The developers did not enable log messages for this Lambda function.
B. The Lambda function's role does not include permissions to create CloudWatch Logs items.
C. The Lambda function raises an exception before the first log statement has been reached.
D. The Lambda functions creates local log files that have to be shipped to CloudWatch Logs first before becoming visible.

Show / Hide Answer

---

Question # 70

A company hosts an internal application on Amazon EC2 On-Demand Instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group. Employees use the application to provide product prices to potential customers. The Auto Scaling group is configured with a dynamic scaling policy and tracks average CPU utilization of the instances. Employees have noticed that sometimes the application becomes slow or unresponsive. A SysOps administrator finds that some instances are experiencing a high CPU load. The Auto Scaling group cannot scale out because the company is reaching the EC2 instance service quota. The SysOps administrator needs to implement a solution that provides a notification when the company reaches 70% or more of thte EC2 instance service quota. Which solution will meet these requirements in the MOST operationally efficient manner? 

A. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances,and compares the total number against the applied quota value by using the ServiceQuotas API. Configure the Lambda function to publish an Amazon Simple NotificationService (Amazon SNS) notification if the quota utilization is equal to or greater than 70%.Create an Amazon EventBridge rule to invoke the Lambda function.
B. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances,and compares the total number against the applied quota value by using the AmazonCloudWatch Metrics API. Configure the Lambda function to publish an Amazon SimpleNotification Service (Amazon SNS) notification if the quota utilization is equal to or greaterthan 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
C. Use the Service Quotas console to create an Amazon CloudWatch alarm for the EC2instances. Configure the alarm with quota utilization equal to or greater than 70%.Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS)notification when the alarm enters ALARM state.
D. Create an Amazon CloudWatch alarm. Configure the alarm with a threshold of 70% forthe CPUUtilization metric for the EC2 instances. Configure the alarm to publish an AmazonSimple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.

Show / Hide Answer

---

Question # 71

A company hosts an internal application on Amazon EC2 On-Demand Instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group. Employees use the application to provide product prices to potential customers. The Auto Scaling group is configured with a dynamic scaling policy and tracks average CPU utilization of the instances. Employees have noticed that sometimes the application becomes slow or unresponsive. A SysOps administrator finds that some instances are experiencing a high CPU load. The Auto Scaling group cannot scale out because the company is reaching the EC2 instance service quota. The SysOps administrator needs to implement a solution that provides a notification when the company reaches 70% or more of thte EC2 instance service quota. Which solution will meet these requirements in the MOST operationally efficient manner? 

A. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances,and compares the total number against the applied quota value by using the ServiceQuotas API. Configure the Lambda function to publish an Amazon Simple NotificationService (Amazon SNS) notification if the quota utilization is equal to or greater than 70%.Create an Amazon EventBridge rule to invoke the Lambda function.
B. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances,and compares the total number against the applied quota value by using the AmazonCloudWatch Metrics API. Configure the Lambda function to publish an Amazon SimpleNotification Service (Amazon SNS) notification if the quota utilization is equal to or greaterthan 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
C. Use the Service Quotas console to create an Amazon CloudWatch alarm for the EC2instances. Configure the alarm with quota utilization equal to or greater than 70%.Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS)notification when the alarm enters ALARM state.
D. Create an Amazon CloudWatch alarm. Configure the alarm with a threshold of 70% forthe CPUUtilization metric for the EC2 instances. Configure the alarm to publish an AmazonSimple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.

Show / Hide Answer

---

Question # 72

A company hosts an internal application on Amazon EC2 On-Demand Instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group. Employees use the application to provide product prices to potential customers. The Auto Scaling group is configured with a dynamic scaling policy and tracks average CPU utilization of the instances. Employees have noticed that sometimes the application becomes slow or unresponsive. A SysOps administrator finds that some instances are experiencing a high CPU load. The Auto Scaling group cannot scale out because the company is reaching the EC2 instance service quota. The SysOps administrator needs to implement a solution that provides a notification when the company reaches 70% or more of thte EC2 instance service quota. Which solution will meet these requirements in the MOST operationally efficient manner? 

A. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances,and compares the total number against the applied quota value by using the ServiceQuotas API. Configure the Lambda function to publish an Amazon Simple NotificationService (Amazon SNS) notification if the quota utilization is equal to or greater than 70%.Create an Amazon EventBridge rule to invoke the Lambda function.
B. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances,and compares the total number against the applied quota value by using the AmazonCloudWatch Metrics API. Configure the Lambda function to publish an Amazon SimpleNotification Service (Amazon SNS) notification if the quota utilization is equal to or greaterthan 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
C. Use the Service Quotas console to create an Amazon CloudWatch alarm for the EC2instances. Configure the alarm with quota utilization equal to or greater than 70%.Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS)notification when the alarm enters ALARM state.
D. Create an Amazon CloudWatch alarm. Configure the alarm with a threshold of 70% forthe CPUUtilization metric for the EC2 instances. Configure the alarm to publish an AmazonSimple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.

Show / Hide Answer

---

Question # 73

A company hosts an internet web application on Amazon EC2 instances. The company is replacing the application with a new AWS Lambda function. During a transition period, the company must route some traffic to the legacy application and some traffic to the new Lambda function. The company needs to use the URL path of request to determine the routing. Which solution will meet these requirements? 

A. Configure a Gateway Load Balancer to use the URL path to direct traffic to the legacyapplication and the new Lambda function.
B. Configure a Network Load Balancer to use the URL path to direct traffic to the legacyapplication and the new Lambda function.
C. Configure a Network Load Balancer to use a regular expression to match the URL pathto direct traffic to the new Lambda function.
D. Configure an Application Load Balancer to use the URL path to direct traffic to thelegacy application and the new Lambda function.

Show / Hide Answer

---

Question # 74

A company hosts an internet web application on Amazon EC2 instances. The company is replacing the application with a new AWS Lambda function. During a transition period, the company must route some traffic to the legacy application and some traffic to the new Lambda function. The company needs to use the URL path of request to determine the routing. Which solution will meet these requirements? 

A. Configure a Gateway Load Balancer to use the URL path to direct traffic to the legacyapplication and the new Lambda function.
B. Configure a Network Load Balancer to use the URL path to direct traffic to the legacyapplication and the new Lambda function.
C. Configure a Network Load Balancer to use a regular expression to match the URL pathto direct traffic to the new Lambda function.
D. Configure an Application Load Balancer to use the URL path to direct traffic to thelegacy application and the new Lambda function.

Show / Hide Answer

---

Question # 75

A company has an application that uses Amazon DynamoDB tables The tables are spread across AWS accounts and AWS Regions. The company uses AWS CloudFormation to deploy AWS resources. A new team at the company is deleting unused AWS resources. The team accidentally deletes several production DynamoDB tables by running an AWS Lambda function that makes a DynamoDB DeleteTable API call. The table deletions cause an application outage A SysOps administrator must implement a solution that minimizes the chance of accidental deletions of tables. The solution also must minimize data loss that results from accidental deletions. Which combination of steps will meet these requirements? (Select TWO.) 

A. Enable termination protection for the CloudFormation stacks that deploy the DynamoDBtables.
B. Enable deletion protection for the DynamoDB tables
C. Enable point-in-time recovery for (he DynamoDB tables. Restore the tables if they areaccidentally deleted.
D. Schedule daily backups of the DynamoDB tables. Restore the tables if they areaccidentally deleted.
E. Export the DynamoDB tables to Amazon S3 every day. Use Import from Amazon S3 torestore data for tables that are accidentally deleted

Show / Hide Answer

---

Question # 76

A company runs its applications on a large number of Amazon EC2 instances. A SysOps administrator must implement a solution to notify the operations team whenever an EC2 instance slate changes. What is the MOST operationally efficient solution that meets these requirements? 

A. Create a script that captures instance state changes and publishes a notification to anAmazon Simple Notification Service (Amazon SNS) topic. Use AWS Systems ManagerRun Command to run the script on all EC2 instances.
B. Create an Amazon EventBridge event rule that captures EC2 instance state changes.Set an Amazon Simple Notification Service (Amazon SNS) topic as the target.
C. Create an Amazon EventBridge event rule that captures EC2 instance state changes.Set as the target an AWS Lambda function that publishes a notification to an AmazonSimple Notification Service (Amazon SNS) topic.
D. Create an AWS Config custom rule that evaluates instance state changes withautomatic remediation. Use the rule to invoke an AWS Lambda function that publishes anotification to an Amazon Simple Notification Service (Amazon SNS) topic.

Show / Hide Answer

---

Question # 77

A company is planning to host an application on a set of Amazon EC2 instances that are distributed across multiple Availability Zones. The application must be able to scale to millions of requests each second. A SysOps administrator must design a solution to distribute the traffic to the EC2 instances. The solution must be optimized to handle sudden and volatile traffic patterns while using a single static IP address for each Availability Zone. Which solution will meet these requirements? 

A. Amazon Simple Queue Service (Amazon SQS) queue
B. Application Load Balancer
C. AWS Global Accelerator
D. Network Load Balancer

Show / Hide Answer

---

Question # 78

A company is planning to host an application on a set of Amazon EC2 instances that are distributed across multiple Availability Zones. The application must be able to scale to millions of requests each second. A SysOps administrator must design a solution to distribute the traffic to the EC2 instances. The solution must be optimized to handle sudden and volatile traffic patterns while using a single static IP address for each Availability Zone. Which solution will meet these requirements? 

A. Amazon Simple Queue Service (Amazon SQS) queue
B. Application Load Balancer
C. AWS Global Accelerator
D. Network Load Balancer

Show / Hide Answer

---

Question # 79

A SysOps administrator is managing a Memcached cluster in Amazon ElastiCache. The cluster has been heavily used recently, and the administrator wants to use a larger instance type with more memory. What should the administrator use to make this change? 

A. Use the ModifycacheCluster API and specify a new cacheNodeType.
B. Use the createcacheciuster API and specify a new cacheNodeType.
C. Use the Modi fyCacheParameterGcoup API and specify a new CacheNodeType.
D. Use the Rebootcacheclustcr API and specify a new CacheNodeType.

Show / Hide Answer

---

Question # 80

A company has multiple AWS accounts. The company uses AWS Organizations with an organizational unit (OU) for the production account and another OU for the development account. Corporate policies state that developers may use only approved AWS services in the production account. What is the MOST operationally efficient solution to control the production account? 

A. Create a customer managed policy in AWS Identity and Access Management (IAM).Apply the policy to all users within the production account.
B. Create a job function policy in AWS Identity and Access Management (IAM). Apply thepolicy to all users within the production OU.
C. Create a service control policy (SCP). Apply the SCP to the production OU.
D. Create an IAM policy. Apply the policy in Amazon API Gateway to restrict the production account.

Show / Hide Answer

---

Question # 81

A company has multiple AWS accounts. The company uses AWS Organizations with an organizational unit (OU) for the production account and another OU for the development account. Corporate policies state that developers may use only approved AWS services in the production account. What is the MOST operationally efficient solution to control the production account? 

A. Create a customer managed policy in AWS Identity and Access Management (IAM).Apply the policy to all users within the production account.
B. Create a job function policy in AWS Identity and Access Management (IAM). Apply thepolicy to all users within the production OU.
C. Create a service control policy (SCP). Apply the SCP to the production OU.
D. Create an IAM policy. Apply the policy in Amazon API Gateway to restrict the production account.

Show / Hide Answer

---

Question # 82

A company has an AWS Lambda function in Account A. The Lambda function needs to read the objects in an Amazon S3 bucket in Account B. A SysOps administrator must create corresponding 1AM roles in both accounts. Which solution will meet these requirements? 

A. In Account A, create a Lambda execution role to assume the role in Account B. InAccount B. create a role that the function can assume to gain access to the S3 bucket.
B. In Account A, create a Lambda execution role that provides access to the S3 bucket. InAccount B. create a role that the function can assume.
C. In Accou nt A. create a role that the function can assume. In Account B, create a Lambda execution role that provides access to the S3 bucket.
D. In Account A. create a role that the function can assume to gain access to the S3bucket. In Account B. create a Lambda execution role to assume the role in Account A.

Show / Hide Answer

---

Question # 83

A SysOps administrator needs to implement a backup strategy for Amazon EC2 resources and Amazon RDS resources. The backup strategy must meet the following retention requirements: • Daily backups: must be kept for 6 days • Weekly backups: must be kept for 4 weeks: • Monthly backups: must be kept for 11 months • Yearly backups: must be kept for 7 years Which backup strategy will meet these requirements with the LEAST administrative effort? 

A. Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (AmazonEBS) snapshot policy. Create tags on each resource that needs to be backed up. Createmultiple schedules according to the requirements within the policy. Set the appropriatefrequency and retention period.
B. Use AWS Backup to create a new backup plan for each retention requirement with abackup frequency of daily, weekly, monthly, or yearly. Set the retention period to match therequirement. Create tags on each resource that needs to be backed up. Set up resourceassignment by using the tags.
C. Create an AWS Lambda function. Program the Lambda function to use native tooling totake backups of file systems in Amazon EC2 and to make copies of databases in AmazonRDS. Create an Amazon EventBridge rule to invoke the Lambda function.
D. Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (AmazonEBS) snapshot policy. Create tags on each resource that needs to be backed up. Set upresource assignment by using the tags. Create multiple schedules according to therequirements within the policy. Set the appropriate frequency and retention period. InAmazon RDS, activate automated backups on the required DB instances.

Show / Hide Answer

---

Question # 84

A SysOps administrator needs to design a disaster recovery (DR) plan for an application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The application uses an Amazon Aurora PostgreSQL database. The recovery time objective (RTO) and recovery point objective (RPO) are 15 minutes each. Which combination of steps should the SysOps administrator take to meet these requirements MOST cost-effectively? (Select TWO.) 

A. Configure Aurora backups to be exported to the DR Region.
B. Configure the Aurora cluster to replicate data to the DR Region by using the Aurora global database option.
C. Configure the DR Region with an ALB and an Auto Scaling group. Use the sameconfiguration as in the primary Region.
D. Configure the DR Region with an ALB and an Auto Scaling group. Set the Auto Scalinggroup's minimum capacity, maximum capacity, and desired capacity to 1.
E. Manually launch a new ALB and a new Auto Scaling group by using AWSCloudFormation during a failover activity.

Show / Hide Answer

---

Question # 85

An application runs on Amazon EC2 instances in an Auto Scaling group. Following the deployment of a new feature on the EC2 instances, some instances were marked asunhealthy and then replaced by the Auto Scaling group. The EC2 instances terminated before a SysOps administrator could determine the cause of the health status changes. To troubleshoot this issue, the SysOps administrator wants to ensure that an AWS Lambda function is invoked in this situation. How should the SysOps administrator meet these requirements? 

A. Activate the instance scale-in protection setting for the Auto Scaling group. Invoke theLambda function through Amazon EventBridge (Amazon CloudWatch Events).
B. Activate the instance scale-in protection setting for the Auto Scaling group. Invoke theLambda function through Amazon Route 53.
C. Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function throughAmazon EventBridge (Amazon CloudWatch Events).
D. Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function throughAmazon Route 53.

Show / Hide Answer

---

Question # 86

A company's SysOps administrator manages a fleet of hundreds of Amazon EC2 instances that run Windows-based workloads and Linux-based workloads. Each EC2 instance has a tag that identifies its operating system. All the EC2 instances run AWS Systems Manager Session Manager. A zero-day vulnerability is reported, and no patches are available. The company's security team provides code for all the relevant operating systems to reduce the risk of the vulnerability. The SysOps administrator needs to implement the code on the EC2 instances and must provide a report that shows that the code has successfully run on all the instances. What should the SysOps administrator do to meet these requirements as quickly as possible? 

A. Use Systems Manager Run Command. Choose either the AWS-RunShellScriptdocument or the AWS-RunPowerShellScript document. Configure Run Command with thecode from the security team. Specify the operating system tag in the Targets parameter.Run the command. Provide the command history's evidence to the security team.
B. Create an AWS Lambda function that connects to the EC2 instances through SessionManager. Configure the Lambda function to identify the operating system, run the codefrom the security team, and return the results to an Amazon RDS DB instance. Query theDB instance for the results. Provide the results as evidence to the security team.
C. Log on to each EC2 instance. Run the code from the security team on each EC2instance. Copy and paste the results of each run into a single spreadsheet. Provide thespreadsheet as evidence to the security team.
D. Update the launch templates of the EC2 instances to include the code from the securityteam in the user data. Relaunch the EC2 instances by using the updated launch templates.Retrieve the EC2 instance logs of each instance. Provide the EC2 instance logs as evidence to the security team.

Show / Hide Answer

---

Question # 87

A company is hosting applications on Amazon EC2 instances. The company is hosting a database on an Amazon RDS for PostgreSQL DB instance. The company requires all connections to the DB instance to be encrypted. What should a SysOps administrator do to meet this requirement? 

A. Allow SSL connections to the database by using an inbound security group rule.
B. Encrypt the database by using an AWS Key Management Service (AWS KMS) encryption key.
C. Enforce SSL connections to the database by using a custom parameter group.
D. Patch the database with SSL/TLS by using a custom PostgreSQL extension.

Show / Hide Answer

---

Question # 88

A SysOps administrator receives an alert from Amazon GuardDuty about suspicious network activity on an Amazon EC2 instance. The GuardDuty finding lists a new external IP address as a traffic destination. The SysOps administrator does not recognize the external IP address. The SysOps administrator must block traffic to the external IP address that GuardDuty identified. Which solution will meet this requirement? 

A. Create a new security group to block traffic to the external IP address. Assign the newsecurity group to the EC2 instance.
B. Use VPC flow logs with Amazon Athena to block traffic to the external IP address.
C. Create a network ACL. Add an outbound deny rule for traffic to the external IP address.
D. Create a new security group to block traffic to the external IP address. Assign the newsecurity group to the entire VPC.

Show / Hide Answer

---

Question # 89

A company deploys a new application on three Amazon EC2 instances across three Availability Zones The company uses a Network Load Balancer (NLB) to route traffic lo the EC2 instances. A SysOps administrator must implement a solution so that the EC2 instances allow traffic from only the NLB. What should the SysOps administrator do to meet these requirements with the LEAST operational overhead? 

A. Configure the security group that is associated with the EC2 instances to allow trafficfrom only the security group that is associated with the NLB.
B. Configure the security group that is associated with the EC2 instances to allow trafficfrom only the elastic network interfaces that are associated with the NLB.
C. Create a network ACL. Associate the network ACL with the application subnets.Configure the network ACL to allow inbound traffic from only the CIDR ranges of the NLB.
D. Use a third-party firewall solution that is installed on a separate EC2 instance. Configurea firewall rule that allows traffic to the application's EC2 instances from only the subnetswhere the NLB is deployed

Show / Hide Answer

---

Question # 90

A company has scientists who upload large data objects to an Amazon S3 bucket The scientists upload the objects as multipart uploads. The multipart uploads often fail because of poor end-client connectivity. The company wants to optimize storage costs that are associated with the data. A SysOps administrator must implement a solution that presents metrics for incomplete uploads. The solution also must automatically delete any incomplete uploads after 7 days. Which solution will meet these requirements? 

A. Review the Incomplete Multipart Upload Bytes metre in the S3 Storage Lens dashboardCreate an S3 Lifecycle policy to automatically delete any incomplete multipart uploads after7 days.
B. Implement S3 Intelligent-Tiering to move data into tower-cost storage classes after 7days. Create an S3 Storage Lens policy to automatically delete any incomplete multipartuploads after 7 days.
C. Access the S3 console Review the Metrics tab to check the storage that incompletemultipart uploads are consuming. Create an AWS Lambda function to delete anyincomplete multipart uploads after 7 days.
D. Use the S3 analytics storage class analysis tool to identify and measure incompletemultipart uploads. Configure an S3 bucket policy to enforce restrictions on multipartuploads to delete incomplete multipart uploads after 7 days.

Show / Hide Answer

---

Question # 91

A company updates its security policy to clarify cloud hosting arrangements for regulated workloads. Workloads that are identified as sensitive must run on hardware that is not shared with other customers or with other AWS accounts within the company. Which solution will ensure compliance with this policy? 

A. Deploy workloads only to Dedicated Hosts.
B. Deploy workloads only to Dedicated Instances.
C. Deploy workloads only to Reserved Instances.
D. Place all instances in a dedicated placement group.

Show / Hide Answer

---

Question # 92

A company uses AWS Cloud Formation to deploy its infrastructure. The company recently retired an application. A cloud operations engineer initiates CloudFormation stack deletion, and the stack gets stuck in DELETE FAILED status. A SysOps administrator discovers that the stack had deployed a security group. The security group is referenced by other security groups in the environment. The SysOps administrator needs to delete the stack without affecting other applications. Which solution will meet these requirements m the MOST operationally efficient manner? 

A. Create a new security group that has a different name Apply identical rules to the newsecurity group. Replace all other security groups that reference the new security group. Delete the stack.
B. Create a CloudFormation change set to delete the security group. Deploy the change set.
C. Delete the stack again. Specify that the security group be retained.
D. Perform CloudFormation drift detection Delete the stack.

Show / Hide Answer

---

Question # 93

A company is using AWS to deploy a critical application on a fleet of Amazon EC2 instances The company is rewriting the application because the application failed a security review The application will take 12 months to rewrite While this rewrite happens, the company needs to rotate IAM access keys that the application uses. A SysOps administrator must implement an automated solution that finds and rotates IAM access Keys that are at least 30 days old. The solution must then continue to rotate the IAM access Keys every 30 days. Which solution will meet this requirement with the MOST operational efficiency? 

A. Use an AWS Config rule to identify IAM access Keys that are at least 30 days old.Configure AWS Config to invoKe an AWS Systems Manager Automation runbook to rotatethe identified IAM access keys.
B. Use AWS Trusted Advisor to identify IAM access Keys that are at least 30 days old.Configure Trusted Advisor to invoke an AWS Systems Manager Automation runbook torotate the identified IAM access keys
C. Create a script that checks the age of IAM access Keys and rotates them if they are atleast 30 days old. Launch an EC2 instance. Schedule the script to run as a cron expressionon the EC2 instance every day.
D. Create an AWS Lambda function that checks the age of IAM access keys and rotatesthem if they are at least 30 days old Use an Amazon EventBridge rule to invoke theLambda function every time a new IAM access key is created.

Show / Hide Answer

---

Question # 94

A company has an application that customers use to search for records on a website. The application's data is stored in an Amazon Aurora DB cluster. The application's usage varies by season and by day of the week. The website's popularity is increasing, and the website is experiencing slower performance because of increased load on the DB cluster during periods of peak activity. The application logs show that the performance issues occur when users are searching for information. The same search is rarely performed multiple times. A SysOps administrator must improve the performance of the platform by using a solution that maximizes resource efficiency. Which solution will meet these requirements? 

A. Deploy an Amazon ElastiCache for Redis cluster in front of the DB cluster. Modify theapplication to check the cache before the application issues new queries to the database.Add the results of any queries to the cache.
B. Deploy an Aurora Replica for the DB cluster. Modify the application to use the readerendpoint for search operations. Use Aurora Auto Scaling to scale the number of replicasbased on load. Most Voted
C. Use Provisioned IOPS on the storage volumes that support the DB cluster to improveperformance sufficiently to support the peak load on the application.
D. Increase the instance size in the DB cluster to a size that is sufficient to support thepeak load on the application. Use Aurora Auto Scaling to scale the instance size based onload.

Show / Hide Answer

---

Question # 95

A company is deploying an ecommerce application to an AWS Region that is located in France. The company wants users from only France to be able to access the first version of the application. The company plans to add more countries for the next version of the application. A SysOps administrator needs to configure the routing policy in Amazon Route 53. Which solution will meet these requirements? 

A. Use a geoproximity routing policy. Select France as the location in the record.
B. Use a geolocation routing policy. Select France as the location in the record.
C. Use an IP-based routing policy. Select all IP addresses that are allocated to France inthe record.
D. Use a geoproximity routing policy. Select all IP addresses that are allocated to France inthe record.

Show / Hide Answer

---

Question # 96

A company recently deployed an application in production. The production environment currently runs on a single Amazon EC2 instance that hosts the application's web application and a MariaDB database. Company policy states that all IT production environments must be highly available. What should a SysOps administrator do to meet this requirement? 

A. Migrale the database from the EC2 instance to an Amazon RDS for MariaDB Multi-AZDB instance. Run the application on EC2 instances that are in an Auto Scaling group thatextends across multiple Availability Zones. Place the EC2 instances behind a loadbalancer.
B. Migrate the database from the EC2 instance to an Amazon RDS for MariaDB Multi-AZDB instance. Use AWS Application Migration Service to convert the application into anAWS Lambda function. Specify the Multi-AZ option for the Lambda function.
C. Copy the database to a different EC2 instance in a different Availability Zone. Use AWSBackup to create Amazon Machine Images (AMIs) of the application EC2 instance and thedatabase EC2 instance. Create an AWS Lambda function that performs health checksevery minute. In case of failure, configure the Lambda function to launch a new EC2instance from the AMIs that AWS Backup created.
D. Migrate the database to a different EC2 instance. Place the application EC2 instance inan Auto Scaling group that extends across multiple Availability Zones. Create an AmazonMachine Image (AMI) from the database EC2 instance. Use the AMI to launch a seconddatabase EC2 instance in a different Availability Zone. Put the second database EC2instance in the stopped state. Use the second database EC2 instance as a standby.

Show / Hide Answer

---

Question # 97

A SysOps administrator must configure Amazon S3 to host a simple nonproduction webpage. The SysOps administrator has created an empty S3 bucket from the AWS Management Console. The S3 bucket has the default configuration in place. Which combination of actions should the SysOps administrator take to complete this process? (Choose two.) 

A. Configure the S3 bucket by using the "Redirect requests for an object" functionality topoint to the bucket root URL.
B. Turn off the "Block all public access" setting. Allow public access by using a bucket ACLthat contains <Permission>WEBSITE</Permission>.
C. Turn off the "Block all public access" setting. Allow public access by using a bucket ACLthat allows access to the AuthenticatedUsers grantee.
D. Turn off the "Block all public access" setting. Set a bucket policy that allows "Principal":the s3:GetObject action.
E. Create an index.html document. Configure static website hosting, and upload the indexdocument to the S3 bucket.

Show / Hide Answer

---

Question # 98

A company is running Amazon RDS for PostgreSOL Multi-AZ DB clusters. The company uses an AWS Cloud Formation template to create the databases individually with a default size of 100 GB. The company creates the databases every Monday and deletes the databases every Friday. Occasionally, the databases run low on disk space and initiate an Amazon CloudWatch alarm. A SysOps administrator must prevent the databases from running low on disk space in the future. Which solution will meet these requirements with the FEWEST changes to the application? 

A. Modify the CloudFormation template to use Amazon Aurora PostgreSOL as the DBengine.
B. Modify the CloudFormation template to use Amazon DynamoDB as the database.Activate storage auto scaling during creation of the tables
C. Modify the Cloud Formation template to activate storage auto scaling on the existing DBinstances.
D. Create a CloudWatch alarm to monitor DB instance storage space. Configure the alarmto invoke the VACUUM command.

Show / Hide Answer

---

Question # 99

A company has applications that process transaction requests multiple times each minute. The applications write transaction data to a single Amazon RDS DB instance. As the company begins to process more transactions, the company becomes concerned that it has no failover solution in place for disaster recovery (DR). The company needs the DB instance to fail over automatically without losing any committed transactions. Which solution will meet these requirements? 

A. Create an RDS read replica in the same AWS Region. Configure an AWS Lambdafunction to promote the replica as the primary DB instance during a DR scenario.
B. Create an RDS read replica in a different AWS Region. Configure an AWS Lambdafunction to promote the replica as the primary DB instance during a DR scenario.
C. Modify the DB instance to be a Multi-AZ deployment.
D. Setup an Amazon CloudWatch alarm that monitors the DB instance memory utilizationwith a threshold greater than 90%. Invoke an AWS Lambda function to restart the DB instance.

Show / Hide Answer

---

Question # 100

Accompany wants to monitor the number of Amazon EC2 instances that it is running. The company also wants to automate a service quota increase when the number of instances reaches a specific threshold. Which solution meets these requirements? 

A. Create an Amazon CloudWatch alarm to monitor Service Quotas. Configure the alarm to invoke an AWS Lambda function to request a quota increase when the alarm reaches the threshold.
B. Create an AWS Config rule to monitor Service Quotas. Call an AWS Lambda function to remediate the action and increase the quota.
C. Create an Amazon CloudWateh alarm to monitor the AWS Health Dashboard. Configurethe alarm to invoke an AWS Lambda function to request a quota increase when the alarmreaches the threshold.
D. Create an Amazon CloudWatch alarm to monitor AWS Trusted Advisor service quotas.Configure the alarm to publish a message to an Amazon Simple Notification Service(Amazon SNS) topic to increase the quota.

Show / Hide Answer

---

Question # 101

A company's security policy states that connecting to Amazon EC2 instances is not permitted through SSH and RDP. If access is required, authorized staff can connect to instances by using AWS Systems Manager Session Manager. Users report that they are unable to connect to one specific Amazon EC2 instance that is running Ubuntu and has AWS Systems Manager Agent (SSM Agent) pre-installed These users are able to use Session Manager to connect to other instances in the same subnet, and they are in an 1AM group that has Session Manager permission for all instances. What should a SysOps administrator do to resolve this issue? 

A. Add an inbound rule for port 22 in the security group associated with the Ubuntu instance.
B. Assign the AmazonSSMManagedlnstanceCore managed policy to the EC2 instance profile for the Ubuntu instance.
C. Configure the SSM Agent to log in with a user name of "ubuntu".
D. Generate a new key pair, configure Session Manager to use this new key pair, and provide the private key to the users.

Show / Hide Answer

---

Question # 102

A company currently runs its infrastructure within a VPC in a single Availability Zone The VPC is connected to the company's on-premises data center through an AWS Site-to-SIte VPN connection attached to a virtual pnvate gateway. The on-premises route tables route all VPC networks to the VPN connection Communication between the two environments is working correctly. A SysOps administrator created new VPC subnets within a new Availability Zone, and deployed new resources within the subnets. However, communication cannot be established between the new resources and the on-premises environment. Which steps should the SysOps administrator take to resolve the issue? 

A. Add a route to the route tables of the new subnets that send on-premises traffic to thevirtual private gateway.
B. Create a ticket with AWS Support to request adding Availability Zones to the Site-to-SiteVPN route configuration.
C. Establish a new Site-to-Site VPN connection between a virtual private gateway attachedto the new Availability Zone and the on-premises data center
D. Replace the Site-to-Site VPN connection with an AWS Direct Connect connection.

Show / Hide Answer

---

Question # 103

A company has a public web application that experiences rapid traffic increases after advertisements appear on local television. The application runs on Amazon EC2 instances that are in an Auto Scaling group. The Auto Scaling group is not keeping up with the traffic surges after an advertisement runs. The company often needs to scale out to 100 EC2 instances during the traffic surges. The instance startup times are lengthy because of a boot process that creates machinespecific data caches that are unique to each instance. The exact timing of when the advertisements will appear on television is not known. A SysOps administrator must implement a solution so that the application can function properly during the traffic surges. Which solution will meet these requirements? 

A. Create a warm pool. Keep enough instances in the Slopped state to meet the increased demand.
B. Start 100 instances. Allow the boot process to finish running. Store this data on theinstance store volume before stopping the instances.
C. Increase the value of the instance warmup time in the scaling policy.
D. Use predictive scaling for the Auto Scaling group.

Show / Hide Answer

---

Question # 104

A company wants to prohibit its developers from using a particular family of Amazon EC2 instances The company uses AWS Organizations and wants to apply the restriction across multiple accounts What is the MOST operationally efficient way for the company lo apply service control policies (SCPs) to meet these requirements? 

A. Add the accounts to an organizational unit (OUf Apply the SCPs to the OU.
B. Add the accounts to resource groups in AWS Resource Groups. Apply the SCPs to the resource groups.
C. Apply the SCPs to each developer account.
D. Enroll the accounts with AWS Control Tower. Apply the SCPs to the AWS Control Towermanagement account.

Show / Hide Answer

---

Question # 105

A SysOps administrator needs to create a report that shows how many bytes are sent to and received from each target group member for an Application Load Balancer (ALB). Which combination of steps should the SysOps administrator take to meet these requirements? (Select TWO.) 

A. Enable access logging for the ALB. Save the logs to an Amazon S3 bucket.
B. Install the Amazon CloudWatch agent on the Instances in the target group.
C. Use Amazon Athena to query the ALB logs Query the table Use the received_bytes andsenl_byt.es fields to calculate the total bytes grouped by the target:port field.
D. Use Amazon Athena to query the ALB logs Query the table. Use the received_bytes andsent_byt.es fields to calculate the total bytes grouped by the clientport field
E. Create an Amazon CloudWatch dashboard that shows the Sum statistic of theProcessedBytes metric for the ALB.

Show / Hide Answer

---

Question # 106

A company wants to track its expenditures for Amazon EC2 and Amazon RDS within AWS. The company decides to implement more rigorous tagging requirements for resources in its AWS accounts. A SysOps administrator needs to identify all noncompliant resources. What is the MOST operationally efficient solution that meets these requirements? 

A. Create a rule in Amazon EventBridge (Amazon CloudWatch Events) that invokes acustom AWS Lambda function that will evaluate all created or updated resources for thespecified tags.
B. Create a rule in AWS Config that invokes a custom AWS Lambda function that will evaluate all resources for the specified tags.
C. Create a rule in AWS Config with the required-tags managed rule to evaluate allresources for the specified tags.
D. Create a rule in Amazon EventBridge (Amazon CloudWatch Events) with a managedrule to evaluate all created or updated resources for the specified tags.

Show / Hide Answer

---

Question # 107

A company has an application that runs behind an Application Load Balancer (ALB) in the us-west-2 Region. An Amazon Route 53 record set contains an alias record for app.anycompany.com that references the ALB in us-west-2 and uses a simple routing policy. The application is experiencing an increase in users from other locations in the world. These users are experiencing high latency. Most of the new users are close to the ap-southeast-2 Region. The company deploys a copy of the application to ap-southeast-2. A SysOps administrator must implement a solution that automatically routes requests to the lowest latency endpoint for users without changing the URL. Which solution will meet these requirements? 

A. Add a new value to the existing alias record for app.anycompany.com with the DNSname of the new ALB in ap-southeast-2.
B. Change the existing alias record to use a geolocation routing policy. Create twogeolocation records, one record that references each ALSelect the location that is closestto each Region.
C. Change the existing alias record to use a latency routing policy. Create two latencyrecords, one record that references each ALB.
D. Change the existing alias record to use a multivalue routing policy Add the DNS name ofeach ALB to the record.

Show / Hide Answer

---

Question # 108

A company runs an application on Amazon EC2 instances behind an Application Load Balancer. The EC2 instances are in an Auto Scaling group. The application sometimes becomes slow and unresponsive. Amazon CloudWatch metrics show that some EC2 instances are experiencing high CPU load. A SysOps administrator needs to create a CloudWatch dashboard that can automatically display CPU metrics of all the EC2 instances. The metrics must include new instances that are launched as part of the Auto Scaling group. What should the SysOps administrator do to meet these requirements in the MOST operationally efficient way? 

A. Create a CloudWatch dashboard. Use activity notifications from the Auto Scaling groupto invoke a custom AWS Lambda function. Use the Lambda function to update theCloudWatch dashboard to monitor the CPUUtilization metric for the new instance IDs.
B. Create a CloudWatch dashboard. Run a custom script on each EC2 instance to streamthe CPU utilization to the dashboard.
C. Use CloudWatch metrics explorer to filter by the aws:autoscaling:groupName tag and tocreate a visualization for the CPUUtilization metric. Add the visualization to a CloudWatchdashboard.
D. Use CloudWatch metrics explorer to filter by instance state and to create a visualizationfor the CPUUtilization metric. Add the visualization to a CloudWatch dashboard.

Show / Hide Answer

---

Question # 109

A company decides to stop non-production Amazon EC2 instances during the EC2 instances. The company's IT manager must receive notification in near real time whenever an EC2 instance that has an environment type tag value of non-production is started during the night. Which solution will meet this requirement with the MOST operational efficiency? 

A. Configure an AWS Lambda function with an SMTP client library. Subscribe the Lambdafunction to the AWS Health Dashboard to receive notification whenever an EC2 instance isin the running state. Configure the Lambda function to use Amazon Pinpoint to send emailnotifications to the IT manager. Deploy a second Lambda function to throttle calls from thefirst Lambda function during the daytime.
B. Deploy an AWS Lambda function that queries the Amazon EC2 API to determine thestate of each EC2 instance. Use the EC2 instance scheduler to configure the Lambdafunction to run every minute during the night and to send an email notification to the ITmanager for each non-production EC2 instance that is in the running state.
C. Create an Amazon EventBridge rule that includes the EC2 Instance State-changeNotification event type. Filter the event to capture only the running state. Create an AWSLambda function as a target of the rule. Configure the Lambda function to check the currenttime and the EC2 instances’ tags to determine the environment type. Create an AmazonSimple Notification Service (Amazon SNS) topic as a target of the Lambda function fornotifications. Subscribe the IT manager's email address to the SNS topic.
D. Store the EC2 instance metadata, including the environment type, in an AmazonDynamoDB table. Deploy a custom application to an EC2 instance. Configure the customapplication to poll the DynamoDB data every minute during the night and to query theAmazon EC2 API to determine the state of each instance. Additionally, configure thecustom application to send an email notification to the IT manager for each non-productionEC2 instance that is in the running state.

Show / Hide Answer

---

Question # 110

A company wants to apply an existing Amazon Route 53 private hosted zone to a new VPC to allow for customized resource name resolution within the VPC. The Syspps administrator created the VPC and added the appropriate resource record sets to the private hosted zone. Which step should the SysOps administrator take to complete the setup? 

A. Associate the Route 53 private hosted zone with the VPC.
B. Create a rule in the default security group for the VPC that allows traffic to the Route 53 Resolver.
C. Ensure the VPC network ACLs allow traffic to the Route 53 Resolver.
D. Ensure there is a route to the Route 53 Resolver in each of the VPC route tables.

Show / Hide Answer

---

Question # 111

A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team's applications later process these files. A SysOps administrator sets up a new S3 bucket. DOC-EXAMPLE-BUCKET, to support a new workload. The new S3 bucket also receives regular uploads of large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing S3 buckets provide. What should the SysOps administrator do to remediate this issue? 

A. Provision an Amazon ElasliCache for Redis cluster for the new S3 bucket. Provide thedevelopers with the configuration endpoint of the cluster for use in their API calls.
B. Add the new S3 bucket to a new Amazon CloudFront distribution. Provide thedevelopers with the domain name of the new distribution for use in their API calls.
C. Enable S3 Transfer Acceleration for the new S3 bucket. Verify that the developers areusing the DOC-EXAMPLE-BUCKET.s3-accelerate.amazonaws.com endpoint name in theirAPI calls.
D. Use S3 multipart upload for the new S3 bucket. Verify that the developers are usingRegion-specific S3 endpoint names such as D0C-EXAMPLE-BUCKET.s3.[RegionJ.amazonaws.com in their API calls.

Show / Hide Answer

---

Question # 112

A SysOps administrator is re-architecting an application. The SysOps administrator has moved the database from a public subnet, where the database used a public endpoint. into a private subnet to restrict access from the public network. After this change, an AWS Lambda function that requires read access to the database cannot connect to the database. The SysOps administrator must resolve this issue without compromising security. Which solution meets these requirements? 

A. Create an AWS PrivateLink interface endpoint for the Lambda function. Connect to the database using its private endpoint.
B. Connect the Lambda function to the database VPC. Connect to the database using its private endpoint.
C. Attach an 1AM role to the Lambda function with read permissions to the database.
D. Move the database to a public subnet. Use security groups for secure access.

Show / Hide Answer

---

Question # 113

A SysOps administrator deployed a three-tier web application to a OA environment and is now evaluating the high availability of the application. The SysOps administrator notices that, when they simulate an unavailable Availability Zone, the application fails to respond. The application stores data in Amazon RDS and Amazon DynamoDB. How should the SysOps administrator resolve this issue? 

A. Add addilional subnets lo the RDS instance subnet group.
B. Add an Elastic Load Balancer in front of the RDS instance.
C. Distribute the data in DynamoDB across Availability Zones.
D. Enable Multi-AZ for the RDS instance.

Show / Hide Answer

---

Question # 114

A fleet of servers must send local logs to Amazon CloudWatch. How should the servers be configured to meet this requirement? 

A. Configure AWS Config to forward events to CloudWatch.
B. Configure a Simple Network Management Protocol {SNMP) agent to forward events to CloudWatch.
C. Install and configure the unified CloudWatch agent.
D. Install and configure the Amazon Inspector agent.

Show / Hide Answer

---

Question # 115

An AWS Cloud Formation template creates an Amazon RDS instance This template is used to build up development environments as needed and then delete the stack when the environment is no longer required. The RDS-persisted data must be retained for further use. even after the Cloud Format ton stack is deleted How can this be achieved in a reliable and efficient way? 

A. Write a script to continue backing up the RDS instance every live minutes.
B. Create an AWS Lambda function to take a snapshot of the RDS instance, and manuallyinvoke the function before deleting the stack.
C. Use the Snapshot Deletion Policy in the Cloud Formation template definition of the RDSinstance.
D. Create a new CloudFormallon template to perform backups of the RDS instance, andrun this template before deleting the stack.

Show / Hide Answer

---

Question # 116

A company has created an AWS CloudFormation template that consists of the AWS: EC2 Instance resource and a custom Cloud Formation resource The custom CloudFormation resource is an AWS Lambda function that attempts to run automation on the Amazon EC2 instance. During testing, the Lambda function fails because the Lambda function tries to run before the EC2 instance is launched Which solution will resolve this issue? 

A. Add a DependsOn attribute to the custom resource. Specify the EC2 instance in theDependsOn attribute.
B. Update the custom resource's service token to point to a valid Lambda function
C. Update the Lambda function to use the cfn-response module to send a response to thecustom resource.
D. Use the Fn::lf intrinsic function to check for the EC2 instance before the customresource runs.

Show / Hide Answer

---

Question # 117

An application uses an Amazon Aurora MySQL DB cluster that Includes one Aurora Replica The application's read performance degrades when there are more than 200 user connections. The number of user connections is approximately 180 on a consistent basis Occasionally, the number of user connections increases rapidly to more than 200 A SysOps administrator must implement a solution that will scale the application automatically as user demand increases or decreases. Which solution will meet these requirements? 
 

A. Modify the DB cluster by increasing the Aurora Replica instance size.
B. Modify the DB cluster by changing to serverless mode whenever the number of user connections exceeds 200.
C. Migrate to a new Aurora DB cluster that has multiple writer instances. Modify the application's database connection string.
D. Create an auto scaling policy that has a target value of 195 for the DatabaseConnections metric.

Show / Hide Answer

---

Question # 118

A SysOps administrator needs to monitor a process that runs on Linux Amazon EC2 instances. If the process stops, the process must restart automatically. The Amazon CloudWatch agent is already installed on all the EC2 Instances. Which solution will meet these requirements? 

A. Add a procstat monitoring configuration to the CloudWatch agent for the process. Createan Amazon EventBridge event rule that initiates an AWS Systems Manager Automationrunbook to restart the process after the process stops.
B. Add a StatsD monitoring configuration to the CloudWatch agent for the process. Createa CloudWatch alarm that initiates an AWS Systems Manager Automation runbook to restartthe process after the process stops.
C. Add a StatsD monitoring configuration to the CloudWatch agent for the process. Createan Amazon EventBridge event rule that initiates an AWS Systems Manager Automationrunbook to restart the process after the process stops.
D. Add a procstat monitoring configuration to the CloudWatch agent for the process. Createa CloudWatch alarm that initiates an AWS Systems Manager Automation runbook to restartthe process after the process stops.

Show / Hide Answer

---

Question # 119

A SysOps administrator launches an Amazon EC2 instance in a private subnet of a VPC. When the SysOps administrator attempts a curl command from the command line of the EC2 instance, the SysOps administrator cannot connect to https:www.example.com. What should the SysOps administrator do to resolve this issue? 

A. Ensure that there is an outbound security group for port 443 to 0.0.0.0/0.
B. Ensure that there is an inbound security group for port 443 from 0.0.0.0/0.
C. Ensure that there is an outbound network ACL for ephemeral ports 1024-66535 to 0.0.0.0/0.
D. Ensure that there is an outbound network ACL for port 80 to 0.0.0.0/0.

Show / Hide Answer

---

Question # 120

A company needs to deploy instances of an application and associated infrastructure to multiple AWS Regions. The company wants to use a single AWS CloudFormation template to achieve this goal. The company uses AWS Organizations and wants to administer and run this template from a central administration account. What should a SysOps administrator do to meet these requirements? 

A. Create a CloudFormation template that is stored in Amazon S3. Configure Cross-RegionReplication (CRR) on the S3 bucket. Reference the required accounts and remote Regionsin the input template parameters.
B. In the central administration account, create a CloudFormation primary template thatloads CloudFormation nested stacks from Amazon S3 buckets in the target Regions.
C. Create CloudFormation nested stacks by using a primary template in the centraladministration account. Configure the required accounts and Regions for deployment of thenested stacks.
D. Create a CloudFormation stack set that includes service-managed permissions. Deploythe stack set into the required accounts and Regions from the central administrationaccount.

Show / Hide Answer

---

Question # 121

A company needs to archive all audit logs for 10 years. The company must protect the logs from any future edits. Which solution will meet these requirements? 

A. Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. Configure AWSKey Management Service (AWS KMS) encryption.
B. Store the data in an Amazon S3 Glacier vault. Configure a vault lock policy for writeonce,read-many (WORM) access.
C. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configureserver-side encryption.
D. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configuremulti-factor authentication (MFA).

Show / Hide Answer

---

Question # 122

A SysOps administrator has successfully deployed a VPC with an AWS Cloud Formation template The SysOps administrator wants to deploy me same template across multiple accounts that are managed through AWS Organizations. Which solution will meet this requirement with the LEAST operational overhead? 

A. Assume the OrganizationAccountAcccssKolc IAM role from the management account.Deploy the template in each of the accounts
B. Create an AWS Lambda function to assume a role in each account Deploy the templateby using the AWS CloudFormation CreateStack API call
C. Create an AWS Lambda function to query fc a list of accounts Deploy the template byusing the AWS Cloudformation CreateStack API call.
D. Use AWS CloudFormation StackSets from the management account to deploy thetemplate in each of the accounts

Show / Hide Answer

---

Question # 123

A company has a memory-intensive application that runs on a fleet of Amazon EC2 instances behind an Elastic Load Balancer (ELB). The instances run in an Auto Scaling group. A Sysops administrator must ensure that the application can scale based on the number of users that connect to the application. Which solution will meet these requirements? 

A. Create a scaling policy that will scale the application based on theActiveConnectionCount Amazon CloudWatch metric that is generated from the ELB.
B. Create a scaling policy that will scale the application based on the mem used AmazonCloudWatch metric that is generated from the ELB.
C. Create a scheduled scaling policy to increase the number of EC2 instances in the AutoScaling group to support additional connections.
D. Create and deploy a script on the ELB to expose the number of connected users as acustom Amazon CloudWatch metric. Create a scaling policy that uses the metric.

Show / Hide Answer

---

Question # 124

A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations. Which solution will meet this requirement? 

A. Configure Amazon Cognito to detect any compromised 1AM credentials.
B. Set up Amazon Inspector. Scan and monitor resources for unauthorized logins.
C. Set up AWS Config. Add the iam-policy-blacklisted-check managed rule to the account.
D. Configure Amazon GuardDuty to monitor theUnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding.

Show / Hide Answer

---

Question # 125

A company has two VPC networks named VPC A and VPC B. The VPC A CIDR block is 10.0.0.0/16 and the VPC B CIDR block is 172.31.0.0/16. The company wants to establish a VPC peering connection named pcx-12345 between both VPCs. Which rules should appear in the route table of VPC A after configuration? (Select TWO.) 

A. Destination: 10.0.0.0/16, Target: Local
B. Destination: 172.31.0.0/16, Target: Local
C. Destination: 10.0.0.0/16, Target: pcx-12345
D. Destination: 172.31.0.0/16, Target: pcx-12345
E. Destination: 10.0.0.0/16. Target: 172.31.0.0/16

Show / Hide Answer

---

Question # 126

A company needs to implement a managed file system to host Windows file shares for users on premises. Resources in the AWS Cloud also need access to the data on these file shares. A SysOps administrator needs to present the user file shares on premises and make the user file shares available on AWS with minimum latency. What should the SysOps administrator do to meet these requirements? 

A. Set up an Amazon S3 File Gateway.
B. Set up an AWS Direct Connect connection.
C. Use AWS DataSync to automate data transfers between the existing file servers andAWS.
D. Set up an Amazon FSx File Gateway.

Show / Hide Answer

---

Question # 127

A company has created a NAT gateway in a public subnet in a VPC. The VPC also contains a private subnet that includes Amazon EC2 instances. The EC2 instances use the NAT gateway to access the internet to download patches and updates. The company has configured a VPC flow log for the elastic network interface of the NAT gateway. The company is publishing the output to Amazon CloudWatch Logs. A SysOps administrator must identify the top five internet destinations that the EC2 instances in the private subnet communicate with for downloads. What should the SysOps administrator do to meet this requirement in the MOST operationally efficient way? 

A. Use AWS CloudTrail Insights events to identify the top five internet destinations.
B. Use Amazon CloudFront standard logs (access logs) to identify the top five internetdestinations.
C. Use CloudWatch Logs Insights to identify the top five internet destinations.
D. Change the flow log to publish logs to Amazon S3. Use Amazon Athena to query the logfiles in Amazon S3.

Show / Hide Answer

---

Question # 128

A SysOps administrator needs to delete an AWS CloudFormation stack that is no longer in use. The CloudFormation stack is in the DELETE_FAILED state. The SysOps administrator has validated the permissions that are required to delete the Cloud Formation stack. 

A. The configured timeout to delete the stack was too low for the delete operation tocomplete.
B. The stack contains nested stacks that must be manually deleted fast.
C. The stack was deployed with the -disable rollback option.
D. There are additional resources associated with a security group in the stack
E. There are Amazon S3 buckets that still contain objects in the stack.

Show / Hide Answer

---

Question # 129

A SysOps administrator needs to track the costs of data transfer between AWS Regions. The SysOps administrator must implement a solution to send alerts to an email distribution list when transfer costs reach 75% of a specific threshold. What should the SysOps administrator do to meet these requirements? 

A. Create an AWS Cost and Usage Report. Analyze the results in Amazon Athena.Configure an alarm to publish a message to an Amazon Simple Notification Service(Amazon SNS) topic when costs reach 75% of the threshold. Subscribe the emaildistribution list to the topic.
B. Create an Amazon CloudWatch billing alarm to detect when costs reach 75% of thethreshold. Configure the alarm to publish a message to an Amazon Simple NotificationService (Amazon SNS) topic. Subscribe the email distribution list to the topic.
C. Use AWS Budgets to create a cost budget for data transfer costs. Set an alert at 75% ofthe budgeted amount. Configure the budget to send a notification to the email distributionlist when costs reach 75% of the threshold.
D. Set up a VPC flow log. Set up a subscription filter to an AWS Lambda function toanalyze data transfer. Configure the Lambda function to send a notification to the emaildistribution list when costs reach 75% of the threshold.

Show / Hide Answer

---

Question # 130

A company hosts a web application on an Amazon EC2 instance. The web server logs are published to Amazon CloudWatch Logs. The log events have the same structure and include the HTTP response codes that are associated with the user requests. The company needs to monitor the number of times that the web server returns an HTTP 404 response. What is the MOST operationally efficient solution that meets these requirements? 

A. Create a CloudWatch Logs metric filter that counts the number of times that the webserver returns an HTTP 404 response.
B. Create a CloudWatch Logs subscription filter that counts the number of times that theweb server returns an HTTP 404 response.
C. Create an AWS Lambda function that runs a CloudWatch Logs Insights query thatcounts the number of 404 codes in the log events during the past hour.
D. Create a script that runs a CloudWatch Logs Insights query that counts the number of404 codes in the log events during the past hour.

Show / Hide Answer

---

Question # 131

A company has a stateless application that is hosted on a fleet of 10 Amazon EC2 On- Demand Instances in an Auto Scaling group. A minimum of 6 instances are needed to meet service requirements. Which action will maintain uptime for the application MOST cost-effectively? 

A. Use a Spot Fleet with an On-Demand capacity of 6 instances.
B. Update the Auto Scaling group with a minimum of 6 On-Demand Instances and amaximum of 10 On-Demand Instances.
C. Update the Auto Scaling group with a minimum of 1 On-Demand Instance and amaximum of 6 On-Demand Instances.
D. Use a Spot Fleet with a target capacity of 6 instances.

Show / Hide Answer

---

Question # 132

A company runs an application on Amazon EC2 instances. The EC2 instances are in an Auto Scaling group and run behind an Application Load Balancer (ALB). The application experiences errors when total requests exceed 100 requests per second. A SysOps administrator must collect information about total requests for a 2-week period to determine when requests exceeded this threshold. What should the SysOps administrator do to collect this data? 

A. Use the ALB’s RequestCount metric. Configure a time range of 2 weeks and a period of1 minute. Examine the chart to determine peak traffic times and volumes.
B. Use Amazon CloudWatch metric math to generate a sum of request counts for all theEC2 instances over a 2-week period. Sort by a 1-minute interval.
C. Create Amazon CloudWatch custom metrics on the EC2 launch configuration templatesto create aggregated request metrics across all the EC2 instances.
D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule. Configure an EC2event matching pattern that creates a metric that is based on EC2 requests. Display thedata in a graph.

Show / Hide Answer

---

Question # 133

A company’s AWS Lambda function is experiencing performance issues. The Lambda function performs many CPU-intensive operations. The Lambda function is not running fast enough and is creating bottlenecks in the system. What should a SysOps administrator do to resolve this issue? 

A. In the CPU launch options for the Lambda function, activate hyperthreading.
B. Turn off the AWS managed encryption.
C. Increase the amount of memory for the Lambda function.
D. Load the required code into a custom layer.

Show / Hide Answer

---

Question # 134

A company plans to migrate several of its high performance computing (MPC) virtual machines (VMs) to Amazon EC2 instances on AWS. A SysOps administrator must identify a placement group for this deployment. The strategy must minimize network latency and must maximize network throughput between the HPC VMs. Which strategy should the SysOps administrator choose to meet these requirements? 

A. Deploy the instances in a cluster placement group in one Availability Zone.
B. Deploy the instances in a partition placement group in two Availability Zones
C. Deploy the instances in a partition placement group in one Availability Zone
D. Deploy the instances in a spread placement group in two Availably Zones

Show / Hide Answer

---

Question # 135

A company is using Amazon CloudFront to serve static content for its web application to its users. The CloudFront distribution uses an existing on-premises website as a custom origin. The company requires the use of TLS between CloudFront and the origin server. This configuration has worked as expected for several months. However, users are now experiencing HTTP 502 (Bad Gateway) errors when they view webpages that include content from the CloudFront distribution. What should a SysOps administrator do to resolve this problem? 

A. Examine the expiration date on the certificate on the origin site. Validate that thecertificate has not expired. Replace the certificate if necessary.
B. Examine the hostname on the certificate on the origin site. Validate that the hostnamematches one of the hostnames on the CloudFront distribution. Replace the certificate ifnecessary.
C. Examine the firewall rules that are associated with the origin server. Validate that port443 is open for inbound traffic from the internet. Create an inbound rule if necessary.
D. Examine the network ACL rules that are associated with the CloudFront distribution.Validate that port 443 is open for outbound traffic to the origin server. Create an outboundrule if necessary.

Show / Hide Answer

---

Question # 136

A Sysops administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-I Region. The administrator finds that this template has failed to create an EC2 instance in the us-west-2 Region. What is one cause for this failure? 

A. Resource tags defined in the CloudFormation template are specific to the us-east-IRegion.
B. The Amazon Machine Image (AMI) ID referenced in the CloudFormation template couldnot be found in the us-west-2 Region.
C. The cfn-init script did not run during resource provisioning in the us-west-2 Region.
D. The IAM user was not created in the specified Region.

Show / Hide Answer

---

Question # 137

A company has a public website that recently experienced problems. Some links led to missing webpages, and other links rendered incorrect webpages. The application infrastructure was running properly, and all the provisioned resources were healthy. Application logs and dashboards did not show any errors, and no monitoring alarms were raised. Systems administrators were not aware of any problems until end users reported the issues. The company needs to proactively monitor the website for such issues in the future and must implement a solution as soon as possible. Which solution will meet these requirements with the LEAST operational overhead? 

A. Rewrite the application to surface a custom error to the application log when issues occur. Automatically parse logs for errors. Create an Amazon CloudWatch alarm to providealerts when issues are detected.
B. Create an AWS Lambda function to test the website. Configure the Lambda function toemit an Amazon CloudWatch custom metric when errors are detected. Configure aCloudWatch alarm to provide alerts when issues are detected.
C. Create an Amazon CloudWatch Synthetics canary. Use the CloudWatch SyntheticsRecorder plugin to generate the script for the canary run. Configure the canary in line withrequirements. Create an alarm to provide alerts when issues are detected.

Show / Hide Answer

---

Question # 138

A company's VPC has connectivity to an on-premises data center through an AWS Site-to- Site VPN. The company needs Amazon EC2 instances in the VPC to send DNS queries for example com to the DNS servers in the data center. Which solution will meet these requirements? 

A. Create an Amazon Route 53 Resolver inbound endpoint Create a conditional forwardingrule on the on-primes DNS servers to forward DNS requests for example.com to theinbound endpoints.
B. Create an Amazon Route 53 Resolver inbound endpoint Create a forwarding rule on theresolver that sends all queries for example.com to the on-premises DNS servers. Associatethis rule with the VPC.
C. Create an Amazon Route 53 Resolver outbound endpoint Create a conditionalforwarding rule on the on-premises DNS servers to forward DNS requests for example.comto the outbound endpoints
D. Create an Amazon Route 53 Resolver outbound endpoint. Create a forwarding rule onthe resolver that sends all queries for exarrc4e.com to the on-premises DNS serversAssociate this rule with the VPC.

Show / Hide Answer

---

Question # 139

A company plans to launch a static website on its domain example com and subdomain www example.com using Amazon S3. How should the SysOps administrator meet this requirement? 

A. Create one S3 bucket named example.com for both the domain and subdomain.
B. Create one S3 bucket with a wildcard named '.example.com tor both the domain andsubdomain.
C. Create two S3 buckets named example.com and www.exdmpte.com. Configure thesubdomain bucket to redirect requests to the domain bucket.
D. Create two S3 buckets named http//example.com and http//" exampte.com. Configurethe wildcard (') bucket to redirect requests to the domain bucket.

Show / Hide Answer

---

Question # 140

A Sysops administrator creates an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that uses AWS Fargate. The cluster is deployed successfully. The Sysops administrator needs to manage the cluster by using the kubect1 command line tool. Which of the following must be configured on the Sysops administrator's machine so that kubect1 can communicate with the cluster API server? 

A. The kubeconfig file
B. The kube-proxy Amazon EKS add-on
C. The Fargate profile
D. The eks-connector.yaml file

Show / Hide Answer

---

Question # 141

A company is attempting to manage its costs in the AWS Cloud. A SysOps administrator needs specific company-defined tags that are assigned to resources to appear on the billing report. What should the SysOps administrator do to meet this requirement? 

A. Activate the tags as AWS generated cost allocation tags.
B. Activate the tags as user-defined cost allocation tags.
C. Create a new cost category. Select the account billing dimension.
D. Create a new AWS Cost and Usage Report. Include the resource IDs.

Show / Hide Answer

---

Question # 142

A company has an application that runs only on Amazon EC2 Spot Instances. The instances run in an Amazon EC2 Auto Scaling group with scheduled scaling actions. However, the capacity does not always increase at the scheduled times, and instances terminate many times a day. A Sysops administrator must ensure that the instances launch on time and have fewer interruptions. Which action will meet these requirements? 

A. Specify the capacity-optimized allocation strategy for Spot Instances. Add more instancetypes to the Auto Scaling group.
B. Specify the capacity-optimized allocation strategy for Spot Instances. Increase the sizeof the instances in the Auto Scaling group.
C. Specify the lowest-price allocation strategy for Spot Instances. Add more instance typesto the Auto Scaling group.
D. Specify the lowest-price allocation strategy for Spot Instances. Increase the size of theinstances in the Auto Scaling group.

Show / Hide Answer

---

Question # 143

A company is storing backups in an Amazon S3 bucket. The backups must not be deleted for at least 3 months after the backups are created. What should a SysOps administrator do to meet this requirement? 

A. Configure an IAM policy that denies the s3:DeleteObject action for all users. Threemonths after an object is written, remove the policy.
B. Enable S3 Object Lock on a new S3 bucket in compliance mode. Place all backups inthe new S3 bucket with a retention period of 3 months.
C. Enable S3 Versioning on the existing S3 bucket. Configure S3 Lifecycle rules to protectthe backups.
D. Enable S3 Object Lock on a new S3 bucket in governance mode. Place all backups in the new S3 bucket with a retention period of 3 months.

Show / Hide Answer

---

Question # 144

A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service. The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east- 1 Region. The web portal must be highly available across multiple Regions. Which configuration will meet these requirements? 

A. Deploy a copy of the stack in the us-west-2 Region. Create a single start of authority(SOA) record in Route 53 that includes the IP address from each ELB. Configure the SOArecord with health checks. Use the ELB in us-east-1 as the primary record and the ELB inus-west-2 as the secondary record.
B. Deploy a copy of the stack in the us-west-2 Region. Create an additional A record inRoute 53 that includes the ELB in us-west-2 as an alias target. Configure the A recordswith a failover routing policy and health checks. Use the ELB in us-east-1 as the primaryrecord and the ELB in us-west-2 as the secondary record.
C. Deploy a new group of EC2 instances in the us-west-2 Region. Associate the new EC2instances with the existing ELB, and configure load balancer health checks on all EC2instances. Configure the ELB to update Route 53 when EC2 instances in us-west-2 failhealth checks.
D. Deploy a new group of EC2 instances in the us-west-2 Region. Configure EC2 healthchecks on all EC2 instances in each Region. Configure a peering connection between theVPCs. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as thesecondary record.

Show / Hide Answer

---

Question # 145

A company wants to create an automated solution for all accounts managed by AWS Organizations to detect any worry groups that urn 0.0.0.0/0 as the source address for inbound traffic. The company also wants to automatically remediate any noncompliant security groups by restricting access to a specific CIDR block corresponds with the company's intranet. 

A. Create an AWS Config rule to detect noncompliant security groups. Set up automaticremediation to change the 0.0.0.0/0 source address to the approved CIDK block.
B. Create an IAM policy to deny the creation of security groups that have 0.0.0.0/0 as thesource address Attach this 1AM policy to every user in the company.
C. Create an AWS Lambda function to inspect now and existing security groups check for anoncompliant 0.0.0.0A) source address and change the source address to the approvedCIDR block.
D. Create a service control policy (SCP) for the organizational unit (OU) to deny thecreation of security groups that have the 0.0.0.0/0 source address. Set up automaticremediation to change Vie 0.0.0.0/0 source address to the approved CIDR block.

Show / Hide Answer

---

Question # 146

A company’s SysOps administrator regularly checks the AWS Personal Health Dashboard in each of the company’s accounts. The accounts are part of an organization in AWS Organizations. The company recently added 10 more accounts to the organization. The SysOps administrator must consolidate the alerts from each account’s Personal Health Dashboard. Which solution will meet this requirement with the LEAST amount of effort? 

A. Enable organizational view in AWS Health.
B. Configure the Personal Health Dashboard in each account to forward events to a centralAWS CloudTrail log.
C. Create an AWS Lambda function to query the AWS Health API and to write all events toan Amazon DynamoDB table.
D. Use the AWS Health API to write events to an Amazon DynamoDB table.

Show / Hide Answer

---

Amazon SOA-C02 Frequently Asked Questions