A company receives an alert from an Amazon CloudWatch alarm The alarm indicates that a web application that Is running on Amazon EC2 instances is not responding to requestsThe EC2 instances have a Red Hat Enterprise Linux operating system and are in an Auto Scaling group. The Auto Scaling group has a minimum capacity of 2 and a maximum capacity of 5. An Investigation reveals that the web application is experiencing oul-of-memory errors. The company adds memory lo the web application and wants to track operating system memory utilization. A CloudWatch memory metric does not currently exist tor the EC2 Instances in the Auto Scaling group What should a SysOps administrator do to provide a CloudWatch memory metric for the EC2 instances?
A. Use an Amazon Machine Image (AMI) that includes the CloudWatch agent.
B. Turn on CloudWatch detailed monitoring
C. Turn on Instance Metadata Service Version 2 (IMOSv2).
D. Use an Amazon Machine Image (AMI) that is based on Amazon Linux.
A company runs an application on hundreds of Amazon EC2 instances in three Availability Zones The application calls a third-parly API over the public internet A SysOps administrator must provide the third party with a list of static IP addresses so that the third party can allow traffic from the application Which solution will meet these requirements?
A. Add a NAT gateway in the public subnet of each Availability Zone. Make the NATgateway the default route of all private subnets In those Availability Zones.
B. Allocate one Elastic IP address in each Availability Zone. Associate the Elastic IPaddress with all the instances in the Availability Zone
C. Place the instances behind a Network Load Balancer (NLB). Send the traffic to theinterne! through the private IP address of the NLB
D. Update the main route table to send the traffic to the internet through an Elastic IPaddress that is assigned to each instance.
A company has a cluster of Linux Amazon EC2 Spot Instances that read many files from and write many files to attached Amazon Elastic Block Store (Amazon EBS) volumes. The EC2 instances are frequently started and stopped. As part of the process when an EC2 instance starts, an EBS volume is restored from a snapshot. EBS volumes that are restored from snapshots are experiencing initial performance that is lower than expected. The company's workload needs almost all the provisioned IOPS on the attached EBS volumes. The EC2 instances are unable to support the workload when the performance of the EBS volumes is too low. A SysOps administrator must implement a solution to ensure that the EBS volumes provide the expected performance when they are restored from snapshots. Which solution will meet these requirements?
A. Configure fast snapshot restore (FSR) on the snapshots that are used.
B. Restore each snapshot onto an unencrypted EBS volume. Encrypt the EBS volume when the performance stabilizes.
C. Format the EBS volumes as XFS file systems before restoring the snapshots.
D. Increase the Linux read-ahead buffer to 1 MiB.
A SysOps administrator manages policies for many AWS member accounts in an AWS Organizations structure. Administrators on other teams have access to the account root user credentials of the member accounts. The SysOps administrator must prevent all teams, including their administrators, from using Amazon DynamoDB. The solution must not affect the ability of the teams to access other AWS services. Which solution will meet these requirements?
A. In all member accounts, configure 1AM policies that deny access to all DynamoDBresources for all users, including the root user.
B. Create a service control policy (SCP) in the management account to deny allDynamoDB actions. Apply the SCP to the root of the organization
C. In all member accounts, configure 1AM policies that deny AmazonDynamoDBFullAccess to all users, including the root user.
D. Remove the default service control policy (SCP) in the management account. Create areplacement SCP that includes a single statement that denies all DynamoDB actions.
A Sysops administrator launches an Amazon EC2 instance from a Windows Amazon Machine Image (AMI). The EC2 instance includes additional Amazon Elastic Block Store (Amazon EBS) volumes. When the instance is launched, none of the additional Amazon Elastic Block Store (Amazon EBS) volumes are initialized and ready for use through a drive letter. The SysOps administrator needs to automate the EBS volume initialization. Which solution will meet these requirements in the MOST operationally efficient way?
A. Create an Amazon EventBridge rule. Configure an AWS Systems Manager Automationrunbook as a target of the EventBridge rule to initialize the disks after an EC2 instancelaunch event.
B. Create an AmazolkventBridge rule. Configure an AWS Lambda function as a target ofthe EventBridge rule to initialize the drives after the AMI is launched.
C. Create an AWS Config rule to automatically initialize the EBS volumes on Windows EC2instances.
D. Add the secondary volume configuration to the DriveLetterMappingConfig.json file.Configure the InitializeDisks.ps1 Windows PowerShell script to run at launch. Create a newAMI from the running EC2 instance.
A company stores its data in an Amazon S3 bucket. The company is required to classify the data and find any sensitive personal information in its S3 files. Which solution will meet these requirements?
A. Create an AWS Config rule to discover sensitive personal information in the S3 files andmark them as noncompliant.
B. Create an S3 event-driven artificial intelligence/machine learning (AI/ML) pipeline toclassify sensitive personal information by using Amazon Recognition.
C. Enable Amazon GuardDuty. Configure S3 protection to monitor all data inside Amazon S3.
D. Enable Amazon Macie. Create a discovery job that uses the managed data identifier.
A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company uses Amazon Route 53 to route traffic. The company also has a static website that is configured in an Amazon S3 bucket. A SysOps administrator must use the static website as a backup to the web application. The failover to the static website must be fully automated. Which combination of actions will meet these requirements? (Choose two.)
A. Create a primary failover routing policy record. Configure the value to be the ALB.
B. Create an AWS Lambda function to switch from the primary website to the secondarywebsite when the health check fails.
C. Create a primary failover routing policy record. Configure the value to be the ALB.Associate the record with a Route 53 health check.
D. Create a secondary failover routing policy record. Configure the value to be the staticwebsite. Associate the record with a Route 53 health check.
E. Create a secondary failover routing policy record. Configure the value to be the staticwebsite.
A company is using AWS Certificate Manager (ACM) to manage public SSL/TLS certificates. A SysOps administrator needs to send an email notification when a certificate has less than 14 days until expiration. Which solution will meet this requirement with the LEAST operational overhead?
A. Create an Amazon CloudWatch custom metric to monitor certificate expiration for allACM certificates. Create an Amazon EventBridge rule that has an event source of a ws.cloud watch Configure the rule to send an event to a target Amazon Simple NotificationService (Amazon SNS) topic if the DaysToExpiry metric is less than 14. Subscribe theappropriate email addresses to the SNS topic.
B. Create an Amazon EventBridge rule that has an event source of aws.acm. Configure therule to evaluate the DaysToExpiry melric for all ACM certificates.Configure the rule to send an event to a target Amazon Simple Notification Service(Amazon SNS) topic if DaysToExpiry is less than 14. Subscribe the appropriate emailaddresses to the SNS topic.
C. Create an Amazon CloudWatch dashboard that displays the DaysToExpiry metric for allACM certificates. If DaysToExpiry is less than 14, send an emailmessage to the appropriate email addresses. Send the email message by running apredefined CLI command to publish to an Amazon Simple Notification Service (AmazonSNS) topic.
D. Create an Amazon EventBridge rule that has an event source of aws.acm. Configure therule to evaluate the DaysToExpiry metric for all ACM certificates. Configure a target SMSidentity that uses a predefined email template. Configure the rule to send an event to thetarget SMS identity if DaysToExpiry is less than 14.
A company wants to monitor the security groups of its Amazon EC2 instances to ensure that SSH is not open to the public. If the port is opened, the company needs to close the port as soon as possible. Which combination of actions should a SysOps administrator take to meet these requirements? (Select TWO.)
A. Add an Amazon CloudWatch alarm to detect the security groups that allow SSH.
B. Add an AWS Config rule to detect the security groups that allow SSH.
C. Add an assessment template to Amazon Inspector to detect the security groups that allow SSH
D. Call an AWS Systems Manager Automation runbook to close the port.
E. Call AWS Systems Manager Run Command to close the port.
A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A SysOps administrator needs to keep the instances and all of the instances’ data, even if someone deletes the stack. Which solution will meet these requirements?
A. Set the DeletionPolicy attribute to Snapshot for the EC2 instance resource in theCloudFormation template.
B. Automate backups by using Amazon Data Lifecycle Manager (Amazon DLM).
C. Create a backup plan in AWS Backup.
D. Set the DeletionPolicy attribute to Retain for the EC2 instance resource in theCloudFormation template.