A company needs to archive all audit logs for 10 years. The company must protect the logs from any future edits. Which solution will meet these requirements?
A. Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. Configure AWSKey Management Service (AWS KMS) encryption.
B. Store the data in an Amazon S3 Glacier vault. Configure a vault lock policy for writeonce,read-many (WORM) access.
C. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configureserver-side encryption.
D. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configuremulti-factor authentication (MFA).
A SysOps administrator has successfully deployed a VPC with an AWS Cloud Formation template The SysOps administrator wants to deploy me same template across multiple accounts that are managed through AWS Organizations. Which solution will meet this requirement with the LEAST operational overhead?
A. Assume the OrganizationAccountAcccssKolc IAM role from the management account.Deploy the template in each of the accounts
B. Create an AWS Lambda function to assume a role in each account Deploy the templateby using the AWS CloudFormation CreateStack API call
C. Create an AWS Lambda function to query fc a list of accounts Deploy the template byusing the AWS Cloudformation CreateStack API call.
D. Use AWS CloudFormation StackSets from the management account to deploy thetemplate in each of the accounts
A company has a memory-intensive application that runs on a fleet of Amazon EC2 instances behind an Elastic Load Balancer (ELB). The instances run in an Auto Scaling group. A Sysops administrator must ensure that the application can scale based on the number of users that connect to the application. Which solution will meet these requirements?
A. Create a scaling policy that will scale the application based on theActiveConnectionCount Amazon CloudWatch metric that is generated from the ELB.
B. Create a scaling policy that will scale the application based on the mem used AmazonCloudWatch metric that is generated from the ELB.
C. Create a scheduled scaling policy to increase the number of EC2 instances in the AutoScaling group to support additional connections.
D. Create and deploy a script on the ELB to expose the number of connected users as acustom Amazon CloudWatch metric. Create a scaling policy that uses the metric.
A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations. Which solution will meet this requirement?
A. Configure Amazon Cognito to detect any compromised 1AM credentials.
B. Set up Amazon Inspector. Scan and monitor resources for unauthorized logins.
C. Set up AWS Config. Add the iam-policy-blacklisted-check managed rule to the account.
D. Configure Amazon GuardDuty to monitor theUnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding.
A company has two VPC networks named VPC A and VPC B. The VPC A CIDR block is 10.0.0.0/16 and the VPC B CIDR block is 172.31.0.0/16. The company wants to establish a VPC peering connection named pcx-12345 between both VPCs. Which rules should appear in the route table of VPC A after configuration? (Select TWO.)
A. Destination: 10.0.0.0/16, Target: Local
B. Destination: 172.31.0.0/16, Target: Local
C. Destination: 10.0.0.0/16, Target: pcx-12345
D. Destination: 172.31.0.0/16, Target: pcx-12345
E. Destination: 10.0.0.0/16. Target: 172.31.0.0/16
A company needs to implement a managed file system to host Windows file shares for users on premises. Resources in the AWS Cloud also need access to the data on these file shares. A SysOps administrator needs to present the user file shares on premises and make the user file shares available on AWS with minimum latency. What should the SysOps administrator do to meet these requirements?
A. Set up an Amazon S3 File Gateway.
B. Set up an AWS Direct Connect connection.
C. Use AWS DataSync to automate data transfers between the existing file servers andAWS.
D. Set up an Amazon FSx File Gateway.
A company has created a NAT gateway in a public subnet in a VPC. The VPC also contains a private subnet that includes Amazon EC2 instances. The EC2 instances use the NAT gateway to access the internet to download patches and updates. The company has configured a VPC flow log for the elastic network interface of the NAT gateway. The company is publishing the output to Amazon CloudWatch Logs. A SysOps administrator must identify the top five internet destinations that the EC2 instances in the private subnet communicate with for downloads. What should the SysOps administrator do to meet this requirement in the MOST operationally efficient way?
A. Use AWS CloudTrail Insights events to identify the top five internet destinations.
B. Use Amazon CloudFront standard logs (access logs) to identify the top five internetdestinations.
C. Use CloudWatch Logs Insights to identify the top five internet destinations.
D. Change the flow log to publish logs to Amazon S3. Use Amazon Athena to query the logfiles in Amazon S3.
A SysOps administrator needs to delete an AWS CloudFormation stack that is no longer in use. The CloudFormation stack is in the DELETE_FAILED state. The SysOps administrator has validated the permissions that are required to delete the Cloud Formation stack.
A. The configured timeout to delete the stack was too low for the delete operation tocomplete.
B. The stack contains nested stacks that must be manually deleted fast.
C. The stack was deployed with the -disable rollback option.
D. There are additional resources associated with a security group in the stack
E. There are Amazon S3 buckets that still contain objects in the stack.
A SysOps administrator needs to track the costs of data transfer between AWS Regions. The SysOps administrator must implement a solution to send alerts to an email distribution list when transfer costs reach 75% of a specific threshold. What should the SysOps administrator do to meet these requirements?
A. Create an AWS Cost and Usage Report. Analyze the results in Amazon Athena.Configure an alarm to publish a message to an Amazon Simple Notification Service(Amazon SNS) topic when costs reach 75% of the threshold. Subscribe the emaildistribution list to the topic.
B. Create an Amazon CloudWatch billing alarm to detect when costs reach 75% of thethreshold. Configure the alarm to publish a message to an Amazon Simple NotificationService (Amazon SNS) topic. Subscribe the email distribution list to the topic.
C. Use AWS Budgets to create a cost budget for data transfer costs. Set an alert at 75% ofthe budgeted amount. Configure the budget to send a notification to the email distributionlist when costs reach 75% of the threshold.
D. Set up a VPC flow log. Set up a subscription filter to an AWS Lambda function toanalyze data transfer. Configure the Lambda function to send a notification to the emaildistribution list when costs reach 75% of the threshold.
A company hosts a web application on an Amazon EC2 instance. The web server logs are published to Amazon CloudWatch Logs. The log events have the same structure and include the HTTP response codes that are associated with the user requests. The company needs to monitor the number of times that the web server returns an HTTP 404 response. What is the MOST operationally efficient solution that meets these requirements?
A. Create a CloudWatch Logs metric filter that counts the number of times that the webserver returns an HTTP 404 response.
B. Create a CloudWatch Logs subscription filter that counts the number of times that theweb server returns an HTTP 404 response.
C. Create an AWS Lambda function that runs a CloudWatch Logs Insights query thatcounts the number of 404 codes in the log events during the past hour.
D. Create a script that runs a CloudWatch Logs Insights query that counts the number of404 codes in the log events during the past hour.