A company is attempting to manage its costs in the AWS Cloud. A SysOps administrator needs specific company-defined tags that are assigned to resources to appear on the billing report. What should the SysOps administrator do to meet this requirement?
A. Activate the tags as AWS generated cost allocation tags.
B. Activate the tags as user-defined cost allocation tags.
C. Create a new cost category. Select the account billing dimension.
D. Create a new AWS Cost and Usage Report. Include the resource IDs.
A company has an application that runs only on Amazon EC2 Spot Instances. The instances run in an Amazon EC2 Auto Scaling group with scheduled scaling actions. However, the capacity does not always increase at the scheduled times, and instances terminate many times a day. A Sysops administrator must ensure that the instances launch on time and have fewer interruptions. Which action will meet these requirements?
A. Specify the capacity-optimized allocation strategy for Spot Instances. Add more instancetypes to the Auto Scaling group.
B. Specify the capacity-optimized allocation strategy for Spot Instances. Increase the sizeof the instances in the Auto Scaling group.
C. Specify the lowest-price allocation strategy for Spot Instances. Add more instance typesto the Auto Scaling group.
D. Specify the lowest-price allocation strategy for Spot Instances. Increase the size of theinstances in the Auto Scaling group.
A company is storing backups in an Amazon S3 bucket. The backups must not be deleted for at least 3 months after the backups are created. What should a SysOps administrator do to meet this requirement?
A. Configure an IAM policy that denies the s3:DeleteObject action for all users. Threemonths after an object is written, remove the policy.
B. Enable S3 Object Lock on a new S3 bucket in compliance mode. Place all backups inthe new S3 bucket with a retention period of 3 months.
C. Enable S3 Versioning on the existing S3 bucket. Configure S3 Lifecycle rules to protectthe backups.
D. Enable S3 Object Lock on a new S3 bucket in governance mode. Place all backups in the new S3 bucket with a retention period of 3 months.
A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service. The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east- 1 Region. The web portal must be highly available across multiple Regions. Which configuration will meet these requirements?
A. Deploy a copy of the stack in the us-west-2 Region. Create a single start of authority(SOA) record in Route 53 that includes the IP address from each ELB. Configure the SOArecord with health checks. Use the ELB in us-east-1 as the primary record and the ELB inus-west-2 as the secondary record.
B. Deploy a copy of the stack in the us-west-2 Region. Create an additional A record inRoute 53 that includes the ELB in us-west-2 as an alias target. Configure the A recordswith a failover routing policy and health checks. Use the ELB in us-east-1 as the primaryrecord and the ELB in us-west-2 as the secondary record.
C. Deploy a new group of EC2 instances in the us-west-2 Region. Associate the new EC2instances with the existing ELB, and configure load balancer health checks on all EC2instances. Configure the ELB to update Route 53 when EC2 instances in us-west-2 failhealth checks.
D. Deploy a new group of EC2 instances in the us-west-2 Region. Configure EC2 healthchecks on all EC2 instances in each Region. Configure a peering connection between theVPCs. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as thesecondary record.
A company wants to create an automated solution for all accounts managed by AWS Organizations to detect any worry groups that urn 0.0.0.0/0 as the source address for inbound traffic. The company also wants to automatically remediate any noncompliant security groups by restricting access to a specific CIDR block corresponds with the company's intranet.
A. Create an AWS Config rule to detect noncompliant security groups. Set up automaticremediation to change the 0.0.0.0/0 source address to the approved CIDK block.
B. Create an IAM policy to deny the creation of security groups that have 0.0.0.0/0 as thesource address Attach this 1AM policy to every user in the company.
C. Create an AWS Lambda function to inspect now and existing security groups check for anoncompliant 0.0.0.0A) source address and change the source address to the approvedCIDR block.
D. Create a service control policy (SCP) for the organizational unit (OU) to deny thecreation of security groups that have the 0.0.0.0/0 source address. Set up automaticremediation to change Vie 0.0.0.0/0 source address to the approved CIDR block.
A company’s SysOps administrator regularly checks the AWS Personal Health Dashboard in each of the company’s accounts. The accounts are part of an organization in AWS Organizations. The company recently added 10 more accounts to the organization. The SysOps administrator must consolidate the alerts from each account’s Personal Health Dashboard. Which solution will meet this requirement with the LEAST amount of effort?
A. Enable organizational view in AWS Health.
B. Configure the Personal Health Dashboard in each account to forward events to a centralAWS CloudTrail log.
C. Create an AWS Lambda function to query the AWS Health API and to write all events toan Amazon DynamoDB table.
D. Use the AWS Health API to write events to an Amazon DynamoDB table.
A company runs hundreds of Amazon EC2 instances in a single AWS Region. Each EC2 instance has two attached 1 GiB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volumes. A critical workload is using all the available IOPS capacity on the EBS volumes. According to company policy, the company cannot change instance types or EBS volume types without completing lengthy acceptance tests to validate that the company’s applications will function properly. A SysOps administrator needs to increase the I/O performance of the EBS volumes as quickly as possible. Which action should the SysOps administrator take to meet these requirements?
A. Increase the size of the 1 GiB EBS volumes.
B. Add two additional elastic network interfaces on each EC2 instance.
C. Turn on Transfer Acceleration on the EBS volumes in the Region.
D. Add all the EC2 instances to a cluster placement group.
A company recently purchased Savings Plans. The company wants to receive email notification when the company’s utilization drops below 90% for a given day. Which solution will meet this requirement?
A. Create an Amazon CloudWatch alarm to monitor the Savings Plan check in AWSTrusted Advisor. Configure an Amazon Simple Queue Service (Amazon SQS) queue foremail notification when the utilization drops below 90% for a given day.
B. Create an Amazon CloudWatch alarm to monitor the SavingsPlansUtilization metricunder the AWS/SavingsPlans namespace in CloudWatch. Configure an Amazon SimpleQueue Service (Amazon SQS) queue for email notification when the utilization drops below90% for a given day.
C. Create a Savings Plans alert to monitor the daily utilization of the Savings Plans.Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notificationwhen the utilization drops below 90% for a given day.
D. Use AWS Budgets to create a Savings Plans budget to track the daily utilization of theSavings Plans. Configure an Amazon Simple Notification Service (Amazon SNS) topic foremail notification when the utilization drops below 90% for a given day.
A company’s application currently uses an IAM role that allows all access to all AWS services. A SysOps administrator must ensure that the company’s IAM policies allow only the permissions that the application requires. How can the SysOps administrator create a policy to meet this requirement?
A. Turn on AWS CloudTrail. Generate a policy by using AWS Security Hub.
B. Turn on Amazon EventBridge (Amazon CloudWatch Events). Generate a policy byusing AWS Identity and Access Management Access Analyzer.
C. Use the AWS CLI to run the get-generated-policy command in AWS Identity and AccessManagement Access Analyzer.
D. Turn on AWS CloudTrail. Generate a policy by using AWS Identity and AccessManagement Access Analyzer.
A company is managing many accounts by using a single organization in AWS Organizations. The organization has all features enabled. The company wants to turn on AWS Config in all the accounts of the organization and in all AWS Regions. What should a Sysops administrator do to meet these requirements in the MOST operationally efficient way?
A. Use AVVS CloudFormation StackSets to deploy stack instances that turn on AWSConfig in all accounts and in all Regions.
B. Use AWS CloudFormation StackSets to deploy stack policies that turn on AWS Configin all accounts and in all Regions.
C. Use service control policies (SCPs) to configure AWS Config in all accounts and in allRegions.
D. Create a script that uses the AWS CLI to turn on AWS Config in all accounts in theorganization. Run the script from the organization's management account.