A company updates its security policy to prohibit the public exposure of any data in Amazon S3 buckets in the company's account. What should a SysOps administrator do to meet this requirement?
A. Turn on S3 Block Public Access from the account level.
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to enforce that all S3 objects are private.
C. Use Amazon Inspector to search for S3 buckets and to automatically reset S3 ACLs if any public S3 buckets are found.
D. Use S3 Object Lambda to examine S3 ACLs and to change any public S3 ACLs to private.
A SysOps administrator configuring AWS Client VPN to connect use's on a corporate network to AWS resources mat are running in a VPC According to compliance requirements, only traffic that is destined for the VPC can travel across the VPN tunnel. How should the SysOps administrator configure Client VPN to meet these requirements?
A. Associate the Client VPN endpoint with a private subnet that has an internet route through a NAT gateway.
B. On the Client VPN endpoint, turns on the split-tunnel option.
C. On the Client VPN endpoint, specify DNS server IP addresses
D. Select a private certificate to use as the identity certificate tor the VPN client.
A SysOps administrator is configuring an application on Amazon EC2 instances for a company Teams in other countries will use the application over the internet. The company requires the application endpoint to have a static pubic IP address. How should the SysOps administrator deploy the application to meet this requirement?
A. Behind an Amazon API Gateway API
B. Behind an Application Load Balancer
C. Behind an internet-facing Network Load Balancer
D. In an Amazon CloudFront distribution
A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service. The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east1 Region. The web portal must be highly available across multiple Regions. Which configuration will meet these requirements?
A. Deploy a copy of the stack in the us-west-2 Region. Create a single start of authority (SOA) record in Route 53 that includes the IP address from each ELB. Configure the SOA record with health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
B. Deploy a copy of the stack in the us-west-2 Region. Create an additional A record in Route 53 that includes the ELB in us-west-2 as an alias target. Configure the A records with a failover routing policy and health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
C. Deploy a new group of EC2 instances in the us-west-2 Region. Associate the new EC2 instances with the existing ELB, and configure load balancer health checks on all EC2 instances. Configure the ELB to update Route 53 when EC2 instances in us-west-2 fail health checks.
D. Deploy a new group of EC2 instances in the us-west-2 Region. Configure EC2 health checks on all EC2 instances in each Region. Configure a peering connection between the VPCs. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as the secondary record.
A company's SysOps administrator must ensure that all Amazon EC2 Windows instances that are launched in an AWS account have a third-party agent installed. The third-party agent has an msi package. The company uses AWS Systems Manager for patching, and the Windows instances are tagged appropriately. The third-party agent required periodic updates as new versions are released. The SysOps administrator must deploy these updates automatically Which combination of steps will meet these requirements with the LEAST operational effort? (Seed TWO.) Create a Systems Manager Distributor package for the third-party agent.
A. Make sure that Systems Manager Inventory Is configured. If Systems Manager
Inventory is not configured, set up a new inventory tor instances that is based on the
appropriate tag value for Windows.
B. Create a Systems Manager State Manager association to run the AWSRunRemoteScript document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day
C. Create a Systems Manager State Manager- association to run the AWSConfigureAWSPackage document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day
D. Create a Systems Manager Opsitem with the tag value for Windows Attach the Systems Manager Distributor package to the Opsitem. Create a maintenance window that is specific to the package deployment Configure the maintenance window to cover 24 hours a day.
A company's SysOps administrator deploys a public Network Load Balancer (NLB) in front of the company's web application. The web application does not use any Elastic IP addresses. Users must access the web application by using the company's domain name. The SysOps administrator needs to configure Amazon Route 53 to route traffic to the NLB. Which solution will meet these requirements MOST cost-effectively?
A. Create a Route 53 AAAA record for the NLB.
B. Create a Route 53 alias record for the NLB.
C. Create a Route 53 CAA record for the NLB.
D. Create a Route 53 CNAME record for the NLB.
A company runs several workloads on AWS. The company identifies five AWS Trusted Advisor service quota metrics to monitor in a specific AWS Region. The company wants to receive email notification each time resource usage exceeds 60% of one of the service quotas. Which solution will meet these requirements?
A. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metric. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas.
B. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metric. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas.
C. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas.
D. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas.
A company recently its server infrastructure to Amazon EC2 instances. The company wants to use Amazon CloudWatch metrics to track instance memory utilization and available disk space. What should a SysOps administrator do to meet these requirements?
A. Configure CloudWatch from the AWS Management Console tor all the instances that require monitoring by CloudWatch. AWS automatically installs and configures the agents far the specified instances.
B. Install and configure the CloudWatch agent on all the instances Attach an IAM role to allow the instances to write logs to CloudWatch.
C. Install and configure the CloudWatch agent on all the instances Attach an IAM user to allow the instances to write logs to CloudWatch.
D. Install and configure the CloudWatch agent on all the instances. Attach the necessary security groups to allow the instances to write logs to CloudWatch
A company's VPC has connectivity to an on-premises data center through an AWS Site-toSite VPN. The company needs Amazon EC2 instances in the VPC to send DNS queries for example com to the DNS servers in the data center. Which solution will meet these requirements?
A. Create an Amazon Route 53 Resolver inbound endpoint Create a conditional forwarding
rule on the on-primes DNS servers to forward DNS requests for example.com to the
inbound endpoints.
B. Create an Amazon Route 53 Resolver inbound endpoint Create a forwarding rule on the resolver that sends all queries for example.com to the on-premises DNS servers. Associate this rule with the VPC.
C. Create an Amazon Route 53 Resolver outbound endpoint Create a conditional forwarding rule on the on-premises DNS servers to forward DNS requests for example.com to the outbound endpoints
D. Create an Amazon Route 53 Resolver outbound endpoint. Create a forwarding rule on the resolver that sends all queries for exarrc4e.com to the on-premises DNS servers Associate this rule with the VPC.
A company creates a new member account by using AWS Organizations. A SysOps administrator needs to add AWS Business Support to the new account Which combination of steps must the SysOps administrator take to meet this requirement? (Select TWO.)
A. Sign in to the new account by using 1AM credentials. Change the support plan.
B. Sign in to the new account by using root user credentials. Change the support plan.
C. Use the AWS Support API to change the support plan.
D. Reset the password of the account root user.
E. Create an 1AM user that has administrator privileges in the new account.