Weekend Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Amazon Web Services SOA-C02 AWS Certified SysOps Administrator - Associate (SOA-C02) Exam Practice Test

Page: 1 / 46
Total 460 questions

AWS Certified SysOps Administrator - Associate (SOA-C02) Questions and Answers

Question 1

If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the

console by using the AWS Management Console shortcut from the VM desktop.

If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V.

Configure Amazon EventBridge to meet the following requirements.

1. use the us-east-2 Region for all resources,

2. Unless specified below, use the default configuration settings.

3. Use your own resource naming unless a resource

name is specified below.

4. Ensure all Amazon EC2 events in the default event

bus are replayable for the past 90 days.

5. Create a rule named RunFunction to send the exact message every 1 5 minutes to an existing AWS Lambda function named LogEventFunction.

6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2

Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:

Input Path:

{“instance” : “$.detail.instance-id”}

Input template:

“ The EC2 Spot Instance has been on account.

Options:

Question 2

A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site.

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. There is an existing hosted zone named lab-

751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB.

4. Configure the existing S3 bucket named lab-751906329398-26023898.com as a static hosted website using the object named index.html as the index document

5. For the index-html object, configure the S3 ACL to allow for public read access. Ensure public access to the S3 bucketjs allowed.

6. In Amazon Route 53, change the A record for domain lab-751906329398-26023898.com to a primary record for a failover routing policy. Configure the record so that it evaluates the health of the ALB to determine failover.

7. Create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing 53 bucket.

Options:

Question 3

You need to update an existing AWS CloudFormation stack. If needed, a copy to the CloudFormation template is available in an Amazon SB bucket named cloudformation-bucket

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:

a) Change the EC2 instance type to us-east-t2.nano.

b) Allow SSH to connect to the EC2 instance from the IP address range

192.168.100.0/30.

c) Replace the instance profile IAM role with IamRoleB.

4. Deploy the changes by updating the stack using the CFServiceR01e role.

5. Edit the stack options to prevent accidental deletion.

6. Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

Options:

Question 4

An application is deployed in a VPC in both the us-east-2 and eu-west-1 Regions. A significant amount of data needs to be transferred between the two Regions. What is the MOST cost-effective way to set up the data transfer?

Options:

A.

Establish a VPN connection between the Regions using third-party VPN products from AWS Marketplace.

B.

Establish Amazon CloudFront distributions tor the Amazon EC2 instances from both Regions.

C.

Establish an inter-Region VPC peering connection between the VPCs.

D.

Establish an AWS PrivateLinK connection between the two Regions.

Question 5

A SysOps administrator needs to create alerts that are based on the read and write metrics of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to an Amazon EC2 instance. The SysOps administrator creates and enables Amazon CloudWatch alarms for the DiskReadBytes metric and the DiskWriteBytes metric.

A custom monitoring tool that is installed on the EC2 instance with the same alarm configuration indicates that the volume metrics have exceeded the threshold. However, the CloudWatch alarms were not in ALARM state.

Which action will ensure that the CloudWatch alarms function correctly?

Options:

A.

Install and configure the CloudWatch agent on the EC2 instance to capture the desired metrics.

B.

Install and configure AWS Systems Manager Agent on the EC2 instance to capture the desired metrics.

C.

Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EBS volumes.

D.

Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EC2 instance.

Question 6

A company is running distributed computing software to manage a fleet of 20 Amazon EC2 instances for calculations. The fleet includes 2 control nodes and 18 task nodes to run the calculations. Control nodes can automatically start the task nodes.

Currently, all the nodes run on demand. The control nodes must be available 24 hours a day, 7 days a week. The task nodes run for 4 hours each day. A SysOps administrator needs to optimize the cost of this solution.

Which combination of actions will meet these requirements? (Choose two.)

Options:

A.

Purchase EC2 Instance Savings Plans for the control nodes.

B.

Use Dedicated Hosts for the control nodes.

C.

Use Reserved Instances for the task nodes.

D.

Use Spot Instances for the control nodes. Use On-Demand Instances if there is no Spot availability.

E.

Use Spot Instances for the task nodes. Use On-Demand Instances if there is no Spot availability.

Question 7

A company wants to monitor the security groups of its Amazon EC2 instances to ensure that SSH is not open to the public. If the port is opened, the company needs to close the port as soon as possible.

Which combination of actions should a SysOps administrator take to meet these requirements? (Select TWO.)

Options:

A.

Add an Amazon CloudWatch alarm to detect the security groups that allow SSH.

B.

Add an AWS Config rule to detect the security groups that allow SSH.

C.

Add an assessment template to Amazon Inspector to detect the security groups that allow SSH

D.

Call an AWS Systems Manager Automation runbook to close the port.

E.

Call AWS Systems Manager Run Command to close the port.

Question 8

A SysOps administrator created an AWS Cloud Formation template that provisions Amazon EC2 instances, an Elastic Load Balancer (ELB), and an Amazon RDS DB instance. During stack creation, the creation of the EC2 instances and the creation of the ELB are successful. However, the creation of the DB instance fails.

What is the default behavior of CloudFormation in this scenario?

Options:

A.

CloudFormation will roll back the stack and delete the stack.

B.

CloudFormation will roll back the stack but will not delete the stack.

C.

CloudFormation will prompt the user to roll back the stack or continue.

D.

CloudFormation will successfully complete the stack but will report a failed status for the DB instance.

Question 9

A SysOps administrator is deploying an application on 10 Amazon EC2 instances. The application must be highly available. The instances must be placed on distinct underlying hardware.

What should the SysOps administrator do to meet these requirements?

Options:

A.

Launch the instances into a cluster placement group in a single AWS Region.

B.

Launch the instances into a partition placement group in multiple AWS Regions.

C.

Launch the instances into a spread placement group in multiple AWS Regions.

D.

Launch the instances into a spread placement group in single AWS Region

Question 10

A SysOps administrator is tasked with deploying a company's infrastructure as code. The SysOps administrator want to write a single template that can be reused for multiple environments.

How should the SysOps administrator use AWS CloudFormation to create a solution?

Options:

A.

Use Amazon EC2 user data in a CloudFormation template

B.

Use nested stacks to provision resources

C.

Use parameters in a CloudFormation template

D.

Use stack policies to provision resources

Question 11

A SysOps administrator has launched a large general purpose Amazon EC2 instance to regularly process large data files. The instance has an attached 1 TB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volume. The instance also is EBS-optimized. To save costs, the SysOps administrator stops the instance each evening and restarts the instance each morning.

When data processing is active, Amazon CloudWatch metrics on the instance show a consistent 3.000 VolumeReadOps. The SysOps administrator must improve the I/O performance while ensuring data integrity.

Which action will meet these requirements?

Options:

A.

Change the instance type to a large, burstable, general purpose instance.

B.

Change the instance type to an extra large general purpose instance.

C.

Increase the EBS volume to a 2 TB General Purpose SSD (gp2) volume.

D.

Move the data that resides on the EBS volume to the instance store.

Question 12

A company is expanding its fleet of Amazon EC2 instances before an expected increase of traffic. When a SysOps administrator attempts to add more instances, an InstanceLimitExceeded error is returned.

What should the SysOps administrator do to resolve this error?

Options:

A.

Add an additional CIDR block to the VPC.

B.

Launch the EC2 instances in a different Availability Zone.

C.

Launch new EC2 instances in another VPC.

D.

Use Service Quotas to request an EC2 quota increase.

Question 13

A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal.

Which action should a SysOps administrator take to improve the performance of the file system?

Options:

A.

Configure the file system for Provisioned Throughput.

B.

Enable encryption in transit on the file system.

C.

Identify any unused files in the file system, and remove the unused files.

D.

Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

Question 14

A SysOps administrator has created a VPC that contains a public subnet and a private subnet. Amazon EC2 instances that were launched in the private subnet cannot access the internet. The default network ACL is active on all subnets in the VPC, and all security groups allow all outbound traffic:

Which solution will provide the EC2 instances in the private subnet with access to the internet?

Options:

A.

Create a NAT gateway in the public subnet. Create a route from the private subnet to the NAT gateway.

B.

Create a NAT gateway in the public subnet. Create a route from the public subnet to the NAT gateway.

C.

Create a NAT gateway in the private subnet. Create a route from the public subnet to the NAT gateway.

D.

Create a NAT gateway in the private subnet. Create a route from the private subnet to the NAT gateway.

Question 15

A company hosts its website on Amazon EC2 instances behind an Application Load Balancer. The company manages its DNS with Amazon Route 53. and wants to point its domain's zone apex to the website.

Which type of record should be used to meet these requirements?

Options:

A.

A CNAME record for the domain's zone apex

B.

An A record for the domain's zone apex

C.

An AAAA record for the domain's zone apex

D.

An alias record for the domain's zone apex

Question 16

The company’s security team needs to consolidate Security Hub findings to reduce duplicate notifications for the same misconfigurations.

Options:

Options:

A.

Turn on consolidated control findings in the Security Hub delegated administrator account.

B.

Export the Security Hub findings. Consolidate the findings based on control ID. Visualize the findings in Amazon QuickSight.

C.

Set up an AWS Config aggregator instead of Security Hub. Deploy a custom conformance pack by consolidating AWS Config rules.

D.

Launch an Amazon EC2 instance in the organization's management account. Configure a custom script to assume a role in each linked account to extract and consolidate findings from the accounts.

Question 17

A company has an application that uses Amazon DynamoDB tables The tables are spread across AWS accounts and AWS Regions. The company uses AWS CloudFormation to deploy AWS resources.

A new team at the company is deleting unused AWS resources. The team accidentally deletes several production DynamoDB tables by running an AWS Lambda function that makes a DynamoDB DeleteTable API call. The table deletions cause an application outage

A SysOps administrator must implement a solution that minimizes the chance of accidental deletions of tables. The solution also must minimize data loss that results from accidental deletions.

Which combination of steps will meet these requirements? (Select TWO.)

Options:

A.

Enable termination protection for the CloudFormation stacks that deploy the DynamoDB tables.

B.

Enable deletion protection for the DynamoDB tables

C.

Enable point-in-time recovery for (he DynamoDB tables. Restore the tables if they are accidentally deleted.

D.

Schedule daily backups of the DynamoDB tables. Restore the tables if they are accidentally deleted.

E.

Export the DynamoDB tables to Amazon S3 every day. Use Import from Amazon S3 to restore data for tables that are accidentally deleted

Question 18

A company has an application that customers use to search for records on a website. The application's data is stored in an Amazon Aurora DB cluster. The application's usage varies by season and by day of the week.

The website's popularity is increasing, and the website is experiencing slower performance because of increased load on the DB cluster during periods of peak activity. The application logs show that the performance issues occur when users are searching for information. The same search is rarely performed multiple times.

A SysOps administrator must improve the performance of the platform by using a solution that maximizes resource efficiency.

Which solution will meet these requirements?

Options:

A.

Deploy an Amazon ElastiCache for Redis cluster in front of the DB cluster. Modify the application to check the cache before the application issues new queries to the database. Add the results of any queries to the cache.

B.

Deploy an Aurora Replica for the DB cluster. Modify the application to use the reader endpoint for search operations. Use Aurora Auto Scaling to scale the number of replicas based on load. Most Voted

C.

Use Provisioned IOPS on the storage volumes that support the DB cluster to improve performance sufficiently to support the peak load on the application.

D.

Increase the instance size in the DB cluster to a size that is sufficient to support the peak load on the application. Use Aurora Auto Scaling to scale the instance size based on load.

Question 19

A company has a VPC with public and private subnets. An Amazon EC2 based application resides in the private subnets and needs to process raw .csv files stored in an Amazon S3 bucket. A SysOps administrator has set up the correct IAM role with the required permissions for the application to access the S3 bucket, but the application is unable to communicate with the S3 bucket.

Which action will solve this problem while adhering to least privilege access?

Options:

A.

Add a bucket policy to the S3 bucket permitting access from the IAM role.

B.

Attach an S3 gateway endpoint to the VPC. Configure the route table for the private subnet.

C.

Configure the route table to allow the instances on the private subnet access through the internet gateway.

D.

Create a NAT gateway in a private subnet and configure the route table for the private subnets.

Question 20

The company needs EC2 instances in the VPC to resolve DNS names for on-premises hosts using Direct Connect.

Options:

Options:

A.

Create an Amazon Route 53 private hosted zone. Populate the zone with the hostnames and IP addresses of the hosts in the on-premises data center.

B.

Create an Amazon Route 53 Resolver outbound endpoint. Add the IP addresses of an on-premises DNS server for the domain names that need to be forwarded.

C.

Set up a forwarding rule for reverse DNS queries in Amazon Route 53 Resolver. Set the enableDnsHostnames attribute to true for the VPC.

D.

Add the hostnames and IP addresses for the on-premises hosts to the /etc/hosts file of each EC2 instance.

Question 21

A company has many accounts in an organization in AWS Organizations The company must automate resource provisioning from the organization's management account to the member accounts.

Which solution will meet this requirement?

Options:

A.

Create an AWS CkHJdFormation change set Deploy the change set to all member accounts

B.

Create an AWS CtoudFormation nested stack Deploy the nested stack to all member accounts.

C.

Create an AWS CtoudFormation stack set Deploy the stack set to all member accounts.

D.

Create an AWS Serverless Application Model (AWS SAM) template. Deploy the template to all member accounts.

Question 22

A company uses Amazon Route 53 to manage the public DNS records for the domain example.com. The company deploys an Amazon CloudFront distribution to deliver static assets for a new corporate website. The company wants to create a subdomain that is named "static" and must route traffic for the subdomain to the

CloudFront distribution.

How should a SysOps administrator create a new record for the subdomain in Route 53?

Options:

A.

Create a CNAME record. Enter static.cloudfront.net as the record name. Enter the CloudFront distribution's public IP address as the value.

B.

Create a CNAME record. Enter static.example.com as the record name. Enter the CloudFront distribution's private IP address as the value.

C.

Create an A record. Enter static.cloudfront.net as the record name. Enter the CloudFront distribution's ID as an alias target.

D.

Create an A record. Enter static.example.com as the record name. Enter the CloudFront distribution's domain name as an alias target.

Question 23

A company has deployed AWS Security Hub and AWS Config in a newly implemented organization in AWS Organizations. A SysOps administrator must implement a solution to restrict all member accounts in the organization from deploying Amazon EC2 resources in the ap-southeast-2 Region. The solution must be implemented from a single point and must govern an current and future accounts. The use of root credentials also must be restricted in member accounts.

Which AWS feature should the SysOps administrator use to meet these requirements?

Options:

A.

AWS Config aggregator

B.

IAM user permissions boundaries

C.

AWS Organizations service control policies (SCPs)

D.

AWS Security Hub conformance packs

Question 24

A SysOps administrator creates an AWS CloudFormation template to define an application stack that can be deployed in multiple AWS Regions.

The SysOps administrator also creates an Amazon CloudWatch dashboard by using the AWS Management Console. Each deployment of the application requires its own CloudWatch dashboard.

How can the SysOps administrator automate the creation of the CloudWatch dashboard each time the application is deployed?

Options:

A.

Create a script by using the AWS CLI to run the aws cloudformation put-dashboard command with the name of the dashboard. Run the command each time a new CloudFormation stack is created.

B.

Export the existing CloudWatch dashboard as JSON. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Include the exported JSON in the resource's DashboardBody property.

C.

Update the CloudFormation template to define an resource. Use the intrinsic Ref function to reference the ID of the existing CloudWatch dashboard.

D.

Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Specify the name of the existing

dashboard in the DashboardName property.

Question 25

An environment consists of 100 Amazon EC2 Windows instances The Amazon CloudWatch agent Is deployed and running on at EC2 instances with a baseline configuration file to capture log files There is a new requirement to capture the DHCP tog tiles that exist on 50 of the instances

What is the MOST operational efficient way to meet this new requirement?

Options:

A.

Create an additional CloudWatch agent configuration file to capture the DHCP logs Use the AWS Systems Manager Run Command to restart the CloudWatch agent on each EC2 instance with the append-config option to apply the additional configuration file

B.

Log in to each EC2 instance with administrator rights Create a PowerShell script to push the needed baseline log files and DHCP log files to CloudWatch

C.

Run the CloudWatch agent configuration file wizard on each EC2 instance Verify that the base the log files are included and add the DHCP tog files during the wizard creation process

D.

Run the CloudWatch agent configuration file wizard on each EC2 instance and select the advanced detail level. This wifi capture the operating system log files.

Question 26

A company has a public website that recently experienced problems. Some links led to missing webpages, and other links rendered incorrect webpages. The application infrastructure was running properly, and all the provisioned resources were healthy. Application logs and dashboards did not show any errors, and no monitoring alarms were raised. Systems administrators were not aware of any problems until end users reported the issues.

The company needs to proactively monitor the website for such issues in the future and must implement a solution as soon as possible.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Rewrite the application to surface a custom error to the application log when issues occur. Automatically parse logs for errors. Create an Amazon CloudWatch alarm to provide alerts when issues are detected.

B.

Create an AWS Lambda function to test the website. Configure the Lambda function to emit an Amazon CloudWatch custom metric when errors are detected. Configure a CloudWatch alarm to provide alerts when issues are detected.

C.

Create an Amazon CloudWatch Synthetics canary. Use the CloudWatch Synthetics Recorder plugin to generate the script for the canary run. Configure the canary in line with requirements. Create an alarm to provide alerts when issues are detected.

Question 27

An application runs on Amazon EC2 instances in an Auto Scaling group. Following the deployment of a new feature on the EC2 instances, some instances were marked as unhealthy and then replaced by the Auto Scaling group. The EC2 instances terminated before a SysOps administrator could determine the cause of the health status changes. To troubleshoot this issue, the SysOps administrator wants to ensure that an AWS Lambda function is invoked in this situation.

How should the SysOps administrator meet these requirements?

Options:

A.

Activate the instance scale-in protection setting for the Auto Scaling group. Invoke the Lambda function through Amazon EventBridge (Amazon CloudWatch Events).

B.

Activate the instance scale-in protection setting for the Auto Scaling group. Invoke the Lambda function through Amazon Route 53.

C.

Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function through Amazon EventBridge (Amazon CloudWatch Events).

D.

Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function through Amazon Route 53.

Question 28

A company recently acquired another corporation and all of that corporation's AWS accounts. A financial analyst needs the cost data from these accounts. A SysOps administrator uses Cost Explorer to generate cost and usage reports. The SysOps administrator notices that "No Tagkey" represents 20% of the monthly cost.

What should the SysOps administrator do to tag the "No Tagkey" resources?

Options:

A.

Add the accounts to AWS Organizations. Use a service control policy (SCP) to tag all the untagged resources.

B.

Use an AWS Config rule to find the untagged resources. Set the remediation action to terminate the resources.

C.

Use Cost Explorer to find and tag all the untagged resources.

D.

Use Tag Editor to find and taq all the untaqqed resources.

Question 29

A SysOps administrator is designing a solution for an Amazon RDS for PostgreSQL DB instance. Database credentials must be stored and rotated monthly. The applications that connect to the DB instance send write-intensive traffic with variable client connections that sometimes increase significantly in a short period of time.

Which solution should a SysOps administrator choose to meet these requirements?

Options:

A.

Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS Proxy to handle the increases in database connections.

B.

Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS read replicas to handle the increases in database connections.

C.

Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS Proxy to handle the increases in database connections.

D.

Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS read replicas to handle the increases in database connections.

Question 30

A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template it installs and configure necessary software through AWS OpsWorks and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours but at limes the process stalls due to installation errors.

The SysOps administrator must modify the CloudFormation template so if the process stalls, the entire stack will tail and roil back.

Based on these requirements what should be added to the template?

Options:

A.

Conditions with a timeout set to 4 hours.

B.

CreationPolicy with timeout set to 4 hours.

C.

DependsOn a timeout set to 4 hours.

D.

Metadata with a timeout set to 4 hours

Question 31

A compliance team requires all administrator passwords tor Amazon RDS DB instances to be changed at toast annually

Which solution meets this requirement in the MOST operationally efficient manned

Options:

A.

Store the database credentials in AWS Secrets Manager Configure automate rotation for the secret every 365 days

B.

Store the database credentials as a parameter in the RDS parameter group Create a database trigger to rotate the password every 365 days

C.

Store the database credentials in a private Amazon S3 bucket Schedule an AWS Lambda function to generate a new set of credentials every 365 days

D.

Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter Configure automatic rotation for the parameter every 365 days

Question 32

A company has an Amazon RDS DB instance. The company wants to implement a caching service while maintaining high availability.

Which combination of actions will meet these requirements? (Choose two.)

Options:

A.

Add Auto Discovery to the data store.

B.

Create an Amazon ElastiCache for Memcached data store.

C.

Create an Amazon ElastiCache for Redis data store.

D.

Enable Multi-AZ for the data store.

E.

Enable Multi-threading for the data store.

Question 33

A company hosts an internal application on Amazon EC2 instances. All application data and requests route through an AWS Site-to-Site VPN connection between the on-premises network and AWS. The company must monitor the application for changes that allow network access outside of the corporate network. Any change that exposes the application externally must be restricted automatically.

Which solution meets these requirements in the MOST operationally efficient manner?

Options:

A.

Create an AWS Lambda function that updates security groups that are associated with the elastic network interface to remove inbound rules with noncorporate CIDR ranges. Turn on VPC Flow Logs, and send the logs to Amazon CloudWatch Logs. Create an Amazon CloudWatch alarm that matches traffic from noncorporate CIDR ranges, and publish a message to an Amazon Simple Notification Service (Amazon SNS) topic with the Lambda function as a target.

B.

Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that targets an AWS Systems Manager Automation document to check for public IP addresses on the EC2 instances. If public IP addresses are found on the EC2 instances, initiate another Systems Manager Automation document to terminate the instances.

C.

Configure AWS Config and a custom rule to monitor whether a security group allows inbound requests from noncorporate CIDR ranges. Create an AWS Systems Manager Automation document to remove any noncorporate CIDR ranges from the application security groups.

D.

Configure AWS Config and the managed rule for monitoring public IP associations with the EC2 instances by tag. Tag the EC2 instances with an identifier. Create an AWS Systems Manager Automation document to remove the public IP association from the EC2 instances.

Question 34

A company runs a worker process on three Amazon EC2 instances. The instances are in an Auto Scaling group that is configured to use a simple scaling policy. The instances process messages from an Amazon Simple Queue Service (Amazon SOS) queue.

Random periods of increased messages are causing a decrease in the performance of the worker process. A SysOps administrator must scale the instances to accommodate the increased number of messages.

Which solution will meet these requirements?

Options:

A.

Use CloudWatch to create a metric math expression to calculate the approximate age of the oldest message in the SQS queue. Create a target tracking scaling policy for the metric math expression to modify the Auto Scaling group.

B.

Use CloudWatch to create a metric math expression to calculate the approximate number of messages visible in the SQS queue for each instance. Create a target tracking scaling policy for the metric math expression to modify the Auto Scaling group.

C.

Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group. Create a target tracking scaling policy for the ALBRequestCountPerTarget metric to modify the Auto Scaling group.

D.

Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group. Create a scheduled scaling policy for the Auto Scaling group.

Question 35

A SysOps administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and

Amazon EC2 in a VPC. All services have logging enabled. The administrator needs to investigate HTTP Layer 7 status codes from the web application.

Which log sources contain the status codes? (Choose two.)

Options:

A.

VPC Flow Logs

B.

AWS CloudTrail logs

C.

ALB access logs

D.

CloudFront access logs

E.

RDS logs

Question 36

A company is attempting to manage its costs in the AWS Cloud. A SysOps administrator needs specific company-defined tags that are assigned to resources to appear on the billing report.

What should the SysOps administrator do to meet this requirement?

Options:

A.

Activate the tags as AWS generated cost allocation tags.

B.

Activate the tags as user-defined cost allocation tags.

C.

Create a new cost category. Select the account billing dimension.

D.

Create a new AWS Cost and Usage Report. Include the resource IDs.

Question 37

To configure central configuration for Security Hub in an AWS Organization, the SysOps administrator must ensure it’s set up centrally.

Options:

Options:

A.

Enable Security Hub in the organization's management account. Configure Security Hub central configuration.

B.

Enable Security Hub in the organization's management account. Configure and integrate AWS Trusted Advisor. Configure Security Hub from an opt-in Region.

C.

Delegate an AWS account that is not the organization's management account as the Security Hub administrator. Configure Security Hub central configuration.

D.

Delegate an AWS account that is not the organization's management account as the Security Hub administrator. Configure and integrate AWS Trusted Advisor. Configure Security Hub from an opt-in Region.

Question 38

A SysOps administrator is managing a Memcached cluster in Amazon ElastiCache. The cluster has been heavily used recently, and the administrator wants to use a larger instance type with more memory.

What should the administrator use to make this change?

Options:

A.

Use the ModifycacheCluster API and specify a new cacheNodeType.

B.

Use the createcacheciuster API and specify a new cacheNodeType.

C.

Use the Modi fyCacheParameterGcoup API and specify a new CacheNodeType.

D.

Use the Rebootcacheclustcr API and specify a new CacheNodeType.

Question 39

A company is running an application on a group of Amazon EC2 instances behind an Application Load Balancer The EC2 instances run across three Availability Zones The company needs to provide the customers with a maximum of two static IP addresses for their applications

How should a SysOps administrator meet these requirement?

Options:

A.

Add AWS Global Accelerator in front of the Application Load Balancer

B.

Add an internal Network Load Balancer behind the Application Load Balancer

C.

Configure the Application Load Balancer in only two Availability Zones.

D.

Create two Elastic IP addresses and assign them to the Application Load Balancer.

Question 40

A company has a new requirement stating that all resources in AWS must be tagged according to a set policy.

Which AWS service should be used to enforce and continually identify all resources that are not in compliance with the policy?

Options:

A.

AWS CloudTrail

B.

Amazon Inspector

C.

AWSConfig

D.

AWS Systems Manager

Question 41

A company is running a serverless application on AWS Lambda The application stores data in an Amazon RDS for MySQL DB instance Usage has steadily increased and recently there have been numerous "too many connections" errors when the Lambda function attempts to connect to the database The company already has configured the database to use the maximum max_connections value that is possible

What should a SysOps administrator do to resolve these errors'?

Options:

A.

Create a read replica of the database Use Amazon Route 53 to create a weighted DNS record that contains both databases

B.

Use Amazon RDS Proxy to create a proxy Update the connection string in the Lambda function

C.

Increase the value in the max_connect_errors parameter in the parameter group that the database uses

D.

Update the Lambda function's reserved concurrency to a higher value

Question 42

A SysOps administrator must create a solution that immediately notifies software developers if an AWS Lambda function experiences an error.

Which solution will meet this requirement?

Options:

A.

Create an Amazon Simple Notification Service (Amazon SNS) topic with an email subscription for each developer. Create an Amazon CloudWatch alarm by using the Errors metric and the Lambda function name as a dimension. Configure the alarm to send a notification to the SNS topic when the alarm state reaches ALARM.

B.

Create an Amazon Simple Notification Service (Amazon SNS) topic with a mobile subscription for each developer. Create an Amazon EventBridge (Amazon CloudWatch Events) alarm by using LambdaError as the event pattern and the SNS topic name as a resource. Configure the alarm to send a notification to the SNS topic when the alarm state reaches ALARM.

C.

Verify each developer email address in Amazon Simple Email Service (Amazon SES). Create an Amazon CloudWatch rule by using the LambdaError metric and developer email addresses as dimensions. Configure the rule to send an email through Amazon SES when the rule state reaches ALARM.

D.

Verify each developer mobile phone in Amazon Simple Email Service {Amazon SES). Create an Amazon EventBridge (Amazon CloudWatch Events) rule by using Errors as the event pattern and the Lambda function name as a resource. Configure the rule to send a push notification through Amazon SES when the rule state reaches ALARM.

Question 43

A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB table. The security team can use the values that are stored in DynamoDB to verify the integrity of the delivered files.

B.

Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon S3 object. The security team can use the information in the tag to verify the integrity of the delivered files.

C.

Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.

D.

Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.

Question 44

A company is deploying a third-party unit testing solution that is delivered as an Amazon EC2 Amazon Machine Image (AMI). All system configuration data is stored in Amazon DynamoDB. The testing results are stored in Amazon S3.

A minimum of three EC2 instances are required to operate the product. The company's testing team wants to use an additional three EC2 Instances when the Spot Instance prices are at a certain threshold. A SysOps administrator must Implement a highly available solution that provides this functionality.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Define an Amazon EC2 Auto Scaling group by using a launch configuration. Use the provided AMI In the launch configuration. Configure three On-Demand Instances and three Spot Instances. Configure a maximum Spot Instance price In the launch configuration.

B.

Define an Amazon EC2 Auto Scaling group by using a launch template. Use the provided AMI in the launch template. Configure three On-Demand Instances and three Spot Instances. Configure a maximum Spot Instance price In the launch template.

C.

Define two Amazon EC2 Auto Scaling groups by using launch configurations. Use the provided AMI in the launch configurations. Configure three On-Demand Instances for one Auto Scaling group. Configure three Spot Instances for the other Auto Scaling group. Configure a maximum Spot Instance price in the launch configuration for the Auto Scaling group that has Spot Instances.

D.

Define two Amazon EC2 Auto Scaling groups by using launch templates. Use the provided AMI in the launch templates. Configure three On-Demand

Instances for one Auto Scaling group. Configure three Spot Instances for the other Auto Scaling group. Configure a maximum Spot Instance price in the launch template for the Auto Scaling group that has Spot Instances.

Question 45

A company is planning to host an application on a set of Amazon EC2 instances that are distributed across multiple Availability Zones. The application must be able to scale to millions of requests each second.

A SysOps administrator must design a solution to distribute the traffic to the EC2 instances. The solution must be optimized to handle sudden and volatile traffic patterns while using a single static IP address for each Availability Zone.

Which solution will meet these requirements?

Options:

A.

Amazon Simple Queue Service (Amazon SQS) queue

B.

Application Load Balancer

C.

AWS Global Accelerator

D.

Network Load Balancer

Question 46

The SysOps administrator needs to prevent any account within an AWS Organization from leaving the organization.

Options:

Options:

A.

Create a service control policy (SCP) that denies the LeaveOrganization action. Apply the SCP to the root organizational unit (OU).

B.

Create a service control policy (SCP) that denies the RemoveAccountFromOrganization action. Apply the SCP to the root organizational unit (OU).

C.

Deploy an AWS Lambda function in each member account to remove any Organizations permissions when a user is created.

D.

Turn on AWS Config. Set up the account-part-of-organizations managed rule. Configure the rule to run every hour.

Question 47

A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin. After a week of monitoring the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load.

What are possible causes for this problem? (Choose two.)

Options:

A.

CloudFront does not have the ALB configured as the origin access identity.

B.

The DNS is still pointing to the ALB instead of the CloudFront distribution.

C.

The ALB security group is not permitting inbound traffic from CloudFront.

D.

The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on the CloudFront distribution.

E.

The target groups associated with the ALB are configured for sticky sessions.

Question 48

A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal.

Which action should a SysOps administrator take to improve the performance of the file system?

Options:

A.

Configure the file system for Provisioned Throughput.

B.

Enable encryption in transit on the file system.

C.

Identify any unused files in the file system, and remove the unused files.

D.

Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

Question 49

A company hosts an online shopping portal in the AWS Cloud. The portal provides HTTPS security by using a TLS certificate on an Elastic Load Balancer (ELB). Recently, the portal suffered an outage because the TLS certificate expired. A SysOps administrator must create a solution to automatically renew certificates to avoid this issue in the future.

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Request a public certificate by using AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. Write a scheduled AWS Lambda function to renew the certificate every 18 months.

B.

Request a public certificate by using AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. ACM will automatically manage the renewal of the certificate.

C.

Register a certificate with a third-party certificate authority (CA). Import this certificate into AWS Certificate Manager (ACM). Associate the certificate from ACM with the ELB. ACM will automatically manage the renewal of the certificate.

D.

Register a certificate with a third-party certificate authority (CA). Configure the ELB to import the certificate directly from the CA. Set the certificate refresh cycle on the ELB to refresh when the certificate is within 3 months of the expiration date.

Question 50

A company hosts an internet web application on Amazon EC2 instances. The company is replacing the application with a new AWS Lambda function. During a transition period, the company must route some traffic to the legacy application and some traffic to the new Lambda function. The company needs to use the URL path of request to determine the routing.

Which solution will meet these requirements?

Options:

A.

Configure a Gateway Load Balancer to use the URL path to direct traffic to the legacy application and the new Lambda function.

B.

Configure a Network Load Balancer to use the URL path to direct traffic to the legacy application and the new Lambda function.

C.

Configure a Network Load Balancer to use a regular expression to match the URL path to direct traffic to the new Lambda function.

D.

Configure an Application Load Balancer to use the URL path to direct traffic to the legacy application and the new Lambda function.

Question 51

A data storage company provides a service that gives users the ability to upload and download files as needed. The files are stored in Amazon S3 Standard and must be immediately retrievable for 1 year. Users access files frequently during the first 30 days after the files are stored. Users rarely access files after 30 days.

The company's SysOps administrator must use S3 Lifecycle policies to implement a solution that maintains object availability and minimizes cost.

Which solution will meet these requirements?

Options:

A.

Move objects to S3 Glacier after 30 days.

B.

Move objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.

C.

Move objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.

D.

Move objects to S3 Standard-Infrequent Access (S3 Standard-IA) immediately.

Question 52

A company stores files on 50 Amazon S3 buckets in the same AWS Region The company wants to connect to the S3 buckets securely over a private connection from its Amazon EC2 instances The company needs a solution that produces no additional cost

Which solution will meet these requirements?

Options:

A.

Create a gateway VPC endpoint lor each S3 bucket Attach the gateway VPC endpoints to each subnet inside the VPC

B.

Create an interface VPC endpoint (or each S3 bucket Attach the interface VPC endpoints to each subnet inside the VPC

C.

Create one gateway VPC endpoint for all the S3 buckets Add the gateway VPC endpoint to the VPC route table

D.

Create one interface VPC endpoint for all the S3 buckets Add the interface VPC endpoint to the VPC route table

Question 53

A company uses AWS Organizations. A SysOps administrator wants to use AWS Compute Optimizer and AWS tag policies in the management account to govern all member accounts in the billing family. The SysOps administrator navigates to the AWS Organizations console but cannot activate tag policies through the management account.

What could be the reason for this issue?

Options:

A.

All features have not been enabled in the organization.

B.

Consolidated billing has not been enabled.

C.

The member accounts do not have tags enabled for cost allocation.

D.

The member accounts have not manually enabled trusted access for Compute Optimizer.

Question 54

A company migrated an I/O intensive application to an Amazon EC2 general purpose instance. The EC2 instance has a single General Purpose SSD Amazon Elastic Block Store (Amazon EBS) volume attached.

Application users report that certain actions that require intensive reading and writing to the disk are taking much longer than normal or are failing completely. After reviewing the performance metrics of the EBS volume, a SysOps administrator notices that the VolumeQueueLength metric is consistently high during the same times in which the users are reporting issues. The SysOps administrator needs to resolve this problem to restore full performance to the application.

Which action will meet these requirements?

Options:

A.

Modify the instance type to be storage optimized.

B.

Modify the volume properties by deselecting Auto-Enable Volume 10.

C.

Modify the volume properties to increase the IOPS.

D.

Modify the instance to enable enhanced networking.

Question 55

A company is migrating its production file server to AWS. All data that is stored on the file server must remain accessible if an Availability Zone becomes unavailable or when system maintenance is performed. Users must be able to interact with the file server through the SMB protocol. Users also must have the ability to manage file permissions by using Windows ACLs.

Which solution will net these requirements?

Options:

A.

Create a single AWS Storage Gateway file gateway.

B.

Create an Amazon FSx for Windows File Server Multi-AZ file system.

C.

Deploy two AWS Storage Gateway file gateways across two Availability Zones. Configure an Application Load Balancer in front of the file gateways.

D.

Deploy two Amazon FSx for Windows File Server Single-AZ 2 file systems. Configure Microsoft Distributed File System Replication (DFSR).

Question 56

A company is running a website on Amazon EC2 instances behind an Application Load Balancer (ALB). The company configured an Amazon CloudFront distribution and set the ALB as the origin. The company created an Amazon Route 53 CNAME record to send all traffic through the CloudFront distribution. As an unintended side effect, mobile users are now being served the desktop version of the website.

Which action should a SysOps administrator take to resolve this issue?

Options:

A.

Configure the CloudFront distribution behavior to forward the User-Agent header.

B.

Configure the CloudFront distribution origin settings. Add a User-Agent header to the list of origin custom headers.

C.

Enable IPv6 on the ALB. Update the CloudFront distribution origin settings to use the dualstack endpoint.

D.

Enable IPv6 on the CloudFront distribution. Update the Route 53 record to use the dualstack endpoint.

Question 57

A SysOps administrator has successfully deployed a VPC with an AWS Cloud Formation template The SysOps administrator wants to deploy me same template across multiple accounts that are managed through AWS Organizations.

Which solution will meet this requirement with the LEAST operational overhead?

Options:

A.

Assume the OrganizationAccountAcccssKolc IAM role from the management account. Deploy the template in each of the accounts

B.

Create an AWS Lambda function to assume a role in each account Deploy the template by using the AWS CloudFormation CreateStack API call

C.

Create an AWS Lambda function to query fc a list of accounts Deploy the template by using the AWS Cloudformation CreateStack API call.

D.

Use AWS CloudFormation StackSets from the management account to deploy the template in each of the accounts

Question 58

A company is expanding its use of AWS services across its portfolios The company wants to provision AWS accounts for each team to ensure a separation of business processes for security compliance and billing Account creation and bootstrapping should be completed m a scalable and efficient way so new accounts are created with a defined baseline and governance guardrails in place A SysOps administrator needs to design a provisioning process that saves time and resources

Which action should be taken to meet these requirements?

Options:

A.

Automate using AWS Elastic Beanstalk to provision the AWS accounts set up infrastructure and integrate with AWS Organizations

B.

Create bootstrapping scripts in AWS OpsWorks and combine them with AWS CloudFormation templates to provision accounts and infrastructure

C.

Use AWS Config to provision accounts and deploy instances using AWS Service Catalog

D.

Use AWS Control Tower to create a template in Account Factory and use the template to provision new accounts

Question 59

A company has an application that is deployed 10 two AWS Regions in an active-passive configuration. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) in each Region. The instances are in an Amazon EC2 Auto Scaling group in each Region. The application uses an Amazon Route 53 hosted zone (or DNS. A SysOps administrator needs to configure automatic failover to the secondary Region.

What should the SysOps administrator do to meet these requirements?

Options:

A.

Configure Route 53 alias records that point to each ALB. Choose a failover routing policy. Set Evaluate Target Health to Yes.

B.

Configure CNAME records that point to each ALB. Choose a failover routing policy. Set Evaluate Target Health to Yes.

C.

Configure Elastic Load Balancing (ELB) health checks for the Auto Scaling group. Add a target group to the ALB in the primary Region. Include the EC2 instances in the secondary Region as

targets.

D.

Configure EC2 health checks for the Auto Scaling group. Add a target group to the ALB in the primary Region. Include the EC2 instances in the secondary Region as targets.

Question 60

A large multinational company has a core application that runs 24 hours a day, 7 days a week on Amazon EC2 and AWS Lambda. The company uses a combination of operating systems across different AWS Regions. The company wants to achieve cost savings and wants to use a pricing model that provides the most flexibility.

What should the company do to MAXIMIZE cost savings while meeting these requirements?

Options:

A.

Establish the compute expense by the hour. Purchase a Compute Savings Plan.

B.

Establish the compute expense by the hour. Purchase an EC2 Instance Savings Plan.

C.

Purchase a Reserved Instance for the instance types, operating systems, Region, and tenancy.

D.

Use EC2 Spot Instances to match the instances that run in each Region.

Question 61

A company wants to prohibit its developers from using a particular family of Amazon EC2 instances The company uses AWS Organizations and wants to apply the restriction across multiple accounts

What is the MOST operationally efficient way for the company lo apply service control policies (SCPs) to meet these requirements?

Options:

A.

Add the accounts to an organizational unit (OUf Apply the SCPs to the OU.

B.

Add the accounts to resource groups in AWS Resource Groups. Apply the SCPs to the resource groups.

C.

Apply the SCPs to each developer account.

D.

Enroll the accounts with AWS Control Tower. Apply the SCPs to the AWS Control Tower management account.

Question 62

A new website will run on Amazon EC2 instances behind an Application Load Balancer. Amazon Route 53 will be used to manage DNS records.

What type of record should be set in Route 53 to point the website’s apex domain name (for example.company.com to the Application Load Balancer?

Options:

A.

CNAME

B.

SOA

C.

TXT

D.

ALIAS

Question 63

A company has an Amazon CloudFront distribution that uses an Amazon S3 bucket as its origin. During a review of the access logs, the company determines that some requests are going directly to the S3 bucket by using the website hosting endpoint. A SysOps administrator must secure the S3 bucket to allow requests only from CloudFront.

What should the SysOps administrator do to meet this requirement?

Options:

A.

Create an origin access identity (OAI) in CloudFront. Associate the OAI with the distribution. Remove access to and from other principals in the S3 bucket policy. Update the S3 bucket policy to allow access only from the OAI.

B.

Create an origin access identity (OAI) in CloudFront. Associate the OAI with the distribution. Update the S3 bucket policy to allow access only from the OAI. Create a new origin, and specify the S3 bucket as the new origin. Update the distribution behavior to use the new origin. Remove the existing origin.

C.

Create an origin access identity (OAI) in CloudFront. Associate the OAI with the distribution. Update the S3 bucket policy to allow access only from the OAI. Disable website hosting. Create a new origin, and specify the S3 bucket as the new origin. Update the distribution behavior to use the new origin. Remove the existing origin.

D.

Update the S3 bucket policy to allow access only from the CloudFront distribution. Remove access to and from other principals in the S3 bucket policy. Disable website hosting. Create a new origin, and specify the S3 bucket as the new origin. Update the distribution behavior to use the new origin. Remove the existing origin.

Question 64

After creating a presigned URL for an S3 object, users can no longer access the file after a few days.

Options (Select TWO):

Options:

A.

The presigned URL's expiration date and time have passed.

B.

The SysOps administrator's access key is no longer valid.

C.

The S3 bucket's Block Public Access settings are enabled.

D.

The S3 object's ACL does not include READ access for the All Users group.

E.

The S3 object's ACL does not include READ_ACP access for the All Users group.

Question 65

A company wants to use only IPv6 for all its Amazon EC2 instances. The EC2 instances must not be accessible from the internet, but

the EC2 instances must be able to access the internet. The company creates a dual-stack VPC and IPv6-only subnets.

How should a SysOps administrator configure the VPC to meet these requirements?

Options:

A.

Create and attach a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.

B.

Create and attach an internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway. Attach the custom route table to the IPv6-only subnets.

C.

Create and attach an egress-only internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the egress-only internet gateway. Attach the custom route table to the IPv6-only subnets.

D.

Create and attach an internet gateway and a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway and all IPv4 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.

Question 66

An AWS Lambda function is intermittently failing several times a day A SysOps administrator must find out how often this error has occurred in the last 7 days Which action will meet this requirement in the MOST operationally efficient manner?

Options:

A.

Use Amazon Athena to query the Amazon CloudWatch logs that are associated with the Lambda function

B.

Use Amazon Athena to query the AWS CloudTrail logs that are associated with the Lambda function

C.

Use Amazon CloudWatch Logs Insights to query the associated Lambda function logs

D.

Use Amazon Elasticsearch Service (Amazon ES) to stream the Amazon CloudWatch logs for the Lambda function

Question 67

A company has attached the following policy to an IAM user:

Question # 67

Which of the following actions are allowed for the IAM user?

Options:

A.

Amazon RDS DescribeDBInstances action in the us-east-1 Region

B.

Amazon S3 Putobject operation in a bucket named testbucket

C.

Amazon EC2 Describe Instances action in the us-east-1 Region

D.

Amazon EC2 AttachNetworkinterf ace action in the eu-west-1 Region

Question 68

A SysOps administrator needs to design a disaster recovery (DR) plan for an application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The application uses an Amazon Aurora PostgreSQL database. The recovery time objective (RTO) and recovery point objective (RPO) are 15 minutes each.

Which combination of steps should the SysOps administrator take to meet these requirements MOST cost-effectively? (Select TWO.)

Options:

A.

Configure Aurora backups to be exported to the DR Region.

B.

Configure the Aurora cluster to replicate data to the DR Region by using the Aurora global database option.

C.

Configure the DR Region with an ALB and an Auto Scaling group. Use the same configuration as in the primary Region.

D.

Configure the DR Region with an ALB and an Auto Scaling group. Set the Auto Scaling group's minimum capacity, maximum capacity, and desired capacity to 1.

E.

Manually launch a new ALB and a new Auto Scaling group by using AWS CloudFormation during a failover activity.

Question 69

A company's SysOps administrator deploys four new Amazon EC2 instances by using the standard Amazon Linux 2 Amazon Machine Image (AMI). The company needs to be able to use AWS Systems Manager to manage the instances The SysOps administrator notices that the instances do not appear in the Systems Manager console

What must the SysOps administrator do to resolve this issue?

Options:

A.

Connect to each instance by using SSH Install Systems Manager Agent on each instance Configure Systems Manager Agent to start automatically when the instances start up

B.

Use AWS Certificate Manager (ACM) to create a TLS certificate Import the certificate into each instance Configure Systems Manager Agent to use the TLS certificate for secure communications

C.

Connect to each instance by using SSH Create an ssm-user account Add the ssm-user account to the /etcsudoers d directory

D.

Attach an IAM instance profile to the instances Ensure that the instance profile contains the AmazonSSMManagedinstanceCore policy

Page: 1 / 46
Total 460 questions