QUESTION 61
A company has two general purpose Amazon EC2 instances that run a software package. Each EC2 instance is attached to its own 500 GiB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volume. Each EBS volume frequently reaches its IOPS limit, negatively affecting workload performance. The company is starting a large promotion that will require 5 times more IOPS. The software package requires durable storage for each EC2 instance. Which solution will meet these requirements?
A. Migrate the attached EBS volumes to Throughput Optimized HDD (st1) EBS volumes.
B. Configure Amazon ElastiCache integration on the EC2 instances.
C. Migrate the workload to two storage optimized EC2 instances.
D. Migrate the attached EBS volumes to General Purpose SSD (gp3) EBS volumes. Provision the appropriate IOPS.
Correct Answer: D
QUESTION 62
A SysOps administrator is troubleshooting a website that will not load for users. The website is hosted by an Amazon CloudFront distribution that has an Amazon S3 bucket as the origin. The CloudFront distribution is named d111111abodef8.cloudfront.net. The S3 bucket has the following Amazon Resource Name (ARN): arn:aws:s3:::example-com-website-files. The S3 bucket has S3 Block Public Access enabled. The SysOps administrator examines the website’s DNS CAME records and discovers that the record value is set to s3.amazonaws.com/example-com-website-files/. What should the SysOps administrator do to configure the website for use with CloudFront?
A. Disable S3 Block Public Access on the S3 bucket.
B. Create an S3 access point in the same AWS Region where the 53 bucket is located. Configure the access point policy to allow CloudFront to read from the S3 bucket. Point the CNAME record to the S3 access point name.
C. Modify the value of the DNS NAME record to be arn:aws:s3:::example-com-website-files instead of the S3 URI.
D. Modify the value of the DNS NAME record to be d111111abcdef8.cloudfront.net instead of the S3 URI.
Correct Answer: D
QUESTION 63
A company operates compute resources in a VPC and in the company’s on-premises data center. The company already has an AWS Direct Connect connection between the VPC and the on-premises data center. A SysOps administrator needs to ensure that Amazon EC2 instances in the VPC can resolve DNS names for hosts in the on-premises data center. Which solution will meet this requirement with the LEAST amount of ongoing maintenance?
A. Create an Amazon Route 53 private hosted one. Populate the zone with the hostnames and IP addresses of the hosts in the on-premises data center.
B. Create an Amazon Route 53 Resolver outbound endpoint. Add the IP addresses of an on-premises DNS server for the domain names that need to be forwarded.
C. Set up a forwarding rule for reverse DNS queries in Amazon Route 53 Resolver. Set the enableDsHostnames attribute to true for the VPC.
D. Add the hostnames and IP addresses for the on-premises hosts to the /etc/hosts file of each EC2 instance.
Correct Answer: B
QUESTION 64
A company updates its security policy to prohibit the public exposure of any data in Amazon S3 buckets in the company’s account. What should a SysOps administrator do to meet this requirement?
A. Turn on S3 Block Public Access from the account level.
B. Create an Amazon EventBridge rule to enforce that all 53 objects are private.
C. Use Amazon Inspector to search for S3 buckets and to automatically reset S3 ACLs if any public S3 buckets are found.
D. Use S3 Object Lambda to examine S3 ACLs and to change any public S3 ACLs to private.
Correct Answer: A
QUESTION 65
A SysOps administrator is setting up a fleet of Amazon EC2 instances in an Auto Scaling group for an application. The fleet should have 50% CPU available at all times to accommodate bursts of traffic. The load will increase significantly between the hours of 09:00 and 17:00, 7 days a week. How should the SysOps administrator configure the scaling of the EC2 instances to meet these requirements?
A. Create a target tracking scaling policy that runs when the CPU utilization is higher than 90%.
B. Create a target tracking scaling policy that runs when the CPU utilization is higher than 50%. Create a scheduled scaling policy that ensures that the fleet is available at 09:00. Create a second scheduled scaling policy that scales in the fleet at 17:00.
C. Set the Auto Scaling group to start with 2 instances by setting the desired instances, maximum instances, and minimum instances to 2. Create a scheduled scaling policy that ensures that the fleet is available at 09:00.
D. Create a scheduled scaling policy that ensures that the fleet is available at 09:00. Create a second scheduled scaling policy that scales in the fleet at 17:00.
Correct Answer: B
QUESTION 66
A SysOps administrator needs to implement a monitoring system to collect instance metrics every minute for an application. The application runs on a highly available pair of Amazon EC2 instances. The monitoring system must send an email alert when the metrics exceed a predefined threshold. Which solution will meet these requirements?
A. Use the AWS Health Dashboard to extract the instance metrics. Configure Amazon EventBridge to detect and react to changes in the metrics and to send email alerts.
B. Use AWS CloudTrail to monitor the instances. Copy the logs to an Amazon 53 bucket. Configure an AWS Lambda function to send email alerts based on the logs from the 53 bucket.
C. Use basic monitoring in Amazon CloudWatch for the instance metrics. Configure CloudWatch alarms that use Amazon Simple Notification Service (Amazon SNS) to send email alerts.
D. Use detailed monitoring in Amazon CloudWatch for the instance metrics. Configure CloudWatch alarms that use Amazon Simple Notification Service (Amazon SNS) to send email alerts.
Correct Answer: D
QUESTION 67
A company uses AWS Organizations and Amazon EC2 instances across different accounts. The company needs a centralized solution to update custom applications and automate tasks such as patching and maintenance of EC2 instances. The company also must track compliance status regarding patching and application versions across different workloads and accounts. Which solution will meet these requirements in the MOST operationally efficient way?
A. Use AWS Systems Manager Application Manager to perform and track the patching and maintenance.
B. Use AWS Systems Manager Fleet Manager to perform and track the patching and maintenance.
C. Create Amazon CloudWatch alarms that invoke AWS Lambda functions. Configure the Lambda functions to use AWS Systems Manager to log in to each instance and to perform the patching and maintenance. Use CloudWatch Logs to track the operations.
D. Create Amazon CloudWatch alarms that invoke an AWS Step Functions state machine for remediation when applications are noncompliant or when EC2 instances need patching. Use CloudWatch Logs to track the operations.
Correct Answer: A
QUESTION 68
Application A runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The EC2 instances are in an Auto Scaling group and are in the same subnet that is associated with the NLB. Other applications from an on-premises environment cannot communicate with Application A on port 8080. To troubleshoot the issue, a SysOps administrator analyzes the flow logs. The flow logs include the following records:
What is the reason for the rejected traffic?
A. The security group of the EC2 instances has no Allow rule for the traffic from the NLB.
B. The security group of the NLB has no Allow rule for the traffic from the on-premises environment.
C. The ACL of the on-premises environment does not allow traffic to the AWS environment.
D. The network ACL that is associated with the subnet does not allow outbound traffic for the ephemeral port range.
Correct Answer: D
QUESTION 69
A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability for an on-premises website. The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns 2xx or 3xx HTTP codes. All other traffic should be directed to the secondary passive server. The failover record type, set ID, and routing policy have been set appropriately for both primary and secondary servers. Which next step should be taken to configure Route 53?
A. Create an A record for each server. Associate the records with the Route 53 HTTP health check.
B. Create an A record for each server. Associate the records with the Route 53 TCP health check.
C. Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 HTTP health check.
D. Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 TCP health check.
Correct Answer: A
QUESTION 70
A SysOps administrator is creating a nested AWS CloudFormation stack. One stack creates a VPC. A second stack needs to reference the ID of the VPC to create resources in the VPC. Which solution will meet these requirements with the LEAST operational effort?
A. Configure the first stack to store the VPC ID in an AWS Systems Manager Parameter Store parameter. Configure the second stack to consume the parameter.
B. Configure the first stack to output the VPC ID as a shared value. Use the Fn::GetAtt function in the second stack to retrieve the shared value from the first stack.
C. Configure the second stack to consume the output of the first stack.
D. Configure the first stack to store the VPC ID as a parameter in AWS Secrets Manager. Configure the second stack to consume the parameter from Secrets Manager.
Correct Answer: C
QUESTION 71
A SysOps administrator needs to delete an AWS CloudFormation stack that is in the DELETE_FAILED state. CloudFormation was unable to delete an Amazon EC2 security group. What should the SysOps administrator do to delete the stack?
A. Turn off stack termination protection. Retry the DeleteStack operation.
B. Retry the DeleteStack operation with exponential backoff until the operation succeeds.
C. Use the DeleteStack operation with the RetainResources parameter. Specify the security group.
D. Modify the stack template to remove the security group. Update the stack by using the modified template.
Correct Answer: C
QUESTION 72
A SysOps administrator is designing a solution for an Amazon RDS for PostgreSQL DB instance. Database credentials must be stored and rotated monthly. The applications that connect to the DB instance send write-intensive traffic with variable client connections that sometimes increase significantly in a short period of time. Which solution should a SysOps administrator choose to meet these requirements?
A. Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS Proxy to handle the increases in database connections.
B. Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS read replicas to handle the increases in database connections.
C. Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS Proxy to handle the increases in database connections.
D. Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS read replicas to handle the increases in database connections.
Correct Answer: C
QUESTION 73
A company performs advanced statistical analysis by using custom software. The custom software runs on a cluster of Amazon EC2 instances and is sensitive to network latency between the nodes. None of the instances are approaching their network throughput limitations. Which solution will MINIMIZE the network latency?
A. Place all the EC2 instances into a cluster placement group.
B. Configure and assign two Elastic IP addresses for each EC2 instance.
C. Configure jumbo frames on all the EC2 instances in the cluster.
D. Place all the EC2 instances into a spread placement group in the same AWS Region.
Correct Answer: A
QUESTION 74
A company needs to copy an Amazon Aurora database from one AWS account to a second account that uses a second AWS Region. A SysOps administrator must automate this process to occur every day. Which solution will meet these requirements with the LEAST operational overhead?
A. Create a backup plan in AWS Backup. Specify the second account and the second Region as the destination.
B. Create an Amazon EventBridge rule that runs on a schedule. Create an AWS Lambda function that runs an automation script to copy the database to the second account and the second Region. Use the EventBridge rule to invoke the Lambda function.
C. Configure Amazon EventBridge Scheduler with a recurring rule. Add the RDS StartExportTask API operation as a target. Specify the relevant details about the database and an Amazon S3 bucket to store the exported data. Create a replication rule for the S3 bucket to replicate data to the second account and the second Region.
D. Configure AWS Application Migration Service to replicate the Aurora database. Specify the second account and the second Region as the destination.
Correct Answer: C
QUESTION 75
A company uses Amazon EC2 instances in Auto Scaling groups to run its applications. The instances have many operating system vulnerabilities. A SysOps administrator must implement a solution to keep the instances updated. Which solution will meet this requirement?
A. Use AWS Systems Manager Patch Manager to patch the instances during a scheduled maintenance window. In the AWS-RunPatchBaseline document, ensure that the RebootOption parameter is set to RebootifNeeded.
B. Use EC2 Image Builder pipelines on a schedule to create new Amazon Machine Images (AMIs) and new launch templates that reference the new AMIs. Use the instance refresh feature for EC2 Auto Scaling to replace instances.
C. Use AWS Config to scan for operating system vulnerabilities and to patch instances when the instance status changes to NON_COMPLIANT. Send an Amazon Simple Notification Service (Amazon SNS) notification to an operations team to reboot the instances during off-peak hours.
D. In the Auto Scaling launch template, provide an Amazon Machine Image (AMI) ID for an AWS provided base image. Update the user data with a shell script to download and install patches.
Correct Answer: B
QUESTION 76
A company has created an AWS CloudFormation template that consists of the AWS::EC2::Instance resource and a custom CloudFormation resource. The custom CloudFormation resource is an AWS Lambda function that attempts to run automation on the Amazon EC2 instance. During testing, the Lambda function fails because the Lambda function tries to run before the EC2 instance is launched. Which solution will resolve this issue?
A. Add a DependsOn attribute to the custom resource. Specify the EC2 instance in the DependsOn attribute.
B. Update the custom resource’s service token to point to a valid Lambda function.
C. Update the Lambda function to use the cfn-response module to send a response to the custom resource.
D. Use the Fn::If intrinsic function to check for the EC2 instance before the custom resource runs.
Correct Answer: A
QUESTION 77
A SysOps administrator configured AWS Backup to capture snapshots from a single Amazon EC2 instance that has one Amazon Elastic Block Store (Amazon EBS) volume attached. On the first snapshot, the EBS volume has 10 GiB of data. On the second snapshot, the EBS volume still contains 10 GiB of data, but 4 GiB have changed. On the third snapshot, 2 GiB of data have been added to the volume, for a total of 12 GiB. How much total storage is required to store these snapshots?
A. 12 GiB
B. 16 GiB
C. 26 GiB
D. 32 GiB
Correct Answer: B
QUESTION 78
A global gaming company is preparing to launch a new game on AWS. The game runs in multiple AWS Regions on a fleet of Amazon EC2 instances. The instances are in an Auto Scaling group behind an Application Load Balancer (ALB) in each Region. The company plans to use Amazon Route 53 for DNS services. The DNS configuration must direct users to the Region that is closest to them and must provide automated failover. Which combination of steps should a SysOps administrator take to configure Route 53 to meet these requirements? (Select TWO.)
A. Create Amazon CloudWatch alarms that monitor the health of the ALB in each Region. Configure Route 53 DNS failover by using a health check that monitors the alarms.
B. Create Amazon CloudWatch alarms that monitor the health of the EC2 instances in each Region. Configure Route 53 DNS failover by using a health check that monitors the alarms.
C. Configure Route 53 DNS failover by using a health check that monitors the private IP address of an EC2 instance in each Region.
D. Configure Route 53 geoproximity routing. Specify the Regions that are used for the infrastructure.
E. Configure Route 53 simple routing. Specify the continent, country, and state or province that are used for the infrastructure.
Correct Answer: AD
QUESTION 79
A SysOps administrator must manage the security of an AWS account. Recently, an IAM user’s access key was mistakenly uploaded to a public code repository. The SysOps administrator must identify anything that was changed by using this access key. How should the SysOps administrator meet these requirements?
A. Create an Amazon EventBridge rule to send all IAM events to an AWS Lambda function for analysis.
B. Query Amazon EC2 logs by using Amazon CloudWatch Logs Insights for all events initiated with the compromised access key within the suspected timeframe.
C. Search AWS CloudTrail event history for all events initiated with the compromised access key within the suspected timeframe.
D. Search VPC Flow Logs for all events initiated with the compromised access key within the suspected timeframe.
Correct Answer: C
QUESTION 80
A SysOps administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC, the administrator is unable to connect to any of the domains that reside on the internet. What additional route destination rule should the administrator add to the route tables?
A. Route ::/0 traffic to a NAT gateway
B. Route ::/0 traffic to an internet gateway
C. Route 0.0.0.0/0 traffic to an egress-only internet gateway
D. Route ::/0 traffic to an egress-only internet gateway
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.