VOUCHER GIẢM LỆ PHÍ THI GIÁ TỐT NSE FORTINET VOUCHERS 100% LỆ PHÍ THI
Liên hệ
Free AWS Dump, Free Dumps

Free AWS SOA-C02 Dump

Question #1

A company has an infernal web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto

Scaling group in a single Availability Zone. A SysOps administrator must make the application highly available.

Which action should the SysOps administrator take to meet this requirement?

  • A. Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
  • B. Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
  • C. Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.
  • D. Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.

Correct Answer: C

Community vote distribution

C (100%)

Question #2

A company hosts a website on multiple Amazon EC2 instances that run in an Auto Scaling group. Users are reporting slow responses during peak times between

6 PM and 11 PM every weekend. A SysOps administrator must implement a solution to improve performance during these peak times.

What is the MOST operationally efficient solution that meets these requirements?

  • A. Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to increase the desired capacity before peak times.
  • B. Configure a scheduled scaling action with a recurrence option to change the desired capacity before and after peak times.
  • C. Create a target tracking scaling policy to add more instances when memory utilization is above 70%.
  • D. Configure the cooldown period for the Auto Scaling group to modify desired capacity before and after peak times.

Correct Answer: B

Community vote distribution

B (100%)

Question #3

A company is running a website on Amazon EC2 instances behind an Application Load Balancer (ALB). The company configured an Amazon CloudFront distribution and set the ALB as the origin. The company created an Amazon Route 53 CNAME record to send all traffic through the CloudFront distribution. As an unintended side effect, mobile users are now being served the desktop version of the website.

Which action should a SysOps administrator take to resolve this issue?

  • A. Configure the CloudFront distribution behavior to forward the User-Agent header.
  • B. Configure the CloudFront distribution origin settings. Add a User-Agent header to the list of origin custom headers.
  • C. Enable IPv6 on the ALB. Update the CloudFront distribution origin settings to use the dualstack endpoint.
  • D. Enable IPv6 on the CloudFront distribution. Update the Route 53 record to use the dualstack endpoint.

Correct Answer: C

Reference:

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-elb-load-balancer.html

Community vote distribution

A (66%)

B (32%)

Question #4

A SysOps administrator has enabled AWS CloudTrail in an AWS account. If CloudTrail is disabled, it must be re-enabled immediately.

What should the SysOps administrator do to meet these requirements WITHOUT writing custom code?

  • A. Add the AWS account to AWS Organizations. Enable CloudTrail in the management account.
  • B. Create an AWS Config rule that is invoked when CloudTrail configuration changes. Apply the AWS-ConfigureCloudTrailLogging automatic remediation action.
  • C. Create an AWS Config rule that is invoked when CloudTrail configuration changes. Configure the rule to invoke an AWS Lambda function to enable CloudTrail.
  • D. Create an Amazon EventBridge (Amazon CloudWatch Event) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to enable CloudTrail.

Correct Answer: B

Community vote distribution

B (67%)

C (33%)

Question #5

A company hosts its website on Amazon EC2 instances behind an Application Load Balancer. The company manages its DNS with Amazon Route 53, and wants to point its domain’s zone apex to the website.

Which type of record should be used to meet these requirements?

  • A. An AAAA record for the domain’s zone apex
  • B. An A record for the domain’s zone apex
  • C. A CNAME record for the domain’s zone apex
  • D. An alias record for the domain’s zone apex

Correct Answer: D

Reference:

https://aws.amazon.com/route53/faqs/

Community vote distribution

D (100%)

Question #6

A company must ensure that any objects uploaded to an S3 bucket are encrypted.

Which of the following actions will meet this requirement? (Choose two.)

  • A. Implement AWS Shield to protect against unencrypted objects stored in S3 buckets.
  • B. Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket.
  • C. Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.
  • D. Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.
  • E. Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.

Correct Answer: CE

Reference:

https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#sample-acl

Community vote distribution

CE (100%)

Question #7

A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group. The instances run behind an Application Load

Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Users are reporting random logouts from the web application.

Which combination of actions should a SysOps administrator take to resolve this problem? (Choose two.)

  • A. Change to the least outstanding requests algorithm on the ALB target group.
  • B. Configure cookie forwarding in the CloudFront distribution cache behavior.
  • C. Configure header forwarding in the CloudFront distribution cache behavior.
  • D. Enable group-level stickiness on the ALB listener rule.
  • E. Enable sticky sessions on the ALB target group.

Correct Answer: CE

Community vote distribution

BE (100%)

Question #8

A company is running a serverless application on AWS Lambda. The application stores data in an Amazon RDS for MySQL DB instance. Usage has steadily increased, and recently there have been numerous “too many connections” errors when the Lambda function attempts to connect to the database. The company already has configured the database to use the maximum max_connections value that is possible.

What should a SysOps administrator do to resolve these errors?

  • A. Create a read replica of the database. Use Amazon Route 53 to create a weighted DNS record that contains both databases.
  • B. Use Amazon RDS Proxy to create a proxy. Update the connection string in the Lambda function.
  • C. Increase the value in the max_connect_errors parameter in the parameter group that the database uses.
  • D. Update the Lambda function’s reserved concurrency to a higher value.

Correct Answer: B

Community vote distribution

B (100%)

Question #9

A SysOps administrator is deploying an application on 10 Amazon EC2 instances. The application must be highly available. The instances must be placed on distinct underlying hardware.

What should the SysOps administrator do to meet these requirements?

  • A. Launch the instances into a cluster placement group in a single AWS Region.
  • B. Launch the instances into a partition placement group in multiple AWS Regions.
  • C. Launch the instances into a spread placement group in multiple AWS Regions.
  • D. Launch the instances into a spread placement group in a single AWS Region.

Correct Answer: B

Community vote distribution

D (100%)

Question #10

A SysOps administrator is troubleshooting an AWS CloudFormation template whereby multiple Amazon EC2 instances are being created. The template is working in us-east-1, but it is failing in us-west-2 with the error code:

AMI [ami-12345678] does not exist

How should the Administrator ensure that the AWS CloudFormation template is working in every region?

  • A. Copy the source region’s Amazon Machine Image (AMI) to the destination region and assign it the same ID.
  • B. Edit the AWS CloudFormation template to specify the region code as part of the fully qualified AMI ID.
  • C. Edit the AWS CloudFormation template to offer a drop-down list of all AMIs to the user by using the AWS::EC2::AMI::ImageID control.
  • D. Modify the AWS CloudFormation template by including the AMI IDs in the Mappings section. Refer to the proper mapping within the template for the proper AMI ID.

Correct Answer: D

Community vote distribution

D (100%)

Question #11

A SysOps administrator is provisioning an Amazon Elastic File System (Amazon EFS) file system to provide shared storage across multiple Amazon EC2 instances. The instances all exist in the same VPC across multiple Availability Zones. There are two instances in each Availability Zone. The SysOps administrator must make the file system accessible to each instance with the lowest possible latency.

Which solution will meet these requirements?

  • A. Create a mount target for the EFS file system in the VPC. Use the mount target to mount the file system on each of the instances.
  • B. Create a mount target for the EFS file system in one Availability Zone of the VPC. Use the mount target to mount the file system on the instances in that Availability Zone. Share the directory with the other instances.
  • C. Create a mount target for each instance. Use each mount target to mount the EFS file system on each respective instance.
  • D. Create a mount target in each Availability Zone of the VPC. Use the mount target to mount the EFS file system on the instances in the respective Availability Zone.

Correct Answer: D

Reference:

https://docs.aws.amazon.com/efs/latest/ug/accessing-fs.html

Community vote distribution

D (100%)

Question #12

A SysOps administrator has successfully deployed a VPC with an AWS CloudFormation template. The SysOps administrator wants to deploy the same template across multiple accounts that are managed through AWS Organizations.

Which solution will meet this requirement with the LEAST operational overhead?

  • A. Assume the OrganizationAccountAccessRole IAM role from the management account. Deploy the template in each of the accounts.
  • B. Create an AWS Lambda function to assume a role in each account. Deploy the template by using the AWS CloudFormation CreateStack API call.
  • C. Create an AWS Lambda function to query for a list of accounts. Deploy the template by using the AWS CloudFormation CreateStack API call.
  • D. Use AWS CloudFormation StackSets from the management account to deploy the template in each of the accounts.

Correct Answer: D

Reference:

https://aws.amazon.com/blogs/aws/new-use-aws-cloudformation-stacksets-for-multiple-accounts-in-an-aws-organization/

Community vote distribution

D (100%)

Question #13

A company is running distributed computing software to manage a fleet of 20 Amazon EC2 instances for calculations. The fleet includes 2 control nodes and 18 task nodes to run the calculations. Control nodes can automatically start the task nodes.

Currently, all the nodes run on demand. The control nodes must be available 24 hours a day, 7 days a week. The task nodes run for 4 hours each day. A SysOps administrator needs to optimize the cost of this solution.

Which combination of actions will meet these requirements? (Choose two.)

  • A. Purchase EC2 Instance Savings Plans for the control nodes.
  • B. Use Dedicated Hosts for the control nodes.
  • C. Use Reserved Instances for the task nodes.
  • D. Use Spot Instances for the control nodes. Use On-Demand Instances if there is no Spot availability.
  • E. Use Spot Instances for the task nodes. Use On-Demand Instances if there is no Spot availability.

Correct Answer: CE

Community vote distribution

AE (74%)

CE (26%)

Question #14

A company is supposed to receive a data file every hour in an Amazon S3 bucket. An S3 event notification invokes an AWS Lambda function each time a file arrives. The function processes the data for use by an application.

The application team notices that sometimes the file does not arrive. The application team wants to receive a notification whenever the file does not arrive.

What is the MOST operationally efficient solution that meets these requirements?

  • A. Add an S3 Lifecycle rule on the S3 bucket with a scope that is limited to objects that were created in the last hour. Configure another S3 event notification to be invoked by the lifecycle transition when the number of objects transitioned is zero. Publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify the application team.
  • B. Configure another S3 event notification to invoke a Lambda function that posts a message to an Amazon Simple Queue Service (Amazon SQS) queue. Create an Amazon CloudWatch alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify the application team when the ApproximateAgeOfOldestMessage metric of the queue is greater than 1 hour.
  • C. Create an Amazon CloudWatch alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to alert the application team when the Invocations metric of the Lambda function is zero for an hour. Configure the alarm to treat missing data as breaching.
  • D. Create a new Lambda function to get the timestamp of the newest file in the S3 bucket. If the timestamp is more than 1 hour ago, publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify the application team. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the new function hourly.

Correct Answer: C

Community vote distribution

C (92%)

Question #15

A company recently acquired another corporation and all of that corporation’s AWS accounts. A financial analyst needs the cost data from these accounts. A

SysOps administrator uses Cost Explorer to generate cost and usage reports. The SysOps administrator notices that “No Tagkey” represents 20% of the monthly cost.

What should the SysOps administrator do to tag the “No Tagkey” resources?

  • A. Add the accounts to AWS Organizations. Use a service control policy (SCP) to tag all the untagged resources.
  • B. Use an AWS Config rule to find the untagged resources. Set the remediation action to terminate the resources.
  • C. Use Cost Explorer to find and tag all the untagged resources.
  • D. Use Tag Editor to find and tag all the untagged resources.

Correct Answer: D

Community vote distribution

D (100%)

Question #16

While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS. The customer gateway device resides in a data center with a NAT gateway in front of it.

What address should be used to create the customer gateway resource?

  • A. The private IP address of the customer gateway device
  • B. The MAC address of the NAT device in front of the customer gateway device
  • C. The public IP address of the customer gateway device
  • D. The public IP address of the NAT device in front of the customer gateway device

Correct Answer: D

Reference:

https://docs.aws.amazon.com/vpn/latest/s2svpn/cgw-options.html

Community vote distribution

D (100%)

Question #17

A company has a web application that is experiencing performance problems many times each night. A root cause analysis reveals sudden increases in CPU utilization that last 5 minutes on an Amazon EC2 Linux instance. A SysOps administrator must find the process ID (PID) of the service or process that is consuming more CPU.

What should the SysOps administrator do to collect the process utilization information with the LEAST amount of effort?

  • A. Configure the Amazon CloudWatch agent procstat plugin to capture CPU process metrics.
  • B. Configure an AWS Lambda function to run every minute to capture the PID and send a notification.
  • C. Log in to the EC2 instance by using a .pem key each night. Then run the top command.
  • D. Use the default Amazon CloudWatch CPU utilization metric to capture the PID in CloudWatch.

Correct Answer: A

Community vote distribution

A (100%)

Question #18

A SysOps administrator configured AWS Backup to capture snapshots from a single Amazon EC2 instance that has one Amazon Elastic Block Store (Amazon

EBS) volume attached. On the first snapshot, the EBS volume has 10 GiB of data. On the second snapshot, the EBS volume still contains 10 GiB of data, but 4

GiB have changed. On the third snapshot, 2 GiB of data have been added to the volume, for a total of 12 GiB.

How much total storage is required to store these snapshots?

  • A. 12 GiB
  • B. 16 GiB
  • C. 26 GiB
  • D. 32 GiB

Correct Answer: B

Community vote distribution

B (93%)

Question #19

A team is managing an AWS account that is a member of an organization in AWS Organizations. The organization has consolidated billing features enabled. The account hosts several applications.

A SysOps administrator has applied tags to resources within the account to reflect the environment. The team needs a report of the breakdown of charges by environment.

What should the SysOps administrator do to meet this requirement?

  • A. Filter, map, and categorize resource groups in Tag Editor.
  • B. Ensure that the organization’s service control policies (SCPs) allow access to cost allocation tags.
  • C. Ensure that the IAM credentials that are used to access Cost Explorer have permissions to group cost by tags.
  • D. Activate the tag keys for cost allocation on the organization’s management account.

Correct Answer: A

Community vote distribution

D (100%)

Question #20

A company uses an AWS CloudFormation template to provision an Amazon EC2 instance and an Amazon RDS DB instance. A SysOps administrator must update the template to ensure that the DB instance is created before the EC2 instance is launched.

What should the SysOps administrator do to meet this requirement?

  • A. Add a wait condition to the template. Update the EC2 instance user data script to send a signal after the EC2 instance is started.
  • B. Add the DependsOn attribute to the EC2 instance resource, and provide the logical name of the RDS resource.
  • C. Change the order of the resources in the template so that the RDS resource is listed before the EC2 instance resource.
  • D. Create multiple templates. Use AWS CloudFormation StackSets to wait for one stack to complete before the second stack is created.

Correct Answer: B

Community vote distribution

B (100%)

Question #21

A company hosts a static website on Amazon S3. The website is served by an Amazon CloudFront distribution with a default TTL of 86,400 seconds.

The company recently uploaded an updated version of the website to Amazon S3. However, users still see the old content when they refresh the site. A SysOps administrator must make the new version of the website visible to users as soon as possible.

Which solution meets these requirements?

  • A. Adjust the TTL value for the DNS CNAME record that is pointing to the CloudFront distribution.
  • B. Create an invalidation on the CloudFront distribution for the old S3 objects.
  • C. Create a new CloudFront distribution. Update the DNS records to point to the new CloudFront distribution.
  • D. Update the DNS record for the website to point to the S3 bucket.

Correct Answer: B

Community vote distribution

B (100%)

Question #22

A SysOps administrator is responsible for managing a company’s cloud infrastructure with AWS CloudFormation. The SysOps administrator needs to create a single resource that consists of multiple AWS services. The resource must support creation and deletion through the CloudFormation console.

Which CloudFormation resource type should the SysOps administrator create to meet these requirements?

  • A. AWS::EC2::Instance with a cfn-init helper script
  • B. AWS::OpsWorks::Instance
  • C. AWS::SSM::Document
  • D. Custom::MyCustomType

Correct Answer: D

Community vote distribution

D (100%)

Question #23

A new website will run on Amazon EC2 instances behind an Application Load Balancer. Amazon Route 53 will be used to manage DNS records.

What type of record should be set in Route 53 to point the website’s apex domain name (for example, `company.com`) to the Application Load Balancer?

  • A. CNAME
  • B. SOA
  • C. TXT
  • D. ALIAS

Correct Answer: D

Reference:

https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/setting-up-route53-zoneapex-elb.html

Community vote distribution

D (91%)

Question #24

A company is implementing security and compliance by using AWS Trusted Advisor. The company’s SysOps team is validating the list of Trusted Advisor checks that it can access.

Which factor will affect the quantity of available Trusted Advisor checks?

  • A. Whether at least one Amazon EC2 instance is in the running state
  • B. The AWS Support plan
  • C. An AWS Organizations service control policy (SCP)
  • D. Whether the AWS account root user has multi-factor authentication (MFA) enabled

Correct Answer: B

Community vote distribution

B (86%)

Question #25

A SysOps administrator is investigating issues on an Amazon RDS for MariaDB DB instance. The SysOps administrator wants to display the database load categorized by detailed wait events.

How can the SysOps administrator accomplish this goal?

  • A. Create an Amazon CloudWatch dashboard.
  • B. Enable Amazon RDS Performance Insights.
  • C. Enable and configure Enhanced Monitoring.
  • D. Review the database logs in Amazon CloudWatch Logs.

Correct Answer: B

Reference:

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.EnableMySQL.html

Community vote distribution

B (100%)

Question #26

A company is planning to host an application on a set of Amazon EC2 instances that are distributed across multiple Availability Zones. The application must be able to scale to millions of requests each second.

A SysOps administrator must design a solution to distribute the traffic to the EC2 instances. The solution must be optimized to handle sudden and volatile traffic patterns while using a single static IP address for each Availability Zone.

Which solution will meet these requirements?

  • A. Amazon Simple Queue Service (Amazon SQS) queue
  • B. Application Load Balancer
  • C. AWS Global Accelerator
  • D. Network Load Balancer

Correct Answer: D

Community vote distribution

D (84%)

C (16%)

Question #27

A SysOps administrator is using AWS CloudFormation StackSets to create AWS resources in two AWS Regions in the same AWS account. A stack operation fails in one Region and returns the stack instance status of OUTDATED.

What is the cause of this failure?

  • A. The CloudFormation template changed on the local disk and has not been submitted to CloudFormation.
  • B. The CloudFormation template is trying to create a global resource that is not unique.
  • C. The stack has not yet been deployed to the Region.
  • D. The SysOps administrator is using an old version of the CloudFormation API.

Correct Answer: B

Community vote distribution

B (100%)

Question #28

A SysOps administrator must configure Amazon S3 to host a simple nonproduction webpage. The SysOps administrator has created an empty S3 bucket from the

AWS Management Console. The S3 bucket has the default configuration in place.

Which combination of actions should the SysOps administrator take to complete this process? (Choose two.)

  • A. Configure the S3 bucket by using the “Redirect requests for an object” functionality to point to the bucket root URL.
  • B. Turn off the “Block all public access” setting. Allow public access by using a bucket ACL that contains <Permission>WEBSITE</Permission>.
  • C. Turn off the “Block all public access” setting. Allow public access by using a bucket ACL that allows access to the AuthenticatedUsers grantee.
  • D. Turn off the “Block all public access” setting. Set a bucket policy that allows “Principal”: the s3:GetObject action.
  • E. Create an index.html document. Configure static website hosting, and upload the index document to the S3 bucket.

Correct Answer: DE

Community vote distribution

DE (100%)

Question #29

A company is using an Amazon Aurora MySQL DB cluster that has point-in-time recovery, backtracking, and automatic backup enabled. A SysOps administrator needs to be able to roll back the DB cluster to a specific recovery point within the previous 72 hours. Restores must be completed in the same production DB cluster.

Which solution will meet these requirements?

  • A. Create an Aurora Replica. Promote the replica to replace the primary DB instance.
  • B. Create an AWS Lambda function to restore an automatic backup to the existing DB cluster.
  • C. Use backtracking to rewind the existing DB cluster to the desired recovery point.
  • D. Use point-in-time recovery to restore the existing DB cluster to the desired recovery point.

Correct Answer: C

Reference:

https://aws.amazon.com/premiumsupport/knowledge-center/aurora-mysql-slow-snapshot-restore/

Community vote distribution

C (100%)

Question #30

A user working in the Amazon EC2 console increased the size of an Amazon Elastic Block Store (Amazon EBS) volume attached to an Amazon EC2 Windows instance. The change is not reflected in the file system.

What should a SysOps administrator do to resolve this issue?

  • A. Extend the file system with operating system-level tools to use the new storage capacity.
  • B. Reattach the EBS volume to the EC2 instance.
  • C. Reboot the EC2 instance that is attached to the EBS volume.
  • D. Take a snapshot of the EBS volume. Replace the original volume with a volume that is created from the snapshot.

Correct Answer: A

Community vote distribution

A (100%)

Question #31

A SysOps administrator is using Amazon EC2 instances to host an application. The SysOps administrator needs to grant permissions for the application to access an Amazon DynamoDB table.

Which solution will meet this requirement?

  • A. Create access keys to access the DynamoDB table. Assign the access keys to the EC2 instance profile.
  • B. Create an EC2 key pair to access the DynamoDB table. Assign the key pair to the EC2 instance profile.
  • C. Create an IAM user to access the DynamoDB table. Assign the IAM user to the EC2 instance profile.
  • D. Create an IAM role to access the DynamoDB table. Assign the IAM role to the EC2 instance profile.

Correct Answer: D

Community vote distribution

D (100%)

Question #32

A SysOps administrator wants to protect objects in an Amazon S3 bucket from accidental overwrite and deletion. Noncurrent objects must be kept for 90 days and then must be permanently deleted. Objects must reside within the same AWS Region as the original S3 bucket.

Which solution meets these requirements?

  • A. Create an Amazon Data Lifecycle Manager (Amazon DLM) lifecycle policy for the S3 bucket. Add a rule to the lifecycle policy to delete noncurrent objects after 90 days.
  • B. Create an AWS Backup policy for the S3 bucket. Create a backup rule that includes a lifecycle to expire noncurrent objects after 90 days.
  • C. Enable S3 Cross-Region Replication on the S3 bucket. Create an S3 Lifecycle policy for the bucket to expire noncurrent objects after 90 days.
  • D. Enable S3 Versioning on the S3 bucket. Create an S3 Lifecycle policy for the bucket to expire noncurrent objects after 90 days.

Correct Answer: D

Community vote distribution

D (100%)

Question #33

A company has an application that customers use to search for records on a website. The application’s data is stored in an Amazon Aurora DB cluster. The application’s usage varies by season and by day of the week.

The website’s popularity is increasing, and the website is experiencing slower performance because of increased load on the DB cluster during periods of peak activity. The application logs show that the performance issues occur when users are searching for information. The same search is rarely performed multiple times.

A SysOps administrator must improve the performance of the platform by using a solution that maximizes resource efficiency.

Which solution will meet these requirements?

  • A. Deploy an Amazon ElastiCache for Redis cluster in front of the DB cluster. Modify the application to check the cache before the application issues new queries to the database. Add the results of any queries to the cache.
  • B. Deploy an Aurora Replica for the DB cluster. Modify the application to use the reader endpoint for search operations. Use Aurora Auto Scaling to scale the number of replicas based on load.
  • C. Use Provisioned IOPS on the storage volumes that support the DB cluster to improve performance sufficiently to support the peak load on the application.
  • D. Increase the instance size in the DB cluster to a size that is sufficient to support the peak load on the application. Use Aurora Auto Scaling to scale the instance size based on load.

Correct Answer: B

Community vote distribution

B (85%)

A (15%)

Question #34

A company uses AWS Organizations to manage multiple AWS accounts. Corporate policy mandates that only specific AWS Regions can be used to store and process customer data. A SysOps administrator must prevent the provisioning of Amazon EC2 instances in unauthorized Regions by anyone in the company.

What is the MOST operationally efficient solution that meets these requirements?

  • A. Configure AWS CloudTrail in all Regions to record all API activity. Create an Amazon EventBridge (Amazon CloudWatch Events) rule in all unauthorized Regions for ec2:RunInstances events. Use AWS Lambda to terminate the launched EC2 instances.
  • B. In each AWS account, create a managed IAM policy that uses a Region condition to deny the ec2:RunInstances action in all unauthorized Regions. Attach this policy to all IAM groups in each AWS account.
  • C. In each AWS account, create an IAM permissions boundary policy that uses a Region condition to deny the ec2:RunInstances action in all unauthorized Regions. Attach the permissions boundary policy to all IAM users in each AWS account.
  • D. Create a service control policy (SCP) in AWS Organizations to deny the ec2:RunInstances action in all unauthorized Regions. Attach this policy to the root level of the organization.

Correct Answer: D

Community vote distribution

D (100%)

Question #35

A company’s public website is hosted in an Amazon S3 bucket in the us-east-1 Region behind an Amazon CloudFront distribution. The company wants to ensure that the website is protected from DDoS attacks. A SysOps administrator needs to deploy a solution that gives the company the ability to maintain control over the rate limit at which DDoS protections are applied.

Which solution will meet these requirements?

  • A. Deploy a global-scoped AWS WAF web ACL with an allow default action. Configure an AWS WAF rate-based rule to block matching traffic. Associate the web ACL with the CloudFront distribution.
  • B. Deploy an AWS WAF web ACL with an allow default action in us-east-1. Configure an AWS WAF rate-based rule to block matching traffic. Associate the web ACL with the S3 bucket.
  • C. Deploy a global-scoped AWS WAF web ACL with a block default action. Configure an AWS WAF rate-based rule to allow matching traffic. Associate the web ACL with the CloudFront distribution.
  • D. Deploy an AWS WAF web ACL with a block default action in us-east-1. Configure an AWS WAF rate-based rule to allow matching traffic. Associate the web ACL with the S3 bucket.

Correct Answer: A

Community vote distribution

A (73%)

C (27%)

Question #36

A SysOps administrator developed a Python script that uses the AWS SDK to conduct several maintenance tasks. The script needs to run automatically every night.

What is the MOST operationally efficient solution that meets this requirement?

  • A. Convert the Python script to an AWS Lambda function. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the function every night.
  • B. Convert the Python script to an AWS Lambda function. Use AWS CloudTrail to invoke the function every night.
  • C. Deploy the Python script to an Amazon EC2 instance. Use Amazon EventBride (Amazon CloudWatch Events) to schedule the instance to start and stop every night.
  • D. Deploy the Python script to an Amazon EC2 instance. Use AWS Systems Manager to schedule the instance to start and stop every night.

Correct Answer: A

Reference:

https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/RunLambdaSchedule.html

Community vote distribution

A (100%)

Question #37

A SysOps administrator must create a solution that immediately notifies software developers if an AWS Lambda function experiences an error.

Which solution will meet this requirement?

  • A. Create an Amazon Simple Notification Service (Amazon SNS) topic with an email subscription for each developer. Create an Amazon CloudWatch alarm by using the Errors metric and the Lambda function name as a dimension. Configure the alarm to send a notification to the SNS topic when the alarm state reaches ALARM.
  • B. Create an Amazon Simple Notification Service (Amazon SNS) topic with a mobile subscription for each developer. Create an Amazon EventBridge (Amazon CloudWatch Events) alarm by using the LambdaError as the event pattern and the SNS topic name as a resource. Configure the alarm to send a notification to the SNS topic when the alarm state reaches ALARM.
  • C. Verify each developer email address in Amazon Simple Email Service (Amazon SES). Create an Amazon CloudWatch rule by using the LambdaError metric and developer email addresses as dimensions. Configure the rule to send an email through Amazon SES when the rule state reaches ALARM.
  • D. Verify each developer mobile phone in Amazon Simple Email Service (Amazon SES). Create an Amazon EventBridge (Amazon CloudWatch Events) rule by using Error as the event pattern and the Lambda function name as a resource. Configure the rule to send a push notification through Amazon SES when the rule state reaches ALARM.

Correct Answer: A

Community vote distribution

A (100%)

Question #38

A company has a private Amazon S3 bucket that contains sensitive information. A SysOps administrator needs to keep logs of the IP addresses from authentication failures that result from attempts to access objects in the bucket. The logs must be stored so that they cannot be overwritten or deleted for 90 days.

Which solution will meet these requirements?

  • A. Create an AWS CloudTrail trail. Configure the log files to be saved to Amazon CloudWatch Logs. Configure the log group with a retention period of 90 days.
  • B. Create an AWS CloudTrail trail. Configure the log files to be saved to a different S3 bucket. Turn on CloudTrail log file integrity validation for 90 days.
  • C. Turn on access logging for the S3 bucket. Configure the access logs to be saved to Amazon CloudWatch Logs. Configure the log group with a retention period of 90 days.
  • D. Turn on access logging for the S3 bucket. Configure the access logs to be saved in a second S3 bucket. Turn on S3 Object Lock on the second S3 bucket, and configure a default retention period of 90 days.

Correct Answer: D

Community vote distribution

D (53%)

B (22%)

A (16%)

Question #39

A SysOps administrator migrates NAT instances to NAT gateways. After the migration, an application that is hosted on Amazon EC2 instances in a private subnet cannot access the internet.

Which of the following are possible reasons for this problem? (Choose two.)

  • A. The application is using a protocol that the NAT gateway does not support.
  • B. The NAT gateway is not in a security group.
  • C. The NAT gateway is in an unsupported Availability Zone.
  • D. The NAT gateway is not in the Available state.
  • E. The port forwarding settings do not allow access to internal services from the internet.

Correct Answer: CD

Community vote distribution

AD (85%)

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

you are using free dumps!!!

Please help to click ads to support the website

Buy Premium Dumps For Ads-free
Buy Vouchers

DỊCH VỤ iT

Thiết kế Website

Biên tập Video theo yêu cầu

THÔNG TIN CHI TIẾT