Free AWS SOA-C02 Dump

Question #160

A SysOps administrator notices a scale-up event for an Amazon EC2 Auto Scaling group. Amazon CloudWatch shows a spike in the RequestCount metric for the associated Application Load Balancer. The administrator would like to know the IP addresses for the source of the requests.

Where can the administrator find this information?

• A. Auto Scaling logs
• B. AWS CloudTrail logs
• C. EC2 instance logs
• D. Elastic Load Balancer access logs

Correct Answer: D

Community vote distribution

D (100%)

Question #161

A company’s SysOps administrator deploys a public Network Load Balancer (NLB) in front of the company’s web application. The web application does not use any Elastic IP addresses. Users must access the web application by using the company’s domain name. The SysOps administrator needs to configure Amazon Route 53 to route traffic to the NLB.

Which solution will meet these requirements MOST cost-effectively?

• A. Create a Route 53 AAAA record for the NLB.
• B. Create a Route 53 alias record for the NLB.
• C. Create a Route 53 CAA record for the NLB.
• D. Create a Route 53 CNAME record for the NLB.

Correct Answer: B

Community vote distribution

B (100%)

Question #162

A company runs an encrypted Amazon RDS for Oracle DB instance. The company wants to make regular backups available in another AWS Region.

What is the MOST operationally efficient solution that meets these requirements?

• A. Modify the DB instance. Enable cross-Region automated backups.
• B. Create an RDS read replica in another Region. Create a snapshot of the read replica.
• C. Use AWS Database Migration Service (AWS DMS) to copy the data to a DB instance in another Region.
• D. Temporarily turn off encryption on the DB instance. Take a snapshot. Copy the snapshot to another Region.

Correct Answer: A

Community vote distribution

A (100%)

Question #163

A company is rolling out a new version of its website. Management wants to deploy the new website in a limited rollout to 20% of the company’s customers. The company uses Amazon Route 53 for its website’s DNS solution.

Which configuration will meet these requirements?

• A. Create a failover routing policy. Within the policy, configure 80% of the website traffic to be sent to the original resource. Configure the remaining 20% of traffic as the failover record that points to the new resource.
• B. Create a multivalue answer routing policy. Within the policy, create 4 records with the name and IP address of the original resource. Configure 1 record with the name and IP address of the new resource.
• C. Create a latency-based routing policy. Within the policy, configure a record pointing to the original resource with a weight of 80. Configure a record pointing to the new resource with a weight of 20.
• D. Create a weighted routing policy. Within the policy, configure a weight of 80 for the record pointing to the original resource. Configure a weight of 20 for the record pointing to the new resource.

Correct Answer: D

Community vote distribution

D (100%)

Question #164

A SysOps administrator created an AWS CloudFormation template that provisions Amazon EC2 instances, an Elastic Load Balancer (ELB), and an Amazon RDS DB instance. During stack creation, the creation of the EC2 instances and the creation of the ELB are successful. However, the creation of the DB instance fails.

What is the default behavior of CloudFormation in this scenario?

• A. CloudFormation will roll back the stack and delete the stack.
• B. CloudFormation will roll back the stack but will not delete the stack.
• C. CloudFormation will prompt the user to roll back the stack or continue.
• D. CloudFormation will successfully complete the stack but will report a failed status for the DB instance.

Correct Answer: B

Community vote distribution

B (76%)

A (24%)

Question #165

A SysOps administrator needs to automate the invocation of an AWS Lambda function. The Lambda function must run at the end of each day to generate a report on data that is stored in an Amazon S3 bucket.

What is the MOST operationally efficient solution that meets these requirements?

• A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that has an event pattern for Amazon S3 and the Lambda function as a target.
• B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that has a schedule and the Lambda function as a target.
• C. Create an S3 event notification to invoke the Lambda function whenever objects change in the S3 bucket.
• D. Deploy an Amazon EC2 instance with a cron job to invoke the Lambda function.

Correct Answer: B

Community vote distribution

B (100%)

Question #166

A company is releasing a new static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded; however, upon navigating to the site, the following error message is received:

403 Forbidden – Access Denied

What change should be made to fix this error?

• A. Add a bucket policy that grants everyone read access to the bucket.
• B. Add a bucket policy that grants everyone read access to the bucket objects.
• C. Remove the default bucket policy that denies read access to the bucket.
• D. Configure cross-origin resource sharing (CORS) on the bucket.

Correct Answer: B

Community vote distribution

B (79%)

A (21%)

Question #167

A company uses AWS Organizations. A SysOps administrator wants to use AWS Compute Optimizer and AWS tag policies in the management account to govern all member accounts in the billing family. The SysOps administrator navigates to the AWS Organizations console but cannot activate tag policies through the management account.

What could be the reason for this issue?

• A. All features have not been enabled in the organization.
• B. Consolidated billing has not been enabled.
• C. The member accounts do not have tags enabled for cost allocation.
• D. The member accounts have not manually enabled trusted access for Compute Optimizer.

Correct Answer: A

Community vote distribution

A (67%)

C (33%)

Question #168

A company is storing media content in an Amazon S3 bucket and uses Amazon CloudFront to distribute the content to its users. Due to licensing terms, the company is not authorized to distribute the content in some countries. A SysOps administrator must restrict access to certain countries.

What is the MOST operationally efficient solution that meets these requirements?

• A. Configure the S3 bucket policy to deny the GetObject operation based on the S3:LocationConstraint condition.
• B. Create a secondary origin access identity (OAI). Configure the S3 bucket policy to prevent access from unauthorized countries.
• C. Enable the geo restriction feature in the CloudFront distribution to prevent access from unauthorized countries.
• D. Update the application to generate signed CloudFront URLs only for IP addresses in authorized counties.

Correct Answer: C

Community vote distribution

C (100%)

Question #169

A SysOps administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC, the administrator is unable to connect to any of the domains that reside on the internet.

What additional route destination rule should the administrator add to the route tables?

• A. Route ::/0 traffic to a NAT gateway
• B. Route ::/0 traffic to an internet gateway
• C. Route 0.0.0.0/0 traffic to an egress-only internet gateway
• D. Route ::/0 traffic to an egress-only internet gateway

Correct Answer: D

Community vote distribution

D (83%)

B (17%)

Question #170

A company hosts several write-intensive applications. These applications use a MySQL database that runs on a single Amazon EC2 instance. The company asks a SysOps administrator to implement a highly available database solution that is ideal for multi-tenant workloads.

Which solution should the SysOps administrator implement to meet these requirements?

• A. Create a second EC2 instance for MySQL. Configure the second instance to be a read replica.
• B. Migrate the database to an Amazon Aurora DB cluster. Add an Aurora Replica.
• C. Migrate the database to an Amazon Aurora multi-master DB cluster.
• D. Migrate the database to an Amazon RDS for MySQL DB instance.

Correct Answer: C

Community vote distribution

C (100%)

Question #171

A company has a memory-intensive application that runs on a fleet of Amazon EC2 instances behind an Elastic Load Balancer (ELB). The instances run in an Auto Scaling group. A SysOps administrator must ensure that the application can scale based on the number of users that connect to the application.

Which solution will meet these requirements?

• A. Create a scaling policy that will scale the application based on the ActiveConnectionCount Amazon CloudWatch metric that is generated from the ELB.
• B. Create a scaling policy that will scale the application based on the mem_used Amazon CloudWatch metric that is generated from the ELB.
• C. Create a scheduled scaling policy to increase the number of EC2 instances in the Auto Scaling group to support additional connections.
• D. Create and deploy a script on the ELB to expose the number of connected users as a custom Amazon CloudWatch metric. Create a scaling policy that uses the metric.

Correct Answer: A

Community vote distribution

A (100%)

Question #172

A SysOps administrator creates a new VPC that includes a public subnet and a private subnet. The SysOps administrator successfully launches 11 Amazon EC2 instances in the private subnet. The SysOps administrator attempts to launch one more EC2 instance in the same subnet. However, the SysOps administrator receives an error message that states that not enough free IP addresses are available.

What must the SysOps administrator do to deploy more EC2 instances?

• A. Edit the private subnet to change the CIDR block to /27.
• B. Edit the private subnet to extend across a second Availability Zone.
• C. Assign additional Elastic IP addresses to the private subnet.
• D. Create a new private subnet to hold the required EC2 instances.

Correct Answer: D

Community vote distribution

D (75%)

A (25%)

Question #173

A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations.

Which solution will meet this requirement?

• A. Configure Amazon Cognito to detect any compromised IAM credentials.
• B. Set up Amazon Inspector. Scan and monitor resources for unauthorized logins.
• C. Set up AWS Config. Add the iam-policy-blacklisted-check managed rule to the account.
• D. Configure Amazon GuardDuty to monitor the UnauthorizedAccess:IAMUser/ConsoleLoginSuccess.B finding.

Correct Answer: D

Community vote distribution

D (100%)

Question #174

A company has an Amazon RDS DB instance. The company wants to implement a caching service while maintaining high availability.

Which combination of actions will meet these requirements? (Choose two.)

• A. Add Auto Discovery to the data store.
• B. Create an Amazon ElastiCache for Memcached data store.
• C. Create an Amazon ElastiCache for Redis data store.
• D. Enable Multi-AZ for the data store.
• E. Enable Multi-threading for the data store.

Correct Answer: CD

Community vote distribution

CD (100%)

Question #175

A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account’s Amazon S3 bucket.

Moving forward, how can the SysOps administrator confirm that the log files have not been modified after being delivered to the S3 bucket?

• A. Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
• B. Enable log file integrity validation and use digest files to verify the hash value of the log file.
• C. Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.
• D. Enable S3 server access logging to track requests made to the log bucket for security audits.

Correct Answer: B

Community vote distribution

B (100%)

Question #176

A SysOps administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue with the bucket owner, the administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution.

Which action should the administrator take to ensure that users access objects in Amazon S3 by using only CloudFront URLs?

• A. Encrypt the S3 bucket content with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).
• B. Create an origin access identity and grant it permissions to read objects in the S3 bucket.
• C. Assign an IAM user to the CloudFront distribution and grant the user permissions in the S3 bucket policy.
• D. Assign an IAM role to the CloudFront distribution and grant the role permissions in the S3 bucket policy.

Correct Answer: B

Community vote distribution

B (100%)

Question #177

A SysOps administrator is reviewing AWS Trusted Advisor recommendations. The SysOps administrator notices that all the application servers for a finance application are listed in the Low Utilization Amazon EC2 Instances check. The application runs on three instances across three Availability Zones. The SysOps administrator must reduce the cost of running the application without affecting the application’s availability or design.

Which solution will meet these requirements?

• A. Reduce the number of application servers.
• B. Apply rightsizing recommendations from AWS Cost Explorer to reduce the instance size.
• C. Provision an Application Load Balancer in front of the instances.
• D. Scale up the instance size of the application servers.

Correct Answer: B

Community vote distribution

B (100%)

Question #178

A company hosts its website in the us-east-1 Region. The company is preparing to deploy its website into the eu-central-1 Region. Website visitors who are located in Europe should access the website that is hosted in eu-central-1. All other visitors access the website that is hosted in us-east-1. The company uses Amazon Route 53 to manage the website’s DNS records.

Which routing policy should a SysOps administrator apply to the Route 53 record set to meet these requirements?

• A. Geolocation routing policy
• B. Geoproximity routing policy
• C. Latency routing policy
• D. Multivalue answer routing policy

Correct Answer: A

Community vote distribution

A (100%)

Question #179

An organization with a large IT department has decided to migrate to AWS. With different job functions in the IT department, it is not desirable to give all users access to all AWS resources. Currently the organization handles access via LDAP group membership.

What is the BEST method to allow access using current LDAP credentials?

• A. Create an AWS Directory Service Simple AD. Replicate the on-premises LDAP directory to Simple AD.
• B. Create a Lambda function to read LDAP groups and automate the creation of IAM users.
• C. Use AWS CloudFormation to create IAM roles. Deploy Direct Connect to allow access to the on-premises LDAP server.
• D. Federate the LDAP directory with IAM using SAML. Create different IAM roles to correspond to different LDAP groups to limit permissions.

Correct Answer: D

Community vote distribution

D (100%)

Question #180

A SysOps administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-1 Region. The administrator finds that this template has failed to create an EC2 instance in the us-west-2 Region.

What is one cause for this failure?

• A. Resource tags defined in the CloudFormation template are specific to the us-east-1 Region.
• B. The Amazon Machine Image (AMI) ID referenced in the CloudFormation template could not be found in the us-west-2 Region.
• C. The cfn-init script did not run during resource provisioning in the us-west-2 Region.
• D. The IAM user was not created in the specified Region.

Correct Answer: B

Community vote distribution

B (100%)

Question #181

A global gaming company is preparing to launch a new game on AWS. The game runs in multiple AWS Regions on a fleet of Amazon EC2 instances. The instances are in an Auto Scaling group behind an Application Load Balancer (ALB) in each Region. The company plans to use Amazon Route 53 for DNS services. The DNS configuration must direct users to the Region that is closest to them and must provide automated failover.

Which combination of steps should a SysOps administrator take to configure Route 53 to meet these requirements? (Choose two.)

• A. Create Amazon CloudWatch alarms that monitor the health of the ALB in each Region. Configure Route 53 DNS failover by using a health check that monitors the alarms.
• B. Create Amazon CloudWatch alarms that monitor the health of the EC2 instances in each Region. Configure Route 53 DNS failover by using a health check that monitors the alarms.
• C. Configure Route 53 DNS failover by using a health check that monitors the private IP address of an EC2 instance in each Region.
• D. Configure Route 53 geoproximity routing. Specify the Regions that are used for the infrastructure.
• E. Configure Route 53 simple routing. Specify the continent, country, and state or province that are used for the infrastructure.

Correct Answer: AD

Community vote distribution

AD (81%)

CD (19%)

Question #182

A SysOps administrator is investigating a company’s web application for performance problems. The application runs on Amazon EC2 instances that are in an Auto Scaling group. The application receives large traffic increases at random times throughout the day. During periods of rapid traffic increases, the Auto Scaling group is not adding capacity fast enough. As a result, users are experiencing poor performance.

The company wants to minimize costs without adversely affecting the user experience when web traffic surges quickly. The company needs a solution that adds more capacity to the Auto Scaling group for larger traffic increases than for smaller traffic increases.

How should the SysOps administrator configure the Auto Scaling group to meet these requirements?

• A. Create a simple scaling policy with settings to make larger adjustments in capacity when the system is under heavy load.
• B. Create a step scaling policy with settings to make larger adjustments in capacity when the system is under heavy load.
• C. Create a target tracking scaling policy with settings to make larger adjustments in capacity when the system is under heavy load.
• D. Use Amazon EC2 Auto Scaling lifecycle hooks. Adjust the Auto Scaling group’s maximum number of instances after every scaling event.

Correct Answer: B

Community vote distribution

B (60%)

C (37%)

4%

Question #183

A company has a compliance requirement that no security groups can allow SSH ports to be open to all IP addresses. A SysOps administrator must implement a solution that will notify the company’s SysOps team when a security group rule violates this requirement. The solution also must remediate the security group rule automatically.

Which solution will meet these requirements?

• A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a security group changes. Configure the Lambda function to evaluate the security group for compliance, remove all inbound security group rules on all ports, and notify the SysOps team if the security group is noncompliant.
• B. Create an AWS CloudTrail metric filter for security group changes. Create an Amazon CloudWatch alarm to notify the SysOps team through an Amazon Simple Notification Service (Amazon SNS) topic when the metric is greater than 0. Subscribe an AWS Lambda function to the SNS topic to remediate the security group rule by removing the rule.
• C. Activate the AWS Config restricted-ssh managed rule. Add automatic remediation to the AWS Config rule by using the AWS Systems Manager Automation AWS-DisablePublicAccessForSecurityGroup runbook. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to notify the SysOps team when the rule is noncompliant.
• D. Create an AWS CloudTrail metric filter for security group changes. Create an Amazon CloudWatch alarm for when the metric is greater than 0. Add an AWS Systems Manager action to the CloudWatch alarm to suspend the security group by using the Systems Manager Automation AWS-DisablePublicAccessForSecurityGroup runbook when the alarm is in ALARM state. Add an Amazon Simple Notification Service (Amazon SNS) topic as a second target to notify the SysOps team.

Correct Answer: C

Community vote distribution

C (100%)

Question #184

A company has an application that runs only on Amazon EC2 Spot Instances. The instances run in an Amazon EC2 Auto Scaling group with scheduled scaling actions. However, the capacity does not always increase at the scheduled times, and instances terminate many times a day. A SysOps administrator must ensure that the instances launch on time and have fewer interruptions.

Which action will meet these requirements?

• A. Specify the capacity-optimized allocation strategy for Spot Instances. Add more instance types to the Auto Scaling group.
• B. Specify the capacity-optimized allocation strategy for Spot Instances. Increase the size of the instances in the Auto Scaling group.
• C. Specify the lowest-price allocation strategy for Spot Instances. Add more instance types to the Auto Scaling group.
• D. Specify the lowest-price allocation strategy for Spot Instances. Increase the size of the instances in the Auto Scaling group.

Correct Answer: A

Community vote distribution

A (100%)

Question #185

A company plans to deploy a database on an Amazon Aurora MySQL DB cluster. The database will store data for a demonstration environment. The data must be reset on a daily basis.

What is the MOST operationally efficient solution that meets these requirements?

• A. Create a manual snapshot of the DB cluster after the data has been populated. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basis. Configure the function to restore the snapshot and then delete the previous DB cluster.
• B. Enable the Backtrack feature during the creation of the DB cluster. Specify a target backtrack window of 48 hours. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basis. Configure the function to perform a backtrack operation.
• C. Export a manual snapshot of the DB cluster to an Amazon S3 bucket after the data has been populated. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basis. Configure the function to restore the snapshot from Amazon S3.
• D. Set the DB cluster backup retention period to 2 days. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basis. Configure the function to restore the DB cluster to a point in time and then delete the previous DB cluster.

Correct Answer: B

Community vote distribution

B (100%)

Question #186

A SysOps administrator is setting up an automated process to recover an Amazon EC2 instance in the event of an underlying hardware failure. The recovered instance must have the same private IP address and the same Elastic IP address that the original instance had. The SysOps team must receive an email notification when the recovery process is initiated.

Which solution will meet these requirements?

• A. Create an Amazon CloudWatch alarm for the EC2 instance, and specify the StatusCheckFailed_Instance metric. Add an EC2 action to the alarm to recover the instance. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.
• B. Create an Amazon CloudWatch alarm for the EC2 instance, and specify the StatusCheckFailed_System metric. Add an EC2 action to the alarm to recover the instance. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.
• C. Create an Auto Scaling group across three different subnets in the same Availability Zone with a minimum, maximum, and desired size of 1. Configure the Auto Scaling group to use a launch template that specifies the private IP address and the Elastic IP address. Add an activity notification for the Auto Scaling group to send an email message to the SysOps team through Amazon Simple Email Service (Amazon SES).
• D. Create an Auto Scaling group across three Availability Zones with a minimum, maximum, and desired size of 1. Configure the Auto Scaling group to use a launch template that specifies the private IP address and the Elastic IP address. Add an activity notification for the Auto Scaling group to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the SysOps team email address to the SNS topic.

Correct Answer: D

Community vote distribution

B (100%)

Question #187

A company has a public website that recently experienced problems. Some links led to missing webpages, and other links rendered incorrect webpages. The application infrastructure was running properly, and all the provisioned resources were healthy. Application logs and dashboards did not show any errors, and no monitoring alarms were raised. Systems administrators were not aware of any problems until end users reported the issues.

The company needs to proactively monitor the website for such issues in the future and must implement a solution as soon as possible.

Which solution will meet these requirements with the LEAST operational overhead?

• A. Rewrite the application to surface a custom error to the application log when issues occur. Automatically parse logs for errors. Create an Amazon CloudWatch alarm to provide alerts when issues are detected.
• B. Create an AWS Lambda function to test the website. Configure the Lambda function to emit an Amazon CloudWatch custom metric when errors are detected. Configure a CloudWatch alarm to provide alerts when issues are detected.
• C. Create an Amazon CloudWatch Synthetics canary. Use the CloudWatch Synthetics Recorder plugin to generate the script for the canary run. Configure the canary in line with requirements. Create an alarm to provide alerts when issues are detected.
• D. In the Amazon CloudWatch console, turn on Application Insights. Create a CloudWatch alarm to provide alerts when an issue is detected.

Correct Answer: C

Community vote distribution

C (83%)

B (17%)

Question #188

A SysOps administrator is responsible for a company’s security groups. The company wants to maintain a documented trail of any changes that are made to the security groups. The SysOps administrator must receive notification whenever the security groups change.

Which solution will meet these requirements?

• A. Set up Amazon Detective to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Queue Service (Amazon SQS) queue for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SQS queue.
• B. Set up AWS Systems Manager Change Manager to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SNS topic.
• C. Set up AWS Config to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SNS topic.
• D. Set up Amazon Detective to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SNS topic.

Correct Answer: C

Community vote distribution

C (100%)

Question #189

An ecommerce company has built a web application that uses an Amazon Aurora DB cluster. The DB cluster includes memory optimized instance types with both a writer node and a reader node. Traffic volume changes throughout the day. During sudden traffic surges, Amazon CloudWatch metrics for the DB cluster indicate high RAM consumption and an increase in select latency.

A SysOps administrator must implement a configuration change to improve the performance of the DB cluster. The change must minimize downtime and must not result in the loss of data.

Which change will meet these requirements?

• A. Add an Aurora Replica to the DB cluster.
• B. Modify the DB cluster to convert the DB cluster into a multi-master DB cluster.
• C. Take a snapshot of the DB cluster. From that snapshot, create a new DB cluster that has larger memory optimized instances.
• D. Increase the disk storage capacity of the DB cluster to double the existing disk capacity.

Correct Answer: B

Community vote distribution

A (68%)

C (24%)

8%

Question #190

A company has a simple web application that runs on a set of Amazon EC2 instances behind an Elastic Load Balancer in the eu-west-2 Region. Amazon Route 53 holds a DNS record for the application with a simple routing policy. Users from all over the world access the application through their web browsers.

The company needs to create additional copies of the application in the us-east-1 Region and in the ap-south-1 Region. The company must direct users to the Region that provides the fastest response times when the users load the application.

What should a SysOps administrator do to meet these requirements?

• A. In each new Region, create a new Elastic Load Balancer and a new set of EC2 instances to run a copy of the application. Transition to a geolocation routing policy.
• B. In each new Region, create a copy of the application on new EC2 instances. Add these new EC2 instances to the Elastic Load Balancer in eu-west-2. Transition to a latency routing policy.
• C. In each new Region, create a copy of the application on new EC2 instances. Add these new EC2 instances to the Elastic Load Balancer in eu-west-2. Transition to a multivalue routing policy.
• D. In each new Region, create a new Elastic Load Balancer and a new set of EC2 instances to run a copy of the application. Transition to a latency routing policy.

Correct Answer: D

Community vote distribution

D (100%)

Question #191

A company creates a new member account by using AWS Organizations. A SysOps administrator needs to add AWS Business Support to the new account.

Which combination of steps must the SysOps administrator take to meet this requirement? (Choose two.)

• A. Sign in to the new account by using IAM credentials. Change the support plan.
• B. Sign in to the new account by using root user credentials. Change the support plan.
• C. Use the AWS Support API to change the support plan.
• D. Reset the password of the account root user.
• E. Create an IAM user that has administrator privileges in the new account.

Correct Answer: BD

Community vote distribution

AE (45%)

BE (37%)

BD (18%)

Question #192

A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company’s AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database.

What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?

• A. Enter the DB instance connection string into the VPC1 route table.
• B. Configure VPC peering between the two VPCs.
• C. Add the same IPv4 CIDR range for both VPCs.
• D. Connect to the DB instance by using the DB instance’s public IP address.

Correct Answer: B

Community vote distribution

B (100%)

Question #193

A company uses an Amazon S3 bucket to store data files. The S3 bucket contains hundreds of objects. The company needs to replace a tag on all the objects in the S3 bucket with another tag.

What is the MOST operationally efficient way to meet this requirement?

• A. Use S3 Batch Operations. Specify the operation to replace all object tags.
• B. Use the AWS CLI to get the tags for each object. Save the tags in a list. Use S3 Batch Operations. Specify the operation to delete all object tags. Use the AWS CLI and the list to retag the objects.
• C. Use the AWS CLI to get the tags for each object. Save the tags in a list. Use the AWS CLI and the list to remove the object tags. Use the AWS CLI and the list to retag the objects.
• D. Use the AWS CLI to copy the objects to another S3 bucket. Add the new tag to the copied objects. Delete the original objects.

Correct Answer: A

Community vote distribution

A (83%)

C (17%)

Question #194

A company needs to take an inventory of applications that are running on multiple Amazon EC2 instances. The company has configured users and roles with the appropriate permissions for AWS Systems Manager. An updated version of Systems Manager Agent has been installed and is running on every instance. While configuring an inventory collection, a SysOps administrator discovers that not all the instances in a single subnet are managed by Systems Manager.

What must the SysOps administrator do to fix this issue?

• A. Ensure that all the EC2 instances have the correct tags for Systems Manager access.
• B. Configure AWS Identity and Access Management Access Analyzer to determine and automatically remediate the issue.
• C. Ensure that all the EC2 instances have an instance profile with Systems Manager access.
• D. Configure Systems Manager to use an interface VPC endpoint.

Correct Answer: D

Community vote distribution

C (88%)

13%

Question #195

A company stores sensitive data in an Amazon S3 bucket. The company must log all access attempts to the S3 bucket. The company’s risk team must receive immediate notification about any delete events.

Which solution will meet these requirements?

• A. Enable S3 server access logging for audit logs. Set up an Amazon Simple Notification Service (Amazon SNS) notification for the S3 bucket. Select DeleteObject for the event type for the alert system.
• B. Enable S3 server access logging for audit logs. Launch an Amazon EC2 instance for the alert system. Run a cron job on the EC2 instance to download the access logs each day and to scan for a DeleteObject event.
• C. Use Amazon CloudWatch Logs for audit logs. Use Amazon CloudWatch alarms with an Amazon Simple Notification Service (Amazon SNS) notification for the alert system.
• D. Use Amazon CloudWatch Logs for audit logs. Launch an Amazon EC2 instance for the alert system. Run a cron job on the EC2 instance each day to compare the list of the items with the list from the previous day. Configure the cron job to send a notification if an item is missing.

Correct Answer: A

Community vote distribution

A (88%)

13%

Question #196

A SysOps administrator receives an alert from Amazon GuardDuty about suspicious network activity on an Amazon EC2 instance. The GuardDuty finding lists a new external IP address as a traffic destination. The SysOps administrator does not recognize the external IP address. The SysOps administrator must block traffic to the external IP address that GuardDuty identified.

Which solution will meet this requirement?

• A. Create a new security group to block traffic to the external IP address. Assign the new security group to the EC2 instance.
• B. Use VPC flow logs with Amazon Athena to block traffic to the external IP address.
• C. Create a network ACL. Add an outbound deny rule for traffic to the external IP address.
• D. Create a new security group to block traffic to the external IP address. Assign the new security group to the entire VPC.

Correct Answer: C

Community vote distribution

C (100%)

Question #197

A company’s reporting job that used to run in 15 minutes is now taking an hour to run. An application generates the reports. The application runs on Amazon EC2 instances and extracts data from an Amazon RDS for MySQL database.

A SysOps administrator checks the Amazon CloudWatch dashboard for the RDS instance and notices that the Read IOPS metrics are high, even when the reports are not running. The SysOps administrator needs to improve the performance and the availability of the RDS instance.

Which solution will meet these requirements?

• A. Configure an Amazon ElastiCache cluster in front of the RDS instance. Update the reporting job to query the ElastiCache cluster.
• B. Deploy an RDS read replica. Update the reporting job to query the reader endpoint.
• C. Create an Amazon CloudFront distribution. Set the RDS instance as the origin. Update the reporting job to query the CloudFront distribution.
• D. Increase the size of the RDS instance.

Correct Answer: B

Community vote distribution

B (100%)

Question #198

A company’s SysOps administrator regularly checks the AWS Personal Health Dashboard in each of the company’s accounts. The accounts are part of an organization in AWS Organizations. The company recently added 10 more accounts to the organization. The SysOps administrator must consolidate the alerts from each account’s Personal Health Dashboard.

Which solution will meet this requirement with the LEAST amount of effort?

• A. Enable organizational view in AWS Health.
• B. Configure the Personal Health Dashboard in each account to forward events to a central AWS CloudTrail log.
• C. Create an AWS Lambda function to query the AWS Health API and to write all events to an Amazon DynamoDB table.
• D. Use the AWS Health API to write events to an Amazon DynamoDB table.

Correct Answer: A

Community vote distribution

A (100%)

Question #199

A company runs an application on Amazon EC2 instances. The EC2 instances are in an Auto Scaling group and run behind an Application Load Balancer (ALB). The application experiences errors when total requests exceed 100 requests per second. A SysOps administrator must collect information about total requests for a 2-week period to determine when requests exceeded this threshold.

What should the SysOps administrator do to collect this data?

• A. Use the ALB’s RequestCount metric. Configure a time range of 2 weeks and a period of 1 minute. Examine the chart to determine peak traffic times and volumes.
• B. Use Amazon CloudWatch metric math to generate a sum of request counts for all the EC2 instances over a 2-week period. Sort by a 1-minute interval.
• C. Create Amazon CloudWatch custom metrics on the EC2 launch configuration templates to create aggregated request metrics across all the EC2 instances.
• D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule. Configure an EC2 event matching pattern that creates a metric that is based on EC2 requests. Display the data in a graph.

Correct Answer: A

Community vote distribution

A (100%)