VOUCHER GIẢM LỆ PHÍ THI GIÁ TỐT NSE FORTINET VOUCHERS 100% LỆ PHÍ THI
Liên hệ
Free AWS Dump, Free Dumps

Free AWS SOA-C02 Dump

Question #200

A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company’s on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors.

Which solution will give the application the ability to resolve the internal domain names?

  • A. Launch EC2 instances in the VPC. On the EC2 instances, deploy a custom DNS forwarder that forwards all DNS requests to the on-premises DNS server. Create an Amazon Route 53 private hosted zone that uses the EC2 instances for name servers.
  • B. Create an Amazon Route 53 Resolver outbound endpoint. Configure the outbound endpoint to forward DNS queries against the on-premises domain to the on-premises DNS server.
  • C. Set up two AWS Direct Connect connections between the AWS environment and the on-premises network. Set up a link aggregation group (LAG) that includes the two connections. Change the VPC resolver address to point to the on-premises DNS server.
  • D. Create an Amazon Route 53 public hosted zone for the on-premises domain. Configure the network ACLs to forward DNS requests against the on-premises domain to the Route 53 public hosted zone.

Correct Answer: B

Community vote distribution

B (100%)

Question #201

A company’s web application is available through an Amazon CloudFront distribution and directly through an internet-facing Application Load Balancer (ALB). A SysOps administrator must make the application accessible only through the CloudFront distribution and not directly through the ALB. The SysOps administrator must make this change without changing the application code.

Which solution will meet these requirements?

  • A. Modify the ALB type to internal. Set the distribution’s origin to the internal ALB domain name.
  • B. Create a Lambda@Edge function. Configure the function to compare a custom header value in the request with a stored password and to forward the request to the origin in case of a match. Associate the function with the distribution.
  • C. Replace the ALB with a new internal ALB. Set the distribution’s origin to the internal ALB domain name. Add a custom HTTP header to the origin settings for the distribution. In the ALB listener, add a rule to forward requests that contain the matching custom header and the header’s value. Add a default rule to return a fixed response code of 403.
  • D. Add a custom HTTP header to the origin settings for the distribution. In the ALB listener, add a rule to forward requests that contain the matching custom header and the header’s value. Add a default rule to return a fixed response code of 403.

Correct Answer: A

Community vote distribution

D (100%)

Question #202

A company runs several workloads on AWS. The company identifies five AWS Trusted Advisor service quota metrics to monitor in a specific AWS Region. The company wants to receive email notification each time resource usage exceeds 60% of one of the service quotas.

Which solution will meet these requirements?

  • A. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metric. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas.
  • B. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metric. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas.
  • C. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas.
  • D. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas.

Correct Answer: C

Community vote distribution

A (100%)

Question #203

A company needs to implement a managed file system to host Windows file shares for users on premises. Resources in the AWS Cloud also need access to the data on these file shares. A SysOps administrator needs to present the user file shares on premises and make the user file shares available on AWS with minimum latency.

What should the SysOps administrator do to meet these requirements?

  • A. Set up an Amazon S3 File Gateway.
  • B. Set up an AWS Direct Connect connection.
  • C. Use AWS DataSync to automate data transfers between the existing file servers and AWS.
  • D. Set up an Amazon FSx File Gateway.

Correct Answer: D

Community vote distribution

D (100%)

Question #204

A company is hosting applications on Amazon EC2 instances. The company is hosting a database on an Amazon RDS for PostgreSQL DB instance. The company requires all connections to the DB instance to be encrypted.

What should a SysOps administrator do to meet this requirement?

  • A. Allow SSL connections to the database by using an inbound security group rule.
  • B. Encrypt the database by using an AWS Key Management Service (AWS KMS) encryption key.
  • C. Enforce SSL connections to the database by using a custom parameter group.
  • D. Patch the database with SSL/TLS by using a custom PostgreSQL extension.

Correct Answer: C

Community vote distribution

C (100%)

Question #205

A company recently purchased Savings Plans. The company wants to receive email notification when the company’s utilization drops below 90% for a given day.

Which solution will meet this requirement?

  • A. Create an Amazon CloudWatch alarm to monitor the Savings Plan check in AWS Trusted Advisor. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification when the utilization drops below 90% for a given day.
  • B. Create an Amazon CloudWatch alarm to monitor the SavingsPlansUtilization metric under the AWS/SavingsPlans namespace in CloudWatch. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification when the utilization drops below 90% for a given day.
  • C. Create a Savings Plans alert to monitor the daily utilization of the Savings Plans. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification when the utilization drops below 90% for a given day.
  • D. Use AWS Budgets to create a Savings Plans budget to track the daily utilization of the Savings Plans. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification when the utilization drops below 90% for a given day.

Correct Answer: C

Community vote distribution

D (75%)

C (25%)

Question #206

A company uses an Amazon Simple Queue Service (Amazon SQS) standard queue with its application. The application sends messages to the queue with unique message bodies. The company decides to switch to an SQS FIFO queue.

What must the company do to migrate to an SQS FIFO queue?

  • A. Create a new SQS FIFO queue. Turn on content-based deduplication on the new FIFO queue. Update the application to include a message group ID in the messages.
  • B. Create a new SQS FIFO queue. Update the application to include the DelaySeconds parameter in the messages.
  • C. Modify the queue type from SQS standard to SQS FIFO. Turn off content-based deduplication on the queue. Update the application to include a message group ID in the messages.
  • D. Modify the queue type from SQS standard to SQS FIFO. Update the application to send messages with identical message bodies and to include the DelaySeconds parameter in the messages.

Correct Answer: B

Community vote distribution

A (100%)

Question #207

A company’s SysOps administrator must ensure that all Amazon EC2 Windows instances that are launched in an AWS account have a third-party agent installed. The third-party agent has an .msi package. The company uses AWS Systems Manager for patching, and the Windows instances are tagged appropriately. The third-party agent requires periodic updates as new versions are released. The SysOps administrator must deploy these updates automatically.

Which combination of steps will meet these requirements with the LEAST operational effort? (Choose two.)

  • A. Create a Systems Manager Distributor package for the third-party agent.
  • B. Make sure that Systems Manager Inventory is configured. If Systems Manager Inventory is not configured, set up a new inventory for instances that is based on the appropriate tag value for Windows.
  • C. Create a Systems Manager State Manager association to run the AWS-RunRemoteScript document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day.
  • D. Create a Systems Manager State Manager association to run the AWS-ConfigureAWSPackage document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day.
  • E. Create a Systems Manager OpsItem with the tag value for Windows. Attach the Systems Manager Distributor package to the OpsItem. Create a maintenance window that is specific to the package deployment. Configure the maintenance window to cover 24 hours a day.

Correct Answer: AD

Community vote distribution

AD (55%)

AC (45%)

Question #208

A company runs hundreds of Amazon EC2 instances in a single AWS Region. Each EC2 instance has two attached 1 GiB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volumes. A critical workload is using all the available IOPS capacity on the EBS volumes.

According to company policy, the company cannot change instance types or EBS volume types without completing lengthy acceptance tests to validate that the company’s applications will function properly. A SysOps administrator needs to increase the I/O performance of the EBS volumes as quickly as possible.

Which action should the SysOps administrator take to meet these requirements?

  • A. Increase the size of the 1 GiB EBS volumes.
  • B. Add two additional elastic network interfaces on each EC2 instance.
  • C. Turn on Transfer Acceleration on the EBS volumes in the Region.
  • D. Add all the EC2 instances to a cluster placement group.

Correct Answer: A

Community vote distribution

A (79%)

D (16%)

5%

Question #209

A company needs to deploy a new workload on AWS. The company must encrypt all data at rest and must rotate the encryption keys once each year. The workload uses an Amazon RDS for MySQL Multi-AZ database for data storage.

Which configuration approach will meet these requirements?

  • A. Enable Transparent Data Encryption (TDE) in the MySQL configuration file. Manually rotate the key every 12 months.
  • B. Enable RDS encryption on the database at creation time by using the AWS managed key for Amazon RDS.
  • C. Create a new AWS Key Management Service (AWS KMS) customer managed key. Enable automatic key rotation. Enable RDS encryption on the database at creation time by using the KMS key.
  • D. Create a new AWS Key Management Service (AWS KMS) customer managed key. Enable automatic key rotation. Enable encryption on the Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the RDS DB instance.

Correct Answer: C

Community vote distribution

C (100%)

Question #210

A company has an application that is deployed to two AWS Regions in an active-passive configuration. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) in each Region. The instances are in an Amazon EC2 Auto Scaling group in each Region. The application uses an Amazon Route 53 hosted zone for DNS. A SysOps administrator needs to configure automatic failover to the secondary Region.

What should the SysOps administrator do to meet these requirements?

  • A. Configure Route 53 alias records that point to each ALB. Choose a failover routing policy. Set Evaluate Target Health to Yes.
  • B. Configure CNAME records that point to each ALChoose a failover routing policy. Set Evaluate Target Health to Yes.
  • C. Configure Elastic Load Balancing (ELB) health checks for the Auto Scaling group. Add a target group to the ALB in the primary Region. Include the EC2 instances in the secondary Region as targets.
  • D. Configure EC2 health checks for the Auto Scaling group. Add a target group to the ALB in the primary Region. Include the EC2 instances in the secondary Region as targets.

Correct Answer: A

Community vote distribution

A (100%)

Question #211

A company is implementing a monitoring solution that is based on machine learning. The monitoring solution consumes Amazon EventBridge (Amazon CloudWatch Events) events that are generated by Amazon EC2 Auto Scaling. The monitoring solution provides detection of anomalous behavior such as unanticipated scaling events and is configured as an EventBridge (CloudWatch Events) API destination.

During initial testing, the company discovers that the monitoring solution is not receiving events. However, Amazon CloudWatch is showing that the EventBridge (CloudWatch Events) rule is being invoked. A SysOps administrator must implement a solution to retrieve client error details to help resolve this issue.

Which solution will meet these requirements with the LEAST operational effort?

  • A. Create an EventBridge (CloudWatch Events) archive for the event pattern to replay the events. Increase the logging on the monitoring solution. Use replay to invoke the monitoring solution. Examine the error details.
  • B. Add an Amazon Simple Queue Service (Amazon SQS) standard queue as a dead-letter queue for the target. Process the messages in the dead-letter queue to retrieve error details.
  • C. Create a second EventBridge (CloudWatch Events) rule for the same event pattern to target an AWS Lambda function. Configure the Lambda function to invoke the monitoring solution and to record the results to Amazon CloudWatch Logs. Examine the errors in the logs.
  • D. Configure the EventBridge (CloudWatch Events) rule to send error messages to an Amazon Simple Notification Service (Amazon SNS) topic.

Correct Answer: B

Community vote distribution

B (52%)

A (48%)

Question #212

A company is storing backups in an Amazon S3 bucket. The backups must not be deleted for at least 3 months after the backups are created.

What should a SysOps administrator do to meet this requirement?

  • A. Configure an IAM policy that denies the s3:DeleteObject action for all users. Three months after an object is written, remove the policy.
  • B. Enable S3 Object Lock on a new S3 bucket in compliance mode. Place all backups in the new S3 bucket with a retention period of 3 months.
  • C. Enable S3 Versioning on the existing S3 bucket. Configure S3 Lifecycle rules to protect the backups.
  • D. Enable S3 Object Lock on a new S3 bucket in governance mode. Place all backups in the new S3 bucket with a retention period of 3 months.

Correct Answer: B

Community vote distribution

B (100%)

Question #213

A SysOps administrator needs to track the costs of data transfer between AWS Regions. The SysOps administrator must implement a solution to send alerts to an email distribution list when transfer costs reach 75% of a specific threshold.

What should the SysOps administrator do to meet these requirements?

  • A. Create an AWS Cost and Usage Report. Analyze the results in Amazon Athena. Configure an alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic when costs reach 75% of the threshold. Subscribe the email distribution list to the topic.
  • B. Create an Amazon CloudWatch billing alarm to detect when costs reach 75% of the threshold. Configure the alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the email distribution list to the topic.
  • C. Use AWS Budgets to create a cost budget for data transfer costs. Set an alert at 75% of the budgeted amount. Configure the budget to send a notification to the email distribution list when costs reach 75% of the threshold.
  • D. Set up a VPC flow log. Set up a subscription filter to an AWS Lambda function to analyze data transfer. Configure the Lambda function to send a notification to the email distribution list when costs reach 75% of the threshold.

Correct Answer: C

Community vote distribution

C (100%)

Question #214

A company needs to archive all audit logs for 10 years. The company must protect the logs from any future edits.

Which solution will meet these requirements?

  • A. Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. Configure AWS Key Management Service (AWS KMS) encryption.
  • B. Store the data in an Amazon S3 Glacier vault. Configure a vault lock policy for write-once, read-many (WORM) access.
  • C. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure server-side encryption.
  • D. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure multi-factor authentication (MFA).

Correct Answer: B

Community vote distribution

B (100%)

Question #215

A company’s AWS Lambda function is experiencing performance issues. The Lambda function performs many CPU-intensive operations. The Lambda function is not running fast enough and is creating bottlenecks in the system.

What should a SysOps administrator do to resolve this issue?

  • A. In the CPU launch options for the Lambda function, activate hyperthreading.
  • B. Turn off the AWS managed encryption.
  • C. Increase the amount of memory for the Lambda function.
  • D. Load the required code into a custom layer.

Correct Answer: C

Community vote distribution

C (100%)

Question #216

A company hosts a web application on an Amazon EC2 instance. The web server logs are published to Amazon CloudWatch Logs. The log events have the same structure and include the HTTP response codes that are associated with the user requests. The company needs to monitor the number of times that the web server returns an HTTP 404 response.

What is the MOST operationally efficient solution that meets these requirements?

  • A. Create a CloudWatch Logs metric filter that counts the number of times that the web server returns an HTTP 404 response.
  • B. Create a CloudWatch Logs subscription filter that counts the number of times that the web server returns an HTTP 404 response.
  • C. Create an AWS Lambda function that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.
  • D. Create a script that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.

Correct Answer: A

Community vote distribution

A (100%)

Question #217

A company is attempting to manage its costs in the AWS Cloud. A SysOps administrator needs specific company-defined tags that are assigned to resources to appear on the billing report.

What should the SysOps administrator do to meet this requirement?

  • A. Activate the tags as AWS generated cost allocation tags.
  • B. Activate the tags as user-defined cost allocation tags.
  • C. Create a new cost category. Select the account billing dimension.
  • D. Create a new AWS Cost and Usage Report. Include the resource IDs.

Correct Answer: B

Community vote distribution

B (89%)

11%

Question #218

A company is expanding globally and needs to back up data on Amazon Elastic Block Store (Amazon EBS) volumes to a different AWS Region. Most of the EBS volumes that store the data are encrypted, but some of the EBS volumes are unencrypted. The company needs the backup data from all the EBS volumes to be encrypted.

Which solution will meet these requirements with the LEAST management overhead?

  • A. Configure a lifecycle policy in Amazon Data Lifecycle Manager (Amazon DLM) to create the EBS volume snapshots with cross-Region backups enabled. Encrypt the snapshot copies by using AWS Key Management Service (AWS KMS).
  • B. Create a point-in-time snapshot of the EBS volumes. When the snapshot status is COMPLETED, copy the snapshots to another Region and set the Encrypted parameter to False.
  • C. Create a point-in-time snapshot of the EBS volumes. Copy the snapshots to an Amazon S3 bucket that uses server-side encryption. Turn on S3 Cross-Region Replication on the S3 bucket.
  • D. Schedule an AWS Lambda function with the Python runtime. Configure the Lambda function to create the EBS volume snapshots, encrypt the unencrypted snapshots, and copy the snapshots to another Region.

Correct Answer: D

Community vote distribution

A (100%)

Question #219

A SysOps administrator creates an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that uses AWS Fargate. The cluster is deployed successfully. The SysOps administrator needs to manage the cluster by using the kubectl command line tool.

Which of the following must be configured on the SysOps administrator’s machine so that kubectl can communicate with the cluster API server?

  • A. The kubeconfig file
  • B. The kube-proxy Amazon EKS add-on
  • C. The Fargate profile
  • D. The eks-connector.yaml file

Correct Answer: B

Community vote distribution

A (100%)

Question #220

A company wants to collect data from an application to use for analytics. For the first 90 days, the data will be infrequently accessed but must remain highly available. During this time, the company’s analytics team requires access to the data in milliseconds. However, after 90 days, the company must retain the data for the long term at a lower cost. The retrieval time after 90 days must be less than 5 hours.

Which solution will meet these requirements MOST cost-effectively?

  • A. Store the data in S3 Standard-Infrequent Access (S3 Standard-IA) for the first 90 days. Set up an S3 Lifecycle rule to move the data to S3 Glacier Flexible Retrieval after 90 days.
  • B. Store the data in S3 One Zone-Infrequent Access (S3 One Zone-IA) for the first 90 days. Set up an S3 Lifecycle rule to move the data to S3 Glacier Deep Archive after 90 days.
  • C. Store the data in S3 Standard for the first 90 days. Set up an S3 Lifecycle rule to move the data to S3 Glacier Flexible Retrieval after 90 days.
  • D. Store the data in S3 Standard for the first 90 days. Set up an S3 Lifecycle rule to move the data to S3 Glacier Deep Archive after 90 days.

Correct Answer: A

Community vote distribution

A (94%)

6%

Question #221

A company’s application currently uses an IAM role that allows all access to all AWS services. A SysOps administrator must ensure that the company’s IAM policies allow only the permissions that the application requires.

How can the SysOps administrator create a policy to meet this requirement?

  • A. Turn on AWS CloudTrail. Generate a policy by using AWS Security Hub.
  • B. Turn on Amazon EventBridge (Amazon CloudWatch Events). Generate a policy by using AWS Identity and Access Management Access Analyzer.
  • C. Use the AWS CLI to run the get-generated-policy command in AWS Identity and Access Management Access Analyzer.
  • D. Turn on AWS CloudTrail. Generate a policy by using AWS Identity and Access Management Access Analyzer.

Correct Answer: D

Community vote distribution

D (100%)

Question #222

A company is deploying a third-party unit testing solution that is delivered as an Amazon EC2 Amazon Machine Image (AMI). All system configuration data is stored in Amazon DynamoDB. The testing results are stored in Amazon S3.

A minimum of three EC2 instances are required to operate the product. The company’s testing team wants to use an additional three EC2 instances when the Spot Instance prices are at a certain threshold. A SysOps administrator must implement a highly available solution that provides this functionality.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Define an Amazon EC2 Auto Scaling group by using a launch configuration. Use the provided AMI in the launch configuration. Configure three On-Demand Instances and three Spot Instances. Configure a maximum Spot Instance price in the launch configuration.
  • B. Define an Amazon EC2 Auto Scaling group by using a launch template. Use the provided AMI in the launch template. Configure three On-Demand Instances and three Spot instances. Configure a maximum Spot Instance price in the launch template.
  • C. Define two Amazon EC2 Auto Scaling groups by using launch configurations. Use the provided AMI in the launch configurations. Configure three On-Demand Instances for one Auto Scaling group. Configure three Spot Instances for the other Auto Scaling group. Configure a maximum Spot Instance price in the launch configuration for the Auto Scaling group that has Spot Instances.
  • D. Define two Amazon EC2 Auto Scaling groups by using launch templates. Use the provides AMI in the launch templates. Configure three On-Demand Instances for one Auto Scaling group. Configure three Spot Instances for the other Auto Scaling group. Configure a maximum Spot Instance price in the launch template for the Auto Scaling group that has Spot Instances.

Correct Answer: B

Community vote distribution

B (88%)

13%

Question #223

A SysOps administrator creates an AWS CloudFormation template to define an application stack that can be deployed in multiple AWS Regions. The SysOps administrator also creates an Amazon CloudWatch dashboard by using the AWS Management Console. Each deployment of the application requires its own CloudWatch dashboard.

How can the SysOps administrator automate the creation of the CloudWatch dashboard each time the application is deployed?

  • A. Create a script by using the AWS CLI to run the aws cloudformation put-dashboard command with the name of the dashboard. Run the command each time a new CloudFormation stack is created.
  • B. Export the existing CloudWatch dashboard as JSON. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Include the exported JSON in the resource’s DashboardBody property.
  • C. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Use the Intrinsic Ref function to reference the ID of the existing CloudWatch dashboard.
  • D. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Specify the name of the existing dashboard in the DashboardName property.

Correct Answer: C

Community vote distribution

B (87%)

13%

Question #224

A company updates its security policy to clarify cloud hosting arrangements for regulated workloads. Workloads that are identified as sensitive must run on hardware that is not shared with other customers or with other AWS accounts within the company.

Which solution will ensure compliance with this policy?

  • A. Deploy workloads only to Dedicated Hosts.
  • B. Deploy workloads only to Dedicated Instances.
  • C. Deploy workloads only to Reserved Instances.
  • D. Place all instances in a dedicated placement group.

Correct Answer: A

Community vote distribution

A (88%)

13%

Question #225

A company runs a website from Sydney, Australia. Users in the United States (US) and Europe are reporting that images and videos are taking a long time to load. However, local testing in Australia indicates no performance issues. The website has a large amount of static content in the form of images and videos that are stored in Amazon S3.

Which solution will result in the MOST improvement in the user experience for users in the US and Europe?

  • A. Configure AWS PrivateLink for Amazon S3.
  • B. Configure S3 Transfer Acceleration.
  • C. Create an Amazon CloudFront distribution. Distribute the static content to the CloudFront edge locations.
  • D. Create an Amazon API Gateway API in each AWS Region. Cache the content locally.

Correct Answer: C

Community vote distribution

C (100%)

Question #226

A SysOps administrator wants to monitor the free disk space that is available on a set of Amazon EC2 instances that have Amazon Elastic Block Store (Amazon EBS) volumes attached. The SysOps administrator wants to receive a notification when the used disk space of the EBS volumes exceeds a threshold value, but only when the DiskReadOps metric also exceeds a threshold value. The SysOps administrator has set up an Amazon Simple Notification Service (Amazon SNS) topic.

How can the SysOps administrator receive notification only when both metrics exceed their threshold values?

  • A. Install the Amazon CloudWatch agent on the EC2 instances. Create a metric alarm for the disk space and a metric alarm for the DiskReadOps metric. Create a composite alarm that includes the two metric alarms to publish a notification to the SNS topic.
  • B. Install the Amazon CloudWatch agent on the EC2 instances. Create a metric alarm for the disk space and a metric alarm for the DiskReadOps metric. Configure each alarm to publish a notification to the SNS topic.
  • C. Create a metric alarm for the EBSByteBalance% metric and a metric alarm for the DiskReadOps metric. Create a composite alarm that includes the two metric alarms to publish a notification to the SNS topic.
  • D. Configure detailed monitoring for the EC2 instances. Create a metric alarm for the disk space and a metric alarm for the DiskReadOps metric. Create a composite alarm that includes the two metric alarms to publish a notification to the SNS topic.

Correct Answer: C

Community vote distribution

A (100%)

Question #227

A company updates its security policy to prohibit the public exposure of any data in Amazon S3 buckets in the company’s account.

What should a SysOps administrator do to meet this requirement?

  • A. Turn on S3 Block Public Access from the account level.
  • B. Create an Amazon Event Bridge (Amazon CloudWatch Events) rule to enforce that all S3 objects are private.
  • C. Use Amazon Inspector to search for S3 buckets and to automatically reset S3 ACLs if any public S3 buckets are found.
  • D. Use S3 Object Lambda to examine S3 ACLs and to change any public S3 ACLs to private.

Correct Answer: A

Community vote distribution

A (100%)

Question #228

A company’s SysOps administrator needs to change the AWS Support plan for one of the company’s AWS accounts. The account has multi-factor authentication (MFA) activated, and the MFA device is lost.

What should the SysOps administrator do to sign in?

  • A. Sign in as a root user by using email and phone verification. Set up a new MFA device. Change the root user password.
  • B. Sign in as an IAM user with administrator permissions. Resynchronize the MFA token by using the IAM console.
  • C. Sign in as an IAM user with administrator permissions. Reset the MFA device for the root user by adding a new device.
  • D. Use the forgot-password process to verify the email address. Set up a new password and MFA device.

Correct Answer: A

Community vote distribution

A (100%)

Question #229

A company is creating a new multi-account architecture. A SysOps administrator must implement a login solution to centrally manage user access and permissions across all AWS accounts. The solution must be integrated with AWS Organizations and must be connected to a third-party Security Assertion Markup Language (SAML) 2.0 identity provider (IdP).

What should the SysOps administrator do to meet these requirements?

  • A. Configure an Amazon Cognito user pool. Integrate the user pool with the third-party IdP.
  • B. Enable and configure AWS Single Sign-On with the third-party IdP.
  • C. Federate the third-party IdP with AWS Identity and Access Management (IAM) for each AWS account in the organization.
  • D. Integrate the third-party IdP directly with AWS Organizations.

Correct Answer: C

Community vote distribution

B (89%)

11%

Question #230

A company is managing many accounts by using a single organization in AWS Organizations. The organization has all features enabled. The company wants to turn on AWS Config in all the accounts of the organization and in all AWS Regions.

What should a SysOps administrator do to meet these requirements in the MOST operationally efficient way?

  • A. Use AWS CloudFormation Stack Sets to deploy stack instances that turn on AWS Config in all accounts and in all Regions.
  • B. Use AWS CloudFormation Stack Sets to deploy stack policies that turn on AWS Config in all accounts and in all Regions.
  • C. Use service control policies (SCPs) to configure AWS Config in all accounts and in all Regions.
  • D. Create a script that uses the AWS CLI to turn on AWS Config in all accounts in the organization. Run the script from the organization’s management account.

Correct Answer: B

Community vote distribution

A (93%)

7%

Question #231

A SysOps administrator needs to delete an AWS CloudFormation stack that is no longer in use. The CloudFormation stack is in the DELETE_FAILED state. The SysOps administrator has validated the permissions that are required to delete the CloudFormation stack.

Which of the following are possible causes of the DELETE_FAILED state? (Choose two.)

  • A. The configured timeout to delete the stack was too low for the delete operation to complete.
  • B. The stack contains nested stacks that must be manually deleted first.
  • C. The stack was deployed with the –disable-rollback option.
  • D. There are additional resources associated with a security group in the stack.
  • E. There are Amazon S3 buckets that still contain objects in the stack.

Correct Answer: DE

Community vote distribution

DE (84%)

Other

Question #232

A SysOps administrator needs to configure a solution that will deliver digital content to a set of authorized users through Amazon CloudFront. Unauthorized users must be restricted from access.

Which solution will meet these requirements?

  • A. Store the digital content in an Amazon S3 bucket that does not have public access blocked. Use signed URLs to access the S3 bucket through CloudFront.
  • B. Store the digital content in an Amazon S3 bucket that has public access blocked. Use an origin access identity (OAI) to deliver the content through CloudFront. Restrict S3 bucket access with signed URLs in CloudFront.
  • C. Store the digital content in an Amazon S3 bucket that has public access blocked. Use an origin access identity (OAI) to deliver the content through CloudFront. Enable field-level encryption.
  • D. Store the digital content in an Amazon S3 bucket that does not have public access blocked. Use signed cookies for restricted delivery of the content through CloudFront.

Correct Answer: B

Community vote distribution

B (89%)

11%

Question #233

A SysOps administrator must ensure that a company’s Amazon EC2 instances auto scale as expected. The SysOps administrator configures an Amazon EC2 Auto Scaling lifecycle hook to send an event to Amazon EventBridge (Amazon CloudWatch Events), which then invokes an AWS Lambda function to configure the EC2 instances. When the configuration is complete, the Lambda function calls the complete-lifecycle-action event to put the EC2 instances into service. In testing, the SysOps administrator discovers that the Lambda function is not invoked when the EC2 instances auto scale.

What should the SysOps administrator do to resolve this issue?

  • A. Add a permission to the Lambda function so that it can be invoked by the EventBridge (CloudWatch Events) rule.
  • B. Change the lifecycle hook action to CONTINUE if the lifecycle hook experiences a failure or timeout.
  • C. Configure a retry policy in the EventBridge (CloudWatch Events) rule to retry the Lambda function invocation upon failure.
  • D. Update the Lambda function execution role so that it has permission to call the complete-lifecycle-action event.

Correct Answer: D

Community vote distribution

A (81%)

D (19%)

Question #234

A company has mandated the use of multi-factor authentication (MFA) for all IAM users, and requires users to make all API calls using the CLI. However, users are not prompted to enter MFA tokens, and are able to run CLI commands without MFA. In an attempt to enforce MFA, the company attached an IAM policy to all users that denies API calls that have not been authenticated with MFA.

What additional step must be taken to ensure that API calls are authenticated using MFA?

  • A. Enable MFA on IAM roles, and require IAM users to use role credentials to sign API calls.
  • B. Ask the IAM users to log into the AWS Management Console with MFA before making API calls using the CLI.
  • C. Restrict the IAM users to use of the console, as MFA is not supported for CLI use.
  • D. Require users to use temporary credentials from the get-session token command to sign API calls.

Correct Answer: D

Community vote distribution

D (100%)

Question #235

A SysOps administrator has blocked public access to all company Amazon S3 buckets. The SysOps administrator wants to be notified when an S3 bucket becomes publicly readable in the future.

What is the MOST operationally efficient way to meet this requirement?

  • A. Create an AWS Lambda function that periodically checks the public access settings for each S3 bucket. Set up Amazon Simple Notification Service (Amazon SNS) to send notifications.
  • B. Create a cron script that uses the S3 API to check the public access settings for each S3 bucket. Set up Amazon Simple Notification Service (Amazon SNS) to send notifications.
  • C. Enable S3 Event Notifications for each S3 bucket. Subscribe S3 Event Notifications to an Amazon Simple Notification Service (Amazon SNS) topic.
  • D. Enable the s3-bucket-public-read-prohibited managed rule in AWS Config. Subscribe the AWS Config rule to an Amazon Simple Notification Service (Amazon SNS) topic.

Correct Answer: D

Community vote distribution

D (89%)

11%

Question #236

A company plans to launch a static website on its domain example.com and subdomain www.example.com using Amazon S3.

How should the SysOps administrator meet this requirement?

  • A. Create one S3 bucket named example.com for both the domain and subdomain.
  • B. Create one S3 bucket with a wildcard named *.example.com for both the domain and subdomain.
  • C. Create two S3 buckets named example.com and www.example.com. Configure the subdomain bucket to redirect requests to the domain bucket.
  • D. Create two S3 buckets named http://example.com and http://*.example.com. Configure the wildcard (*) bucket to redirect requests to the domain bucket.

Correct Answer: C

Community vote distribution

C (91%)

9%

Question #237

A SysOps administrator is configuring AWS Client VPN to connect users on a corporate network to AWS resources that are running in a VPC. According to compliance requirements, only traffic that is destined for the VPC can travel across the VPN tunnel.

How should the SysOps administrator configure Client VPN to meet these requirements?

  • A. Associate the Client VPN endpoint with a private subnet that has an internet route through a NAT gateway.
  • B. On the Client VPN endpoint, turn on the split-tunnel option.
  • C. On the Client VPN endpoint, specify DNS server IP addresses.
  • D. Select a private certificate to use as the identity certificate for the VPN client.

Correct Answer: D

Community vote distribution

B (100%)

Question #238

A SysOps administrator is testing an application that is hosted on five Amazon EC2 instances. The instances run in an Auto Scaling group behind an Application Load Balancer (ALB). High CPU utilization during load testing is causing the Auto Scaling group to scale out. The SysOps administrator must troubleshoot to find the root cause of the high CPU utilization before the Auto Scaling group scales out.

Which action should the SysOps administrator take to meet these requirements?

  • A. Enable instance scale-in protection.
  • B. Place the instance into the Standby state.
  • C. Remove the listener from the ALB.
  • D. Suspend the Launch and Terminate process types.

Correct Answer: D

Community vote distribution

D (76%)

B (24%)

Question #239

A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. A SysOps administrator notices that some of these EC2 instances show up as healthy in the Auto Scaling group but show up as unhealthy in the ALB target group.

What is a possible reason for this issue?

  • A. Security groups are not allowing traffic between the ALB and the failing EC2 instances.
  • B. The Auto Scaling group health check is configured for EC2 status checks.
  • C. The EC2 instances are failing to launch and failing EC2 status checks.
  • D. The target group health check is configured with an incorrect port or path.

Correct Answer: D

Community vote distribution

D (59%)

B (36%)

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

you are using free dumps!!!

Please help to click ads to support the website

Buy Premium Dumps For Ads-free
Buy Vouchers

DỊCH VỤ iT

Thiết kế Website

Biên tập Video theo yêu cầu

THÔNG TIN CHI TIẾT