VOUCHER GIẢM LỆ PHÍ THI GIÁ TỐT NSE FORTINET VOUCHERS 100% LỆ PHÍ THI
Liên hệ
Free AWS Dump, Free Dumps

Free AWS SOA-C02 Dump

Question #240

A SysOps administrator notices a scale up event for an Amazon EC2 Auto Scaling group. Amazon CloudWatch shows a spike in the RequestCount metric for the associated Application Load Balancer. The administrator would like to know the IP addresses for the source of the requests.

Where can the administrator find this information?

  • A. Auto Scaling logs
  • B. AWS CloudTrail logs
  • C. EC2 instance logs
  • D. Elastic Load Balancer access logs

Correct Answer: D

Community vote distribution

D (100%)

Question #241

A company plans to migrate several of its high performance computing (HPC) virtual machines (VMs) to Amazon EC2 instances on AWS. A SysOps administrator must identify a placement group for this deployment. The strategy must minimize network latency and must maximize network throughput between the HPC VMs.

Which strategy should the SysOps administrator choose to meet these requirements?

  • A. Deploy the instances in a cluster placement group in one Availability Zone.
  • B. Deploy the instances in a partition placement group in two Availability Zones.
  • C. Deploy the instances in a partition placement group in one Availability Zone.
  • D. Deploy the instances in a spread placement group in two Availability Zones.

Correct Answer: A

Community vote distribution

A (100%)

Question #242

An errant process is known to use an entire processor and run at 100%. A SysOps administrator wants to automate restarting an Amazon EC2 instance when the problem occurs for more than 2 minutes.

How can this be accomplished?

  • A. Create an Amazon CloudWatch alarm for the EC2 instance with basic monitoring. Add an action to restart the instance.
  • B. Create an Amazon CloudWatch alarm for the EC2 instance with detailed monitoring. Add an action to restart the instance.
  • C. Create an AWS Lambda function to restart the EC2 instance, invoked on a scheduled basis every 2 minutes.
  • D. Create an AWS Lambda function to restart the EC2 instance, invoked by EC2 health checks.

Correct Answer: B

Community vote distribution

B (100%)

Question #243

A company maintains a large set of sensitive data in an Amazon S3 bucket. The company’s security team asks a SysOps administrator to help verify that all current objects in the S3 bucket are encrypted.

What is the MOST operationally efficient solution that meets these requirements?

  • A. Create a script that runs against the S3 bucket and outputs the status of each object.
  • B. Create an S3 Inventory configuration on the S3 bucket. Include the appropriate status fields.
  • C. Provide the security team with an IAM user that has read access to the S3 bucket.
  • D. Use the AWS CLI to output a list of all objects in the S3 bucket.

Correct Answer: B

Community vote distribution

B (100%)

Question #244

Users are periodically experiencing slow response times from a relational database. The database runs on a burstable Amazon EC2 instance with a 350 GB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volume. A SysOps administrator monitors the EC2 instance in Amazon CloudWatch and observes that the VolumeReadOps metric drops to less than 10% of its peak value during the periods of slow response.

What should the SysOps administrator do to ensure consistently high performance?

  • A. Convert the gp2 volume to a General Purpose SSD (gp3) EBS volume.
  • B. Convert the gp2 volume to a Cold HDD (sc1) EBS volume.
  • C. Convert the EC2 instance to a memory optimized instance type.
  • D. Activate unlimited mode on the EC2 instance.

Correct Answer: A

Community vote distribution

A (52%)

D (48%)

Question #245

A SysOps administrator is optimizing the cost of a workload. The workload is running in multiple AWS Regions and is using AWS Lambda with Amazon EC2 On-Demand Instances for the computer. The overall usage is predictable. The amount of computer that is consumed in each Region varies, depending on the users’ locations.

Which approach should the SysOps administrator use to optimize this workload?

  • A. Purchase Computer Savings Plans based on the usage during the past 30 days.
  • B. Purchase Convertible Reserved Instances by calculating the usage baseline.
  • C. Purchase EC2 Instance Savings Plans based on the usage during the past 30 days.
  • D. Purchase Standard Reserved Instances by calculating the usage baseline.

Correct Answer: A

Community vote distribution

A (100%)

Question #246

A software company runs a workload on Amazon EC2 instances behind an Application Load Balancer (ALB). A SysOps administrator needs to define a custom health check for the EC2 instances.

What is the MOST operationally efficient solution?

  • A. Set up each EC2 instance so that it writes its healthy/unhealthy status into a shared Amazon S3 bucket for the ALB to read.
  • B. Configure the health check on the ALB and ensure that the Health Check Path setting is correct.
  • C. Set up Amazon ElastiCache to track the EC2 instances as they scale in and out.
  • D. Configure an Amazon API Gateway health check to ensure custom checks on all of the EC2 instances.

Correct Answer: B

Community vote distribution

B (100%)

Question #247

A SysOps administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a company’s account. The administrator must be alerted to potential issues.

What should the administrator do to receive email alerts before low storage space affects EC2 instance performance?

  • A. Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications.
  • B. Use AWS CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic.
  • C. Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic.
  • D. Use AWS Trusted Advisor and enable email notification alerts for EC2 disk space.

Correct Answer: C

Community vote distribution

C (71%)

A (29%)

Question #248

A company applies user-defined tags to resources that are associated with the company’s AWS workloads. Twenty days after applying the tags, the company notices that it cannot use the tags to filter views in the AWS Cost Explorer console.

What is the reason for this issue?

  • A. It takes at least 30 days to be able to use tags to filter views in Cost Explorer.
  • B. The company has not activated the user-defined tags for cost allocation.
  • C. The company has not created an AWS Cost and Usage Report.
  • D. The company has not created a usage budget in AWS Budgets.

Correct Answer: B

Community vote distribution

B (100%)

Question #249

A company has a critical serverless application that uses multiple AWS Lambda functions. Each Lambda function generates 1 GB of log data daily in its own Amazon CloudWatch Logs log group. The company’s security team asks for a count of application errors, grouped by type, across all of the log groups.

What should a SysOps administrator do to meet this requirement?

  • A. Perform a CloudWatch Logs Insights query that uses the stats command and count function.
  • B. Perform a CloudWatch Logs search that uses the groupby keyword and count function.
  • C. Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords.
  • D. Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.

Correct Answer: A

Community vote distribution

A (100%)

Question #250

A company with multiple AWS accounts needs to obtain recommendations for AWS Lambda functions and identify optimal resource configurations for each Lambda function.

How should a SysOps administrator provide these recommendations?

  • A. Create an AWS Serverless Application Repository and export the Lambda function recommendations.
  • B. Enable AWS Compute Optimizer and export the Lambda function recommendations.
  • C. Enable all features of AWS Organizations and export the recommendations from AWS CloudTrail Insights.
  • D. Run AWS Trusted Advisor and export the Lambda function recommendations.

Correct Answer: B

Community vote distribution

B (100%)

Question #251

A company uses AWS CloudFormation templates to deploy cloud infrastructure. An analysis of all the company’s templates shows that the company has declared the same components in multiple templates. A SysOps administrator needs to create dedicated templates that have their own parameters and conditions for these common components.

Which solution will meet this requirement?

  • A. Develop a CloudFormation change set.
  • B. Develop CloudFormation macros.
  • C. Develop CloudFormation nested stacks.
  • D. Develop CloudFormation stack sets.

Correct Answer: D

Community vote distribution

C (100%)

Question #252

A SysOps administrator is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company. All data must be encrypted at rest.

How should the administrator implement this process?

  • A. Write a script to download the encrypted snapshot, decrypt it using the AWS KMS encryption key used to encrypt the snapshot, then create a new volume in each account.
  • B. Update the key policy to grant permission to the AWS KMS encryption key used to encrypt the snapshot with all relevant accounts, then share the snapshot with those accounts.
  • C. Create an Amazon EC2 instance based on the snapshot, then save the instance’s Amazon EBS volume as a snapshot and share it with the other accounts. Require each account owner to create a new volume from that snapshot and encrypt it.
  • D. Create a new unencrypted RDS instance from the encrypted snapshot, connect to the instance using SSH/RDP, export the database contents into a file, then share this file with the other accounts.

Correct Answer: B

Community vote distribution

B (100%)

Question #253

A SysOps administrator configures an Amazon S3 gateway endpoint in a VPC. The private subnets inside the VPC do not have outbound internet access. User logs in to an Amazon EC2 instance in one of the private subnets and cannot upload a file to an Amazon S3 bucket in the same AWS Region.

Which solution will solve this problem?

  • A. Update the EC2 instance role policy to include s3:PutObject access to the target S3 bucket.
  • B. Update the EC2 security group to allow outbound traffic to 0.0.0.0/0 for port 80.
  • C. Update the EC2 subnet route table to include the S3 prefix list destination routes to the S3 gateway endpoint.
  • D. Update the S3 bucket policy to allow s3:PutObject access from the private subnet CIDR block.

Correct Answer: C

Community vote distribution

D (64%)

C (36%)

Question #254

A company uses Amazon S3 to aggregate raw video footage from various media teams across the US. The company recently expanded into new geographies in Europe and Australia. The technical teams located in Europe and Australia reported delays when uploading large video files into the destination S3 bucket in the United States.

What are the MOST cost effective ways to increase upload speeds into the S3 bucket? (Choose two.)

  • A. Create multiple AWS Direct Connect connections between AWS and branch offices in Europe and Australia for file uploads into the destination S3 bucket.
  • B. Create multiple AWS Site-to-Site VPN connections between AWS and branch offices in Europe and Australia for file uploads into the destination S3 bucket.
  • C. Use Amazon S3 Transfer Acceleration for file uploads into the destination S3 bucket.
  • D. Use AWS Global Accelerator for file uploads into the destination S3 bucket from the branch offices in Europe and Australia.
  • E. Use multipart uploads for file uploads into the destination S3 bucket from the branch offices in Europe and Australia.

Correct Answer: CE

Community vote distribution

CE (100%)

Question #255

A SysOps administrator is helping a development team deploy an application to AWS. The AWS CloudFormation template includes an Amazon Linux EC2 instance, an Amazon Aurora DB cluster, and a hardcoded database password that must be rotated every 90 days.

What is the MOST secure way to manage the database password?

  • A. Use the AWS::SecretsManager::Secret resource with the GenerateSecretString property to automatically generate a password. Use the AWS::SecretsManager::RotationSchedule resource to define a rotation schedule for the password. Configure the application to retrieve the secret from AWS Secrets Manager to access the database.
  • B. Use the AWS::SecretsManager::Secret resource with the SecretString property Accept a password as a CloudFormation parameter Use the AllowedPattern property of the CloudFormation parameter to require a minimum length, uppercase and lowercase letters, and special characters. Configure the application to retrieve the secret from AWS Secrets Manager to access the database.
  • C. Use the AWS::SSM::Parameter resource. Accept input as a CloudFormation parameter to store the parameter as a secure string. Configure the application to retrieve the parameter from AWS Systems Manager Parameter Store to access the database.
  • D. Use the AWS::SSM::Parameter resource. Accept input as a CloudFormation parameter to store the parameter as a string. Configure the application to retrieve the parameter from AWS Systems Manager Parameter Store to access the database.

Correct Answer: A

Community vote distribution

A (100%)

Question #256

Application A runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The EC2 instances are in an Auto Scaling group and are in the same subnet that is associated with the NLB. Other applications from an on-premises environment cannot communicate with Application A on port 8080.

To troubleshoot the issue, a SysOps administrator analyzes the flow logs. The flow logs include the following records:

What is the reason for the rejected traffic?

  • A. The security group of the EC2 instances has no Allow rule for the traffic from the NLB.
  • B. The security group of the NLB has no Allow rule for the traffic from the on-premises environment.
  • C. The ACL of the on-premises environment does not allow traffic to the AWS environment.
  • D. The network ACL that is associated with the subnet does not allow outbound traffic for the ephemeral port range.

Correct Answer: D

Community vote distribution

D (80%)

B (20%)

Question #257

A company’s SysOps administrator maintains a highly available environment. The environment includes Amazon EC2 instances and an Amazon RDS Multi-AZ database. The EC2 instances are in an Auto Scaling group behind an Application Load Balancer.

Recently, the company conducted a failover test. The SysOps administrator needs to decrease the failover time of the RDS database by at least 10%.

Which solution will meet this requirement?

  • A. Increase the RDS instance size.
  • B. Modify the RDS cluster to run in a single Availability Zone.
  • C. Create a read replica in another AWS Region. Promote the read replica in case of failure.
  • D. Create an RDS proxy. Point the application to the proxy endpoint.

Correct Answer: D

Community vote distribution

D (100%)

Question #258

A company’s VPC has connectivity to an on-premises data center through an AWS Site-to-Site VPN. The company needs Amazon EC2 instances in the VPC to send DNS queries for example.com to the DNS servers in the data center.

Which solution will meet these requirements?

  • A. Create an Amazon Route 53 Resolver inbound endpoint. Create a conditional forwarding rule on the on-premises DNS servers to forward DNS requests for example.com to the inbound endpoints.
  • B. Create an Amazon Route 53 Resolver inbound endpoint. Create a forwarding rule on the resolver that sends all queries for example.com to the on-premises DNS servers. Associate this rule with the VPC.
  • C. Create an Amazon Route 53 Resolver outbound endpoint. Create a conditional forwarding rule on the on-premises DNS servers to forward DNS requests for example.com to the outbound endpoints.
  • D. Create an Amazon Route 53 Resolver outbound endpoint. Create a forwarding rule on the resolver that sends all queries for example.com to the on-premises DNS servers. Associate this rule with the VPC.

Correct Answer: D

Community vote distribution

D (69%)

B (31%)

Question #259

A SysOps administrator is tasked with analyzing database performance. The database runs on a single Amazon RDS DB instance. The SysOps administrator finds that, during times of peak traffic, resources on the database are overutilized due to the amount of read traffic.

Which actions should the SysOps administrator take to improve RDS performance? (Choose two.)

  • A. Add a read replica
  • B. Modify the application to use Amazon ElastiCache for Memcached.
  • C. Migrate the database from RDS to Amazon DynamoDB.
  • D. Migrate the database to Amazon EC2 with enhanced networking enabled.
  • E. Upgrade the database to a Multi-AZ deployment.

Correct Answer: AB

Community vote distribution

AB (100%)

Question #260

A company’s SysOps administrator has created an Amazon EC2 instance with custom software that will be used as a template for all new EC2 instances across multiple AWS accounts. The Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the EC2 instance are encrypted with AWS managed keys.

The SysOps administrator creates an Amazon Machine Image (AMI) of the custom EC2 instance and plans to share the AMI with the company’s other AWS accounts. The company requires that all AMIs are encrypted with AWS Key Management Service (AWS KMS) keys and that only authorized AWS accounts can access the shared AMIs.

Which solution will securely share the AMI with the other AWS accounts?

  • A. In the account where the AMI was created, create a customer managed KMS key. Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.
  • B. In the account where the AMI was created, create a customer managed KMS key. Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI, and specify the KMS key. Modify the permissions on the copied AMI to specify the AWS account numbers that the AMI will be shared with.
  • C. In the account where the AMI was created, create a customer managed KMS key. Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Create a copy of the AMI, and specify the KMS key Modify the permissions on the copied AMI to make it public.
  • D. In the account where the AMI was created, modify the key policy of the AWS managed key to provide kms:DescribeKey, kms:ReEncrypt*, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared with. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.

Correct Answer: C

Community vote distribution

B (86%)

14%

Question #261

A company is migrating its production file server to AWS. All data that is stored on the file server must remain accessible if an Availability Zone becomes unavailable or when system maintenance is performed. Users must be able to interact with the file server through the SMB protocol. Users also must have the ability to manage file permissions by using Windows ACLs.

Which solution will meet these requirements?

  • A. Create a single AWS Storage Gateway file gateway.
  • B. Create an Amazon FSx for Windows File Server Multi-AZ file system.
  • C. Deploy two AWS Storage Gateway file gateways across two Availability Zones. Configure an Application Load Balancer in front of the file gateways.
  • D. Deploy two Amazon FSx for Windows File Server Single-AZ 2 file systems. Configure Microsoft Distributed File System Replication (DFSR).

Correct Answer: B

Community vote distribution

B (100%)

Question #262

A SysOps administrator needs to create alerts that are based on the read and write metrics of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to an Amazon EC2 instance. The SysOps administrator creates and enables Amazon CloudWatch alarms for the DiskReadBytes metric and the DiskWriteBytes metric.

A custom monitoring tool that is installed on the EC2 instance with the same alarm configuration indicates that the volume metrics have exceeded the threshold. However, the CloudWatch alarms were not in ALARM state.

Which action will ensure that the CloudWatch alarms function correctly?

  • A. Install and configure the CloudWatch agent on the EC2 instance to capture the desired metrics.
  • B. Install and configure AWS Systems Manager Agent on the EC2 instance to capture the desired metrics.
  • C. Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EBS volumes.
  • D. Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EC2 instance.

Correct Answer: C

Community vote distribution

C (90%)

10%

Question #263

A company recently moved its server infrastructure to Amazon EC2 instances. The company wants to use Amazon CloudWatch metrics to track instance memory utilization and available disk space.

What should a SysOps administrator do to meet these requirements?

  • A. Configure CloudWatch from the AWS Management Console for all the instances that require monitoring by CloudWatch. AWS automatically installs and configures the agents for the specified instances.
  • B. Install and configure the CloudWatch agent on all the instances. Attach an IAM role to allow the instances to write logs to CloudWatch.
  • C. Install and configure the CloudWatch agent on all the instances. Attach an IAM user to allow the instances to write logs to CloudWatch.
  • D. Install and configure the CloudWatch agent on all the instances. Attach the necessary security groups to allow the instances to write logs to CloudWatch.

Correct Answer: B

Community vote distribution

B (100%)

Question #264

A company recently deployed MySQL on an Amazon EC2 instance with a default boot volume. The company intends to restore a 1.75 TB database. A SysOps administrator needs to provision the correct Amazon Elastic Block Store (Amazon EBS) volume. The database will require read performance of up to 10,000 IOPS and is not expected to grow in size.

Which solution will provide the required performance at the LOWEST cost?

  • A. Deploy a 2 TB Cold HDD (sc1) volume.
  • B. Deploy a 2 TB Throughput Optimized HDD (st1) volume.
  • C. Deploy a 2 TB General Purpose SSD (gp3) volume. Set the IOPS to 10,000.
  • D. Deploy a 2 TB Provisioned IOPS SSD (io2) volume. Set the IOPS to 10,000.

Correct Answer: C

Community vote distribution

C (75%)

D (17%)

8%

Question #265

A SysOps administrator is setting up a fleet of Amazon EC2 instances in an Auto Scaling group for an application. The fleet should have 50% CPU available at all times to accommodate bursts of traffic. The load will increase significantly between the hours of 09:00 and 17:00, 7 days a week.

How should the SysOps administrator configure the scaling of the EC2 instances to meet these requirements?

  • A. Create a target tracking scaling policy that runs when the CPU utilization is higher than 90%.
  • B. Create a target tracking scaling policy that runs when the CPU utilization is higher than 50%. Create a scheduled scaling policy that ensures that the fleet is available at 09:00. Create a second scheduled scaling policy that scales in the fleet at 17:00.
  • C. Set the Auto Scaling group to start with 2 instances by setting the desired instances, maximum instances, and minimum instances to 2. Create a scheduled scaling policy that ensures that the fleet is available at 09:00.
  • D. Create a scheduled scaling policy that ensures that the fleet is available at 09:00. Create a second scheduled scaling policy that scales in the fleet at 17:00.

Correct Answer: B

Community vote distribution

B (100%)

Question #266

A company has turned on server access logging for all of its existing Amazon S3 buckets. The company wants to implement a solution to monitor the logging settings for new and existing S3 buckets. The solution must remediate any S3 buckets that do not have logging turned on.

What should a SysOps administrator do to meet these requirements in the MOST operationally efficient way?

  • A. Track the logging information by using AWS CloudTrail. Launch an AWS Lambda function for remediation.
  • B. Configure automatic remediation in AWS Config by using the s3-bucket-logging-enabled rule.
  • C. Configure AWS Trusted Advisor to monitor the logging configuration and to turn on access logging if necessary.
  • D. Track the logging information by using Amazon CloudWatch metrics. Launch an AWS Lambda function for remediation.

Correct Answer: B

Community vote distribution

B (100%)

Question #267

A company is running Amazon EC2 On-Demand Instances in an Auto Scaling group. The instances process messages from an Amazon Simple Queue Service (Amazon SQS) queue. The Auto Scaling group is set to scale based on the number of messages in the queue. Messages can take up to 12 hours to process completely. A SysOps administrator must ensure that instances are not interrupted during message processing.

What should the SysOps administrator do to meet these requirements?

  • A. Enable instance scale-in protection for the specific instance in the Auto Scaling group at the start of message processing by calling the Amazon EC2 Auto Scaling API from the processing script. Disable instance scale-in protection after message processing is complete by calling the Amazon EC2 Auto Scaling API from the processing script.
  • B. Set the Auto Scaling group’s termination policy to OldestInstance.
  • C. Set the Auto Scaling group’s termination policy to OldestLaunchConfiguration.
  • D. Suspend the Launch and Terminate scaling processes for the specific instance in the Auto Scaling group at the start of message processing by calling the Amazon EC2 Auto Scaling API from the processing script. Resume the scaling processes after message processing is complete by calling the Amazon EC2 Auto Scaling API from the processing script.

Correct Answer: A

Community vote distribution

A (100%)

Question #268

A company manages a set of accounts on AWS by using AWS Organizations. The company’s security team wants to use a native AWS service to regularly scan all AWS accounts against the Center for Internet Security (CIS) AWS Foundations Benchmark.

What is the MOST operationally efficient way to meet these requirements?

  • A. Designate a central security account as the AWS Security Hub administrator account. Create a script that sends an invitation from the Security Hub administrator account and accepts the invitation from the member account. Run the script every time a new account is created. Configure Security Hub to run the CIS AWS Foundations Benchmark scans.
  • B. Run the CIS AWS Foundations Benchmark across all accounts by using Amazon Inspector.
  • C. Designate a central security account as the Amazon GuardDuty administrator account. Create a script that sends an invitation from the GuardDuty administrator account and accepts the invitation from the member account. Run the script every time a new account is created. Configure GuardDuty to run the CIS AWS Foundations Benchmark scans.
  • D. Designate an AWS Security Hub administrator account. Configure new accounts in the organization to automatically become member accounts. Enable CIS AWS Foundations Benchmark scans.

Correct Answer: D

Community vote distribution

D (100%)

Question #269

A company currently runs its infrastructure within a VPC in a single Availability Zone. The VPC is connected to the company’s on-premises data center through an AWS Site-to-Site VPN connection attached to a virtual private gateway. The on-premises route tables route all VPC networks to the VPN connection. Communication between the two environments is working correctly. A SysOps administrator created new VPC subnets within a new Availability Zone, and deployed new resources within the subnets. However, communication cannot be established between the new resources and the on-premises environment.

Which steps should the SysOps administrator take to resolve the issue?

  • A. Add a route to the route tables of the new subnets that send on-premises traffic to the virtual private gateway.
  • B. Create a ticket with AWS Support to request adding Availability Zones to the Site-to-Site VPN route configuration.
  • C. Establish a new Site-to-Site VPN connection between a virtual private gateway attached to the new Availability Zone and the on-premises data center.
  • D. Replace the Site-to-Site VPN connection with an AWS Direct Connect connection.

Correct Answer: A

Community vote distribution

A (100%)

Question #270

A SysOps administrator needs to collect the content of log files from a custom application that is deployed across hundreds of Amazon EC2 instances running Ubuntu. The log files need to be stored in Amazon CloudWatch Logs.

How should the SysOps administrator collect the application log files with the LOWEST operational overhead?

  • A. Configure the syslogd service on each EC2 instance to collect and send the application log files to CloudWatch Logs.
  • B. Install the CloudWatch agent by using the Amazon Linux package manager on each EC2 instance. Configure each agent to collect the application log files.
  • C. Install the CloudWatch agent on each EC2 instance by using AWS Systems Manager. Create an agent configuration on each instance by using the CloudWatch configuration wizard. Configure each agent to collect the application log files.
  • D. Store a CloudWatch agent configuration in the AWS Systems Manager Parameter Store. Install the CloudWatch agent on each EC2 instance by using Systems Manager. Configure each agent to collect the application log files.

Correct Answer: D

Community vote distribution

D (75%)

C (25%)

Question #271

A SysOps administrator needs to design a disaster recovery (DR) plan for an application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The application uses an Amazon Aurora PostgreSQL database. The recovery time objective (RTO) and recovery point objective (RPO) are 15 minutes each.

Which combination of steps should the SysOps administrator take to meet these requirements MOST cost-effectively? (Choose two.)

  • A. Configure Aurora backups to be exported to the DR Region.
  • B. Configure the Aurora cluster to replicate data to the DR Region by using the Aurora global database option.
  • C. Configure the DR Region with an ALB and an Auto Scaling group. Use the same configuration as in the primary Region.
  • D. Configure the DR Region with an ALB and an Auto Scaling group. Set the Auto Scaling group’s minimum capacity, maximum capacity, and desired capacity to 1.
  • E. Manually launch a new ALB and a new Auto Scaling group by using AWS CloudFormation during a failover activity.

Correct Answer: BD

Community vote distribution

BD (63%)

BC (32%)

5%

Question #272

A SysOps administrator is creating a simple, public-facing website running on Amazon EC2. The SysOps administrator created the EC2 instance in an existing public subnet and assigned an Elastic IP address to the instance. Next, the SysOps administrator created and applied a new security group to the instance to allow incoming HTTP traffic from 0.0.0.0/0. Finally, the SysOps administrator created a new network ACL and applied it to the subnet to allow incoming HTTP traffic from 0.0.0.0/0. However, the website cannot be reached from the internet.

What is the cause of this issue?

  • A. The SysOps administrator did not create an outbound rule that allows ephemeral port return traffic in the new network ACL.
  • B. The SysOps administrator did not create an outbound rule in the security group that allows HTTP traffic from port 80.
  • C. The Elastic IP address assigned to the EC2 instance has changed.
  • D. There is an additional network ACL associated with the subnet that includes a rule that denies inbound HTTP traffic from port 80.

Correct Answer: A

Community vote distribution

A (90%)

10%

Question #273

A company has an application that uses an Amazon Elastic File System (Amazon EFS) file system. A recent incident that involved an application logic error corrupted several files. The company wants to improve its ability to back up and recover the EFS file system. The company must be able to recover individual files rapidly.

Which solution meets these requirements MOST cost-effectively?

  • A. Configure Amazon Data Lifecycle Manager (Amazon DLM) to archive a copy of the data to an Amazon S3 Glacier vault. Use S3 Glacier retrieval requests to retrieve individual files.
  • B. Create a second EFS file system in another AWS Region. Configure AWS DataSync to copy the data to the backup file system. Recover files by copying them from the backup EFS file system.
  • C. Enable AWS Backup in Amazon EFS to back up the file system to an Amazon S3 Glacier vault. Use S3 Glacier retrieval requests to retrieve individual files.
  • D. Enable AWS Backup in Amazon EFS to back up the file system to a backup vault. Use a partial restore job to retrieve individual files.

Correct Answer: D

Community vote distribution

D (88%)

13%

Question #274

A company migrates a write-once, ready-many (WORM) drive to an Amazon S3 bucket that has S3 Object Lock configured in governance mode. During the migration, the company copies unneeded data to the S3 bucket.

A SysOps administrator attempts to delete the unneeded data from the S3 bucket by using the AWS CLI. However, the SysOps administrator receives an error.

Which combination of steps should the SysOps administrator take to successfully delete the unneeded data? (Choose two.)

  • A. Increase the Retain Until Date.
  • B. Assume a role that has the s3:BypassLegalRetention permission.
  • C. Assume a role that has the s3:BypassGovernanceRetention permission.
  • D. Include the x-amz-bypass-governance-retention:true header in the request when issuing the delete command.
  • E. Include the x-amz-bypass-legal-retention:true header in the request when issuing the delete command.

Correct Answer: BD

Community vote distribution

CD (100%)

Question #275

A company needs to view a list of security groups that are open to the internet on port 3389.

What should a SysOps administrator do to meet this requirement?

  • A. Configure Amazon GuardDuty to scan security groups and report unrestricted access on port 3389.
  • B. Configure a service control policy (SCP) to identify security groups that allow unrestricted access on port 3389.
  • C. Use AWS Identity and Access Management Access Analyzer to find any instances that have unrestricted access on port 3389.
  • D. Use AWS Trusted Advisor to find security groups that allow unrestricted access on port 3389.

Correct Answer: D

Community vote distribution

D (100%)

Question #276

A company website contains a web tier and a database tier on AWS. The web tier consists of Amazon EC2 instances that run in an Auto Scaling group across two Availability Zones. The database tier runs on an Amazon RDS for MySQL Multi-AZ DB instance. The database subnet network ACLs are restricted to only the web subnets that need access to the database. The web subnets use the default network ACL with the default rules.

The company’s operations team has added a third subnet to the Auto Scaling group configuration. After an Auto Scaling event occurs, some users report that they intermittently receive an error message. The error message states that the server cannot connect to the database. The operations team has confirmed that the route tables are correct and that the required ports are open on all security groups.

Which combination of actions should a SysOps administrator take so that the web servers can communicate with the DB instance? (Choose two.)

  • A. On the default ACL, create inbound Allow rules of type TCP with the ephemeral port range and the source as the database subnets.
  • B. On the default ACL, create outbound Allow rules of type MySQL/Aurora (3306). Specify the destinations as the database subnets.
  • C. On the network ACLs for the database subnets, create an inbound Allow rule of type MySQL/Aurora (3306). Specify the source as the third web subnet.
  • D. On the network ACLs for the database subnets, create an outbound Allow rule of type TCP with the ephemeral port range and the destination as the third web subnet.
  • E. On the network ACLs for the database subnets, create an outbound Allow rule of type MySQL/Aurora (3306). Specify the destination as the third web subnet.

Correct Answer: CD

Community vote distribution

CD (89%)

11%

Question #277

A SysOps administrator has been able to consolidate multiple, secure websites onto a single server, and each site is running on a different port. The administrator now wants to start a duplicate server in a second Availability Zone and put both behind a load balancer for high availability.

What would be the command line necessary to deploy one of the sites’ certificates to the load balancer?

  • A. aws kms modify-listener –-load-balancer-name my-load-balancer-–certificates CertificateArn=arn:aws:iam::123456789012:server-certifiate/my-new-server-cert
  • B. aws elb set-load-balancer-listener-ssl-certificate –load-balancer-name my-load-balancer –-load-balancer-port 443 –-ssl-certificate-id arn:aws:iam::123456789012:server-certificate/new-server-cert
  • C. aws ec2 put-ssl-certificate –-load-balancer-name my-load-balancer –-load-balancer-port 443 –-ssl-certificate-id arn:aws:iam::123456789012:server-certificate/new-server-cert
  • D. aws acm put-ssl-certificate –-load-balancer-name my-load-balancer –-load-balancer-port 443 –-ssl-certificate-id arn:aws:iam::123456789012:server-certificate/new-server-cert

Correct Answer: B

Community vote distribution

B (100%)

Question #278

A SysOps administrator is preparing to deploy an application to Amazon EC2 instances that are in an Auto Scaling group. The application requires dependencies to be installed. Application updates are issued weekly.

The SysOps administrator needs to implement a solution to incorporate the application updates on a regular basis. The solution also must conduct a vulnerability scan during Amazon Machine Image (AMI) creation.

What is the MOST operationally efficient solution that meets these requirements?

  • A. Create a script that uses Packer. Schedule a cron job to run the script.
  • B. Install the application and its dependencies on an EC2 instance. Create an AMI of the EC2 instance.
  • C. Use EC2 Image Builder with a custom recipe to install the application and its dependencies.
  • D. Invoke the EC2 CreateImage API operation by using an Amazon EventBridge scheduled rule.

Correct Answer: C

Community vote distribution

C (80%)

D (20%)

Question #279

An AWS CloudFormation template creates an Amazon RDS instance. This template is used to build up development environments as needed and then delete the stack when the environment is no longer required. The RDS-persisted data must be retained for further use, even after the CloudFormation stack is deleted.

How can this be achieved in a reliable and efficient way?

  • A. Write a script to continue backing up the RDS instance every five minutes.
  • B. Create an AWS Lambda function to take a snapshot of the RDS instance, and manually invoke the function before deleting the stack.
  • C. Use the Snapshot Deletion Policy in the CloudFormation template definition of the RDS instance.
  • D. Create a new CloudFormation template to perform backups of the RDS instance, and run this template before deleting the stack.

Correct Answer: B

Community vote distribution

C (100%)

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

you are using free dumps!!!

Please help to click ads to support the website

Buy Premium Dumps For Ads-free
Buy Vouchers

DỊCH VỤ iT

Thiết kế Website

Biên tập Video theo yêu cầu

THÔNG TIN CHI TIẾT