VOUCHER GIẢM LỆ PHÍ THI GIÁ TỐT NSE FORTINET VOUCHERS 100% LỆ PHÍ THI
Liên hệ
Free AWS Dump, Free Dumps

Free AWS SOA-C02 Dump

Question #280

AnyCompany has acquired Example Corp and is attempting to consolidate the business systems of both companies. AnyCompany’s IT department needs to integrate with Example Corp’s IT ticketing system.

A SysOps administrator must implement a solution that uses Amazon CloudWatch alarms for Amazon EC2 instances in AnyCompany’s account to create new tickets in Example Corp’s ticketing system. The ticketing system provides an HTTPS endpoint for the creation of new tickets. The ticketing system accepts messages in the following JSON format:

Which approach to creating tickets from the CloudWatch alarms will meet these requirements with the LEAST development time?

  • A. Create an Amazon EventBridge rule that filters appropriate events and specifies EventBridge API destinations as a target. Configure EventBridge API destinations to send events to the HTTPS endpoint. In the EventBridge rule, create an input transformer to convert the source to a compatible output for the ticketing system.
  • B. Create an Amazon EventBridge rule that filters appropriate events and specifies an Amazon Kinesis data stream as the target. Create an AWS Lambda function to receive events from the Kinesis data stream. Configure the Lambda function to start an AWS Glue job to transform the data and forward the output to the HTTPS endpoint.
  • C. Create an Amazon EventBridge rule that filters appropriate events and specifies Amazon Simple Notification Service (Amazon SNS) as a target. Configure Amazon SNS to transform the events and send the events to the HTTPS endpoint.
  • D. Create an Amazon EventBridge rule that filters appropriate events and specifies an AWS Step Functions state machine as a target. Create an AWS Lambda function and an AWS Glue job in Step Functions to transform the events and send the events to the HTTPS endpoint.

Correct Answer: A

Community vote distribution

A (50%)

C (50%)

Question #281

A SysOps administrator needs to provision a new fleet of Amazon EC2 Spot Instances in an Amazon EC2 Auto Scaling group. The Auto Scaling group will use a wide range of instance types. The configured fleet must come from pools that have the most availability for the number of instances that are launched.

Which solution will meet these requirements?

  • A. Launch the Spot Instances up to the maximum capacity of the Auto Scaling group.
  • B. Launch the Spot Instances by using the diversified strategy.
  • C. Launch the Spot Instances by using the capacity optimized strategy.
  • D. Use the Spot Instance advisor to help determine the best Spot allocation strategy.

Correct Answer: C

Community vote distribution

C (76%)

D (24%)

Question #282

A SysOps administrator creates a custom Amazon Machine Image (AMI) in the eu-west-2 Region and uses the AMI to launch Amazon EC2 instances. The SysOps administrator needs to use the same AMI to launch EC2 instances in two other Regions: us-east-1 and us-east-2.

What must the SysOps administrator do to use the custom AMI in the additional Regions?

  • A. Copy the AMI to the additional Regions.
  • B. Make the AMI public in the Community AMIs section of the AWS Management Console.
  • C. Share the AMI to the additional Regions. Assign the required access permissions.
  • D. Copy the AMI to a new Amazon S3 bucket. Assign access permissions to the AMI for the additional Regions.

Correct Answer: A

Community vote distribution

A (100%)

Question #283

A company has many accounts in an organization in AWS Organizations. The company must automate resource provisioning from the organization’s management account to the member accounts.

Which solution will meet this requirement?

  • A. Create an AWS CloudFormation change set. Deploy the change set to all member accounts.
  • B. Create an AWS CloudFormation nested stack. Deploy the nested stack to all member accounts.
  • C. Create an AWS CloudFormation stack set. Deploy the stack set to all member accounts.
  • D. Create an AWS Serverless Application Model (AWS SAM) template. Deploy the template to all member accounts.

Correct Answer: C

Community vote distribution

C (100%)

Question #284

A company is building an interactive application for personal finance. The application stores financial data in Amazon S3, and the data must be encrypted. The company does not want to provide its own encryption keys. However, the company wants to maintain an audit trail that shows when an encryption key was used and who used the key.

Which solution will meet these requirements?

  • A. Use client-side encryption with client-provided keys. Upload the encrypted user data to Amazon S3.
  • B. Use server-side encryption with S3 managed encryption keys (SSE-S3) to encrypt the user data on Amazon S3.
  • C. Use server-side encryption with customer-provided encryption keys (SSE-C) to encrypt the user data on Amazon S3.
  • D. Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) to encrypt the user data on Amazon S3.

Correct Answer: D

Community vote distribution

D (100%)

Question #285

A company has an AWS CloudFormation template that creates an Amazon S3 bucket. A user authenticates to the corporate AWS account with their Active Directory credentials and attempts to deploy the CloudFormation template. However, the stack creation fails.

Which factors could cause this failure? (Choose two.)

  • A. The user’s IAM policy does not allow the cloudformation:CreateStack action.
  • B. The user’s IAM policy does not allow the cloudformation:CreateStackSet action.
  • C. The user’s IAM policy does not allow the s3:CreateBucket action.
  • D. The user’s IAM policy explicitly denies the s3:ListBucket action.
  • E. The user’s IAM policy explicitly denies the s3:PutObject action.

Correct Answer: AC

Question #286

An Amazon RDS for PostgreSQL DB cluster has automated backups turned on with a 7-day retention period. A SysOps administrator needs to create a new RDS DB cluster by using data that is no more than 24 hours old from the original DB cluster.

Which solutions will meet these requirements with the LEAST operational overhead? (Choose two.)

  • A. Identify the most recent automated snapshot. Restore the snapshot to a new RDS DB cluster.
  • B. Back up the database to Amazon S3 by using native database backup tools. Create a new RDS DB cluster and restore the data to the new RDS DB cluster.
  • C. Create a read replica instance in the original RDS DB cluster. Promote the read replica to a standalone DB cluster.
  • D. Create a new RDS DB cluster. Use AWS Database Migration Service (AWS DMS) to migrate data from the current RDS DB cluster to the newly created RDS DB cluster.
  • E. Use the pg_dump utility to export data from the original RDS DB cluster to an Amazon EC2 instance. Create a new RDS DB cluster. Use the pg_restore utility to import the data from the EC2 instance to the new RDS DB cluster.

Correct Answer: AD

Community vote distribution

AC (100%)

Question #287

A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin. After a week of monitoring the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load.

What are possible causes for this problem? (Choose two.)

  • A. CloudFront does not have the ALB configured as the origin access identity.
  • B. The DNS is still pointing to the ALB instead of the CloudFront distribution.
  • C. The ALB security group is not permitting inbound traffic from CloudFront.
  • D. The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on the CloudFront distribution.
  • E. The target groups associated with the ALB are configured for sticky sessions.

Correct Answer: BD

Community vote distribution

BD (100%)

Question #288

A SysOps administrator needs to configure the Amazon Route 53 hosted zone for example.com and www.example.com to point to an Application Load Balancer (ALB).

Which combination of actions should the SysOps administrator take to meet these requirements? (Choose two.)

  • A. Configure an A record for example.com to point to the IP address of the ALB.
  • B. Configure an A record for www.example.com to point to the IP address of the ALB.
  • C. Configure an alias record for example.com to point to the CNAME of the ALB.
  • D. Configure an alias record for www.example.com to point to the Route 53 example.com record.
  • E. Configure a CNAME record for example.com to point to the CNAME of the ALB.

Correct Answer: CD

Community vote distribution

CD (71%)

14%

14%

Question #289

A company has a hybrid environment. The company has set up an AWS Direct Connect connection between the company’s on-premises data center and a workload that runs in a VPC. The company uses Amazon Route 53 for DNS on AWS. The company uses a private hosted zone to manage DNS names for a set of services that are hosted on AWS.

The company wants the on-premises servers to use Route 53 for DNS resolution of the private hosted zone.

Which solution will meet these requirements?

  • A. Create a Route 53 inbound endpoint. Ensure that security groups and routing allow the traffic from the on-premises data center. Configure the DNS server on the on-premises network to conditionally forward DNS queries for the private hosted zone’s domain name to the IP addresses of the inbound endpoint.
  • B. Create a Route 53 outbound endpoint. Ensure that security groups and routing allow the traffic from the VPC. Configure the DNS server on the on-premises network to conditionally forward DNS queries for the private hosted zone’s domain name to the IP addresses of the outbound endpoint.
  • C. Edit the private hosted zone in Route 53 with a TXT record that references the on-premises DNS servers. Configure the DNS server on the on-premises network to conditionally forward DNS queries for the private hosted zone’s domain name to the base of the VPC CIDR IPv4 network range, plus two.
  • D. Edit the private hosted zone in Route 53 with a PTR record that references the on-premises DNS servers. Configure the DNS server on the on-premises network to conditionally forward DNS queries for the private hosted zone’s domain name to the base of the VPC CIDR IPv4 network range, plus two.

Correct Answer: A

Community vote distribution

A (88%)

13%

Question #290

A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability for an on-premises website. The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns 2xx or 3xx HTTP codes. All other traffic should be directed to the secondary passive server. The failover record type, set ID, and routing policy have been set appropriately for both primary and secondary servers.

Which next step should be taken to configure Route 53?

  • A. Create an A record for each server. Associate the records with the Route 53 HTTP health check.
  • B. Create an A record for each server. Associate the records with the Route 53 TCP health check.
  • C. Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 HTTP health check.
  • D. Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 TCP health check.

Correct Answer: A

Community vote distribution

A (71%)

C (29%)

Question #291

An Amazon EC2 instance is running an application that uses Amazon Simple Queue Service (Amazon SQS) queues. A SysOps administrator must ensure that the application can read, write, and delete messages from the SQS queues.

Which solution will meet these requirements in the MOST secure manner?

  • A. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues. Embed the IAM user’s credentials in the application’s configuration
  • B. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:RecelveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues. Export the IAM user’s access key and secret access key as environment variables on the EC2 instance.
  • C. Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows sqs:* permissions to the appropriate queues.
  • D. Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.

Correct Answer: D

Community vote distribution

D (100%)

Question #292

A SysOps administrator needs to configure an Amazon S3 bucket to host a web application. The SysOps administrator has created the S3 bucket and has copied the static files for the web application to the S3 bucket.

The company has a policy that all $3 buckets must not be public.

What should the SysOps administrator do to meet these requirements?

  • A. Create an Amazon CloudFront distribution. Configure the S3 bucket as an origin with an origin access identity (OAI). Give the OAI the s3:GetObject permission in the S3 bucket policy.
  • B. Configure static website hosting in the S3 bucket. Use Amazon Route 53 to create a DNS CNAME to point to the S3 website endpoint.
  • C. Create an Application Load Balancer (ALB). Change the protocol to HTTPS in the ALB listener configuration. Forward the traffic to the S3 bucket.
  • D. Create an accelerator in AWS Global Accelerator. Set up a listener configuration for port 443. Set the endpoint type to forward the traffic to the S3 bucket.

Correct Answer: A

Community vote distribution

A (100%)

Question #293

A company is building a web application on AWS. The company is using Amazon CloudFront with a domain name of www.example.com. All traffic to CloudFront must be encrypted in transit. The company already has provisioned an SSL certificate for www.example.com in AWS Certificate Manager (ACM).

Which combination of steps should a SysOps administrator take to encrypt the traffic in transit? (Choose two.)

  • A. For each cache behavior in the CloudFront distribution, modify the Viewer Protocol Policy setting to redirect HTTP to HTTPS.
  • B. For each cache behavior in the CloudFront distribution, modify the Viewer Protocol Policy setting to allow HTTP and HTTPS.
  • C. Enter the alternate domain name (CNAME) of www.example.com for the CloudFront distribution. Select the custom SSL certificate.
  • D. Configure an AWS WAF web ACL for the CloudFront distribution.
  • E. Configure CloudFront Origin Shield for the CloudFront origin.

Correct Answer: AC

Community vote distribution

AC (100%)

Question #294

A company runs an application on hundreds of Amazon EC2 instances in three Availability Zones. The application calls a third-party API over the public internet. A SysOps administrator must provide the third party with a list of static IP addresses so that the third party can allow traffic from the application.

Which solution will meet these requirements?

  • A. Add a NAT gateway in the public subnet of each Availability Zone. Make the NAT gateway the default route of all private subnets in those Availability Zones.
  • B. Allocate one Elastic IP address in each Availability Zone. Associate the Elastic IP address with all the instances in the Availability Zone.
  • C. Place the instances behind a Network Load Balancer (NLB). Send the traffic to the internet through the private IP address of the NLB.
  • D. Update the main route table to send the traffic to the internet through an Elastic IP address that is assigned to each instance.

Correct Answer: C

Community vote distribution

A (73%)

C (15%)

12%

Question #295

A company manages its multi-account environment by using AWS Organizations. The company needs to automate the creation of daily incremental backups of any Amazon Elastic Block Store (Amazon EBS) volume that is marked with a Lifecycle: Production tag in one of its primary AWS accounts.

The company wants to prevent users from using Amazon EC2 * permissions to delete any of these production snapshots.

What should a SysOps administrator do to meet these requirements?

  • A. Create a daily snapshot of all EBS volumes by using Amazon Data Lifecycle Manager. Specify Lifecycle as the tag key. Specify Production as the tag value.
  • B. Associate a service control policy (SCP) with the account to deny users the ability to delete EBS snapshots. Create an Amazon EventBridge rule with a 24-hour cron schedule. Configure EBS Create Snapshot as the target. Target all EBS volumes with the specified tags.
  • C. Create a daily snapshot of all EBS volumes by using AWS Backup. Specify Lifecycle as the tag key. Specify Production as the tag value.
  • D. Create a daily Amazon Machine Image (AMI) of every production EC2 instance within the AWS account by using Amazon Data Lifecycle Manager.

Correct Answer: B

Community vote distribution

A (55%)

C (36%)

9%

Question #296

A company hosts a Windows-based file server on a fleet of Amazon EC2 instances across multiple Availability Zones. The current setup does not allow application servers to access files simultaneously from the EC2 fleet.

Which solution will allow this access in the MOST operationally efficient way?

  • A. Create an Amazon Elastic File System (Amazon EFS) Multi-AZ file system. Copy the files to the EFS file system. Connect the EFS file system to mount points on the application servers.
  • B. Create an Amazon FSx for Windows File Server Multi-AZ file system. Copy the files to the Amazon FSx file system. Adjust the connections from the application servers to use the share that the Amazon FSx file system exposes.
  • C. Create an Amazon Elastic Block Store (Amazon EBS) volume that has EBS Multi-Attach enabled. Create an Auto Scaling group for the Windows file server. Use a script in the file server’s user data to attach the SharedFileAccess tag to the EBS volume during launch.
  • D. Create two Amazon FSx for Windows File Server file systems. Configure Distributed File System (DFS) replication between the file systems. Copy the files to the Amazon FSx file systems. Adjust the connections from the application servers to use the shares that the Amazon FSx file systems expose.

Correct Answer: B

Community vote distribution

B (100%)

Question #297

A company has deployed an application on Amazon EC2 instances in a single VPC. The company has placed the EC2 instances in a private subnet in the VPC.

The EC2 instances need access to Amazon S3 buckets that are in the same AWS Region as the EC2 instances. A SysOps administrator must provide the EC2 instances with access to the S3 buckets without requiring any changes to the EC2 instances or the application. The EC2 instances must not have access to the internet.

Which solution will meet these requirements?

  • A. Create an S3 gateway endpoint that uses the default gateway endpoint policy. Associate the private subnet with the gateway endpoint.
  • B. Create an S3 interface endpoint. Associate the EC2 instances with the interface endpoint.
  • C. Configure a NAT gateway. Associate the private subnet with the NAT gateway.
  • D. Configure a proxy EC2 instance. Update the private subnet route tables to route traffic through the proxy EC2 instance. Configure the proxy to route all S3 requests to the target S3 bucket.

Correct Answer: C

Community vote distribution

A (71%)

B (29%)

Question #298

A SysOps administrator manages the caching of an Amazon CloudFront distribution that serves pages of a website, The SysOps administrator needs to configure the distribution so that the TTL of individual pages can vary. The TTL of the individual pages must remain within the maximum TLL and the minimum TTL that are set for the distribution.

Which solution will meet these requirements?

  • A. Create an AWS Lambda function that calls the Createlnvalidation API operation when a change in cache time is necessary.
  • B. Add a Cache-Control: max-age directive to the object at the origin when content is being returned to CloudFront.
  • C. Add a no-cache header through a Lambda@Edge function in response to the Viewer response.
  • D. Add.an Expires header through a CloudFront function in response to the Viewer response.

Correct Answer: B

Community vote distribution

B (100%)

Question #299

A company has a public web application that experiences rapid traffic increases after advertisements appear on local television. The application runs on Amazon EC2 instances that are in an Auto Scaling group. The Auto Scaling group is not keeping up with the traffic surges after an advertisement runs. The company often needs to scale out to 100 EC2 instances during the traffic surges.

The instance startup times are lengthy because of a boot process that creates machine-specific data caches that are unique to each instance. The exact timing of when the advertisements will appear on television is not known. A SysOps administrator must implement a solution so that the application can function properly during the traffic surges.

Which solution will meet these requirements?

  • A. Create e warm pool. Keep enough instances in the Stopped state to meet the increased demand.
  • B. Start 100 instances. Allow the boot process to finish running. Store this data on the instance store volume before stopping the instances.
  • C. Increase the value of the instance warmup time in the scaling policy
  • D. Use predictive scaling for the Auto Scaling group.

Correct Answer: D

Community vote distribution

A (100%)

Question #300

A company hosts an internal application on Amazon EC2 On-Demand Instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group. Employees use the application to provide product prices to potential customers. The Auto Scaling group is configured with a dynamic scaling policy and tracks average CPU utilization of the instances.

Employees have noticed that sometimes the application becomes slow or unresponsive. A SysOps administrator finds that some instances are experiencing a high CPU load. The Auto Scaling group cannot scale out because the company is reaching the EC2 instance service quota.

The SysOps administrator needs to implement a solution that provides a notification when the company reaches 70% or more of the EC2 instance service quota.

Which solution will meet these requirements in the MOST operationally efficient manner?

  • A. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances, and compares the total number against the applied quota value by using the Service Quotas API. Configure the Lambda function to publish an Amazon Simple Notification Service (Amazon SNS) notification if the quota utilization is equal to or greater than 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
  • B. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances, and compares the total number against the applied quota value by using the Amazon CloudWatch Metrics API. Configure the Lambda function to publish an Amazon Simple Notification Service (Amazon SNS) notification if the quota utilization is equal to or greater than 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
  • C. Use the Service Quotas console to create an Amazon CloudWatch alarm for the EC2 instances. Configure the alarm with quota utilization equal to or greater than 70%. Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.
  • D. Create an Amazon CloudWatch alarm. Configure the alarm with a threshold of 70% for the CPUUtilization metric for the EC2 instances. Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.

Correct Answer: D

Community vote distribution

C (100%)

Question #301

A SysOps administrator needs to update an AWS account name.

What should the SysOps administrator do to accomplish this goal?

  • A. Add the AdministratorAccess policy to the SysOps administrator’s IAM user.
  • B. Add the AWS_ConfigureRole policy to the SysOps administrator’s IAM user.
  • C. Change the AWS account name through the AWS Trusted Advisor interface.
  • D. Sign in as the AWS account root user to make the change.

Correct Answer: D

Community vote distribution

D (100%)

Question #302

A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team’s applications later process these files.

A SysOps administrator sets up a new S3 bucket, DOC-EXAMPLE-BUCKET, to support a new workload, The rew S3 bucket also receives regular uploads cf large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing $3 buckets provide

What should the SysOps administrator do to remediate this issue?

  • A. Provision an Amazon ElastiCache for Redis cluster for the new S3 bucket. Provide the developers with the configuration endpoint of the cluster for use in their API calls
  • B. Add the new S3 bucket to a new Amazon CloudFront distribution. Provide the developers with the domain name of the new distribution for use in their API calls.
  • C. Enable S3 Transfer Acceleration for the new S3 bucket. Verify that the developers are using the DOC-EXAMPLE-BUCKET.s3-accelerate.amazonaws.com endpoint name in their API calls.
  • D. Use S3 multipart upload for the new S3 bucket. Verify that the developers are using Region-specific S3 endpoint names such as DOC-EXAMPLE-BUCKETS3, [Region] amazonaws.com in their API calls.

Correct Answer: C

Community vote distribution

C (100%)

Question #303

A SysOps administrator wants to use AWS Systems Manager Patch Manager to automate the process of patching Amazon EC2 Windows instances. The SysOps administrator wants to ensure that patches are auto-approved 2 days after the release date for development instances. Patches also must be auto-approved 5 days after the release date for production instances. Maintenance must occur only during a 2-hour window for all instances.

Which solution will meet these requirements?

  • A. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and one patch baseline. Add an auto-approval delay to each patch group. Create a single maintenance window.
  • B. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and two patch baselines. Specify an auto-approval delay in each of the patch baselines. Create a single maintenance window.
  • C. Use tags to identity development instances and production instances. In Patch Manager, create two patch groups and one patch baseline, Create two separate maintenance windows, each with an auto-approval delay.
  • D. Use tags to identify development instances. In Patch Manager, create one patch group and one patch baseline. Specify auto-approval delays in the patch baseline, Add development instances to the new patch group. Use predefined Patch Manager patch baselines for all remaining instances. Create a single maintenance window.

Correct Answer: C

Community vote distribution

B (100%)

Question #304

A SysOps administrator must analyze Amazon CloudWatch logs across 10 AWS Lambda functions for historical errors. The logs are in JSON format and are stored in Amazon S3. Errors sometimes do not appear in the same field, but all errors begin with the same string prefix.

What is the MOST operationally efficient way for the SysOps administrator to analyze the log files?

  • A. Use S3 Select to write a query to search for errors. Run the query across all log groups of interest.
  • B. Create an AWS Glue processing job to index the logs of interest. Run a query in Amazon Athena to search for errors.
  • C. Use Amazon CloudWatch Logs Insights to write a query to search for errors. Run the query across all log groups of interest.
  • D. Use Amazon CloudWatch Contributor Insights to create a rule. Apply the rule across all log groups of interest.

Correct Answer: A

Community vote distribution

C (54%)

B (38%)

8%

Question #305

A company has a policy that all Amazon EC2 instance logs must be published to Amazon CloudWatch Logs. A SysOps administrator is troubleshooting an EC2 instance that is running Amazon Linux 2. The EC2 instance is not publishing logs to CloudWatch Logs. The Amazon CloudWatch agent is running on the EC2 instance, and the agent configuration file is correct.

What should the SysOps administrator do to resolve the issue?

  • A. Configure the AWS CLI on the EC2 instance. Create a cron job that calls the PutLogEvents API operation to push the log files to CloudWatch every 5 minutes.
  • B. Inspect the retention period of the CloudWatch Logs log group. Ensure that the retention period is set to a value that is greater than 1 day.
  • C. Set up an Amazon Kinesis data stream that is running in the same AWS Region as the EC2 instance. Configure the CloudWatch agent on the EC2 instance to send CloudWatch events to the data stream.
  • D. Ensure that the IAM role that is attached to the EC2 instance has permissions in CloudWatch Logs for the CreateLogGroup, CreateLogStream, PutLogEvents, and DescribeLogStreams actions.

Correct Answer: D

Community vote distribution

D (100%)

Question #306

A company runs a workload on an Amazon EC2 instance. The workload needs a temporary cache that contains data that changes frequently. The workload does not need to retain the cache across instance restarts.

Which storage option will provide the HIGHEST performance for the cache?

  • A. General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume
  • B. Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volume
  • C. Throughput Optimized HDD (st1) Amazon Elastic Block Store (Amazon EBS) volume
  • D. EC2 instance store

Correct Answer: B

Community vote distribution

D (100%)

Question #307

A company runs multiple workloads across an organization in AWS Organizations. The company’s finance team needs detailed dashboards to track cost changes and provide detailed cost metrics. The finance team needs to track trends as granular as every hour.

What should a SysOps administrator do to meet these requirements in the MOST operationally efficient way?

  • A. Generate Amazon CloudWatch dashboards by using CloudWatch insights and AWS Cost Explorer data.
  • B. Generate an AWS Cost and Usage Report. Store the report in Amazon S3. Use Amazon Athena to query the data. Use Amazon QuickSight to develop dashbosrds based on the data in the AWS Cost and Usage Report.
  • C. Create an AWS Lambda function that runs once a day and assumes a role in every account in the organization. Configure the Lambda function to read AWS Cost Explorer data in each account and to store the cost data in an Amazon S3 bucket. Use Amazon Athena to query the data. Use Amazon QuickSight to display the data in dashboards.
  • D. Create an IAM user for the finance team. Grant permissions to the IAM user to view AWS Cost Explorer data and billing data in the management account.

Correct Answer: A

Community vote distribution

B (70%)

A (30%)

Question #308

A company has a core application that must run 24 hours a day, 7 days a week. The application uses Amazon EC2. AWS Fargate, and AWS Lambda. The company uses a combination of operating systems across different AWS Regions.

The company needs to maximize cost savings while committing to a pricing model that offers flexibility to make changes.

What should the company do to meet these requirements?

  • A. Purchase a Compute Savings Plan that is based on Savings Plans recommendations
  • B. Purchase an EC2 Instance Savings Plan that covers the EC2 instance types and the Fargate and Lambda vCPU equivalents.
  • C. Purchase a Reserved Instance for the instance types, operating systems, Region, and tenancy,
  • D. Use EC2 Spot Instances that match the type and size of existing instances that run in each Region.

Correct Answer: D

Community vote distribution

A (100%)

Question #309

A company’s architecture team must receive immediate email notification whenever new Amazon EC2 instances are launched in the company’s main AWS production account.

‘What should a SysOps administrator do to meet this requirement?

  • A. Create a user data script that sends an email message through a smart host connector. Include the architecture team’s email address in the user data script as the recipient. Ensure that all new EC2 instances include the user data script as part of a standardized build process.
  • B. Create an Amazon Simple Notification Service (Amazon SNS) topic and a subscription that uses the email protocol. Enter the architecture team’s email address as the subscriber. Create an Amazon EventBridge rule that reacts when EC2 instances are launched. Specify the SNS topic as the rule’s target.
  • C. Create an Amazon Simple Queue Service (Amazon SQS) queue and a subscription that uses the email protocol. Enter the architecture team’s email address as the subscriber. Create an Amazon EventBridge rule that reacts when EC2 instances are launched. Specify the SQS queue as the rule’s target.
  • D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure AWS Systems Manager to publish EC2 events to the SNS topic. Create an AWS Lambda function to poll the SNS topic. Configure the Lambda function to send any messages to the architecture team’s email address.

Correct Answer: D

Community vote distribution

B (92%)

8%

Question #310

A SysOps administrator manages an AWS account where developers run CPU-intensive tasks on Amazon EC2 instances. The tasks can take several days to finish running and sometimes need to be repeated several times. The developers often forget to terminate the instances when the tasks are complete.

The SysOps administrator needs to implement a solution to monitor EC2 CPU utilization and automatically terminate underutilized instances.

Which solution will meet these requirements?

  • A. Configure an Amazon GuardDuty finding that is based on EC2 CPU utilization. Associate an AWS Lambda function with the GuardDuty finding to terminate any instances that are identified as idle.
  • B. Configure an Amazon Simple Notification Service (Amazon SNS) topic to receive EC2 utilization messages from the AWS Health Dashboard. Create an AWS Lambda function. Subscribe the Lambda function to the SNS topic. Use the ec2.stop_instances operation to terminate idle instances.
  • C. Configure a Low Utilization Amazon EC2 Instances check in AWS Trusted Advisor to publish status changes to an Amazon Simple Notification Service (Amazon SNS) topic. Create an AWS Lambda function. Subscribe the Lambda function to the SNS topic. Use the ec2.stop_instances operation to terminate idle instances.
  • D. Configure an Amazon EventBridge rule for the Low Utilization Amazon EC2 Instances check in AWS Trusted Advisor. Select the EC2 Terminatelnstances API call as the target.

Correct Answer: C

Community vote distribution

D (100%)

Question #311

A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations.

What should a SysOps administrator do to implement this requirement?

  • A. Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the AWS Management Console.
  • B. Develop an IAM policy that limits the business units to provision EC2 instances only. Instruct the business units to launch instances by using an AWS CloudFormation template.
  • C. Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog. Allow the business units to perform actions in AWS Service Catalog only.
  • D. Share an AWS CloudFormation template with the business units. Instruct the business units to pass a role to AWS CloudFormation to allow the service to manage EC2 instances.

Correct Answer: C

Community vote distribution

A (100%)

Question #312

A SysOps administrator needs to secure the credentials for an Amazon RDS database that is created by an AWS CloudFormation template. The solution must encrypt the credentials and must support automatic rotation.

Which solution will meet these requirements?

  • A. Create an AWS::SecretsManager::Secret resource in the CloudF ormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:secretsmanager dynamic reference.
  • B. Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm-secure dynamic reference.
  • C. Create an AWS::SSM::Parameter resource in he CloudFormation template. Reference the credentias in the AWS::RDS::DBInstance resource by using the resolve:ssm dynamic reference.
  • D. Create parameters for the database credentials in the CloudFormation template. Use the Ref intrinsic function to provide the credentials to the AWS::RDS::DBInstance resource.

Correct Answer: A

Community vote distribution

A (100%)

Question #313

A company wants to track its expenditures for Amazon EC2 and Amazon RDS within AWS. The company decides to implement more rigorous tagging requirements for resources in its AWS accounts. A SysOps administrator needs to identify all noncompliant resources.

What is the MOST operationally efficient solution that meets this requirement?

  • A. Create a rule in Amazon EventBridge that invokes a custom AWS Lambda function that will evaluate all created or updated resources for the specified tags.
  • B. Create a rule in AWS Config that invokes a custom AWS Lambda function that will evaluate all resources for the specified tags.
  • C. Create a rule in AWS Config with the required-tags managed rule to evaluate all resources for the specified tags.
  • D. Create a rule in Amazon EventBridge with a managed rule to evaluate all created or updated resources for the specified tags.

Correct Answer: C

Community vote distribution

C (100%)

Question #314

A company creates a new Amazon FSx for Windows File Server file system. To help manage costs, the company configures the storage capacity for the file system with minimal room for growth.

The company creates an Amazon Simple Notification Service (Amazon SNS) topic in the same AWS account whore the file system resides. The company subscribes a SysOps administrator’s email address to the SNS topic. The SysOps administrator needs to receive email notification when the file system has less than 100 GB of space available.

Which combination of steps should the SysOps administrator take to meet this requirement? (Choose two.)

  • A. Create an Amazon EventBridge rule for when the FreeStorageCapacity metric is less than or equal to 100,000,000,000 bytes (100 GB).
  • B. Create an Amazon CloudWatch alarm for when the FreeStorageCapacity metric is less than or equal to 100,000,000,000 bytes (100 GB).
  • C. Create an AWS Lambda function that will run when the Amazon CloudWatch alarm enters ALARM state. Configure the Lambda function to publish to the SNS topic.
  • D. Configure the Amazon EventBridge rule’s alarm action to publish to the SNS topic when the rule enters ALARM state.
  • E. Configure the Amazon CloudWatch alarm action to publish to the SNS topic when the alarm enters ALARM state.

Correct Answer: BE

Community vote distribution

BE (100%)

Question #315

A company decides to stop non-production Amazon EC2 instances during the EC2 instances. The company’s IT manager must receive notification in near real time whenever an EC2 instance that has an environment type tag value of non-production is started during the night.

Which solution will meet this requirement with the MOST operational efficiency?

  • A. Configure an AWS Lambda function with an SMTP client library. Subscribe the Lambda function to the AWS Health Dashboard to receive notification whenever an EC2 instance is in the running state. Configure the Lambda function to use Amazon Pinpoint to send email notifications to the IT manager. Deploy a second Lambda function to throttle calls from the first Lambda function during the daytime.
  • B. Deploy an AWS Lambda function that queries the Amazon EC2 API to determine the state of each EC2 instance. Use the EC2 instance scheduler to configure the Lambda function to run every minute during the night and to send an email notification to the IT manager for each non-production EC2 instance that is in the running state.
  • C. Create an Amazon EventBridge rule that includes the EC2 Instance State-change Notification event type. Filter the event to capture only the running state. Create an AWS Lambda function as a target of the rule. Configure the Lambda function to check the current time and the EC2 instances’ tags to determine the environment type. Create an Amazon Simple Notification Service (Amazon SNS) topic as a target of the Lambda function for notifications. Subscribe the IT manager’s email address to the SNS topic.
  • D. Store the EC2 instance metadata, including the environment type, in an Amazon DynamoDB table. Deploy a custom application to an EC2 instance. Configure the custom application to poll the DynamoDB data every minute during the night and to query the Amazon EC2 API to determine the state of each instance. Additionally, configure the custom application to send an email notification to the IT manager for each non-production EC2 instance that is in the running state.

Correct Answer: C

Community vote distribution

C (100%)

Question #316

A company’s SysOps administrator manages a fleet of Windows Amazon EC2 instances that run in a single AWS account. The instances have a tag that includes a key of “OS” and a value of “Windows.” The company uses AWS Systems Manager to patch the instances.

The company has installed the Amazon CloudWatch agent on the instances, but the configuration is inconsistent. The SysOps administrator needs to reconfigure every instance to use the same predefined CloudWatch configuration.

Which combination of steps will meet these requirements? (Choose two.)

  • A. Store the CloudWatch agent configuration file in an Amazon S3 bucket.
  • B. Store the contents of the CloudWatch agent configuration file in Systems Manager OpsCenter.
  • C. Store the contents of the CloudWatch agent configuration file in Systems Manager Parameter Store.
  • D. Create a Systems Manager State Manager association to run the AmazonCloudWatch-ManageAgent Systems Manager Run Command document. Select Systems Manager as an optional configuration source. Target the instances based on tag values.
  • E. Create a Systems Manager State Manager association to run the AmazonCloudWatch-ManageAgent Systems Manager Run Command document. Configure the document to use the S3 bucket location as the configuration source. Target the instances based on tag value.

Correct Answer: AE

Community vote distribution

CD (71%)

AD (29%)

Question #317

A company is experiencing issues with legacy software running on Amazon EC2 instances. Errors occur when the total CPU utilization on the EC2 instances exceeds 80%. A short-term solution is required while the software is being rewritten. A SysOps administrator is tasked with creating a solution to restart the instances when the CPU utilization rises above 80%.

Which solution meets these requirements with the LEAST operational overhead?

  • A. Write a script that monitors the CPU utilization of the EC2 instances and reboots the instances when utilization exceeds 80%. Run the script as a cron job.
  • B. Add an Amazon CloudWatch alarm for CPU utilization and configure the alarm action to reboot the EC2 instances.
  • C. Create an Amazon EventBridge rule using the predefined patterns for CPU utilization of the EC2 instances. When utilization exceeds 80%, invoke an AWS Lambda function to restart the instances.
  • D. Add an Amazon CloudWatch alarm for CPU utilization and configure an AWS Systems Manager Automation runbook to reboot the EC2 instances when utilization exceeds 80%.

Correct Answer: B

Community vote distribution

B (80%)

D (20%)

Question #318

A SysOps administrator launches an Amazon EC2 instance in a private subnet of a VPC. When the SysOps administrator attempts a curl command from the command line of the EC2 instance, the SysOps administrator cannot connect to https:www.example.com.

What should the SysOps administrator do to resolve this issue?

  • A. Ensure that there is an outbound security group for port 443 to 0.0.0.0/0.
  • B. Ensure that there is an inbound security group for port 443 from 0.0.0.0/0.
  • C. Ensure that there is an outbound network ACL for ephemeral ports 1024-66535 to 0.0.0.0/0.
  • D. Ensure that there is an outbound network ACL for port 80 to 0.0.0.0/0.

Correct Answer: A

Community vote distribution

A (60%)

B (20%)

C (20%)

Question #319

A SysOps administrator needs to implement a backup strategy for Amazon EC2 resources and Amazon RDS resources. The backup strategy must meet the following retention requirements:

• Daily backups: must be kept for 6 days

• Weekly backups: must be kept for 4 weeks:

• Monthly backups: must be kept for 11 months

• Yearly backups: must be kept for 7 years

Which backup strategy will meet these requirements with the LEAST administrative effort?

  • A. Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (Amazon EBS) snapshot policy. Create tags on each resource that needs to be backed up. Create multiple schedules according to the requirements within the policy. Set the appropriate frequency and retention period.
  • B. Use AWS Backup to create a new backup plan for each retention requirement with a backup frequency of daily, weekly, monthly, or yearly. Set the retention period to match the requirement. Create tags on each resource that needs to be backed up. Set up resource assignment by using the tags.
  • C. Create an AWS Lambda function. Program the Lambda function to use native tooling to take backups of file systems in Amazon EC2 and to make copies of databases in Amazon RDS. Create an Amazon EventBridge rule to invoke the Lambda function.
  • D. Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (Amazon EBS) snapshot policy. Create tags on each resource that needs to be backed up. Set up resource assignment by using the tags. Create multiple schedules according to the requirements within the policy. Set the appropriate frequency and retention period. In Amazon RDS, activate automated backups on the required DB instances.

Correct Answer: B

Community vote distribution

B (86%)

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

you are using free dumps!!!

Please help to click ads to support the website

Buy Premium Dumps For Ads-free
Buy Vouchers

DỊCH VỤ iT

Thiết kế Website

Biên tập Video theo yêu cầu

THÔNG TIN CHI TIẾT