Free AWS SOA-C02 Dump

Question #320

An application team uses an Amazon Aurora MySQL DB cluster with one Aurora Replica. The application team notices that the application read performance degrades when user connections exceed 200. The number of user connections is typically consistent around 180, with occasional sudden increases above 200 connections. The application team wants the application to automatically scale as user demand increases or decreases.

Which solution will meet these requirements?

• A. Migrate to a new Aurora multi-master DB cluster. Modify the application database connection string.
• B. Modify the DB cluster by changing to serverless mode whenever user connections exceed 200.
• C. Create an auto scaling policy with a target metric of 195 DatabaseConnections.
• D. Modify the DB cluster by increasing the Aurora Replica instance size.

Correct Answer: C

Community vote distribution

C (100%)

Question #321

A company hosts a production database on an Amazon Elastic Block Store (Amazon EBS) backed Amazon EC2 instance. As part of an annual disaster recovery exercise, the company needs to restore recent EBS snapshots to a new EC2 instance in a second Availability Zone.

After the snapshots are restored to EBS volumes, the resulting volumes must deliver all of their provisioned performance. The company must perform validation tests on the restored data as quickly as possible.

Which configuration will meet these requirements?

• A. Enable EBS fast snapshot restore (FSR) on the snapshots for the second Availability Zone. Create new EBS volumes in the second Availability Zone from the snapshots. Attach the new EBS volumes to a new EC2 instance.
• B. Enable EBS fast snapshot restore (FSR) on the snapshots for the current Availability Zone. Create new EBS volumes in the second Availability Zone from the snapshots, Attach the new EBS volumes to a new EC2 instance.
• C. Specify Provisioned IOPS on the snapshots, Create new EBS volumes in the second Availability Zone from the snapshots. Attach the new EBS volumes to a new EC2 instance.
• D. Specify Provisioned IOPS on the existing EBS volumes. Create the snapshots. After the snapshots are completed, create new EBS volumes in the second Availability Zone from the snapshots. Attach the new EBS volumes to a new EC2 instance.

Correct Answer: A

Community vote distribution

A (100%)

Question #322

A SysOps administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically. Currently, the application is deployed on a single t3.large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency after a few minutes.

What change should be made to alleviate the performance problem?

• A. Change the Amazon EBS volume to Provisioned IOPs.
• B. Upgrade to a compute-optimized instance.
• C. Add additional t2.large instances to the application.
• D. Purchase Reserved Instances.

Correct Answer: B

Community vote distribution

B (100%)

Question #323

A user is connected to an Amazon EC2 instance in a private subnet. The user is unable to access the internet from the instance by using the following curl command: curl http:/www.example.com.

A SysOps administrator reviews the VPC configuration and learns the following information:

• The private subnet has a route to a NAT gateway for CIDR 0.0.0.0/0

• The outbound security group for the EC2 instance contains one rule: outbound for port 443 to CIDR 0.0.0.0/0

• The inbound security group for the EC2 instance allows ports 22 and 443 from the user’s IP address.

• The inbound network ACL for the subnet allows port 22 and port range 1024-65535 from CIDR 0.0.0.0/0

Which action will allow the user to complete the curl request successfully?

• A. Add an additional inbound network ACL rule for port 80 to CIDR 0.0.0.0/0.
• B. Add an additional inbound security group rule for port 80 to CIDR 0.0.0.0/0.
• C. Add an additional outbound security group rule for port 80 to CIDR 0.0.0.0/0.
• D. Add an additional outbound security group rule for port 80 to the user’s IP address.

Correct Answer: C

Community vote distribution

C (100%)

Question #324

A company’s financial department needs to view the cost details of each project in an AWS account. A SysOps administrator must perform the initial configuration that is required to view cost for each project in Cost Explorer.

Which solution will meet this requirement?

• A. Activate cost allocation tags. Add a project tag to the appropriate resources.
• B. Configure consolidated billing. Create AWS Cost and Usage Reports.
• C. Use AWS Budgets. Create AWS Budgets reports.
• D. Use cost categories to define custom groups that are based on AWS cost and usage dimensions.

Correct Answer: A

Community vote distribution

A (63%)

D (38%)

Question #325

A SysOps administrator is managing a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.

Which condition should be used with the alarm?

• A. AWS/ApplicationELB HealthyHostCount <= 0
• B. AWS/ApplicationELB UnhealthyHostCount >= 1
• C. AWS/EC2 StatusCheckFailed <= 0
• D. AWS/EC2 StatusCheckFailed >= 1

Correct Answer: A

Community vote distribution

A (74%)

B (26%)

Question #326

A company uses AWS Organizations to manage its multi-account environment. The organization contains a dedicated account for security and a dedicated account for logging. A SysOps administrator needs to implement a centralized solution that provides alerts when a resource metric in any account crosses a standard defined threshold.

Which solution will meet these requirements?

• A. Deploy an AWS CloudFormation stack set to the accounts in the organization. Use a template that creates the required Amazon CloudWatch alarms and references an Amazon Simple Notification Service (Amazon SNS) topic in the logging account with publish permissions for all the accounts.
• B. Deploy an AWS CloudFormation stack in each account. Use the stack to deploy the required Amazon CloudWalch alarms and the required Amazon Simple Notification Service (Amazon SNS) topic.
• C. Deploy an AWS Lambda function on a cron job in each account. Configure the Lambda function to read resources that are in the account and to invoke an Amazon Simple Notification Service (Amazon SNS) topic if any metrics cross the defined threshold.
• D. Deploy an AWS CloudFormation change set to the organization. Use a template to create the required Amazon CloudWatch alarms and to send alerts to a verified Amazon Simple Email Service (Amazon SES) identity.

Correct Answer: A

Community vote distribution

A (100%)

Question #327

A company has an application that uses a scheduled AWS Lambda function to retrieve datasets from external sources over the internet. The function is not associated with a VPC. The company is modifying the application to store the information that the Lambda function retrieves on an Amazon RDS DB instance in a private subnet. The VPC has two public subnets and two private subnets.

A SysOps administrator must deploy a solution that allows the Lambda function to access the new database and continue to access the internet.

Which solution meets these requirements?

• A. Create a new Lambda function with VPC access and an Elastic IP address. Attach the function to public subnets in two Availability Zones. Associate a security group with the Elastic IP address. Configure the security group outbound rules to allow Lambda to access the required resources.
• B. Create a new Lambda function with VPC access and two public IP addresses. Attach the function to public subnets in the same Availability Zones that the database uses. Associate a security group with the function. Configure the security group inbound rules to allow Lambda to access the required resources.
• C. Reconfigure the Lambda function for VPC access. Add NAT gateways to the public subnets in the VPAdd route table entries in the private subnets to route through the NAT gateways to the internet. Attach the function to the private subnets that support the database. Associate a security group with the function. Configure the security group outbound rules to allow Lambda to access the internet.
• D. Reconfigure the Lambda function for VPC access. Attach the function to the private subnets. Add route table entries in the private subnets to route through the internet gateway to the internet. Associate a security group with the subnets. Configure the security group inbound rules to allow Lambda to access the required resources through the internet gateway.

Correct Answer: C

Community vote distribution

C (100%)

Question #328

A company is running production workloads that use a Multi-AZ deployment of an Amazon RDS for MySQL db.m6g.xlarge (general purpose) standard DB instance. Users report that they are frequently encountering a “too many connections” error. A SysOps administrator observes that the number of connections on the database is high.

The SysOps administrator needs to resolve this issue while keeping code changes to a minimum.

Which solution will meet these requirements MOST cost-effectively?

• A. Modify the RDS for MySQL DB instance to a larger instance size.
• B. Modify the RDS for MySQL DB instance to Amazon DynamoDB.
• C. Configure RDS Proxy. Modify the application configuration file to use the RDS Proxy endpoint.
• D. Modify the RDS for MySQL DB instance to a memory optimized DB instance.

Correct Answer: C

Community vote distribution

C (100%)

Question #329

A company has multiple Amazon EC2 instances that run a resource-intensive application in a development environment. A SysOps administrator is implementing a solution to stop these EC2 instances when they are not in use.

Which solution will meet this requirement?

• A. Assess AWS CloudTrail logs to verify that there is no EC2 API activity. Invoke an AWS Lambda function to stop the EC2 instances.
• B. Create an Amazon CloudWatch alarm to stop the EC2 instances when the average CPU utilization is lower than 5% for a 30-minute period.
• C. Create an Amazon CloudWatch metric to stop the EC2 instances when the VolumeReadBytes metric is lower than 500 for a 30-minute period.
• D. Use AWS Config to invoke an AWS Lambda function to stop the EC2 instances based on resource configuration changes.

Correct Answer: B

Community vote distribution

B (100%)

Question #330

A company has a web application with a database tier that consists of an Amazon EC2 instance that runs MySQL. A SysOps administrator needs to minimize potential data loss and the time that is required to recover in the event of a database failure.

What is the MOST operationally efficient solution that meets these requirements?

• A. Create an Amazon CloudWatch alarm for the StatusCheckFailed_System metric to invoke an AWS Lambda function that stops and starts the EC2 instance.
• B. Create an Amazon RDS for MySQL Multi-AZ DB instance. Use a MySQL native backup that is stored in Amazon S3 to restore the data to the new database. Update the connection string in the web application.
• C. Create an Amazon RDS for MySQL Single-AZ DB instance with a read replica. Use a MySQL native backup that is stored in Amazon S3 to restore the data to the new database. Update the connection string in the web application
• D. Use Amazon Data Lifecycle Manager (Amazon DLM) to take a snapshot of the Amazon Elastic Block Store (Amazon EBS) volume every hour. In the event of an EC2 instance failure, restore the EBS volume from a snapshot.

Correct Answer: B

Community vote distribution

D (79%)

14%

7%

Question #331

A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A SysOps administrator needs to keep the instances and all of the instances’ data, even if someone deletes the stack.

Which solution will meet these requirements?

• A. Set the DeletionPolicy attribute to Snapshot for the EC2 instance resource in the CloudFormation template.
• B. Automate backups by using Amazon Data Lifecycle Manager (Amazon DLM).
• C. Create a backup plan in AWS Backup.
• D. Set the DeletionPolicy attribute to Retain for the EC2 instance resource in the CloudFormation template.

Correct Answer: D

Community vote distribution

D (67%)

A (33%)

Question #332

Accompany wants to monitor the number of Amazon EC2 instances that it is running. The company also wants to automate a service quota increase when the number of instances reaches a specific threshold.

Which solution meets these requirements?

• A. Create an Amazon CloudWatch alarm to monitor Service Quotas. Configure the alarm to invoke an AWS Lambda function to request a quota increase when the alarm reaches the threshold.
• B. Create an AWS Config rule to monitor Service Quotas. Call an AWS Lambda function to remediate the action and increase the quota.
• C. Create an Amazon CloudWateh alarm to monitor the AWS Health Dashboard. Configure the alarm to invoke an AWS Lambda function to request a quota increase when the alarm reaches the threshold.
• D. Create an Amazon CloudWatch alarm to monitor AWS Trusted Advisor service quotas. Configure the alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to increase the quota.

Correct Answer: A

Community vote distribution

A (64%)

D (36%)

Question #333

A SysOps administrator is responsible for more than 50 Amazon EC2 instances that are deployed in a single production AWS account. The EC2 instances are running several different operating systems. The company’s standards require patching to be completed at least once a month.

The SysOps administrator wants to use AWS Systems Manager to reduce the number of hours the company spends on operating system patching each month.

Which combination of steps should the SysOps administrator take to meet these requirements? (Choose three.)

• A. Group similar EC2 instances together into resource groups by using AWS Resource Groups.
• B. Create a schedule in Systems Manager Patch Manager. Specify the appropriate resource group as the target.
• C. Specify Systems Manager Automation runbooks to patch the operating systems. Register the runbooks as tasks in the maintenance window. Specify the appropriate resource group as the target.
• D. Create a Systems Manager Automation runbook to monitor and control the state of the patches required. Apply the runbook to Systems Manager Patch Manager.
• E. Create a single Systems Manager maintenance window for each resource group.
• F. Configure Systems Manager Fleet Manager to apply a Systems Manager Automation runbook to the appropriate resource group.

Correct Answer: ABE

Community vote distribution

ACE (70%)

ABC (30%)

Question #334

A company has multiple AWS accounts. The company uses AWS Organizations with an organizational unit (OU) for the production account and another OU for the development account. Corporate policies state that developers may use only approved AWS services in the production account.

What is the MOST operationally efficient solution to control the production account?

• A. Create a customer managed policy in AWS Identity and Access Management (IAM). Apply the policy to all users within the production account.
• B. Create a job function policy in AWS Identity and Access Management (IAM). Apply the policy to all users within the production OU.
• C. Create a service control policy (SCP). Apply the SCP to the production OU.
• D. Create an IAM policy. Apply the policy in Amazon API Gateway to restrict the production account.

Correct Answer: C

Community vote distribution

C (100%)

Question #335

A company has applications that process transaction requests multiple times each minute. The applications write transaction data to a single Amazon RDS DB instance. As the company begins to process more transactions, the company becomes concerned that it has no failover solution in place for disaster recovery (DR). The company needs the DB instance to fail over automatically without losing any committed transactions.

Which solution will meet these requirements?

• A. Create an RDS read replica in the same AWS Region. Configure an AWS Lambda function to promote the replica as the primary DB instance during a DR scenario.
• B. Create an RDS read replica in a different AWS Region. Configure an AWS Lambda function to promote the replica as the primary DB instance during a DR scenario.
• C. Modify the DB instance to be a Multi-AZ deployment.
• D. Setup an Amazon CloudWatch alarm that monitors the DB instance memory utilization with a threshold greater than 90%. Invoke an AWS Lambda function to restart the DB instance.

Correct Answer: C

Community vote distribution

C (75%)

B (25%)

Question #336

ASysOps administrator configures an application to run on Amazon EC2 instances behind an Application Load Balancer (ALB) in a simple scaling Auto Scaling group with the default settings. The Auto Scaling group is configured to use the RequestCountPerTarget metric for scaling. The SysOps administrator notices that the RequestCountPerTarget metric exceeded the specified limit twice in 180 seconds.

How will the number of EC2 instances in this Auto Scaling group be affected in this scenario?

• A. The Auto Scaling group will launch an additional EC2 instance every time the RequestCountPerTarget metric exceeds the predefined limit.
• B. The Auto Scaling group will launch one EC2 instance and will wait for the default cooldown period before launching another instance.
• C. The Auto Scaling group will send an alert to the ALB to rebalance the traffic and not add new EC2 instances until the load is normalized.
• D. The Auto Scaling group will try to distribute the traffic among all EC2 instances before launching another instance.

Correct Answer: B

Community vote distribution

B (100%)

Question #337

A company has a secure website running on Amazon EC2 instances behind an Application Load Balancer (ALB). An SSL certificate from AWS Certificate Manager (ACM) is used on the ALB. Users with legacy web browsers are experiencing issues with the website.

How should the SysOps administrator resolve these issues in the MOST operationally efficient manner?

• A. Create a new SSL certificate in ACM and install the new certificate on the ALB to support legacy web browsers.
• B. Create a second ALB and install a custom SSL certificate with a different domain name on the second ALB to support legacy web browsers.
• C. Remove the ALB from the configuration and install a custom SSL certificate on each web server.
• D. Update the SSL negotiation configuration of the ALB with a security policy that contains ciphers for legacy web browsers.

Correct Answer: D

Community vote distribution

D (100%)

Question #338

A company hosts an internet web application on Amazon EC2 instances. The company is replacing the application with a new AWS Lambda function. During a transition period, the company must route some traffic to the legacy application and some traffic to the new Lambda function. The company needs to use the URL path of request to determine the routing.

Which solution will meet these requirements?

• A. Configure a Gateway Load Balancer to use the URL path to direct traffic to the legacy application and the new Lambda function.
• B. Configure a Network Load Balancer to use the URL path to direct traffic to the legacy application and the new Lambda function.
• C. Configure a Network Load Balancer to use a regular expression to match the URL path to direct traffic to the new Lambda function.
• D. Configure an Application Load Balancer to use the URL path to direct traffic to the legacy application and the new Lambda function.

Correct Answer: D

Community vote distribution

D (100%)

Question #339

A SysOps administrator launches an Amazon EC2 Linux instance in a public subnet. When the instance is running, the SysOps administrator obtains the public IP address and attempts to remotely connect to the Instance multiple times. However, the SysOps administrator always receives a timeout error.

Which action will allow the SysOps administrator to remotely connect to the instance?

• A. Add a route table entry in the public subnet for the SysOps administrator’s IP address.
• B. Add an outbound network ACL rule to allow TCP port 22 for the SysOps administrator’s IP address.
• C. Modify the instance security group to allow inbound SSH traffic from the SysOps administrator’s IP address.
• D. Modify the instance security group to allow outbound SSH traffic to the SysOps administrator’s IP address.

Correct Answer: C

Community vote distribution

C (100%)

Question #340

SIMULATION

–

Instructions.

If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the console by using the AWS Management Console shortcut from the VM desktop.

If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C, Command-V.

Create a solution to automate Amazon EBS Volume snapshots using Amazon Data Lifecycle Manager.

1. Use the us-east-2 Region for all resources.

2. Unless specified below, use the default configuration settings.

3. Create a snapshot of the existing EBS Volume named OriginalVolume.

4. Create a 1 GB EBS Volume from the snapshot with default encryption.

5. Add the tag Snapshot: true to the new EBS Volume.

6. Ensure that snapshots of all volumes with the tag Snapshot:true are taken every 6 hours and retained for 90 days. Do NOT use a cron expression. Ensure this is the only lifecycle policy that exists. Use the IAM role named DLMRole.

Important: Click the Next button to complete this lab and continue to the next lab. Once you click the Next button, you will NOT be able to return to this lab.

Correct Answer: 

Question #341

SIMULATION

–

Instructions.

If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the console by using the AWS Management Console shortcut from the VM desktop.

If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C, Command-V.

Use the following configuration requirements to create an Amazon DynamoDB Accelerator (DAX) cluster and modify an existing DynamoDB table.

1. Use the us-east-2 Region for all resources.

2. Use the default configuration settings unless different settings are specified in the following instructions.

3. Configure a DAX cluster to expire cached data items after 240 seconds and to expire cached queries after 120 seconds. ***Note: Configure these values before you finalize creation of the cluster. Otherwise, you will have to wait until cluster creation is complete before you can do this step.

4. Create a three-node DynamoDB DAX cluster that is named DaxLabCluster:

a. Use dax.t3.small instances.

b. Use the LabVPC VPC and the PrimaryPrivateSubnet and FailoverPrivateSubnet subnets.

c. Use the LabDAXSG security group.

d. Configure the DAX cluster to use the DynamoDBAccessRole IAM role.

5. Modify the LabDynamoDBTable DynamoDB table so that the table uses on-demand capacity.

Note: Do NOT wait until cluster creation is complete before you submit this exam lab.

Important: Click the Next button to complete this lab and continue to the next lab. Once you click the Next button, you will NOT be able to return to this lab.

Correct Answer: 

Question #342

A company runs a high performance computing (HPC) application on an Amazon EC2 instance. The company needs to scale this architecture to two or more EC2 instances. The EC2 instances will need to communicate with each other at high speeds with low latency to support the application.

The company wants to ensure that the network performance can support the required communication between the EC2 instances

What should a SysOps administrator do to meet these requirements?

• A. Create a cluster placement group. Back up the existing EC2 instance to an Amazon Machine Image (AMI). Restore the EC2 instance from the AMI into the placement group. Launch the additional EC2 instances into the placement group.
• B. Back up the existing EC2 instance to an Amazon Machine Image (AMI). Create a launch template from the existing EC2 instance by specifying the AMI. Create an Auto Scaling group and configure the desired instance count.
• C. Create a Network Load Balancer (NLB) and a target group. Launch the new EC2 instances and register them with the target group. Register the existing EC2 instance with the target group. Pass all application traffic through the NLB.
• D. Back up the existing EC2 instance to an Amazon Machine Image (AMI). Create additional clones of the EC2 instance from the AMI in the same Availability Zone where the existing EC2 instance is located.

Correct Answer: A

Community vote distribution

A (100%)

Question #343

A developer creates an AWS Lambda function that runs when an object is put into an Amazon S3 bucket. The function reformats the object and places the object back into the S3 bucket. During testing, the developer notices a recursive invocation loop. The developer asks a SysOps administrator to immediately stop the recursive invocations.

What should the SysOps administrator do to stop the loop without errors?

• A. Delete all the objects from the S3 bucket.
• B. Set the function’s reserved concurrency to 0.
• C. Update the S3 bucket policy to deny access for the function.
• D. Publish a new version of the function.

Correct Answer: C

Community vote distribution

B (100%)

Question #344

A company has an application that runs behind an Application Load Balancer (ALB) in the us-west-2 Region. An Amazon Route 53 record set contains an alias record for app.anycompany.com that references the ALB in us-west-2 and uses a simple routing policy. The application is experiencing an increase in users from other locations in the world. These users are experiencing high latency.

Most of the new users are close to the ap-southeast-2 Region. The company deploys a copy of the application to ap-southeast-2. A SysOps administrator must implement a solution that automatically routes requests to the lowest latency endpoint for users without changing the URL.

Which solution will meet these requirements?

• A. Add a new value to the existing alias record for app.anycompany.com with the DNS name of the new ALB in ap-southeast-2.
• B. Change the existing alias record to use a geolocation routing policy. Create two geolocation records, one record that references each ALSelect the location that is closest to each Region.
• C. Change the existing alias record to use a latency routing policy. Create two latency records, one record that references each ALB.
• D. Change the existing alias record to use a multivalue routing policy Add the DNS name of each ALB to the record.

Correct Answer: D

Community vote distribution

C (100%)

Question #345

A company stores files on 50 Amazon S3 buckets in the same AWS Region. The company wants to connect to the S3 buckets securely over a private connection from its Amazon EC2 instances. The company needs a solution that produces no additional cost.

Which solution will meet these requirements?

• A. Create a gateway VPC endpoint for each S3 bucket. Attach the gateway VPC endpoints to each subnet inside the VPC.
• B. Create an interface VPC endpoint for each S3 bucket. Attach the interface VPC endpoints to each subnet inside the VPC.
• C. Create one gateway VPC endpoint for all the S3 buckets. Add the gateway VPC endpoint to the VPC route table.
• D. Create one interface VPC endpoint for all the S3 buckets. Add the interface VPC endpoint to the VPC route table.

Correct Answer: C

Community vote distribution

C (100%)

Question #346

A company’s security policy states that connecting to Amazon EC2 instances is not permitted through SSH and ROP. If access is required, authorized staff can connect to instances by using AWS Systems Manager Session Manager.

Users report that they are unable to connect to one specific Amazon EC2 instance that is running Ubuntu and has AWS Systems Manager Agent (SSM Agent) pre-installed. These users are able to use Session Manager to connect to other instances in the same subnet, and they are in an IAM group that has Session Manager permission for all instances.

What should a SysOps administrator do to resolve this issue?

• A. Add an inbound rule for port 22 in the security group associated with the Ubuntu instance.
• B. Assign the AmazonSSMManagedInstanceCore managed policy to the EC2 instance profile for the Ubuntu instance.
• C. Configure the SSM Agent to log in with a user name of “ubuntu”.
• D. Generate a new key pair, configure Session Manager to use this new key pair, and provide the private key to the users.

Correct Answer: B

Community vote distribution

B (100%)

Question #347

A SysOps administrator is configuring Amazon CloudWatch alarms. A particular is constantly in the ALARM state.

What could be the reason for this issue?

• A. Alarms continue to evaluate metrics against configured thresholds, even after they are triggered.
• B. After alarms are triggered, they remain in the ALARM state until they are manually disabled.
• C. After an alarm is triggered and an action is performed, the application logic must reset the alarm to its normal state.
• D. The alarm is not receiving appropriate metrics.

Correct Answer: C

Community vote distribution

A (100%)

Question #348

A company has set up an IPsec tunnel between its AWS environment and its on-premises data center. The tunnel is reporting as UP, but the Amazon EC2 instances are not able to ping any on-premises resources.

What should a SysOps administrator do to resolve this issue?

• A. Create a new inbound rule on the EC2 instances’ security groups to allow ICMP traffic from the on-premises CIDR.
• B. Create a peering connection between the IPsec tunnel and the subnet of the EC2 instances.
• C. Enable route propagation for the virtual private gateway in the route table that is assigned to the subnet of the EC2 instances.
• D. Modify the VPC’s DHCP options set. Add the IPsec tunnel to the VPN section.

Correct Answer: C

Community vote distribution

C (100%)

Question #349

A company hosts a production MySQL database on an Amazon Aurora single-node DB cluster. The database is queried heavily for reporting purposes. The DB cluster is experiencing periods of performance degradation because of high CPU utilization and maximum connections errors. A SysOps administrator needs to improve the stability of the database.

Which solution will meet these requirements?

• A. Create an Aurora Replica node. Create an Auto Scaling policy to scale replicas based on CPU utilization. Ensure that all reporting requests use the read-only connection string
• B. Create a second Aurora MySQL single-node DB cluster in a second Availability Zone. Ensure that all reporting requests use the connection string for this additional node
• C. Create an AWS Lambda function that caches reporting requests. Ensure that all reporting requests call the Lambda function
• D. Create a multi-node Amazon ElastiCache cluster. Ensure that all reporting requests use the ElastiCache cluster. Use the database if the data is not in the cache.

Correct Answer: D

Community vote distribution

A (100%)

Question #350

A company runs a web application that users access using the name www example com. The company manages the domain name example.com using Amazon Route 53. The company created an Amazon CloudFront distribution in front of the application and would like www.example.com to access the application through CloudFront.

What is the MOST cost-effective way to achieve this?

• A. Create a CNAME record in Amazon Route 53 that points to the CloudFront distribution URL.
• B. Create an ALIAS record in Amazon Route 53 that points to the CioudFront distribution URL.
• C. Create an A record in Amazon Route 53 that points to the public IP address of the web application,
• D. Create a PTR record in Amazon Route 53 that points to the public IP address of the web application.

Correct Answer: B

Community vote distribution

B (100%)

Question #351

A company is managing multiple AWS accounts in AWS Organizations. The company is reviewing internal security of its AWS environment. The company’s security administrator has their own AWS account and wants to review the VPC configuration of developer AWS accounts.

Which solution will meet these requirements in the MOST secure manner?

• A. Create an IAM policy in each developer account that has read-only access related to VPC resources. Assign the policy to an IAM user. Share the user credentials with the security administrator.
• B. Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC actions. Assign the policy to an IAM user. Share the user credentials with the security administrator.
• C. Create an IAM policy in each developer account that has administrator access related to VPC resources. Assign the policy to a cross-account IAM role. Ask the security administrator to assume the role from their account.
• D. Create an IAM policy in each developer account that has read-only access related to VPC resources. Assign the policy to a cross-account IAM role. Ask the security administrator to assume the role from their account.

Correct Answer: A

Community vote distribution

D (83%)

C (17%)

Question #352

A company wants to monitor the security groups of its Amazon EC2 instances to ensure that SSH is not open to the public. If the port is opened, the company needs to close the port as soon as possible.

Which combination of actions should a SysOps administrator take to meet these requirements? (Choose two.)

• A. Add an Amazon CloudWatch alarm to detect the security groups that allow SSH.
• B. Add an AWS Config rule to detect the security groups that allow SSH.
• C. Add an assessment template to Amazon Inspector to detect the security groups that allow SSH.
• D. Call an AWS Systems Manager Automation runbook to close the port.
• E. Call AWS Systems Manager Run Command to close the port.

Correct Answer: DC

Community vote distribution

BD (93%)

7%

Question #353

A company runs an application on Amazon EC2 instances that are in an Amazon EC2 Auto Scaling group. Scale-out actions take a long time to become complete because of long-running boot scripts. A SysOps administrator must implement a solution to reduce the required time for scale-out actions without overprovisioning the Auto Scaling group.

Which solution will meet these requirements?

• A. Change the launch configuration to use a larger instance size.
• B. Increase the minimum number of instances in the Auto Scaling group.
• C. Add a predictive scaling policy to the Auto Scaling group.
• D. Add a warm pool to the Auto Scaling group.

Correct Answer: C

Community vote distribution

D (100%)

Question #354

A company asks a SysOps administrator to provision an additional environment for an application in four additional AWS Regions. The application is running on more than 100 Amazon C2 instances in the us-east-1 Region, using fully configured Amazon Machine Images (AMIs). The company has an AWS CloudFormation template to deploy resources in us-east-1.

What should the SysOps administrator do to provision the application in the MOST operationally efficient manner?

• A. Copy the AMI to each Region by using the aws ec2 copy-image command. Update the CloudFormation template to include mappings for the copied AMIs.
• B. Create a snapshot of the running instance. Copy the snapshot to the other Regions. Create an AMI from the snapshots. Update the CloudFormation template for each Region to use the new AMI.
• C. Run the existing CloudFormation template in each additional Region based on the success of the template that is used currently in us-east-1.
• D. Update the CloudF ormation template to include the additional Regions in the Auto Scaling group. Update the existing stack in us-east-1.

Correct Answer: A

Community vote distribution

A (100%)

Question #355

A company runs its applications on a large number of Amazon EC2 instances. A SysOps administrator must implement a solution to notify the operations team whenever an EC2 instance state changes.

What is the MOST operationally efficient solution that meets these requirements?

• A. Create a script that captures instance state changes and publishes a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Use AWS Systems Manager Run Command to run the script on all EC2 instances.
• B. Create an Amazon EventBridge event rule that captures EC2 instance state changes. Set an Amazon Simple Notification Service (Amazon SNS) topic as the target
• C. Create an Amazon EventBridge event rule that captures EC2 instance state changes. Set as the target an AWS Lambda function that publishes a notification to an Amazon Simple Notification Service (Amazon SNS) topic.
• D. Create an AWS Config custom rule that evaluates instance state changes with automatic remediation. Use the rule to invoke an AWS Lambda function that publishes a notification to an Amazon Simple Notification Service (Amazon SNS) topic.

Correct Answer: C

Community vote distribution

B (100%)

Question #356

A company has migrated its legacy on-premises web application to an Amazon EC2 instance. The web application requires a single static public IP address to accept traffic and process requests. End users must be able to reach the web application through the example.com domain. A SysOps administrator must implement a solution that maintains the web application with the least amount of effort.

Which combination of actions will meet these requirements? (Choose two.)

• A. Configure an Application Load Balancer (ALB). Add the EC2 instance to a target group that is associated with the ALB.
• B. Create an Amazon Route 53 A record for the associated EC2 IP address.
• C. Create an Amazon Route 53 CNAME record for the associated EC2 IP address.
• D. Create an Elastic IP address, and associate it with the EC2 instance.
• E. Create an Auto Scaling group with a minimum capacity of 1 and a maximum capacity of 2.

Correct Answer: BC

Community vote distribution

BD (100%)

Question #357

A company is using an Amazon DynamoDB table for data. A SysOps administrator must configure replication of the table to another AWS Region for disaster recovery.

What should the SysOps administrator do to meet this requirement?

• A. Enable DynamoDB Accelerator (DAX).
• B. Enable DynamoDB Streams, and add a global secondary index (GSI).
• C. Enable DynamoDB Streams, and add a global table Region.
• D. Enable point-in-time recovery.

Correct Answer: C

Community vote distribution

C (100%)

Question #358

A company has an existing public web application for www.example.com. The Application Load Balancer (ALB) is configured with a single HTTP 80 listener. A SysOps administrator must ensure that all web requests to www.example.com are encrypted between the client and the ALB.

The SysOps administrator already has requested and validated a public certificate for www.example.com in AWS Certificate Manager (ACM). Existing users of the application must not be required to change the endpoint to which they are connecting.

Which additional set of steps should the SysOps administrator take to meet these requirements?

• A. Create an additional ALB listener for HTTPS on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate.
• B. Create an additional ALB listener for HTTPS on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate. Delete the original HTTP listener on port 80.
• C. Modify the ALB default rule for the HTTP port 80 listener. Create a rule in the listener to forward all traffic for the host www example.com to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate.
• D. Modify the ALB default rule for the HTTP port 80 listener to redirect to HTTPS on port 443. Create an additional HTTPS listener on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www example.com as the default SSL certificate.

Correct Answer: C

Community vote distribution

D (100%)

Question #359

A company runs its entire suite of applications on Amazon EC2 instances. The company plans to move the applications to containers and AWS Fargate. Within 6 months, the company plans to retire its EC2 instances and use only Fargate. The company has been able to estimate its future Fargate costs.

A SysOps administrator needs to choose a purchasing option to help the company minimize costs. The SysOps administrator must maximize any discounts that are available and must ensure that there are no unused reservations.

Which purchasing option will meet these requirements?

• A. Compute Savings Plans for 1 year with the No Upfront payment option
• B. Compute Savings Plans for 1 year with the Partial Upfront payment option
• C. EC2 Instance Savings Plans for 1 year with the All Upfront payment option
• D. EC2 Reserved Instances for 1 year with the Partial Upfront payment option

Correct Answer: D

Community vote distribution

B (60%)

A (40%)