MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: The Security team has decided that there will be no public internet access to HTTP (TCP port 80) because if it is moving to HTTPS for all incoming web traffic. The team has asked a SysOps Administrator to provide a report on any security groups that are not compliant.What should the SysOps Administrator do to provide near real-time compliance reporting?
Question2: A SysOps Administrator must ensure all Amazon EBS volumes currently in use, and those created in the future, are encrypted with a specific AWS KMS customer master key (CMK).What is the MOST efficient way for the Administrator to meet this requirement?
Question3: A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps Administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the Administrator to alter the application code.The MOST effective way to reduce latency is to relaunch the EC2 instances in:
Question4: Based on the AWS Shared Responsibility Model, which of the following actions are the responsibility of the customer for an Aurora database?
Question5: A Security team is concerned about the potential of intellectual property leaking to the internet. A SysOps Administrator is tasked with identifying controls to address the potential problem. The servers in question reside in a VPC and cannot be allowed to send traffic to the internet.How can these requirements be met?
Question6: A company is operating a multi-account environment under a single organization using AWS Organizations.The Security team discovers that some employees are using AWS services in ways that violate company policies. A SysOps Administrator needs to prevent all users of an account, including the root user, from performing certain restricted actions.What should be done to accomplish this?
Question7: A company is using an AWS KMS customer master key (CMK) with imported key material. The company references the CMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months What is the process to rotate the key?
Question8: An application running on Amazon EC2 allows users to launch batch jobs for data analysis. The jobs are run asynchronously, and the user is notified when they are complete. While multiple jobs can run concurrently, a user's request need not be fulfilled for up to 24 hours. To run a job, the application launches an additional EC2 instance that performs all the analytics calculations. A job takes between 75 and 110 minutes to complete and cannot be interrupted.What is the MOST cost-effective way to run this workload?
Question9: A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only All traffic must be over the AWS private network What actions should the SysOps Administrator take to meet these requirements?
Question10: A company has deployed a fleet of Amazon EC2 web servers for the upcoming release of a new product. The SysOps Administrator needs to test the Amazon CloudWatch notification settings for this deployment to ensure that a notification is sent using Amazon SNS if the CPU utilization of an EC2 instance exceeds 70%.How should the Administrator accomplish this?
Question11: A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials. The application is deployed using AWS CloudFormation to three separate environments development test, and production Each environment requires unique credentials for external services What option securely provides the application with the needed credential while requiring MINIMAL administrative overhead?
Question12: A SysOps Administrator needs to control access to groups of Amazon EC2 instances. Specific tags on the EC2 instances have already been added. Which additional actions should the Administrator take to control access?(Select TWO)
Question13: A development team recently deployed new version of a web application to production. After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data.Which AWS service will mitigate this issue?
Question14: A company has received a notification in its AWS Personal Health Dashboard that one of its Amazon EBS-backed Amazon EC2 instances is on hardware that is scheduled maintenance The instance runs a critical production workload that must be available during normal business hours Which steps will ensure that the instance maintenance does not produce an outage?
Question15: A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to1 in Amazon CloudWatch.What is MOST likely causing this issue?
Question16: A web application accepts orders from online users and places the orders into an Amazon SQS queue. Amazon EC2 instances in an EC2 Auto Scaling group read the messages from the queue, process the orders, and email order confirmations to the users. The Auto Scaling group scales up and down based on the queue depth. At the beginning of each business day, users report confirmation emails are delayed.What action will address this issue?
Question17: A SySOps Administrator is managing an AWS account where Developers are authorized to launch Amazon EC2 instances to test new code. To limit costs, the Administrator must ensure that the EC2 instances in the account are terminated 24 hours after launch.How should the Administrator meet these requirements?
Question18: A Systems Administrator is responsible for maintaining custom, approved AMIs for a company. These AMIs must be shared with each of the company's AWS accounts.How can the Administrator address this issue?
Question19: A SysOps Administrator has configured a CloudWatch agent to send custom metrics to Amazon CloudWatch and is now assembling a CloudWatch dashboard to display these metrics.What steps should be the Administrator take to complete this task?
Question20: A SysOps Administrator is maintaining a web application using an Amazon Cloud Front web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have services have logging enabled. The Administrator needs to investigate HTTP Layer 7 status codes from the web application.Which log source contain the status codes? (Select TWO.)
Question21: A Security and Compliance team is reviewing Amazon EC2 workloads for unapproved AMI usage.Which action should a SysOps Administrator recommend?
Question22: An Applications team has successfully deployed an AWS CloudFormation stack consisting of 30 t2-medium Amazon EC2 instances in the us-west-2 Region. When using the same template to launch a stack in us-east-2, the launch failed and rolled back after launching only 10 EC2 instances.What is a possible cause of this failure?
Question23: After a network change, application servers cannot connect to the corresponding Amazon RDS MySQL database.What should the SysOps Administrator analyze?
Question24: An e-commerce company wants to lower costs on its nightly jobs that aggregate the current day's sales and store the results in Amazon S3. The jobs are currently run using multiple on-demand instances and the job take just under 2 hours to complete. If a job fails for any reason, it needs to be restarted from the beginning.What method is the MOST cost effective based on these requirements?
Question25: An application is running on multiple EC2 instances. As part of an initiative to improve overall infrastructure security, the EC2 instances were moved to a private subnet. However, since moving, the EC2 instances have not been able to automatically update, and a SysOps Administrator has not been able to SSH into them remotely.Which two actions could the Administrator take to securely resolve these issues? (Choose two.)
Question26: A serverless application running on AWS Lambda is expected to receive a significant increase in traffic. A SysOps Administrator needs to ensure that the Lambda function is configured to scale so the application can process the increased traffic.What should the Administrator do to accomplish this?
Question27: A company is running multiple AWS Lambda functions in a non-VPC environment. Most of the functions are application-specific; an operational function is involved synchronously every hour.Recently, the Applications team deployed new functions that are triggered based on an Amazon S3 event to process multiple files that are uploaded to an S3 bucket simultaneously. The SysOps Administrator notices that the operational function occasionally fails to execute due to throttling.What step should the Administrator take to make sure that the operational function executes?
Question28: A company's Auditor implemented a compliance requirement that all Amazon S3 buckets must have logging enabled.How should the SysOps Administrator ensure this compliance requirement is met, while still permitting Developers to create and use new S3 buckets?
Question29: Company A purchases company B and inherits three new AWS accounts. Company A would like to centralize billing and reserved instance benefits but wants to keep all other resources separate.How can this be accomplished?
Question30: A company has a web application that is used across all company divisions. Each application request contains a header that includes the name of the division making the request. The SysOps Administrator wants to identify and count the requests from each division.Which condition should be added to the web ACL of the AWS WAF to accomplish this?
Question31: A SysOps Administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a company's account. The Administrator must be alerted to potential issues. What should the Administrator do to receive email alerts before low storage space affects EC2 instance performance?
Question32: A SysOps Administration team is supporting an applications that stores a configuration file in an Amazon S3 bucket Previous revisions of the configuration file must be maintained for change control and rollback How should the S3 bucket be configured to meet these requirements?
Question33: A fleet of servers must send local logs to Amazon CloudWatch.How should the servers be configured to meet this requirement?
Question34: A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company's AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.What should be done to accomplish this?
Question35: A company wants to reduce costs across the entire company after discovering that several AWS accounts were using unauthorized services and incurring extremely high costs.Which AWS service enables the company to reduce costs by controlling access to AWS services for all AWS accounts?
Question36: A SysOps Administrator must set up notifications for whenever combined billing exceeds a certain threshold for all AWS accounts within a company. The Administrator has set up AWS Organizations and enabled Consolidated Billing.Which additional steps must the Administrator perform to set up the billing alerts?
Question37: A VPC is connected to a company data center by a VPN. An Amazon EC2 instance with the IP address172.31.16.139 is within a private subnet of the VPC. A SysOps Administrator issued a ping command to the EC2 instance from an on-premises computer with the IP address 203.0.113.12 and did not receive an acknowledgment. VPC Flow Logs were enabled and showed the following:What action will resolve the issue?
Question38: An application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instance in an Auto Scaling group that terminates unhealthy instances. The Auto Scaling group is configured to determine the health status of EC2 instances using both EC2 status checks and ALB checks. The Development team wants to analyze the unhealthy instances before termination.What should the SysOps Administrator do to accomplish this?
Question39: A company is running critical applications on Amazon EC2 instances. The company needs to ensure its resources are automatically recovered if they become impaired due to an underlying hardware failure.Which service can be used to monitor and recover the EC2 instances?
Question40: A SysOps Administrator receives an email from AWS about a production Amazon EC2 instance backed by Amazon EBS that is on a degraded host scheduled for retirement. The scheduled retirement occurs during business-critical hours.What should be done to MINIMIZE disruption to the business?
Question41: A company has adopted a security policy that requires all customer data to be encrypted at rest. Currently, customer data is stored on a central Amazon EFS file system and accessed by a number of different applications from Amazon EC2 instances.How can the SysOps Administrator ensure that all customer data stored on the EFS file system meets the new requirement?
Question42: A SysOps Administrator must find a way to set up alerts when Amazon EC2 service limits are close to being reached.How can the Administrator achieve this requirement?
Question43: A company's finance department wants to receive a monthly report showing AWS resource usage by department. Which solution should be used to meet the requirements?
Question44: In configuring an Amazon Route 53 health check, a SysOps Administrator selects 'Yes' to the String Matching option in the Advanced Configuration section. In the Search String box, the Administrator types the following text: /html.This is to ensure that the entire page is loading during the health check. Within 5 minutes of enabling the health check, the Administrator receives an alert stating that the check failed. However, when the Administrator navigates to the page, it loads successfully.What is the MOST likely cause of this false alarm?
Question45: A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.How should the Administrator ensure that this is done?
Question46: A SysOps Administrator is troubleshooting an AWS CloudFormation template whereby multiple Amazon EC2 instances are being created. The template is working in us-east-1, but it is failing in us-west-2 with the error code:AMI [ami-12345678] does not exist.How should the Administrator ensure that the AWS CloudFormation template is working in every region?
Question47: A company's static website hosted on Amazon S3 was launched recently, and is being used by tens of thousands of users. Subsequently, website users are experiencing 503 service unavailable errors.Why are these errors occurring?
Question48: A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones. The application uses an Amazon RDS Multi-AZ DB Instance. Amazon Route 53 record sets route requests for dynamic content to the load balancer and requests for static content to an Amazon S3 bucket. Site visitors are reporting extremely long loading times.Which actions should be taken to improve the performance of the website? (Choose two.)
Question49: A company's website went down for several hours. The root cause was a full disk on one of the company's Amazon EC2 instances.Which steps should the SysOps Administrator take to prevent this from happening in this future?
Question50: A company has enabled AWS CloudTrail to monitor all actions across its AWS infrastructure The company would now like to add functionality to validate the file integrity of the collected AWS CloudTrail logs How should the SysOps Administrator implement this requirement?
Question51: A SysOps Administrator must secure AWS CloudTrail logs. The Security team is concerned that an employee may modify or attempt to delete CloudTrail log files from its Amazon S3 bucket.Which practices ensure that the log files are available and unaltered? (Choose two.)
Question52: A SysOps Administrator is configuring AWS SSO tor the first time. The Administrator has already created a directory in the master account using AWS Directory Service and enabled full access in AWS Organizations What should the Administrator do next to configure the service?
Question53: A new Amazon Redshift Spectrum Cluster has been launched for a team of Business Analysis. When the team attempts to use the cluster to query the data in Amazon S3, they receive the following error:What is one cause of this?
Question54: The Security team at AnyCompany discovers that some employees have been using individual AWS accounts that are not under the control of AnyCompany. The team has requested that those individual accounts be linked to the central organization using AWS Organizations.Which action should a SysOps Administrator take to accomplish this?
Question55: A SysOps Administrator has been asked to configure user-defined cost allocation tags for a new AWS account. The company is using AWS Organizations for account management.What should the Administrator do to enable user-defined cost allocation tags?
Question56: Company issued SSL certificates to its users, and needs to ensure the private keys that are used to sign the certificates are encrypted. The company needs to be able to store the private and perform cryptographic signing operations in a secure environment.Which service should be used to meet these requirements?
Question57: A company is concerned about a security vulnerability impacting its Linux operating system.What should the SysOps Administrator do to alleviate this concern?
Question58: A company is releasing a now static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded, however, upon navigating to the site, the following error message is received:403 Forbiddan - Access DeniedWhat change should be made to fix this error'?
Question59: A SysOps Administrator has an AWS CloudFormation template of the company's existing infrastructure in us-west-2. The Administrator attempts to use the template to launch a new stack in eu-west-1, but the stack only partially deploys, receives an error message, and then rolls back.Why would this template fail to deploy? (Choose two.)
Question60: An enterprise is using federated Security Assertion Markup Language (SAML) to access the AWS Management Console.How should the SAML assertion mapping be configured?
Question61: A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an ELB Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.Which condition should be used with the alarm?
Question62: A SysOps Administrator is attempting to use AWS Systems Manager Session Manager to initiate a SSH session with an Amazon EC2 instance running on a custom Linux Amazon Machine Image (AMI) The Administrator cannot find the target instance in the Session Manager console Which combination of actions with solve this issue? (Select TWO )