MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: An organization has developed a new memory-intensive application that is deployed to a large Amazon EC2 Linux fleet. There is concern about potential memory exhaustion, so the Development team wants to monitor memory usage by using Amazon CloudWatch.What is the MOST efficient way to accomplish this goal?
Question2: A security researcher has published a new Common Vulnerabilities and Exposures (CVE) report that impacts a popular operating system A SysOps Administrator is concerned with the new CVE report and wants to patch the company's systems immediately The Administrator contacts AWS Support and requests the patch be applied to all Amazon EC2 instances How will AWS respond to this request?
Question3: A SysOps Administrator has been asked to configure user-defined cost allocation tags for a new AWS account. The company is using AWS Organizations for account management.What should the Administrator do to enable user-defined cost allocation tags?
Question4: A local agency plans to deploy 500 Raspberry Pi devices throughout a city. All the devices need to be managed centrally and their configurations need to be consistent. What is the BEST service for managing these devices?
Question5: An application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. The Information Security team wants to track application requests by the originating IP and the EC2 instance that processes the request.Which of the following tools or services provides this information?
Question6: A medical imaging company needs lo process large amounts of imaging data in real time using a specific instance type. The company wants to guarantee sufficient resource capacity for 1 year Which action will meet these requirements in the MOST cost-effective manner?
Question7: A web application accepts orders from online users and places the orders into an Amazon SQS queue. Amazon EC2 instances in an EC2 Auto Scaling group read the messages from the queue, process the orders, and email order confirmations to the users. The Auto Scaling group scales up and down based on the queue depth. At the beginning of each business day, users report confirmation emails are delayed.What action will address this issue?
Question8: A SysOps Administrator needs to create a replica of a company's existing AWS infrastructure in a new AWS account. Currently, an AWS Service Catalog portfolio is used to create and manage resources.What is the MOST efficient way to accomplish this?
Question9: A company is releasing a now static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded, however, upon navigating to the site, the following error message is received:403 Forbiddan - Access DeniedWhat change should be made to fix this error'?
Question10: A SysOps Administrator working on an Amazon EC2 instance has misconfigured the clock by one hour. The EC2 instance is sending data to Amazon CloudWatch through the CloudWatch agent. The timestamps on the logs are 45 minutes in the future.What will be the result of this configuration?
Question11: The Security team at AnyCompany discovers that some employees have been using individual AWS accounts that are not under the control of AnyCompany. The team has requested that those individual accounts be linked to the central organization using AWS Organizations.Which action should a SysOps Administrator take to accomplish this?
Question12: A SysOps Administrator must take a team's single existing AWS CloudFormation template and split it into smaller, service-specific templates. All of the services in the template reference a single, shared Amazon S3 bucket.What should the Administrator do to ensure that this S3 bucket can be referenced by all the service templates?
Question13: A company's IT department noticed an increase in the spend of their Developer AWS account. There are over 50 Developers using the account and the Finance Tram wants to determine the service costs incurred by each Developer.What should a SysOps Administrator do to collect this information? (Select TWO)
Question14: A SysOps Administrator responsible for an e-commerce web application observes the application does not launch new Amazon EC2 instances at peak times, even though the maximum capacity of the Auto Scaling group has not been reached.What should the Administrator do to identify the underlying problem? (Choose two.)
Question15: A SysOps Administrator has been able to consolidate multiple, secure websites onto a single server, and each site is running on a different port. The Administrator now wants to start a duplicate server in a second Availability Zone and put both behind a load balancer for high availability.What would be the command line necessary to deploy one of the sites' certificates to the load balancer?
Question16: A company has deployed its infrastructure using AWS CloudFormation Recently the company made manual changes to the infrastructure. A SysOps Administrator is tasked with determining what was changed and updating the CloudFormation template Which solution will ensure all the changes are captured?
Question17: A serverless application running on AWS Lambda is expected to receive a significant increase in traffic. A SysOps Administrator needs to ensure that the Lambda function is configured to scale so the application can process the increased traffic.What should the Administrator do to accomplish this?
Question18: A company has a web application that is used across all company divisions. Each application request contains a header that includes the name of the division making the request. The SysOps Administrator wants to identify and count the requests from each division.Which condition should be added to the web ACL of the AWS WAF to accomplish this?
Question19: A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B.The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.Which step will fix this issue?
Question20: A company has an application running on a fleet of Microsoft Windows instances. Patches to the operating system need to be applied each month. AWS Systems Manager Patch Manager is used to apply the patches on a schedule.When the fleet is being patched, customers complain about delayed service responses.What can be done to ensure patches are deployed with MINIMAL customer impact?
Question21: A company uses AWS CloudFormation to deploy its application infrastructure. Recently, a user accidentally changed a property of a database in a CloudFormation template and performed a stack update that caused an interruption to the application. A SysOps Administrator must determine how to modify the deployment process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.Which solution will meet these requirements?
Question22: In configuring an Amazon Route 53 health check, a SysOps Administrator selects 'Yes' to the String Matching option in the Advanced Configuration section. In the Search String box, the Administrator types the following text: /html.This is to ensure that the entire page is loading during the health check. Within 5 minutes of enabling the health check, the Administrator receives an alert stating that the check failed. However, when the Administrator navigates to the page, it loads successfully.What is the MOST likely cause of this false alarm?
Question23: A SysOps Administrator is managing an application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS MySQL DB instance. The Administrator must ensure that that application stays available if the database becomes unresponsive.How can these requirements be met?
Question24: A company's Auditor implemented a compliance requirement that all Amazon S3 buckets must have logging enabled.How should the SysOps Administrator ensure this compliance requirement is met, while still permitting Developers to create and use new S3 buckets?
Question25: A company has several accounts between different teams and wants to increase its auditing and compliance capabilities The accounts are managed through AWS Organizations. Management wants to provide the security team with secure access to the account logs while also restricting the possibility for the logs to be modified.How can a sysops administrator achieve this is with the LEAST amount of operational overhead?
Question26: Security has identified an IP address that should be explicity denied for both ingress and egress requests for all services in an Amazon VPC immediately.Which feature can be used to meet this requirement?
Question27: A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles. Corporate policies require that developers are blocked from accessing some services.What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?
Question28: A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps Administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the Administrator to alter the application code.The MOST effective way to reduce latency is to relaunch the EC2 instances in:
Question29: A company is concerned about its ability to recover from a disaster because all of its Amazon EC2 instances are located in a single Amazon VPC in us-east-1. A second Amazon VPC has been configured in eu-west-1 to act as a backup VPC in case of an outage. Data will be replicated from the primary region to the secondary region. The Information Security team's compliance requirements specify that all data must be encrypted and must not traverse the public internet.How should the SysOps Administrator connect the two VPCs while meeting the compliance requirements?
Question30: Which type routing protocol operates by exchanging the entire routing information?
Question31: An application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instance in an Auto Scaling group that terminates unhealthy instances. The Auto Scaling group is configured to determine the health status of EC2 instances using both EC2 status checks and ALB checks. The Development team wants to analyze the unhealthy instances before termination.What should the SysOps Administrator do to accomplish this?
Question32: A company developed and now runs a memory-intensive application on multiple Amazon EC2 Linux instances. The memory utilization metrics of the EC2 Linux instances must be monitored every minute.How should the SysOps Administrator publish the memory metrics? (Choose two.)
Question33: A SysOps Administrator is notified that an Amazon EC2 instance has stopped responding The AWS Management Console indicates that the system status checks are failing What should the SysOps Administrator do first to resolve this issue?
Question34: A company is running critical applications on Amazon EC2 instances. The company needs to ensure its resources are automatically recovered if they become impaired due to an underlying hardware failure.Which service can be used to monitor and recover the EC2 instances?
Question35: A company has enabled AWS CloudTrail to monitor all actions across its AWS infrastructure The company would now like to add functionality to validate the file integrity of the collected AWS CloudTrail logs How should the SysOps Administrator implement this requirement?
Question36: A SysOps Administrator needs to control access to groups of Amazon EC2 instances. Specific tags on the EC2 instances have already been added. Which additional actions should the Administrator take to control access? (Select TWO)
Question37: An enterprise is using federated Security Assertion Markup Language (SAML) to access the AWS Management Console.How should the SAML assertion mapping be configured?
Question38: The Security team has decided that there will be no public internet access to HTTP (TCP port 80) because if it is moving to HTTPS for all incoming web traffic. The team has asked a SysOps Administrator to provide a report on any security groups that are not compliant.What should the SysOps Administrator do to provide near real-time compliance reporting?
Question39: A developer is deploying a web application on Amazon EC2 instances behind an Application Load Balancer (ALB) and notices that the application is not receiving all the expected elements from HTTP requests. The developer suspects users are not sending the correct query string How should a sysops administrator verify this?
Question40: A SysOps Administrator is notified that an automated failover of an Amazon RDS database has occurred.What are possible causes for this? (Choose two.)
Question41: Application developers are reporting Access Denied errors when trying to list the contents of an Amazon S3 bucket by using the IAM user "arn:aws:iam::111111111111:user/application". The following S3 bucket policy is in use:How should a SysOps Administrator modify the S3 bucket policy to fix the issue?
Question42: A SysOps Administrator is receiving alerts related to high CPU utilization of a Memcached-based Amazon ElastiCache cluster.Which remediation steps should be taken to resolve this issue? (Select TWO.)
Question43: A SysOps Administrator has been tasked with deploying a company's infrastructure as code. The Administrator wants to write a single template that can be reused for multiple environments in a safe, repeatable manner.What is the recommended way to use AWS CloudFormation to meet this requirement?
Question44: A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to 1 in Amazon CloudWatch.What is MOST likely causing this issue?
Question45: A SysOps Administrator has configured a CloudWatch agent to send custom metrics to Amazon CloudWatch and is now assembling a CloudWatch dashboard to display these metrics.What steps should be the Administrator take to complete this task?
Question46: After a network change, application servers cannot connect to the corresponding Amazon RDS MySQL database.What should the SysOps Administrator analyze?
Question47: A company's Information Security team has requested information on AWS environment compliance for Payment Card Industry (PCI) workloads. They have requested assistance in understanding what specific areas of the PCI standards are the responsibility of the company.Which AWS tool will provide the necessary information?
Question48: A SysOps Administrator has implemented an Auto Scaling group with a step scaling policy. The Administrator notices that the additional instances have not been included in the aggregated metrics.Why are the additional instances missing from the aggregated metrics?
Question49: An environment company has discovered that a number of Amazon EC2 instances in a VPC are marked as high risk according to a Common Vulnerabilities and Expressures (CVE) report. The Security tea, requests that all these instances be upgraded.Who is responsible for upgrading the EC2 instances?
Question50: A SysOps Administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a company's account. The Administrator must be alerted to potential issues. What should the Administrator do to receive email alerts before low storage space affects EC2 instance performance?
Question51: A company has deployed a fleet of Amazon EC2 web servers for the upcoming release of a new product. The SysOps Administrator needs to test the Amazon CloudWatch notification settings for this deployment to ensure that a notification is sent using Amazon SNS if the CPU utilization of an EC2 instance exceeds 70%.How should the Administrator accomplish this?
Question52: A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template. It installs and configures necessary software through AWS OpsWorks, and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours, but at times, the process stalls due to installation errors.The SysOps Administrator must modify the CloudFormation template so if the process stalls, the entire stack will fail and roll back.Based on these requirements, what should be added to the template?
Question53: A web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. Amazon Route 53 is used for DNS and points to the load balancer. A SysOps Administrator has launched a new Auto Scaling group with a new version of the application, and wants to gradually shift traffic to the new version.How can this be accomplished?
Question54: A SysOps Administrator receives an email from AWS about a production Amazon EC2 instance backed by Amazon EBS that is on a degraded host scheduled for retirement. The scheduled retirement occurs during business-critical hours.What should be done to MINIMIZE disruption to the business?
Question55: A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company's AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.What should be done to accomplish this?
Question56: An application resides on multiple EC2 instances in public subnets in two Availability Zones. To improve security, the Information Security team has deployed an Application Load Balancer (ALB) in separate subnets and pointed the DNS at the ALB instead of the EC2 instances.After the change, traffic is not reaching the instances, and an error is being returned from the ALB.What steps must a SysOps Administrator take to resolve this issue and improve the security of the application? (Select TWO.)
Question57: A company has deployed a NAT instance to allow web servers to obtain software updates from the internet. There latency on the NAT instance as the network grows. A SysOps Administrator needs to reduce latency on the instance in a manner that a efficient, cost effective, and allow for scaling with future demand.Which action should be taken to accomplish this?
Question58: A company runs an Amazon RDS MySQL DB instance. Corporate policy requires that a daily backup of the database must be copied to a separate security account.What is the MOST cost-effective way to meet this requirement?
Question59: A company's application stores documents within an Amazon S3 bucket. The application is running on Amazon EC2 in a VPC. A recent change in security requirements states that traffic between the company's application and the S3 bucket must never leave the Amazon network.What AWS feature can provide this functionality?
Question60: A company has an application that is running on an EC2 instance in one Availability Zone. A sysops administrator has been tasked with making the application highly available The administrator created a launch configuration from the running EC2 instance The administrator also properly configured a load balancer.What step should the administrator complete next to make the application highly available?
Question61: A SysOps Administrator needs to monitor all the object upload and download activity of a single Amazon S3 bucket. Monitoring most include tracking the AWS account of the catier, the IAM user role of the caller, the time of the API call, and the IP address of the API.Where can the administrator find this information?
Question62: Based on the AWS Shared Responsibility Model, which of the following actions are the responsibility of the customer for an Aurora database?
Question63: An Applications team has successfully deployed an AWS CloudFormation stack consisting of 30 t2-medium Amazon EC2 instances in the us-west-2 Region. When using the same template to launch a stack in us-east-2, the launch failed and rolled back after launching only 10 EC2 instances.What is a possible cause of this failure?
Question64: A Security and Compliance team is reviewing Amazon EC2 workloads for unapproved AMI usage.Which action should a SysOps Administrator recommend?
Question65: A Security team is concerned about the potential of intellectual property leaking to the internet. A SysOps Administrator is tasked with identifying controls to address the potential problem. The servers in question reside in a VPC and cannot be allowed to send traffic to the internet.How can these requirements be met?
Question66: A SysOps Administrator must secure AWS CloudTrail logs. The Security team is concerned that an employee may modify or attempt to delete CloudTrail log files from its Amazon S3 bucket.Which practices ensure that the log files are available and unaltered? (Choose two.)
Question67: A SysOps Administrator is trying to set up an Amazon Route 53 domain namo to route traffic to a website hosted on Amazon S3 The domain name of the website is www anycompany com and the S3 bucket name is anycompany-static After the record set is set up in Route 53, the domain name www anycompany com does not seem to work, and the static website is not displayed in the browser Which of the following is a cause of this?