MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: A company has deployed a NAT instance to allow web servers to obtain software updates from the internet.There latency on the NAT instance as the network grows. A SysOps Administrator needs to reduce latency on the instance in a manner that a efficient, cost effective, and allow for scaling with future demand.Which action should be taken to accomplish this?
Question2: An application is running on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are configured in an Amazon EC2 Auto Scaling group. A SysOps Administrator must configure the application to scale based on the number of incoming requests.Which solution accomplishes this with the LEAST amount of effort?
Question3: A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps Administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the Administrator to alter the application code.The MOST effective way to reduce latency is to relaunch the EC2 instances in:
Question4: A company has adopted a security policy that requires all customer data to be encrypted at rest. Currently, customer data is stored on a central Amazon EFS file system and accessed by a number of different applications from Amazon EC2 instances.How can the SysOps Administrator ensure that all customer data stored on the EFS file system meets the new requirement?
Question5: A company is releasing a now static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded, however, upon navigating to the site, the following error message is received:403 Forbiddan - Access DeniedWhat change should be made to fix this error'?
Question6: A company has deployed a fleet of Amazon EC2 web servers for the upcoming release of a new product. The SysOps Administrator needs to test the Amazon CloudWatch notification settings for this deployment to ensure that a notification is sent using Amazon SNS if the CPU utilization of an EC2 instance exceeds 70%.How should the Administrator accomplish this?
Question7: A SysOps Administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically Currently, the application is deployed on a single t2 large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency alter a few minutes What change should be made to alleviate the performance problem?
Question8: A SysOps Administrator is running Amazon EC2 instances in multiple AWS Regions. The Administrator wants to aggregate the CPU utilization for all instances onto an Amazon CloudWatch dashboard. Each region should be present on the dashboard and represented by a single graph that contains the CPU utilization for all instances in that region.How can the Administrator meet these requirements?
Question9: A sysops administrator is implementing SSL for a domain of an internet facing application running behind an Application load balancer (ALB). The administrator decides to use an SSL certificates from Amazon certificate Manager (ACM) to secure it. Upon creating a request for the ALB fully qualified domain name (FQND), it fails, and the error message "Domain not allowed" is displayed.How can the administrator fix this issue?
Question10: A SysOps administrator implemented the following bucket policy to allow only the corporate IP address range of 54.240.143.0/24 to access objects in an Amazon S3 bucket.Some employees are reporting that they are able to access the S3 bucket from IP addresses outside the corporate IP address range.How can the Administrator address this issue?
Question11: A serverless application running on AWS Lambda is expected to receive a significant increase in traffic. A SysOps Administrator needs to ensure that the Lambda function is configured to scale so the application can process the increased traffic.What should the Administrator do to accomplish this?
Question12: Which type routing protocol operates by exchanging the entire routing information?
Question13: A company has a VPC with public and private subnets An Amazon EC2 based application resides in the private subnets and needs to process raw csv files stored in an Amazon S3 bucket A sysops administrator has set up the correct 1AM role with the required permissions for the application to access the S3 bucket, but the application is unable to communicate with the S3 bucket Which action will solve this problem while adhering to least privilege access?
Question14: A sysops administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue with the bucket owner, the administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution.
Question15: A company's Auditor implemented a compliance requirement that all Amazon S3 buckets must have logging enabled.How should the SysOps Administrator ensure this compliance requirement is met, while still permitting Developers to create and use new S3 buckets?
Question16: A SysOps Administrator has implemented an Auto Scaling group with a step scaling policy. The Administrator notices that the additional instances have not been included in the aggregated metrics.Why are the additional instances missing from the aggregated metrics?
Question17: A SysOps Administrator has been able to consolidate multiple, secure websites onto a single server, and each site is running on a different port. The Administrator now wants to start a duplicate server in a second Availability Zone and put both behind a load balancer for high availability.What would be the command line necessary to deploy one of the sites' certificates to the load balancer?
Question18: A company is planning to deploy multiple ecommerce websites across the eu-west-1, ap-east-1, and us-west-1 Regions. The websites consist of Amazon S3 buckets Amazon EC2 instances, Amazon RDS databases and Elastic Load Balancers.Which method will accomplish the deployment with the LEAST amount of effort?
Question19: A SysOps Administrator must ensure all Amazon EBS volumes currently in use, and those created in the future, are encrypted with a specific AWS KMS customer master key (CMK).What is the MOST efficient way for the Administrator to meet this requirement?
Question20: Application developers are reporting Access Denied errors when trying to list the contents of an Amazon S3 bucket by using the IAM user "arn:aws:iam::111111111111:user/application". The following S3 bucket policy is in use:How should a SysOps Administrator modify the S3 bucket policy to fix the issue?
Question21: A company has an application that is running on an EC2 instance in one Availability Zone. A sysops administrator has been tasked with making the application highly available The administrator created a launch configuration from the running EC2 instance The administrator also properly configured a load balancer.What step should the administrator complete next to make the application highly available?
Question22: Company issued SSL certificates to its users, and needs to ensure the private keys that are used to sign the certificates are encrypted. The company needs to be able to store the private and perform cryptographic signing operations in a secure environment.Which service should be used to meet these requirements?
Question23: A company hosts a multi-tier ecommerce web application on AWS, and has recently been alerted to suspicious application traffic The architecture consists of Amazon EC2 instances deployed across multiple Availability Zones behind an Application Load Balancer (ALB) After examining the server logs, a sysops administrator determines that the suspicious traffic is an attempted SQL injection attack.What should the sysops administrator do to prevent similar attacks?
Question24: A company wants to reduce costs across the entire company after discovering that several AWS accounts were using unauthorized services and incurring extremely high costs.Which AWS service enables the company to reduce costs by controlling access to AWS services for all AWS accounts?
Question25: A web application accepts orders from online users and places the orders into an Amazon SQS queue. Amazon EC2 instances in an EC2 Auto Scaling group read the messages from the queue, process the orders, and email order confirmations to the users. The Auto Scaling group scales up and down based on the queue depth. At the beginning of each business day, users report confirmation emails are delayed.What action will address this issue?
Question26: A company has deployed its infrastructure using AWS CloudFormation Recently the company made manual changes to the infrastructure. A SysOps Administrator is tasked with determining what was changed and updating the CloudFormation template Which solution will ensure all the changes are captured?
Question27: An application running on Amazon EC2 needs login credentials to access a database. The login credentials are stored in AWS Systems Manager Parameter Store as secure string parameters.What is the MOST secure way to grant the application access to the credentials?
Question28: A fleet of servers must send local logs to Amazon CloudWatch.How should the servers be configured to meet this requirement?
Question29: A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.Which step will fix this issue?
Question30: A company needs to have real-time access to image data while seamlessly maintaining a copy of the images in an offsite location Which AWS solution would allow access to the image data locally while also providing for disaster recovery?
Question31: A company has several accounts between different teams and wants to increase its auditing and compliance capabilities The accounts are managed through AWS Organizations. Management wants to provide the security team with secure access to the account logs while also restricting the possibility for the logs to be modified.How can a sysops administrator achieve this is with the LEAST amount of operational overhead?
Question32: A SysOps Administrator has been notified that some Amazon EC2 instances in the company's environment might have a vulnerable software version installed.What should be done to check all of the instances in the environment with the LEAST operational overhead?
Question33: A SysOps Administrator is deploying an Amazon EC2 instance and is using third-party VPN software to route traffic to an on-premises data center Based on the shared responsibility model AWS is responsible for managing which element of this deployment?
Question34: A SysOps Administrator deployed an AWS elastic Beanstalk worker node environment that reads messages from an auto-generated Amazon simple Queue service (Amazon SQS) queue and deletes them from the queue after processing. Amazon EC2 auto scaling scales in and scales out number of worker nodes based on CPU utilization. After some time, the administrator notices that the number of messages in the SQS queue are increasing significantly.Which action will remediate the issue?
Question35: A SysOps Administrator is responsible for a large fleet of EC2 instances and must know whether any instances will be affected by upcoming hardware maintenance.Which option would provide this information with the LEAST administrative overhead?
Question36: An application is being migrated to AWS with the requirement that archived data be retained for at least 7 years.What Amazon Glacier configuration option should be used to meet this compliance requirements?
Question37: A SysOps Administrator is receiving alerts related to high CPU utilization of a Memcached-based Amazon ElastiCache cluster.Which remediation steps should be taken to resolve this issue? (Select TWO.)
Question38: A SysOps Administrator is notified that an automated failover of an Amazon RDS database has occurred.What are possible causes for this? (Choose two.)
Question39: A SysOps Administrator is managing an application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones.The application stores data in an Amazon RDS MySQL DB instance. The Administrator must ensure that that application stays available if the database becomes unresponsive.How can these requirements be met?
Question40: A company has enabled AWS CloudTrail to monitor all actions across its AWS infrastructure The company would now like to add functionality to validate the file integrity of the collected AWS CloudTrail logs How should the SysOps Administrator implement this requirement?
Question41: A company uses federation to authenticate users and grant AWS permissions. The SysOps Administrator has been asked to determine who made a request to AWS Organizations for a new AWS account.What should the Administrator review to determine who made the request?
Question42: A SysOps Administrator has implemented a VPC network design with the following requirements* Two Availability Zones (AZs) - Two private subnets* Two public subnets* One internet gateway* One NAT gatewayWhat would potentially cause applications in the VPC to fail during an AZ outage?
Question43: A company wants to icrease the availability and vulnerability of a critical business application. The appliation currently ueses a MySQL database running on an Amazon EC2 instance. The company wants to minimize application changes.How should the company these requirements?
Question44: A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket.Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket.
Question45: A company needs to run a distributed application that processes large amounts of data across multiple EC2 instances. The application is designed to tolerate processing interruptions.What is the MOST cost-effective Amazon EC2 pricing model for these requirements?
Question46: A chief financial officer has asked for a breakdown of costs per project in a single AWS account using cost explorer.Which combination of options should be set to accomplish this? (Select two)
Question47: A SysOps Administrator is notified that a security vulnerability affects a version of MySQL that is being used with Amazon RDS MySQL.Who is responsible for ensuring that the patch is applied to the MySQL cluster?
Question48: A sysops administrator has an AWS Lambda function that performs maintenance on various AWS resources.This function must be run nightly. Which is the MOST cost-effective solution?
Question49: Security has identified an IP address that should be explicity denied for both ingress and egress requests for all services in an Amazon VPC immediately.Which feature can be used to meet this requirement?
Question50: A company has an application database on Amazon RDS that runs a resource-intensive reporting job This is causing other applications using the database to run slowly What should the SysOps Administrator do to resolve this issue*?
Question51: A company runs an application that uses Amazon RDS for MySQL. During load testing of equivalent production volumes, the Development team noticed a significant increase in query latency. A SysOps Administrator concludes from investigating Amazon CloudWatch Logs that the CPU utilization on the RDS MySQL instance was at 100%.Which action will resolve this issue?
Question52: A SysOps Administrator is deploying a test site running on Amazon EC2 instances. The application requires both incoming and outgoing connectivity to the Internet.Which combination of steps are required to provide internet connectivity to the EC2 instances? (Choose two.)
Question53: A company has attached the following policy to an IAM user.What of the following actions are allowed for the IAM user?
Question54: A developer is deploying a web application on Amazon EC2 instances behind an Application Load Balancer (ALB) and notices that the application is not receiving all the expected elements from HTTP requests. The developer suspects users are not sending the correct query string How should a sysops administrator verify this?
Question55: An application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. The Information Security team wants to track application requests by the originating IP and the EC2 instance that processes the request.Which of the following tools or services provides this information?
Question56: A database is running on an Amazon RDS Multi-AZ DB instance. A recent security audit found the database to be cut of compliance because it was not encrypted.Which approach will resolve the encryption requirement?
Question57: A SysOps Administrate is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company All data must be encrypted at rest How should the Administrate implement this process?
Question58: A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles.Corporate policies require that developers are blocked from accessing some services.What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?
Question59: A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an ELB Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.Which condition should be used with the alarm?
Question60: A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.How should the Administrator ensure that this is done?
Question61: An application is running on multiple EC2 instances. As part of an initiative to improve overall infrastructure security, the EC2 instances were moved to a private subnet. However, since moving, the EC2 instances have not been able to automatically update, and a SysOps Administrator has not been able to SSH into them remotely.Which two actions could the Administrator take to securely resolve these issues? (Choose two.)
Question62: An application resides on multiple EC2 instances in public subnets in two Availability Zones. To improve security, the Information Security team has deployed an Application Load Balancer (ALB) in separate subnets and pointed the DNS at the ALB instead of the EC2 instances.After the change, traffic is not reaching the instances, and an error is being returned from the ALB.What steps must a SysOps Administrator take to resolve this issue and improve the security of the application?(Select TWO.)
Question63: The Security team at AnyCompany discovers that some employees have been using individual AWS accounts that are not under the control of AnyCompany. The team has requested that those individual accounts be linked to the central organization using AWS Organizations.Which action should a SysOps Administrator take to accomplish this?
Question64: A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company's AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.What should be done to accomplish this?
Question65: After a network change, application servers cannot connect to the corresponding Amazon RDS MySQL database.What should the SysOps Administrator analyze?
Question66: An application running on Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones was deployed using an AWS CloudFormation template. A sysops administrator has patched the Amazon Machine Image (AMI) version and must update all the EC2 instances to use the new AMI.How should Ihe administrator use CloudFormation to apply the new AMI while maintaining a minimum level of active instances to ensure service continuity?
Question67: A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials. The application is deployed using AWS CloudFormation to three separate environments development test, and production Each environment requires unique credentials for external services What option securely provides the application with the needed credential while requiring MINIMAL administrative overhead?
Question68: A user accidentally deleted a file from an Amazon EBS volume. The SysOps Administrator identified a recent snapshot for the volume.What should the Administrator do to restore the user's file from the snapshot?
Question69: A SysOps Administrator is trying to set up an Amazon Route 53 domain namo to route traffic to a website hosted on Amazon S3 The domain name of the website is www anycompany com and the S3 bucket name is anycompany-static After the record set is set up in Route 53, the domain name www anycompany com does not seem to work, and the static website is not displayed in the browser Which of the following is a cause of this?
Question70: An HTTP web application is launched on Amazon EC2 instances behind an ELB Application Load Balancer.The EC2 instances run across multiple Availability Zones. A network ACL and a security group for the load balancer and EC2 instances allow inbound traffic on port 80. After launch, the website cannot be reached over the internet.What additional step should be taken?
Question71: After launching a new Amazon EC2 instance from a Microsoft Windows 2012 Amazon Machine Image (AMI), the SysOps Administrator is unable to connect to the instance using Remote Desktop Protocol (RDP).The instance is also unreachable. As part of troubleshooting, the Administrator deploys a second instance from a different AMI using the same configuration and is able to connect to the instance.What should be the next logical step in troubleshooting the first instance?
Question72: An Applications team has successfully deployed an AWS CloudFormation stack consisting of 30 t2-medium Amazon EC2 instances in the us-west-2 Region. When using the same template to launch a stack in us-east-2, the launch failed and rolled back after launching only 10 EC2 instances.What is a possible cause of this failure?
Question73: A SysOps Administrator is creating additional Amazon EC2 instances and receives an InstanceLimitExceeded error.What is the cause of the issue and how can it be resolved?
Question74: A SysOps Administrator must take a team's single existing AWS CloudFormation template and split it into smaller, service-specific templates. All of the services in the template reference a single, shared Amazon S3 bucket.What should the Administrator do to ensure that this S3 bucket can be referenced by all the service templates?
Question75: A SysOps Administrator has configured a CloudWatch agent to send custom metrics to Amazon CloudWatch and is now assembling a CloudWatch dashboard to display these metrics.What steps should be the Administrator take to complete this task?
Question76: A company is about to launch a new product and is expecting a large increase in application traffic. The application is running on Amazon EC3 is an Auto scaling group and using an Amazon RDS multi-AZ instance. The static content is stored in Amazon S3. During the load test, the time to access the application increased significantly. A SysOps administrator wants to increase the scalability of the application without compromising the durability of the architecture.How can this goal be achieved?
Question77: A company developed and now runs a memory-intensive application on multiple Amazon EC2 Linux instances. The memory utilization metrics of the EC2 Linux instances must be monitored every minute.How should the SysOps Administrator publish the memory metrics? (Choose two.)