How Many Questions Of AWS-SysOps Exam Guide

NEW QUESTION 1

A company is releasing a new static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded: however, upon navigating to the site, the following error message is received:
403 Forbidden - Access Denied
What change should be made to fix this error?

• A. Add a bucket policy that grants everyone read access to the bucket.
• B. Add a bucket policy that grants everyone read access to the bucket objects.
• C. Remove the default bucket policy that denies read access to the bucket.
• D. Configure cross-origin resource sharing (CORS) on the bucket.

Answer: B

NEW QUESTION 2

A company has an internal web application that runs on Amazon EC2 instances behind an Application Load
Balancer. The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone. A SysOps administrator must make the application highly available.
Which action should the SysOps administrator take to meet this requirement?

• A. Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
• B. Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
• C. Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.
• D. Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.

Answer: C

NEW QUESTION 3

A SysOps administrator must set up notifications for whenever combined billing exceeds a certain threshold for all AWS accounts within a company. The administrator has set up AWS Organizations and enabled Consolidated Billing.
Which additional steps must the administrator perform to set up the billing alerts?

• A. In the payer account: Enable billing alerts in the Billing and Cost Management console; publish an Amazon SNS message when the billing alert triggers.
• B. In each account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in Amazon CloudWatch; publish an SNS message when the alarm triggers.
• C. In the payer account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in the Billing and Cost Management console to publish an SNS message when the alarm triggers.
• D. In the payer account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in Amazon CloudWatch; publish an SNS message when the alarm triggers.

Answer: D

NEW QUESTION 4

A company wants to be alerted through email when IAM CreateUser API calls are made within its AWS account.
Which combination of actions should a SysOps administrator take to meet this requirement? (Choose two.)

• A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS CloudTrail as the event source and IAM CreateUser as the specific API call for the event pattern.
• B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with Amazon CloudSearch as the event source and IAM CreateUser as the specific API call for the event pattern.
• C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS IAM Access Analyzer as the event source and IAM CreateUser as the specific API call for the event pattern.
• D. Use an Amazon Simple Notification Service (Amazon SNS) topic as an event target with an email subscription.
• E. Use an Amazon Simple Email Service (Amazon SES) notification as an event target with an email subscription.

Answer: AD

Explanation:
https://aws.amazon.com/blogs/security/how-to-receive-alerts-when-your-iam-configuration-changes/

NEW QUESTION 5

A SysOps administrator must create a solution that automatically shuts down any Amazon EC2 instances that have less than 10% average CPU utilization for 60 minutes or more.
Which solution will meet this requirement In the MOST operationally efficient manner?

• A. Implement a cron job on each EC2 instance to run once every 60 minutes and calculate the current CPU utilizatio
• B. Initiate an instance shutdown If CPU utilization is less than 10%.
• C. Implement an Amazon CloudWatch alarm for each EC2 instance to monitor average CPU utilization.Set the period at 1 hour, and set the threshold at 10%. Configure an EC2 action on the alarm to stop the instance.
• D. Install the unified Amazon CloudWatch agent on each EC2 instance, and enable the Basic level predefined metric se
• E. Log CPU utilization every 60 minutes, and initiate an instance shutdown if CPU utilization is less than 10%.
• F. Use AWS Systems Manager Run Command to get CPU utilization from each EC2 instance every 60 minute
• G. Initiate an instance shutdown if CPU utilization is less than 10%.

Answer: B

Explanation:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/UsingAlarmActions.html

NEW QUESTION 6

A company is expanding globally and needs to back up data on Amazon Elastic Block Store (Amazon EBS) volumes to a different AWS Region. Most of the EBS volumes that store the data are encrypted, but some of the EBS volumes are unencrypted. The company needs the backup data from all the EBS volumes to be encrypted.
Which solution will meet these requirements with the LEAST management overhead?

• A. Configure a lifecycle policy in Amazon Data Lifecycle Manager (Amazon DLM) to create the EBS volume snapshots with cross-Region backups enable
• B. Encrypt the snapshot copies by using AWS Key Management Service (AWS KMS).
• C. Create a point-in-time snapshot of the EBS volume
• D. When the snapshot status is COMPLETED, copy the snapshots to another Region and set the Encrypted parameter to False.
• E. Create a point-in-time snapshot of the EBS volume
• F. Copy the snapshots to an Amazon S3 bucket that uses server-side encryptio
• G. Turn on S3 Cross-Region Replication on the S3 bucket.
• H. Schedule an AWS Lambda function with the Python runtim
• I. Configure the Lambda function to create the EBS volume snapshots, encrypt the unencrypted snapshots, and copy the snapshots to another Region.

Answer: A

Explanation:
Encrypt the snapshot copies by using AWS Key Management Service (AWS KMS). This solution will allow
the company to automatically create encrypted snapshots of the EBS volumes and copy them to different AWS Regions with minimal effort.

NEW QUESTION 7

A company wants to create an automated solution for all accounts managed by AWS Organizations to detect any worry groups that urn 0.0.0.0/0 as the source address for inbound traffic. The company also wants to automatically remediate any noncompliant security groups by restricting access to a specific CIDR block corresponds with the company's intranet.

• A. Create an AWS Config rule to detect noncompliant security group
• B. Set up automatic remediation to change the 0.0.0.0/0 source address to the approved CIDK block.
• C. Create an IAM policy to deny the creation of security groups that have 0.0.0.0/0 as the source address Attach this 1AM policy to every user in the company.
• D. Create an AWS Lambda function to inspect now and existing security groups check for a noncompliant 0.0.0.0A) source address and change the source address to the approved CIDR block.
• E. Create a service control policy (SCP) for the organizational unit (OU) to deny the creation of security groups that have the 0.0.0.0/0 source addres
• F. Set up automatic remediation to change Vie 0.0.0.0/0 source address to the approved CIDR block.

Answer: A

NEW QUESTION 8

A company has an Auto Scaling group of Amazon EC2 instances that scale based on average CPU utilization. The Auto Scaling group events log indicates an InsufficientlnstanceCapacity error.
Which actions should a SysOps administrator take to remediate this issue? (Select TWO.

• A. Change the instance type that the company is using.
• B. Configure the Auto Scaling group in different Availability Zones.
• C. Configure the Auto Scaling group to use different Amazon Elastic Block Store (Amazon EBS) volume sizes.
• D. Increase the maximum size of the Auto Scaling group.
• E. Request an increase in the instance service quota.

Answer: AB

NEW QUESTION 9

A SysOps administrator is deploying an application on 10 Amazon EC2 instances. The application must be highly available. The instances must be placed on distinct underlying hardware.
What should the SysOps administrator do to meet these requirements?

• A. Launch the instances into a cluster placement group in a single AWS Region.
• B. Launch the instances into a partition placement group in multiple AWS Regions.
• C. Launch the instances into a spread placement group in multiple AWS Regions.
• D. Launch the instances into a spread placement group in single AWS Region

Answer: D

Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html

NEW QUESTION 10

A company updates its security policy to clarify cloud hosting arrangements for regulated workloads. Workloads that are identified as sensitive must run on hardware that is not shared with other customers or with other AWS accounts within the company.
Which solution will ensure compliance with this policy?

• A. Deploy workloads only to Dedicated Hosts.
• B. Deploy workloads only to Dedicated Instances.
• C. Deploy workloads only to Reserved Instances.
• D. Place all instances in a dedicated placement group.

Answer: A

Explanation:
Dedicated Hosts are physical servers that are dedicated to a single customer, ensuring that the customer’s workloads are not shared with other customers or with other AWS accounts within the company. This will ensure that the company’s security policy is followed and that sensitive workloads are running on hardware that is not shared with other customers or with other AWS accounts within the company.

NEW QUESTION 11

A SysOps administrator created an AWS Cloud Formation template that provisions Amazon EC2 instances, an Elastic Load Balancer (ELB), and an Amazon RDS DB instance. During stack creation, the creation of the EC2 instances and the creation of the ELB are successful. However, the creation of the DB instance fails.
What is the default behavior of CloudFormation in this scenario?

• A. CloudFormation will roll back the stack and delete the stack.
• B. CloudFormation will roll back the stack but will not delete the stack.
• C. CloudFormation will prompt the user to roll back the stack or continue.
• D. CloudFormation will successfully complete the stack but will report a failed status for the DB instance.

Answer: C

NEW QUESTION 12

A company stores files on 50 Amazon S3 buckets in the same AWS Region. The company wants to connect to the S3 buckets securely over a private connection from its Amazon EC2 instances. The company needs a solution that produces no additional cost.
Which solution will meet these requirements?

• A. Create a gateway VPC endpoint for each S3 bucke
• B. Attach the gateway VPC endpoints to each subnetinside the VPC.
• C. Create an interface VPC endpoint for each S3 bucke
• D. Attach the interface VPC endpoints to each subnet inside the VPC.
• E. Create one gateway VPC endpoint for all the S3 bucket
• F. Add the gateway VPC endpoint to the VPC route table.
• G. Create one interface VPC endpoint for all the S3 bucket
• H. Add the interface VPC endpoint to the VPC route table.

Answer: C

NEW QUESTION 13

A company's SysOps administrator attempts to restore an Amazon Elastic Block Store (Amazon EBS) snapshot. However, the snapshot is missing because another system administrator accidentally deleted the snapshot. The company needs the ability to recover snapshots for a specified period of time after snapshots are deleted.
Which solution will provide this functionality?

• A. Turn on deletion protection on individual EBS snapshots that need to be kept.
• B. Create an 1AM policy that denies the deletion of EBS snapshots by using a condition statement for the snapshot age Apply the policy to all users
• C. Create a Recycle Bin retention rule for EBS snapshots for the desired retention period.
• D. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule an AWS Lambda function to copy EBS snapshots to Amazon S3 Glacier.

Answer: B

NEW QUESTION 14

A SysOps administrator has created a VPC that contains a public subnet and a private subnet. Amazon EC2 instances that were launched in the private subnet cannot access the internet. The default network ACL is active on all subnets in the VPC, and all security groups allow all outbound traffic:
Which solution will provide the EC2 instances in the private subnet with access to the internet?

• A. Create a NAT gateway in the public subne
• B. Create a route from the private subnet to the NAT gateway.
• C. Create a NAT gateway in the public subne
• D. Create a route from the public subnet to the NAT gateway.
• E. Create a NAT gateway in the private subne
• F. Create a route from the public subnet to the NAT gateway.
• G. Create a NAT gateway in the private subne
• H. Create a route from the private subnet to the NAT gateway.

Answer: A

Explanation:
NAT Gateway resides in public subnet, and traffic should be routed from private subnet to NAT Gateway: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

NEW QUESTION 15

A company is running an application on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). The EC2 instances are launched by an Auto Scaling group and are automatically registered in a target group. A SysOps administrator must set up a notification to alert application owners when targets fail health checks.
What should the SysOps administrator do to meet these requirements?

• A. Create an Amazon CloudWatch alarm on the UnHealthyHostCount metri
• B. Configure an action to send an Amazon Simple Notification Service (Amazon SNS) notification when the metric is greater than 0.
• C. Configure an Amazon EC2 Auto Scaling custom lifecycle action to send an Amazon Simple Notification Service (Amazon SNS) notification when an instance is in the Pending:Wait state.
• D. Update the Auto Scaling grou
• E. Configure an activity notification to send an Amazon Simple Notification Service (Amazon SNS) notification for the Unhealthy event type.
• F. Update the ALB health check to send an Amazon Simple Notification Service (Amazon SNS) notification when an instance is unhealthy.

Answer: A

NEW QUESTION 16
......