What Real AWS-SysOps Training Materials Is

NEW QUESTION 1

A SysOps administrator needs to automate the invocation of an AWS Lambda function. The Lambda function must run at the end of each day to generate a report on data that is stored in an Amazon S3 bucket.
What is the MOST operationally efficient solution that meets these requirements?

• A. Create an Amazon EventBridge {Amazon CloudWatch Events) rule that has an event pattern for Amazon S3 and the Lambda function as a target.
• B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that has a schedule and the Lambda function as a target.
• C. Create an S3 event notification to invoke the Lambda function whenever objects change in the S3 bucket.
• D. Deploy an Amazon EC2 instance with a cron job to invoke the Lambda function.

Answer: C

NEW QUESTION 2

A recent organizational audit uncovered an existing Amazon RDS database that is not currently configured for high availability. Given the critical nature of this database, it must be configured for high availability as soon as possible.
How can this requirement be met?

• A. Switch to an active/passive database pair using the create-db-instance-read-replica with the--availability-zone flag.
• B. Specify high availability when creating a new RDS instance, and live-migrate the data.
• C. Modify the RDS instance using the console to include the Multi-AZ option.
• D. Use the modify-db-instance command with the --na flag.

Answer: C

NEW QUESTION 3

A company's SysOps administrator has created an Amazon EC2 instance with custom software that will be used as a template for all new EC2 instances across multiple AWS accounts. The Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the EC2 instance are encrypted with AWS managed keys.
The SysOps administrator creates an Amazon Machine Image (AMI) of the custom EC2 instance and plans to share the AMI with the company's other AWS accounts. The company requires that all AMIs are encrypted with AWS Key Management Service (AWS KMS) keys and that only authorized AWS accounts can access the shared AMIs.
Which solution will securely share the AMI with the other AWS accounts?

• A. In the account where the AMI was created, create a customer master key (CMK). Modify the key policyto provide kms:DescribeKey, kms ReEncrypf, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared wit
• B. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.
• C. In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*. kms:CreateGrant, and kms;Decrypt permissions to the AWS accounts that the AMI will be shared wit
• D. Create a copy of the AM
• E. and specify the CM
• F. Modify the permissions on the copied AMI to specify the AWS account numbers that the AMI will be shared with.
• G. In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescrlbeKey, kms:ReEncrypt\ kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared wit
• H. Create a copy of the AM
• I. and specify the CM
• J. Modify the permissions on the copied AMI to make it public.
• K. In the account where the AMI was created, modify the key policy of the AWS managed key to provide kms:DescnbeKe
• L. kms:ReEncrypt\ kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared wit
• M. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.

Answer: B

Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-explicit.html

NEW QUESTION 4

A company hosts a web application on an Amazon EC2 instance. The web server logs are published to Amazon CloudWatch Logs. The log events have the same structure and include the HTTP response codes that are associated with the user requests. The company needs to monitor the number of times that the web server returns an HTTP 404 response.
What is the MOST operationally efficient solution that meets these requirements?

• A. Create a CloudWatch Logs metric filter that counts the number of times that the web server returns an HTTP 404 response.
• B. Create a CloudWatch Logs subscription filter that counts the number of times that the web server returns an HTTP 404 response.
• C. Create an AWS Lambda function that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.
• D. Create a script that runs a CloudWatch Logs Insights query that counts the number of 404 codes in the log events during the past hour.

Answer: A

Explanation:
This is the most operationally efficient solution that meets the requirements, as it will allow the company to monitor the number of times that the web server returns an HTTP 404 response in real-time. The other solutions (creating a CloudWatch Logs subscription filter, an AWS Lambda function, or a script) will require
additional steps and resources to monitor the number of times that the web server returns an HTTP 404 response.
A metric filter allows you to search for specific terms, phrases, or values in your log events, and then to create a metric based on the number of occurrences of those search terms. This allows you to create a CloudWatch Metric that can be used to create alarms and dashboards, which can be used to monitor the number of HTTP 404 responses returned by the web server.

NEW QUESTION 5

A company's SysOps administrator needs to change the AWS Support plan for one of the company's AWS accounts. The account has multi-factor authentication (MFA) activated, and the MFA device is lost.
What should the SysOps administrator do to sign in?

• A. Sign in as a root user by using email and phone verificatio
• B. Set up a new MFA devic
• C. Change the root user password.
• D. Sign in as an 1AM user with administrator permission
• E. Resynchronize the MFA token by using the 1AM console.
• F. Sign in as an 1AM user with administrator permission
• G. Reset the MFA device for the root user by adding a new device.
• H. Use the forgot-password process to verify the email addres
• I. Set up a new password and MFA device.

Answer: A

NEW QUESTION 6

A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal.
Which action should a SysOps administrator take to improve the performance of the file system?

• A. Configure the file system for Provisioned Throughput.
• B. Enable encryption in transit on the file system.
• C. Identify any unused files in the file system, and remove the unused files.
• D. Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

Answer: A

NEW QUESTION 7

A SysOps administrator has used AWS Cloud Formation to deploy a sereness application into a production VPC. The application consists of an AWS Lambda function, an Amazon DynamoOB table, and an Amazon API Gateway API. The SysOps administrator must delete the AWS Cloud Formation stack without deleting the DynamoOB table.
Which action should the SysOps administrator take before deleting the AWS Cloud Formation stack?

• A. Add a Retain deletion policy to the DynamoOB resource in the AWS CloudFormation stack.
• B. Add a Snapshot deletion policy to the DynamoOB resource In the AWS CloudFormation stack.
• C. Enable termination protection on the AWS Cloud Formation stack.
• D. Update the application's IAM policy with a Deny statement for the dynamodb:DeleteTabie action.

Answer: A

NEW QUESTION 8

A SysOps administrator has enabled AWS CloudTrail in an AWS account If CloudTrail is disabled it must be re-enabled immediately What should the SysOps administrator do to meet these requirements WITHOUT writing custom code''

• A. Add the AWS account to AWS Organizations Enable CloudTrail in the management account
• B. Create an AWS Config rule that is invoked when CloudTrail configuration changes Apply the AWS-ConfigureCloudTrailLogging automatic remediation action
• C. Create an AWS Config rule that is invoked when CloudTrail configuration changes Configure the rule to invoke an AWS Lambda function to enable CloudTrail
• D. Create an Amazon EventBridge (Amazon CloudWatch Events) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to enable CloudTrail

Answer: B

NEW QUESTION 9

A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations.
Which solution will meet this requirement?

• A. Configure Amazon Cognito to detect any compromised 1AM credentials.
• B. Set up Amazon Inspecto
• C. Scan and monitor resources for unauthorized logins.
• D. Set up AWS Confi
• E. Add the iam-policy-blacklisted-check managed rule to the account.
• F. Configure Amazon GuardDuty to monitor the UnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding.

Answer: D

NEW QUESTION 10

A Sysops administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-I Region. The administrator finds that this
template has failed to create an EC2 instance in the us-west-2 Region. What is one cause for this failure?

• A. Resource tags defined in the CloudFormation template are specific to the us-east-I Region.
• B. The Amazon Machine Image (AMI) ID referenced in the CloudFormation template could not be found in the us-west-2 Region.
• C. The cfn-init script did not run during resource provisioning in the us-west-2 Region.
• D. The IAM user was not created in the specified Region.

Answer: B

Explanation:
One possible cause for the failure of the CloudFormation template to create an EC2 instance in the us-west-2 Region is that the Amazon Machine Image (AMI) ID referenced in the template could not be found in the us-west-2 Region. This could be due to the fact that the AMI is not available in that region, or the credentials used to access the AMI were not configured properly. The other options (resource tags defined in the CloudFormation template are specific to the us-east-I Region, the cfn-init script did not run during resource provisioning in the us-west-2 Region, and the IAM user was not created in the specified Region) are not valid causes for this failure.

NEW QUESTION 11

A company has a mobile app that uses Amazon S3 to store images The images are popular for a week, and then the number of access requests decreases over time The images must be highly available and must be immediately accessible upon request A SysOps administrator must reduce S3 storage costs for the company Which solution will meet these requirements MOST cost-effectively?

• A. Create an S3 Lifecycle policy to transition the images to S3 Glacier after 7 days
• B. Create an S3 Lifecycle policy to transition the images to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 7 days
• C. Create an S3 Lifecycle policy to transition the images to S3 Standard after 7 days
• D. Create an S3 Lifecycle policy to transition the images to S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days

Answer: D

NEW QUESTION 12

A company has an organization in AWS Organizations. The company uses shared VPCs to provide networking resources across accounts A SysOps administrator has been able to successfully launch and manage Amazon EC2 instances in a participant account However the SysOps administrator is now receiving an InstanceLimitExceeded error when the SysOps administrator tries to launch a new EC2 instance
What should the SysOps administrator do to resolve this error')

• A. Request an instance quota increase from the account that owns the VPC
• B. Launch additional EC2 instances in a different AWS Region
• C. Request an instance quota increase from the parte pant account
• D. Launch additional EC2 instances by using a different Amazon Machine image (AMI)

Answer: A

NEW QUESTION 13

A company is storing media content in an Amazon S3 bucket and uses Amazon CloudFront to distribute the content to its users. Due to licensing terms, the company is not authorized to distribute the content in some countries. A SysOps administrator must restrict access to certain countries.
What is the MOST operationally efficient solution that meets these requirements?

• A. Configure the S3 bucket policy to deny the GetObject operation based on the S3:LocationConstraint condition.
• B. Create a secondary origin access identity (OAI). Configure the S3 bucket policy to prevent access from unauthorized countries.
• C. Enable the geo restriction feature in the CloudFront distribution to prevent access from unauthorized countries.
• D. Update the application to generate signed CloudFront URLs only for IP addresses in authorized countries.

Answer: C

NEW QUESTION 14

A company updates its security policy to prohibit the public exposure of any data in Amazon S3 buckets in the company's account. What should a SysOps administrator do to meet this requirement?

• A. Turn on S3 Block Public Access from the account level.
• B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to enforce that all S3 objects are private.
• C. Use Amazon Inspector to search for S3 buckets and to automatically reset S3 ACLs if any public S3 buckets are found.
• D. Use S3 Object Lambda to examine S3 ACLs and to change any public S3 ACLs to private.

Answer: A

Explanation:
Using Amazon S3 Block Public Access
as a centralized way to limit public access. Block Public Access
settings override bucket policies and object permissions. Be sure to enable Block Public Access for all accounts and buckets that you don't want publicly accessible.
https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/#:~:text=Using%20Amazon%2

NEW QUESTION 15

An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region. A SysOps administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deploy. What is likely to be the problem?

• A. The Amazon Machine image used is not available in that region.
• B. The AWS CloudFormation template needs to be updated to the latest version.
• C. The VPC configuration parameters have changed and must be updated in the template.
• D. The account has reached the default limit for VPCs allowed.

Answer: D

NEW QUESTION 16
......