How Many Questions Of AWS-SysOps Preparation

NEW QUESTION 1

A SysOps administrator is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company. All data must be encrypted at rest.
How should the administrator implement this process?

• A. Write a script to download the encrypted snapshot, decrypt it using the AWS KMS encryption key usedto encrypt the snapshot, then create a new volume in each account.
• B. Update the key policy to grant permission to the AWS KMS encryption key used to encrypt the snapshot with all relevant accounts, then share the snapshot with those accounts.
• C. Create an Amazon EC2 instance based on the snapshot, then save the instance's Amazon EBS volume as a snapshot and share it with the other account
• D. Require each account owner to create a new volume from that snapshot and encrypt it.
• E. Create a new unencrypted RDS instance from the encrypted snapshot, connect to the instance using SSH/RD
• F. export the database contents into a file, then share this file with the other accounts.

Answer: B

NEW QUESTION 2

A company has a public website that recently experienced problems. Some links led to missing webpages, and other links rendered incorrect webpages. The application infrastructure was running properly, and all the provisioned resources were healthy. Application logs and dashboards did not show any errors, and no monitoring alarms were raised. Systems administrators were not aware of any problems until end users reported the issues.
The company needs to proactively monitor the website for such issues in the future and must implement a solution as soon as possible.
Which solution will meet these requirements with the LEAST operational overhead?

• A. Rewrite the application to surface a custom error to the application log when issues occur.Automatically parse logs for error
• B. Create an Amazon CloudWatch alarm to provide alerts when issues are detected.
• C. Create an AWS Lambda function to test the websit
• D. Configure the Lambda function to emit an Amazon CloudWatch custom metric when errors are detecte
• E. Configure a CloudWatch alarm to provide alerts when issues are detected.
• F. Create an Amazon CloudWatch Synthetics canar
• G. Use the CloudWatch Synthetics Recorder plugin to generate the script for the canary ru
• H. Configure the canary in line with requirement
• I. Create an alarm to provide alerts when issues are detected.

Answer: A

NEW QUESTION 3

A company is deploying a third-party unit testing solution that is delivered as an Amazon EC2 Amazon Machine Image (AMI). All system configuration data is stored in Amazon DynamoDB. The testing results are stored in Amazon S3.
A minimum of three EC2 instances are required to operate the product. The company's testing team wants to use an additional three EC2 Instances when the Spot Instance prices are at a certain threshold. A SysOps administrator must Implement a highly available solution that provides this functionality.
Which solution will meet these requirements with the LEAST operational overhead?

• A. Define an Amazon EC2 Auto Scaling group by using a launch configuratio
• B. Use the provided AMI In the launch configuratio
• C. Configure three On-Demand Instances and three Spot Instance
• D. Configure a maximum Spot Instance price In the launch configuration.
• E. Define an Amazon EC2 Auto Scaling group by using a launch templat
• F. Use the provided AMI in the launch templat
• G. Configure three On-Demand Instances and three Spot Instance
• H. Configure a maximum Spot Instance price In the launch template.
• I. Define two Amazon EC2 Auto Scaling groups by using launch configuration
• J. Use the provided AMI in the launch configuration
• K. Configure three On-Demand Instances for one Auto Scaling grou
• L. Configure three Spot Instances for the other Auto Scaling grou
• M. Configure a maximum Spot Instance price in the launch configuration for the Auto Scaling group that has Spot Instances.
• N. Define two Amazon EC2 Auto Scaling groups by using launch template
• O. Use the provided AMI in the launch template
• P. Configure three On-DemandInstances for one Auto Scaling grou
• Q. Configure three Spot Instances for the other Auto Scaling grou
• R. Configure a maximum Spot Instance price in the launch template for the Auto Scaling group that has Spot Instances.

Answer: A

Explanation:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/LaunchTemplates.html
https://docs.aws.amazon.com/autoscaling/ec2/userguide/LaunchConfiguration.html

NEW QUESTION 4

A global company handles a large amount of personally identifiable information (Pll) through an internal web portal. The company's application runs in a corporate data center that is connected to AWS through an AWS Direct Connect connection. The application stores the Pll in Amazon S3. According to a compliance requirement, traffic from the web portal to Amazon S3 must not travel across the internet.
What should a SysOps administrator do to meet the compliance requirement?

• A. Provision an interface VPC endpoint for Amazon S3. Modify the application to use the interface endpoint.
• B. Configure AWS Network Firewall to redirect traffic to the internal S3 address.
• C. Modify the application to use the S3 path-style endpoint.
• D. Set up a range of VPC network ACLs to redirect traffic to the Internal S3 address.

Answer: B

NEW QUESTION 5

A company has an application that customers use to search for records on a website. The application's data is stored in an Amazon Aurora DB cluster. The application's usage varies by season and by day of the week.
The website's popularity is increasing, and the website is experiencing slower performance because of increased load on the DB cluster during periods of peak activity. The application logs show that the performance issues occur when users are searching for information. The same search is rarely performed multiple times.
A SysOps administrator must improve the performance of the platform by using a solution that maximizes resource efficiency.
Which solution will meet these requirements?

• A. Deploy an Amazon ElastiCache for Redis cluster in front of the DB cluste
• B. Modify the application to check the cache before the application issues new queries to the databas
• C. Add the results of any queries to the cache.
• D. Deploy an Aurora Replica for the DB cluste
• E. Modify the application to use the reader endpoint for search operation
• F. Use Aurora Auto Scaling to scale the number of replicas based on loa
• G. Most Voted
• H. Use Provisioned IOPS on the storage volumes that support the DB cluster to improve performance sufficiently to support the peak load on the application.
• I. Increase the instance size in the DB cluster to a size that is sufficient to support the peak load on the applicatio
• J. Use Aurora Auto Scaling to scale the instance size based on load.

Answer: B

Explanation:
https://docs.amazonaws.cn/en_us/AmazonRDS/latest/AuroraUserGuide/aurora-replicas-adding.html

NEW QUESTION 6

A company maintains a large set of sensitive data in an Amazon S3 bucket. The company's security team asks a SyeOps administrator to help verify that all current objects in the S3 bucket are encrypted.
What is the MOST operationally efficient solution that meets these requirements?

• A. Create a script that runs against the S3 bucket and outputs the status of each object.
• B. Create an S3 Inventory configuration on the S3 bucket Induce the appropriate status fields.
• C. Provide the security team with an IAM user that has read access to the S3 bucket.
• D. Use the AWS CLI to output a list of all objects in the S3 bucket.

Answer: D

NEW QUESTION 7

An Amazon EC2 instance is running an application that uses Amazon Simple Queue Service (Amazon SQS} queues A SysOps administrator must ensure that the application can read, write, and delete messages from the SQS queues
Which solution will meet these requirements in the MOST secure manner?

• A. Create an IAM user with an IAM policy that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues Embed the IAM user's credentials in the application's configuration
• B. Create an IAM user with an IAM policy that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues Export the IAM user's access key and secret access key as environment variables on the EC2 instance
• C. Create and associate an IAM role that allows EC2 instances to call AWS services Attach an IAM policy to the role that allows sqs." permissions to the appropriate queues
• D. Create and associate an IAM role that allows EC2 instances to call AWS services Attach an IAM policy to the role that allows the sqs SendMessage permission, the sqs ReceiveMessage permission, and the sqs DeleteMessage permission to the appropriate queues

Answer: D

NEW QUESTION 8

A company's VPC has connectivity to an on-premises data center through an AWS Site-to-Site VPN. The company needs Amazon EC2 instances in the VPC to send DNS queries for example com to the DNS servers in the data center.
Which solution will meet these requirements?

• A. Create an Amazon Route 53 Resolver inbound endpoint Create a conditional forwarding rule on the on-primes DNS servers to forward DNS requests for example.com to the inbound endpoints.
• B. Create an Amazon Route 53 Resolver inbound endpoint Create a forwarding rule on the resolver that sends all queries for example.com to the on-premises DNS server
• C. Associate this rule with the VPC.
• D. Create an Amazon Route 53 Resolver outbound endpoint Create a conditional forwarding rule on the on-premises DNS servers to forward DNS requests for example.com to the outbound endpoints
• E. Create an Amazon Route 53 Resolver outbound endpoin
• F. Create a forwarding rule on the resolver that sends all queries for exarrc4e.com to the on-premises DNS servers Associate this rule with the VPC.

Answer: C

NEW QUESTION 9

A SysOps administrator noticed that the cache hit ratio for an Amazon CloudFront distribution is less than 10%.
Which collection of configuration changes will increase the cache hit ratio for the distribution? (Select TWO.)

• A. Ensure that only required cookies, query strings, and headers are forwarded in the Cache Behavior Settings.
• B. Change the Viewer Protocol Policy to use HTTPS only.
• C. Configure the distribution to use presigned cookies and URLs to restrict access to the distribution.
• D. Enable automatic compression of objects in the Cache Behavior Settings.
• E. Increase the CloudFront time to live (TTL) settings in the Cache Behavior Settings.

Answer: AE

Explanation:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cache-hit-ratio.html#cache-hit-ratio-ht

NEW QUESTION 10

A company needs to ensure strict adherence to a budget for 25 applications deployed on AWS Separate teams are responsible for storage compute, and database costs. A SysOps administrator must implement an automated solution to alert each team when their projected spend will exceed a quarterly amount mat has been set by the finance department. The solution cannot additional compute, storage, or database costs.

• A. Configure AWS Cost and Usage Reports to send a daily report to an Amazon S3 bucke
• B. Create an AWS Lambda function that will evaluate Spend by service and nobly each team by using Amazon Simple Notification Service (Amazon SNS) notification
• C. Invoke the Lambda function when a report is placed in the S3 bucket
• D. Configure AWS Cost and Usage Reports to send a dairy report to an Amazon S3 bucke
• E. Create a rule In Amazon EventBridge (Amazon CloudWatch Events) to evaluate the spend by service and notify each team by using Amazon Simple Queue Service (Amazon SOS) when the cost threshold i6 exceeded.
• F. Use AWS Budgets :o create one cost budget and select each of the services in use Specify the budget amount defined by the finance department along with the forecasted cost threshold Enter the appropriate email recipients for the budget.
• G. Use AWS Budgets to create a cost budget for each team, filtering by the services they ow
• H. Specify the budget amount defined by the finance department along with a forecasted cost threshold Enter the appropriate email recipients for each budget.

Answer: D

NEW QUESTION 11

A SysOps administrator is setting up an automated process to recover an Amazon EC2 instance In the event of an underlying hardware failure. The recovered instance must have the same private IP address and the same Elastic IP address that the original instance had. The SysOps team must receive an email notification when the recovery process is initiated.
Which solution will meet these requirements?

• A. Create an Amazon CloudWatch alarm for the EC2 instance, and specify the SiatusCheckFailedjnstance metri
• B. Add an EC2 action to the alarm to recover the instanc
• C. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS> topi
• D. Subscribe the SysOps team email address to the SNS topic.
• E. Create an Amazon CloudWatch alarm for the EC2 Instance, and specify the StatusCheckFailed_System metri
• F. Add an EC2 action to the alarm to recover the instanc
• G. Add an alarm notification to publish a message to an Amazon Simple Notification Service (Amazon SNS) topi
• H. Subscribe the SysOps team email address to the SNS topic.
• I. Create an Auto Scaling group across three different subnets in the same Availability Zone with a minimum, maximum, and desired size of 1. Configure the Auto Seating group to use a launch template that specifies the private IP address and the Elastic IP addres
• J. Add an activity notification for the Auto Scaling group to send an email message to the SysOps team through Amazon Simple Email Service (Amazon SES).
• K. Create an Auto Scaling group across three Availability Zones with a minimum, maximum, and desired size of 1. Configure the Auto Scaling group to use a launch template that specifies the private IP addressand the Elastic IP addres
• L. Add an activity notification for the Auto Scaling group to publish a message to an Amazon Simple Notification Service (Amazon SNS) topi
• M. Subscribe the SysOps team email address to the SNS topic.

Answer: B

Explanation:
You can create an Amazon CloudWatch alarm that monitors an Amazon EC2 instance and automatically recovers the instance if it becomes impaired due to an underlying hardware failure or a problem that requires AWS involvement to repair. Terminated instances cannot be recovered. A recovered instance is identical to the original instance, including the instance ID, private IP addresses, Elastic IP addresses, and all instance metadata. If the impaired instance has a public IPv4 address, the instance retains the public IPv4 address after recovery. If the impaired instance is in a placement group, the recovered instance runs in the placement group. When the StatusCheckFailed_System alarm is triggered, and the recover action is initiated, you will be notified by the Amazon SNS topic that you selected when you created the alarm and associated the recover action. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html

NEW QUESTION 12

A company runs an application on an Amazon EC2 instance A SysOps administrator creates an Auto Scaling group and an Application Load Balancer (ALB) to handle an increase in demand However, the EC2 instances are failing tie health check.
What should the SysOps administrator do to troubleshoot this issue?

• A. Verity that the Auto Scaling group is configured to use all AWS Regions.
• B. Verily that the application is running on the protocol and the port that the listens is expecting.
• C. Verify the listener priority in the ALB Change the priority if necessary.
• D. Verify the maximum number of instances in the Auto Scaling group Change the number if necessary

Answer: B

NEW QUESTION 13

A company uses AWS Cloud Formation templates to deploy cloud infrastructure. An analysis of all the company's templates shows that the company has declared the same components in multiple templates. A SysOps administrator needs to create dedicated templates that have their own parameters and conditions for these common components.
Which solution will meet this requirement?

• A. Develop a CloudFormaiion change set.
• B. Develop CloudFormation macros.
• C. Develop CloudFormation nested stacks.
• D. Develop CloudFormation stack sets.

Answer: C

NEW QUESTION 14

A SysOps administrator needs to configure a solution that will deliver digital content to a set of authorized
users through Amazon CloudFront. Unauthorized users must be restricted from access. Which solution will meet these requirements?

• A. Store the digital content in an Amazon S3 bucket that does not have public access blocke
• B. Use signed URLs to access the S3 bucket through CloudFront.
• C. Store the digital content in an Amazon S3 bucket that has public access blocke
• D. Use an origin access identity (OAI) to deliver the content through CloudFron
• E. Restrict S3 bucket access with signed URLs in CloudFront.
• F. Store the digital content in an Amazon S3 bucket that has public access blocke
• G. Use an origin access identity (OAI) to deliver the content through CloudFron
• H. Enable field-level encryption.
• I. Store the digital content in an Amazon S3 bucket that does not have public access blocke
• J. Use signed cookies for restricted delivery of the content through CloudFront.

Answer: B

NEW QUESTION 15

A company uses Amazon Elasticsearch Service (Amazon ES) to analyze sales and customer usage data. Members of the company's geographically dispersed sales team are traveling. They need to log in to Kibana by using their existing corporate credentials that are stored in Active Directory. The company has deployed
Active Directory Federation Services (AD FS) to enable authentication to cloud services. Which solution will meet these requirements?

• A. Configure Active Directory as an authentication provider in Amazon E
• B. Add the Active Directory server's domain name to Amazon E
• C. Configure Kibana to use Amazon ES authentication.
• D. Deploy an Amazon Cognito user poo
• E. Configure Active Directory as an external identity provider for the user poo
• F. Enable Amazon Cognito authentication for Kibana on Amazon ES.
• G. Enable Active Directory user authentication in Kiban
• H. Create an IP-based custom domain access policy in Amazon ES that includes the Active Directory server's IP address.
• I. Establish a trust relationship with Kibana on the Active Directory serve
• J. Enable Active Directory user authentication in Kiban
• K. Add the Active Directory server's IP address to Kibana.

Answer: B

Explanation:
https://aws.amazon.com/blogs/security/how-to-enable-secure-access-to-kibana-using-aws-single-sign-on/ https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-cognito-auth.html

NEW QUESTION 16
......