The Down To Date Guide To AWS-SysOps Testing Software

NEW QUESTION 1

A company has mandated the use of multi-factor authentication (MFA) for all IAM users, and requires users to make all API calls using the CLI. However. users are not prompted to enter MFA tokens, and are able to run CLI commands without MFA. In an attempt to enforce MFA, the company attached an IAM policy to all users that denies API calls that have not been authenticated with MFA.
What additional step must be taken to ensure that API calls are authenticated using MFA?

• A. Enable MFA on IAM roles, and require IAM users to use role credentials to sign API calls.
• B. Ask the IAM users to log into the AWS Management Console with MFA before making API calls using the CLI.
• C. Restrict the IAM users to use of the console, as MFA is not supported for CLI use.
• D. Require users to use temporary credentials from the get-session token command to sign API calls.

Answer: D

NEW QUESTION 2

A company has a policy that requires all Amazon EC2 instances to have a specific set of tags. If an EC2 instance does not have the required tags, the noncompliant instance should be terminated.
What is the MOST operationally efficient solution that meets these requirements?

• A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all EC2 instance state changes to an AWS Lambda function to determine if each instance is complian
• B. Terminate any noncompliant instances.
• C. Create an IAM policy that enforces all EC2 instance tag requirement
• D. If the required tags are not in place for an instance, the policy will terminate noncompliant instance.
• E. Create an AWS Lambda function to determine if each EC2 instance is compliant and terminate an instance if it is noncomplian
• F. Schedule the Lambda function to invoke every 5 minutes.
• G. Create an AWS Config rule to check if the required tags are presen
• H. If an EC2 instance is noncompliant, invoke an AWS Systems Manager Automation document to terminate the instance.

Answer: D

Explanation:
https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-automation.html

NEW QUESTION 3

A SysOps administrator is reviewing VPC Flow Logs to troubleshoot connectivity issues in a VPC. While reviewing the togs the SysOps administrator notices that rejected traffic is not listed.
What should the SysOps administrator do to ensure that all traffic is logged?

• A. Create a new flow tog that has a titter setting to capture all traffic
• B. Create a new flow log set the tog record format to a custom format Select the proper fields to include in the tog
• C. Edit the existing flow log Change the fitter setting to capture all traffic
• D. Edit the existing flow lo
• E. Set the log record format to a custom format Select the proper fields to include in the tog

Answer: A

NEW QUESTION 4

A company uses AWS CloudFormation to deploy its application infrastructure Recently, a user accidentally changed a property of a database in a CloudFormation template and performed a stack update that caused an interruption to the application A SysOps administrator must determine how to modify the deployment process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.
Which solution will meet these requirements?

• A. Set up an AWS Config rule to alert based on changes to any CloudFormation stack An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation
• B. Set up an Amazon CloudWatch Events event with a rule to trigger based on any CloudFormation API call An AWS Lambda function can then describe the stack to determine if any protected resources were modified and cancel the operation
• C. Launch the CloudFormation templates using a stack policy with an explicit allow for all resources and an explicit deny of the protected resources with an action of Update
• D. Attach an IAM policy to the DevOps team role that prevents a CloudFormation stack from updating, with a condition based on the specific Amazon Resource Names (ARNs) of the protected resources

Answer: B

NEW QUESTION 5

A company needs to deploy a new workload on AWS. The company must encrypt all data at rest and must rotate the encryption keys once each year. The workload uses an Amazon RDS for MySQL Multi-AZ database for data storage.
Which configuration approach will meet these requirements?

• A. Enable Transparent Data Encryption (TDE) in the MySQL configuration fil
• B. Manually rotate the key every 12 months.
• C. Enable RDS encryption on the database at creation time by using the AWS managed key for Amazon RDS.
• D. Create a new AWS Key Management Service (AWS KMS) customer managed ke
• E. Enable automatic key rotatio
• F. Enable RDS encryption on the database at creation time by using the KMS key.
• G. Create a new AWS Key Management Service (AWS KMS) customer managed ke
• H. Enable automatic key rotatio
• I. Enable encryption on the Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the RDS DB instance.

Answer: C

Explanation:
This configuration approach will meet the requirement of encrypting all data at rest and rotating the encryption keys once each year. By creating a new AWS KMS customer managed key and enabling automatic key rotation, the encryption keys will be rotated automatically every year. By enabling RDS encryption on the database at creation time using the KMS key, all data stored in the RDS for MySQL Multi-AZ database will be encrypted at rest. This approach provide more control over key management and rotation and provide additional security benefits.

NEW QUESTION 6

A SysOps administrator developed a Python script that uses the AWS SDK to conduct several maintenance tasks. The script needs to run automatically every night.
What is the MOST operationally efficient solution that meets this requirement?

• A. Convert the Python script to an AWS Lambda (unctio
• B. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the function every night.
• C. Convert the Python script to an AWS Lambda functio
• D. Use AWS CloudTrail to invoke the function every night.
• E. Deploy the Python script to an Amazon EC2 Instanc
• F. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the instance to start and stop every night.
• G. Deploy the Python script to an Amazon EC2 instanc
• H. Use AWS Systems Manager to schedule the instance to start and stop every night.

Answer: A

NEW QUESTION 7

A company needs to create a daily Amazon Machine Image (AMI) of an existing Amazon Linux EC2 instance that hosts the operating system, application, and database on multiple attached Amazon Elastic Block Store (Amazon EBS) volumes. File system integrity must be maintained.
Which solution will meet these requirements?

• A. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the no-reboot parameter enable
• B. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.
• C. Create an AWS Lambda function to call the CreateImage API operation with the EC2 instance ID and the reboot parameter enable
• D. Create a daily scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that invokes the function.
• E. Use AWS Backup to create a backup plan with a backup rule that runs dail
• F. Assign the resource ID of the EC2 instance with the no-reboot parameter enabled.
• G. Use AWS Backup to create a backup plan with a backup rule that runs dail
• H. Assign the resource ID of the EC2 instance with the reboot parameter enabled.

Answer: B

Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/Creating_EBSbacked_WinAMI.html "NoReboot By default, Amazon EC2 attempts to shut down and reboot the instance before creating the image.
If the No Reboot option is set, Amazon EC2 doesn't shut down the instance before creating the image. When this option is used, file system integrity on the created image can't be guaranteed." Besides, we can use AWS EventBridge to invoke Lambda function https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateImage.html

NEW QUESTION 8

An ecommerce company uses an Amazon ElastiCache for Memcached cluster for in-memory caching of popular product queries on the shopping site. When viewing recent Amazon CloudWatch metrics data for the ElastiCache cluster, the SysOps administrator notices a large number of evictions.
Which of the following actions will reduce these evictions? (Choose two.)

• A. Add an additional node to the ElastiCache cluster.
• B. Increase the ElastiCache time to live (TTL).
• C. Increase the individual node size inside the ElastiCache cluster.
• D. Put an Elastic Load Balancer in front of the ElastiCache cluster.
• E. Use Amazon Simple Queue Service (Amazon SQS) to decouple the ElastiCache cluster.

Answer: AC

Explanation:
https://d1.awsstatic.com/training-and-certification/docs-sysops-associate/AWS-Certified-SysOps-Administrator

NEW QUESTION 9

A SysOps administrator must ensure that a company's Amazon EC2 instances auto scale as expected The SysOps administrator configures an Amazon EC2 Auto Scaling Lifecycle hook to send an event to Amazon EventBridge (Amazon CloudWatch Events), which then invokes an AWS Lambda function to configure the EC2 distances When the configuration is complete, the Lambda function calls the complete Lifecycle-action event to put the EC2 instances into service. In testing, the SysOps administrator discovers that the Lambda function is not invoked when the EC2 instances auto scale.
What should the SysOps administrator do to reserve this issue?

• A. Add a permission to the Lambda function so that it can be invoked by the EventBridge (CloudWatch Events) rule.
• B. Change the lifecycle hook action to CONTINUE if the lifecycle hook experiences a fa* we or timeout.
• C. Configure a retry policy in the EventBridge (CloudWatch Events) rule to retry the Lambda function invocation upon failure.
• D. Update the Lambda function execution role so that it has permission to call the complete lifecycle-action event

Answer: D

NEW QUESTION 10

A company uses an AWS CloudFormation template to provision an Amazon EC2 instance and an Amazon RDS DB instance A SysOps administrator must update the template to ensure that the DB instance is created before the EC2 instance is launched
What should the SysOps administrator do to meet this requirement?

• A. Add a wait condition to the template Update the EC2 instance user data script to send a signal after the EC2 instance is started
• B. Add the DependsOn attribute to the EC2 instance resource, and provide the logical name of the RDS resource
• C. Change the order of the resources in the template so that the RDS resource is listed before the EC2 instance resource
• D. Create multiple templates Use AWS CloudFormation StackSets to wait for one stack to complete before the second stack is created

Answer: B

Explanation:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html Syntax The DependsOn attribute can take a single string or list of strings. "DependsOn" : [ String, ... ]
Example The following template contains an AWS::EC2::Instance resource with a DependsOn attribute that specifies myDB, an AWS::RDS::DBInstance. When CloudFormation creates this stack, it first creates myDB, then creates Ec2Instance.

NEW QUESTION 11

A company is planning to host its stateful web-based applications on AWS A SysOps administrator is using an Auto Scaling group of Amazon EC2 instances The web applications will run 24 hours a day 7 days a week throughout the year The company must be able to change the instance type within the same instance family later in the year based on the traffic and usage patterns
Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?

• A. Convertible Reserved Instances
• B. On-Demand instances
• C. Spot instances
• D. Standard Reserved instances

Answer: A

Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-convertible-exchange.html

NEW QUESTION 12

A SysOps administrator needs to delete an AWS CloudFormation stack that is no longer in use. The CloudFormation stack is in the DELETE_FAILED state. The SysOps administrator has validated the permissions that are required to delete the Cloud Formation stack.

• A. The configured timeout to delete the stack was too low for the delete operation to complete.
• B. The stack contains nested stacks that must be manually deleted fast.
• C. The stack was deployed with the -disable rollback option.
• D. There are additional resources associated with a security group in the stack
• E. There are Amazon S3 buckets that still contain objects in the stack.

Answer: DE

NEW QUESTION 13

A company needs to view a list of security groups that are open to the internet on port 3389. What should a SysOps administrator do to meet this requirement?

• A. Configure Amazon GuardDuty to scan security groups and report unrestricted access on port 3389.
• B. Configure a service control policy (SCP) to identify security groups that allow unrestricted access on port 3389.
• C. Use AWS Identity and Access Management Access Analyzer to find any instances that have unrestricted access on port 3389.
• D. Use AWS Trusted Advisor to find security groups that allow unrestricted access on port 3389

Answer: D

NEW QUESTION 14

A company is attempting to manage its costs in the AWS Cloud. A SysOps administrator needs specific company-defined tags that are assigned to resources to appear on the billing report.
What should the SysOps administrator do to meet this requirement?

• A. Activate the tags as AWS generated cost allocation tags.
• B. Activate the tags as user-defined cost allocation tags.
• C. Create a new cost categor
• D. Select the account billing dimension.
• E. Create a new AWS Cost and Usage Repor
• F. Include the resource IDs.

Answer: B

Explanation:
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/custom-tags.html "User-defined tags are tags that you define, create, and apply to resources. After you have created and applied the user-defined tags, you can activate by using the Billing and Cost Management console for cost allocation tracking. "
To meet this requirement, the SysOps administrator should activate the company-defined tags as user-defined cost allocation tags. This will ensure that the tags appear on the billing report and that the resources can be tracked with the specific tags. The other options (activating the tags as AWS generated cost allocation tags, creating a new cost category and selecting the account billing dimension, and creating a new AWS Cost and Usage Report and including the resource IDs) will not meet the requirements and are not the correct solutions for this issue.

NEW QUESTION 15

A company recently purchased Savings Plans. The company wants to receive email notification when the company’s utilization drops below 90% for a given day.
Which solution will meet this requirement?

• A. Create an Amazon CloudWatch alarm to monitor the Savings Plan check in AWS Trusted Advisor.Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification when the utilization drops below 90% for a given day.
• B. Create an Amazon CloudWatch alarm to monitor the SavingsPlansUtilization metric under the AWS/SavingsPlans namespace in CloudWatc
• C. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification when the utilization drops below 90% for a given day.
• D. Create a Savings Plans alert to monitor the daily utilization of the Savings Plan
• E. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification when the utilization drops below 90% for a given day.
• F. Use AWS Budgets to create a Savings Plans budget to track the daily utilization of the Savings Plans.Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification when the utilization drops below 90% for a given day.

Answer: D

Explanation:
AWS Budgets can be used to create a Savings Plans budget and track the daily utilization of the company's Savings Plans. By creating a budget, it will trigger an action when the utilization drops below 90%, which in this case will be to send an email notification via an Amazon SNS topic. This will ensure that the company is notified when their Savings Plans utilization drops below 90%, allowing them to take action if necessary.
Reference: [1] https://docs.aws.amazon.com/savingsplans/latest/userguide/sp-usingBudgets.html

NEW QUESTION 16
......