Amazon SOA-C02 Dumps Questions Answers

SOA-C02 easy to use pdf guide for power pack exam preparation

In PDF format, you will receive the actual SOA-C02 exam questions and answers. The Amazon SOA-C02 exam guide is simply downloadable on all smart devices, including your PC, Mac, laptop, tablet, and smartphone. You will find it simple to study for the genuine SOA-C02 test wherever you are thanks to this. The Amazon specialists who created the SOA-C02 PDF guide are aware of the prerequisites for passing the SOA-C02 test and how to best prepare you for them. As a result, the SOA-C02 exam dumps from Dumps4download are completely accurate and trustworthy, and they are sufficient in and of itself to guarantee your success.

Recent, legitimate, and tested SOA-C02 Exam Dumps

The AWS Certified SysOps Administrator Associate professionals at Dumps4download have worked hard to provide these Amazon study materials for you in accordance with the most recent Amazon SOA-C02 exam curriculum. All of the questions and answers in the PDF and software files for the Amazon AWS Certified SysOps Administrator - Associate Exam SOA-C02 are accurate, and they have all been reviewed and approved by specialists.

Free Updates for Three Months on the SOA-C02 Exam Questions

We are aware that the Amazon AWS Certified SysOps Administrator - Associate (2021) Exam is always evolving, therefore you must keep up with any changes to the curriculum. An Amazon AWS Certified SysOps Administrator - Associate (2021) Exam SOA-C02 dumps pdf that has all the details about the most recent SOA-C02 exam curriculum is required to prepare in accordance with the most recent SOA-C02 exam syllabus. Updates are provided without charge by Dumps4download for three months following payment.

Demo the SOA-C02 pdf guide for Free before Buying

Before you decide to buy SOA-C02 exam dumps for the genuine Amazon SOA-C02 exam, Dumps4download provides you a free SOA-C02 questions and answers PDF guide trial. In order to help you decide whether to buy the Amazon SOA-C02 exam dumps or not, this demo will demonstrate all of the features of the SOA-C02 questions PDF. So, before purchasing the SOA-C02 test materials, be sure to see the demos.

Our dependable content comes with a 100 percent money-back guarantee.

If you use our most recent SOA-C02 dumps PDF to study, Dumps4download promises that you will pass the Amazon AWS Certified SysOps Administrator - Associate (2021) Exam SOA-C02 exam with good results. If you are unable to pass the Amazon SOA-C02 Exam, your purchase will be returned. If you use Dumps4download SOA-C02 test dumps and fail the AWS Certified SysOps Administrator Associate SOA-C02 exam, you can request a refund. Your cash will be returned in accordance with Dumps4download's refund policy.

Amazon AWS Certified SysOps Administrator - Associate Exam

The AWS Certified SysOps Administrator - Associate certification is set for those candidates who are reliable for system administrators who work in cloud operations to certify their specialized knowledge.

Key factors should be focused while attempting this exam

Support and manage AWS jobs in accordance with the AWS Well-Architected Framework. Make use of the AWS Management Console and AWS CLI to complete tasks.

1. Examine, document, and screen systems.
2. Put networking principles (such DNS, TCP/IP, and firewalls) into practice.
3. Comply with architectural specifications (for instance, high accessibility, execution, and limit)
4. Put disaster recovery and business continuity plans into action.
5. Recognize, anticipate, and handle circumstances

Exam Formatting

Level:	Associate
Length:	180 minutes to finish the test
Exam structure:	65 scoring potential open doors that might be numerous decision, various reaction, or test lab
Conveyance strategy:	Pearson VUE testing focus or online delegated test
Cost:	150 USD

What are the main elements a candidate must have to prepare for this exam?

We suggest making the following preparations:

• Experience working on AWS innovation for at least a year
• Expertise in installing, maintaining, and performing tasks on AWS, as well as implementing security controls and consistency needs.
• An comprehension of AWS networking and security administrations as well as the AWS Well-Architected Framework;
• An awareness of how to use the AWS Management Console and the AWS Order Line Interface (CLI)

Exam syllabus for SOA-C02 exam

• Domain 1: Monitoring, Logging, and Remediation 20%
• Domain 2: Dependability and Business Continuity 16%
• Domain 3: Sending, Provisioning, and Mechanization 18%
• Domain 4: Security and Consistence 16%
• Domain 5: Networking and Content Conveyance 18%
• Domain 6: Cost and Execution Advancement 12%

Amazon SOA-C02 Dumps

Dumps4download providing 100% reliable Exam dumps that are verified by experts panel. Our Dumps4download SOA-C02 study material are totally unique and exam questions are valid all over the world. By using our SOA-C02 dumps we assure you that you will pass your exam on first attempt. You can easily score more than 97%.

100% exam passing Guarantee on your purchased exams.

100% money back guarantee if you will not clear your exam.

Amazon SOA-C02 Practice Test Helps You Turn Dreams To Reality!

IT Professionals from every sector are looking up certifications to boost their careers. Amazon being the leader certification provider earns the most demand in the industry.

The Amazon Certification is your short-cut to an ever-growing success. In the process, Dumps4download is your strongest coordinator, providing you with the best SOA-C02 Dumps PDF as well as Online Test Engine. Let’s steer your career to a more stable future with interactive and effective SOA-C02 Practice Exam Dumps.

Many of our customers are already excelling in their careers after achieving their goals with our help. You can too be a part of that specialized bunch with a little push in the right direction. Let us help you tread the heights of success.

Apply for the SOA-C02 Exam right away so you can get certified by using our Amazon Dumps.

Bulk Exams Package

Dumps4download Leads You To A 100% Success in First Attempt!

Our SOA-C02 Dumps PDF is intended to meet the requirements of the most suitable method for exam preparation. We especially hired a team of experts to make sure you get the latest and compliant SOA-C02 Practice Test Questions Answers. These questions are been selected according to the most relevance as well as the highest possibility of appearing in the exam. So, you can be sure of your success in the first attempt.

Interactive & Effective SOA-C02 Dumps PDF + Online Test Engine

Aside from our Amazon SOA-C02 Dumps PDF, we invest in your best practice through Online Test Engine. They are designed to reflect the actual exam format covering each topic of your exam. Also, with our interactive interface focusing on the exam preparation is easier than ever. With an easy-to-understand, interactive and effective study material assisting you there is nothing that could go wrong. We are 100% sure that our SOA-C02 Questions Answers Practice Exam is the best choice you can make to pass the exam with top score.

How Dumps4download Creates Better Opportunities for You!

Dumps4download knows how hard it is for you to beat this tough Amazon Exam terms and concepts. That is why to ease your preparation we offer the best possible training tactics we know best. Online Test Engine provides you an exam-like environment and PDF helps you take your study guide wherever you are. Best of all, you can download SOA-C02 Dumps PDF easily or better print it. For the purpose of getting concepts across as easily as possible, we have used simple language. Adding explanations at the end of the SOA-C02 Questions and Answers Practice Test we ensure nothing slips your grasp.

The exam stimulation is 100 times better than any other test material you would encounter. Besides, if you are troubled with anything concerning AWS Certified SysOps Administrator - Associate (SOA-C02) Exam or the SOA-C02 Dumps PDF, our 24/7 active team is quick to respond. So, leave us a message and your problem will be solved in a few minutes.

Get an Absolutely Free Demo Today!

Dumps4download offers an absolutely free demo version to test the product with sample features before actually buying it. This shows our concern for your best experience. Once you are thoroughly satisfied with the demo you can get the AWS Certified SysOps Administrator - Associate (SOA-C02) Practice Test Questions instantly.

24/7 Online Support – Anytime, Anywhere

Have a question? You can contact us anytime, anywhere. Our 24/7 Online Support makes sure you have absolutely no problem accessing or using AWS Certified SysOps Administrator - Associate (SOA-C02) Practice Exam Dumps. What’s more, Dumps4download is mobile compatible so you can access the site without having to log in to your Laptop or PC.

Features to use Dumps4download SOA-C02 Dumps:

• Thousands of satisfied customers.
• Good grades are 100% guaranteed.
• 100% verified by Experts panel.
• Up to date exam data.
• Dumps4download data is 100% trustworthy.
• Passing ratio more than 99%
• 100% money back guarantee.

Amazon SOA-C02 Frequently Asked Questions

Amazon SOA-C02 Sample Questions

Question # 1

A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company’s AWS accountThe SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys anAmazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a privatesubnet. An application that runs on the EC2 instance needs to connect to the database.What should the SysOps administrator do to give the EC2 instance the ability to connect tothe database?

A. Enter the DB instance connection string into the VPC1 route table.
B. Configure VPC peering between the two VPCs.
C. Add the same IPv4 CIDR range for both VPCs.
D. Connect to the DB instance by using the DB instance’s public IP address. 

Show Answer

---

Question # 2

A company has a policy that requires all Amazon EC2 instances to have a specific set oftags. If an EC2 instance does not have the required tags, the noncompliant instance shouldbe terminated.What is the MOST operationally efficient solution that meets these requirements?

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all EC2instance state changes to an AWS Lambda function to determine if each instance iscompliant. Terminate any noncompliant instances.
B. Create an IAM policy that enforces all EC2 instance tag requirements. If the requiredtags are not in place for an instance, the policy will terminate noncompliant instance.
C. Create an AWS Lambda function to determine if each EC2 instance is compliant andterminate an instance if it is noncompliant. Schedule the Lambda function to invoke every 5minutes.
D. Create an AWS Config rule to check if the required tags are present. If an EC2 instanceis noncompliant, invoke an AWS Systems Manager Automation document to terminate theinstance.

Show Answer

---

Question # 3

A company has a compliance requirement that no security groups can allow SSH ports tobe open to all IP addresses. A SysOps administrator must implement a solution that willnotify the company's SysOps team when a security group rule violates this requirement.The solution also must remediate the security group rule automatically.Which solution will meet these requirements?

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes anAWS Lambda function when a security group changes. Configure the Lambda function toevaluate the security group for compliance, remove all inbound security group rules on allports, and notify the SysOps team if the security group is noncompliant.
B. Create an AWS CloudTrail metric filter for security group changes. Create an AmazonCloudWatch alarm to notify the SysOps team through an Amazon Simple NotificationService (Amazon SNS) topic when (he metric is greater than 0. Subscribe an AWS Lambdafunction to the SNS topic to remediate the security group rule by removing the rule.
C. Activate the AWS Config restricted-ssh managed rule. Add automatic remediation to theAWS Config rule by using the AWS Systems Manager Automation AWSDisablePublicAccessForSecurityGroup runbook. Create an Amazon EventBridge (AmazonCloudWatch Events) rule to notify the SysOps team when the rule is noncompliant.
D. Create an AWS CloudTrail metric filter for security group changes. Create an AmazonCloudWatch alarm for when the metric is greater than 0. Add an AWS Systems Manageraction to the CloudWatch alarm to suspend the security group by using the SystemsManager Automation AWS-DisablePublicAccessForSecurityGroup runbook when the alarmis in ALARM state. Add an Amazon Simple Notification Service (Amazon SNS) topic as asecond target to notify the SysOps team.

Show Answer

---

Question # 4

A company has an application that is deployed 10 two AWS Regions in an active-passiveconfiguration. The application runs on Amazon EC2 instances behind an Application LoadBalancer (ALB) in each Region. The instances are in an Amazon EC2 Auto Scaling groupin each Region. The application uses an Amazon Route 53 hosted zone (or DNS. ASysOps administrator needs to configure automatic failover to the secondary Region.What should the SysOps administrator do to meet these requirements?

A. Configure Route 53 alias records that point to each ALB. Choose a failover routingpolicy. Set Evaluate Target Health to Yes.
B. Configure CNAME records that point to each ALB. Choose a failover routing policy. SetEvaluate Target Health to Yes.
C. Configure Elastic Load Balancing (ELB) health checks for the Auto Scaling group. Add atarget group to the ALB in the primary Region. Include the EC2 instances in the secondaryRegion astargets.
D. Configure EC2 health checks for the Auto Scaling group. Add a target group to the ALBin the primary Region. Include the EC2 instances in the secondary Region as targets.

Show Answer

---

Question # 5

A company stores its data in an Amazon S3 bucket. The company is required to classifythe data and find any sensitive personal information in its S3 files.Which solution will meet these requirements? 

A. Create an AWS Config rule to discover sensitive personal information in the S3 files andmark them as noncompliant.
B. Create an S3 event-driven artificial intelligence/machine learning (AI/ML) pipeline toclassify sensitive personal information by using Amazon Recognition.
C. Enable Amazon GuardDuty. Configure S3 protection to monitor all data inside AmazonS3.  
D. Enable Amazon Macie. Create a discovery job that uses the managed data identifier. 

Show Answer

---

Question # 6

A company has an application that customers use to search for records on a website. Theapplication's data is stored in an Amazon Aurora DB cluster. The application's usage variesby season and by day of the week.The website's popularity is increasing, and the website is experiencing slower performancebecause of increased load on the DB cluster during periods of peak activity. Theapplication logs show that the performance issues occur when users are searching forinformation. The same search is rarely performed multiple times.A SysOps administrator must improve the performance of the platform by using a solutionthat maximizes resource efficiency.Which solution will meet these requirements?

A. Deploy an Amazon ElastiCache for Redis cluster in front of the DB cluster. Modify theapplication to check the cache before the application issues new queries to the database.Add the results of any queries to the cache.
B. Deploy an Aurora Replica for the DB cluster. Modify the application to use the readerendpoint for search operations. Use Aurora Auto Scaling to scale the number of replicasbased on load. Most Voted
C. Use Provisioned IOPS on the storage volumes that support the DB cluster to improveperformance sufficiently to support the peak load on the application.
D. Increase the instance size in the DB cluster to a size that is sufficient to support the peak load on the application. Use Aurora Auto Scaling to scale the instance size based on load.

Show Answer

---

Question # 7

A company’s reporting job that used to run in 15 minutes is now taking an hour to run. Anapplication generates the reports. The application runs on Amazon EC2 instances andextracts data from an Amazon RDS for MySQL database.A SysOps administrator checks the Amazon CloudWatch dashboard for the RDS instanceand notices that the Read IOPS metrics are high, even when the reports are not running.The SysOps administrator needs to improve the performance and the availability of theRDS instance.Which solution will meet these requirements?

A. Configure an Amazon ElastiCache cluster in front of the RDS instance. Update thereporting job to query the ElastiCache cluster.
B. Deploy an RDS read replica. Update the reporting job to query the reader endpoint.
C. Create an Amazon CloudFront distribution. Set the RDS instance as the origin. Updatethe reporting job to query the CloudFront distribution.
D. Increase the size of the RDS instance. 

Show Answer

---

Question # 8

A Sysops administrator needs to configure automatic rotation for Amazon RDS databasecredentials. The credentials must rotate every 30 days. The solution must integrate withAmazon RDS.Which solution will meet these requirements with the LEAST operational overhead? 

A. Store the credentials in AWS Systems Manager Parameter Store as a secure string.Configure automatic rotation with a rotation interval of 30 days.
B. Store the credentials in AWS Secrets Manager. Configure automatic rotation with arotation interval of 30 days.
C. Store the credentials in a file in an Amazon S3 bucket. Deploy an AWS Lambda functionto automatically rotate the credentials every 30 days.
D. Store the credentials in AWS Secrets Manager. Deploy an AWS Lambda function toautomatically rotate the credentials every 30 days. 

Show Answer

---

Question # 9

A company updates its security policy to clarify cloud hosting arrangements for regulatedworkloads. Workloads that are identified as sensitive must run on hardware that is notshared with other customers or with other AWS accounts within the company.Which solution will ensure compliance with this policy?

A. Deploy workloads only to Dedicated Hosts.
B. Deploy workloads only to Dedicated Instances.
C. Deploy workloads only to Reserved Instances.
D. Place all instances in a dedicated placement group. 

Show Answer

---

Question # 10

A company is implementing a monitoring solution that is based on machine learning. Themonitoring solution consumes Amazon EventBridge (Amazon CloudWatch Events) eventsthat are generated by Amazon EC2 Auto Scaling. The monitoring solution providesdetection of anomalous behavior such as unanticipated scaling events and is configured asan EventBridge (CloudWatch Events) API destination.During initial testing, the company discovers that the monitoring solution is not receivingevents. However, Amazon CloudWatch is showing that the EventBridge (CloudWatchEvents) rule is being invoked. A SysOps administrator must implement a solution toretrieve client error details to help resolve this issue.Which solution will meet these requirements with the LEAST operational effort? 

A. Create an EventBridge (CloudWatch Events) archive for the event pattern to replay theevents. Increase the logging on the monitoring solution. Use replay to invoke themonitoring solution. Examine the error details.
B. Add an Amazon Simple Queue Service (Amazon SQS) standard queue as a dead-letterqueue for the target. Process the messages in the dead-letter queue to retrieve errordetails.
C. Create a second EventBridge (CloudWatch Events) rule for the same event pattern totarget an AWS Lambda function. Configure the Lambda function to invoke the monitoringsolution and to record the results to Amazon CloudWatch Logs. Examine the errors in thelogs.
D. Configure the EventBridge (CloudWatch Events) rule to send error messages to anAmazon Simple Notification Service (Amazon SNS) topic. 

Show Answer

---

Question # 11

A company is hosting applications on Amazon EC2 instances. The company is hosting adatabase on an Amazon RDS for PostgreSQL DB instance. The company requires allconnections to the DB instance to be encrypted.What should a SysOps administrator do to meet this requirement?

A. Allow SSL connections to the database by using an inbound security group rule.
B. Encrypt the database by using an AWS Key Management Service (AWS KMS)encryption key.
C. Enforce SSL connections to the database by using a custom parameter group.
D. Patch the database with SSL/TLS by using a custom PostgreSQL extension. 

Show Answer

---

Question # 12

A company needs to take an inventory of applications that are running on multiple AmazonEC2 instances. The company has configured users and roles with the appropriatepermissions for AWS Systems Manager. An updated version of Systems Manager Agenthas been installed and is running on every instance. While configuring an inventorycollection, a SysOps administrator discovers that not all the instances in a single subnetare managed by Systems Manager.What must the SysOps administrator do to fix this issue?

A. Ensure that all the EC2 instances have the correct tags for Systems Manager access.
B. Configure AWS Identity and Access Management Access Analyzer to determine andautomatically remediate the issue.
C. Ensure that all the EC2 instances have an instance profile with Systems Manageraccess.
D. Configure Systems Manager to use an interface VPC endpoint.

Show Answer

---

Question # 13

A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company’s on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors.Which solution will give the application the ability to resolve the internal domain names? 

A. Launch EC2 instances in the VPC. On the EC2 instances, deploy a custom DNSforwarder that forwards all DNS requests to the on-premises DNS server. Create anAmazon Route 53 private hosted zone that uses the EC2 instances for name servers.
B. Create an Amazon Route 53 Resolver outbound endpoint. Configure the outboundendpoint to forward DNS queries against the on-premises domain to the on-premises DNSserver.
C. Set up two AWS Direct Connect connections between the AWS environment and theon-premises network. Set up a link aggregation group (LAG) that includes the twoconnections. Change the VPC resolver address to point to the on-premises DNS server.
D. Create an Amazon Route 53 public hosted zone for the on-premises domain. Configurethe network ACLs to forward DNS requests against the on-premises domain to the Route53 public hosted zone.

Show Answer

---

Question # 14

A company needs to archive all audit logs for 10 years. The company must protect the logsfrom any future edits.Which solution will meet these requirements?

A. Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. Configure AWSKey Management Service (AWS KMS) encryption.
B. Store the data in an Amazon S3 Glacier vault. Configure a vault lock policy for writeonce, read-many (WORM) access.
C. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configureserver-side encryption.
D. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configuremulti-factor authentication (MFA). 

Show Answer

---

Question # 15

A company has a memory-intensive application that runs on a fleet of Amazon EC2instances behind an Elastic Load Balancer (ELB). The instances run in an Auto Scalinggroup. A Sysops administrator must ensure that the application can scale based on thenumber of users that connect to the application.Which solution will meet these requirements? 

A. Create a scaling policy that will scale the application based on theActiveConnectionCount Amazon CloudWatch metric that is generated from the ELB.
B. Create a scaling policy that will scale the application based on the mem used AmazonCloudWatch metric that is generated from the ELB.
C. Create a scheduled scaling policy to increase the number of EC2 instances in the AutoScaling group to support additional connections.
D. Create and deploy a script on the ELB to expose the number of connected users as acustom Amazon CloudWatch metric. Create a scaling policy that uses the metric. 

Show Answer

---

Question # 16

A company needs to automatically monitor an AWS account for potential unauthorizedAWS Management Console logins from multiple geographic locations.Which solution will meet this requirement?

A. Configure Amazon Cognito to detect any compromised 1AM credentials.
B. Set up Amazon Inspector. Scan and monitor resources for unauthorized logins.
C. Set up AWS Config. Add the iam-policy-blacklisted-check managed rule to the account.
D. Configure Amazon GuardDuty to monitor theUnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding.

Show Answer

---

Question # 17

A company has two VPC networks named VPC A and VPC B. The VPC A CIDR block is10.0.0.0/16 and the VPC B CIDR block is 172.31.0.0/16. The company wants to establish aVPC peering connection named pcx-12345 between both VPCs.Which rules should appear in the route table of VPC A after configuration? (Select TWO.)

A. Destination: 10.0.0.0/16, Target: Local
B. Destination: 172.31.0.0/16, Target: Local
C. Destination: 10.0.0.0/16, Target: pcx-12345
D. Destination: 172.31.0.0/16, Target: pcx-12345
E. Destination: 10.0.0.0/16. Target: 172.31.0.0/16

Show Answer

---

Question # 18

A company needs to implement a managed file system to host Windows file shares for users on premises. Resources in the AWS Cloud also need access to the data on these file shares. A SysOps administrator needs to present the user file shares on premises and make the user file shares available on AWS with minimum latency. What should the SysOps administrator do to meet these requirements? 

A. Set up an Amazon S3 File Gateway.
B. Set up an AWS Direct Connect connection.
C. Use AWS DataSync to automate data transfers between the existing file servers andAWS.
D. Set up an Amazon FSx File Gateway. 

Show Answer

---

Question # 19

A company has created a NAT gateway in a public subnet in a VPC. The VPC alsocontains a private subnet that includes Amazon EC2 instances. The EC2 instances use theNAT gateway to access the internet to download patches and updates. The company hasconfigured a VPC flow log for the elastic network interface of the NAT gateway. Thecompany is publishing the output to Amazon CloudWatch Logs.A SysOps administrator must identify the top five internet destinations that the EC2instances in the private subnet communicate with for downloads.What should the SysOps administrator do to meet this requirement in the MOSToperationally efficient way?

A. Use AWS CloudTrail Insights events to identify the top five internet destinations.
B. Use Amazon CloudFront standard logs (access logs) to identify the top five internetdestinations.
C. Use CloudWatch Logs Insights to identify the top five internet destinations.
D. Change the flow log to publish logs to Amazon S3. Use Amazon Athena to query the logfiles in Amazon S3.

Show Answer

---

Question # 20

A SysOps administrator needs to delete an AWS CloudFormation stack that is no longer inuse. The CloudFormation stack is in the DELETE_FAILED state. The SysOps administratorhas validated the permissions that are required to delete the Cloud Formation stack.

A. The configured timeout to delete the stack was too low for the delete operation tocomplete.
B. The stack contains nested stacks that must be manually deleted fast.
C. The stack was deployed with the -disable rollback option.
D. There are additional resources associated with a security group in the stack
E. There are Amazon S3 buckets that still contain objects in the stack.

Show Answer

---

Question # 21

A SysOps administrator needs to track the costs of data transfer between AWS Regions.The SysOps administrator must implement a solution to send alerts to an email distributionlist when transfer costs reach 75% of a specific threshold.What should the SysOps administrator do to meet these requirements?

A. Create an AWS Cost and Usage Report. Analyze the results in Amazon Athena.Configure an alarm to publish a message to an Amazon Simple Notification Service(Amazon SNS) topic when costs reach 75% of the threshold. Subscribe the emaildistribution list to the topic.
B. Create an Amazon CloudWatch billing alarm to detect when costs reach 75% of thethreshold. Configure the alarm to publish a message to an Amazon Simple NotificationService (Amazon SNS) topic. Subscribe the email distribution list to the topic.
C. Use AWS Budgets to create a cost budget for data transfer costs. Set an alert at 75% ofthe budgeted amount. Configure the budget to send a notification to the email distributionlist when costs reach 75% of the threshold.
D. Set up a VPC flow log. Set up a subscription filter to an AWS Lambda function toanalyze data transfer. Configure the Lambda function to send a notification to the emaildistribution list when costs reach 75% of the threshold. 

Show Answer

---

Question # 22

A company hosts a web application on an Amazon EC2 instance. The web server logs arepublished to Amazon CloudWatch Logs. The log events have the same structure andinclude the HTTP response codes that are associated with the user requests. Thecompany needs to monitor the number of times that the web server returns an HTTP 404response.  What is the MOST operationally efficient solution that meets these requirements?

A. Create a CloudWatch Logs metric filter that counts the number of times that the webserver returns an HTTP 404 response.
B. Create a CloudWatch Logs subscription filter that counts the number of times that theweb server returns an HTTP 404 response.
C. Create an AWS Lambda function that runs a CloudWatch Logs Insights query thatcounts the number of 404 codes in the log events during the past hour.
D. Create a script that runs a CloudWatch Logs Insights query that counts the number of404 codes in the log events during the past hour. 

Show Answer

---

Question # 23

A company’s AWS Lambda function is experiencing performance issues. The Lambdafunction performs many CPU-intensive operations. The Lambda function is not running fastenough and is creating bottlenecks in the system.What should a SysOps administrator do to resolve this issue?

A. In the CPU launch options for the Lambda function, activate hyperthreading.
B. Turn off the AWS managed encryption.
C. Increase the amount of memory for the Lambda function.
D. Load the required code into a custom layer. 

Show Answer

---

Question # 24

A company plans to migrate several of its high performance computing (MPC) virtualmachines (VMs) to Amazon EC2 instances on AWS. A SysOps administrator must identifya placement group for this deployment. The strategy must minimize network latency andmust maximize network throughput between the HPC VMs.Which strategy should the SysOps administrator choose to meet these requirements?

A. Deploy the instances in a cluster placement group in one Availability Zone.
B. Deploy the instances in a partition placement group in two Availability Zones
C. Deploy the instances in a partition placement group in one Availability Zone
D. Deploy the instances in a spread placement group in two Availably Zones

Show Answer

---

Question # 25

A company is using Amazon CloudFront to serve static content for its web application to itsusers. The CloudFront distribution uses an existing on-premises website as a customorigin.The company requires the use of TLS between CloudFront and the origin server. Thisconfiguration has worked as expected for several months. However, users are nowexperiencing HTTP 502 (Bad Gateway) errors when they view webpages that includecontent from the CloudFront distribution.What should a SysOps administrator do to resolve this problem?

A. Examine the expiration date on the certificate on the origin site. Validate that thecertificate has not expired. Replace the certificate if necessary.
B. Examine the hostname on the certificate on the origin site. Validate that the hostnamematches one of the hostnames on the CloudFront distribution. Replace the certificate ifnecessary.
C. Examine the firewall rules that are associated with the origin server. Validate that port443 is open for inbound traffic from the internet. Create an inbound rule if necessary.
D. Examine the network ACL rules that are associated with the CloudFront distribution.Validate that port 443 is open for outbound traffic to the origin server. Create an outboundrule if necessary. 

Show Answer

---

Question # 26

A Sysops administrator has created an Amazon EC2 instance using an AWSCloudFormation template in the us-east-I Region. The administrator finds that thistemplate has failed to create an EC2 instance in the us-west-2 Region.What is one cause for this failure? 

A. Resource tags defined in the CloudFormation template are specific to the us-east-IRegion.
B. The Amazon Machine Image (AMI) ID referenced in the CloudFormation template couldnot be found in the us-west-2 Region.
C. The cfn-init script did not run during resource provisioning in the us-west-2 Region.
D. The IAM user was not created in the specified Region.

Show Answer

---

Question # 27

A Sysops administrator has created an Amazon EC2 instance using an AWSCloudFormation template in the us-east-I Region. The administrator finds that thistemplate has failed to create an EC2 instance in the us-west-2 Region.What is one cause for this failure? 

A. Resource tags defined in the CloudFormation template are specific to the us-east-IRegion.
B. The Amazon Machine Image (AMI) ID referenced in the CloudFormation template couldnot be found in the us-west-2 Region.
C. The cfn-init script did not run during resource provisioning in the us-west-2 Region.
D. The IAM user was not created in the specified Region.

Show Answer

---

Question # 28

A company has a public website that recently experienced problems. Some links led tomissing webpages, and other links rendered incorrect webpages. The applicationinfrastructure was running properly, and all the provisioned resources were healthy.Application logs and dashboards did not show any errors, and no monitoring alarms wereraised. Systems administrators were not aware of any problems until end users reportedthe issues.The company needs to proactively monitor the website for such issues in the future andmust implement a solution as soon as possible.Which solution will meet these requirements with the LEAST operational overhead?

A. Rewrite the application to surface a custom error to the application log when issues occur. Automatically parse logs for errors. Create an Amazon CloudWatch alarm to provide alerts when issues are detected.  
B. Create an AWS Lambda function to test the website. Configure the Lambda function toemit an Amazon CloudWatch custom metric when errors are detected. Configure aCloudWatch alarm to provide alerts when issues are detected.
C. Create an Amazon CloudWatch Synthetics canary. Use the CloudWatch SyntheticsRecorder plugin to generate the script for the canary run. Configure the canary in line withrequirements. Create an alarm to provide alerts when issues are detected.

Show Answer

---

Question # 29

A company plans to launch a static website on its domain example com and subdomain www example.com using Amazon S3. How should the SysOps administrator meet this requirement? 

A. Create one S3 bucket named example.com for both the domain and subdomain.
B. Create one S3 bucket with a wildcard named '.example.com tor both the domain andsubdomain.
C. Create two S3 buckets named example.com and www.exdmpte.com. Configure thesubdomain bucket to redirect requests to the domain bucket.
D. Create two S3 buckets named http//example.com and http//" exampte.com. Configurethe wildcard (') bucket to redirect requests to the domain bucket.

Show Answer

---

Question # 30

A Sysops administrator creates an Amazon Elastic Kubernetes Service (Amazon EKS)cluster that uses AWS Fargate. The cluster is deployed successfully. The Sysopsadministrator needs to manage the cluster by using the kubect1 command line tool.Which of the following must be configured on the Sysops administrator's machine so thatkubect1 can communicate with the cluster API server? 

A. The kubeconfig file
B. The kube-proxy Amazon EKS add-on
C. The Fargate profile
D. The eks-connector.yaml file 

Show Answer

---

Question # 31

A company is attempting to manage its costs in the AWS Cloud. A SysOps administratorneeds specific company-defined tags that are assigned to resources to appear on thebilling report.What should the SysOps administrator do to meet this requirement?

A. Activate the tags as AWS generated cost allocation tags.
B. Activate the tags as user-defined cost allocation tags.
C. Create a new cost category. Select the account billing dimension.
D. Create a new AWS Cost and Usage Report. Include the resource IDs. 

Show Answer

---

Question # 32

A company has an application that runs only on Amazon EC2 Spot Instances. Theinstances run in an Amazon EC2 Auto Scaling group with scheduled scaling actions.However, the capacity does not always increase at the scheduled times, and instancesterminate many times a day. A Sysops administrator must ensure that the instances launchon time and have fewer interruptions. Which action will meet these requirements?  

A. Specify the capacity-optimized allocation strategy for Spot Instances. Add more instancetypes to the Auto Scaling group.
B. Specify the capacity-optimized allocation strategy for Spot Instances. Increase the sizeof the instances in the Auto Scaling group.
C. Specify the lowest-price allocation strategy for Spot Instances. Add more instance typesto the Auto Scaling group.
D. Specify the lowest-price allocation strategy for Spot Instances. Increase the size of theinstances in the Auto Scaling group. 

Show Answer

---

Question # 33

A company is storing backups in an Amazon S3 bucket. The backups must not be deletedfor at least 3 months after the backups are created.What should a SysOps administrator do to meet this requirement?

A. Configure an IAM policy that denies the s3:DeleteObject action for all users. Threemonths after an object is written, remove the policy.
B. Enable S3 Object Lock on a new S3 bucket in compliance mode. Place all backups inthe new S3 bucket with a retention period of 3 months.
C. Enable S3 Versioning on the existing S3 bucket. Configure S3 Lifecycle rules to protectthe backups.
D. Enable S3 Object Lock on a new S3 bucket in governance mode. Place all backups in the new S3 bucket with a retention period of 3 months.

Show Answer

---

Question # 34

A SysOps administrator is required to monitor free space on Amazon EBS volumesattached to Microsoft Windows-based Amazon EC2 instances within a company’s account.The administrator must be alerted to potential issues.What should the administrator do to receive email alerts before low storage space affectsEC2 instance performance?

A. Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and anAmazon SNS topic for email notifications
B. Use AWS CloudTrail logs and configure the trail to send notifications to an Amazon SNStopic.
C. Use the Amazon CloudWatch agent to send disk space metrics, then set upCloudWatch alarms using an Amazon SNS topic.
D. Use AWS Trusted Advisor and enable email notification alerts for EC2 disk space

Show Answer

---

Question # 35

A SysOps administrator is investigating why a user has been unable to use RDP to connectover the internet from their home computer to a bastion server running on an Amazon EC2Windows instance.Which of the following are possible causes of this issue? (Choose two.)

A. A network ACL associated with the bastion's subnet is blocking the network traffic.
B. The instance does not have a private IP address.
C. The route table associated with the bastion's subnet does not have a route to theinternet gateway.
D. The security group for the instance does not have an inbound rule on port 22.
E. The security group for the instance does not have an outbound rule on port 3389.

Show Answer

---

Question # 36

A company runs hundreds of Amazon EC2 instances in a single AWS Region. Each EC2instance has two attached 1 GiB General Purpose SSD (gp2) Amazon Elastic Block Store(Amazon EBS) volumes. A critical workload is using all the available IOPS capacity on theEBS volumes.According to company policy, the company cannot change instance types or EBS volumetypes without completing lengthy acceptance tests to validate that the company’sapplications will function properly. A SysOps administrator needs to increase the I/Operformance of the EBS volumes as quickly as possible.Which action should the SysOps administrator take to meet these requirements?

A. Increase the size of the 1 GiB EBS volumes.
B. Add two additional elastic network interfaces on each EC2 instance.
C. Turn on Transfer Acceleration on the EBS volumes in the Region.
D. Add all the EC2 instances to a cluster placement group.

Show Answer

---

Question # 37

A company recently purchased Savings Plans. The company wants to receive emailnotification when the company’s utilization drops below 90% for a given day.Which solution will meet this requirement?

A. Create an Amazon CloudWatch alarm to monitor the Savings Plan check in AWSTrusted Advisor. Configure an Amazon Simple Queue Service (Amazon SQS) queue foremail notification when the utilization drops below 90% for a given day.
B. Create an Amazon CloudWatch alarm to monitor the SavingsPlansUtilization metricunder the AWS/SavingsPlans namespace in CloudWatch. Configure an Amazon SimpleQueue Service (Amazon SQS) queue for email notification when the utilization drops below90% for a given day.
C. Create a Savings Plans alert to monitor the daily utilization of the Savings Plans.Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notificationwhen the utilization drops below 90% for a given day.
D. Use AWS Budgets to create a Savings Plans budget to track the daily utilization of theSavings Plans. Configure an Amazon Simple Notification Service (Amazon SNS) topic foremail notification when the utilization drops below 90% for a given day. 

Show Answer

---

Question # 38

A company’s application currently uses an IAM role that allows all access to all AWSservices. A SysOps administrator must ensure that the company’s IAM policies allow onlythe permissions that the application requires.How can the SysOps administrator create a policy to meet this requirement?

A. Turn on AWS CloudTrail. Generate a policy by using AWS Security Hub.
B. Turn on Amazon EventBridge (Amazon CloudWatch Events). Generate a policy byusing AWS Identity and Access Management Access Analyzer.
C. Use the AWS CLI to run the get-generated-policy command in AWS Identity and AccessManagement Access Analyzer.
D. Turn on AWS CloudTrail. Generate a policy by using AWS Identity and AccessManagement Access Analyzer. 

Show Answer

---

Question # 39

A company is managing many accounts by using a single organization in AWSOrganizations. The organization has all features enabled. The company wants to turn onAWS Config in all the accounts of the organization and in all AWS Regions.What should a Sysops administrator do to meet these requirements in the MOSToperationally efficient way? 

A. Use AVVS CloudFormation StackSets to deploy stack instances that turn on AWSConfig in all accounts and in all Regions.
B. Use AWS CloudFormation StackSets to deploy stack policies that turn on AWS Configin all accounts and in all Regions.
C. Use service control policies (SCPs) to configure AWS Config in all accounts and in allRegions.
D. Create a script that uses the AWS CLI to turn on AWS Config in all accounts in theorganization. Run the script from the organization's management account.

Show Answer

---

Question # 40

A company plans to deploy a database on an Amazon Aurora MySQL DB cluster. Thedatabase will store data for a demonstration environment. The data must be reset on adaily basis. What is the MOST operationally efficient solution that meets these requirements?  

A. Create a manual snapshot of the DB cluster after the data has been populated. Createan Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambdafunction on a daily basis. Configure the function to restore the snapshot and then delete theprevious DB cluster.
B. Enable the Backtrack feature during the creation of the DB cluster. Specify a targetbacktrack window of 48 hours. Create an Amazon EventBridge (Amazon CloudWatchEvents) rule to invoke an AWS Lambda function on a daily basis. Configure the function toperform a backtrack operation.
C. Export a manual snapshot of the DB cluster to an Amazon S3 bucket after the data hasbeen populated. Create an Amazon EventBridge (Amazon CloudWatch Events) rule toinvoke an AWS Lambda function on a daily basis. Configure the function to restore thesnapshot from Amazon S3.
D. Set the DB cluster backup retention period to 2 days. Create an Amazon EventBridge(Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basis.Configure the function to restore the DB cluster to a point in time and then delete theprevious DB cluster. 

Show Answer

---

Question # 41

A SysOps administrator needs to secure the credentials for an Amazon RDS database that is created by an AWS CloudFormation template. The solution must encrypt the credentials and must support automatic rotation. Which solution will meet these requirements?

A. Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:secretsmanager dynamic reference. 
B. Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm-secure dynamic reference. 
C. Create an AWS::SSM::Parameter resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm dynamic reference. 
D. Create parameters for the database credentials in the CloudFormation template. Use the Ref intrinsic function to provide the credentials to the AWS::RDS::DBInstance resource. 

Show Answer

---

Question # 42

A company stores critical data m Amazon S3 buckets. A SysOps administrator must build a solution to record all S3 API activity. Which action will meet this requirement? 

A. Configure S3 bucket metrics to record object access logs
 B. Create an AWS CloudTrail trail to log data events tor all S3 objects 
C. Enable S3 server access logging for each S3 bucket 
D. Use AWS IAM Access Analyzer for Amazon S3 to store object access logs. 

Show Answer

---

Question # 43

A company with multiple AWS accounts needs to obtain recommendations for AWS Lambda functions and identify optimal resource configurations for each Lambda function. How should a SysOps administrator provide these recommendations?

A. Create an AWS Serverless Application Repository and export the Lambda function recommendations. 
B. Enable AWS Compute Optimizer and export the Lambda function recommendations 
C. Enable all features of AWS Organization and export the recommendations from AWS CloudTrail Insights. 
D. Run AWS Trusted Advisor and export the Lambda function recommendations 

Show Answer

---

Question # 44

A company's SysOps administrator needs to change the AWS Support plan for one of the company's AWS accounts. The account has multi-factor authentication (MFA) activated, and the MFA device is lost. What should the SysOps administrator do to sign in? 

A. Sign in as a root user by using email and phone verification. Set up a new MFA device. Change the root user password. 
B. Sign in as an 1AM user with administrator permissions. Resynchronize the MFA token by using the 1AM console. 
C. Sign in as an 1AM user with administrator permissions. Reset the MFA device for the root user by adding a new device. 
D. Use the forgot-password process to verify the email address. Set up a new password and MFA device. 

Show Answer

---

Question # 45

A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. A SysOpe administrator notices that some of these EC2 instances show up as heathy in the Auto Scaling g-out but show up as unhealthy in the ALB target group. What is a possible reason for this issue? 

A. Security groups ate rot allowing traffic between the ALB and the failing EC2 instances 
B. The Auto Seating group health check is configured for EC2 status checks 
C. The EC2 instances are failing to launch and failing EC2 status checks. 
D. The target group health check is configured with an incorrect port or path 

Show Answer

---

Question # 46

A company uses Amazon S3 to aggregate raw video footage from various media teams across the US. The company recently expanded into new geographies in Europe and Australia. The technical teams located in Europe and Australia reported delays when uploading large video tiles into the destination S3 bucket m toe United States. What are the MOST cost-effective ways to increase upload speeds into the S3 bucket? (Select TWO.) 

A. Create multiple AWS Direct Connect connections between AWS and branch offices in Europe and Australia tor He uploads into the destination S3 bucket 
B. Create multiple AWS Site-to-Site VPN connections between AWS and branch offices in Europe and Australia for file uploads into the destination S3 bucket. 
C. Use Amazon S3 Transfer Acceleration for file uploads into the destination S3 bucket. 
D. Use AWS Global Accelerator for file uploads into the destination S3 bucket from the branch offices in Europe and Australia. 
E. Use multipart uploads for file uploads into the destination S3 bucket from the branch offices in Europe and Australia. 

Show Answer

---

Question # 47

A company uses an Amazon S3 bucket to store data files. The S3 bucket contains hundreds of objects. The company needs to replace a tag on all the objects in the S3 bucket with another tag. What is the MOST operationally efficient way to meet this requirement? 

A. Use S3 Batch Operations. Specify the operation to replace all object tags. 
B. Use the AWS CLI to get the tags for each object. Save the tags in a list. Use S3 Batch Operations. Specify the operation to delete all object tags. Use the AWS CLI and the list to retag the objects. 
C. Use the AWS CLI to get the tags for each object. Save the tags in a list. Use the AWS CLI and the list to remove the object tags. Use the AWS CLI and the list to retag the objects.
 D. Use the AWS CLI to copy the objects to another S3 bucket. Add the new tag to the copied objects. Delete the original objects. 

Show Answer

---

Question # 48

A company wants to use only IPv6 for all its Amazon EC2 instances. The EC2 instances must not be accessible from the internet, but the EC2 instances must be able to access the internet. The company creates a dual-stack VPC and IPv6-only subnets. How should a SysOps administrator configure the VPC to meet these requirements?

A. Create and attach a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.
 B. Create and attach an internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway. Attach the custom route table to the IPv6-only subnets. 
C. Create and attach an egress-only internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the egress-only internet gateway. Attach the custom route table to the IPv6-only subnets. 
D. Create and attach an internet gateway and a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway and all IPv4 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets. 

Show Answer

---

Question # 49

A company updates its security policy to prohibit the public exposure of any data in Amazon S3 buckets in the company's account. What should a SysOps administrator do to meet this requirement? 

A. Turn on S3 Block Public Access from the account level. 
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to enforce that all S3 objects are private. 
C. Use Amazon Inspector to search for S3 buckets and to automatically reset S3 ACLs if any public S3 buckets are found. 
D. Use S3 Object Lambda to examine S3 ACLs and to change any public S3 ACLs to private. 

Show Answer

---

Question # 50

A SysOps administrator configuring AWS Client VPN to connect use's on a corporate network to AWS resources mat are running in a VPC According to compliance requirements, only traffic that is destined for the VPC can travel across the VPN tunnel. How should the SysOps administrator configure Client VPN to meet these requirements?

 A. Associate the Client VPN endpoint with a private subnet that has an internet route through a NAT gateway. 
B. On the Client VPN endpoint, turns on the split-tunnel option. 
C. On the Client VPN endpoint, specify DNS server IP addresses
 D. Select a private certificate to use as the identity certificate tor the VPN client. 

Show Answer

---

Question # 51

A SysOps administrator is configuring an application on Amazon EC2 instances for a company Teams in other countries will use the application over the internet. The company requires the application endpoint to have a static pubic IP address. How should the SysOps administrator deploy the application to meet this requirement? 

A. Behind an Amazon API Gateway API 
B. Behind an Application Load Balancer 
C. Behind an internet-facing Network Load Balancer 
D. In an Amazon CloudFront distribution 

Show Answer

---

Question # 52

A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service. The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east1 Region. The web portal must be highly available across multiple Regions. Which configuration will meet these requirements? 

A. Deploy a copy of the stack in the us-west-2 Region. Create a single start of authority (SOA) record in Route 53 that includes the IP address from each ELB. Configure the SOA record with health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record. 
B. Deploy a copy of the stack in the us-west-2 Region. Create an additional A record in Route 53 that includes the ELB in us-west-2 as an alias target. Configure the A records with a failover routing policy and health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record. 
C. Deploy a new group of EC2 instances in the us-west-2 Region. Associate the new EC2 instances with the existing ELB, and configure load balancer health checks on all EC2 instances. Configure the ELB to update Route 53 when EC2 instances in us-west-2 fail health checks. 
D. Deploy a new group of EC2 instances in the us-west-2 Region. Configure EC2 health checks on all EC2 instances in each Region. Configure a peering connection between the VPCs. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as the secondary record.

Show Answer

---

Question # 53

A company's SysOps administrator must ensure that all Amazon EC2 Windows instances that are launched in an AWS account have a third-party agent installed. The third-party agent has an msi package. The company uses AWS Systems Manager for patching, and the Windows instances are tagged appropriately. The third-party agent required periodic updates as new versions are released. The SysOps administrator must deploy these updates automatically Which combination of steps will meet these requirements with the LEAST operational effort? (Seed TWO.) Create a Systems Manager Distributor package for the third-party agent.  

A. Make sure that Systems Manager Inventory Is configured. If Systems Manager Inventory is not configured, set up a new inventory tor instances that is based on the appropriate tag value for Windows. 
B. Create a Systems Manager State Manager association to run the AWSRunRemoteScript document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day 
C. Create a Systems Manager State Manager- association to run the AWSConfigureAWSPackage document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day
 D. Create a Systems Manager Opsitem with the tag value for Windows Attach the Systems Manager Distributor package to the Opsitem. Create a maintenance window that is specific to the package deployment Configure the maintenance window to cover 24 hours a day. 

Show Answer

---

Question # 54

A company's SysOps administrator deploys a public Network Load Balancer (NLB) in front of the company's web application. The web application does not use any Elastic IP addresses. Users must access the web application by using the company's domain name. The SysOps administrator needs to configure Amazon Route 53 to route traffic to the NLB. Which solution will meet these requirements MOST cost-effectively? 

A. Create a Route 53 AAAA record for the NLB. 
B. Create a Route 53 alias record for the NLB. 
C. Create a Route 53 CAA record for the NLB. 
D. Create a Route 53 CNAME record for the NLB. 

Show Answer

---

Question # 55

A company runs several workloads on AWS. The company identifies five AWS Trusted Advisor service quota metrics to monitor in a specific AWS Region. The company wants to receive email notification each time resource usage exceeds 60% of one of the service quotas. Which solution will meet these requirements? 

A. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metric. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas. 
B. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metric. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas. 
C. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas. 
D. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas. 

Show Answer

---

Question # 56

A company recently its server infrastructure to Amazon EC2 instances. The company wants to use Amazon CloudWatch metrics to track instance memory utilization and available disk space. What should a SysOps administrator do to meet these requirements? 

A. Configure CloudWatch from the AWS Management Console tor all the instances that require monitoring by CloudWatch. AWS automatically installs and configures the agents far the specified instances. 
B. Install and configure the CloudWatch agent on all the instances Attach an IAM role to allow the instances to write logs to CloudWatch. 
C. Install and configure the CloudWatch agent on all the instances Attach an IAM user to allow the instances to write logs to CloudWatch. 
D. Install and configure the CloudWatch agent on all the instances. Attach the necessary security groups to allow the instances to write logs to CloudWatch 

Show Answer

---

Question # 57

A company's VPC has connectivity to an on-premises data center through an AWS Site-toSite VPN. The company needs Amazon EC2 instances in the VPC to send DNS queries for example com to the DNS servers in the data center. Which solution will meet these requirements?

A. Create an Amazon Route 53 Resolver inbound endpoint Create a conditional forwarding rule on the on-primes DNS servers to forward DNS requests for example.com to the inbound endpoints. 
B. Create an Amazon Route 53 Resolver inbound endpoint Create a forwarding rule on the resolver that sends all queries for example.com to the on-premises DNS servers. Associate this rule with the VPC. 
C. Create an Amazon Route 53 Resolver outbound endpoint Create a conditional forwarding rule on the on-premises DNS servers to forward DNS requests for example.com to the outbound endpoints 
D. Create an Amazon Route 53 Resolver outbound endpoint. Create a forwarding rule on the resolver that sends all queries for exarrc4e.com to the on-premises DNS servers Associate this rule with the VPC. 

Show Answer

---

Question # 58

A company creates a new member account by using AWS Organizations. A SysOps administrator needs to add AWS Business Support to the new account Which combination of steps must the SysOps administrator take to meet this requirement? (Select TWO.) 

A. Sign in to the new account by using 1AM credentials. Change the support plan. 
B. Sign in to the new account by using root user credentials. Change the support plan. 
C. Use the AWS Support API to change the support plan. 
D. Reset the password of the account root user. 
E. Create an 1AM user that has administrator privileges in the new account. 

Show Answer

---

Question # 59

A company has a high-performance Windows workload. The workload requires a storage volume mat provides consistent performance of 10.000 KDPS. The company does not want to pay for additional unneeded capacity to achieve this performance. Which solution will meet these requirements with the LEAST cost? 

A. Use a Provisioned IOPS SSD (lol) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10.000 provisioned IOPS 
B. Use a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume that is configured with 10.000 provisioned IOPS. 
C. Use an Amazon Elastic File System (Amazon EFS) file system w\ Max I/O mode. 
D. Use an Amazon FSx for Windows Fife Server foe system that is configured with 10.000 IOPS 

Show Answer

---

Question # 60

A SysOps administrator is testing an application mat is hosted on five Amazon EC2 instances The instances run in an Auto Scaling group behind an Application Load Balancer (ALB) High CPU utilization during load testing is causing the Auto Scaling group to scale out. The SysOps administrator must troubleshoot to find the root cause of the high CPU utilization before the Auto Scaling group scales out. Which action should the SysOps administrator take to meet these requirements? 

A. Enable instance scale-in protection. 
B. Place the instance into the Standby stale. 
C. Remove the listener from the ALB 
D. Suspend the Launch and Terminate process types.

Show Answer

---

Question # 61

A company hosts a database on an Amazon RDS Multi-AZ DB instance. The database is not encrypted. The company's new security policy requires all AWS resources to be encrypted at rest and in transit. What should a SysOps administrator do to encrypt the database? 

A. Configure encryption on the existing DB instance. 
B. Take a snapshot of the DB instance. Encrypt the snapshot. Restore the snapshot to the same DB instance. 
C. Encrypt the standby replica in a secondary Availability Zone. Promote the standby replica to the primary DB instance. 
D. Take a snapshot of the DB instance. Copy and encrypt the snapshot. Create a new DB instance by restoring the encrypted copy. 

Show Answer

---

Question # 62

A company has an initiative to reduce costs associated with Amazon EC2 and AWS Lambda. Which action should a SysOps administrator take to meet these requirements? 

A. Analyze the AWS Cost and Usage Report by using Amazon Athena to identity cost savings. 
B. Create an AWS Budgets alert to alarm when account spend reaches 80% of the budget. 
C. Purchase Reserved Instances through the Amazon EC2 console. 
D. Use AWS Compute Optimizer and take action on the provided recommendations. 

Show Answer

---

Question # 63

A SysOps administrator configures an Amazon S3 gateway endpoint in a VPC. The private subnets inside the VPC do not nave outbound internet access. A user logs in to an Amazon EC2 instance in one of the private subnets and cannot upload a file to an Amazon S3 bucket in the same AWS Region Which solution will solve this problem? 

A. Update the EC2 instance role policy to allow s3:PutObjed access to the target S3 bucket. 
B. Update the EC2 security group to allow outbound traffic to 0.0.0.070 for port 80.
C. Update the EC2 subnet route table to include the S3 prefix tot destination routes to the S3 gateway endpoint. 
D. Update the S3 bucket policy to allow s3 PurObject access from the private subnet OOR block. 

Show Answer

---

Question # 64

A company runs an application on an Amazon EC2 instance A SysOps administrator creates an Auto Scaling group and an Application Load Balancer (ALB) to handle an increase in demand However, the EC2 instances are failing tie health check. What should the SysOps administrator do to troubleshoot this issue? 

A. Verity that the Auto Scaling group is configured to use all AWS Regions.
 B. Verily that the application is running on the protocol and the port that the listens is expecting. 
C. Verify the listener priority in the ALB Change the priority if necessary. 
D. Verify the maximum number of instances in the Auto Scaling group Change the number if necessary 

Show Answer

---

Question # 65

A company is running an application on premises and wants to use AWS for data backup All of the data must be available locally The backup application can write only to blockbased storage that is compatible with the Portable Operating System Interface (POSIX) Which backup solution will meet these requirements?

A. Configure the backup software to use Amazon S3 as the target for the data backups 
B. Configure the backup software to use Amazon S3 Glacier as the target for the data backups 
C. Use AWS Storage Gateway, and configure it to use gateway-cached volumes 
D. Use AWS Storage Gateway, and configure it to use gateway-stored volumes 

Show Answer

---

Question # 66

A company applies user-defined tags to resources that are associated with me company's AWS workloads Twenty days after applying the tags, the company notices that it cannot use re tags to filter views in the AWS Cost Explorer console. What is the reason for this issue? 

A. It lakes at least 30 days to be able to use tags to filter views in Cost Explorer. 
B. The company has not activated the user-defined tags for cost allocation. 
C. The company has not created an AWS Cost and Usage Report 
D. The company has not created a usage budget in AWS Budgets

Show Answer

---

Question # 67

A SysOps administrator creates an AWS CloudFormation template to define an application stack that can be deployed in multiple AWS Regions. The SysOps administrator also creates an Amazon CloudWatch dashboard by using the AWS Management Console. Each deployment of the application requires its own CloudWatch dashboard. How can the SysOps administrator automate the creation of the CloudWatch dashboard each time the application is deployed?

A. Create a script by using the AWS CLI to run the aws cloudformation put-dashboard command with the name of the dashboard. Run the command each time a new CloudFormation stack is created.
 B. Export the existing CloudWatch dashboard as JSON. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Include the exported JSON in the resource's DashboardBody property. 
C. Update the CloudFormation template to define an resource. Use the intrinsic Ref function to reference the ID of the existing CloudWatch dashboard. 
D. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Specify the name of the existing dashboard in the DashboardName property. 

Show Answer

---

Testimonials