Amazon SOA-C02 Dumps Questions Answers

SOA-C02 easy to use pdf guide for power pack exam preparation

In PDF format, you will receive the actual SOA-C02 exam questions and answers. The Amazon SOA-C02 exam guide is simply downloadable on all smart devices, including your PC, Mac, laptop, tablet, and smartphone. You will find it simple to study for the genuine SOA-C02 test wherever you are thanks to this. The Amazon specialists who created the SOA-C02 PDF guide are aware of the prerequisites for passing the SOA-C02 test and how to best prepare you for them. As a result, the SOA-C02 exam dumps from Dumps4download are completely accurate and trustworthy, and they are sufficient in and of itself to guarantee your success.

Recent, legitimate, and tested SOA-C02 Exam Dumps

The AWS Certified SysOps Administrator Associate professionals at Dumps4download have worked hard to provide these Amazon study materials for you in accordance with the most recent Amazon SOA-C02 exam curriculum. All of the questions and answers in the PDF and software files for the Amazon AWS Certified SysOps Administrator - Associate Exam SOA-C02 are accurate, and they have all been reviewed and approved by specialists.

Free Updates for Three Months on the SOA-C02 Exam Questions

We are aware that the Amazon AWS Certified SysOps Administrator - Associate (2021) Exam is always evolving, therefore you must keep up with any changes to the curriculum. An Amazon AWS Certified SysOps Administrator - Associate (2021) Exam SOA-C02 dumps pdf that has all the details about the most recent SOA-C02 exam curriculum is required to prepare in accordance with the most recent SOA-C02 exam syllabus. Updates are provided without charge by Dumps4download for three months following payment.

Demo the SOA-C02 pdf guide for Free before Buying

Before you decide to buy SOA-C02 exam dumps for the genuine Amazon SOA-C02 exam, Dumps4download provides you a free SOA-C02 questions and answers PDF guide trial. In order to help you decide whether to buy the Amazon SOA-C02 exam dumps or not, this demo will demonstrate all of the features of the SOA-C02 questions PDF. So, before purchasing the SOA-C02 test materials, be sure to see the demos.

Our dependable content comes with a 100 percent money-back guarantee.

If you use our most recent SOA-C02 dumps PDF to study, Dumps4download promises that you will pass the Amazon AWS Certified SysOps Administrator - Associate (2021) Exam SOA-C02 exam with good results. If you are unable to pass the Amazon SOA-C02 Exam, your purchase will be returned. If you use Dumps4download SOA-C02 test dumps and fail the AWS Certified SysOps Administrator Associate SOA-C02 exam, you can request a refund. Your cash will be returned in accordance with Dumps4download's refund policy.

Amazon AWS Certified SysOps Administrator - Associate Exam

The AWS Certified SysOps Administrator - Associate certification is set for those candidates who are reliable for system administrators who work in cloud operations to certify their specialized knowledge.

Key factors should be focused while attempting this exam

Support and manage AWS jobs in accordance with the AWS Well-Architected Framework. Make use of the AWS Management Console and AWS CLI to complete tasks.

1. Examine, document, and screen systems.
2. Put networking principles (such DNS, TCP/IP, and firewalls) into practice.
3. Comply with architectural specifications (for instance, high accessibility, execution, and limit)
4. Put disaster recovery and business continuity plans into action.
5. Recognize, anticipate, and handle circumstances

Exam Formatting

Level:	Associate
Length:	180 minutes to finish the test
Exam structure:	65 scoring potential open doors that might be numerous decision, various reaction, or test lab
Conveyance strategy:	Pearson VUE testing focus or online delegated test
Cost:	150 USD

What are the main elements a candidate must have to prepare for this exam?

We suggest making the following preparations:

• Experience working on AWS innovation for at least a year
• Expertise in installing, maintaining, and performing tasks on AWS, as well as implementing security controls and consistency needs.
• An comprehension of AWS networking and security administrations as well as the AWS Well-Architected Framework;
• An awareness of how to use the AWS Management Console and the AWS Order Line Interface (CLI)

Exam syllabus for SOA-C02 exam

• Domain 1: Monitoring, Logging, and Remediation 20%
• Domain 2: Dependability and Business Continuity 16%
• Domain 3: Sending, Provisioning, and Mechanization 18%
• Domain 4: Security and Consistence 16%
• Domain 5: Networking and Content Conveyance 18%
• Domain 6: Cost and Execution Advancement 12%

Amazon SOA-C02 Dumps

Dumps4download providing 100% reliable Exam dumps that are verified by experts panel. Our Dumps4download SOA-C02 study material are totally unique and exam questions are valid all over the world. By using our SOA-C02 dumps we assure you that you will pass your exam on first attempt. You can easily score more than 97%.

100% exam passing Guarantee on your purchased exams.

100% money back guarantee if you will not clear your exam.

Amazon SOA-C02 Practice Test Helps You Turn Dreams To Reality!

IT Professionals from every sector are looking up certifications to boost their careers. Amazon being the leader certification provider earns the most demand in the industry.

The Amazon Certification is your short-cut to an ever-growing success. In the process, Dumps4download is your strongest coordinator, providing you with the best SOA-C02 Dumps PDF as well as Online Test Engine. Let’s steer your career to a more stable future with interactive and effective SOA-C02 Practice Exam Dumps.

Many of our customers are already excelling in their careers after achieving their goals with our help. You can too be a part of that specialized bunch with a little push in the right direction. Let us help you tread the heights of success.

Apply for the SOA-C02 Exam right away so you can get certified by using our Amazon Dumps.

Bulk Exams Package

Dumps4download Leads You To A 100% Success in First Attempt!

Our SOA-C02 Dumps PDF is intended to meet the requirements of the most suitable method for exam preparation. We especially hired a team of experts to make sure you get the latest and compliant SOA-C02 Practice Test Questions Answers. These questions are been selected according to the most relevance as well as the highest possibility of appearing in the exam. So, you can be sure of your success in the first attempt.

Interactive & Effective SOA-C02 Dumps PDF + Online Test Engine

Aside from our Amazon SOA-C02 Dumps PDF, we invest in your best practice through Online Test Engine. They are designed to reflect the actual exam format covering each topic of your exam. Also, with our interactive interface focusing on the exam preparation is easier than ever. With an easy-to-understand, interactive and effective study material assisting you there is nothing that could go wrong. We are 100% sure that our SOA-C02 Questions Answers Practice Exam is the best choice you can make to pass the exam with top score.

How Dumps4download Creates Better Opportunities for You!

Dumps4download knows how hard it is for you to beat this tough Amazon Exam terms and concepts. That is why to ease your preparation we offer the best possible training tactics we know best. Online Test Engine provides you an exam-like environment and PDF helps you take your study guide wherever you are. Best of all, you can download SOA-C02 Dumps PDF easily or better print it. For the purpose of getting concepts across as easily as possible, we have used simple language. Adding explanations at the end of the SOA-C02 Questions and Answers Practice Test we ensure nothing slips your grasp.

The exam stimulation is 100 times better than any other test material you would encounter. Besides, if you are troubled with anything concerning AWS Certified SysOps Administrator - Associate (SOA-C02) Exam or the SOA-C02 Dumps PDF, our 24/7 active team is quick to respond. So, leave us a message and your problem will be solved in a few minutes.

Get an Absolutely Free Demo Today!

Dumps4download offers an absolutely free demo version to test the product with sample features before actually buying it. This shows our concern for your best experience. Once you are thoroughly satisfied with the demo you can get the AWS Certified SysOps Administrator - Associate (SOA-C02) Practice Test Questions instantly.

24/7 Online Support – Anytime, Anywhere

Have a question? You can contact us anytime, anywhere. Our 24/7 Online Support makes sure you have absolutely no problem accessing or using AWS Certified SysOps Administrator - Associate (SOA-C02) Practice Exam Dumps. What’s more, Dumps4download is mobile compatible so you can access the site without having to log in to your Laptop or PC.

Features to use Dumps4download SOA-C02 Dumps:

• Thousands of satisfied customers.
• Good grades are 100% guaranteed.
• 100% verified by Experts panel.
• Up to date exam data.
• Dumps4download data is 100% trustworthy.
• Passing ratio more than 99%
• 100% money back guarantee.

Amazon SOA-C02 Frequently Asked Questions

Amazon SOA-C02 Sample Questions

Question # 1

A SysOps administrator needs to configure an Amazon S3 bucket to host a webapplication. The SysOps administrator has created the S3 bucket and has copied the staticfiles for the web application to the S3 bucket.The company has a policy that all S3 buckets must not be public. What should the SysOps administrator do to meet these requirements?

A. Create an Amazon CloudFront distribution. Configure the S3 bucket as an origin with anorigin access identity (OAI). Give the OAI the s3:GetObject permission in the S3 bucketpolicy.
B. Configure static website hosting in the S3 bucket. Use Amazon Route 53 to create aDNS CNAME to point to the S3 website endpomt.
C. Create an Application Load Balancer (ALB). Change the protocol to HTTPS in the ALBlistener configuration. Forward the traffic to the S3 bucket.
D. Create an accelerator in AWS Global Accelerator. Set up a listener configuration for port443. Set the endpoint type to forward the traffic to the S3 bucket.

Show Answer

---

Question # 2

A company uses AWS Organizations to host several applications across multiple AWSaccounts. Several teams are responsible for building and maintaining the infrastructure ofthe applications across the AWS accounts.A SysOps administrator must implement a solution to ensure that user accounts andpermissions are centrally managed. The solution must be integrated with the company'sexisting on-premises Active Directory environment. The SysOps administrator already hasenabled AWS 1AM Identity Center (AWS Single Sign-On) and has set up an AWS DirectConnect connection.What is the MOST operationally efficient solution that meets these requirements?

A. Create a Simple AD domain, and establish a forest trust relationship with the onpremisesActive Directory domain. Set the Simple AD domain as the identity source for1AM Identity Center. Create the required role-based permission sets. Assign each group ofusers to the AWS accounts that the group will manage.
B. Create an Active Directory domain controller on an Amazon EC2 instance that is joinedto the on-premises Active Directory domain. Set the Active Directory domain controller asthe identity source for 1AM Identity Center. Create the required role-based permission sets.Assign each group of users to the AWS accounts that the group will manage.
C. Create an AD Connector that is associated with the on-premises Active Directorydomain. Set the AD Connector as the identity source for 1AM Identity Center. Create therequired role-based permission sets. Assign each group of users to the AWS accounts thatthe group will manage.
D. Use the built-in SSO directory as the identity source for 1AM Identity Center. Copy theusers and groups from the on-premises Active Directory domain. Create the required rolebasedpermission sets. Assign each group of users to the AWS accounts that the group willmanage.

Show Answer

---

Question # 3

A SysOps administrator is investigating a company's web application for performanceproblems The application runs on Amazon EC2 instances that are in an Auto Scalinggroup. The application receives large traffic increases at random times throughout the day.During periods of rapid traffic increases, the Auto Scaling group is not adding capacity fastenough. As a result, users are experiencing poor performance.The company wants to minimize costs without adversely affecting the user experiencewhen web traffic surges quickly. The company needs a solution that adds more capacity tome Auto Scaling group for larger traffic increases than for smaller traffic increases.How should the SysOps administrator configure the Auto Scaling group to meet theserequirements?

A. Create a simple scaling policy with settings to make larger adjustments in capacity whenthe system is under heavy load
B. Create a step scaling policy with settings to make larger adjustments in capacity whenthe system is under heavy load.
C. Create a target tracking scaling policy with settings to make larger adjustments incapacity when the system is under heavy load
D. Use Amazon EC2 Auto Scaling lifecycle hooks Adjust the Auto Scaling group'smaximum number of instances after every scaling event

Show Answer

---

Question # 4

A company hosts an application on Amazon EC2 instances The instances are in anAmazon EC2 Auto Scaling group that uses a launch template The amount of applicationtraffic changes throughout the day. Scaling events happen frequently.A SysOps administrator needs to help developers troubleshoot the application. When ascaling event removes an instance. EC2 Auto Scaling terminates the instance before thedevelopers can log in to the instance to diagnose issues.Which solution will prevent termination of the instance so that the developers can log in tothe instance?

A. Ensure that the Delete on termination setting is turned off in the UserData section of thelaunch template
B. Update the Auto Scaling group by enabling instance scale-in protection for newlylaunched instances.
C. Use Amazon Inspector to configure a rules package to protect the instances fromtermination.
D. Use Amazon GuardDuty to configure rules to protect the instances from termination.

Show Answer

---

Question # 5

A company is creating a new multi-account environment in AWS Organizations. The company will use AWS Control Tower to deploy the environment. Users must be able tocreate resources in approved AWS Regions only. The company must configure and governall accounts by using a standard baseline configuration Which combination of steps willmeet these requirements in the MOST operationally efficient way? (Select TWO.)

A. Create a permission set and a custom permissions policy in AWS IAM Identity Center(AWS Single Sign-On) for each user to prevent each user from creating resources inunapproved Regions.
B. Deploy AWS Config rules in each AWS account to govern the account's securitycompliance and to delete any resources that are created in unapproved Regions.
C. Deploy AWS Lambda functions to configure security settings across all accounts in theorganization and to delete any resources that are created in unapproved Regions.
D. Implement a service control policy (SCP) to deny any access to AWS based on therequested Region.
E. Modify the AWS Control Tower landing zone settings to govern the approved Regions.

Show Answer

---

Question # 6

A company runs a high performance computing (HPC) application on an Amazon EC2instance The company needs to scale this architecture to two or more EC2 instances. TheEC2 instances wilt need to communicate with each other at high speeds with low latency tosupport the application.The company wants to ensure that the network performance can support the requiredcommunication between the EC2 instances.What should a SysOps administrator do to meet these requirements?

A. Create a cluster placement group. Back up the existing EC2 instance to an AmazonMachine Image (AMI). Restore the EC2 instance from the AMI into the placement groupLaunch the additional EC2 instances into the placement group
B. Back up the existing EC2 instance to an Amazon Machine Image (AMI). Create a launchtemplate from the existing EC2 instance by specifying the AMI. Create an Auto Scalinggroup and configure the desired instance count.
C. Create a Network Load Balancer (NLB) and a target group. Launch the new EC2instances and register them with the target group Register the existing EC2 instance withthe target group. Pass all application traffic through the NLB.
D. Back up the existing EC2 Instance to an Amazon Machine Image (AMI). Createadditional clones of the EC2 instance from the AMI in the same Availability Zone where theexisting EC2 instance is located.

Show Answer

---

Question # 7

A SysOps administrator wants to securely share an object from a private Amazon S3bucket with a group of users who do not have an AWS account. What is the MOSToperationally efficient solution that will meet this requirement?

A. Attach an S3 bucket policy that only allows object downloads from the users' IP addresses.
B. Create an 1AM role that has access to the object. Instruct the users to assume the role.
C. Create an 1AM user that has access to the object. Share the credentials with the users.
D. Generate a presigned URL for the object. Share the URL with the users.

Show Answer

---

Question # 8

A company migrates a write-once, read-many (WORM) drive to an Amazon S3 bucket thathas S3 Object Lock configured in governance mode. During the migration, the companycopies unneeded data to the S3 bucket.A SysOps administrator attempts to delete the unneeded data from the S3 bucket by usingthe AWS CLI. However, the SysOps administrator receives an error.Which combination of steps should the SysOps administrator take to successfully deletethe unneeded data? (Select TWO.)

A. Increase the Retain Until Date.
B. Assume a role that has the s3:BypassLegalRetention permission.
C. Assume a role that has the s3:BypassGovernanceRetention permission.
D. Include the x-amz-bypass-governance-retention:true header in the request when issuingthe delete command.
E. Include the x-amz-bypass-legal-retention:true header in the request when issuing thedelete command.

Show Answer

---

Question # 9

A company has a secure website running on Amazon EC2 instances behind an ApplicationLoad Balancer (ALB). An SSL certificate from AWS Certificate Manager (ACM) is used onthe ALB. Users with legacy web browsers are experiencing issues with the website.How should the SysOps administrator resolve these issues in the MOST operationallyefficient manner?

A. Create a new SSL certificate in ACM and install the new certificate on the ALB tosupport legacy web browsers.
B. Create a second ALB and install a custom SSL certificate with a different domain nameon the second ALB to support legacy web browsers.
C. Remove the ALB from the configuration and install a custom SSL certificate on eachweb server.
D. Update the SSL negotiation configuration of the ALB with a security policy that containsciphers for legacy web browsers.

Show Answer

---

Question # 10

A company has an application that is deployed 10 two AWS Regions in an active-passiveconfiguration. The application runs on Amazon EC2 instances behind an Application LoadBalancer (ALB) in each Region. The instances are in an Amazon EC2 Auto Scaling groupin each Region. The application uses an Amazon Route 53 hosted zone (or DNS. ASysOps administrator needs to configure automatic failover to the secondary Region.What should the SysOps administrator do to meet these requirements

A. Configure Route 53 alias records that point to each ALB. Choose a failover routingpolicy. Set Evaluate Target Health to Yes.
B. Configure CNAME records that point to each ALB. Choose a failover routing policy. SetEvaluate Target Health to Yes.
C. Configure Elastic Load Balancing (ELB) health checks for the Auto Scaling group. Add a target group to the ALB in the primary Region. Include the EC2 instances in the secondaryRegion astargets.
D. Configure EC2 health checks for the Auto Scaling group. Add a target group to the ALBin the primary Region. Include the EC2 instances in the secondary Region as targets.

Show Answer

---

Question # 11

A company receives an alert from an Amazon CloudWatch alarm The alarm indicates that a web application that Is running on Amazon EC2 instances is not responding to requestsThe EC2 instances have a Red Hat Enterprise Linux operating system and are in an AutoScaling group. The Auto Scaling group has a minimum capacity of 2 and a maximumcapacity of 5.An Investigation reveals that the web application is experiencing oul-of-memory errors. Thecompany adds memory lo the web application and wants to track operating systemmemory utilization. A CloudWatch memory metric does not currently exist tor the EC2Instances in the Auto Scaling groupWhat should a SysOps administrator do to provide a CloudWatch memory metric for theEC2 instances?

A. Use an Amazon Machine Image (AMI) that includes the CloudWatch agent.
B. Turn on CloudWatch detailed monitoring
C. Turn on Instance Metadata Service Version 2 (IMOSv2).
D. Use an Amazon Machine Image (AMI) that is based on Amazon Linux.

Show Answer

---

Question # 12

A company runs an application on hundreds of Amazon EC2 instances in three AvailabilityZones The application calls a third-parly API over the public internet A SysOpsadministrator must provide the third party with a list of static IP addresses so that the thirdparty can allow traffic from the applicationWhich solution will meet these requirements?

A. Add a NAT gateway in the public subnet of each Availability Zone. Make the NATgateway the default route of all private subnets In those Availability Zones.
B. Allocate one Elastic IP address in each Availability Zone. Associate the Elastic IPaddress with all the instances in the Availability Zone
C. Place the instances behind a Network Load Balancer (NLB). Send the traffic to theinterne! through the private IP address of the NLB
D. Update the main route table to send the traffic to the internet through an Elastic IPaddress that is assigned to each instance.

Show Answer

---

Question # 13

A company has a cluster of Linux Amazon EC2 Spot Instances that read many files fromand write many files to attached Amazon Elastic Block Store (Amazon EBS) volumes. TheEC2 instances are frequently started and stopped. As part of the process when an EC2instance starts, an EBS volume is restored from a snapshot.EBS volumes that are restored from snapshots are experiencing initial performance that islower than expected. The company's workload needs almost all the provisioned IOPS onthe attached EBS volumes. The EC2 instances are unable to support the workload whenthe performance of the EBS volumes is too low. A SysOps administrator must implement asolution to ensure that the EBS volumes provide the expected performance when they arerestored from snapshots.Which solution will meet these requirements?

A. Configure fast snapshot restore (FSR) on the snapshots that are used.
B. Restore each snapshot onto an unencrypted EBS volume. Encrypt the EBS volume when the performance stabilizes.
C. Format the EBS volumes as XFS file systems before restoring the snapshots.
D. Increase the Linux read-ahead buffer to 1 MiB.

Show Answer

---

Question # 14

A SysOps administrator manages policies for many AWS member accounts in an AWSOrganizations structure. Administrators on other teams have access to the account rootuser credentials of the member accounts. The SysOps administrator must prevent allteams, including their administrators, from using Amazon DynamoDB. The solution mustnot affect the ability of the teams to access other AWS services.Which solution will meet these requirements?

A. In all member accounts, configure 1AM policies that deny access to all DynamoDBresources for all users, including the root user.
B. Create a service control policy (SCP) in the management account to deny allDynamoDB actions. Apply the SCP to the root of the organization
C. In all member accounts, configure 1AM policies that deny AmazonDynamoDBFullAccess to all users, including the root user.
D. Remove the default service control policy (SCP) in the management account. Create areplacement SCP that includes a single statement that denies all DynamoDB actions.

Show Answer

---

Question # 15

A Sysops administrator launches an Amazon EC2 instance from a Windows AmazonMachine Image (AMI). The EC2 instance includes additional Amazon Elastic Block Store(Amazon EBS) volumes. When the instance is launched, none of the additional AmazonElastic Block Store (Amazon EBS) volumes are initialized and ready for use through a driveletter. The SysOps administrator needs to automate the EBS volume initialization.Which solution will meet these requirements in the MOST operationally efficient way?

A. Create an Amazon EventBridge rule. Configure an AWS Systems Manager Automationrunbook as a target of the EventBridge rule to initialize the disks after an EC2 instancelaunch event.
B. Create an AmazolkventBridge rule. Configure an AWS Lambda function as a target ofthe EventBridge rule to initialize the drives after the AMI is launched.
C. Create an AWS Config rule to automatically initialize the EBS volumes on Windows EC2instances.
D. Add the secondary volume configuration to the DriveLetterMappingConfig.json file.Configure the InitializeDisks.ps1 Windows PowerShell script to run at launch. Create a newAMI from the running EC2 instance.

Show Answer

---

Question # 16

A company stores its data in an Amazon S3 bucket. The company is required to classifythe data and find any sensitive personal information in its S3 files. Which solution will meet these requirements?

A. Create an AWS Config rule to discover sensitive personal information in the S3 files andmark them as noncompliant.
B. Create an S3 event-driven artificial intelligence/machine learning (AI/ML) pipeline toclassify sensitive personal information by using Amazon Recognition.
C. Enable Amazon GuardDuty. Configure S3 protection to monitor all data inside Amazon S3.
D. Enable Amazon Macie. Create a discovery job that uses the managed data identifier.

Show Answer

---

Question # 17

A company hosts a web application on Amazon EC2 instances behind an Application LoadBalancer (ALB). The company uses Amazon Route 53 to route traffic.The company also has a static website that is configured in an Amazon S3 bucket.A SysOps administrator must use the static website as a backup to the web application.The failover to the static website must be fully automated.Which combination of actions will meet these requirements? (Choose two.)

A. Create a primary failover routing policy record. Configure the value to be the ALB.
B. Create an AWS Lambda function to switch from the primary website to the secondarywebsite when the health check fails.
C. Create a primary failover routing policy record. Configure the value to be the ALB.Associate the record with a Route 53 health check.
D. Create a secondary failover routing policy record. Configure the value to be the staticwebsite. Associate the record with a Route 53 health check.
E. Create a secondary failover routing policy record. Configure the value to be the staticwebsite.

Show Answer

---

Question # 18

A company is using AWS Certificate Manager (ACM) to manage public SSL/TLScertificates. A SysOps administrator needs to send an email notification when a certificatehas less than 14 days until expiration.Which solution will meet this requirement with the LEAST operational overhead?

A. Create an Amazon CloudWatch custom metric to monitor certificate expiration for allACM certificates. Create an Amazon EventBridge rule that has an event source of a ws.cloud watch Configure the rule to send an event to a target Amazon Simple NotificationService (Amazon SNS) topic if the DaysToExpiry metric is less than 14. Subscribe theappropriate email addresses to the SNS topic.
B. Create an Amazon EventBridge rule that has an event source of aws.acm. Configure therule to evaluate the DaysToExpiry melric for all ACM certificates.Configure the rule to send an event to a target Amazon Simple Notification Service(Amazon SNS) topic if DaysToExpiry is less than 14. Subscribe the appropriate emailaddresses to the SNS topic.
C. Create an Amazon CloudWatch dashboard that displays the DaysToExpiry metric for allACM certificates. If DaysToExpiry is less than 14, send an emailmessage to the appropriate email addresses. Send the email message by running apredefined CLI command to publish to an Amazon Simple Notification Service (AmazonSNS) topic.
D. Create an Amazon EventBridge rule that has an event source of aws.acm. Configure therule to evaluate the DaysToExpiry metric for all ACM certificates. Configure a target SMSidentity that uses a predefined email template. Configure the rule to send an event to thetarget SMS identity if DaysToExpiry is less than 14.

Show Answer

---

Question # 19

A company wants to monitor the security groups of its Amazon EC2 instances to ensurethat SSH is not open to the public. If the port is opened, the company needs to close theport as soon as possible.Which combination of actions should a SysOps administrator take to meet theserequirements? (Select TWO.)

A. Add an Amazon CloudWatch alarm to detect the security groups that allow SSH.
B. Add an AWS Config rule to detect the security groups that allow SSH.
C. Add an assessment template to Amazon Inspector to detect the security groups that allow SSH
D. Call an AWS Systems Manager Automation runbook to close the port.
E. Call AWS Systems Manager Run Command to close the port.

Show Answer

---

Question # 20

A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances onAWS. A SysOps administrator needs to keep the instances and all of the instances’ data,even if someone deletes the stack.Which solution will meet these requirements?

A. Set the DeletionPolicy attribute to Snapshot for the EC2 instance resource in theCloudFormation template.
B. Automate backups by using Amazon Data Lifecycle Manager (Amazon DLM).
C. Create a backup plan in AWS Backup.
D. Set the DeletionPolicy attribute to Retain for the EC2 instance resource in theCloudFormation template.

Show Answer

---

Question # 21

A company has a compliance requirement that no security groups can allow SSH ports tobe open to all IP addresses. A SysOps administrator must implement a solution that willnotify the company's SysOps team when a security group rule violates this requirement.The solution also must remediate the security group rule automatically.Which solution will meet these requirements?

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes anAWS Lambda function when a security group changes. Configure the Lambda function to evaluate the security group for compliance, remove all inbound security group rules on allports, and notify the SysOps team if the security group is noncompliant.
B. Create an AWS CloudTrail metric filter for security group changes. Create an AmazonCloudWatch alarm to notify the SysOps team through an Amazon Simple NotificationService (Amazon SNS) topic when (he metric is greater than 0. Subscribe an AWS Lambdafunction to the SNS topic to remediate the security group rule by removing the rule.
C. Activate the AWS Config restricted-ssh managed rule. Add automatic remediation to theAWS Config rule by using the AWS Systems Manager Automation AWSDisablePublicAccessForSecurityGrouprunbook. Create an Amazon EventBridge (AmazonCloudWatch Events) rule to notify the SysOps team when the rule is noncompliant.
D. Create an AWS CloudTrail metric filter for security group changes. Create an AmazonCloudWatch alarm for when the metric is greater than 0. Add an AWS Systems Manageraction to the CloudWatch alarm to suspend the security group by using the SystemsManager Automation AWS-DisablePublicAccessForSecurityGroup runbook when the alarmis in ALARM state. Add an Amazon Simple Notification Service (Amazon SNS) topic as asecond target to notify the SysOps team.

Show Answer

---

Question # 22

A SysOps administrator manages a company's Amazon S3 buckets. The SysOpsadministrator has identified 5 GB of incomplete multipart uploads in an S3 bucket in thecompany's AWS account. The SysOps administrator needs to reduce the number ofincomplete multipart upload objects in the S3 bucket.Which solution will meet this requirement?

A. Create an S3 Lifecycle rule on the S3 bucket to delete expired markers or incompletemultipart uploads
B. Require users that perform uploads of files into Amazon S3 to use the S3 TransferUtility.
C. Enable S3 Versioning on the S3 bucket that contains the incomplete multipart uploads.
D. Create an S3 Object Lambda Access Point to delete incomplete multipart uploads.

Show Answer

---

Question # 23

A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company’s AWS accountThe SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys anAmazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a privatesubnet. An application that runs on the EC2 instance needs to connect to the database. What should the SysOps administrator do to give the EC2 instance the ability to connect tothe database?

A. Enter the DB instance connection string into the VPC1 route table.
B. Configure VPC peering between the two VPCs.
C. Add the same IPv4 CIDR range for both VPCs.
D. Connect to the DB instance by using the DB instance’s public IP address.

Show Answer

---

Question # 24

A company has a policy that requires all Amazon EC2 instances to have a specific set oftags. If an EC2 instance does not have the required tags, the noncompliant instance shouldbe terminated.What is the MOST operationally efficient solution that meets these requirements?

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all EC2instance state changes to an AWS Lambda function to determine if each instance iscompliant. Terminate any noncompliant instances.
B. Create an IAM policy that enforces all EC2 instance tag requirements. If the requiredtags are not in place for an instance, the policy will terminate noncompliant instance.
C. Create an AWS Lambda function to determine if each EC2 instance is compliant andterminate an instance if it is noncompliant. Schedule the Lambda function to invoke every 5minutes.
D. Create an AWS Config rule to check if the required tags are present. If an EC2 instanceis noncompliant, invoke an AWS Systems Manager Automation document to terminate theinstance.

Show Answer

---

Question # 25

A company is using an Amazon CloudWatch alarm lo monitor the FreeLocalStorage metricfor an Amazon Aurora PostgreSQL production database The alarm goes into ALARM stateand indicates that the database is running low on temporary storage. A SysOpsadministrator discovers that a weekly report is using most of the temporary storage that iscurrently allocated.What should the SysOps administrator do to solve this problem?

A. Turn on Aurora PostgreSQL query plan management.
B. Modify the configuration of the DB cluster to turn on storage auto scaling.
C. Add an Aurora read replica to the DB cluster. Modify the report lo use the new read replica.
D. Modify the DB instance class for each DB instance In the DB cluster to increase the instance size.

Show Answer

---

Question # 26

A SysOps administrator is responsible for more than 50 Amazon EC2 instances mat aredeployed in a single production AWS account The EC2 instances are running severaldifferent operating systems The company's standards require patching to be completed atleast once a month.The SysOps administrator wants to use AWS Systems Manager to reduce the number ofhours the company spends on operating system patching each month.Which combination of steps should the SysOps administrator take to meet theserequirements? (Select THREE.)

A. Group similar EC2 instances together into resource groups by using AWS ResourceGroups
B. Create a schedule in Systems Manager Patch Manager. Specify the appropriateresource group as the target
C. Specify Systems Manager Automation runbooks to patch the operating systems.Register the runbooks as tasks in the maintenance window. Specify the appropriateresource group as the target
D. Create a Systems Manager Automation runbook to monitor and control the state of thepatches required. Apply the runbook to Systems Manager Patch Manager
E. Create a single Systems Manager maintenance window for each resource group
F. Configure Systems Manager Fleet Manager to apply a Systems Manager Automationrunbook to the appropriate resource group.

Show Answer

---

Question # 27

A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances.These EC2 instances upload build artifacts to a third-party service. The third-party servicerecently implemented a strict IP allow list that requires all build uploads to come from asingle IP address.What change should the systems administrator make to the existing build fleet to complywith this new requirement?

A. Move all of the EC2 instances behind a NAT gateway and provide the gateway IPaddress to the service.
B. Move all of the EC2 instances behind an internet gateway and provide the gateway IPaddress to the service.
C. Move all of the EC2 instances into a single Availability Zone and provide the AvailabilityZone IP address to the service.
D. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to theservice.

Show Answer

---

Question # 28

A Sysops administrator wants to share a copy of a production database with a migrationaccount. The production database is hosted on an Amazon RDS DB instance and isencrypted at rest with an AWS Key Management Service (AWS KMS) key that has an alias ofWhat must the Sysops administrator do to meet these requirements with the LEAST administrative overhead?

A. Take a snapshot of the RDS DB instance in the production account. Amend the KMSkey policy of the production-rds-key KMS key to give access to the migration account's rootuser. Share the snapshot with the migration account.
B. Create an RDS read replica in the migration account. Configure the KMS key policy toreplicate the production-rds-key KMS key to the migration account.
C. Take a snapshot of the RDS DB instance in the production account. Share the snapshotwith the migration account. In the migration account, create a new KMS key that has anidentical alias.
D. Use native database toolsets to export the RDS DB instance to Amazon S3. Create anS3 bucket and an S3 bucket policy for cross-account access between the productionaccount and the migration account. Use native database toolsets to import the databasefrom Amazon S3 to a new RDS DB instance.

Show Answer

---

Question # 29

A company runs a web application on three Amazon EC2 instances behind an ApplicationLoad Balancer (ALB). Web traffic increases significantly during the same 9-hour periodevery day and causes a decrease in the application's performance. A SysOps administratormust scale the application ahead of the changes in demand to accommodate the increasedtraffic.Which solution will meet these requirements?

A. Create an Amazon CloudWatch alarm to monitor application latency. Configure an alarmaction to increase the size of each EC2 instance if the latency threshold is reached.
B. Create an Amazon EventBridge rule to monitor application latency. Configure the rule toadd an EC2 instance to the ALB if the latency threshold is reached
C. Deploy the application to an EC2 Auto Scaling group that uses a target tracking scalingpolicy. Attach the ALB to the Auto Scaling group.
D. Deploy the application to an EC2 Auto Scaling group that uses a scheduled scalingpolicy. Attach the ALB to the Auto Scaling group.

Show Answer

---

Question # 30

ASysOps administrator configures an application to run on Amazon EC2 instances behindan Application Load Balancer (ALB) in a simple scaling Auto Scaling group with the defaultsettings. The Auto Scaling group is configured to use the RequestCountPerTarget metricfor scaling. The SysOps administrator notices that the RequestCountPerTarget metricexceeded the specified limit twice in 180 seconds.How will the number of EC2 instances in this Auto Scaling group be affected in thisscenario?

A. The Auto Scaling group will launch an additional EC2 instance every time theRequestCountPerTarget metric exceeds the predefined limit.
B. The Auto Scaling group will launch one EC2 instance and will wait for the defaultcooldown period before launching another instance.
C. The Auto Scaling group will send an alert to the ALB to rebalance the traffic and not addnew EC2 instances until the load is normalized.
D. The Auto Scaling group will try to distribute the traffic among all EC2 instances beforelaunching another instance.

Show Answer

---

Question # 31

A company's SysOps administrator maintains a highly available environment. Theenvironment includes Amazon EC2 instances and an Amazon RDS Multi-AZ database.The EC2 instances are in an Auto Scaling group behind an Application Load Balancer.Recently, the company conducted a failover test. The SysOps administrator needs todecrease the failover time of the RDS database by at least 10%.Which solution will meet this requirement?

A. Increase the RDS instance size.
B. Modify the RDS cluster to run in a single Availability Zone.
C. Create a read replica in another AWS Region. Promote the read replica in case offailure.
D. Create an RDS proxy. Point the application to the proxy endpoint.

Show Answer

---

Question # 32

A company has developed a service that is deployed on a fleet of Linux-based AmazonEC2 instances that are in an Auto Scaling group. The service occasionally failsunexpectedly because of an error in the application code. The company's engineering teamdetermines that resolving the underlying cause of the service failure could take severalweeks.A SysOps administrator needs to create a solution to automate recovery if the servicecrashes on any of the EC2 instances.Which solutions will meet this requirement? (Select TWO.)

A. Install the Amazon CloudWatch agent on the EC2 instances. Configure the CloudWatchagent to monitor the service. Set the CloudWatch action to restart if the service healthcheck fails.
B. Tag the EC2 instances. Create an AWS Lambda function that uses AWS SystemsManager Session Manager to log in to the tagged EC2 instances and restart the service.Schedule the Lambda function to run every 5 minutes.
C. Tag the EC2 instances. Use AWS Systems Manager State Manager to create anassociation that uses the AWS-RunSheIIScript document. Configure the associationcommand with a script that checks if the service is running and that starts the service if theservice is not running. For targets, specify the EC2 instance tag. Schedule the associationto run every 5 minutes.
D. Update the EC2 user data that is specified in the Auto Scaling group's launch templateto include a script that runs on a cron schedule every 5 minutes.
E. Update the EC2 user data that is specified in the Auto Scaling group's launch templateto ensure that the service runs during startup. Redeploy all the EC2 instances in the AutoScaling group with the updated launch template.

Show Answer

---

Question # 33

Users of a company's internal web application recently experienced applicationperformance issues for a brief period The application includes frontend web servers thatrun in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster The application alsoincludes a bacKend Amazon Aurora PostgreSQL DB cluster that includes one DB instance.A SysOps administrator determines that the source of the performance issues was highutilization of the DB cluster. The single writer instance experienced more than 90%utilization for 11 minutes The cause of the high utilization was an automated report that isscheduled to run one time each weekWhat should the SysOps administrator do to ensure that users do not experienceperformance Issues each week when the report runs?

A. Increase the size of the DB instance. Monitor the performance during the nextscheduled run of the report
B. Add a reader instance. Change the database connection string of the report applicationto use the newly created reader instance.
C. Add another writer instance Change the database connection string of the reportapplication to use the newly created writer instance.
D. Configure auto scaling for the DB cluster Set the minimum capacity units, maximumcapacity units, and target utilization

Show Answer

---

Question # 34

A company has an application that collects notifications from thousands of alarm systems.The notifications include alarm notifications and information notifications. The informationnotifications include the system arming processes, disarming processes, and sensorstatus. All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS)queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. ASysOps administrator needs to implement a solution that prioritizes alarm notifications overinformation notifications.Which solution will meet these requirements?

A. Adjust the Auto Scaling group to scale faster when a high number of messages is in thequeue.
B. Use the Amazon Simple Notification Service (Amazon SNS) fanout feature with AmazonSQS to send the notifications in parallel to all the EC2 instances.
C. Add an Amazon DynamoDB stream to accelerate the message processing.
D. Create a queue for alarm notifications and a queue for information notifications. Updatethe application to collect messages from the alarm notifications queue first.

Show Answer

---

Question # 35

A company that uses AWS Organizations recently implemented AWS Control Tower Thecompany now needs to centralize identity management A SysOps administrator mustfederate AWS 1AM Identity Center with an external SAML 2.0 identity provider (IdP) tocentrally manage access to all the company's accounts and cloud applicationsWhich prerequisites must the SysOps administrator have so that the SysOps administratorcan connect to the external IdP? (Select TWO.)

A. A copy of the 1AM Identity Center SAML metadata
B. The IdP metadata, including the public X.509 certificate
C. The IP address of the IdP
D. Root access to the management account
E. Administrative permissions to the member accounts of the organization

Show Answer

---

Question # 36

A company uses AWS Organizations to manage its multi-account environment. Theorganization contains a dedicated account for security and a dedicated account for logging.A SysOps administrator needs to implement a centralized solution that provides alertswhen a resource metric in any account crosses a standard defined threshold.Which solution will meet these requirements?

A. Deploy an AWS CloudFormation stack set to the accounts in the organization. Use atemplate that creates the required Amazon CloudWatch alarms and references an AmazonSimple Notification Service (Amazon SNS) topic in the logging account with publishpermissions for all the accounts.
B. Deploy an AWS CloudFormation stack in each account. Use the stack to deploy therequired Amazon CloudWalch alarms and the required Amazon Simple Notification Service(Amazon SNS) topic.
C. Deploy an AWS Lambda function on a cron job in each account. Configure the Lambdafunction to read resources that are in the account and to invoke an Amazon SimpleNotification Service (Amazon SNS) topic if any metrics cross the defined threshold.
D. Deploy an AWS CloudFormation change set to the organization. Use a template tocreate the required Amazon CloudWatch alarms and to send alerts to a verified AmazonSimple Email Service (Amazon SES) identity.

Show Answer

---

Question # 37

A company hosts a production MySQL database on an Amazon Aurora single-node DBcluster. The database is queried heavily for reporting purposes. The DB cluster isexperiencing periods of performance degradation because of high CPU utilization andmaximum connections errors. A SysOps administrator needs to improve the stability of thedatabase.Which solution will meet these requirements?

A. Create an Aurora Replica node. Create an Auto Scaling policy to scale replicas basedon CPU utilization. Ensure that all reporting requests use the read-only connection string.
B. Create a second Aurora MySQL single-node DB cluster in a second Availability Zone.Ensure that all reporting requests use the connection string for this additional node.
C. Create an AWS Lambda function that caches reporting requests. Ensure that allreporting requests call the Lambda function.
D. Create a multi-node Amazon ElastiCache cluster. Ensure that all reporting requests usethe ElastiCache cluster. Use the database if the data is not in the cache.

Show Answer

---

Question # 38

A company runs its web application on multiple Amazon EC2 instances that are part of anAuto Scaling group. The company wants the Auto Scaling group to scale out as soon asCPU utilization rises above 50% for the instances.How should a SysOps administrator configure the Auto Scaling group to meet theserequirements?

A. Configure the Auto Scaling group to scale based on events.
B. Configure the Auto Scaling group to scale based on a schedule.
C. Configure the Auto Scaling group to scale dynamically based on demand.
D. Configure the Auto Scaling group to use predictive scaling.

Show Answer

---

Question # 39

A company manages its production applications across several AWS accounts. Thecompany hosts the production applications on Amazon EC2 instances that run AmazonLinux 2. The EC2 instances are spread across multiple VPCs. Each VPC uses its ownAmazon Route 53 private hosted zone for private DNS.A VPC from Account A needs to resolve private DNS records from a private hosted zonethat is associated with a different VPC in Account B.What should a SysOps administrator do to meet these requirements?

A. In Account A, create an AWS Systems Manager document that updates the/etc/resolv.conf file across all EC2 instances to point to the AWS provided default DNSresolver for the VPC in Account B.
B. In Account A, create an AWS CloudFormation template that associates the privatehosted zone from Account B with the private hosted zone in Account A.
C. In Account A, use the AWS CLI to create a VPC association authorization. When theassociation is created, use the AWS CLI in Account B to associate the VPC from AccountA with the private hosted zone in Account B.
D. In Account B, use the AWS CLI to create a VPC association authorization. When the association is created, use the AWS CLI in Account A to associate the VPC from AccountB with the private hosted zone in Account A.

Show Answer

---

Question # 40

A company is running production workloads that use a Multi-AZ deployment of an AmazonRDS for MySQL db.m6g.xlarge (general purpose) standard DB instance. Users report thatthey are frequently encountering a "too many connections" error. A SysOps administrator observes that the number of connections on the database is high.The SysOps administrator needs to resolve this issue while keeping code changes to a minimum.Which solution will meet these requirements MOST cost-effectively?

A. Modify the RDS for MySQL DB instance to a larger instance size.
B. Migrate the RDS for MySQL DB instance to Amazon DynamoDB.
C. Configure RDS Proxy. Modify the application configuration file to use the RDS Proxy endpoint.
D. Modify the RDS for MySQL DB instance to a memory optimized DB instance.

Show Answer

---

Question # 41

A company's social media application has strict data residency requirements. The companywants to use Amazon Route 53 to provide the application with DNS services. A SysOpsadministrator must implement a solution that routes requests to a defined list of AWSRegions. The routing must be based on the user's location. Which solution will meet theserequirements?

A. Configure a Route 53 latency routing policy.
B. Configure a Route 53 multivalue answer routing policy.
C. Configure a Route 53 geolocation routing policy.
D. Configure a Route 53 IP-based routing policy.

Show Answer

---

Question # 42

A company is running Amazon EC2 On-Demand Instances in an Auto Scaling group. Theinstances process messages from an Amazon Simple Queue Service (Amazon SQS)queue. The Auto Scaling group is set to scale based on the number of messages in thequeue. Messages can take up to 12 hours to process completely. A SysOps administratormust ensure that instances are not interrupted during message processing.What should the SysOps administrator do to meet these requirements?

A. Enable instance scale-in protection for the specific instance in the Auto Scaling group atthe start of message processing by calling the Amazon EC2 Auto Scaling API from theprocessing script. Disable instance scale-in protection after message processing iscomplete by calling the Amazon EC2 Auto Scaling API from the processing script.
B. Set the Auto Scaling group's termination policy to OldestInstance.
C. Set the Auto Scaling group's termination policy to OldestLaunchConfiguration.
D. Suspend the Launch and Terminate scaling processes for the specific instance in theAuto Scaling group at the start of message processing by calling the Amazon EC2 AutoScaling API from the processing script. Resume the scaling processes after messageprocessing is complete by calling the Amazon EC2 Auto Scaling API from the processingscript.

Show Answer

---

Question # 43

A company deployed a new web application on multiple Amazon EC2 instances behind anApplication Load Balancer (ALB). The EC2 instances run in an Auto Scaling group. Usersreport that they are frequently being prompted to log in.What should a SysOps administrator do to resolve this issue?

A. Configure an Amazon CloudFront distribution with the ALB as the origin.
B. Enable sticky sessions (session affinity) for the target group of EC2 instances.
C. Redeploy the EC2 instances in a spread placement group.
D. Replace the ALB with a Network Load Balancer.

Show Answer

---

Question # 44

A company is implementing a monitoring solution that is based on machine learning. Themonitoring solution consumes Amazon EventBridge (Amazon CloudWatch Events) eventsthat are generated by Amazon EC2 Auto Scaling. The monitoring solution providesdetection of anomalous behavior such as unanticipated scaling events and is configured asan EventBridge (CloudWatch Events) API destination.During initial testing, the company discovers that the monitoring solution is not receivingevents. However, Amazon CloudWatch is showing that the EventBridge (CloudWatchEvents) rule is being invoked. A SysOps administrator must implement a solution toretrieve client error details to help resolve this issue.Which solution will meet these requirements with the LEAST operational effort?

A. Create an EventBridge (CloudWatch Events) archive for the event pattern to replay theevents. Increase the logging on the monitoring solution. Use replay to invoke themonitoring solution. Examine the error details.
B. Add an Amazon Simple Queue Service (Amazon SQS) standard queue as a dead-letterqueue for the target. Process the messages in the dead-letter queue to retrieve errordetails.
C. Create a second EventBridge (CloudWatch Events) rule for the same event pattern totarget an AWS Lambda function. Configure the Lambda function to invoke the monitoringsolution and to record the results to Amazon CloudWatch Logs. Examine the errors in thelogs.
D. Configure the EventBridge (CloudWatch Events) rule to send error messages to anAmazon Simple Notification Service (Amazon SNS) topic.

Show Answer

---

Question # 45

A company is using an Amazon EC2 Auto Scaling group to support a workload A Sytfhecompany now needs to centruito Scaling group is configured with two similar scalingpolicies dP) to centrally manage access to One scaling policy adds 5 instances when CPUutilization reaches 80%. The other sctrator can connect to the extemahen CPU utilizationleaches 80%.What will happen when CPU utilization reaches the 80% threshold?

A. Amazon EC2 Auto Scaling will add 5 instances
B. Amazon EC2 Auto Scaling will add 10 instances
C. Amazon EC2 Auto Scaling will add 15 instances.
D. The Auto Scaling group will not scale because of conflicting policies

Show Answer

---

Question # 46

A global company operates out of five AWS Regions. A SysOps administrator wants toidentify all the company's tagged and untagged Amazon EC2 instance The company requires the output to display the instance ID and tags. What is the MOST operationally efficient way for the SysOps administrator to meet theserequirements?

A. Create a tag-based resource group in AWS Resource Groups.
B. Use AWS Trusted Advisor. Export the EC2 On-Demand Instances check results from Trusted Advisor.
C. Use Cost Explorer. Choose a service type of EC2-Instances, and group by Resource.
D. Use Tag Editor in AWS Resource Groups. Select all Regions, and choose a resourcetype of AWS::EC2::Instance.

Show Answer

---

Question # 47

A Sysops administrator configured AWS Backup to capture snapshots from a singleAmazon EC2 instance that has one Amazon Elastic Block Store (Amazon EBS) volumeattached. On the first snapshot, the EBS volume has 10 GiB of data. On the secondsnapshot, the EBS volume still contains 10 GiB of data, but 4 GiB have changed. On thethird snapshot, 2 GiB of data have been added to the volume, for a total of 12 GiB.How much total storage is required to store these snapshots?

A. 12 GiB
B. 16 GiB
C. 26 GiB
D. 32 GiB

Show Answer

---

Question # 48

A SysOps administrator has set up a new Amazon EC2 instance as a web server in apublic subnet. The instance uses HTTP port 80 and HTTPS port 443.The SysOps administrator has confirmed internet connectivity by downloading operatingsystem updates and software from public repositories. However, the SysOps administratorcannot access the instance from a web browser on the internet.Which combination of steps should the SysOps administrator take to troubleshoot thisissue? (Select THREE.)

A. Ensure that the inbound rules of the instance's security group allow traffic on ports 80 and 443.
B. Ensure that the outbound rules of the instance's security group allow traffic on ports 80 and 443.
C. Ensure that ephemeral ports 1024-65535 are allowed in the inbound rules of thenetwork ACL that is associated with the instance's subnet.
D. Ensure that ephemeral ports 1024-65535 are allowed in the outbound rules of thenetwork ACL that is associated with the instance's subnet.
E. Ensure that the filtering rules for any firewalls that are running on the instance allowinbound traffic on ports 80 and 443.
F. Ensure that AWS WAF is turned on for the instance and is blocking web traffic.

Show Answer

---

Question # 49

A SysOps administrator needs to ensure that an Amazon RDS for PostgreSQL DBinstance has available backups The DB instance has automated backups turned on with abackup retention period of 7 days. However, no automated backups for the DB instancehave been created in the past month. What could be the cause of the lack of automated backups?

A. The Amazon S3 bucket that stores the backups is full
B. The DB instance is in the STORAGE_FULL state
C. The DB instance is not configured for Multi-AZ.
D. The backup retention period must be 30 days.

Show Answer

---

Question # 50

A company needs to monitor the disk utilization of Amazon Elastic Block Store (AmazonEBS) volumes The EBS volumes are attached to Amazon EC2 Linux Instances A SysOpsadministrator must set up an Amazon CloudWatch alarm that provides an alert when diskutilization increases to more than 80%.Which combination of steps must the SysOps administrator lake lo meet theserequirements? (Select THREE.)

A. Create an 1AM role that includes the Cloud Watch AgentServerPol icy AWS managedpolicy Attach me role to the instances
B. Create an 1AM role that includes the CloudWatchApplicationInsightsReadOnlyAccessAWS managed policy. Attach the role to the instances
C. Install and start the CloudWatch agent by using AWS Systems Manager or thecommand line
D. Install and start the CloudWatch agent by using an 1AM role. Attach the Cloud WatchAgentServerPolicy AWS managed policy to the role.
E. Configure a CloudWatch alarm to enter ALARM state when the disk_used_percentCloudWatch metric is greater than 80%.
F. Configure a CloudWatch alarm to enter ALARM state when the disk_used CloudWatchmetric is greater than 80% or when the disk_free CloudWatch metric is less than 20%.

Show Answer

---

Question # 51

A company is experiencing issues with legacy software running on Amazon EC2 instances.Errors occur when the total CPU utilization on the EC2 instances exceeds 80%. A shorttermsolution is required while the software is being rewritten. A SysOps administrator istasked with creating a solution to restart the instances when the CPU utilization rises above80%.Which solution meets these requirements with the LEAST operational overhead?

A. Write a script that monitors the CPU utilization of the EC2 instances and reboots theinstances when utilization exceeds 80%. Run the script as a cron job.
B. Add an Amazon CloudWatch alarm for CPU utilization and configure the alarm action toreboot the EC2 instances.
C. Create an Amazon EventBridge rule using the predefined patterns for CPU utilization ofthe EC2 instances. When utilization exceeds 80%, invoke an AWS Lambda function torestart the instances.
D. Add an Amazon CloudWatch alarm for CPU utilization and configure an AWS SystemsManager Automation runbook to reboot the EC2 instances when utilization exceeds 80%.

Show Answer

---

Testimonials

Write a review

Name *

Email *

Review *

Submit