751. A Security team is concerned about the potential of intellectual property leaking to the internet. A SysOps Administrator is tasked with identifying controls to address the potential problem. The servers in question reside in a VPC and cannot be allowed to send traffic to the internet.
How can these requirements be met? Edit the route for the subnet with the following entry: Destination 0.0.0.0/0 target: igw-xxxxxxxx Ensure that the servers do not have Elastic IP addresses. Enable Enhanced Networking on the instances to control traffic flows. Put the servers in a private subnet.
752. A company is setting up a VPC peering connection between its VPC and a customer's VPC. The company VPC is an IPv4 CIDR block of 172.16.0.0/16, and the customer's is an IPv4 CIDR block of 10.0.0.0/16. The SysOps Administrator wants to be able to ping the customer's database private IP address from one of the company's Amazon EC2 instances.
What action should be taken to meet the requirements? Ensure that both accounts are linked and are part of consolidated billing to create a file sharing network, and then enable VPC peering. Ensure that both VPC owners manually add a route to the VPC route tables that points to the IP address range of the other VPC. Instruct the customer to set up a VPC with the same IPv4 CIDR block as that of the source VPC: 172.16.0.0/16. Instruct the customer to create a virtual private gateway to link the two VPCs.
755. A SysOps Administrator is responsible for maintaining an Amazon EC2 instance that acts as a bastion host. The Administrator can successfully connect to the instance using SSH, but attempts to ping the instance result in a timeout.
What is one reason for the issue? The instance does not have an Elastic IP address The instance has a security group that does not allow Internet Control Message Protocol (ICMP) traffic The instance is not set up in a VPC using AWS Direct Connect The instance is running in a peered VPC.
757. A SysOps Administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have logging enabled. The Administrator needs to investigate HTTP Layer 7 status codes from the web application.
Which log sources contain the status codes? (Choose two.) VPC Flow Logs AWS CloudTrail logs ALB access logs CloudFront access logs RDS logs.
760. An application running on Amazon EC2 needs login credentials to access a database. The login credentials are stored in AWS Systems Manager Parameter Store as secure string parameters.
What is the MOST secure way to grant the application access to the credentials? Create an IAM EC2 role for the EC2 instances and grant the role permission to read the Systems Manager parameters Create an IAM group for the application and grant the group permissions to read the Systems Manager parameters Create an IAM policy for the application and grant the policy permission to read the Systems Manager parameters Create an IAM user for the application and grant the user permission to read the Systems Manager parameters.
761. A SysOps Administrator is receiving alerts related to high CPU utilization of a Memcached-based Amazon ElastiCache cluster.
Which remediation steps should be taken to resolve this issue? (Choose two.) Add a larger Amazon EBS volume to the ElastiCache cluster nodes Add a load balancer to route traffic to the ElastiCache cluster Add additional worker nodes to the ElastiCache cluster Create an Auto Scaling group to the ElastiCache cluster Vertically scale the ElastiCache cluster by changing the node type.
762. A SysOps Administrator manages an Amazon RDS MySQL DB instance in production. The database is accessed by several applications. The Administrator needs to ensure minimal downtime of the applications in the event the database suffers a failure. This change must not impact customer use during regular business hours.
Which action will make the database MORE highly available? Contact AWS Support to pre-warm the database to ensure that it can handle any unexpected spikes in traffic Create a new Multi-AZ RDS DB instance. Migrate the data to the new DB instance and delete the old one Create a read replica from the existing database outside of business hours Modify the DB instance to outside of business hours be a Multi-AZ deployment.
764. A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an ELB Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.
Which condition should be used with the alarm? AWS/ApplicationELB HealthyHostCount <= 0 AWS/ApplicationELB UnhealthyHostCount >= 1 AWS/EC2 StatusCheckFailed <= 0 AWS/EC2 StatusCheckFailed >= 1.
765. A company has deployed a NAT instance to allow web servers to obtain software updates from the internet. There is high latency on the NAT instance as the network grows. A SysOps Administrator needs to reduce latency on the instance in a manner that is efficient, cost-effective, and allows for scaling with future demand.
Which action should be taken to accomplish this? Add a second NAT instance and place both instances behind a load balancer Convert the NAT instance to a larger instance size Replace the NAT instance with a NAT gateway Replace the NAT instance with a virtual private gateway.
766. A security researcher has published a new Common Vulnerabilities and Exposures (CVE) report that impacts a popular operating system. A SysOps Administrator is concerned with the new CVE report and wants to patch the company's systems immediately. The administrator contacts AWS Support and requests the patch be applied to all Amazon EC2 instances.
How will AWS respond to this request? AWS will apply the patch during the next maintenance window, and will provide the Administrator with a report of all patched EC2 instances. AWS will relaunch the EC2 instances with the latest version of the Amazon Machine Image (AMI), and will provide the Administrator with a report of all patched EC2 instances. AWS will research the vulnerability to see if the Administrator's operating system is impacted, and will patch the EC2 instances that are affected. AWS will review the shared responsibility model with the Administrator and advise them regarding how to patch the EC2 instances.
771. A company issued SSL certificates to its users, and needs to ensure the private keys that are used to sign the certificates are encrypted. The company needs to be able to store the private keys and perform cryptographic signing operations in a secure environment.
Which service should be used to meet these requirements? AWS CloudHSM AWS KMS AWS Certificate Manager Amazon Connect.
772. A SysOps Administrator is trying to set up an Amazon Route 53 domain name to route traffic to a website hosted on Amazon S3. The domain name of the website is www.anycompany.com and the S3 bucket name is anycompany-static. After the record set is set up in Route 53, the domain name www.anycompany.com does not seem to work, and the static website is not displayed in the browser.
Which of the following is a cause of this? The S3 bucket must be configured with Amazon CloudFront first The Route 53 record set must have an IAM role that allows access to the S3 bucket The Route 53 record set must be in the same region as the S3 bucket The S3 bucket name must match the record set name in Route 53.
774. A company wants to reduce costs across the entire company after discovering that several AWS accounts were using unauthorized services and incurring extremely high costs.
Which AWS service enables the company to reduce costs by controlling access to AWS services for all AWS accounts? AWS Cost Explorer AWS Config AWS Organizations AWS Budgets.
776. A company wants to increase the availability and durability of a critical business application. The application currently uses a MySQL database running on an Amazon EC2 instance. The company wants to minimize application changes.
How should the company meet these requirements? Shut down the EC2 instance. Enable multi-AZ replication within the EC2 instance, then restart the instance. Launch a secondary EC2 instance running MySQL. Configure a cron job that backs up the database on the primary EC2 instance and copies it to the secondary instance every 30 minutes. Migrate the database to an Amazon RDS Aurora DB instance and create a Read Replica in another Availability Zone. Create an Amazon RDS Microsoft SQL DB instance and enable multi-AZ replication. Back up the existing data and import it into the new database.
777. A SysOps Administrator has an AWS CloudFormation template of the company's existing infrastructure in us-west-2. The Administrator attempts to use the template to launch a new stack in eu-west-1, but the stack only partially deploys, receives an error message, and then rolls back.
Why would this template fail to deploy? (Choose two.) The template referenced an IAM user that is not available in eu-west-1 The template referenced an Amazon Machine Image (AMI) that is not available in eu-west-1 The template did not have the proper level of permissions to deploy the resources The template requested services that do not exist in eu-west-1 CloudFormation templates can be used only to update existing services.
778. A SysOps Administrator has been asked to configure user-defined cost allocation tags for a new AWS account. The company is using AWS Organizations for account management.
What should the Administrator do to enable user-defined cost allocation tags? Log in to the AWS Billing and Cost Management console of the new account, and use the Cost Allocation Tags manager to create the new user-defined cost allocation tags. Log in to the AWS Billing and Cost Management console of the payer account, and use Cost Allocation Tags manager to create the new user-defined cost allocation tags. Log in to the AWS Management Console of the new account, use the Tag Editor to create the new user-defined tags, then use the Cost Allocation Tags manager in the new account to mark the tags as cost allocation tags. Log in to the AWS Management Console of the new account, use the Tag Editor to create the new user-defined tags, then use the Cost Allocation Tags manager in the payer account to mark the tags as cost allocation tags.
779. A company developed and now runs a memory-intensive application on multiple Amazon EC2 Linux instances. The memory utilization metrics of the EC2 Linux instances must be monitored every minute.
How should the SysOps Administrator publish the memory metrics? (Choose two.) Enable detailed monitoring on the instance within Amazon CloudWatch Publish the memory metrics to Amazon CloudWatch Events Publish the memory metrics using the Amazon CloudWatch agent Publish the memory metrics using Amazon CloudWatch Logs Set metrics_collection_interval to 60 seconds.
780. A company is releasing a new static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded; however, upon navigating to the site, the following error message is received:
403 Forbidden - Access Denied
What change should be made to fix this error? Add a bucket policy that grants everyone read access to the bucket Add a bucket policy that grants everyone read access to the bucket objects Remove the default bucket policy that denies read access to the bucket Configure cross-origin resource sharing (CORS) on the bucket.
783. A VPC is connected to a company data center by a VPN. An Amazon EC2 instance with the IP address
172.31.16.139 is within a private subnet of the VPC. A SysOps Administrator issued a ping command to the EC2 instance from an on-premises computer with the IP address 203.0.113.12 and did not receive an acknowledgment.
What action will resolve the issue? Modify the EC2 security group rules to allow inbound traffic from the on-premises computer Modify the EC2 security group rules to allow outbound traffic to the on-premises computer Modify the VPC network ACL rules to allow inbound traffic from the on-premises computer Modify the VPC network ACL rules to allow outbound traffic to the on-premises computer.
785. A company uses federation to authenticate users and grant AWS permissions. The SysOps Administrator has been asked to determine who made a request to AWS Organizations for a new AWS account.
What should the Administrator review to determine who made the request? AWS CloudTrail for the federated identity user name AWS IAM Access Advisor for the federated user name AWS Organizations access log for the federated identity user name Federated identity provider logs for the user name.
786. A serverless application running on AWS Lambda is expected to receive a significant increase in traffic. A SysOps Administrator needs to ensure that the Lambda function is configured to scale so the application can process the increased traffic.
What should the Administrator do to accomplish this? Attach additional elastic network interfaces to the Lambda function Configure AWS Application Auto Scaling based on the Amazon CloudWatch Lambda metric for the number of invocations Ensure the concurrency limit for the Lambda function is higher than the expected simultaneous function executions Increase the memory available to the Lambda function.
788. An ecommerce site is using Amazon ElastiCache with Memcached to store session state for a web application and to cache frequently used data. For the last month, users have been complaining about performance. The metric data for the Amazon EC2 instances and the Amazon RDS instance appear normal, but the eviction count metrics are high.
What should be done to address this issue and improve performance? Scale the cluster by adding additional nodes Scale the cluster by adding read replicas Scale the cluster by increasing CPU capacity Scale the web layer by adding additional EC2 instances.
792. A company needs to have real-time access to image data while seamlessly maintaining a copy of the images in an offsite location.
Which AWS solution would allow access to the image data locally while also providing for disaster recovery? Create an AWS Storage Gateway volume gateway configured as a stored volume. Mount it from clients using Internet Small Computer System Interface (iSCSI). Mount an Amazon EFS volume on a local server. Share this volume with employees who need access to the images. Store the images in Amazon S3, and use AWS Data Pipeline to allow for caching of S3 data on local workstations. Use Amazon S3 for file storage, and enable S3 Transfer Acceleration to maintain a cache for frequently used files to increase local performance.
793. A SysOps Administrator needs to create a replica of a company's existing AWS infrastructure in a new AWS account. Currently, an AWS Service Catalog portfolio is used to create and manage resources.
What is the MOST efficient way to accomplish this? Create an AWS CloudFormation template to use the AWS Service Catalog portfolio in the new AWS account. Manually create an AWS Service Catalog portfolio in the new AWS account that duplicates the original portfolio. Run an AWS Lambda function to create a new AWS Service Catalog portfolio based on the output of the DescribePortfolio API operation. Share the AWS Service Catalog portfolio with the other AWS accounts and import the portfolio into the other AWS accounts.
795. An application is running on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are configured in an Amazon EC2 Auto Scaling group. A SysOps Administrator must configure the application to scale based on the number of incoming requests.
Which solution accomplishes this with the LEAST amount of effort? Use a simple scaling policy based on a custom metric that measures the average active requests of all EC2 instances Use a simple scaling policy based on the Auto Scaling group GroupDesiredCapacity metric Use a target tracking scaling policy based on the ALB's ActiveConnectionCount metric Use a target tracking scaling policy based on the ALB's RequestCountPerTarget metric.
798. The Security team at AnyCompany discovers that some employees have been using individual AWS accounts that are not under the control of AnyCompany. The team has requested that those individual accounts be linked to the central organization using AWS Organizations.
Which action should a SysOps Administrator take to accomplish this? Add each existing account to the central organization using AWS IAM. Create a new organization in each account and join them to the central organization. Log in to each existing account an add them to the central organization. Send each existing account an invitation from the central organization.
|
