3 Months Free Update
3 Months Free Update
3 Months Free Update
A company wants to reduce costs across the entire company after discovering that several AWS accounts were using unauthorized services and incurring extremely high costs.
Which AWS service enables the company to reduce costs by controlling access to AWS services for all AWS accounts?
A company has received a notification in its AWS Personal Health Dashboard that one of its Amazon EBS-backed Amazon EC2 instances is on hardware that is scheduled maintenance The instance runs a critical production workload that must be available during normal business hours
Which steps will ensure that the instance maintenance does not produce an outage?
A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an ELB Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.
Which condition should be used with the alarm?
A SysOps Administrator is running Amazon EC2 instances in multiple AWS Regions. The Administrator wants to aggregate the CPU utilization for all instances onto an Amazon CloudWatch dashboard. Each region should be present on the dashboard and represented by a single graph that contains the CPU utilization for all instances in that region.
How can the Administrator meet these requirements?
A fleet of servers must send local logs to Amazon CloudWatch.
How should the servers be configured to meet this requirement?
A company’s Information Security team has requested information on AWS environment compliance for Payment Card Industry (PCI) workloads. They have requested assistance in understanding what specific areas of the PCI standards are the responsibility of the company.
Which AWS tool will provide the necessary information?
A SysOps Administration team is supporting an applications that stores a configuration file in an Amazon S3 bucket Previous revisions of the configuration file must be maintained for change control and rollback
How should the S3 bucket be configured to meet these requirements?
Website users report that an application's pages are loading slowly at the beginning of the workday The application runs on Amazon EC2 instances and data is stored in an Amazon RDS database The SysOps Administrator suspects the issue is related to high CPU usage on a component of this application
How can the Administrator find out which component is causing the performance bottleneck?
A SysOps Administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented stncl IP whitelisting that requires all build uploads to come from a single IP address.
What change should the Systems Administrator make to the existing build fleet to comply with this new requirement?
A company uses LDAP-based credentials and Has a Security Assertion Markup Language (SAML) 2.0 identity provider. A SysOps administrator has configured various federated roles in a new AWS account to provide AWS Management Console access for groups of users that use the existing LDAP-Based credentials. Several groups want to use the AWS CLI on their workstations to automate daily tasks. To enable them to do so, the SysOps administrator has created an application that authenticates a user and generates a SAML assertion.
Which API call should be used to retrieve credentials for federated programmatic access?
A company is running critical applications on Amazon EC2 instances. The company needs to ensure its resources are automatically recovered if they become impaired due to an underlying hardware failure.
Which service can be used to monitor and recover the EC2 instances?
An organization has developed a new memory-intensive application that is deployed to a large Amazon EC2 Linux fleet. There is concern about potential memory exhaustion, so the Development team wants to monitor memory usage by using Amazon CloudWatch.
What is the MOST efficient way to accomplish this goal?
A security researcher has published a new Common Vulnerabilities and Exposures (CVE) report that impacts a popular operating system A SysOps Administrator is concerned with the new CVE report and wants to patch the company's systems immediately The Administrator contacts AWS Support and requests the patch be applied to all Amazon EC2 instances
How will AWS respond to this request?
A SysOps Administrator is deploying a legacy web application on AWS. The application has four Amazon EC2 instances behind Classic Load Balancer and stores data in an Amazon RDS instance. The legacy application has known vulnerabilities to SQL injection attacks, but the application code is no longer available to update.
What cost-effective configuration change should the Administrator make to migrate the risk of SQL injection attacks?
A web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. Amazon Route 53 is used for DNS and points to the load balancer. A SysOps Administrator has launched a new Auto Scaling group with a new version of the application, and wants to gradually shift traffic to the new version.
How can this be accomplished?
A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only All traffic must be over the AWS private network What actions should the SysOps Administrator take to meet these requirements?
A company has enabled AWS CloudTrail to monitor all actions across its AWS infrastructure The company would now like to add functionality to validate the file integrity of the collected AWS CloudTrail logs
How should the SysOps Administrator implement this requirement?
A company is storing monthly reports on Amazon S3. The company’s security requirement states that traffic from the client VPC to Amazon S3 cannot traverse the internet.
What should the SysOps Administrator do to meet this requirement?
An application is running on an Amazon EC2 instance. A SysOps Administrator is tasked with allowing the application access to an Amazon S3 bucket.
What should be done to ensure optimal security?
A company has a sales department and a marketing department. The company uses one AWS account. There Is a need to determine what charges are incurred on the AWS platform by each department. There is also a need to receive notifications when a specified cost level is approached or exceeded.
Which actions must a SysOps administrator take to achieve both requirements with the LEAST amount of administrative overhead? (Select TWO.)
A company is using AWS Storage Gateway to create block storage volumes and mount them as Internet Small Computer Systems Interlace (iSCSI) devices from on-premise! servers As the Storage Gateway has taken on several new projects some of the Development teams report that the performance of the iSCSI drives has degraded. When checking the Amazon CloudWatch metrics a SysOps Administrator notices that the cachePercentUsed metric is below 60% and the cachePercentUsed metric is above 90%.
What steps should the Administrator take to increase Storage Gateway performance?
A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin After a week of monitoring the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load.
What are possible causes tor this problem? (Select TWO.)
A SysOps Administrator needs to monitor all the object upload and download activity of a single Amazon S3 bucket. Monitoring most include tracking the AWS account of the catier, the IAM user role of the caller, the time of the API call, and the IP address of the API.
Where can the administrator find this information?
A sysops administrator is creating two AWS Cloud Formation templates The first template will create a VPC with associated resources, such as subnets, route tables, and an internet gateway The second template will deploy application resources within the VPC that was created by the first template The second template should refer to the resources created by the first template
How can this be accomplished with the LEAST amount of administrative effort?
A SysOps Administrator must secure AWS CloudTrail logs. The Security team is concerned that an employee may modify or attempt to delete CloudTrail log files from its Amazon S3 bucket.
Which practices ensure that the log files are available and unaltered? (Choose two.)
A chief financial officer has asked for a breakdown of costs per project in a single AWS account using cost explorer.
Which combination of options should be set to accomplish this? (Select two)
A SysOps Administrator is responsible for a large fleet of EC2 instances and must know whether any
instances will be affected by upcoming hardware maintenance.
Which option would provide this information with the LEAST administrative overhead?
The Security team has decided that there will be no public internet access to HTTP (TCP port 80) because if it is moving to HTTPS for all incoming web traffic. The team has asked a SysOps Administrator to provide a report on any security groups that are not compliant.
What should the SysOps Administrator do to provide near real-time compliance reporting?
A company's application infrastructure was deployed using AWS CloudFormation and is composed of Amazon EC2 instances behind an Application Load Balancer. The instances run an EC2 Auto Scaling group across multiple Availability Zones. When releasing a new version of the application, the update deployment must avoid DNS changes and allow rollback.
Which solution should a sysops administrator use to meet the deployment requirements for this new release?
A company needs to have real-time access to image data while seamlessly maintaining a copy of the images in an offsite location Which AWS solution would allow access to the image data locally while also providing for disaster recovery?
A company has an application that is running on an EC2 instance in one Availability Zone. A sysops administrator has been tasked with making the application highly available The administrator created a launch configuration from the running EC2 instance The administrator also properly configured a load balancer.
What step should the administrator complete next to make the application highly available?
The Security team at AnyCompany discovers that some employees have been using individual AWS accounts that are not under the control of AnyCompany. The team has requested that those individual accounts be linked to the central organization using AWS Organizations.
Which action should a SysOps Administrator take to accomplish this?
A sysops administrator is trying to identify why putObject calls are not being made from an Amazon EC2 instance to an Amazon S3 bucket in the same region. The instance is launched in a subnet with CIDR range 10.0.1.0/24 and Auto-assign Public IP’ set to “yes”. The instance profile tied to this instance has ‘AmazonS3FullAccess” Policy.
Security group rules for the instance:
Based on the information provided, what is causing the lack of access to S3 from the instance?
A sysops administrator manages an AWS CloudFormation templates that provisions Amazon EC2 instances, an Elastic Load Balancer, and Amazon RDS instances. As part of an ongoing transformation project CloudFormation stacks are being created and deleted continuously. The administrator needs to ensure that the RDS instances continue running after a stack has been deleted.
Which action should be taken to meet these requirements?
Company issued SSL certificates to its users, and needs to ensure the private keys that are used to sign the certificates are encrypted. The company needs to be able to store the private and perform cryptographic signing operations in a secure environment.
Which service should be used to meet these requirements?
A SysOps administrator set up an Amazon ElastiCache for Memcached cluster for an application During testing, the application expenences increased latency. Amazon CloudWatch metrics (or the Memcached cluster show CPUUtilization is consistently above 95% and FreeableMemory is consistently under 1 MB.
Which aclion will solve the problem?
A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.
How should the Administrator ensure that this is done?
A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance
Which of the following are possible causes of this issue? (Select TWO.)
A company is operating a multi-account environment under a single organization using AWS Organizations. The Security team discovers that some employees are using AWS services in ways that violate company policies. A SysOps Administrator needs to prevent all users of an account, including the root user, from performing certain restricted actions.
What should be done to accomplish this?
An application resides on multiple EC2 instances in public subnets in two Availability Zones. To improve security, the Information Security team has deployed an Application Load Balancer (ALB) in separate subnets and pointed the DNS at the ALB instead of the EC2 instances.
After the change, traffic is not reaching the instances, and an error is being returned from the ALB.
What steps must a SysOps Administrator take to resolve this issue and improve the security of the application? (Select TWO.)
A company uses AWS CloudFormation to deploy its application infrastructure. Recently, a user accidentally changed a property of a database in a CloudFormation template and performed a stack update that caused an interruption to the application. A SysOps Administrator must determine how to modify the deployment process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.
Which solution will meet these requirements?
A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability tor an on-premises website. The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns 2xx or 3xx HTTP codes. AH other traffic should be directed to the secondary passive server. The failover record type, set ID, and routing policy have been set appropriately for both primary and secondary servers.
Which next step should be taken to configure Route 53?
A company’s website went down for several hours. The root cause was a full disk on one of the company’s Amazon EC2 instances.
Which steps should the SysOps Administrator take to prevent this from happening in this future?
A SysOps Administrator must find a way to set up alerts when Amazon EC2 service limits are close to being reached.
How can the Administrator achieve this requirement?
A popular auctioning platform requires near-real-time access to dynamic bidding information The platform must be available at all times The current Amazon RDS instance often reaches 100% CPU utilization during peak bidding sessions and can no longer be resized. To improve application performance, a SysOps Administrator is evaluating Amazon ElastiCache and has chosen Redis over Memcached
What advantages will this solution provide? (Select TWO )
A SySOps Administrator has created a new Amazon S3 bucket named mybucket for the Operations team. Members of the team are part of an IAM group to which the following IAM policy has been assigned.
Which of the following actions will be allowed on the bucket? (Select TWO.)
A SysOps administrator maintains several Amazon EC2 instances that do not have access to the public internet. To patch operating systems, the instances should not be reachable from the Public internet.
The administrator deploys a NAT instance, updates the security groups, and configures the appropriate routes within the route table. However, the instances are still unable to reach the internet.
What should be done to resolve the issue?
A company has deployed a fleet of Amazon EC2 web servers for the upcoming release of a new product. The SysOps Administrator needs to test the Amazon CloudWatch notification settings for this deployment to ensure that a notification is sent using Amazon SNS if the CPU utilization of an EC2 instance exceeds 70%.
How should the Administrator accomplish this?
A company wants to icrease the availability and vulnerability of a critical business application. The appliation currently ueses a MySQL database running on an Amazon EC2 instance. The company wants to minimize application changes.
How should the company these requirements?
A SysOps Administrator must take a team’s single existing AWS CloudFormation template and split it into
smaller, service-specific templates. All of the services in the template reference a single, shared Amazon S3 bucket.
What should the Administrator do to ensure that this S3 bucket can be referenced by all the service
templates?
A company is concerned about a security vulnerability impacting its Linux operating system.
What should the SysOps Administrator do to alleviate this concern?
A SysOps Administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC, the Administrator is unable to connect to any of the domains that reside on the internet.
What additional route destination rule should the Administrator add to the route tables?
A company's IT department noticed an increase in the spend of their Developer AWS account. There are over 50 Developers using the account and the Finance Tram wants to determine the service costs incurred by each Developer.
What should a SysOps Administrator do to collect this information? (Select TWO)
An organization stores sensitive customer information in S3 buckets protected by bucket policies. Recently, there have been reports that unauthorized entities within the company have been trying to access the data on those S3 buckets. The chief information security officer (CISO) would like to know which buckets are being targeted and determine who is responsible for trying to access that information.
Which steps should a SysOps administrator take to meet the CISO's requirement? (Select TWO.)
A company has several accounts between different teams and wants to increase its auditing and compliance capabilities The accounts are managed through AWS Organizations. Management wants to provide the security team with secure access to the account logs while also restricting the possibility for the logs to be modified.
How can a sysops administrator achieve this is with the LEAST amount of operational overhead?
A company wants to increase the availability and durability of a critical business application. The application currently uses a MySQL database running on an Amazon EC2 instance. The company wants to minimize application changes.
How should the company meet these requirements?
A SysOps Administrate is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company All data must be encrypted at rest
How should the Administrate implement this process?
A company with dozens of AWS accounts wants to ensure that governance rules are being applied across all accounts. The CIO has recommended that AWS Config rules be deployed using an AWS Cloud Formation template.
How should this be accomplished?
A SysOps Administrator has an AWS CloudFormation template of the company’s existing infrastructure in us-west-2. The Administrator attempts to use the template to launch a new stack in eu-west-1, but the stack only partially deploys, receives an error message, and then rolls back.
Why would this template fail to deploy? (Choose two.)
The Chief Financial Officer (CFO) of an organization has seen a spike in Amazon S3 storage costs over the last few months A sysops administrator suspects that these costs are related to storage for older versions of S3 objects from one of its S3 buckets
What can the administrator do to confirm this suspicion1?
Application developers are reporting Access Denied errors when trying to list the contents of an Amazon S3 bucket by using the IAM user “arn:aws:iam::111111111111:user/application”. The following S3 bucket policy is in use:
How should a SysOps Administrator modify the S3 bucket policy to fix the issue?
A company has a web application that is experiencing performance problems many times each night. A root cause analysis reveals spikes in CPU utilization that last 5 minutes on an Amazon EC2 Linux instance. A SysOps administrator is tasked with finding the process ID (PID) of the service or process that is consuming more CPU.
How can the administrator accomplish this with the LEAST amount of effort?
A company needs to migrate an on-premises asymmetric key management system into AWS.
Which AWS service should be used to accomplish this?
Development teams are maintaining several workloads on AWS. Company management is concerned about rising costs and wants the SysOps Administrator to configure alerts so teams are notified when spending approaches preset limits.
Which AWS service will satisfy these requirements?
A company runs a web application that users access using the domain name www example com The company manages the domain name using Amazon Route 53 The company created an Amazon CloudFront distribution in front of the application and would like www example com to access the application through CloudFront
What is the MOST cost-effective way to achieve this?
A company wants to identify specific Amazon EC2 instances that ate underutilized and the estimated cost savings for each instance How can this be done with MINIMAL effort?
A company’s use of AWS Cloud services is quickly growing, so a SysOps Administrator has been asked to generate details of daily spending to share with management.
Which method should the Administrator choose to produce this data?
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba41fc, and it is actively used by 10 Amazon EC2 hosts. The organization has become concerned that the file system is not encrypted?
How can this be resolved?
A SysOps Administrator must remove public IP addresses from all Amazon EC2 Instances to prevent exposure to the internet. However, many corporate applications running on those EC2 instances need to access Amazon S3 buckets. The administrator is tasked with allowing the EC2 instances to continue to access the S3 buckets.
Which solutions can be used? (Select Two).
When the AWS Cloud infrastructure experiences an event that may impact an organization, which AWS service can be used to see which of the organization’s resources are affected?
A SysOps Administrator needs to control access to groups of Amazon EC2 instances. Specific tags on the EC2 instances have already been added. Which additional actions should the Administrator take to control access? (Select TWO)
A VPC is connected to a company data center by a VPN. An Amazon EC2 instance with the IP address 172.31.16.139 is within a private subnet of the VPC. A SysOps Administrator issued a ping command to the EC2 instance from an on-premises computer with the IP address 203.0.113.12 and did not receive an acknowledgment. VPC Flow Logs were enabled and showed the following:
What action will resolve the issue?
A company has multiple AWS accounts. The company uses AWS Organizations with an organizational unit (OU) tor the production account and another OU for the development account. Corporate policies state that developers may use only approved AWS services in the production account.
What is the MOST operationally efficient solution to control the production account?