DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

100% Pass Cisco, PMP, CISA, CISM, AWS Practice test on SALE!

Pass the AWS Exam Easily with Updated SOA-C02 Practice Questions

The advantages of SPOTO AWS SOA-C02 exam questions are manifold for aspiring AWS Certified SysOps Administrator - Associate professionals. These exam questions and answers are meticulously crafted to simulate real test scenarios, providing a comprehensive understanding of the exam's structure and content. SPOTO's test questions cover a wide range of topics crucial for success, including AWS services, deployment strategies, monitoring, and troubleshooting. By utilizing SPOTO's exam questions, candidates can enhance their exam preparation significantly. The study materials provided are up-to-date and aligned with the latest AWS standards, ensuring that candidates are well-equipped to tackle the challenges of the certification exam. Additionally, SPOTO offers valuable exam resources such as practice labs and video tutorials to further enhance learning outcomes. Successfully passing the AWS SOA-C02 exam with SPOTO's resources not only validates one's expertise in AWS operations but also opens doors to exciting career opportunities in cloud computing. The inclusion of mock exams allows candidates to gauge their readiness and refine their skills, ultimately leading to a confident and successful exam performance.
Take other online exams
Question #1
An AWS Lambda function is intermittently failing several times a day. A SysOps administrator must find out how often this error has occurred in the last 7 days.Which action will meet this requirement in the MOST operationally efficient manner?
A. se Amazon Athena to query the Amazon CloudWatch logs that are associated with the Lambda function
B. se Amazon Athena to query the AWS CloudTrail logs that are associated with the Lambda function
C. se Amazon CloudWatch Logs Insights to query the associated Lambda function logs
D. se Amazon OpenSearch Service (Amazon Elasticsearch Service) to stream the Amazon CloudWatch logs for the Lambda function
View answer
Correct Answer: C
Question #2
A company uses AWS Organizations. A SysOps administrator wants to use AWS Compute Optimizer and AWS tag policies in the management account to govern all member accounts in the billing family. The SysOps administrator navigates to the AWS Organizations console but cannot activate tag policies through the management account.What could be the reason for this issue?
A. ll features have not been enabled in the organization
B. onsolidated billing has not been enabled
C. he member accounts do not have tags enabled for cost allocation
D. he member accounts have not manually enabled trusted access for Compute Optimizer
View answer
Correct Answer: A
Question #3
A company’s reporting job that used to run in 15 minutes is now taking an hour to run. An application generates the reports. The application runs on Amazon EC2 instances and extracts data from an Amazon RDS for MySQL database.A SysOps administrator checks the Amazon CloudWatch dashboard for the RDS instance and notices that the Read IOPS metrics are high, even when the reports are not running. The SysOps administrator needs to improve the performance and the availability of the RDS instance.Which solution w
A. onfigure an Amazon ElastiCache cluster in front of the RDS instance
B. eploy an RDS read replica
C. reate an Amazon CloudFront distribution
D. ncrease the size of the RDS instance
View answer
Correct Answer: B
Question #4
A new website will run on Amazon EC2 instances behind an Application Load Balancer. Amazon Route 53 will be used to manage DNS records.What type of record should be set in Route 53 to point the website's apex domain name (for example, `company.com`) to the Application Load Balancer?
A. NAME
B. OA
C. XT
D. LIAS
View answer
Correct Answer: D
Question #5
A user working in the Amazon EC2 console increased the size of an Amazon Elastic Block Store (Amazon EBS) volume attached to an Amazon EC2 Windows instance. The change is not reflected in the file system.What should a SysOps administrator do to resolve this issue?
A. xtend the file system with operating system-level tools to use the new storage capacity
B. eattach the EBS volume to the EC2 instance
C. eboot the EC2 instance that is attached to the EBS volume
D. ake a snapshot of the EBS volume
View answer
Correct Answer: A
Question #6
A company has a public website that recently experienced problems. Some links led to missing webpages, and other links rendered incorrect webpages. The application infrastructure was running properly, and all the provisioned resources were healthy. Application logs and dashboards did not show any errors, and no monitoring alarms were raised. Systems administrators were not aware of any problems until end users reported the issues.The company needs to proactively monitor the website for such issues in the fu
A. ewrite the application to surface a custom error to the application log when issues occur
B. reate an AWS Lambda function to test the website
C. reate an Amazon CloudWatch Synthetics canary
D. n the Amazon CloudWatch console, turn on Application Insights
View answer
Correct Answer: C
Question #7
A company needs to deploy a new workload on AWS. The company must encrypt all data at rest and must rotate the encryption keys once each year. The workload uses an Amazon RDS for MySQL Multi-AZ database for data storage.Which configuration approach will meet these requirements?
A. nable Transparent Data Encryption (TDE) in the MySQL configuration file
B. nable RDS encryption on the database at creation time by using the AWS managed key for Amazon RDS
C. reate a new AWS Key Management Service (AWS KMS) customer managed key
D. reate a new AWS Key Management Service (AWS KMS) customer managed key
View answer
Correct Answer: C
Question #8
A company wants to collect data from an application to use for analytics. For the first 90 days, the data will be infrequently accessed but must remain highly available. During this time, the company’s analytics team requires access to the data in milliseconds. However, after 90 days, the company must retain the data for the long term at a lower cost. The retrieval time after 90 days must be less than 5 hours.Which solution will meet these requirements MOST cost-effectively?
A. tore the data in S3 Standard-Infrequent Access (S3 Standard-IA) for the first 90 days
B. tore the data in S3 One Zone-Infrequent Access (S3 One Zone-IA) for the first 90 days
C. tore the data in S3 Standard for the first 90 days
D. tore the data in S3 Standard for the first 90 days
View answer
Correct Answer: A
Question #9
A SysOps administrator is reviewing VPC Flow Logs to troubleshoot connectivity issues in a VPC. While reviewing the logs, the SysOps administrator notices that rejected traffic is not listed.What should the SysOps administrator do to ensure that all traffic is logged?
A. reate a new flow log that has a filter setting to capture all traffic
B. reate a new flow log
C. dit the existing flow log
D. dit the existing flow log
View answer
Correct Answer: A
Question #10
A company wants to archive sensitive data on Amazon S3 Glacier. The company’s regulatory and compliance requirements do not allow any modifications to the data by any account.Which solution meets these requirements?
A. ttach a vault lock policy to an S3 Glacier vault that contains the archived data
B. ttach a vault lock policy to an S3 Glacier vault that contains the archived data
C. onfigure S3 Object Lock in governance mode
D. onfigure S3 Object Lock in governance mode
View answer
Correct Answer: B
Question #11
A global gaming company is preparing to launch a new game on AWS. The game runs in multiple AWS Regions on a fleet of Amazon EC2 instances. The instances are in an Auto Scaling group behind an Application Load Balancer (ALB) in each Region. The company plans to use Amazon Route 53 for DNS services. The DNS configuration must direct users to the Region that is closest to them and must provide automated failover.Which combination of steps should a SysOps administrator take to configure Route 53 to meet these
A. reate a simple scaling policy with settings to make larger adjustments in capacity when the system is under heavy load
B. reate a step scaling policy with settings to make larger adjustments in capacity when the system is under heavy load
C. reate a target tracking scaling policy with settings to make larger adjustments in capacity when the system is under heavy load
D. se Amazon EC2 Auto Scaling lifecycle hooks
View answer
Correct Answer: AD
Question #12
A SysOps administrator is using Amazon EC2 instances to host an application. The SysOps administrator needs to grant permissions for the application to access an Amazon DynamoDB table.Which solution will meet this requirement?
A. reate access keys to access the DynamoDB table
B. reate an EC2 key pair to access the DynamoDB table
C. reate an IAM user to access the DynamoDB table
D. reate an IAM role to access the DynamoDB table
View answer
Correct Answer: D
Question #13
An application runs on Amazon EC2 instances in an Auto Scaling group. Following the deployment of a new feature on the EC2 instances, some instances were marked as unhealthy and then replaced by the Auto Scaling group. The EC2 instances terminated before a SysOps administrator could determine the cause of the health status changes. To troubleshoot this issue, the SysOps administrator wants to ensure that an AWS Lambda function is invoked in this situation.How should the SysOps administrator meet these requi
A. ctivate the instance scale-in protection setting for the Auto Scaling group
B. ctivate the instance scale-in protection setting for the Auto Scaling group
C. dd a lifecycle hook to the Auto Scaling group to invoke the Lambda function through Amazon EventBridge (Amazon CloudWatch Events)
D. dd a lifecycle hook to the Auto Scaling group to invoke the Lambda function through Amazon Route 53
View answer
Correct Answer: C
Question #14
A SysOps administrator is designing a solution for an Amazon RDS for PostgreSQL DB instance. Database credentials must be stored and rotated monthly. The applications that connect to the DB instance send write-intensive traffic with variable client connections that sometimes increase significantly in a short period of time.Which solution should a SysOps administrator choose to meet these requirements?
A. onfigure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance
B. onfigure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance
C. onfigure AWS Secrets Manager to automatically rotate the credentials for the DB instance
D. onfigure AWS Secrets Manager to automatically rotate the credentials for the DB instance
View answer
Correct Answer: C
Question #15
A company is hosting applications on Amazon EC2 instances. The company is hosting a database on an Amazon RDS for PostgreSQL DB instance. The company requires all connections to the DB instance to be encrypted.What should a SysOps administrator do to meet this requirement?
A. llow SSL connections to the database by using an inbound security group rule
B. ncrypt the database by using an AWS Key Management Service (AWS KMS) encryption key
C. nforce SSL connections to the database by using a custom parameter group
D. atch the database with SSL/TLS by using a custom PostgreSQL extension
View answer
Correct Answer: C
Question #16
A company uses an AWS CloudFormation template to provision an Amazon EC2 instance and an Amazon RDS DB instance. A SysOps administrator must update the template to ensure that the DB instance is created before the EC2 instance is launched.What should the SysOps administrator do to meet this requirement?
A. dd a wait condition to the template
B. dd the DependsOn attribute to the EC2 instance resource, and provide the logical name of the RDS resource
C. hange the order of the resources in the template so that the RDS resource is listed before the EC2 instance resource
D. reate multiple templates
View answer
Correct Answer: B
Question #17
A company’s web application is available through an Amazon CloudFront distribution and directly through an internet-facing Application Load Balancer (ALB). A SysOps administrator must make the application accessible only through the CloudFront distribution and not directly through the ALB. The SysOps administrator must make this change without changing the application code.Which solution will meet these requirements?
A. odify the ALB type to internal
B. reate a Lambda@Edge function
C. eplace the ALB with a new internal ALB
D. dd a custom HTTP header to the origin settings for the distribution
View answer
Correct Answer: D
Question #18
A company wants to use only IPv6 for all its Amazon EC2 instances. The EC2 instances must not be accessible from the internet, but the EC2 instances must be able to access the internet. The company creates a dual-stack VPC and IPv6-only subnets.How should a SysOps administrator configure the VPC to meet these requirements?
A. reate and attach a NAT gateway
B. reate and attach an internet gateway
C. reate and attach an egress-only internet gateway
D. reate and attach an internet gateway and a NAT gateway
View answer
Correct Answer: C
Question #19
A SysOps administrator maintains the security and compliance of a company's AWS account. To ensure the company's Amazon EC2 instances are following company policy, a SysOps administrator wants to terminate any EC2 instance that do not contain a department tag. Noncompliant resources must be terminated in near-real time.Which solution will meet these requirements?
A. reate an AWS Config rule with the required-tags managed rule to identify noncompliant resources
B. reate a new Amazon EventBridge (Amazon CloudWatch Events) rule to monitor when new EC2 instances are created
C. nsure all users who can create EC2 instances also have the permissions to use the ec2:CreateTags and ec2:DescribeTags actions
D. nsure AWS Systems Manager Compliance is configured to manage the EC2 instances
View answer
Correct Answer: A
Question #20
A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file.What is the MOST operationally efficient solution that meets these requirements?
A. reate an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered
B. reate an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket
C. nable the CloudTrail file integrity feature on an Amazon S3 bucket
D. nable the CloudTrail file integrity feature on the trail
View answer
Correct Answer: D
Question #21
A SysOps administrator is troubleshooting an AWS CloudFormation template whereby multiple Amazon EC2 instances are being created. The template is working in us-east-1, but it is failing in us-west-2 with the error code:AMI [ami-12345678] does not existHow should the Administrator ensure that the AWS CloudFormation template is working in every region?
A. opy the source region's Amazon Machine Image (AMI) to the destination region and assign it the same ID
B. dit the AWS CloudFormation template to specify the region code as part of the fully qualified AMI ID
C. dit the AWS CloudFormation template to offer a drop-down list of all AMIs to the user by using the AWS::EC2::AMI::ImageID control
D. odify the AWS CloudFormation template by including the AMI IDs in the Mappings section
View answer
Correct Answer: D
Question #22
A company is implementing security and compliance by using AWS Trusted Advisor. The company's SysOps team is validating the list of Trusted Advisor checks that it can access.Which factor will affect the quantity of available Trusted Advisor checks?
A. hether at least one Amazon EC2 instance is in the running state
B. he AWS Support plan
C. n AWS Organizations service control policy (SCP)
D. hether the AWS account root user has multi-factor authentication (MFA) enabled
View answer
Correct Answer: B
Question #23
A software development company has multiple developers who work on the same product. Each developer must have their own development environments, and these development environments must be identical. Each development environment consists of Amazon EC2 instances and an Amazon RDS DB instance. The development environments should be created only when necessary, and they must be terminated each night to minimize costs.What is the MOST operationally efficient solution that meets these requirements?
A. rovide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessary
B. rovide developers with access to the same AWS CloudFormation template so that they can provision their development environment when necessary
C. rovide developers with CLI commands so that they can provision their own development environment when necessary
D. rovide developers with CLI commands so that they can provision their own development environment when necessary
View answer
Correct Answer: B
Question #24
A company creates a new member account by using AWS Organizations. A SysOps administrator needs to add AWS Business Support to the new account.Which combination of steps must the SysOps administrator take to meet this requirement? (Choose two.)
A. nter the DB instance connection string into the VPC1 route table
B. onfigure VPC peering between the two VPCs
C. dd the same IPv4 CIDR range for both VPCs
D. onnect to the DB instance by using the DB instance’s public IP address
View answer
Correct Answer: BD
Question #25
A company is storing backups in an Amazon S3 bucket. The backups must not be deleted for at least 3 months after the backups are created.What should a SysOps administrator do to meet this requirement?
A. onfigure an IAM policy that denies the s3:DeleteObject action for all users
B. nable S3 Object Lock on a new S3 bucket in compliance mode
C. nable S3 Versioning on the existing S3 bucket
D. nable S3 Object Lock on a new S3 bucket in governance mode
View answer
Correct Answer: B
Question #26
A SysOps administrator receives an alert from Amazon GuardDuty about suspicious network activity on an Amazon EC2 instance. The GuardDuty finding lists a new external IP address as a traffic destination. The SysOps administrator does not recognize the external IP address. The SysOps administrator must block traffic to the external IP address that GuardDuty identified.Which solution will meet this requirement?
A. reate a new security group to block traffic to the external IP address
B. se VPC flow logs with Amazon Athena to block traffic to the external IP address
C. reate a network ACL
D. reate a new security group to block traffic to the external IP address
View answer
Correct Answer: C
Question #27
A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company uses Amazon Route 53 to route traffic.The company also has a static website that is configured in an Amazon S3 bucket.A SysOps administrator must use the static website as a backup to the web application. The failover to the static website must be fully automated.Which combination of actions will meet these requirements? (Choose two.)
A. reate an AWS Config rule to discover sensitive personal information in the S3 files and mark them as noncompliant
B. reate an S3 event-driven artificial intelligence/machine learning (AI/ML) pipeline to classify sensitive personal information by using Amazon Rekognition
C. nable Amazon GuardDuty
D. nable Amazon Macie
View answer
Correct Answer: CD
Question #28
A SysOps administrator needs to automate the invocation of an AWS Lambda function. The Lambda function must run at the end of each day to generate a report on data that is stored in an Amazon S3 bucket.What is the MOST operationally efficient solution that meets these requirements?
A. reate an Amazon EventBridge (Amazon CloudWatch Events) rule that has an event pattern for Amazon S3 and the Lambda function as a target
B. reate an Amazon EventBridge (Amazon CloudWatch Events) rule that has a schedule and the Lambda function as a target
C. reate an S3 event notification to invoke the Lambda function whenever objects change in the S3 bucket
D. eploy an Amazon EC2 instance with a cron job to invoke the Lambda function
View answer
Correct Answer: B
Question #29
A SysOps administrator is responsible for managing a company's cloud infrastructure with AWS CloudFormation. The SysOps administrator needs to create a single resource that consists of multiple AWS services. The resource must support creation and deletion through the CloudFormation console.Which CloudFormation resource type should the SysOps administrator create to meet these requirements?
A. WS::EC2::Instance with a cfn-init helper script
B. WS::OpsWorks::Instance
C. WS::SSM::Document
D. ustom::MyCustomType
View answer
Correct Answer: D
Question #30
A compliance team requires all administrator passwords for Amazon RDS DB instances to be changed at least annually.Which solution meets this requirement in the MOST operationally efficient manner?
A. tore the database credentials in AWS Secrets Manager
B. tore the database credentials as a parameter in the RDS parameter group
C. tore the database credentials in a private Amazon S3 bucket
D. tore the database credentials in AWS Systems Manager Parameter Store as a secure string parameter
View answer
Correct Answer: A
Question #31
A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations.Which solution will meet this requirement?
A. onfigure Amazon Cognito to detect any compromised IAM credentials
B. et up Amazon Inspector
C. et up AWS Config
D. onfigure Amazon GuardDuty to monitor the UnauthorizedAccess:IAMUser/ConsoleLoginSuccess
View answer
Correct Answer: D
Question #32
A company needs to ensure strict adherence to a budget for 25 applications deployed on AWS. Separate teams are responsible for storage, compute, and database costs. A SysOps administrator must implement an automated solution to alert each team when their projected spend will exceed a quarterly amount that has been set by the finance department. The solution cannot incur additional compute, storage, or database costs.Which solution will meet these requirements?
A. onfigure AWS Cost and Usage Reports to send a daily report to an Amazon S3 bucket
B. onfigure AWS Cost and Usage Reports to send a daily report to an Amazon S3 bucket
C. se AWS Budgets to create one cost budget and select each of the services in use
D. se AWS Budgets to create a cost budget for each team, filtering by the services they own
View answer
Correct Answer: D
Question #33
A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service.The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east-1 Region. The web portal must be highly available across multiple Regions.Which configuration will meet these requirements?
A. eploy a copy of the stack in the us-west-2 Region
B. eploy a copy of the stack in the us-west-2 Region
C. eploy a new group of EC2 instances in the us-west-2 Region
D. eploy a new group of EC2 instances in the us-west-2 Region
View answer
Correct Answer: B
Question #34
A company hosts its website in the us-east-1 Region. The company is preparing to deploy its website into the eu-central-1 Region. Website visitors who are located in Europe should access the website that is hosted in eu-central-1. All other visitors access the website that is hosted in us-east-1. The company uses Amazon Route 53 to manage the website’s DNS records.Which routing policy should a SysOps administrator apply to the Route 53 record set to meet these requirements?
A. eolocation routing policy
B. eoproximity routing policy
C. atency routing policy
D. ultivalue answer routing policy
View answer
Correct Answer: A
Question #35
A team of on-call engineers frequently needs to connect to Amazon EC2 instances in a private subnet to troubleshoot and run commands. The instances use either the latest AWS-provided Windows Amazon Machine Images (AMIs) or Amazon Linux AMIs.The team has an existing 1AM role for authorization. A SysOps administrator must provide the team with access to the instances by granting IAM permissions to this role.Which solution will meet this requirement?
A. dd a statement to the 1AM role policy to allow the ssm:StartSession action on the instances
B. ssociate an Elastic IP address and a security group with each instance
C. reate a bastion host with an EC2 instance, and associate the bastion host with the VP Add a statement to the 1AM role policy to allow the ec2:CreateVpnConnection action on the bastion host
D. reate an internet-facing Network Load Balancer
View answer
Correct Answer: A
Question #36
A SysOps administrator receives an alert from Amazon GuardDuty about suspicious network activity on an Amazon EC2 instance. The GuardDuty finding lists a new external IP address as a traffic destination. The SysOps administrator does not recognize the external IP address. The SysOps administrator must block traffic to the external IP address that GuardDuty identified.Which solution will meet this requirement?
A. reate a new security group to block traffic to the external IP address
B. se VPC flow logs with Amazon Athena to block traffic to the external IP address
C. reate a network ACL
D. reate a new security group to block traffic to the external IP address
View answer
Correct Answer: C
Question #37
A company needs to upload gigabytes of files every day. The company need to achieve higher throughput and upload speeds to Amazon S3.Which action should a SysOps administrator take to meet this requirement?
A. reate an Amazon CloudFront distribution with the GET HTTP method allowed and the S3 bucket as an origin
B. reate an Amazon ElastiCache cluster and enable caching for the S3 bucket
C. et up AWS Global Accelerator and configure it with the S3 bucket
D. nable S3 Transfer Acceleration and use the acceleration endpoint when uploading files
View answer
Correct Answer: D
Question #38
A SysOps administrator wants to provide access to AWS services by attaching an IAM policy to multiple IAM users. The SysOps administrator also wants to be able to change the policy and create new versions.Which combination of actions will meet these requirements? (Choose two.)
A. se EBS fast snapshot restore to create a new General Purpose SSD EBS volume from the production snapshot
B. se EBS fast snapshot restore to create a new Provisioned IOPS SSD EBS volume from the production snapshot
C. se EBS snapshot restore to create a new General Purpose SSD EBS volume from the production snapshot
D. se EBS snapshot restore to create a new Provisioned IOPS SSD EBS volume from the production snapshot
View answer
Correct Answer: BD
Question #39
A company is running distributed computing software to manage a fleet of 20 Amazon EC2 instances for calculations. The fleet includes 2 control nodes and 18 task nodes to run the calculations. Control nodes can automatically start the task nodes.Currently, all the nodes run on demand. The control nodes must be available 24 hours a day, 7 days a week. The task nodes run for 4 hours each day. A SysOps administrator needs to optimize the cost of this solution.Which combination of actions will meet these requir
A. dd an S3 Lifecycle rule on the S3 bucket with a scope that is limited to objects that were created in the last hour
B. onfigure another S3 event notification to invoke a Lambda function that posts a message to an Amazon Simple Queue Service (Amazon SQS) queue
C. reate an Amazon CloudWatch alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to alert the application team when the Invocations metric of the Lambda function is zero for an hour
D. reate a new Lambda function to get the timestamp of the newest file in the S3 bucket
View answer
Correct Answer: AE
Question #40
An environment consists of 100 Amazon EC2 Windows instances. The Amazon CloudWatch agent is deployed and running on all EC2 Instances with a baseline configuration file to capture log files. There is a new requirement to capture the DHCP log files that exist on 50 of the instances.What is the MOST operationally efficient way to meet this new requirement?
A. reate an additional CloudWatch agent configuration file to capture the DHCP logs
B. og in to each EC2 Instance with administrator rights
C. un the CloudWatch agent configuration file wizard on each EC2 instance
D. un the CloudWatch agent configuration file wizard on each EC2 instance and select the advanced detail level
View answer
Correct Answer: A
Question #41
A company must ensure that any objects uploaded to an S3 bucket are encrypted.Which of the following actions will meet this requirement? (Choose two.)
A. reate a read replica of the database
B. se Amazon RDS Proxy to create a proxy
C. ncrease the value in the max_connect_errors parameter in the parameter group that the database uses
D. pdate the Lambda function's reserved concurrency to a higher value
View answer
Correct Answer: CE
Question #42
A SysOps administrator wants to monitor the free disk space that is available on a set of Amazon EC2 instances that have Amazon Elastic Block Store (Amazon EBS) volumes attached. The SysOps administrator wants to receive a notification when the used disk space of the EBS volumes exceeds a threshold value, but only when the DiskReadOps metric also exceeds a threshold value. The SysOps administrator has set up an Amazon Simple Notification Service (Amazon SNS) topic.How can the SysOps administrator receive no
A. nstall the Amazon CloudWatch agent on the EC2 instances
B. nstall the Amazon CloudWatch agent on the EC2 instances
C. reate a metric alarm for the EBSByteBalance% metric and a metric alarm for the DiskReadOps metric
D. onfigure detailed monitoring for the EC2 instances
View answer
Correct Answer: A
Question #43
A company is planning to host an application on a set of Amazon EC2 instances that are distributed across multiple Availability Zones. The application must be able to scale to millions of requests each second.A SysOps administrator must design a solution to distribute the traffic to the EC2 instances. The solution must be optimized to handle sudden and volatile traffic patterns while using a single static IP address for each Availability Zone.Which solution will meet these requirements?
A. mazon Simple Queue Service (Amazon SQS) queue
B. pplication Load Balancer
C. WS Global Accelerator
D. etwork Load Balancer
View answer
Correct Answer: D
Question #44
A SysOps administrator must create a solution that immediately notifies software developers if an AWS Lambda function experiences an error.Which solution will meet this requirement?
A. reate an Amazon Simple Notification Service (Amazon SNS) topic with an email subscription for each developer
B. reate an Amazon Simple Notification Service (Amazon SNS) topic with a mobile subscription for each developer
C. erify each developer email address in Amazon Simple Email Service (Amazon SES)
D. erify each developer mobile phone in Amazon Simple Email Service (Amazon SES)
View answer
Correct Answer: A
Question #45
A company hosts several write-intensive applications. These applications use a MySQL database that runs on a single Amazon EC2 instance. The company asks a SysOps administrator to implement a highly available database solution that is ideal for multi-tenant workloads.Which solution should the SysOps administrator implement to meet these requirements?
A. reate a second EC2 instance for MySQL
B. igrate the database to an Amazon Aurora DB cluster
C. igrate the database to an Amazon Aurora multi-master DB cluster
D. igrate the database to an Amazon RDS for MySQL DB instance
View answer
Correct Answer: C
Question #46
A company has an application that is deployed to two AWS Regions in an active-passive configuration. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) in each Region. The instances are in an Amazon EC2 Auto Scaling group in each Region. The application uses an Amazon Route 53 hosted zone for DNS. A SysOps administrator needs to configure automatic failover to the secondary Region.What should the SysOps administrator do to meet these requirements?
A. onfigure Route 53 alias records that point to each ALB
B. onfigure CNAME records that point to each ALChoose a failover routing policy
C. onfigure Elastic Load Balancing (ELB) health checks for the Auto Scaling group
D. onfigure EC2 health checks for the Auto Scaling group
View answer
Correct Answer: A
Question #47
A company is releasing a new static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded; however, upon navigating to the site, the following error message is received:403 Forbidden - Access DeniedWhat change should be made to fix this error?
A. dd a bucket policy that grants everyone read access to the bucket
B. dd a bucket policy that grants everyone read access to the bucket objects
C. emove the default bucket policy that denies read access to the bucket
D. onfigure cross-origin resource sharing (CORS) on the bucket
View answer
Correct Answer: B
Question #48
A company's application is hosted by an internet provider at app.example.com. The company wants to access the application by using www.company.com, which the company owns and manages with Amazon Route 53.Which Route 53 record should be created to address this?
A. record
B. lias record
C. NAME record
D. ointer (PTR) record
View answer
Correct Answer: C
Question #49
A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company’s on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors.Which solution will give the application the ability to resolve the internal domain na
A. aunch EC2 instances in the VPC
B. reate an Amazon Route 53 Resolver outbound endpoint
C. et up two AWS Direct Connect connections between the AWS environment and the on-premises network
D. reate an Amazon Route 53 public hosted zone for the on-premises domain
View answer
Correct Answer: B
Question #50
A company has a simple web application that runs on a set of Amazon EC2 instances behind an Elastic Load Balancer in the eu-west-2 Region. Amazon Route 53 holds a DNS record for the application with a simple routing policy. Users from all over the world access the application through their web browsers.The company needs to create additional copies of the application in the us-east-1 Region and in the ap-south-1 Region. The company must direct users to the Region that provides the fastest response times when
A. n each new Region, create a new Elastic Load Balancer and a new set of EC2 instances to run a copy of the application
B. n each new Region, create a copy of the application on new EC2 instances
C. n each new Region, create a copy of the application on new EC2 instances
D. n each new Region, create a new Elastic Load Balancer and a new set of EC2 instances to run a copy of the application
View answer
Correct Answer: D
Question #51
An Amazon CloudFront distribution has a single Amazon S3 bucket as its origin. A SysOps administrator must ensure that users can access the S3 bucket only through requests from the CloudFront endpoint.Which solution will meet these requirements?
A. onfigure S3 Block Public Access on the S3 bucket
B. onfigure Origin Shield in the CloudFront distribution
C. reate an origin access identity (OAI)
D. reate an origin access identity (OAI)
View answer
Correct Answer: C
Question #52
A company recently acquired another corporation and all of that corporation's AWS accounts. A financial analyst needs the cost data from these accounts. A SysOps administrator uses Cost Explorer to generate cost and usage reports. The SysOps administrator notices that "No Tagkey" represents 20% of the monthly cost.What should the SysOps administrator do to tag the "No Tagkey" resources?
A. he private IP address of the customer gateway device
B. he MAC address of the NAT device in front of the customer gateway device
C. he public IP address of the customer gateway device
D. he public IP address of the NAT device in front of the customer gateway device
View answer
Correct Answer: D
Question #53
A company has an application that customers use to search for records on a website. The application's data is stored in an Amazon Aurora DB cluster. The application's usage varies by season and by day of the week.The website's popularity is increasing, and the website is experiencing slower performance because of increased load on the DB cluster during periods of peak activity. The application logs show that the performance issues occur when users are searching for information. The same search is rarely per
A. eploy an Amazon ElastiCache for Redis cluster in front of the DB cluster
B. eploy an Aurora Replica for the DB cluster
C. se Provisioned IOPS on the storage volumes that support the DB cluster to improve performance sufficiently to support the peak load on the application
D. ncrease the instance size in the DB cluster to a size that is sufficient to support the peak load on the application
View answer
Correct Answer: B
Question #54
A company’s SysOps administrator regularly checks the AWS Personal Health Dashboard in each of the company’s accounts. The accounts are part of an organization in AWS Organizations. The company recently added 10 more accounts to the organization. The SysOps administrator must consolidate the alerts from each account’s Personal Health Dashboard.Which solution will meet this requirement with the LEAST amount of effort?
A. nable organizational view in AWS Health
B. onfigure the Personal Health Dashboard in each account to forward events to a central AWS CloudTrail log
C. reate an AWS Lambda function to query the AWS Health API and to write all events to an Amazon DynamoDB table
D. se the AWS Health API to write events to an Amazon DynamoDB table
View answer
Correct Answer: A
Question #55
A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones. The application uses an Amazon RDS Multi-AZ DB Instance. Amazon Route 53 record sets route requests for dynamic content to the load balancer and requests for static content to an Amazon S3 bucket. Site visitors are reporting extremely long loading times.Which actions should be taken to improve the performance of the website? (Choose two.)
A. onfigure the backup software to use Amazon S3 as the target for the data backups
B. onfigure the backup software to use Amazon S3 Glacier as the target for the data backups
C. se AWS Storage Gateway, and configure it to use gateway-cached volumes
D. se AWS Storage Gateway, and configure it to use gateway-stored volumes
View answer
Correct Answer: AD
Question #56
A SysOps administrator has blocked public access to all company Amazon S3 buckets. The SysOps administrator wants to be notified when an S3 bucket becomes publicly readable in the future.What is the MOST operationally efficient way to meet this requirement?
A. reate an AWS Lambda function that periodically checks the public access settings for each S3 bucket
B. reate a cron script that uses the S3 API to check the public access settings for each S3 bucket
C. nable S3 Event Notifications for each S3 bucket
D. nable the s3-bucket-public-read-prohibited managed rule in AWS Config
View answer
Correct Answer: D
Question #57
A company recently purchased Savings Plans. The company wants to receive email notification when the company’s utilization drops below 90% for a given day.Which solution will meet this requirement?
A. reate an Amazon CloudWatch alarm to monitor the Savings Plan check in AWS Trusted Advisor
B. reate an Amazon CloudWatch alarm to monitor the SavingsPlansUtilization metric under the AWS/SavingsPlans namespace in CloudWatch
C. reate a Savings Plans alert to monitor the daily utilization of the Savings Plans
D. se AWS Budgets to create a Savings Plans budget to track the daily utilization of the Savings Plans
View answer
Correct Answer: C
Question #58
A company needs to implement a managed file system to host Windows file shares for users on premises. Resources in the AWS Cloud also need access to the data on these file shares. A SysOps administrator needs to present the user file shares on premises and make the user file shares available on AWS with minimum latency.What should the SysOps administrator do to meet these requirements?
A. et up an Amazon S3 File Gateway
B. et up an AWS Direct Connect connection
C. se AWS DataSync to automate data transfers between the existing file servers and AWS
D. et up an Amazon FSx File Gateway
View answer
Correct Answer: D
Question #59
A company is planning to host its stateful web-based applications on AWS. A SysOps administrator is using an Auto Scaling group of Amazon EC2 instances. The web applications will run 24 hours a day, 7 days a week throughout the year. The company must be able to change the instance type within the same instance family later in the year based on the traffic and usage patterns.Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?
A. onvertible Reserved Instances
B. n-Demand Instances
C. pot Instances
D. tandard Reserved Instances
View answer
Correct Answer: A
Question #60
A company's public website is hosted in an Amazon S3 bucket in the us-east-1 Region behind an Amazon CloudFront distribution. The company wants to ensure that the website is protected from DDoS attacks. A SysOps administrator needs to deploy a solution that gives the company the ability to maintain control over the rate limit at which DDoS protections are applied.Which solution will meet these requirements?
A. eploy a global-scoped AWS WAF web ACL with an allow default action
B. eploy an AWS WAF web ACL with an allow default action in us-east-1
C. eploy a global-scoped AWS WAF web ACL with a block default action
D. eploy an AWS WAF web ACL with a block default action in us-east-1
View answer
Correct Answer: A
Question #61
A company plans to migrate several of its high performance computing (HPC) virtual machines (VMs) to Amazon EC2 instances on AWS. A SysOps administrator must identify a placement group for this deployment. The strategy must minimize network latency and must maximize network throughput between the HPC VMs.Which strategy should the SysOps administrator choose to meet these requirements?
A. eploy the instances in a cluster placement group in one Availability Zone
B. eploy the instances in a partition placement group in two Availability Zones
C. eploy the instances in a partition placement group in one Availability Zone
D. eploy the instances in a spread placement group in two Availability Zones
View answer
Correct Answer: A
Question #62
A company’s application currently uses an IAM role that allows all access to all AWS services. A SysOps administrator must ensure that the company’s IAM policies allow only the permissions that the application requires.How can the SysOps administrator create a policy to meet this requirement?
A. urn on AWS CloudTrail
B. urn on Amazon EventBridge (Amazon CloudWatch Events)
C. se the AWS CLI to run the get-generated-policy command in AWS Identity and Access Management Access Analyzer
D. urn on AWS CloudTrail
View answer
Correct Answer: D
Question #63
A company has migrated its application to AWS. The company will host the application on Amazon EC2 instances of multiple instance families.During initial testing, a SysOps administrator identifies performance issues on selected EC2 instances. The company has a strict budget allocation policy, so the SysOps administrator must use the right resource types with the performance characteristics to match the workload.What should the SysOps administrator do to meet this requirement?
A. urchase regional Reserved Instances (RIs) for immediate cost savings
B. urchase zonal Reserved Instances (RIs) for the existing instances
C. eview and take action on AWS Compute Optimizer recommendations
D. eview resource utilization metrics in the AWS Cost and Usage Report
View answer
Correct Answer: C
Question #64
A SysOps administrator has successfully deployed a VPC with an AWS CloudFormation template. The SysOps administrator wants to deploy the same template across multiple accounts that are managed through AWS Organizations.Which solution will meet this requirement with the LEAST operational overhead?
A. ssume the OrganizationAccountAccessRole IAM role from the management account
B. reate an AWS Lambda function to assume a role in each account
C. reate an AWS Lambda function to query for a list of accounts
D. se AWS CloudFormation StackSets from the management account to deploy the template in each of the accounts
View answer
Correct Answer: D
Question #65
A company has an infernal web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone. A SysOps administrator must make the application highly available.Which action should the SysOps administrator take to meet this requirement?
A. ncrease the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage
B. ncrease the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage
C. pdate the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region
D. pdate the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region
View answer
Correct Answer: C
Question #66
A company is running a website on Amazon EC2 instances behind an Application Load Balancer (ALB). The company configured an Amazon CloudFront distribution and set the ALB as the origin. The company created an Amazon Route 53 CNAME record to send all traffic through the CloudFront distribution. As an unintended side effect, mobile users are now being served the desktop version of the website.Which action should a SysOps administrator take to resolve this issue?
A. onfigure the CloudFront distribution behavior to forward the User-Agent header
B. onfigure the CloudFront distribution origin settings
C. nable IPv6 on the ALB
D. nable IPv6 on the CloudFront distribution
View answer
Correct Answer: C
Question #67
A company is expanding its use of AWS services across its portfolios. The company wants to provision AWS accounts for each team to ensure a separation of business processes for security, compliance, and billing. Account creation and bootstrapping should be completed in a scalable and efficient way so new accounts are created with a defined baseline and governance guardrails in place. A SysOps administrator needs to design a provisioning process that saves time and resources.Which action should be taken to m
A. utomate using AWS Elastic Beanstalk to provision the AWS accounts, set up infrastructure, and integrate with AWS Organizations
B. reate bootstrapping scripts in AWS OpsWorks and combine them with AWS CloudFormation templates to provision accounts and infrastructure
C. se AWS Config to provision accounts and deploy instances using AWS Service Catalog
D. se AWS Control Tower to create a template in Account Factory and use the template to provision new accounts
View answer
Correct Answer: D
Question #68
A company requires that all IAM user accounts that have not been used for 90 days or more must have their access keys and passwords immediately disabled. A SysOps administrator must automate the process of disabling unused keys using the MOST operationally efficient method.How should the SysOps administrator implement this solution?
A. reate an AWS Step Functions workflow to identify IAM users that have not been active for 90 days
B. onfigure an AWS Config rule to identify IAM users that have not been active for 90 days
C. evelop and run a Python script on an Amazon EC2 instance to programmatically identify IAM users that have not been active for 90 days
D. et up an AWS Config managed rule to identify IAM users that have not been active for 90 days
View answer
Correct Answer: D
Question #69
A SysOps administrator is notified that an Amazon EC2 instance has stopped responding. The AWS Management Console indicates that the system checks are failing.What should the administrator do first to resolve this issue?
A. eboot the EC2 instance so it can be launched on a new host
B. top and then start the EC2 instance so that it can be launched on a new host
C. erminate the EC2 instance and relaunch it
D. iew the AWS CloudTrail log to investigate what changed on the EC2 instance
View answer
Correct Answer: B
Question #70
A company needs to archive all audit logs for 10 years. The company must protect the logs from any future edits.Which solution will meet these requirements?
A. tore the data in an Amazon Elastic Block Store (Amazon EBS) volume
B. tore the data in an Amazon S3 Glacier vault
C. tore the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
D. tore the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
View answer
Correct Answer: B
Question #71
A company is using an Amazon Aurora MySQL DB cluster that has point-in-time recovery, backtracking, and automatic backup enabled. A SysOps administrator needs to be able to roll back the DB cluster to a specific recovery point within the previous 72 hours. Restores must be completed in the same production DB cluster.Which solution will meet these requirements?
A. reate an Aurora Replica
B. reate an AWS Lambda function to restore an automatic backup to the existing DB cluster
C. se backtracking to rewind the existing DB cluster to the desired recovery point
D. se point-in-time recovery to restore the existing DB cluster to the desired recovery point
View answer
Correct Answer: C
Question #72
A company has a policy that requires all Amazon EC2 instances to have a specific set of tags. If an EC2 instance does not have the required tags, the noncompliant instance should be terminated.What is the MOST operationally efficient solution that meets these requirement?
A. reate an Amazon EventBridge (Amazon CloudWatch Events) rule to send all EC2 instance state changes to an AWS Lambda function to determine if each instance is compliant
B. reate an IAM policy that enforces all EC2 instance tag requirements
C. reate an AWS Lambda function to determine if each EC2 instance is compliant and terminate an instance if it is noncompliant
D. reate an AWS Config rule to check if the required tags are present
View answer
Correct Answer: D
Question #73
A SysOps administrator is attempting to deploy resources by using an AWS CloudFormation template. An Amazon EC2 instance that is defined in the template fails to launch and produces an InsufficientInstanceCapacity error.Which actions should the SysOps administrator take to resolve this error? (Choose two.)
A. reate a custom shell script to extract the dimensions and collect the metrics using the Amazon CloudWatch agent
B. reate an Amazon EventBridge (Amazon CloudWatch Events) rule to evaluate the required custom dimensions and send the metrics to Amazon Simple Notification Service (Amazon SNS)
C. reate an AWS Lambda function to collect the metrics from AWS CloudTrail and send the metrics to an Amazon CloudWatch Logs group
D. reate an append_dimensions field in the Amazon CloudWatch agent configuration file to collect the metrics
View answer
Correct Answer: BC
Question #74
A company updates its security policy to clarify cloud hosting arrangements for regulated workloads. Workloads that are identified as sensitive must run on hardware that is not shared with other customers or with other AWS accounts within the company.Which solution will ensure compliance with this policy?
A. eploy workloads only to Dedicated Hosts
B. eploy workloads only to Dedicated Instances
C. eploy workloads only to Reserved Instances
D. lace all instances in a dedicated placement group
View answer
Correct Answer: A
Question #75
A company hosts its website on Amazon EC2 instances in the us-east-1 Region. The company is preparing to extend its website into the eu-central-1 Region, but the database must remain only in us-east-1. After deployment, the EC2 instances in eu-central-1 are unable to connect to the database in us-east-1.What is the MOST operationally efficient solution that will resolve this connectivity issue?
A. reate a VPC peering connection between the two Regions
B. reate a VPC peering connection between the two Regions
C. reate a VPN connection between the two Regions
D. reate a VPN connection between the two Regions
View answer
Correct Answer: A
Question #76
A company hosts an application on an Amazon EC2 instance in a single AWS Region. The application requires support for non-HTTP TCP traffic and HTTP traffic.The company wants to deliver content with low latency by leveraging the AWS network. The company also wants to implement an Auto Scaling group with an Elastic Load Balancer.How should a SysOps administrator meet these requirements?
A. reate an Auto Scaling group with an Application Load Balancer (ALB)
B. reate an Auto Scaling group with an Application Load Balancer (ALB)
C. reate an Auto Scaling group with a Network Load Balancer (NLB)
D. reate an Auto Scaling group with a Network Load Balancer (NLB)
View answer
Correct Answer: D
Question #77
A SysOps administrator wants to protect objects in an Amazon S3 bucket from accidental overwrite and deletion. Noncurrent objects must be kept for 90 days and then must be permanently deleted. Objects must reside within the same AWS Region as the original S3 bucket.Which solution meets these requirements?
A. reate an Amazon Data Lifecycle Manager (Amazon DLM) lifecycle policy for the S3 bucket
B. reate an AWS Backup policy for the S3 bucket
C. nable S3 Cross-Region Replication on the S3 bucket
D. nable S3 Versioning on the S3 bucket
View answer
Correct Answer: D
Question #78
A company has an initiative to reduce costs associated with Amazon EC2 and AWS Lambda.Which action should a SysOps administrator take to meet these requirements?
A. nalyze the AWS Cost and Usage Report by using Amazon Athena to identify cost savings
B. reate an AWS Budgets alert to alarm when account spend reaches 80% of the budget
C. urchase Reserved Instances through the Amazon EC2 console
D. se AWS Compute Optimizer and take action on the provided recommendations
View answer
Correct Answer: D
Question #79
A company's SysOps administrator needs to change the AWS Support plan for one of the company's AWS accounts. The account has multi-factor authentication (MFA) activated, and the MFA device is lost.What should the SysOps administrator do to sign in?
A. ign in as a root user by using email and phone verification
B. ign in as an IAM user with administrator permissions
C. ign in as an IAM user with administrator permissions
D. se the forgot-password process to verify the email address
View answer
Correct Answer: A
Question #80
An application is running on an Amazon EC2 instance in a VPC with the default DHCP option set. The application connects to an on-premises Microsoft SQL Server database with the DNS name mssql.example.com. The application is unable to resolve the database DNS name.Which solution will fix this problem?
A. reate an Amazon Route 53 Resolver inbound endpoint
B. reate an Amazon Route 53 Resolver inbound endpoint
C. reate an Amazon Route 53 Resolver outbound endpoint
D. reate an Amazon Route 53 Resolver outbound endpoint
View answer
Correct Answer: C
Question #81
A SysOps administrator is trying to set up an Amazon Route 53 domain name to route traffic to a website hosted on Amazon S3. The domain name of the website is www.example.com and the S3 bucket name DOC-EXAMPLE-BUCKET. After the record set is set up in Route 53, the domain name www.anycompany.com does not seem to work, and the static website is not displayed in the browser.Which of the following is a cause of this?
A. he S3 bucket must be configured with Amazon CloudFront first
B. he Route 53 record set must have an IAM role that allows access to the S3 bucket
C. he Route 53 record set must be in the same region as the S3 bucket
D. he S3 bucket name must match the record set name in Route 53
View answer
Correct Answer: D
Question #82
A company runs workloads on 90 Amazon EC2 instances in the eu-west-1 Region in an AWS account. In 2 months, the company will migrate the workloads from eu-west-1 to the eu-west-3 Region.The company needs to reduce the cost of the EC2 instances. The company is willing to make a 1-year commitment that will begin next week. The company must choose an EC2 instance purchasing option that will provide discounts for the 90 EC2 instances regardless of Region during the 1-year period.Which solution will meet these r
A. urchase EC2 Standard Reserved Instances
B. urchase an EC2 Instance Savings Plan
C. urchase EC2 Convertible Reserved Instances
D. urchase a Compute Savings Plan
View answer
Correct Answer: D
Question #83
A company has two VPC networks named VPC A and VPC B. The VPC A CIDR block is 10.0.0.0/16 and the VPC B CIDR block is 172.31.0.0/16. The company wants to establish a VPC peering connection named pcx-12345 between both VPCs.Which rules should appear in the route table of VPC A after configuration? (Choose two.)
A. dd several different instance sizes in the launch template
B. reate an Auto Scaling policy based on the ApproximateNumberOfMessagesDelayed metric to scale the number of instances based on the number of messages in the queue that have been delayed
C. reate a custom metric based on the ASGAverageCPUUtilization metric and the GroupPendingInstances metric from the Auto Scaling group
D. reate a custom metric based on the ApproximateNumberOfMessagesVisible metric and the number of instances in the InService state in the Auto Scaling group
View answer
Correct Answer: AD
Question #84
A company is running an application on premises and wants to use AWS for data backup. All of the data must be available locally. The backup application can write only to block-based storage that is compatible with the Portable Operating System Interface (POSIX).Which backup solution will meet these requirements?
A. rovision an interface VPC endpoint for Amazon S3
B. onfigure AWS Network Firewall to redirect traffic to the internal S3 address
C. odify the application to use the S3 path-style endpoint
D. et up a range of VPC network ACLs to redirect traffic to the internal S3 address
View answer
Correct Answer: D
Question #85
A company analyzes sales data for its customers. Customers upload files to one of the company's Amazon S3 buckets, and a message is posted to an Amazon Simple Queue Service (Amazon SQS) queue that contains the object Amazon Resource Name (ARN). An application that runs on an Amazon EC2 instance polls the queue and processes the messages. The processing time depends on the size of the file.Customers are reporting delays in the processing of their files. A SysOps administrator decides to configure Amazon EC2
A. opy the EC2 instance to a different Availability Zone
B. reate an Amazon Machine Image (AMI) from the EC2 instance and launch it in a different Availability Zone
C. ove the EC2 instance to a different Availability Zone using the AWS CLI
D. top the EC2 instance, modify the Availability Zone, and start the instance
View answer
Correct Answer: B
Question #86
A company hosts a static website on Amazon S3. An Amazon CloudFront distribution presents this site to global users. The company uses the Managed-CachingDisabled CloudFront cache policy. The company's developers confirm that they frequently update a file in Amazon S3 with new information.Users report that the website presents correct information when the website first loads the file. However, the users' browsers do not retrieve the updated file after a refresh.What should a SysOps administrator recommend to
A. dd a Cache-Control header field with max-age=0 to the S3 object
B. hange the CloudFront cache policy to Managed-CachingOptimized
C. isable bucket versioning in the S3 bucket configuration
D. nable content compression in the CloudFront configuration
View answer
Correct Answer: A
Question #87
A SysOps administrator wants to manage a web server application with AWS Elastic Beanstalk. The Elastic Beanstalk service must maintain full capacity for new deployments at all times.Which deployment policies satisfy this requirement? (Choose two.)
A. n Account A, create a Lambda execution role to assume the role in Account B
B. n Account A, create a Lambda execution role that provides access to the S3 bucket
C. n Account A, create a role that the function can assume
D. n Account A
View answer
Correct Answer: BE
Question #88
A company’s SysOps administrator must ensure that all Amazon EC2 Windows instances that are launched in an AWS account have a third-party agent installed. The third-party agent has an .msi package. The company uses AWS Systems Manager for patching, and the Windows instances are tagged appropriately. The third-party agent requires periodic updates as new versions are released. The SysOps administrator must deploy these updates automatically.Which combination of steps will meet these requirements with the LEA
A. ncrease the size of the 1 GiB EBS volumes
B. dd two additional elastic network interfaces on each EC2 instance
C. urn on Transfer Acceleration on the EBS volumes in the Region
D. dd all the EC2 instances to a cluster placement group
View answer
Correct Answer: AD
Question #89
A SysOps administrator is investigating issues on an Amazon RDS for MariaDB DB instance. The SysOps administrator wants to display the database load categorized by detailed wait events.How can the SysOps administrator accomplish this goal?
A. reate an Amazon CloudWatch dashboard
B. nable Amazon RDS Performance Insights
C. nable and configure Enhanced Monitoring
D. eview the database logs in Amazon CloudWatch Logs
View answer
Correct Answer: B
Question #90
A company uses an Amazon S3 bucket to store data files. The S3 bucket contains hundreds of objects. The company needs to replace a tag on all the objects in the S3 bucket with another tag.What is the MOST operationally efficient way to meet this requirement?
A. se S3 Batch Operations
B. se the AWS CLI to get the tags for each object
C. se the AWS CLI to get the tags for each object
D. se the AWS CLI to copy the objects to another S3 bucket
View answer
Correct Answer: A
Question #91
A company has 10 Amazon EC2 instances in its production account. A SysOps administrator must ensure that email notifications are sent to administrators each time there is an EC2 instance state change.Which solution will meet this requirements?
A. onfigure an Amazon Route 53 simple routing policy that publishes a message to an Amazon Simple Notification Service (Amazon SNS) topic when an EC2 instance state changes
B. onfigure an Amazon Route 53 simple routing policy that publishes a message to an Amazon Simple Queue Service (Amazon SQS) queue when an EC2 instance state changes
C. reate an Amazon EventBridge (Amazon CloudWatch Events) rule that publishes a message to an Amazon Simple Notification Service (Amazon SNS) topic when an EC2 instance state changes
D. reate an Amazon EventBridge (Amazon CloudWatch Events) rule that publishes a message to an Amazon Simple Queue Service (Amazon SQS) queue when an EC2 instance state changes
View answer
Correct Answer: C
Question #92
A company uses an Amazon CloudFront distribution to deliver its website. Traffic logs for the website must be centrally stored, and all data must be encrypted at rest.Which solution will meet these requirements?
A. reate an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with internet access and server-side encryption that uses the default AWS managed customer master key (CMK)
B. reate an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with VPC access and server-side encryption that uses AES-256
C. reate an Amazon S3 bucket that is configured with default server-side encryption that uses AES-256
D. reate an Amazon S3 bucket that is configured with no default encryption
View answer
Correct Answer: C
Question #93
The security team is concerned because the number of AWS Identity and Access Management (IAM) policies being used in the environment is increasing. The team tasked a SysOps administrator to report on the current number of IAM policies in use and the total available IAM policies.Which AWS service should the administrator use to check how current IAM policy usage compares to current service limits?
A. WS Trusted Advisor
B. mazon Inspector
C. WS Config
D. WS Organizations
View answer
Correct Answer: A
Question #94
A SysOps administrator is tasked with deploying a company's infrastructure as code. The SysOps administrator want to write a single template that can be reused for multiple environments.How should the SysOps administrator use AWS CloudFormation to create a solution?
A. se Amazon EC2 user data in a CloudFormation template
B. se nested stacks to provision resources
C. se parameters in a CloudFormation template
D. se stack policies to provision resources
View answer
Correct Answer: C
Question #95
A company runs a retail website on multiple Amazon EC2 instances behind an Application Load Balancer (ALB). The company must secure traffic to the website over an HTTPS connection.Which combination of actions should a SysOps administrator take to meet these requirements? (Choose two.)
A. ee Explanation section for answer
View answer
Correct Answer: BD
Question #96
A SysOps administrator needs to track the costs of data transfer between AWS Regions. The SysOps administrator must implement a solution to send alerts to an email distribution list when transfer costs reach 75% of a specific threshold.What should the SysOps administrator do to meet these requirements?
A. reate an AWS Cost and Usage Report
B. reate an Amazon CloudWatch billing alarm to detect when costs reach 75% of the threshold
C. se AWS Budgets to create a cost budget for data transfer costs
D. et up a VPC flow log
View answer
Correct Answer: C
Question #97
An ecommerce company has built a web application that uses an Amazon Aurora DB cluster. The DB cluster includes memory optimized instance types with both a writer node and a reader node. Traffic volume changes throughout the day. During sudden traffic surges, Amazon CloudWatch metrics for the DB cluster indicate high RAM consumption and an increase in select latency.A SysOps administrator must implement a configuration change to improve the performance of the DB cluster. The change must minimize downtime an
A. dd an Aurora Replica to the DB cluster
B. odify the DB cluster to convert the DB cluster into a multi-master DB cluster
C. ake a snapshot of the DB cluster
D. ncrease the disk storage capacity of the DB cluster to double the existing disk capacity
View answer
Correct Answer: B
Question #98
A SysOps administrator is investigating a company’s web application for performance problems. The application runs on Amazon EC2 instances that are in an Auto Scaling group. The application receives large traffic increases at random times throughout the day. During periods of rapid traffic increases, the Auto Scaling group is not adding capacity fast enough. As a result, users are experiencing poor performance.The company wants to minimize costs without adversely affecting the user experience when web traff
A. reate an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a security group changes
B. reate an AWS CloudTrail metric filter for security group changes
C. ctivate the AWS Config restricted-ssh managed rule
D. reate an AWS CloudTrail metric filter for security group changes
View answer
Correct Answer: B
Question #99
A SysOps administrator is attempting to download patches from the internet into an instance in a private subnet. An internet gateway exists for the VPC, and a NAT gateway has been deployed on the public subnet; however, the instance has no internet connectivity. The resources deployed into the private subnet must be inaccessible directly from the public internet.Public Subnet (10.0.1.0/24) Route TableDestination Target10.0.0.0/16 local0.0.0.0/0 IGWPrivate Subnet (10.0.2.0/24) Route TableDestination Target10
A.
B.
C. 0
D. 0
View answer
Correct Answer: B
Question #100
A SysOps administrator is provisioning an Amazon Elastic File System (Amazon EFS) file system to provide shared storage across multiple Amazon EC2 instances. The instances all exist in the same VPC across multiple Availability Zones. There are two instances in each Availability Zone. The SysOps administrator must make the file system accessible to each instance with the lowest possible latency.Which solution will meet these requirements?
A. reate a mount target for the EFS file system in the VPC
B. reate a mount target for the EFS file system in one Availability Zone of the VPC
C. reate a mount target for each instance
D. reate a mount target in each Availability Zone of the VPC
View answer
Correct Answer: D
Question #101
A company has a web application that is experiencing performance problems many times each night. A root cause analysis reveals sudden increases in CPU utilization that last 5 minutes on an Amazon EC2 Linux instance. A SysOps administrator must find the process ID (PID) of the service or process that is consuming more CPU.What should the SysOps administrator do to collect the process utilization information with the LEAST amount of effort?
A. onfigure the Amazon CloudWatch agent procstat plugin to capture CPU process metrics
B. onfigure an AWS Lambda function to run every minute to capture the PID and send a notification
C. og in to the EC2 instance by using a
D. se the default Amazon CloudWatch CPU utilization metric to capture the PID in CloudWatch
View answer
Correct Answer: A
Question #102
A company wants to prohibit its developers from using a particular family of Amazon EC2 instances. The company uses AWS Organizations and wants to apply the restriction across multiple accounts.What is the MOST operationally efficient way for the company to apply service control policies (SCPs) to meet these requirements?
A. dd the accounts to an organizational unit (OU)
B. dd the accounts to resource groups in AWS Resource Groups
C. pply the SCPs to each developer account
D. nroll the accounts with AWS Control Tower
View answer
Correct Answer: A
Question #103
A company’s AWS Lambda function is experiencing performance issues. The Lambda function performs many CPU-intensive operations. The Lambda function is not running fast enough and is creating bottlenecks in the system.What should a SysOps administrator do to resolve this issue?
A. n the CPU launch options for the Lambda function, activate hyperthreading
B. urn off the AWS managed encryption
C. ncrease the amount of memory for the Lambda function
D. oad the required code into a custom layer
View answer
Correct Answer: C
Question #104
A SysOps administrator must ensure that a company's Amazon EC2 instances auto scale as expected. The SysOps administrator configures an Amazon EC2 Auto Scaling lifecycle hook to send an event to Amazon EventBridge (Amazon CloudWatch Events), which then invokes an AWS Lambda function to configure the EC2 instances. When the configuration is complete, the Lambda function calls the complete-lifecycle-action event to put the EC2 instances into service. In testing, the SysOps administrator discovers that the Lam
A. dd a permission to the Lambda function so that it can be invoked by the EventBridge (CloudWatch Events) rule
B. hange the lifecycle hook action to CONTINUE if the lifecycle hook experiences a failure or timeout
C. onfigure a retry policy in the EventBridge (CloudWatch Events) rule to retry the Lambda function invocation upon failure
D. pdate the Lambda function execution role so that it has permission to call the complete-lifecycle-action event
View answer
Correct Answer: D
Question #105
A company has an Amazon RDS DB instance. The company wants to implement a caching service while maintaining high availability.Which combination of actions will meet these requirements? (Choose two.)
A. tream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location
B. nable log file integrity validation and use digest files to verify the hash value of the log file
C. eplicate the S3 log bucket across regions, and encrypt log files with S3 managed keys
D. nable S3 server access logging to track requests made to the log bucket for security audits
View answer
Correct Answer: CD
Question #106
A SysOps administrator is configuring AWS Client VPN to connect users on a corporate network to AWS resources that are running in a VPC. According to compliance requirements, only traffic that is destined for the VPC can travel across the VPN tunnel.How should the SysOps administrator configure Client VPN to meet these requirements?
A. ssociate the Client VPN endpoint with a private subnet that has an internet route through a NAT gateway
B. n the Client VPN endpoint, turn on the split-tunnel option
C. n the Client VPN endpoint, specify DNS server IP addresses
D. elect a private certificate to use as the identity certificate for the VPN client
View answer
Correct Answer: B
Question #107
A company is expanding globally and needs to back up data on Amazon Elastic Block Store (Amazon EBS) volumes to a different AWS Region. Most of the EBS volumes that store the data are encrypted, but some of the EBS volumes are unencrypted. The company needs the backup data from all the EBS volumes to be encrypted.Which solution will meet these requirements with the LEAST management overhead?
A. onfigure a lifecycle policy in Amazon Data Lifecycle Manager (Amazon DLM) to create the EBS volume snapshots with cross-Region backups enabled
B. reate a point-in-time snapshot of the EBS volumes
C. reate a point-in-time snapshot of the EBS volumes
D. chedule an AWS Lambda function with the Python runtime
View answer
Correct Answer: A
Question #108
A SysOps administrator creates an AWS CloudFormation template to define an application stack that can be deployed in multiple AWS Regions. The SysOps administrator also creates an Amazon CloudWatch dashboard by using the AWS Management Console. Each deployment of the application requires its own CloudWatch dashboard.How can the SysOps administrator automate the creation of the CloudWatch dashboard each time the application is deployed?
A. reate a script by using the AWS CLI to run the aws cloudformation put-dashboard command with the name of the dashboard
B. xport the existing CloudWatch dashboard as JSON
C. pdate the CloudFormation template to define an AWS::CloudWatch::Dashboard resource
D. pdate the CloudFormation template to define an AWS::CloudWatch::Dashboard resource
View answer
Correct Answer: B
Question #109
A SysOps administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC, the administrator is unable to connect to any of the domains that reside on the internet.What additional route destination rule should the administrator add to the route tables?
A. oute ::/0 traffic to a NAT gateway
B. oute ::/0 traffic to an internet gateway
C. oute 0
D. oute ::/0 traffic to an egress-only internet gateway
View answer
Correct Answer: D
Question #110
A SysOps administrator recently configured Amazon S3 Cross-Region Replication on an S3 bucket.Which of the following does this feature replicate to the destination S3 bucket by default?
A. bjects in the source S3 bucket for which the bucket owner does not have permissions
B. bjects that are stored in S3 Glacier
C. bjects that existed before replication was configured
D. bject metadata
View answer
Correct Answer: D

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.