dumpspedia logo
A SysOps Administrator must take a team’s single existing AWS CloudFormation template and split it into
smaller, service-specific templates. All of the services in the template reference a single, shared Amazon S3 bucket.
What should the Administrator do to ensure that this S3 bucket can be referenced by all the service
templates?
A SysOps Administrator is creating additional Amazon EC2 instances and receives an InstanceLimitExceeded error.
What is the cause of the issue and how can it be resolved?
A new Amazon Redshift Spectrum Cluster has been launched for a team of Business Analysis. When the team attempts to use the cluster to query the data in Amazon S3, they receive the following error:
What is one cause of this?
Users are struggling to connect to a single public-facing development web server using its public IP address on a unique port number ot 8181 The security group is correctly configured to allow access on that port and the network ACLs are using the default configuration. Which log type will confirm whether users are trying to connect to the correct port?
A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account’s Amazon S3 bucket.
Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket.
A company has an AWS account for each department and wants to consolidate billing and reduce overhead. The company wants to make sure that the finance team is denied from accessing services other than Amazon EC2: the security team is denied from accessing services other than AWS CloudTrail. and IT can access any resource.
Which solution meets these requirements with the LEAST amount of operational overhead''
A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to 1 in Amazon CloudWatch.
What is MOST likely causing this issue?
A SysOps administrator maintains several Amazon EC2 instances that do not have access to the public internet. To patch operating systems, the instances should not be reachable from the Public internet.
The administrator deploys a NAT instance, updates the security groups, and configures the appropriate routes within the route table. However, the instances are still unable to reach the internet.
What should be done to resolve the issue?
A company needs to run a distributed application that processes large amounts of data across multiple EC2 instances. The application is designed to tolerate processing interruptions.
What is the MOST cost-effective Amazon EC2 pricing model for these requirements?
An organization has decided to consolidate storage and move all of its backups and archives to Amazon S3. With all of the data gathered into a hierarchy under a single directory, the organization determines there is 70 TB data that needs to be uploaded. The organization currently has a 150-Mbps connection with 10 people working at the location.
Which service would be the MOST efficient way to transfer this data to Amazon S3?
A SysOps Administrator is deploying an Amazon EC2 instance and is using third-party VPN software to route traffic to an on-premises data center Based on the shared responsibility model AWS is responsible for managing which element of this deployment?
A company designed a specialized Amazon EC2 instance configuration for its Data Scientists. The Data Scientists want to create end delete EC2 instances on their own, but are not comfortable with configuring all the settings for EC2 instances without assistance. The configuration runs proprietary software that must be kept private within the company's AWS accounts and should be available to the Data Scientists, but no other users within the accounts.
Which solution should a SysOps Administrator use to allow the Data Scientists to deploy their workloads with MINIMAL effort?
A company runs an Amazon RDS MySQL DB instance. Corporate policy requires that a daily backup of the database must be copied to a separate security account.
What is the MOST cost-effective way to meet this requirement?
A SysOps Administrator receives an email from AWS about a production Amazon EC2 instance backed by Amazon EBS that is on a degraded host scheduled for retirement. The scheduled retirement occurs during business-critical hours.
What should be done to MINIMIZE disruption to the business?
A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company’s AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.
What should be done to accomplish this?
An application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instance in an Auto Scaling group that terminates unhealthy instances. The Auto Scaling group is configured to determine the health status of EC2 instances using both EC2 status checks and ALB checks. The Development team wants to analyze the unhealthy instances before termination.
What should the SysOps Administrator do to accomplish this?
A SysOps administrator is managing a VPC network consisting of public and private subnets. Instances in the private subnets access the internet through a NAT gateway. A recent AWS bill shows that the NAT gateway charges have doubled. The administrator wants to identify which instances are creating the most network traffic.
How should this be accomplished?
A SysOps Administrator has configured a CloudWatch agent to send custom metrics to Amazon CloudWatch and is now assembling a CloudWatch dashboard to display these metrics.
What steps should be the Administrator take to complete this task?
A SysOps administrator recently launched an application consisting of web servers running on Amazon EC2 instances, an Amazon ElastiCache cluster communicating on port 6379, and an Amazon RDS tor PostgreSQL DB instance communicating on port 5432. The web servers are in the security group web-sg. the ElastiCache cluster is in the security group cache-sg. and the DB instance is in the security group database-sg.
The application fails on start, with the error message "Unable to connect to the database."
The rules in web-sg are as follows.
Which change should the SysOps administrator make to web-sg to correct the issue without compromising security?
A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin After a week of monitoring the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load.
What are possible causes tor this problem? (Select TWO.)
A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.
Which step will fix this issue?
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba41fc, and it is actively used by 10 Amazon EC2 hosts. The organization has become concerned that the file system is not encrypted?
How can this be resolved?
A Security and Compliance team is reviewing Amazon EC2 workloads for unapproved AMI usage.
Which action should a SysOps Administrator recommend?
A SysOps administrator set up an Amazon ElastiCache for Memcached cluster for an application During testing, the application expenences increased latency. Amazon CloudWatch metrics (or the Memcached cluster show CPUUtilization is consistently above 95% and FreeableMemory is consistently under 1 MB.
Which aclion will solve the problem?
A company developed and now runs a memory-intensive application on multiple Amazon EC2 Linux instances. The memory utilization metrics of the EC2 Linux instances must be monitored every minute.
How should the SysOps Administrator publish the memory metrics? (Choose two.)
A sysops administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance The administrator has been tasked with reconfiguring the infrastructure to support this approach
How can the administrator accomplish this with the LEAST administrative overhead?
A SysOps Administrator is attempting to use AWS Systems Manager Session Manager to initiate a SSH session with an Amazon EC2 instance running on a custom Linux Amazon Machine Image (AMI) The Administrator cannot find the target instance in the Session Manager console
Which combination of actions with solve this issue? (Select TWO )
A SysOps Administrate is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company All data must be encrypted at rest
How should the Administrate implement this process?
A SysOps Administrator using AWS KMS needs to rotate all customer master keys (CMKs) every week to meet information security guidelines.
Which option would meet the requirement?
The Security team has decided that there will be no public internet access to HTTP (TCP port 80) because if it is moving to HTTPS for all incoming web traffic. The team has asked a SysOps Administrator to provide a report on any security groups that are not compliant.
What should the SysOps Administrator do to provide near real-time compliance reporting?
An application team has asked a sysops administrator to provision an additional environment for an application in four additional regions. The application is running on more than 100 instances in us-east-1, using fully baked AMIs, An AWS CloudFormation template has been created to deploy resources in us-east-1.
What must the sysops administrator do to provision the application quickly?
A VPC is connected to a company data center by a VPN. An Amazon EC2 instance with the IP address 172.31.16.139 is within a private subnet of the VPC. A SysOps Administrator issued a ping command to the EC2 instance from an on-premises computer with the IP address 203.0.113.12 and did not receive an acknowledgment. VPC Flow Logs were enabled and showed the following:
What action will resolve the issue?
When the AWS Cloud infrastructure experiences an event that may impact an organization, which AWS service can be used to see which of the organization’s resources are affected?
A company requires that all access from on-premises applications to AWS services go over its AWS Direct Connect connection rather than the public internet. How would a SysOps Administrator implement this requirement?
A company received its latest bill with a large increase in the number of requests against Amazon SQS as compared to the month prior. The company is not aware of any major changes in its SQA usage. The company is concerned about the cost increase and who or what was making these calls.
What should a sysops administrator use to validate the calls mode to SQS?
A company's application running on Amazon EC2 Linux recently crashed because it ran out ot available memory. Management wants to be alerted if this ever happens again. Which combination of steps will accomplish this? (Select TWO.)
A company runs a web application that users access using the domain name www example com The company manages the domain name using Amazon Route 53 The company created an Amazon CloudFront distribution in front of the application and would like www example com to access the application through CloudFront
What is the MOST cost-effective way to achieve this?
A security researcher has published a new Common Vulnerabilities and Exposures (CVE) report that impacts a popular operating system A SysOps Administrator is concerned with the new CVE report and wants to patch the company's systems immediately The Administrator contacts AWS Support and requests the patch be applied to all Amazon EC2 instances
How will AWS respond to this request?
An application running on Amazon EC2 allows users to launch batch jobs for data analysis. The jobs are run asynchronously, and the user is notified when they are complete. While multiple jobs can run concurrently, a user’s request need not be fulfilled for up to 24 hours. To run a job, the application launches an additional EC2 instance that performs all the analytics calculations. A job takes between 75 and 110 minutes to complete and cannot be interrupted.
What is the MOST cost-effective way to run this workload?
A company backs up data from its data center using a tape gateway on AWS Storage Gateway. The SysOps Administrator needs to reboot the virtual machine running Storage Gateway.
What process will protect data integrity?
A sysops administrator must monitor a fleet of Amazon EC2 Linux instances with the constraint that no agents be installed. The sysops administrator chooses Amazon CloudWatch as the monitoring tool.
Which metric can be measured given the constraints? (Select Three)
An Applications team has successfully deployed an AWS CloudFormation stack consisting of 30 t2-medium Amazon EC2 instances in the us-west-2 Region. When using the same template to launch a stack in us-east-2, the launch failed and rolled back after launching only 10 EC2 instances.
What is a possible cause of this failure?
A company’s web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The EC2 instances run in an EC@ Auto Scaling group across multiple Availability Zones. Data is stored in an Amazon ElastiCache for Radius cluster and an Amazon RDS DB instance. Company policy requires all system patching to take place at midnight on Tuesday.
Which resources will need to have a maintenance window configured for midnight on Tuesday? (Choose two.)
A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE. The Administrator identified and resolved the template issue causing the failure.
How should the Administrator continue with the stack deployment?
A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles. Corporate policies require that developers are blocked from accessing some services.
What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?
The Security team at AnyCompany discovers that some employees have been using individual AWS accounts that are not under the control of AnyCompany. The team has requested that those individual accounts be linked to the central organization using AWS Organizations.
Which action should a SysOps Administrator take to accomplish this?
A company has a multi-tier web application. In the web tier, all the servers are in private subnets inside a VPC. The development team wants to make changes to the application that requires access to Amazon S3.
What should be done to accomplish this?
An application running on Amazon EC2 needs login credentials to access a database. The login credentials are stored in AWS Systems Manager Parameter Store as secure string parameters.
What is the MOST secure way to grant the application access to the credentials?
A company wants to identify specific Amazon EC2 instances that ate underutilized and the estimated cost savings for each instance How can this be done with MINIMAL effort?
A SysOps Administrator needs to create a replica of a company’s existing AWS infrastructure in a new AWS account. Currently, an AWS Service Catalog portfolio is used to create and manage resources.
What is the MOST efficient way to accomplish this?
A sysops administrator manages an AWS CloudFormation templates that provisions Amazon EC2 instances, an Elastic Load Balancer, and Amazon RDS instances. As part of an ongoing transformation project CloudFormation stacks are being created and deleted continuously. The administrator needs to ensure that the RDS instances continue running after a stack has been deleted.
Which action should be taken to meet these requirements?
An enterprise is using federated Security Assertion Markup Language (SAML) to access the AWS Management Console.
How should the SAML assertion mapping be configured?
A company’s application stores documents within an Amazon S3 bucket. The application is running on Amazon EC2 in a VPC. A recent change in security requirements states that traffic between the company’s application and the S3 bucket must never leave the Amazon network.
What AWS feature can provide this functionality?
A company uses AWS CloudFotmatlon to provision ils VPC. Amazon EC2 instances, and Amazon RDS DB instance The DB instance was deleted manually. When the stack was updated, it (ailed. During rollback, the stack returned the UPDATE_ROLLBACK_FAILEO state. A SysOps administrator must return the AWS Cloud Formation stack to a working state without interrupting existing resources.
Which solution will meet this requirement?
A sysops administrator is implementing SSL for a domain of an internet facing application running behind an Application load balancer (ALB). The administrator decides to use an SSL certificates from Amazon certificate Manager (ACM) to secure it. Upon creating a request for the ALB fully qualified domain name (FQND), it fails, and the error message “Domain not allowed” is displayed.
How can the administrator fix this issue?
A SysOps Administrator is maintaining an application that runs on Amazon EC2 instances behind an application Load Balancer (ALB). Users are reporting errors when attempting to launch the application. The administrator notices an increase in the httpcode_ELS_5xx_Count Amazon CloudWatch metric for the load balancer.
What is the possible cause for this increase?
An organization has been running their website on several m2 Linux instances behind a Classic Load Balancer for more than two years. Traffic and utilization have been constant and predictable.
What should the organization do to reduce costs?
A SysOps Administrator is troubleshooting Amazon EC2 connectivity issues to the internet. The EC2 instance is in a private subnet. Below is the route table that is applied to the subnet of the EC2 instance.
Destination – 10.2.0.0/16
Target – local
Status – Active
Propagated – No
Destination – 0.0.0.0/0
Target – nat-xxxxxxx
Status – Blackhole
Propagated – No
What has caused the connectivity issue?
A SysOps Administrator must set up notifications for whenever combined billing exceeds a certain threshold for all AWS accounts within a company. The Administrator has set up AWS Organizations and enabled Consolidated Billing.
Which additional steps must the Administrator perform to set up the billing alerts?
An environment company has discovered that a number of Amazon EC2 instances in a VPC are marked as high risk according to a Common Vulnerabilities and Expressures (CVE) report. The Security tea, requests that all these instances be upgraded.
Who is responsible for upgrading the EC2 instances?
A company runs an application that uses Amazon RDS for MySQL. During load testing of equivalent production volumes, the Development team noticed a significant increase in query latency. A SysOps Administrator concludes from investigating Amazon CloudWatch Logs that the CPU utilization on the RDS MySQL instance was at 100%.
Which action will resolve this issue?
A SysOps Administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented stncl IP whitelisting that requires all build uploads to come from a single IP address.
What change should the Systems Administrator make to the existing build fleet to comply with this new requirement?
A SysOps administrator is implementing automated I/O load performance testing as part of lite continuous integraliorVcontinuous delivery (CI'CD) process for an application The application uses an Amazon Elastic Block Store (Amazon E8S) Provisioned IOPS volume for each instance that is restored from a snapshot and requires consistent I/O performance. During the initial tests, the I/O performance results are sporadic. The SysOps administrator must ensure that the tests yield more consistent results.
Which actions could the SysOps administrator take to accomplish this goal? (Select TWO.)
A company uses multiple accounts for its applications. Account A manages the company’s Amazon Route 53 domains and hosted zones. Account B uses a load balancer fronting the company’s web servers.
How can the company use Route 53 to point to the load balancer in the MOST cost-effective and efficient manner?
A company’s website went down for several hours. The root cause was a full disk on one of the company’s Amazon EC2 instances.
Which steps should the SysOps Administrator take to prevent this from happening in this future?
A company uses LDAP-based credentials and Has a Security Assertion Markup Language (SAML) 2.0 identity provider. A SysOps administrator has configured various federated roles in a new AWS account to provide AWS Management Console access for groups of users that use the existing LDAP-Based credentials. Several groups want to use the AWS CLI on their workstations to automate daily tasks. To enable them to do so, the SysOps administrator has created an application that authenticates a user and generates a SAML assertion.
Which API call should be used to retrieve credentials for federated programmatic access?
A SysOps administrator notices a scale-out event for an Amazon EC2 Auto Scaling group Amazon CloudWatch shows a spike in the RequestCount metric tor the associated Application Load Balancer The administrator would like to know the IP addresses for the source of the requests
Where can the administrator find this information?
A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations
What should a SysOps administrator do to implement this requirement?
A recent AWS CloudFormation stack update has failed and returned the error update_rollback_failed. A Sysops administrator is tasked with returning the CloudFormation stack to its previous working state.
What must be done to accomplish this?
A company is about to launch a new product and is expecting a large increase in application traffic. The application is running on Amazon EC3 is an Auto scaling group and using an Amazon RDS multi-AZ instance. The static content is stored in Amazon S3. During the load test, the time to access the application increased significantly. A SysOps administrator wants to increase the scalability of the application without compromising the durability of the architecture.
How can this goal be achieved?
A SysOps Administrator is receiving alerts related to high CPU utilization of a Memcached-based Amazon ElastiCache cluster.
Which remediation steps should be taken to resolve this issue? (Select TWO.)
A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only All traffic must be over the AWS private network What actions should the SysOps Administrator take to meet these requirements?
Company A purchases company B and inherits three new AWS accounts. Company A would like to centralize billing and reserved instance benefits but wants to keep all other resources separate.
How can this be accomplished?
A company is releasing a now static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded, however, upon navigating to the site, the following error message is received:
403 Forbiddan - Access Denied
What change should be made to fix this error'?
A Development team is designing an application that processes sensitive information within a hybrid deployment. The team needs to ensure the application data is protected both in transit and at rest.
Which combination of actions should be taken to accomplish this? (Choose two.)
TESTED 21 Nov 2024