Spring Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

A company runs hundreds of EC2 instances with new instances launched/terminated hourly. Security requires all running instances to have an instance profile attached. A default profile exists and must be attached automatically to any instance missing one.

Which solution meets this requirement?

A.

EventBridge rule for RunInstances API calls, invoke Lambda to attach default profile.

B.

AWS Config with ec2-instance-profile-attached managed rule, automatic remediation using Systems Manager Automation runbook to attach profile.

C.

EventBridge rule for StartInstances API calls, invoke Systems Manager Automation runbook to attach profile.

D.

AWS Config iam-role-managed-policy-check managed rule, automatic remediation with Lambda to attach profile.

A company has a stateless web application that is deployed on Amazon EC2 instances. The EC2 instances are in a target group behind an Application Load Balancer (ALB). Amazon Route 53 manages the application domain.

The company updates the application UI and develops a beta version of the application. The company wants to test the beta version on 10% of its traffic.

Which solution will meet these requirements with the LEAST number of configuration changes?

A.

Deploy the beta version to new EC2 instances in a new target group. Associate the new target group with a new ALB. Update the existing Route 53 record to use a weighted routing policy. Add a new Route 53 record that points to the new ALB with the same routing policy. Assign a weight of 90 to the existing record. Assign a weight of 10 to the new record.

B.

Deploy the beta version to new EC2 instances in a new target group. Associate the new target group with the same ALB listener rule. Assign a weight of 90 to the existing target group. Assign a weight of 10 to the new target group.

C.

Refactor the application to implement a feature flag for the beta version by using AWS AppConfig. Use the feature flag to enable the beta version for 10% of the EC2 instances.

D.

Containerize and deploy the application on Amazon Elastic Container Service (Amazon ECS). Use AWS CodeDeploy to deploy the beta version by using the CodeDeployDefault.ECSCanary10Percent15Minutes deployment configuration.

A company provides an application to customers. The application has an Amazon API Gateway REST API that invokes an AWS Lambda function. On initialization, the Lambda function loads a large amount of data from an Amazon DynamoDB table. The data load process results in long cold-start times of 8-10 seconds. The DynamoDB table has DynamoDB Accelerator (DAX) configured.

Customers report that the application intermittently takes a long time to respond to requests. The application receives thousands of requests throughout the day. In the middle of the day, the application experiences 10 times more requests than at any other time of the day. Near the end of the day, the application's request volume decreases to 10% of its normal total.

A DevOps engineer needs to reduce the latency of the Lambda function at all times of the day.

Which solution will meet these requirements?

A.

Configure provisioned concurrency on the Lambda function with a concurrency value of 1. Delete the DAX cluster for the DynamoDB table.

B.

Configure reserved concurrency on the Lambda function with a concurrency value of 0.

C.

Configure provisioned concurrency on the Lambda function. Configure AWS Application Auto Scaling on the Lambda function with provisioned concurrency values set to a minimum of 1 and a maximum of 100.

D.

Configure reserved concurrency on the Lambda function. Configure AWS Application Auto Scaling on the API Gateway API with a reserved concurrency maximum value of 100.

A global company uses Amazon S3 to host its product catalog website in the us-east-1 Region. The company must improve website performance for users across different geographical regions and must reduce the load on the origin server. The company must implement a highly available cross-Region solution that uses Amazon CloudFront. Which solution will meet these requirements with the LEAST operational effort?

A.

Set up multiple CloudFront distributions. Point each distribution to another S3 bucket in a different Region. Use Amazon Route 53 latency-based routing to direct users to the nearest distribution.

B.

Enable S3 replication between the S3 bucket in us-east-1 and the S3 bucket in the different Region.

C.

Enable CloudFront with Origin Shield in us-east-1. Configure global edge locations. Set up cache behaviors with optimal TTLs for static content and dynamic content. Configure origin failover to an S3 bucket in a different Region. Enable S3 replication between the S3 bucket in us-east-1 and the S3 bucket in the different Region.

D.

Enable CloudFront with Origin Shield in us-east-1. Configure Amazon ElastiCache clusters in multiple Regions to serve as a distributed caching layer between CloudFront and the S3 origin. Set up a replication script to synchronize the S3 bucket in us-east-1 to an S3 bucket in a different Region. Use Amazon EventBridge to schedule the script to run once a day.

E.

Enable CloudFront with Origin Shield in the eu-west-1 Region. Configure Regional edge caches. Implement AWS Global Accelerator to route requests to the nearest Regional edge location. Enable S3 replication between the S3 bucket in us-east-1 and an S3 bucket in a different Region.

A company has an organization in AWS Organizations for its multi-account environment. A DevOps engineer is developing an AWS CodeArtifact based strategy for application package management across the organization. Each application team at the company has its own account in the organization. Each application team also has limited access to a centralized shared services account.

Each application team needs full access to download, publish, and grant access to its own packages. Some common library packages that the application teams use must also be shared with the entire organization.

Which combination of steps will meet these requirements with the LEAST administrative overhead? (Select THREE.)

A.

Create a domain in each application team's account. Grant each application team's account lull read access and write access to the application team's domain

B.

Create a domain in the shared services account Grant the organization read access and CreateRepository access.

C.

Create a repository in each application team's account. Grant each application team's account lull read access and write access to its own repository.

D.

Create a repository in the shared services account. Grant the organization read access to the repository in the shared services account. Set the repository as the upstream repository in each application team's repository.

E.

For teams that require shared packages, create resource-based policies that allow read access to the repository from other application teams' accounts.

F.

Set the other application teams' repositories as upstream repositories.

A company uses an Amazon Aurora PostgreSQL global database that has two secondary AWS Regions. A DevOps engineer has configured the database parameter group to guarantee an RPO of 60 seconds. Write operations on the primary cluster are occasionally blocked because of the RPO setting.

The DevOps engineer needs to reduce the frequency of blocked write operations.

Which solution will meet these requirements?

A.

Add an additional secondary cluster to the global database.

B.

Enable write forwarding for the global database.

C.

Remove one of the secondary clusters from the global database.

D.

Configure synchronous replication for the global database.

A company’s EC2 fleet must maintain up-to-date security patches and compliance reporting.

Which solution meets these requirements?

A.

Use Systems Manager Patch Manager with AWS Config compliance rules and automation documents.

B.

SSH into each instance manually.

C.

Rebuild instances in Auto Scaling groups with latest AMIs.

D.

Use CloudFormation redeployment for every patch.

A company is deploying a new application that uses Amazon EC2 instances. The company needs a solution to query application logs and AWS account API activity Which solution will meet these requirements?

A.

Use the Amazon CloudWatch agent to send logs from the EC2 instances to Amazon CloudWatch Logs Configure AWS CloudTrail to deliver the API logs to Amazon S3 Use CloudWatch to query both sets of logs.

B.

Use the Amazon CloudWatch agent to send logs from the EC2 instances to Amazon CloudWatch Logs Configure AWS CloudTrail to deliver the API logs to CloudWatch Logs Use CloudWatch Logs Insights to query both sets of logs.

C.

Use the Amazon CloudWatch agent to send logs from the EC2 instances to Amazon Kinesis Configure AWS CloudTrail to deliver the API logs to Kinesis Use Kinesis to load the data into Amazon Redshift Use Amazon Redshift to query both sets of logs.

D.

Use the Amazon CloudWatch agent to send logs from the EC2 instances to Amazon S3 Use AWS CloudTrail to deliver the API togs to Amazon S3 Use Amazon Athena to query both sets of logs in Amazon S3.

A company uses Amazon ECS with the Amazon EC2 launch type. The company requires all log data to be centralized on Amazon CloudWatch. The company’s ECS tasks failed to deploy. An error message indicates that a missing permission causes the failure. The IAM role used includes logs:CreateLogGroup, logs:CreateLogStream, and logs:PutLogEvents.

Which solution will fix the problem?

A.

Add an IAM trust policy to the IAM role that establishes Amazon ECS as a trusted service.

B.

Add the logs:PutDestination permission.

C.

Remove the logs:CreateLogStream permission.

D.

Add an IAM trust policy that establishes CloudWatch as a trusted service.

A company has an RPO of 24 hours and an RTO of 10 minutes for a critical web application that runs on Amazon EC2 instances. The company uses AWS Organizations to manage its AWS account. The company wants to set up AWS Backup for its AWS environment.

A DevOps engineer configures AWS Organizations for AWS Backup. The DevOps engineer creates a new centralized AWS account to store the backups. Each EC2 instance has four Amazon Elastic Block Store (Amazon EBS) volumes attached.

Which solution will meet this requirement MOST securely?

A.

Create encrypted backup vaults and customer managed AWS KMS keys in both accounts. Configure AWS Backup to create full EC2 backups as AMIs. Copy the backups to the centralized vault.

B.

Create encrypted vaults in both accounts by using the source account's AWS KMS key. Configure AWS Backup to create EC2 AMIs. Copy the AMIs to the centralized vault.

C.

Create backup vaults in both accounts. Use AWS managed keys for encryption. Configure AWS Backup to create EC2 AMIs. Copy the AMIs to the centralized vault.

D.

Create encrypted vaults in both accounts. Use a customer managed KMS key in the source account. Use an AWS managed key in the centralized account. Configure AWS Backup to create EC2 AMIs. Copy the AMIs to the centralized vault.