Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

A SysOps Administrator must remove public IP addresses from all Amazon EC2 Instances to prevent exposure to the internet. However, many corporate applications running on those EC2 instances need to access Amazon S3 buckets. The administrator is tasked with allowing the EC2 instances to continue to access the S3 buckets.

Which solutions can be used? (Select Two).

A.

Deploy a NAT Gateway and configure the route tables according in the VPC where the EC2 instances are running.

B.

Modify the network ACLs with the private IP addresses in the routes to connect to Amazon S3.

C.

Modify the security groups on the EC2 instances with private IP addresses in the routes to connect to Amazon S3.

D.

Set up AWS Direct connect and configure a virtual interface between the EC2 instances and the S3 buckets.

E.

Set up VPC endpoint in the VPC where the EC2 instances are running and configure the routes tables accordingly.

A company has an application running on a fleet of Microsoft Windows instances. Patches to the operating system need to be applied each month. AWS Systems Manager Patch Manager is used to apply the patches on a schedule.

When the fleet is being patched, customers complain about delayed service responses.

What can be done to ensure patches are deployed with MINIMAL customer impact?

A.

Change the number of instances patched at any one time to 100%.

B.

Create a snapshot of each server in the fleet using a Systems Manager Automation document before starting the patch process.

C.

Configure the maintenance window to patch 10% of the instance in the patch group at a time.

D.

Create a patched Amazon Machine Image (AMI). Configure the maintenance window option to deploy the patched AMI on only 10% of the fleet at a time.

A company relies on a fleet of Amazon EC2 instances to support an application. One of the EC2 instances was scheduled for hardware maintenance by AWS. An operations team did not remove the EC2 instance from the fleet in advance of the scheduled maintenance, and an unplanned outage resulted. A SysOps administrator must configure notifications to let the operations team know about scheduled maintenance in the future.

Which action should the SysOps administrator take to meet this requirement?

A.

Create an AWS Lambda function K> look up user data settings of the EC2 instance and publish a notification to an Amazon Simple Notification Service {Amazon SNS) topic.

B.

Create AWS Config rules to monitor the fleet of EC2 instances and publish a notification to an Amazon Simple Notification Service {Amazon SNS) topic.

C.

Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish AWS Personal Health Dashboard events to an Amazon Simple Notification Service (Amazon SNS) topic.

D.

Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish AWS Service Health Dashboard events lo an Amazon Simple Notification Service (Amazon SNS) topic.

An application running on Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones was deployed using an AWS CloudFormation template. A sysops administrator has patched the Amazon Machine Image (AMI) version and must update all the EC2 instances to use the new AMI.

How should Ihe administrator use CloudFormation to apply the new AMI while maintaining a minimum level of active instances to ensure service continuity?

A.

Deploy a second CloudFormation stack and use Amazon Route 53 to redirect traffic to the new stack.

B.

Run the awa cloudformation update-attack command with the —rollback-configuration option.

C.

Set an AutoScal ingRollingUpdate policy in the CloudFormation template to update the stack.

D.

Update the CloudFormation template with the new AMI ID. then reboot the EC2 instances.

Users are struggling to connect to a single public-facing development web server using its public IP address on a unique port number ot 8181 The security group is correctly configured to allow access on that port and the network ACLs are using the default configuration. Which log type will confirm whether users are trying to connect to the correct port?

A.

AWS CloudTrail logs

B.

Elastic Load Balancer access logs

C.

Amazon S3 access logs

D.

VPC Flow Logs

A company is managing a website with a global user base hosted on Amazon EC2 with an Application Load Balancer (ALB). To reduce the load on the web servers, a SysOps administrator configures an Amazon CloudFront distribution with the ALB as the origin After a week of monitoring the solution, the administrator notices that requests are still being served by the ALB and there is no change in the web server load.

What are possible causes tor this problem? (Select TWO.)

A.

CloudFront does not have the ALB configured as the origin access identity.

B.

The DNS is still pointing to the ALB instead of the CloudFront distribution.

C.

The ALB security group is not permitting inbound traffic from CloudFront.

D.

The default, minimum, and maximum Time to Live (TTL) are set to 0 seconds on the CloudFront distribution.

E.

The target groups associated with the ALB are configured for sticky sessions.

A SysOps Administrator must find a way to set up alerts when Amazon EC2 service limits are close to being reached.

How can the Administrator achieve this requirement?

A.

Use Amazon Inspector and Amazon CloudWatch Events.

B.

Use AWS Trusted Advisor and Amazon CloudWatch Events.

C.

Use the Personal Health Dashboard and CloudWatch Events.

D.

Use AWS CloudTrail and CloudWatch Events.

A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.

What is the SIMPLEST approach the SysOps Administrator can take to ensure S3 buckets in those accounts can never be deleted?

A.

Set up MFA Delete on all the S3 buckets to prevent the buckets from being ddeleted.

B.

Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.

C.

Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.

D.

Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.

A SysOps Administrator is responsible for a large fleet of EC2 instances and must know whether any

instances will be affected by upcoming hardware maintenance.

Which option would provide this information with the LEAST administrative overhead?

A.

Monitor AWS CloudTrail for StopInstances API calls related to upcoming maintenance.

B.

Review the Personal Health Dashboard for any scheduled maintenance.

C.

From the AWS Management Console, list any instances with failed system status checks.

D.

Deploy a third-party monitoring solution to provide real-time EC2 instance monitoring.

A SysOps administrator needs to register targets for a Network Load Balancer (NL8) using IP addresses Which prerequisite should the SysOps administrator validate to perform this task?

A.

Ensure the NLB listener security policy is set to ELBSecuntyPohcy-TLS-1-2-Ext-2018-06, ELBSecuntyPolicy-FS-1-2-Res-2019-08 or ELBSecuntyPolicy-TLS-1-0-2015-04

B.

Ensure the heath check setting on the NLB for the Matcher configuration is between 200 and 399

C.

Ensure the targets are within any of these CIDR blocks: 10.0.0.0/8 (RFC I918)r 100.64.0.0/10 (RFC 6598): 172.16.0.0/12 (RFC 1918), or 192.168.0.0/16 (RFC 1918).

D.

Ensure the NLB is exposed as an endpoint service before registering the targets using IP addresses