Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

A Systems Administrator is responsible for maintaining custom, approved AMIs for a company. These AMIs must be shared with each of the company’s AWS accounts.

How can the Administrator address this issue?

A.

Contact AWS Support for sharing AMIs with other AWS accounts.

B.

Modify the permissions on the AMIs so that they are publicly accessible.

C.

Modify the permissions on the IAM role that are associated with the AMI.

D.

Share the AMIs with each AWS account using the console or CLI.

An Applications team has successfully deployed an AWS CloudFormation stack consisting of 30 t2-medium Amazon EC2 instances in the us-west-2 Region. When using the same template to launch a stack in us-east-2, the launch failed and rolled back after launching only 10 EC2 instances.

What is a possible cause of this failure?

A.

The IAM user did not have privileges to launch the CloudFormation template.

B.

The t2 medium EC2 instance service limit was reached.

C.

An AWS Budgets threshold was breached.

D.

The application’s Amazon Machine Image (AMI) is not available in us-east-2.

The Chief Financial Officer (CFO) of an organization has seen a spike in Amazon S3 storage costs over the last few months A sysops administrator suspects that these costs are related to storage for older versions of S3 objects from one of its S3 buckets

What can the administrator do to confirm this suspicion1?

A.

Enable Amazon S3 inventory and then query the inventory to identify the total storage of previous object versions

B.

Use object-level cost allocation tags to identify the total storage of previous object versions.

C.

Enable the Amazon S3 analytics feature for the bucket to identify the total storage of previous object versions

D.

Use Amazon CloudWatch storage metrics for the S3 bucket to identify the total storage of previous object versions

A company wants to create a new Network Load Balancer (NLB) (or an existing interface VPC endpoint. A SysOps administrator tries to remove the existing NLB but sees the error "existing VPC Endpoint connections and cannot be removed."

Which solution will resolve this issue?

A.

Create a new interface endpoint. Move the existing NLB to the new interface endpoint. Replace the NLB from the old endpoint with a new NLB.

B.

Create a new NLB. Disassociate the NLB used by the interface endpoint service. Associate the new NLB with the interface endpoint service.

C.

Disassociate the NLB used by the interface endpoint service. Create a new NLB and associate it with the Interface endpoint.

D.

Reject the interface endpoint connection. Disassociate the NLB. Create a new NLB and associate it with the interface endpoint.

A SysOps Administrator observes a large number of rogue HTTP requests on an Application Load Balancer (ALB). The requests originate from various IP addresses.

Which action should be taken to block this traffic?

A.

Use Amazon CloudFront to cache the traffic and block access to the web servers

B.

Use Amazon GuardDuty to protect the web servers from bots and scrapers

C.

Use AWS Lambda to analyze the web server logs, detect bot traffic, and block the IP address in the security groups

D.

Use AWS WAF rate-based blacklisting to block this traffic when it exceeds a defined threshold

A SysOps Administrator is troubleshooting Amazon EC2 connectivity issues to the internet. The EC2 instance is in a private subnet. Below is the route table that is applied to the subnet of the EC2 instance.

Destination – 10.2.0.0/16

Target – local

Status – Active

Propagated – No

Destination – 0.0.0.0/0

Target – nat-xxxxxxx

Status – Blackhole

Propagated – No

What has caused the connectivity issue?

A.

The NAT gateway no longer exists

B.

There is no route to the internet gateway.

C.

The routes are no longer propagating.

D.

There is no route rule with a destination for the internet.

A SySOps Administrator has created a new Amazon S3 bucket named mybucket for the Operations team. Members of the team are part of an IAM group to which the following IAM policy has been assigned.

Which of the following actions will be allowed on the bucket? (Select TWO.)

A.

Get the bucket's region.

B.

Delete an object.

C.

Delete the bucket

D.

Download an object

E.

List all the buckets in the account.

A SysOps Administrator working on an Amazon EC2 instance has misconfigured the clock by one hour. The EC2 instance is sending data to Amazon CloudWatch through the CloudWatch agent. The timestamps on the logs are 45 minutes in the future.

What will be the result of this configuration?

A.

Amazon CloudWatch will not capture the data because it is in the future.

B.

Amazon CloudWatch will accept the custom metric data and record it.

C.

The Amazon CloudWatch agent will check the Network Time Protocol (NTP) server before sending the data, and the agent will correct the time.

D.

The Amazon CloudWatch agent will agent check the Network Time Protocol (NTP) server, and the agent will not send the data because it is more than 30 minutes in the future.

An application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. The Information Security team wants to track application requests by the originating IP and the EC2 instance that processes the request.

Which of the following tools or services provides this information?

A.

Amazon CloudWatch

B.

AWS CloudTrail

C.

Elastic Load Balancing access logs

D.

VPC Flow Logs

A Security and Compliance team is reviewing Amazon EC2 workloads for unapproved AMI usage.

Which action should a SysOps Administrator recommend?

A.

Create a custom report using AWS Systems Manager Inventory to identify unapproved AMIs

B.

Run Amazon Inspector on all EC2 instances and flag instances using unapproved AMIs

C.

Use an AWS Config rule to identify unapproved AMIs

D.

Use AWS Trusted Advisor to identify EC2 workloads using unapproved AMIs