Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

A VPC is connected to a company data center by a VPN. An Amazon EC2 instance with the IP address 172.31.16.139 is within a private subnet of the VPC. A SysOps Administrator issued a ping command to the EC2 instance from an on-premises computer with the IP address 203.0.113.12 and did not receive an acknowledgment. VPC Flow Logs were enabled and showed the following:

What action will resolve the issue?

A.

Modify the EC2 security group rules to allow inbound traffic from the on-premises computer

B.

Modify the EC2 security group rules to allow outbound traffic to the on-premises computer

C.

Modify the VPC network ACL rules to allow inbound traffic from the on-premises computer

D.

Modify the VPC network ACL rules to allow outbound traffic to the on-premises computer

A company wants to identify specific Amazon EC2 instances that ate underutilized and the estimated cost savings for each instance How can this be done with MINIMAL effort?

A.

Use AWS Budgets to report on low utilization of EC2 instances.

B.

Run an AWS Systems Manager script to check for low memory utilization of EC2 instances.

C.

Run Cost Explorer to look for low utilization of EC2 instances.

D.

Use Amazon CloudWatch metrics to identify EC2 instances with low utilization.

A SysOps Administrator deployed an AWS elastic Beanstalk worker node environment that reads messages from an auto-generated Amazon simple Queue service (Amazon SQS) queue and deletes them from the queue after processing. Amazon EC2 auto scaling scales in and scales out number of worker nodes based on CPU utilization. After some time, the administrator notices that the number of messages in the SQS queue are increasing significantly.

Which action will remediate the issue?

A.

change the scaling policy to scale based upon the number messages in the queue.

B.

decouple the queue from the elastic Beanstalk worker and create it as a separate resource.

C.

increase the number of messages in the queue.

D.

Increase the retention period of the queue.

A SysOps Administrator must take a team’s single existing AWS CloudFormation template and split it into

smaller, service-specific templates. All of the services in the template reference a single, shared Amazon S3 bucket.

What should the Administrator do to ensure that this S3 bucket can be referenced by all the service

templates?

A.

Include the S3 bucket as a mapping in each template.

B.

Add the S3 bucket as a resource in each template.

C.

Create the S3 bucket in its own template and export it.

D.

Generate the S3 bucket using StackSets.

D18912E1457D5D1DDCBD40AB3BF70D5D

A company hosts a multi-tier ecommerce web application on AWS, and has recently been alerted to suspicious application traffic The architecture consists of Amazon EC2 instances deployed across multiple Availability Zones behind an Application Load Balancer (ALB) After examining the server logs, a sysops administrator determines that the suspicious traffic is an attempted SQL injection attack.

What should the sysops administrator do to prevent similar attacks?

A.

Install Amazon Inspector on the EC2 instances and configure a rules package Use the findings reports to identify and block SQL injection attacks.

B.

Modify the security group of the ALB Use the IP addresses from the logs to block the IP addresses where SQL injection originated.

C.

Create an AWS WAF web ACL in front of the ALB. Add an SQL injection rule to the web ACL Associate the web ACL to the ALB

D.

Enable Amazon GuardDuty in the AWS Region Use Amazon CloudWatch Events to trigger an AWS Lambda function response every time an SQL injection finding is discovered

A company’s Auditor implemented a compliance requirement that all Amazon S3 buckets must have logging enabled.

How should the SysOps Administrator ensure this compliance requirement is met, while still permitting Developers to create and use new S3 buckets?

A.

Add AWS CloudTrail logging for the S3 buckets.

B.

Implement IAM policies to allow only the Storage team to create S3 buckets.

C.

Add the AWS Config managed rule S3_BUCKET_LOGGING_ENABLED.

D.

Create an AWS Lambda function to delete the S3 buckets if logging is not turned on.

A company's application running on Amazon EC2 Linux recently crashed because it ran out ot available memory. Management wants to be alerted if this ever happens again. Which combination of steps will accomplish this? (Select TWO.)

A.

Create an Amazon CloudWatch dashboard to monitor the memory usage metrics on the Instance over time.

B.

Create an alarm on the dashboard that publishes an Amazon SNS notification to alert the CIO when a threshold is passed.

C.

Create an alarm on the metric that publishes an Amazon SNS notification to alert the CIO when a threshold is passed.

D.

Create an alarm on the AWS Personal Health Dashboard that publishes an Amazon SNS notification to alert the CIO when the system is out of memory.

E.

Configure the Amazon CloudWatch agent to collect and push memory usage metrics on the instance.

A SysOps administrator maintains several Amazon EC2 instances that do not have access to the public internet. To patch operating systems, the instances should not be reachable from the Public internet.

The administrator deploys a NAT instance, updates the security groups, and configures the appropriate routes within the route table. However, the instances are still unable to reach the internet.

What should be done to resolve the issue?

A.

Assign elastic IP addresses to the instances and create a route from the private subnets to the internet gateway.

B.

Delete the NAT instance and replace it with AWS WAF.

C.

Disable source/destination checks on the NAT instance.

D.

Start/Stop the NAT instance so it is launched on a different host.

A SysOps Administrator receives reports of an Auto Scaling group failing to scale when the nodes running Amazon Linux in the cluster are constrained by high memory utilization.

What should the Administrator do to enable scaling to better adapt to the high memory utilization?

A.

Create a custom script that pipes memory utilization to Amazon S3, then, scale with an AWS Lambda-powered event

B.

Install the Amazon CloudWatch memory monitoring scripts, and create a custom metric based on the script’s results

C.

Increase the minimum size of the cluster to meet memory and application load demands

D.

Deploy an Application Load Balancer to more evenly distribute traffic among nodes

In configuring an Amazon Route 53 health check, a SysOps Administrator selects ‘Yes’ to the String Matching option in the Advanced Configuration section. In the Search String box, the Administrator types the following text: /html.

This is to ensure that the entire page is loading during the health check. Within 5 minutes of enabling the

health check, the Administrator receives an alert stating that the check failed. However, when the

Administrator navigates to the page, it loads successfully.

What is the MOST likely cause of this false alarm?

A.

The search string is not HTML-encoded.

B.

The search string must be put in quotes.

C.

The search string must be escaped with a backslash (\) before the forward slash (/).

D.

The search string is not in the first 5120 bytes of the tested page.