Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

A company must ensure that any objects uploaded to an S3 bucket are encrypted. Which of the following actions will meet this requirement? (Select TWO.)

A.

implement AWS Shield to protect against unencrypted objects stored in S3 buckets.

B.

Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket.

C.

Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.

D.

Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.

E.

Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.

A company has a web application that is used across all company divisions. Each application request contains a header that includes the name of the division making the request. The SysOps Administrator wants to identify and count the requests from each division.

Which condition should be added to the web ACL of the AWS WAF to accomplish this?

A.

Cross-site scripting

B.

Geo match

C.

IP match

D.

String match

A SysOps administrator is running an automatically scaled application behind an Application Load Balancer. Scaling out Is triggered when the CPU Utilization instance metric is more than 75% across the Auto Scaling group. The administrator noticed aggressive scaling out. Developers suspect an application memory leak that is causing aggressive garbage collection cycles.

How can the administrator troubleshoot the application without triggering the scaling process?

A.

Create a scale down trigger when the CPUUtilization instance metric is at 70%.

B.

Delete the Auto Scaling group and recreate it when troubleshooting is complete

C.

Remove impacted instances from the Application Load Balancer.

D.

Suspend the scaling process before troubleshooting.

A company is expanding its use of AWS services across its portfolios. The company wants to provision AWS accounts for each team to ensure a separation of business processes for security, compliance, and billing account creation and bootstrapping should be completed in a scalable and efficient way so new accounts are created with a defined baseline and governance guardrails in place. A sysops administrator needs to design a provisioning process that save time and resources.

Which action should be taken to meet these requirements?

A.

Automate using AWS Elastic Beanstalk to provision the AWS Accounts, set up infrastructure, and integrate with AWS Organizations.

B.

Create bootstrapping scripts in AWS OpsWorks and combine them with AWS CloudFormation templates to provision accounts and infrastructure.

C.

Use AWS config to provision accounts and deploy instances using AWS service catalog.

D.

Use AWS Control Tower to create a template in account factory and use the template to provision new accounts.

A SysOps administrator is managing a VPC network consisting of public and private subnets. Instances in the private subnets access the internet through a NAT gateway. A recent AWS bill shows that the NAT gateway charges have doubled. The administrator wants to identify which instances are creating the most network traffic.

How should this be accomplished?

A.

Enable flow logs on the NAT gateway elastic network interface and use Amazon CloudWatch insights to filter data based on the source IP addresses

B.

Run an AWS Cost and Usage report and group the findings by instance ID.

C.

Use the VPC traffic mirroring feature to send traffic to Amazon QuickSight.

D.

Use Amazon CloudWatch metrics generated by the NAT gateway for each individual instance.

A recent AWS CloudFormation stack update has failed and returned the error update_rollback_failed. A Sysops administrator is tasked with returning the CloudFormation stack to its previous working state.

What must be done to accomplish this?

A.

Fix the error that caused the attack to fail, then select the continue update Rollback action in the console.

B.

Select the update stack action with a working template in the console.

C.

Update the password of the IAM user, then select the continue update rollback action in the console.

D.

Use the AWS CLI to manually change the stack status to update_complete, then continue updating the stack with a working template.

A SysOps Administrator is notified that an automated failover of an Amazon RDS database has occurred.

What are possible causes for this? (Choose two.)

A.

A read contention on the database.

B.

A storage failure on the primary database.

C.

A write contention on the database.

D.

Database corruption errors.

E.

The database instance type was changed.

A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account’s Amazon S3 bucket.

Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket.

A.

Stream the CloudTrail logs to Amazon CloudWatch to store logs at a secondary location.

B.

Enable log file integrity validation and use digest files to verify the hash value of the log file.

C.

Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.

D.

Enable S3 server access logging to track requests made to the log bucket for security audits.

An organization stores sensitive customer information in S3 buckets protected by bucket policies. Recently, there have been reports that unauthorized entities within the company have been trying to access the data on those S3 buckets. The chief information security officer (CISO) would like to know which buckets are being targeted and determine who is responsible for trying to access that information.

Which steps should a SysOps administrator take to meet the CISO's requirement? (Select TWO.)

A.

Enable Amazon S3 Analytics on all affected S3 buckets to obtain a report of which buckets are being accessed without authorization.

B.

Enable Amazon S3 Server Access Logging on all affected S3 buckets and have the logs stored in a bucket dedicated for logs.

C.

Use Amazon Athena to query S3 Analytics reports for HTTP 403 errors, and determine the 1AM user or role making the requests.

D.

Use Amazon Athena to query the S3 Server Access Logs for HTTP 403 errors, and determine the 1AM user or role making the requests.

E.

Use Amazon Athena to query the S3 Server Access Logs for HTTP 503 errors, and determine the 1AM user or role making the requests.

A financial service company is running distributed computing software to manage a fleet of 20 servers for their calculations. There are 2 control nodes and 18 worker nodes to run the calculations. Worker nodes can be automatically started by the control nodes when required. Currently, all nodes are running on demand, and the worker nodes are uses for approximately 4 hours each day.

Which combination of actions will be most cost-effective? (Select Two)

A.

Use dedicated Hosts for the control nodes.

B.

Use reserved instances for the control nodes.

C.

Use reserved instances for the worker nodes.

D.

Use spot instances for the control nodes and On-demand instances if there is no Spot availability.

E.

Use spot instances for the worker nodes and On-demand instances if there is no spot availability.