Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

A company manages multiple AWS accounts and wants to provide access to AWS from a single management account using an existing on-premises Microsoft Active Directory domain. Which solution will meet these requirements with the LEAST amount of effort?

A.

Create an Active Directory connector using AWS Directory Service. Create 1AM users in the target accounts with the appropriate trust policy.

B.

Create an Active Directory connector using AWS Directory Service. Associate the directory with AWS Single Sign-On (AWS SSO). Configure user access to target accounts through AWS SSO.

C.

Create an Amazon Cognito federated identity pool. Associate the pool identity with the on-premises directory. Configure the 1AM roles with the appropriate trust policy,

D.

Create an identity provider in AWS 1AM associated with the on-premises directory. Create 1AM roles in the target accounts with the appropriate trust policy.

A company recently implemented an Amazon S3 lifecycle rule that accidentally deleted objects from one of its S3 buckets. The bucket has S3 versioning enabled.

Which actions will restore the objects? (Choose two.)

A.

Use the AWS Management Console to delete the object delete markers.

B.

Create a new lifecycle rule to delete the object delete markers that were created.

C.

Use the AWS CLI to delete the object delete markers while specifying the version IDs of the delete markers.

D.

Modify the existing lifecycle rule to delete the object delete markers that were created.

E.

Use the AWS CLI to delete the object delete markers while specifying the name of the objects only.

A SysOps Administrator must ensure all Amazon EBS volumes currently in use, and those created in the future, are encrypted with a specific AWS KMS customer master key (CMK).

What is the MOST efficient way for the Administrator to meet this requirement?

A.

Create an AWS Lambda function to run on a daily schedule, and have the function run the aws ec2 describe-volumes --filters encrypted command.

B.

Within Aws Config, configure the encrypted-volumes managed rule and specify the key ID of the CMK.

C.

Log in to the AWS Management Console on a daily schedule, then filter the list of volumes by encryption status, then export this list.

D.

Create an AWS Lambda function to run on a daily schedule, and have the function run the aws kms describe key command.

A SysOps administrator must deploy a company's infrastructure as code (laC) The administrator needs to write a single template that can be reused for multiple environments in a safe, repeatable manner

How should the administrator meet this requirement by using AWS Cloud Formation?

A.

Use duplicate resource definitions for each environment selected based on conditions

B.

Use nested stacks to provision the resources

C.

Use parameter references and mappings for resource attributes

D.

Use AWS Cloud Formation StackSets to provision the resources

A company has a web application that runs both on-premises and on Amazon EC2 instances. Over time both the on-premises servers and EC2 instances begin crashing A sysops administrator suspects a memory leak in the application and wants a unified method to monitor memory utilization over time.

How can the Administrator track both the EC2 memory utilization and on-premises server memory utilization over time?

A.

Write a script or use a third-party application to report memory utilization for both EC2 instances and on-premises servers

B.

Use Amazon CloudWatch agent for both Amazon EC2 instances and on-premises servers to report MemoryUtilization metrics to CloudWatch and set a CloudWatch alarm for notifications

C.

Use CloudWatch agent for Amazon EC2 instances to report memory utilization to CloudWatch and set CloudWatch alarms for notifications. Use a third-party application for the on-premises servers

D.

Configure a load balancer to route traffic to both on-premises servers and EC2 instances then use CloudWatch as the unified view of the metrics for the load balancer

A SysOps Administrator is trying to set up an Amazon Route 53 domain namo to route traffic to a website hosted on Amazon S3 The domain name of the website is www anycompany com and the S3 bucket name is anycompany-static After the record set is set up in Route 53, the domain name www anycompany com does not seem to work, and the static website is not displayed in the browser

Which of the following is a cause of this?

A.

The S3 bucket must be configured with Amazon CloudFront first.

B.

The Route 53 record set must have an IAM role that allows access to the S3 bucket

C.

The Route 53 record set must be in the same region as the S3 bucket

D.

The S3 bucket name must match the record sot name in Route 53.

A SysOps Administrator has configured health checks on a load balancer. An Amazon EC2 instance attached to this load balancer fails the health check.

What will happen next? (Choose two.)

A.

The load balancer will continue to perform the health check on the EC2 instance.

B.

The EC2 instance will be terminated based on the health check failure.

C.

The EC2 instance will be rebooted.

D.

The load balancer will stop sending traffic to the EC2 instance.

E.

A new EC2 instance will be deployed to replace the unhealthy instance.

A sysops administrator manages an AWS CloudFormation templates that provisions Amazon EC2 instances, an Elastic Load Balancer, and Amazon RDS instances. As part of an ongoing transformation project CloudFormation stacks are being created and deleted continuously. The administrator needs to ensure that the RDS instances continue running after a stack has been deleted.

Which action should be taken to meet these requirements?

A.

Edit the template to remove the RDS resources and update the stack.

B.

Enable termination protection on the stack.

C.

Set the deletionPolicy attributes for RDS resources to retain in the template.

D.

Set the deletion-protection parameter on RDS resources.

A sysops administrator created an AWS Lambda function within a VPC with no access to the internet. The Lambda function pulls messages from an Amazon SOS queue and stores them in an Amazon RDS instance in the same VPC. After executing the Lambda function, the data is not showing up on the RDS instance.

Which of the following are possible causes for this? (Select TWO.)

A.

A VPC endpoint has not been created for Amazon RDS.

B.

A VPC endpoint has not been created for Amazon SQS.

C.

The RDS security group is not allowing connections from the Lambda function.

D.

The subnet associated with the Lambda function does not have an internet gateway attached

E.

The subnet associated with the Lambda function has a NAT gateway

A SysOps Administrator has implemented a VPC network design with the following requirements

• Two Availability Zones (AZs) - Two private subnets

• Two public subnets

• One internet gateway

• One NAT gateway

What would potentially cause applications in the VPC to fail during an AZ outage?

A.

A single virtual private gateway, because it can be associated with a single AZ only.

B.

A single internet gateway, because it is not redundant across both AZs.

C.

A single NAT gateway, because it is not redundant across both AZs

D.

The default VPC route table, because it can be associated with a single AZ only