Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

A SysOps Administrator noticed that the cache hit ratio for an Amazon CloudFront distribution is less than 10%. Which collection of configuration changes will increase the cache hit ratio for the distribution? (Select two.)

A.

Ensure that only required cookies, query strings, and headers are forwarded in the Cache Behavior Settings

B.

Change the Viewer Protocol Policy to use HTTPS only

C.

Configure the distribution to use presigned cookies and URLs to restrict access to the distribution

D.

Enable automatic compression of objects in the Cache Behavior Settings

E.

Increase the CloudFront time to live (TTL) settings in the Cache Behavior Settings.

A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.

Which step will fix this issue?

A.

Add s3:Deleteobject permission to the IAM execution role of the AWS Lambda function in Account A.

B.

Change the bucket policy of the S3 bucket in Account B to allow s3:Deleteobject permission for Account A.

C.

Disable server-side encryption for objects written to the S3 bucket by the Lambda function.

D.

Call the S3:PutObjectAcl API operation from the Lambda function in Account A to specify bucket owner, full control.

An application is running on multiple EC2 instances. As part of an initiative to improve overall infrastructure security, the EC2 instances were moved to a private subnet. However, since moving, the EC2 instances have not been able to automatically update, and a SysOps Administrator has not been able to SSH into them remotely.

Which two actions could the Administrator take to securely resolve these issues? (Choose two.)

A.

Set up a bastion host in a public subnet, and configure security groups and route tables accordingly.

B.

Set up a bastion host in the private subnet, and configure security groups accordingly.

C.

Configure a load balancer in a public subnet, and configure the route tables accordingly.

D.

Set up a NAT gateway in a public subnet, and change the private subnet route tables accordingly.

E.

Set up a NAT gateway in a private subnet, and ensure that the route tables are configured accordingly.

A company has received a notification in its AWS Personal Health Dashboard that one of its Amazon EBS-backed Amazon EC2 instances is on hardware that is scheduled maintenance The instance runs a critical production workload that must be available during normal business hours

Which steps will ensure that the instance maintenance does not produce an outage?

A.

Configure an Amazon Lambda function to automatically start the instance if it is stopped

B.

Create an Amazon Machine Image (AMI) of the instance and use the AMI to launch a new instance once the existing instance is retired

C.

Enable termination protection on the EC2 instance

D.

Stop and start the EC2 instance during a maintenance window outside of normal business hours

A SysOps administrator is creating an AWS CloudFormation template that uses Amazon EC2 auto scaling to launch EC2 instances with windows 2016. The administrator wants to configure the CloudFormation template to ensure that newly launched instances include recent security updates before serving application traffic. This will minimize the time it takes for the instance to start.

Which action will meet these requirements?

A.

Configure the template to retrieve the latest windows Amazon machine image (AMI) from AWS systems manager parameter store.

B.

Configure the template to use AWS system manager patch manager to update instances when they are launched.

C.

Create a CloudFormation nested stack that creates a new Amazon Machine Image (AMI), then use that AMI ID in the auto scaling launch configuration.

D.

Update the template with a user data script that runs windows update using the command line and then calls cfn-signal.

A SysOps administrator created an AWS service catalog portfolio and shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.

Which action will the administrator of the second account be able to perform?

A.

Add a product from the imported portfolio to a local portfolio.

B.

Add new product to the imported portfolio.

C.

Change the launch role for the products contained in the imported portfolio.

D.

Remove Products from the imported portfolio.

A company is running an application on Amazon EC2 instances. The company needs to stop all development instances during non-business hours to reduce costs. The instances must be started again at trie beginning of each business day.

Which solution meets these requirements with the LEAST administrative overhead?

A.

Add the instances to an EC2 Auto Scaling group. Configure the scaling policy to scale in when the instances are at low CPU utilization levels.

B.

Create a cron script on each EC2 instance that shuts down the instance at the end of each day.

C.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule that triggers an Amazon Simple Notification Service (Amazon SNS) topic to let a SysOps administrator know to start or stop the EC2 instances.

D.

Create Amazon EventBridge (Amazon CloudWatch Events) scheduled rules that trigger an AWS Lambda function to start or stop the EC2 instances.

A company with dozens of AWS accounts wants to ensure that governance rules are being applied across all accounts. The CIO has recommended that AWS Config rules be deployed using an AWS Cloud Formation template.

How should this be accomplished?

A.

Create a Cloud Form at ion stack in the master account of AWS Organizations and execute the Cloud Formation template to create AWS Config rules in all accounts.

B.

Create a CloudFormation stack set. then select the Cloud Formation template and use It to configure the AWS accounts.

C.

Use AWS Organizations to execute the CloudFormation template in all accounts.

D.

Write a script that iterates over the company's AWS accounts and executes the Cloud Formation template in each account.