Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

An application is currently deployed on several Amazon EC2 instances that reside within a VPC. Due to compliance requirements the EC2 instances cannot have access to the public internet. SysOps Administrator require SSH access to EC2 instances from their corporate office to perform maintenance and other administrative tasks.

Which combination of actions should be taken to permit SSH access to the EC2 instances while meeting the compliance requirement? (Select TWO)

A.

Attach a NAT gateway to the VPC and configure routing

B.

Attach a virtual private gateway to the VPC and configure routing

C.

Attach an internet gateway to the VPC and configure routing

D.

Configure a VPN connection back to the corporate office.

E.

Configure an Application Load Balancer in front of the EC2 instances

A SysOps administrator is configuring an application on AWS to be used over the internet by departments in other countries For remote locations, the company requires a static public IP address to be explicitly allowed as a target for outgoing internet traffic

How should the SysOps administrator deploy the application to meet this requirement?

A.

Deploy the application on an Amazon Elastic Container Service (Amazon ECS) cluster Configure an AWS App Mesh service mesh.

B.

Deploy the application as AWS Lambda functions behind an Application Load Balancer

C.

Deploy the application on Amazon EC2 instances behind an internet-facing Network Load Balancer

D.

Deploy the application on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster behind an Amazon API Gateway

A company has centralized all its logs into one Amazon CloudWatch Logs log group. The SysOps Administrator is to alert different teams of any issues relevant to them.

What is the MOST efficient approach to accomplish this?

A.

Write a AWS lambda function that will query the logs every minute and contain the logic of which team to notify on which patterns and issues.

B.

Set up different metric filters for each team based on patterns and alerts. Each alarm will notify the appropriate notification list.

C.

Redesign the aggregation of logs so that each team’s relevant parts are sent to a separate log group, then subscribe each team to its respective log group.

D.

Create an AWS Auto Scaling group of Amazon EC2 instances that will scale based on the amount of ingested log entries. This group will pull streams, look for patterns, and send notifications to relevant teams.

Based on the AWS Shared Responsibility Model, which of the following actions are the responsibility of the customer for an Aurora database?

A.

Performing underlying OS updates

B.

Provisioning of storage for database

C.

Scheduling maintenance, patches, and other updates

D.

Executing maintenance, patches, and other updates

A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company’s AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.

What should be done to accomplish this?

A.

Back up the current KMS key and enable automatic key rotation.

B.

Create a new key in AWS KMS and assign the key to Amazon EBS.

C.

Enable automatic key rotation of the EBS volume key in AWS KMS.

D.

Upload ne key material to the EBS volume key in AWS KMS to enable automatic key rotation for the volume.

A company wants to icrease the availability and vulnerability of a critical business application. The appliation currently ueses a MySQL database running on an Amazon EC2 instance. The company wants to minimize application changes.

How should the company these requirements?

A.

Shut down the EC2 instance. Enable multi-AZ replication within the EC2 instance, then restart the instance.

B.

Launch a secondary EC2 instance running MySQL Configure a cron job that backs up the database on the primary EC2 instance and copies it to the secondary instance every 30 minutes.

C.

Migrate the database to an RDS Aurora DB instance and create a Read Replication in another Availability Zone.

D.

Create an Amazon RDS Microsoft SQL DB instance and enable multi-Az replication. Back up the existing data and import in to the new database.

A company uses AWS CloudFotmatlon to provision ils VPC. Amazon EC2 instances, and Amazon RDS DB instance The DB instance was deleted manually. When the stack was updated, it (ailed. During rollback, the stack returned the UPDATE_ROLLBACK_FAILEO state. A SysOps administrator must return the AWS Cloud Formation stack to a working state without interrupting existing resources.

Which solution will meet this requirement?

A.

Continue the update rollback while skipping the resources that have been manually deleted.

B.

Run the signal-resource command with the 08 instance name to proceed with the stack rollback.

C.

Recreate the DB Instance using the same resource name, and update the stack.

D.

Remove Amazon RDS from the template, and update the stack.

A company runs a web application that users access using the domain name www example com The company manages the domain name using Amazon Route 53 The company created an Amazon CloudFront distribution in front of the application and would like www example com to access the application through CloudFront

What is the MOST cost-effective way to achieve this?

A.

Create a CNAME record in Amazon Route 53 that points to the CloudFront distribution URL

B.

Create an ALIAS record in Amazon Route 53 that points to the CloudFront distribution URL

C.

Creole an A record in Amazon Route 53 that points to the public IP address of the web application

D.

Create a PTR record in Amazon Route 53 that points to the public IP address of the web application

A security officer has requested Ifial internet access be removed from subnets in a VPC. The subnets currently route internet-bound traffic to a NAT gateway. A SysOps administrator needs to remove this access while allowing access to Amazon S3.

Which solution will meet these requirements?

A.

Set up an internet gateway. Update the route table on the subnets to use the internet gateway to route traffic to Amazon S3

B.

Set up an S3 VPC gateway endpoint. Update the route table on the subnets to use the gateway endpoint to route traffic to Amazon S3.

C.

Set up additional NAT gateways in each Availability Zone. Update the route table on the subnets to use the NAT gateways to route traffic to Amazon S3.

D.

Set up an egress-only internet gateway. Update the route table on the subnets to use the egress-only internet gateway to route traffic to Amazon S3.

A new Amazon Redshift Spectrum Cluster has been launched for a team of Business Analysis. When the team attempts to use the cluster to query the data in Amazon S3, they receive the following error:

What is one cause of this?

A.

The cluster has Enhanced VPC Routing enabled and it must be turned off

B.

The cluster is only a single node and needs to be expanded to multi-node.

C.

The cluster login credentials are incorrect request new credentials from the Administrator

D.

The cluster nodes are running in multiple Availability Zones, and all need to be placed in a single Availability Zone.