A SysOps administrator receives notification that an application that is running on Amazon
EC2 instances has failed to authenticate to an Amazon RDS database To troubleshoot, the
SysOps administrator needs to investigate AWS Secrets Manager password rotation
Which Amazon CloudWatch log will provide insight into the password rotation?

A.

AWS CloudTrail logs

B.

EC2 instance application logs

C.

AWS Lambda function logs

D.

RDS database logs

A company stores files on 50 Amazon S3 buckets in the same AWS Region. The company
wants to connect to the S3 buckets securely over a private connection from its Amazon
EC2 instances. The company needs a solution that produces no additional cost.
Which solution will meet these requirements?

A.

Create a gateway VPC endpoint for each S3 bucket. Attach the gateway VPC endpoints
to each subnet inside the VPC.

B.

Create an interface VPC endpoint for each S3 bucket. Attach the interface VPC
endpoints to each subnet inside the VPC.

C.

Create one gateway VPC endpoint for all the S3 buckets. Add the gateway VPC
endpoint to the VPC route table.

D.

Create one interface VPC endpoint for all the S3 buckets. Add the interface VPC endpoint to the VPC route table.

A company is storing media content in an Amazon S3 bucket and uses Amazon
CloudFront to distribute the content to its users. Due to licensing terms, the company is not
authorized to distribute the content in some countries. A SysOps administrator must restrict
access to certain countries.
What is the MOST operationally efficient solution that meets these requirements?

A.

Configure the S3 bucket policy to deny the GetObject operation based on the
S3:LocationConstraint condition.

B.

Create a secondary origin access identity (OAI). Configure the S3 bucket policy to
prevent access from unauthorized countries.

C.

Enable the geo restriction feature in the CloudFront distribution to prevent access from unauthorized countries.

D.

Update the application to generate signed CloudFront URLs only for IP addresses in
authorized countries

A SysOps administrator must create a solution that immediately notifies software
developers if an AWS Lambda function experiences an error.
Which solution will meet this requirement?

A.

Create an Amazon Simple Notification Service (Amazon SNS) topic with an email
subscription for each developer. Create an Amazon CloudWatch alarm by using the Errors
metric and the Lambda function name as a dimension. Configure the alarm to send a
notification to the SNS topic when the alarm state reaches ALARM.

B.

Create an Amazon Simple Notification Service (Amazon SNS) topic with a mobile
subscription for each developer. Create an Amazon EventBridge (Amazon CloudWatch
Events) alarm by using LambdaError as the event pattern and the SNS topic name as a
resource. Configure the alarm to send a notification to the SNS topic when the alarm state
reaches ALARM.

C.

Verify each developer email address in Amazon Simple Email Service (Amazon SES).
Create an Amazon CloudWatch rule by using the LambdaError metric and developer email
addresses as dimensions. Configure the rule to send an email through Amazon SES when
the rule state reaches ALARM.

D.

Verify each developer mobile phone in Amazon Simple Email Service {Amazon SES).
Create an Amazon EventBridge (Amazon CloudWatch Events) rule by using Errors as the
event pattern and the Lambda function name as a resource. Configure the rule to send a
push notification through Amazon SES when the rule state reaches ALARM.

A company is running an application on premises and wants to use AWS for data backup
All of the data must be available locally The backup application can write only to blockbased
storage that is compatible with the Portable Operating System Interface (POSIX)
Which backup solution will meet these requirements?

A.

Configure the backup software to use Amazon S3 as the target for the data backups

B.

Configure the backup software to use Amazon S3 Glacier as the target for the data backups

C.

Use AWS Storage Gateway, and configure it to use gateway-cached volumes

D.

Use AWS Storage Gateway, and configure it to use gateway-stored volumes

A SysOps administrator is trying to set up an Amazon Route 53 domain name to route
traffic to a website hosted on Amazon S3. The domain name of the website is
www.anycompany.com and the S3 bucket name is anycompany-static. After the record set
is set up in Route 53, the domain name www.anycompany.com does not seem to work,
and the static website is not displayed in the browser.
Which of the following is a cause of this?

A.

The S3 bucket must be configured with Amazon CloudFront first.

B.

The Route 53 record set must have an IAM role that allows access to the S3 bucket.

C.

The Route 53 record set must be in the same region as the S3 bucket.

D.

The S3 bucket name must match the record set name in Route 53.

A SysOps administrator is attempting to download patches from the internet into an instance in a private subnet. An internet gateway exists for the VPC, and a NAT gateway has been deployed on the public subnet; however, the instance has no internet connectivity. The resources deployed into the private subnet must be inaccessible directly from the public internet.

What should be added to the private subnet's route table in order to address this issue,
given the information provided?

A.

0.0.0.0/0 IGW

B.

0.0.0.0/0 NAT

C.

10.0.1.0/24 IGW

D.

10.0.1.0/24 NAT

A company has a critical serverless application that uses multiple AWS Lambda functions.
Each Lambda function generates 1 GB of log data daily in its own Amazon CloudWatch
Logs log group. The company's security team asks for a count of application errors,
grouped by type, across all of the log groups.
What should a SysOps administrator do to meet this requirement?

A.

Perform a CloudWatch Logs Insights query that uses the stats command and count function.

B.

Perform a CloudWatch Logs search that uses the groupby keyword and count function.

C.

Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords.

D.

Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.

A company hosts its website in the us-east-1 Region. The company is preparing to deploy
its website into the eu-central-1 Region. Website visitors who are located in Europe should
access the website that is hosted in eu-central-1. All other visitors access the website that
is hosted in us-east-1. The company uses Amazon Route 53 to manage the website's DNS
records.
Which routing policy should a SysOps administrator apply to the Route 53 record set to
meet these requirements?

A.

Geolocation routing policy

B.

Geoproximity routing policy

C.

Latency routing policy

D.

Multivalue answer routing policy

A SysOps administrator is creating two AWS CloudFormation templates. The first template
will create a VPC with associated resources, such as subnets, route tables, and an internet
gateway. The second template will deploy application resources within the VPC that was
created by the first template. The second template should refer to the resources created by
the first template.
How can this be accomplished with the LEAST amount of administrative effort?

A.

Add an export field to the outputs of the first template and import the values in the second template.

B.

Create a custom resource that queries the stack created by the first template and retrieves the required values.

C.

Create a mapping in the first template that is referenced by the second template.

D.

Input the names of resources in the first template and refer to those names in the second template as a parameter

A SysOps administrator has used AWS Cloud Formation to deploy a sereness application
into a production VPC. The application consists of an AWS Lambda function, an Amazon
DynamoOB table, and an Amazon API Gateway API. The SysOps administrator must
delete the AWS Cloud Formation stack without deleting the DynamoOB table.
Which action should the SysOps administrator take before deleting the AWS Cloud
Formation stack?

A.

Add a Retain deletion policy to the DynamoOB resource in the AWS CloudFormation stack.

B.

Add a Snapshot deletion policy to the DynamoOB resource In the AWS CloudFormation
stack.

C.

Enable termination protection on the AWS Cloud Formation stack.

D.

Update the application's IAM policy with a Deny statement for the
dynamodb:DeleteTabie action.

A company uses an Amazon Elastic File System (Amazon EFS) file system to share files
across many Linux Amazon EC2 instances. A SysOps administrator notices that the file
system's PercentIOLimit metric is consistently at 100% for 15 minutes or longer. The
SysOps administrator also notices that the application that reads and writes to that file
system is performing poorly. They application requires high throughput and IOPS while
accessing the file system.
What should the SysOps administrator do to remediate the consistently high
PercentIOLimit metric?

A.

Create a new EFS file system that uses Max I/O performance mode. Use AWS
DataSync to migrate data to the new EFS file system.

B.

Create an EFS lifecycle policy to transition future files to the Infrequent Access (IA)
storage class to improve performance. Use AWS DataSync to migrate existing data to IA
storage.

C.

Modify the existing EFS file system and activate Max I/O performance mode.

D.

Modify the existing EFS file system and activate Provisioned Throughput mode.