A company is running a serverless application on AWS Lambda The application stores
data in an Amazon RDS for MySQL DB instance Usage has steadily increased and
recently there have been numerous "too many connections" errors when the Lambda
function attempts to connect to the database The company already has configured the
database to use the maximum max_connections value that is possible
What should a SysOps administrator do to resolve these errors'?

A.

Create a read replica of the database Use Amazon Route 53 to create a weighted DNS record that contains both databases

B.

Use Amazon RDS Proxy to create a proxy Update the connection string in the Lambda function

C.

Increase the value in the max_connect_errors parameter in the parameter group that the database uses

D.

Update the Lambda function's reserved concurrency to a higher value

A company is running a flash sale on its website. The website is hosted on burstable
performance Amazon EC2 instances in an Auto Scaling group. The Auto Scaling group is
configured to launch instances when the CPU utilization is above 70%.
A couple of hours into the sale, users report slow load times and error messages for
refused connections. A SysOps administrator reviews Amazon CloudWatch metrics and
notices that the CPU utilization is at 20% across the entire fleet of instances.

The SysOps administrator must restore the website's functionality without making changes
to the network infrastructure.
Which solution will meet these requirements?

A.

Activate unlimited mode for the instances in the Auto Scaling group.

B.

Implement an Amazon CloudFront distribution to offload the traffic from the Auto Scaling
group.

C.

Move the website to a different AWS Region that is closer to the users.

D.

Reduce the desired size of the Auto Scaling group to artificially increase CPU average
utilization.

An organization with a large IT department has decided to migrate to AWS With different
job functions in the IT department it is not desirable to give all users access to all AWS
resources Currently the organization handles access via LDAP group membership
What is the BEST method to allow access using current LDAP credentials?

A.

Create an AWS Directory Service Simple AD Replicate the on-premises LDAP directory to Simple AD

B.

Create a Lambda function to read LDAP groups and automate the creation of IAM users

C.

Use AWS CloudFormation to create IAM roles Deploy Direct Connect to allow access to the on-premises LDAP server

D.

Federate the LDAP directory with IAM using SAML Create different IAM roles to correspond to different LDAP groups to limit permissions

A SysOps administrator notices a scale-up event for an Amazon EC2 Auto Scaling group
Amazon CloudWatch shows a spike in the RequestCount metric for the associated
Application Load Balancer The administrator would like to know the IP addresses for the
source of the requests
Where can the administrator find this information?

A.

Auto Scaling logs

B.

AWS CloudTrail logs

C.

EC2 instance logs

D.

Elastic Load Balancer access logs

A new application runs on Amazon EC2 instances and accesses data in an Amazon RDS
database instance. When fully deployed in production, the application fails. The database
can be queried from a console on a bastion host. When looking at the web server logs, the
following error is repeated multiple times:
"** Error Establishing a Database Connection
Which of the following may be causes of the connectivity problems? {Select TWO.)

A.

The security group for the database does not have the appropriate egress rule from the database to the web server.

B.

The certificate used by the web server is not trusted by the RDS instance.

C.

The security group for the database does not have the appropriate ingress rule from the
web server to the database.

D.

The port used by the application developer does not match the port specified in the RDS configuration.

E.

The database is still being created and is not available for connectivity.

A company has multiple Amazon EC2 instances that run a resource-intensive application in
a development environment. A SysOps administrator is implementing a solution to stop
these EC2 instances when they are not in use.
Which solution will meet this requirement?

A.

Assess AWS CloudTrail logs to verify that there is no EC2 API activity. Invoke an AWS Lambda function to stop the EC2 instances.

B.

Create an Amazon CloudWatch alarm to stop the EC2 instances when the average CPU utilization is lower than 5% for a 30-minute period.

C.

Create an Amazon CloudWatch metric to stop the EC2 instances when the
VolumeReadBytes metric is lower than 500 for a 30-minute period.

D.

Use AWS Config to invoke an AWS Lambda function to stop the EC2 instances based on resource configuration changes.

A company has a stateless application that runs on four Amazon EC2 instances. The application requires tour instances at all times to support all traffic. A SysOps administrator must design a highly available, fault-tolerant architecture that continually supports all traffic if one Availability Zone becomes unavailable.
Which configuration meets these requirements?

A.

Deploy two Auto Scaling groups in two Availability Zones with a minimum capacity of two instances in each group.

B.

Deploy an Auto Scaling group across two Availability Zones with a minimum capacity of four instances.

C.

Deploy an Auto Scaling group across three Availability Zones with a minimum capacity

D.

Deploy an Auto Scaling group across three Availability Zones with a minimum capacity of six instances.

An errant process is known to use an entire processor and run at 100% A SysOps
administrator wants to automate restarting the instance once the problem occurs for more than 2 minutes How can this be accomplished?

A.

Create an Amazon CloudWatch alarm for the Amazon EC2 instance with basic monitoring Enable an action to restart the instance

B.

Create a CloudWatch alarm for the EC2 instance with detailed monitoring Enable an action to restart the instance

C.

Create an AWS Lambda function to restart the EC2 instance triggered on a scheduled basis every 2 minutes

D.

Create a Lambda function to restart the EC2 instance, triggered by EC2 health checks

A large company is using AWS Organizations to manage hundreds of AWS accounts across multiple AWS Regions. The company has turned on AWS Config throughout the organization.
The company requires all Amazon S3 buckets to block public read access. A SysOps administrator must generate a monthly report that shows all the S3 buckets and whether
they comply with this requirement.
Which combination of steps should the SysOps administrator take to collect this data?
{Select TWO).

A.

Create an AWS Config aggregator in an aggregator account. Use the organization as the source. Retrieve the compliance data from the aggregator

B.

Create an AWS Config aggregator in each account. Use an S3 bucket in an aggregator account as the destination. Retrieve the compliance data from the S3 bucket

C.

Edit the AWS Config policy in AWS Organizations. Use the organization's management account to turn on the s3-bucket-public-read-prohibited rule for the entire organization.

D.

Use the AWS Config compliance report from the organization's management account. Filter the results by resource, and select Amazon S3.

E.

Use the AWS Config API to apply the s3-bucket-public-read-prohibited rule in all accounts for all available Regions.

A company has a stateful web application that is hosted on Amazon EC2 instances in an
Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has
a single target group. The ALB is configured as the origin in an Amazon CloudFront
distribution. Users are reporting random logouts from the web application.
Which combination of actions should a SysOps administrator take to resolve this problem?
(Select TWO.)

A.

Change to the least outstanding requests algorithm on the ALB target group.

B.

Configure cookie forwarding in the CloudFront distribution cache behavior.

C.

Configure header forwarding in the CloudFront distribution cache behavior.

D.

Enable group-level stickiness on the ALB listener rule.

E.

Enable sticky sessions on the ALB target group.

A company is using Amazon Elastic File System (Amazon EFS) to share a file system
among several Amazon EC2 instances. As usage increases, users report that file retrieval
from the EFS file system is slower than normal.
Which action should a SysOps administrator take to improve the performance of the file
system?

A.

Configure the file system for Provisioned Throughput.

B.

Enable encryption in transit on the file system.

C.

Identify any unused files in the file system, and remove the unused files.

D.

Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file.
What is the MOST operationally efficient solution that meets these requirements?

A.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB
table. The security team can use the values that are stored in DynamoDB to verify the
integrity of the delivered files.

B.

Create an AWS Lambda function that is invoked each time a new file is delivered to the
CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the
file and store the result as a tag in an Amazon S3 object. The security team can use the
information in the tag to verify the integrity of the delivered files.

C.

Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM
policy that grants the security team access to the file integrity logs that are stored in the S3
bucket.

D.

Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.