A company uses an AWS CloudFormation template to provision an Amazon EC2 instance
and an Amazon RDS DB instance A SysOps administrator must update the template to
ensure that the DB instance is created before the EC2 instance is launched
What should the SysOps administrator do to meet this requirement?

A.

Add a wait condition to the template Update the EC2 instance user data script to send a
signal after the EC2 instance is started

B.

Add the DependsOn attribute to the EC2 instance resource, and provide the logical name of the RDS resource

C.

Change the order of the resources in the template so that the RDS resource is listed before the EC2 instance resource

D.

Create multiple templates Use AWS CloudFormation StackSets to wait for one stack to complete before the second stack is created

A SysOps administrator must create a solution that automatically shuts down any Amazon EC2 instances that have less than 10% average CPU utilization for 60 minutes or more. Which solution will meet this requirement In the MOST operationally efficient manner? 

A.

Implement a cron job on each EC2 instance to run once every 60 minutes and calculate the current CPU utilization. Initiate an instance shutdown If CPU utilization is less than
10%.

B.

Implement an Amazon CloudWatch alarm for each EC2 instance to monitor average CPU utilization. Set the period at 1 hour, and set the threshold at 10%. Configure an EC2
action on the alarm to stop the instance.

C.

Install the unified Amazon CloudWatch agent on each EC2 instance, and enable the
Basic level predefined metric set. Log CPU utilization every 60 minutes, and initiate an
instance shutdown if CPU utilization is less than 10%.

D.

Use AWS Systems Manager Run Command to get CPU utilization from each EC2
instance every 60 minutes. Initiate an instance shutdown if CPU utilization is less than
10%.

A SysOps administrator is deploying a test site running on Amazon EC2 instances. The application requires both incoming and outgoing connectivity to the internet. Which combination of steps are required to provide internet connectivity to the EC2 instances? (Choose two.)

A.

Add a NAT gateway to a public subnet.

B.

Attach a private address to the elastic network interface on the EC2 instance.

C.

Attach an Elastic IP address to the internet gateway.

D.

Add an entry to the route table for the subnet that points to an internet gateway.

E.

Create an internet gateway and attach it to a VPC.

A company uses AWS CloudFormation to deploy its application infrastructure Recently, a
user accidentally changed a property of a database in a CloudFormation template and
performed a stack update that caused an interruption to the application A SysOps
administrator must determine how to modify the deployment process to allow the DevOps
team to continue to deploy the infrastructure, but prevent against accidental modifications
to specific resources.
Which solution will meet these requirements?

A.

Set up an AWS Config rule to alert based on changes to any CloudFormation stack An
AWS Lambda function can then describe the stack to determine if any protected resources
were modified and cancel the operation

B.

Set up an Amazon CloudWatch Events event with a rule to trigger based on any
CloudFormation API call An AWS Lambda function can then describe the stack to
determine if any protected resources were modified and cancel the operation

C.

Launch the CloudFormation templates using a stack policy with an explicit allow for all
resources and an explicit deny of the protected resources with an action of Update

D.

Attach an IAM policy to the DevOps team role that prevents a CloudFormation stack
from updating, with a condition based on the specific Amazon Resource Names (ARNs) of
the protected resources

A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns
about high availability for an on-premises website. The website consists of two servers: a
primary active server and a secondary passive server. Route 53 should route traffic to the
primary server if the associated health check returns 2xx or 3xx HTTP codes. All other
traffic should be directed to the secondary passive server. The failover record type, set ID.
and routing policy have been set appropriately for both primary and secondary servers.
Which next step should be taken to configure Route 53?

A.

Create an A record for each server. Associate the records with the Route 53 HTTP
health check.

B.

Create an A record for each server. Associate the records with the Route 53 TCP health
check.

C.

Create an alias record for each server with evaluate target health set to yes. Associate
the records with the Route 53 HTTP health check.

D.

Create an alias record for each server with evaluate target health set to yes. Associate
the records with the Route 53 TCP health check

A company is migrating its production file server to AWS. All data that is stored on the file server must remain accessible if an Availability Zone becomes unavailable or when system maintenance is performed. Users must be able to interact with the file server through the SMB protocol. Users also must have the ability to manage file permissions by using Windows ACLs. Which solution will net these requirements?

A.

Create a single AWS Storage Gateway file gateway.

B.

Create an Amazon FSx for Windows File Server Multi-AZ file system.

C.

Deploy two AWS Storage Gateway file gateways across two Availability Zones.
Configure an Application Load Balancer in front of the file gateways.

D.

Deploy two Amazon FSx for Windows File Server Single-AZ 2 file systems. Configure Microsoft Distributed File System Replication (DFSR).

A SysOps administrator is using Amazon EC2 instances to host an application. The SysOps administrator needs to grant permissions for the application to access an Amazon DynamoDB table. Which solution will meet this requirement?

A.

Create access keys to access the DynamoDB table. Assign the access keys to the EC2
instance profile.

B.

Create an EC2 key pair to access the DynamoDB table. Assign the key pair to the EC2 instance profile.

C.

Create an IAM user to access the DynamoDB table. Assign the IAM user to the EC2 instance profile.

D.

Create an IAM role to access the DynamoDB table. Assign the IAM role to the EC2 instance profile.

A SysOps administrator is troubleshooting connection timeouts to an Amazon EC2
instance that has a public IP address. The instance has a private IP address of
172.31.16.139. When the SysOps administrator tries to ping the instance's public IP
address from the remote IP address 203.0.113.12, the response is "request timed out." The
flow logs contain the following information:
What is one cause of the problem?

A.

Inbound security group deny rule

B.

Outbound security group deny rule

C.

Network ACL inbound rules

D.

Network ACL outbound rules

A company's public website is hosted in an Amazon S3 bucket in the us-east-1 Region
behind an Amazon CloudFront distribution. The company wants to ensure that the website
is protected from DDoS attacks. A SysOps administrator needs to deploy a solution that
gives the company the ability to maintain control over the rate limit at which DDoS
protections are applied.
Which solution will meet these requirements?

A.

Deploy a global-scoped AWS WAF web ACL with an allow default action. Configure an
AWS WAF rate-based rule to block matching traffic. Associate the web ACL with the
CloudFront distribution.

B.

Deploy an AWS WAF web ACL with an allow default action in us-east-1. Configure an
AWS WAF rate-based rule to block matching traffic. Associate the web ACL with the S3
bucket.

C.

Deploy a global-scoped AWS WAF web ACL with a block default action. Configure an AWS WAF rate-based rule to allow matching traffic. Associate the web ACL with the CloudFront distribution.

D.

Deploy an AWS WAF web ACL with a block default action in us-east-1. Configure an AWS WAF rate-based rule to allow matching traffic. Associate the web ACL with the S3 bucket.

A company has a web application with a database tier that consists of an Amazon EC2 instance that runs MySQL. A SysOps administrator needs to minimize potential data loss and the time that is required to recover in the event of a database failure. What is the MOST operationally efficient solution that meets these requirements?

A.

Create an Amazon CloudWatch alarm for the StatusCheckFailed_System metric to invoke an AWS Lambda function that stops and starts the EC2 instance.

B.

Create an Amazon RDS for MySQL Multi-AZ DB instance. Use a MySQL native backup
that is stored in Amazon S3 to restore the data to the new database. Update the
connection string in the web application.

C.

Create an Amazon RDS for MySQL Single-AZ DB instance with a read replica. Use a
MySQL native backup that is stored in Amazon S3 to restore the data to the new database.
Update the connection string in the web application.

D.

Use Amazon Data Lifecycle Manager (Amazon DLM) to take a snapshot of the Amazon
Elastic Block Store (Amazon EBS) volume every hour. In the event of an EC2 instance
failure, restore the EBS volume from a snapshot.

An Amazon S3 Inventory report reveals that more than 1 million objects in an S3 bucket
are not encrypted These objects must be encrypted, and all future objects must be
encrypted at the time they are written
Which combination of actions should a SysOps administrator take to meet these
requirements? (Select TWO )

A.

Create an AWS Config rule that runs evaluations against configuration changes to the S3 bucket When an unencrypted object is found run an AWS Systems Manager Automation document to encrypt the object in place

B.

Edit the properties of the S3 bucket to enable default server-side encryption

C.

Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted Create an S3 Batch Operations job to copy each object in place with en

D.

Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted
Send each object name as a message to an Amazon Simple Queue Service (Amazon
SQS) queue Use the SQS queue to invoke an AWS Lambda function to tag each object
with a key of "Encryption" and a value of "SSE-KMS"

E.

Use S3 Event Notifications to invoke an AWS Lambda function on all new object-created
events for the S3 bucket Configure the Lambda function to check whether the object is
encrypted and to run an AWS Systems Manager Automation document to encrypt the
object in place when an unencrypted object is found

A company has deployed a web application in a VPC that has subnets in three Availability
Zones. The company launches three Amazon EC2 instances from an
EC2 Auto Scaling group behind an Application Load Balancer (ALB).
A SysOps administrator notices that two of the EC2 instances are in the same Availability
Zone, rather than being distributed evenly across all three Availability
Zones. There are no errors in the Auto Scaling group's activity history.
What is the MOST likely reason for the unexpected placement of EC2 instances?

A.

One Availability Zone did not have sufficient capacity for the requested EC2 instance type.

B.

The ALB was configured for only two Availability Zones.

C.

he Auto Scaling group was configured for only two Availability Zones.

D.

Amazon EC2 Auto Scaling randomly placed the instances in Availability Zones