A company must ensure that any objects uploaded to an S3 bucket are encrypted.
Which of the following actions will meet this requirement? (Choose two.)

A.

Implement AWS Shield to protect against unencrypted objects stored in S3 buckets.

B.

Implement Object access control list (ACL) to deny unencrypted objects from being
uploaded to the S3 bucket.

C.

Implement Amazon S3 default encryption to make sure that any object being uploaded
is encrypted before it is stored.

D.

Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.

E.

Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets

A company wants to be alerted through email when IAM CreateUser API calls are made within its AWS account. Which combination of actions should a SysOps administrator take to meet this requirement? (Choose two.)

A.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS CloudTrail
as the event source and IAM CreateUser as the specific API call for the event pattern.

B.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule with Amazon
CloudSearch as the event source and IAM CreateUser as the specific API call for the event
pattern.

C.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS IAM
Access Analyzer as the event source and IAM CreateUser as the specific API call for the
event pattern.

D.

Use an Amazon Simple Notification Service (Amazon SNS) topic as an event target with
an email subscription.

E.

Use an Amazon Simple Email Service (Amazon SES) notification as an event target with
an email subscription.

A company runs a web application on three Amazon EC2 instances behind an Application
Load Balancer (ALB). The company notices that random periods of increased traffic cause
a degradation in the application's performance. A SysOps administrator must scale the
application to meet the increased traffic.
Which solution meets these requirements?

A.

Create an Amazon CloudWatch alarm to monitor application latency and increase the size of each EC2 instance if the desired threshold is reached.

B.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule to monitor
application latency and add an EC2 instance to the ALB if the desired threshold is reached.

C.

Deploy the application to an Auto Scaling group of EC2 instances with a target tracking scaling policy. Attach the ALB to the Auto Scaling group.

D.

Deploy the application to an Auto Scaling group of EC2 instances with a scheduled
scaling policy. Attach the ALB to the Auto Scaling group.

A company has an AWS Cloud Formation template that creates an Amazon S3 bucket. A
user authenticates to the corporate AWS account with their Active Directory credentials and
attempts to deploy the Cloud Formation template. However, the stack creation fails.
Which factors could cause this failure? (Select TWO.)

A.

 The user's IAM policy does not allow the cloudformation:CreateStack action.

B.

The user's IAM policy does not allow the cloudformation:CreateStackSet action.

C.

The user's IAM policy does not allow the s3:CreateBucket action.

D.

The user's IAM policy explicitly denies the s3:ListBucket action.

E.

The user's IAM policy explicitly denies the s3:PutObject action

A company is running a website on Amazon EC2 instances behind an Application Load
Balancer (ALB). The company configured an Amazon CloudFront distribution and set the
ALB as the origin. The company created an Amazon Route 53 CNAME record to send all
traffic through the CloudFront distribution. As an unintended side effect, mobile users are
now being served the desktop version of the website.
Which action should a SysOps administrator take to resolve this issue?

A.

Configure the CloudFront distribution behavior to forward the User-Agent header.

B.

Configure the CloudFront distribution origin settings. Add a User-Agent header to the list of origin custom headers.

C.

Enable IPv6 on the ALB. Update the CloudFront distribution origin settings to use the dualstack endpoint.

A SysOps administrator Is troubleshooting an AWS Cloud Formation template whereby multiple Amazon EC2 instances are being created The template is working In us-east-1. but it is failing In us-west-2 with the error code:

A.

Copy the source region's Amazon Machine Image (AMI) to the destination region and
assign it the same ID.

B.

Edit the AWS CloudFormatton template to specify the region code as part of the fully qualified AMI ID.

C.

Edit the AWS CloudFormatton template to offer a drop-down list of all AMIs to the user by using the aws :: EC2:: ami :: imageiD control.

D.

Modify the AWS CloudFormation template by including the AMI IDs in the "Mappings"
section. Refer to the proper mapping within the template for the proper AMI ID.

A company using AWS Organizations requires that no Amazon S3 buckets in its production
accounts should ever be deleted.
What is the SIMPLEST approach the SysOps administrator can take to ensure S3 buckets
in those accounts can never be deleted?

A.

et up MFA Delete on all the S3 buckets to prevent the buckets from being deleted.

B.

Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.

C.

Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.

D.

Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all
S3 buckets.

A SysOps Administrator is managing a web application that runs on Amazon EC2
instances behind an Application Load Balancer (ALB). The instances run in an
EC2 Auto Scaling group. The administrator wants to set an alarm for when all target
instances associated with the ALB are unhealthy.
Which condition should be used with the alarm?

A.

AWS/ApplicationELB HealthyHostCount <= 0

B.

AWS/ApplicationELB UnhealthyHostCount >= 1

C.

AWS/EC2 StatusCheckFailed <= 0

D.

AWS/EC2 StatusCheckFailed >= 1

A SysOps administrator is helping a development team deploy an application to AWS Trie
AWS CloudFormat on temp ate includes an Amazon Linux EC2 Instance an Amazon
Aurora DB cluster and a hard coded database password that must be rotated every 90
days
What is the MOST secure way to manage the database password?

A.

Use the AWS SecretsManager Secret resource with the GenerateSecretString property
to automatically generate a password Use the AWS SecretsManager RotationSchedule
resource lo define a rotation schedule lor the password Configure the application to retrieve
the secret from AWS Secrets Manager access the database

B.

Use me AWS SecretsManager Secret resource with the SecretStrmg property Accept a
password as a CloudFormation parameter Use the AllowedPatteen property of the
CloudFormaton parameter to require e minimum length, uppercase and lowercase letters
and special characters Configure me application to retrieve the secret from AWS Secrets
Manager to access the database

C.

Use the AWS SSM Parameter resource Accept input as a Qoudformatton parameter to
store the parameter as a secure sting Configure the application to retrieve the parameter
from AWS Systems Manager Parameter Store to access the database

D.

Use me AWS SSM Parameter resource Accept input as a Cloudf ormetton parameter to
store the parameter as a string Configure the application to retrieve the parameter from
AWS Systems Manager Parameter Store to access the database

A SysOps administrator applies the following policy to an AWS CloudFormation stack:

What is the result of this policy?

A.

Users that assume an IAM role with a logical ID that begins with "Production" are prevented from running the update-stack command.

B.

Users can update all resources in the stack except for resources that have a logical ID that begins with "Production".

C.

Users can update all resources in the stack except for resources that have an attribute that begins with "Production".

D.

Users in an IAM group with a logical ID that begins with "Production" are prevented from running the update-stack command.

An application team uses an Amazon Aurora MySQL DB cluster with one Aurora Replica.
The application team notices that the application read performance degrades when user
connections exceed 200. The number of user connections is typically consistent around
180. with occasional sudden increases above 200 connections. The application team wants
the application to automatically scale as user demand increases or decreases.
Which solution will meet these requirements?

A.

Migrate to a new Aurora multi-master DB cluster. Modify the application database connection string.

B.

Modify the DB cluster by changing to serverless mode whenever user connections

C.

Create an auto scaling policy with a target metric of 195 DatabaseConnections

D.

Modify the DB cluster by increasing the Aurora Replica instance size.

A SysOps administrator is provisioning an Amazon Elastic File System (Amazon EFS) file
system to provide shared storage across multiple Amazon EC2 instances The instances all
exist in the same VPC across multiple Availability Zones. There are two instances In each
Availability Zone. The SysOps administrator must make the file system accessible to each
instance with the lowest possible latency.
Which solution will meet these requirements?

A.

Create a mount target for the EFS file system in the VPC. Use the mount target to
mount the file system on each of the instances

B.

Create a mount target for the EFS file system in one Availability Zone of the VPC. Use
the mount target to mount the file system on the instances in that Availability Zone. Share
the directory with the other instances.

C.

Create a mount target for each instance. Use each mount target to mount the EFS file
system on each respective instance.

D.

Create a mount target in each Availability Zone of the VPC Use the mount target to mount the EFS file system on the Instances in the respective
Availability Zone.