A company is expanding its fleet of Amazon EC2 instances before an expected increase of traffic. When a SysOps administrator attempts to add more instances, an InstanceLimitExceeded error is returned.
What should the SysOps administrator do to resolve this error?

A.

Add an additional CIDR block to the VPC.

B.

Launch the EC2 instances in a different Availability Zone.

C.

Launch new EC2 instances in another VPC.

D.

Use Service Quotas to request an EC2 quota increase

A company is releasing a new static website hosted on Amazon S3. The static website
hosting feature was enabled on the bucket and content was uploaded: however, upon
navigating to the site, the following error message is received:
403 Forbidden - Access Denied
What change should be made to fix this error?

A.

Add a bucket policy that grants everyone read access to the bucket.

B.

Add a bucket policy that grants everyone read access to the bucket objects.

C.

Remove the default bucket policy that denies read access to the bucket.

D.

Configure cross-origin resource sharing (CORS) on the bucket.

A company has mandated the use of multi-factor authentication (MFA) for all IAM users,
and requires users to make all API calls using the CLI. However. users are not prompted to
enter MFA tokens, and are able to run CLI commands without MFA. In an attempt to
enforce MFA, the company attached an IAM policy to all users that denies API calls that
have not been authenticated with MFA.
What additional step must be taken to ensure that API calls are authenticated using MFA?

A.

Enable MFA on IAM roles, and require IAM users to use role credentials to sign API calls.

B.

Ask the IAM users to log into the AWS Management Console with MFA before making API calls using the CLI.

C.

Restrict the IAM users to use of the console, as MFA is not supported for CLI use.

D.

Require users to use temporary credentials from the get-session token command to sign API calls.

A recent audit found that most resources belonging to the development team were in
violation of patch compliance standards The resources were properly tagged Which service
should be used to quickly remediate the issue and bring the resources back into
compliance?

A.

AWS Config

B.

Amazon Inspector

C.

AWS Trusted Advisor

D.

AWS Systems Manager

A company is partnering with an external vendor to provide data processing services. For
this integration, the vendor must host the company's data in an Amazon S3 bucket in the
vendor's AWS account. The vendor is allowing the company to provide an AWS Key
Management Service (AWS KMS) key to encrypt the company's data. The vendor has
provided an IAM role Amazon Resource Name (ARN) to the company for this integration.
What should a SysOps administrator do to configure this integration?

A.

Create a new KMS key. Add the vendor's IAM role ARN to the KMS key policy. Provide
the new KMS key ARN to the vendor.

B.

Create a new KMS key. Create a new IAM user. Add the vendor's IAM role ARN to an
inline policy that is attached to the IAM user. Provide the new IAM user ARN to the vendor.

C.

Configure encryption using the KMS managed S3 key. Add the vendor's IAM role ARN
to the KMS managed S3 key policy. Provide the KMS managed S3 key ARN to the vendor.

D.

Configure encryption using the KMS managed S3 key. Create an S3 bucket. Add the
vendor's IAM role ARN to the S3 bucket policy. Provide the S3 bucket ARN to the vendor.

A large company is using AWS Organizations to manage its multi-account AWS
environment. According to company policy, all users should have read-level access to a
particular Amazon S3 bucket in a central account. The S3 bucket data should not be
available outside the organization. A SysOps administrator must set up the permissions
and add a bucket policy to the S3 bucket.
Which parameters should be specified to accomplish this in the MOST efficient manner?

A.

Specify '*' as the principal and PrincipalOrgld as a condition.

B.

Specify all account numbers as the principal.

C.

Specify PrincipalOrgld as the principal.

D.

Specify the organization's management account as the principal

A company uses Amazon Route 53 to manage the public DNS records for the domain
example.com. The company deploys an Amazon CloudFront distribution to deliver static
assets for a new corporate website. The company wants to create a subdomain that is
named "static" and must route traffic for the subdomain to the
CloudFront distribution.
How should a SysOps administrator create a new record for the subdomain in Route 53?

A.

Create a CNAME record. Enter static.cloudfront.net as the record name. Enter the
CloudFront distribution's public IP address as the value.

B.

Create a CNAME record. Enter static.example.com as the record name. Enter the
CloudFront distribution's private IP address as the value.

C.

Create an A record. Enter static.cloudfront.net as the record name. Enter the CloudFront
distribution's ID as an alias target.

D.

Create an A record. Enter static.example.com as the record name. Enter the CloudFront distribution's domain name as an alias target.

A large company is using AWS Organizations to manage its multi-account AWS
environment. According to company policy, all users should have read-level access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be
available outside the organization. A SysOps administrator must set up the permissions
and add a bucket policy to the S3 bucket.
Which parameters should be specified to accomplish this in the MOST efficient manner?

A.

Specify "' as the principal and PrincipalOrgld as a condition.

B.

Specify all account numbers as the principal.

C.

Specify PrincipalOrgld as the principal.

D.

Specify the organization's management account as the principal.

A company uses Amazon Elasticsearch Service (Amazon ES) to analyze sales and
customer usage data. Members of the company's geographically dispersed sales team are
traveling. They need to log in to Kibana by using their existing corporate credentials that
are stored in Active Directory. The company has deployed
Active Directory Federation Services (AD FS) to enable authentication to cloud services.
Which solution will meet these requirements?

A.

Configure Active Directory as an authentication provider in Amazon ES. Add the Active
Directory server's domain name to Amazon ES. Configure Kibana to use Amazon ES
authentication.

B.

Deploy an Amazon Cognito user pool. Configure Active Directory as an external identity
provider for the user pool. Enable Amazon Cognito authentication for Kibana on Amazon
ES.

C.

Enable Active Directory user authentication in Kibana. Create an IP-based custom
domain access policy in Amazon ES that includes the Active Directory server's IP address.

D.

Establish a trust relationship with Kibana on the Active Directory server. Enable Active
Directory user authentication in Kibana. Add the Active Directory server's IP address to
Kibana.

A SysOps administrator has launched a large general purpose Amazon EC2 instance to
regularly process large data files. The instance has an attached 1 TB General Purpose
SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volume. The instance also is EBSoptimized.
To save costs, the SysOps administrator stops the instance each evening and
restarts the instance each morning.
When data processing is active, Amazon CloudWatch metrics on the instance show a
consistent 3.000 VolumeReadOps. The SysOps administrator must improve the I/O
performance while ensuring data integrity.
Which action will meet these requirements?

A.

Change the instance type to a large, burstable, general purpose instance.

B.

Change the instance type to an extra large general purpose instance.

C.

Increase the EBS volume to a 2 TB General Purpose SSD (gp2) volume.

D.

Move the data that resides on the EBS volume to the instance store

A SysOps administrator needs to design a high-traffic static website. The website must be highly available and must provide the lowest possible latency to users across the globe. Which solution will meet these requirements?

A.

Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create an Amazon CloudFront distribution in each AWS Region, and set the S3 bucket as the origin. Use Amazon Route 53 to create a DNS record that uses a geolocation routing policy
to route traffic to the correct CloudFront distribution based on where the request originates.

B.

Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create
an Amazon CloudFront distribution, and set the S3 bucket as the origin. Use Amazon
Route 53 to create an alias record that points to the CloudFront distribution.

C.

Create an Application Load Balancer (ALB) and a target group. Create an Amazon EC2 Auto Scaling group with at least two EC2 instances in the associated target group. Store
the website content on the EC2 instances. Use Amazon Route 53 to create an alias record
that points to the ALB.

D.

Create an Application Load Balancer (ALB) and a target group in two Regions. Create
an Amazon EC2 Auto Scaling group in each Region with at least two EC2 instances in
each target group. Store the website content on the EC2 instances. Use Amazon Route 53
to create a DNS record that uses a geolocation routing policy to route traffic to the correct
ALB based on where the request originates.

A company wants to build a solution for its business-critical Amazon RDS for MySQL
database. The database requires high availability across different geographic locations. A
SysOps administrator must build a solution to handle a disaster recovery (DR) scenario
with the lowest recovery time objective (RTO) and recovery point objective (RPO).
Which solution meets these requirements?

A.

Create automated snapshots of the database on a schedule. Copy the snapshots to the
DR Region.

B.

Create a cross-Region read replica for the database

C.

Create a Multi-AZ read replica for the database.

D.

Schedule AWS Lambda functions to create snapshots of the source database and to copy the snapshots to a DR Region.