A company has an existing web application that runs on two Amazon EC2 instances
behind an Application Load Balancer (ALB) across two Availability Zones The application
uses an Amazon RDS Multi-AZ DB Instance Amazon Route 53 record sets route requests
tor dynamic content to the load balancer and requests for static content to an Amazon S3
bucket Site visitors are reporting extremely long loading times.
Which actions should be taken to improve the performance of the website? (Select TWO )

A.

Add Amazon CloudFront caching for static content

B.

Change the load balancer listener from HTTPS to TCP

C.

Enable Amazon Route 53 latency-based routing

D.

Implement Amazon EC2 Auto Scaling for the web servers

E.

Move the static content from Amazon S3 to the web servers

An application runs on multiple Amazon EC2 instances in an Auto Scaling group The Auto
Scaling group is configured to use the latest version of a launch template A SysOps
administrator must devise a solution that centrally manages the application logs and retains
the logs for no more than 90 days
Which solution will meet these requirements?

A.

Launch an Amazon Machine Image (AMI) that is preconfigured with the Amazon CloudWatch Logs agent to send logs to an Amazon S3 bucket Apply a 90-day S3 Lifecycle policy on the S3 bucket to expire the application logs

B.

Launch an Amazon Machine Image (AMI) that is preconfigured with the Amazon CloudWatch Logs agent to send logs to a log group Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule to perform an instance refresh every 90 days

C.

Update the launch template user data to install and configure the Amazon CloudWatch
Logs agent to send logs to a log group Configure the retention period on the log group to
be 90 days

D.

Update the launch template user data to install and configure the Amazon CloudWatch
Logs agent to send logs to a log group Set the log rotation configuration of the EC2
instances to 90 days

While setting up an AWS managed VPN connection, a SysOps administrator creates a
customer gateway resource in AWS. The customer gateway device resides in a data center
with a NAT gateway in front of it.
What address should be used to create the customer gateway resource?

A.

The private IP address of the customer gateway device

B.

The MAC address of the NAT device in front of the customer gateway device

C.

The public IP address of the customer gateway device

D.

The public IP address of the NAT device in front of the customer gateway device

A SysOps administrator must create an IAM policy for a developer who needs access to specific AWS services. Based on the requirements, the SysOps administrator creates the following policy:

Which actions does this policy allow? (Select TWO.)

A.

Create an AWS Storage Gateway.

B.

Create an IAM role for an AWS Lambda function.

C.

Delete an Amazon Simple Queue Service (Amazon SQS) queue.

D.

Describe AWS load balancers.

E.

Invoke an AWS Lambda function.

A SysOps administrator has used AWS Cloud Formal ion to deploy a serverless application
Into a production VPC. The application consists of an AWS Lambda function an Amazon
DynamoDB table, and an Amazon API Gateway API. The SysOps administrator must
delete the AWS Cloud Formation stack without deleting the DynamoDB table.
Which action should the SysOps administrator take before deleting the AWS Cloud
Formation stack?

A.

Add a Retain deletion policy to the DynamoDB resource in the AWS CloudFormation stack

B.

Add a Snapshot deletion policy to the DynamoDB resource in the AWS CloudFormation stack.

C.

Enable termination protection on the AWS Cloud Formation stack.

D.

Update the application's IAM policy with a Deny statement for the
dynamodb:DeleteTabie action.

A company is managing multiple AWS accounts in AWS Organizations. The company is
reviewing internal security of its AWS environment. The company's security administrator
has their own AWS account and wants to review the VPC configuration of developer AWS
accounts.
Which solution will meet these requirements in the MOST secure manner?

A.

Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to an IAM user. Share the user credentials with the
security administrator.

B.

Create an IAM policy in each developer account that has administrator access to all
Amazon EC2 actions, including VPC actions. Assign the policy to an IAM
user. Share the user credentials with the security administrator.

C.

Create an IAM policy in each developer account that has administrator access related to
VPC resources. Assign the policy to a cross-account IAM role. Ask the security
administrator to assume the role from their account.

D.

Create an IAM policy in each developer account that has read-only access related to
VPC resources Assign the policy to a cross-account IAM role Ask the security administrator
to assume the role from their account.

A SysOps administrator launches an Amazon EC2 Linux instance in a public subnet. When
the instance is running, the SysOps administrator obtains the public IP address and
attempts to remotely connect to the instance multiple times. However, the SysOps
administrator always receives a timeout error.
Which action will allow the SysOps administrator to remotely connect to the instance?

A.

Add a route table entry in the public subnet for the SysOps administrator's IP address.

B.

Add an outbound network ACL rule to allow TCP port 22 for the SysOps administrator's IP address.

C.

Modify the instance security group to allow inbound SSH traffic from the SysOps administrator's IP address.

D.

Modify the instance security group to allow outbound SSH traffic to the SysOps
administrator's IP address.

A recent organizational audit uncovered an existing Amazon RDS database that is not
currently configured for high availability. Given the critical nature of this database, it must
be configured for high availability as soon as possible.
How can this requirement be met?

A.

Switch to an active/passive database pair using the create-db-instance-read-replica with
the --availability-zone flag.

B.

Specify high availability when creating a new RDS instance, and live-migrate the data.

C.

Modify the RDS instance using the console to include the Multi-AZ option.

D.

Use the modify-db-instance command with the --na flag

A company is using an Amazon DynamoDB table for data. A SysOps administrator must
configure replication of the table to another AWS Region for disaster recovery.
What should the SysOps administrator do to meet this requirement?

A.

Enable DynamoDB Accelerator (DAX).

B.

Enable DynamoDB Streams, and add a global secondary index (GSI).

C.

Enable DynamoDB Streams, and-add a global table Region.

D.

Enable point-in-time recovery.

A company recently acquired another corporation and all of that corporation's AWS accounts. A financial analyst needs the cost data from these accounts. A SysOps administrator uses Cost Explorer to generate cost and usage reports. The SysOps administrator notices that "No Tagkey" represents 20% of the monthly cost. What should the SysOps administrator do to tag the "No Tagkey" resources?

A.

Add the accounts to AWS Organizations. Use a service control policy (SCP) to tag all the untagged resources.

B.

Use an AWS Config rule to find the untagged resources. Set the remediation action to terminate the resources.

C.

Use Cost Explorer to find and tag all the untagged resources.

D.

Use Taq Editor to find and taq all the untaqqed resources.

A software development company has multiple developers who work on the same product.
Each developer must have their own development environment, and these development
environments must be identical. Each development environment consists of Amazon EC2
instances and an Amazon RDS DB instance. The development environments should be
created only when necessary, and they must be terminated each night to minimize costs.
What is the MOST operationally efficient solution that meets these requirements?

A.

Provide developers with access to the same AWS CloudFormation template so that they
can provision their development environment when necessary. Schedule a nightly cron job
on each development instance to stop all running processes to reduce CPU utilization to
nearly zero.

B.

Provide developers with access to the same AWS CloudFormation template so that they
can provision their development environment when necessary. Schedule a nightly Amazon
EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to
delete the AWS CloudFormation stacks.

C.

Provide developers with CLI commands so that they can provision their own
development environment when necessary. Schedule a nightly Amazon EventBridge
(Amazon CloudWatch Events) rule to invoke an AWS Lambda function to terminate all EC2
instances and the DB instance.

D.

Provide developers with CLI commands so that they can provision their own
development environment when necessary. Schedule a nightly Amazon EventBridge
(Amazon CloudWatch Events) rule to cause AWS CloudFormation to delete all of the

A company has an Auto Scaling group of Amazon EC2 instances that scale based on
average CPU utilization. The Auto Scaling group events log indicates an
InsufficientlnstanceCapacity error.
Which actions should a SysOps administrator take to remediate this issue? (Select TWO.

A.

Change the instance type that the company is using.

B.

Configure the Auto Scaling group in different Availability Zones.

C.

Configure the Auto Scaling group to use different Amazon Elastic Block Store (Amazon EBS) volume sizes.

D.

Increase the maximum size of the Auto Scaling group.

E.

Request an increase in the instance service quota