A company needs to deploy a web application on two Amazon EC2 instances behind an Application Load Balancer (ALB). Two EC2 instances will also be deployed to host the database. The infrastructure needs to be designed across Availability Zones for high availability and must limit public access to the instances as much as possible.
How should this be achieved within a VPC?
A company has deployed a NAT instance to allow web servers to obtain software updates from the internet. There latency on the NAT instance as the network grows. A SysOps Administrator needs to reduce latency on the instance in a manner that a efficient, cost effective, and allow for scaling with future demand.
Which action should be taken to accomplish this?
A company has deployed a fleet of Amazon EC2 web servers for the upcoming release of a new product. The SysOps Administrator needs to test the Amazon CloudWatch notification settings for this deployment to ensure that a notification is sent using Amazon SNS if the CPU utilization of an EC2 instance exceeds 70%.
How should the Administrator accomplish this?
A web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. Amazon Route 53 is used for DNS and points to the load balancer. A SysOps Administrator has launched a new Auto Scaling group with a new version of the application, and wants to gradually shift traffic to the new version.
How can this be accomplished?
An Applications team has successfully deployed an AWS CloudFormation stack consisting of 30 t2-medium Amazon EC2 instances in the us-west-2 Region. When using the same template to launch a stack in us-east-2, the launch failed and rolled back after launching only 10 EC2 instances.
What is a possible cause of this failure?
A SysOps Administrator needs to control access to groups of Amazon EC2 instances. Specific tags on the EC2 instances have already been added. Which additional actions should the Administrator take to control access? (Select TWO)
A company uses multiple accounts for its applications. Account A manages the companyâ€™s Amazon Route 53 domains and hosted zones. Account B uses a load balancer fronting the companyâ€™s web servers.
How can the company use Route 53 to point to the load balancer in the MOST cost-effective and efficient manner?
A company is concerned about its ability to recover from a disaster because all of its Amazon EC2 instances are located in a single Amazon VPC in us-east-1. A second Amazon VPC has been configured in eu-west-1 to act as a backup VPC in case of an outage. Data will be replicated from the primary region to the secondary region. The Information Security teamâ€™s compliance requirements specify that all data must be encrypted and must not traverse the public internet.
How should the SysOps Administrator connect the two VPCs while meeting the compliance requirements?
A SysOps Administrator created an Amazon VPC with an IPv6 CIDR block, which requires access to the internet. However, access from the internet towards the VPC is prohibited. After adding and configuring the required components to the VPC, the Administrator is unable to connect to any of the domains that reside on the internet.
What additional route destination rule should the Administrator add to the route tables?
A company is storing monthly reports on Amazon S3. The companyâ€™s security requirement states that traffic from the client VPC to Amazon S3 cannot traverse the internet.
What should the SysOps Administrator do to meet this requirement?
In configuring an Amazon Route 53 health check, a SysOps Administrator selects â€˜Yesâ€™ to the String Matching option in the Advanced Configuration section. In the Search String box, the Administrator types the following text: /html.
This is to ensure that the entire page is loading during the health check. Within 5 minutes of enabling the
health check, the Administrator receives an alert stating that the check failed. However, when the
Administrator navigates to the page, it loads successfully.
What is the MOST likely cause of this false alarm?
HTTP_STR_MATCH: Route 53 tries to establish a TCP connection. If successful, Route 53 submits an HTTP request and searches the first 5,120 bytes of the response body for the string that you specify in SearchString.
A company's finance department wants to receive a monthly report showing AWS resource usage by department. Which solution should be used to meet the requirements?
A SysOpsAdministrator is managing a large organization with multiple accounts on the Business Support plan all linked to a single payer account. The Administrator wants to be notified automatically of AWS Personal Health Dashboard events.
In the main payer account, the Administrator configures Amazon CloudWatch Events triggered by AWS Health events triggered by AWS Health triggered by AWS Health events to issue notifications using Amazon SNS, but alerts in the linked accounts failed to trigger.
Why did the alerts fail?
A SysOps Administrator has implemented a VPC network design with the following requirements
â€¢ Two Availability Zones (AZs) - Two private subnets
â€¢ Two public subnets
â€¢ One internet gateway
â€¢ One NAT gateway
What would potentially cause applications in the VPC to fail during an AZ outage?
An application is currently deployed on several Amazon EC2 instances that reside within a VPC. Due to compliance requirements the EC2 instances cannot have access to the public internet. SysOps Administrator require SSH access to EC2 instances from their corporate office to perform maintenance and other administrative tasks.
Which combination of actions should be taken to permit SSH access to the EC2 instances while meeting the compliance requirement? (Select TWO)
A companyâ€™s Information Security team has requested information on AWS environment compliance for Payment Card Industry (PCI) workloads. They have requested assistance in understanding what specific areas of the PCI standards are the responsibility of the company.
Which AWS tool will provide the necessary information?
A SySOps Administrator is managing an AWS account where Developers are authorized to launch Amazon EC2 instances to test new code. To limit costs, the Administrator must ensure that the EC2 instances in the account are terminated 24 hours after launch.
How should the Administrator meet these requirements?
A SysOps Administration team is supporting an applications that stores a configuration file in an Amazon S3 bucket Previous revisions of the configuration file must be maintained for change control and rollback
How should the S3 bucket be configured to meet these requirements?
A company is using an AWS KMS customer master key (CMK) with imported key material. The company references the CMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months
What is the process to rotate the key?
A company hosts a multi-tier ecommerce web application on AWS, and has recently been alerted to suspicious application traffic The architecture consists of Amazon EC2 instances deployed across multiple Availability Zones behind an Application Load Balancer (ALB) After examining the server logs, a sysops administrator determines that the suspicious traffic is an attempted SQL injection attack.
What should the sysops administrator do to prevent similar attacks?
A company is running critical applications on Amazon EC2 instances. The company needs to ensure its resources are automatically recovered if they become impaired due to an underlying hardware failure.
Which service can be used to monitor and recover the EC2 instances?
A sysops administrator must monitor a fleet of Amazon EC2 Linux instances with the constraint that no agents be installed. The sysops administrator chooses Amazon CloudWatch as the monitoring tool.
Which metric can be measured given the constraints? (Select Three)
A SysOps Administrator must find a way to set up alerts when Amazon EC2 service limits are close to being reached.
How can the Administrator achieve this requirement?
A company developed and now runs a memory-intensive application on multiple Amazon EC2 Linux instances. The memory utilization metrics of the EC2 Linux instances must be monitored every minute.
How should the SysOps Administrator publish the memory metrics? (Choose two.)