marks4sure logo
An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region A sysops administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deploy
What is likely to be the problem?
A SysOps Administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-1 Region. The Administrator finds that this template has failed to create an EC2 instance in the uswest-2 Region.
What is one cause for this failure?
A company has received a notification in its AWS Personal Health Dashboard that one of its Amazon EBS-backed Amazon EC2 instances is on hardware that is scheduled maintenance The instance runs a critical production workload that must be available during normal business hours
Which steps will ensure that the instance maintenance does not produce an outage?
Company A purchases company B and inherits three new AWS accounts. Company A would like to centralize billing and reserved instance benefits but wants to keep all other resources separate.
How can this be accomplished?
An organization stores sensitive customer information in S3 buckets protected by bucket policies Recently, there have been reports that unauthorized entities within the company have been trying to access the data on those S3 buckets. The chief information security officer (CISO) would like to know which buckets are being targeted and determine who is responsible for trying to access that information.
Which steps should a SysOps administrator take to meet the CISO's requirement? (Select TWO.)
A sysops administrator created an AWS Lambda function within a VPC with no access to the internet. The Lambda function pulls messages from an Amazon SOS queue and stores them in an Amazon RDS instance in the same VPC. After executing the Lambda function, the data is not showing up on the RDS instance.
Which of the following are possible causes for this? (Select TWO.)
A company’s static website hosted on Amazon S3 was launched recently, and is being used by tens of thousands of users. Subsequently, website users are experiencing 503 service unavailable errors.
Why are these errors occurring?
An application running on Amazon EC2 needs login credentials to access a database. The login credentials are stored in AWS Systems Manager Parameter Store as secure string parameters.
What is the MOST secure way to grant the application access to the credentials?
A SysOps Administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented stncl IP whitelisting that requires all build uploads to come from a single IP address.
What change should the Systems Administrator make to the existing build fleet to comply with this new requirement?
A company uses AWS CloudFormation to deploy its application infrastructure. Recently, a user accidentally changed a property of a database in a CloudFormation template and performed a stack update that caused an interruption to the application. A SysOps Administrator must determine how to modify the deployment process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.
Which solution will meet these requirements?
A sysops administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue with the bucket owner, the administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution.
A company has adopted a security policy that requires all customer data to be encrypted at rest. Currently, customer data is stored on a central Amazon EFS file system and accessed by a number of different applications from Amazon EC2 instances.
How can the SysOps Administrator ensure that all customer data stored on the EFS file system meets the new requirement?
A company's Marketing department generates gigabytes of assets each day and stores them locally. They would like to protect the files by backing them up to AWS All the assets should be stored on the cloud but the most recent assets should be available locally for tow latency access
Which AWS service meets the requirements?
A company has an application running on a fleet of Microsoft Windows instances. Patches to the operating system need to be applied each month. AWS Systems Manager Patch Manager is used to apply the patches on a schedule.
When the fleet is being patched, customers complain about delayed service responses.
What can be done to ensure patches are deployed with MINIMAL customer impact?
An organization has been running their website on several m2 Linux instances behind a Classic Load Balancer for more than two years. Traffic and utilization have been constant and predictable.
What should the organization do to reduce costs?
An existing data management application is running on a single Amazon EC2 instance and needs to be moved to a new AWS Region in another AWS account.
How can a SysOps administrator achieve this while maintaining the security of the application?
A sysops administrator must generate a report that provides a breakdown of all API activity by a specific user over the course of a year. AWS CloudTrail has already been enabled.
How should this report be generated?
A, Access the Cloud Trail logs stored in the Amazon S3 bucket tied to Cloud Trail. Use Amazon Athena to extract the information needed to generate the report
B. Locate the monthly reports that CloudTrail sends that are emailed to the account's root user. Forward the reports to the auditor using a secure channel
C. Use the AWS Management Console to search for the user name in the CloudTrail history. Filter by API and download the report in CSV format
D. Use the CloudTrail digest files stored in the company's Amazon S3 bucket. Send the logs to Amazon QuickSight to create the report.
A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE. The Administrator identified and resolved the template issue causing the failure.
How should the Administrator continue with the stack deployment?
An application running on Amazon EC2 allows users to launch batch jobs for data analysis. The jobs are run asynchronously, and the user is notified when they are complete. While multiple jobs can run concurrently, a user’s request need not be fulfilled for up to 24 hours. To run a job, the application launches an additional EC2 instance that performs all the analytics calculations. A job takes between 75 and 110 minutes to complete and cannot be interrupted.
What is the MOST cost-effective way to run this workload?
A SysOps Administrator must take a team’s single existing AWS CloudFormation template and split it into
smaller, service-specific templates. All of the services in the template reference a single, shared Amazon S3 bucket.
What should the Administrator do to ensure that this S3 bucket can be referenced by all the service
templates?
A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to 1 in Amazon CloudWatch.
What is MOST likely causing this issue?
A company runs a web application that users access using the domain name www example com The company manages the domain name using Amazon Route 53 The company created an Amazon CloudFront distribution in front of the application and would like www example com to access the application through CloudFront
What is the MOST cost-effective way to achieve this?
A SysOps Administrator working on an Amazon EC2 instance has misconfigured the clock by one hour. The EC2 instance is sending data to Amazon CloudWatch through the CloudWatch agent. The timestamps on the logs are 45 minutes in the future.
What will be the result of this configuration?
An application running on Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones was deployed using an AWS CloudFormation template. A sysops administrator has patched the Amazon Machine Image (AMI) version and must update all the EC2 instances to use the new AMI.
How should Ihe administrator use CloudFormation to apply the new AMI while maintaining a minimum level of active instances to ensure service continuity?
A sysops administrator is creating two AWS Cloud Formation templates The first template will create a VPC with associated resources, such as subnets, route tables, and an internet gateway The second template will deploy application resources within the VPC that was created by the first template The second template should refer to the resources created by the first template
How can this be accomplished with the LEAST amount of administrative effort?
A SysOps administrator is maintaining an application running on Amazon EBS-backed Amazon EC2 instances in an Amazon EC2 Auto scaling group. The application is set to automatically terminate unhealthy instances. The administrator wants to preserve application logs from these instances for failure analysis.
Which action will accomplish this?
A SysOps Administrator is maintaining an application that runs on Amazon EC2 instances behind an application Load Balancer (ALB). Users are reporting errors when attempting to launch the application. The administrator notices an increase in the httpcode_ELS_5xx_Count Amazon CloudWatch metric for the load balancer.
What is the possible cause for this increase?
A web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. Amazon Route 53 is used for DNS and points to the load balancer. A SysOps Administrator has launched a new Auto Scaling group with a new version of the application, and wants to gradually shift traffic to the new version.
How can this be accomplished?
A user accidentally deleted a file from an Amazon EBS volume. The SysOps Administrator identified a recent snapshot for the volume.
What should the Administrator do to restore the user's file from the snapshot?
A company’s Information Security team has requested information on AWS environment compliance for Payment Card Industry (PCI) workloads. They have requested assistance in understanding what specific areas of the PCI standards are the responsibility of the company.
Which AWS tool will provide the necessary information?
A SysOps Administrator must find a way to set up alerts when Amazon EC2 service limits are close to being reached.
How can the Administrator achieve this requirement?
A company runs an Amazon RDS MySQL DB instance. Corporate policy requires that a daily backup of the database must be copied to a separate security account.
What is the MOST cost-effective way to meet this requirement?
A popular auctioning platform requires near-real-time access to dynamic bidding information The platform must be available at all times The current Amazon RDS instance often reaches 100% CPU utilization during peak bidding sessions and can no longer be resized. To improve application performance, a SysOps Administrator is evaluating Amazon ElastiCache and has chosen Redis over Memcached
What advantages will this solution provide? (Select TWO )
A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account’s Amazon S3 bucket.
Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket.
A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company’s AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.
What should be done to accomplish this?
TESTED 20 Jan 2021