A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials. The application is deployed using AWS CloudFormation to three separate environments development test, and production Each environment requires unique credentials for external services
What option securely provides the application with the needed credential while requiring MINIMAL administrative overhead?
A SysOps Administrator is deploying a legacy web application on AWS. The application has four Amazon EC2 instances behind Classic Load Balancer and stores data in an Amazon RDS instance. The legacy application has known vulnerabilities to SQL injection attacks, but the application code is no longer available to update.
What cost-effective configuration change should the Administrator make to migrate the risk of SQL injection attacks?
A company is using an AWS KMS customer master key (CMK) with imported key material. The company references the CMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months
What is the process to rotate the key?
A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only All traffic must be over the AWS private network What actions should the SysOps Administrator take to meet these requirements?
A company is expanding its use of AWS services across its portfolios. The company wants to provision AWS accounts for each team to ensure a separation of business processes for security, compliance, and billing account creation and bootstrapping should be completed in a scalable and efficient way so new accounts are created with a defined baseline and governance guardrails in place. A sysops administrator needs to design a provisioning process that save time and resources.
Which action should be taken to meet these requirements?
A Systems Administrator is responsible for maintaining custom, approved AMIs for a company. These AMIs must be shared with each of the company’s AWS accounts.
How can the Administrator address this issue?
A company’s web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The EC2 instances run in an EC@ Auto Scaling group across multiple Availability Zones. Data is stored in an Amazon ElastiCache for Radius cluster and an Amazon RDS DB instance. Company policy requires all system patching to take place at midnight on Tuesday.
Which resources will need to have a maintenance window configured for midnight on Tuesday? (Choose two.)
A financial service company is running distributed computing software to manage a fleet of 20 servers for their calculations. There are 2 control nodes and 18 worker nodes to run the calculations. Worker nodes can be automatically started by the control nodes when required. Currently, all nodes are running on demand, and the worker nodes are uses for approximately 4 hours each day.
Which combination of actions will be most cost-effective? (Select Two)
A sysops administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance The administrator has been tasked with reconfiguring the infrastructure to support this approach
How can the administrator accomplish this with the LEAST administrative overhead?
A Development team is designing an application that processes sensitive information within a hybrid deployment. The team needs to ensure the application data is protected both in transit and at rest.
Which combination of actions should be taken to accomplish this? (Choose two.)
A company uses LDAP-based credentials and Has a Security Assertion Markup Language (SAML) 2.0 identity provider. A SysOps administrator has configured various federated roles in a new AWS account to provide AWS Management Console access for groups of users that use the existing LDAP-Based credentials. Several groups want to use the AWS CLI on their workstations to automate daily tasks. To enable them to do so, the SysOps administrator has created an application that authenticates a user and generates a SAML assertion.
Which API call should be used to retrieve credentials for federated programmatic access?
An organization has decided to consolidate storage and move all of its backups and archives to Amazon S3. With all of the data gathered into a hierarchy under a single directory, the organization determines there is 70 TB data that needs to be uploaded. The organization currently has a 150-Mbps connection with 10 people working at the location.
Which service would be the MOST efficient way to transfer this data to Amazon S3?
A SysOps Administrator must find a way to set up alerts when Amazon EC2 service limits are close to being reached.
How can the Administrator achieve this requirement?
A company manages multiple AWS accounts and wants to provide access to AWS from a single management account using an existing on-premises Microsoft Active Directory domain. Which solution will meet these requirements with the LEAST amount of effort?
A SysOps Administrator is receiving alerts related to high CPU utilization of a Memcached-based Amazon ElastiCache cluster.
Which remediation steps should be taken to resolve this issue? (Select TWO.)
A security audit revealed that the security groups in a VPC have ports 22 and 3389 open to all. introducing a possible threat that instances can be stopped or configurations can be modified. A SysOps administrator needs to automate remediation.
What should the administrator do to meet these requirements?
A company's Marketing department generates gigabytes of assets each day and stores them locally. They would like to protect the files by backing them up to AWS All the assets should be stored on the cloud but the most recent assets should be available locally for tow latency access
Which AWS service meets the requirements?
An application running on Amazon EC2 allows users to launch batch jobs for data analysis. The jobs are run asynchronously, and the user is notified when they are complete. While multiple jobs can run concurrently, a user’s request need not be fulfilled for up to 24 hours. To run a job, the application launches an additional EC2 instance that performs all the analytics calculations. A job takes between 75 and 110 minutes to complete and cannot be interrupted.
What is the MOST cost-effective way to run this workload?
A fleet of servers must send local logs to Amazon CloudWatch.
How should the servers be configured to meet this requirement?
A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an ELB Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.
Which condition should be used with the alarm?
A company has a web application that is experiencing performance problems many times each night. A root cause analysis reveals spikes in CPU utilization that last 5 minutes on an Amazon EC2 Linux instance. A SysOps administrator is tasked with finding the process ID (PID) of the service or process that is consuming more CPU.
How can the administrator accomplish this with the LEAST amount of effort?
A company’s static website hosted on Amazon S3 was launched recently, and is being used by tens of thousands of users. Subsequently, website users are experiencing 503 service unavailable errors.
Why are these errors occurring?
An application running on Amazon EC2 needs login credentials to access a database. The login credentials are stored in AWS Systems Manager Parameter Store as secure string parameters.
What is the MOST secure way to grant the application access to the credentials?
A company is deploying a web service to Amazon EC2 instances behind an Elastic Load Balancer. All resources will be defined and created in a single AWS CloudFormation stack using a template. The creation of each EC2 instance will not be considered complete until an initialization script has been run successfully on the EC2 instance. The Elastic Load Balancer cannot be created until all EC2 instances have been created.
Which CloudFormation resource will coordinate the Elastic Load Balancer creation in the CloudFormation stack template?
A company backs up data from its data center using a tape gateway on AWS Storage Gateway. The SysOps Administrator needs to reboot the virtual machine running Storage Gateway.
What process will protect data integrity?
A company has several AWS accounts and has set up consolidated billing through AWS Organizations. The total monthly bill has been increasing over several months, and a SysOps administrator has been asked to determine what is causing this increase.
What is the Most comprehensive tool that will accomplish this task?
A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles. Corporate policies require that developers are blocked from accessing some services.
What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?
An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region A sysops administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deploy
What is likely to be the problem?
A company's IT department noticed an increase in the spend of their Developer AWS account. There are over 50 Developers using the account and the Finance Tram wants to determine the service costs incurred by each Developer.
What should a SysOps Administrator do to collect this information? (Select TWO)
A new Amazon Redshift Spectrum Cluster has been launched for a team of Business Analysis. When the team attempts to use the cluster to query the data in Amazon S3, they receive the following error:
What is one cause of this?
An enterprise is using federated Security Assertion Markup Language (SAML) to access the AWS Management Console.
How should the SAML assertion mapping be configured?
A company recently implemented an Amazon S3 lifecycle rule that accidentally deleted objects from one of its S3 buckets. The bucket has S3 versioning enabled.
Which actions will restore the objects? (Choose two.)
A company has deployed a NAT instance to allow web servers to obtain software updates from the internet. There latency on the NAT instance as the network grows. A SysOps Administrator needs to reduce latency on the instance in a manner that a efficient, cost effective, and allow for scaling with future demand.
Which action should be taken to accomplish this?
An existing data management application is running on a single Amazon EC2 instance and needs to be moved to a new AWS Region in another AWS account. How can a SysOps administrator achieve this while maintaining the security of the application?
A SysOps Administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically Currently, the application is deployed on a single t2 large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency alter a few minutes
What change should be made to alleviate the performance problem?
A security officer has requested Ifial internet access be removed from subnets in a VPC. The subnets currently route internet-bound traffic to a NAT gateway. A SysOps administrator needs to remove this access while allowing access to Amazon S3.
Which solution will meet these requirements?