Cloud Practice

#221 (Accuracy: 100% / 1 votes)

A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations.
What should a SysOps administrator do to implement this requirement?

A. Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the AWS Management Console.
B. Develop an IAM policy that limits the business units to provision EC2 instances only. Instruct the business units to launch instances by using an AWS CloudFormation template.
C. Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog. Allow the business units to perform actions in AWS Service Catalog only.
D. Share an AWS CloudFormation template with the business units. Instruct the business units to pass a role to AWS CloudFormation to allow the service to manage EC2 instances.

#222 (Accuracy: 100% / 2 votes)

A SysOps administrator needs a secure way to connect to AWS Key Management Service (AWS KMS) within a VPC. The SysOps administrator must ensure that connections to AWS KMS do not traverse the internet.
What is the MOST secure solution that meets these requirements?

A. Use a bastion host to connect to AWS KMS.
B. Use a NAT gateway to connect to AWS KMS.
C. Use a VPC gateway endpoint for Amazon S3 to connect to AWS KMS.
D. Use a VPC interface endpoint to connect to AWS KMS.

#223 (Accuracy: 100% / 1 votes)

A company is creating an application that will keep records. The application will run on Amazon EC2 instances and will use an Amazon Aurora MySQL database as its data store. To maintain compliance, the application must not retain information that is determined to be sensitive.
Which technique should a SysOps administrator use to detect if sensitive data is being stored in the application?

A. Export data from the database by using an AWS Lambda function. Store the data in Amazon S3. Use Amazon Macie to examine the stored data. Examine the report for any sensitive data that is discovered.
B. Install the Amazon GuardDuty plugin for Aurora. Configure GuardDuty to examine the database. Add the corresponding EC2 CIDR ranges to the trusted IP list in GuardDuty. Examine the report for any sensitive data that is discovered.
C. Deploy Amazon Inspector by installing the Amazon Inspector agent on all EC2 instances. Set the Amazon Inspector assessment type to HOST assessment. Include NETWORK communications with the Aurora DB cluster. Examine the report for any sensitive data that is discovered.
D. Use VPC Flow Logs to examine traffic between the EC2 instances and the Aurora DB cluster. Store the log files in Amazon S3. Use Amazon Detective to examine the extracted log files. Examine the report for any sensitive data that is discovered.

#224 (Accuracy: 100% / 2 votes)

A SysOps administrator has set up a new public Application Load Balancer (ALB) in front of a pair of private web servers in multiple Availability Zones. After deploying an updated AWS CloudFormation template with many changes, user traffic now goes to one web server only.
What is the MOST likely reason that the traffic is not being balanced between both servers?

A. The faulty server is returning HTTP 200 codes and has been removed.
B. Sticky sessions have been disabled in the ALB for the working server.
C. The ALB is using a custom ping path that is not found on the faulty server.
D. The web clients are using HTTP/2, which is terminated at the ALB.

#225 (Accuracy: 100% / 2 votes)

A SysOps administrator needs to register targets for a Network Load Balancer (NLB) using IP addresses.
Which prerequisite should the SysOps administrator validate to perform this task?

A. Ensure the NLB listener security policy is set to ELBSecurityPolicy-TLS-1-2-Ext-2018-06, ELBSecurityPolicy-FS-1-2-Res-2019-08, or ELBSecurityPolicy-TLS- 1-0-2015-04.
B. Ensure the health check setting on the NLB for the Matcher configuration is between 200 and 399.
C. Ensure the targets are within any of these CIDR blocks: 10.0.0.0/8 (RFC 1918), 100.64.0.0/10 (RFC 6598), 172.16.0.0/12 (RFC 1918), or 192.168.0.0/16 (RFC 1918).
D. Ensure the NLB is exposed as an endpoint service before registering the targets using IP addresses.

#226 (Accuracy: 100% / 2 votes)

A streaming services company has a three-tier web application hosted on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer
(ALB). When the Auto Scaling group scales in, a deregistration delay occurs and the delay is sometimes longer than the time required to terminate the EC2 instance. A SysOps administrator must ensure that the latest logs are delivered to an external system before the EC2 instance is terminated.
Which solution will solve this problem?

A. Add a lifecycle hook to the Auto Scaling group to put the EC2 instance in a wait state until the log files have been delivered.
B. Configure a fixed response for the ALB to use custom error messages to respond to incoming requests with HTTP error response codes.
C. Create an Amazon CloudWatch alarm based on the RequestCountPerTarget metric for the Auto Scaling group. Modify the cooldown period to wait until the EC2 instance is terminated.
D. Update the launch configuration to enable scale-in protection for the Auto Scaling group and detach the EC2 instance protected for termination.

#227 (Accuracy: 100% / 2 votes)

A SysOps administrator is implementing automated I/O load performance testing as part of the continuous integration/continuous delivery (CI/CD) process for an application. The application uses an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume for each instance that is restored from a snapshot and requires consistent I/O performance. During the initial tests, the I/O performance results are sporadic. The SysOps administrator must ensure that the tests yield more consistent results.
Which actions could the SysOps administrator take to accomplish this goal? (Choose two.)

A. Restore the EBS volume from the snapshot with fast snapshot restore enabled.
B. Restore the EBS volume from the snapshot using the cold HDD volume type.
C. Restore the EBS volume from the snapshot and pre-warm the volume by reading all of the blocks.
D. Restore the EBS volume from the snapshot and configure encryption.
E. Restore the EBS volume from the snapshot and configure I/O block size at random.

#228 (Accuracy: 100% / 1 votes)

A company uses LDAP-based credentials and has a Security Assertion Markup Language (SAML) 2.0 identity provider. A SysOps administrator has configured various federated roles in a new AWS account to provide AWS Management Console access for groups of users that use the existing LDAP-based credentials.
Several groups want to use the AWS CLI on their workstations to automate daily tasks. To enable them to do so, the SysOps administrator has created an application that authenticates a user and generates a SAML assertion
Which API call should be used to retrieve credentials for federated programmatic access?

A. sts:AssumeRole
B. sts:AssumeRoleWithSAML
C. sts:AssumeRoleWithWebIdentity
D. sts:GetFederationToken

#229 (Accuracy: 100% / 2 votes)

A company has developed a new memory-intensive application that is deployed to a large Amazon EC2 Linux fleet. The company is concerned about potential memory exhaustion, so the development team wants to monitor memory usage by using Amazon CloudWatch.
What is the MOST operationally efficient way to accomplish this goal?

A. Create an AWS Lambda function to capture memory utilization of the EC2 instances. Schedule the Lambda function with Amazon EventBridge (Amazon CloudWatch Events).
B. Deploy the application to memory optimized EC2 instances. Use the CloudWatch MemoryUtilization metric.
C. Install the CloudWatch agent on the EC2 instances to collect and send metrics to CloudWatch.
D. Install the CloudWatch monitoring scripts on the EC2 instances to collect and send metrics to CloudWatch.

#230 (Accuracy: 100% / 1 votes)

A SysOps administrator manages an AWS CloudFormation template that provisions Amazon EC2 instances, an Elastic Load Balancer, and Amazon RDS instances. As part of an ongoing transformation project, CloudFormation stacks are being created and deleted continuously. The administrator needs to ensure that the RDS instances continue running after a stack has been deleted.
Which action should be taken to meet these requirements?

A. Edit the template to remove the RDS resources and update the stack.
B. Enable termination protection on the stack.
C. Set the DeletionPolicy attribute for RDS resources to Retain in the template.
D. Set the deletion-protection parameter on RDS resources.

There are 439 results