Cloud Practice

#261 (Accuracy: 100% / 6 votes)

A company uses an Amazon Simple Queue Service (Amazon SQS) standard queue with its application. The application sends messages to the queue with unique message bodies. The company decides to switch to an SQS FIFO queue.

What must the company do to migrate to an SQS FIFO queue?

A. Create a new SQS FIFO queue. Turn on content-based deduplication on the new FIFO queue. Update the application to include a message group ID in the messages.
B. Create a new SQS FIFO queue. Update the application to include the DelaySeconds parameter in the messages.
C. Modify the queue type from SQS standard to SQS FIFO. Turn off content-based deduplication on the queue. Update the application to include a message group ID in the messages.
D. Modify the queue type from SQS standard to SQS FIFO. Update the application to send messages with identical message bodies and to include the DelaySeconds parameter in the messages.

#262 (Accuracy: 100% / 4 votes)

A company needs to deploy instances of an application and associated infrastructure to multiple AWS Regions. The company wants to use a single AWS CloudFormation template to achieve this goal. The company uses AWS Organizations and wants to administer and run this template from a central administration account.

What should a SysOps administrator do to meet these requirements?

A. Create a CloudFormation template that is stored in Amazon S3. Configure Cross-Region Replication (CRR) on the S3 bucket. Reference the required accounts and remote Regions in the input template parameters.
B. In the central administration account, create a CloudFormation primary template that loads CloudFormation nested stacks from Amazon S3 buckets in the target Regions.
C. Create CloudFormation nested stacks by using a primary template in the central administration account. Configure the required accounts and Regions for deployment of the nested stacks.
D. Create a CloudFormation stack set that includes service-managed permissions. Deploy the stack set into the required accounts and Regions from the central administration account.

#263 (Accuracy: 100% / 3 votes)

An application team uses an Amazon Aurora MySQL DB cluster with one Aurora Replica. The application team notices that the application read performance degrades when user connections exceed 200. The number of user connections is typically consistent around 180, with occasional sudden increases above 200 connections. The application team wants the application to automatically scale as user demand increases or decreases.

Which solution will meet these requirements?

A. Migrate to a new Aurora multi-master DB cluster. Modify the application database connection string.
B. Modify the DB cluster by changing to serverless mode whenever user connections exceed 200.
C. Create an auto scaling policy with a target metric of 195 DatabaseConnections.
D. Modify the DB cluster by increasing the Aurora Replica instance size.

#264 (Accuracy: 100% / 5 votes)

A SysOps administrator is using Amazon EC2 instances to host an application. The SysOps administrator needs to grant permissions for the application to access an Amazon DynamoDB table.
Which solution will meet this requirement?

A. Create access keys to access the DynamoDB table. Assign the access keys to the EC2 instance profile.
B. Create an EC2 key pair to access the DynamoDB table. Assign the key pair to the EC2 instance profile.
C. Create an IAM user to access the DynamoDB table. Assign the IAM user to the EC2 instance profile.
D. Create an IAM role to access the DynamoDB table. Assign the IAM role to the EC2 instance profile.

#265 (Accuracy: 100% / 3 votes)

A global company handles a large amount of personally identifiable information (PII) through an internal web portal. The company’s application runs in a corporate data center that is connected to AWS through an AWS Direct Connect connection. The application stores the PII in Amazon S3. According to a compliance requirement, traffic from the web portal to Amazon S3 must not travel across the internet.

What should a SysOps administrator do to meet the compliance requirement?

A. Provision an interface VPC endpoint for Amazon S3. Modify the application to use the interface endpoint.
B. Configure AWS Network Firewall to redirect traffic to the internal S3 address.
C. Modify the application to use the S3 path-style endpoint.
D. Set up a range of VPC network ACLs to redirect traffic to the internal S3 address.

#266 (Accuracy: 100% / 4 votes)

A company hosts an internal application on Amazon EC2 On-Demand Instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group. Employees use the application to provide product prices to potential customers. The Auto Scaling group is configured with a dynamic scaling policy and tracks average CPU utilization of the instances.

Employees have noticed that sometimes the application becomes slow or unresponsive. A SysOps administrator finds that some instances are experiencing a high CPU load. The Auto Scaling group cannot scale out because the company is reaching the EC2 instance service quota.

The SysOps administrator needs to implement a solution that provides a notification when the company reaches 70% or more of the EC2 instance service quota.

Which solution will meet these requirements in the MOST operationally efficient manner?

A. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances, and compares the total number against the applied quota value by using the Service Quotas API. Configure the Lambda function to publish an Amazon Simple Notification Service (Amazon SNS) notification if the quota utilization is equal to or greater than 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
B. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances, and compares the total number against the applied quota value by using the Amazon CloudWatch Metrics API. Configure the Lambda function to publish an Amazon Simple Notification Service (Amazon SNS) notification if the quota utilization is equal to or greater than 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
C. Use the Service Quotas console to create an Amazon CloudWatch alarm for the EC2 instances. Configure the alarm with quota utilization equal to or greater than 70%. Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.
D. Create an Amazon CloudWatch alarm. Configure the alarm with a threshold of 70% for the CPUUtilization metric for the EC2 instances. Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.

#267 (Accuracy: 100% / 4 votes)

A SysOps administrator is responsible for managing a company's cloud infrastructure with AWS CloudFormation. The SysOps administrator needs to create a single resource that consists of multiple AWS services. The resource must support creation and deletion through the CloudFormation console.
Which CloudFormation resource type should the SysOps administrator create to meet these requirements?

A. AWS::EC2::Instance with a cfn-init helper script
B. AWS::OpsWorks::Instance
C. AWS::SSM::Document
D. Custom::MyCustomType

#268 (Accuracy: 96% / 10 votes)

A company runs an application on an Amazon EC2 instance. A SysOps administrator creates an Auto Scaling group and an Application Load Balancer (ALB) to handle an increase in demand. However, the EC2 instances are failing the health check.
What should the SysOps administrator do to troubleshoot this issue?

A. Verify that the Auto Scaling group is configured to use all AWS Regions.
B. Verify that the application is running on the protocol and the port that the listener is expecting.
C. Verify the listener priority in the ALB. Change the priority if necessary.
D. Verify the maximum number of instances in the Auto Scaling group. Change the number if necessary.

#269 (Accuracy: 100% / 2 votes)

A company currently runs its infrastructure within a VPC in a single Availability Zone. The VPC is connected to the company’s on-premises data center through an AWS Site-to-Site VPN connection attached to a virtual private gateway. The on-premises route tables route all VPC networks to the VPN connection. Communication between the two environments is working correctly. A SysOps administrator created new VPC subnets within a new Availability Zone, and deployed new resources within the subnets. However, communication cannot be established between the new resources and the on-premises environment.

Which steps should the SysOps administrator take to resolve the issue?

A. Add a route to the route tables of the new subnets that send on-premises traffic to the virtual private gateway.
B. Create a ticket with AWS Support to request adding Availability Zones to the Site-to-Site VPN route configuration.
C. Establish a new Site-to-Site VPN connection between a virtual private gateway attached to the new Availability Zone and the on-premises data center.
D. Replace the Site-to-Site VPN connection with an AWS Direct Connect connection.

#270 (Accuracy: 100% / 1 votes)

A company is building a web application on AWS. The company is using Amazon CloudFront with a domain name of www.example.com. All traffic to CloudFront must be encrypted in transit. The company already has provisioned an SSL certificate for www.example.com in AWS Certificate Manager (ACM).

Which combination of steps should a SysOps administrator take to encrypt the traffic in transit? (Choose two.)

A. For each cache behavior in the CloudFront distribution, modify the Viewer Protocol Policy setting to redirect HTTP to HTTPS.
B. For each cache behavior in the CloudFront distribution, modify the Viewer Protocol Policy setting to allow HTTP and HTTPS.
C. Enter the alternate domain name (CNAME) of www.example.com for the CloudFront distribution. Select the custom SSL certificate.
D. Configure an AWS WAF web ACL for the CloudFront distribution.
E. Configure CloudFront Origin Shield for the CloudFront origin.

There are 349 results