A Development team is designing an application that processes sensitive information within a hybrid deployment. The team needs to ensure the application data is protected both in transit and at rest.

Which combination of actions should be taken to accomplish this? (Choose two.)

A SysOps Administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented stncl IP whitelisting that requires all build uploads to come from a single IP address.

What change should the Systems Administrator make to the existing build fleet to comply with this new requirement?

A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.

How should the Administrator ensure that this is done?

A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company’s AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.

What should be done to accomplish this?

A company has a multi-tier web application. In the web tier, all the servers are in private subnets inside a VPC. The development team wants to make changes to the application that requires access to Amazon S3.

What should be done to accomplish this?

A SysOps Administrator needs to monitor all the object upload and download activity of a single Amazon S3 bucket. Monitoring most include tracking the AWS account of the catier, the IAM user role of the caller, the time of the API call, and the IP address of the API.

Where can the administrator find this information?

An application team has asked a sysops administrator to provision an additional environment for an application in four additional regions. The application is running on more than 100 instances in us-east-1, using fully baked AMIs, An AWS CloudFormation template has been created to deploy resources in us-east-1.

What must the sysops administrator do to provision the application quickly?

A company relies on a fleet of Amazon EC2 instances to support an application. One of the EC2 instances was scheduled for hardware maintenance by AWS. An operations team did not remove the EC2 instance from the fleet in advance of the scheduled maintenance, and an unplanned outage resulted. A SysOps administrator must configure notifications to let the operations team know about scheduled maintenance in the future.

Which action should the SysOps administrator take to meet this requirement?

A company would like to review each change in the infrastructure before deploying updates in its AWS CloudFormation stacks.

Which action will allow an Administrator to understand the impact of these changes before implementation?

A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps Administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the Administrator to alter the application code.

The MOST effective way to reduce latency is to relaunch the EC2 instances in:

A SysOps administrator created an AWS service catalog portfolio and shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.

Which action will the administrator of the second account be able to perform?

When the AWS Cloud infrastructure experiences an event that may impact an organization, which AWS service can be used to see which of the organization’s resources are affected?

A chief financial officer has asked for a breakdown of costs per project in a single AWS account using cost explorer.

Which combination of options should be set to accomplish this? (Select two)

A company has deployed its infrastructure using AWS CloudFormation Recently the company made manual changes to the infrastructure. A SysOps Administrator is tasked with determining what was changed and updating the CloudFormation template

Which solution will ensure all the changes are captured?

A SysOps Administrator has been notified that some Amazon EC2 instances in the company’s environment might have a vulnerable software version installed.

What should be done to check all of the instances in the environment with the LEAST operational overhead?

An ecommerce site is using Amazon ElastiCache with Memcached to store session state for a web application and to cache frequently used data. For the last month, users have been complaining about performance. The metric data for the Amazon EC2 instances and the Amazon RDS instance appear normal, but the eviction count metrics are high.

What should be done to address this issue and improve performance?

A sysops administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance The administrator has been tasked with reconfiguring the infrastructure to support this approach

How can the administrator accomplish this with the LEAST administrative overhead?

A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE. The Administrator identified and resolved the template issue causing the failure.

How should the Administrator continue with the stack deployment?

A company runs an Amazon RDS MySQL DB instance. Corporate policy requires that a daily backup of the database must be copied to a separate security account.

What is the MOST cost-effective way to meet this requirement?

An application is running on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are configured in an Amazon EC2 Auto Scaling group. A SysOps Administrator must configure the application to scale based on the number of incoming requests.

Which solution accomplishes this with the LEAST amount of effort?

A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.

Which step will fix this issue?

A company requires that all access from on-premises applications to AWS services go over its AWS Direct Connect connection rather than the public internet. How would a SysOps Administrator implement this requirement?

A company wants to reduce costs across the entire company after discovering that several AWS accounts were using unauthorized services and incurring extremely high costs.

Which AWS service enables the company to reduce costs by controlling access to AWS services for all AWS accounts?

A SysOps Administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-1 Region. The Administrator finds that this template has failed to create an EC2 instance in the uswest-2 Region.

What is one cause for this failure?

A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to 1 in Amazon CloudWatch.

What is MOST likely causing this issue?

A SysOps Administrator must secure AWS CloudTrail logs. The Security team is concerned that an employee may modify or attempt to delete CloudTrail log files from its Amazon S3 bucket.

Which practices ensure that the log files are available and unaltered? (Choose two.)

A SysOps Administrator is tasked with deploying and managing a single CloudFormation templates across multiple AWS Accounts.

accomplish this?

A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles. Corporate policies require that developers are blocked from accessing some services.

What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?

A Development team is designing an application that processes sensitive information within a hybrid deployment. The team needs to ensure the application data is protected both in transit and at rest.

Which combination of actions should be taken to accomplish this? (Choose two.)

A SysOps Administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented stncl IP whitelisting that requires all build uploads to come from a single IP address.

What change should the Systems Administrator make to the existing build fleet to comply with this new requirement?

A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.

How should the Administrator ensure that this is done?

A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company’s AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.

What should be done to accomplish this?

A company has a multi-tier web application. In the web tier, all the servers are in private subnets inside a VPC. The development team wants to make changes to the application that requires access to Amazon S3.

What should be done to accomplish this?

A SysOps Administrator needs to monitor all the object upload and download activity of a single Amazon S3 bucket. Monitoring most include tracking the AWS account of the catier, the IAM user role of the caller, the time of the API call, and the IP address of the API.

Where can the administrator find this information?

An application team has asked a sysops administrator to provision an additional environment for an application in four additional regions. The application is running on more than 100 instances in us-east-1, using fully baked AMIs, An AWS CloudFormation template has been created to deploy resources in us-east-1.

What must the sysops administrator do to provision the application quickly?

A company relies on a fleet of Amazon EC2 instances to support an application. One of the EC2 instances was scheduled for hardware maintenance by AWS. An operations team did not remove the EC2 instance from the fleet in advance of the scheduled maintenance, and an unplanned outage resulted. A SysOps administrator must configure notifications to let the operations team know about scheduled maintenance in the future.

Which action should the SysOps administrator take to meet this requirement?

A company would like to review each change in the infrastructure before deploying updates in its AWS CloudFormation stacks.

Which action will allow an Administrator to understand the impact of these changes before implementation?

A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps Administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the Administrator to alter the application code.

The MOST effective way to reduce latency is to relaunch the EC2 instances in:

A SysOps administrator created an AWS service catalog portfolio and shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.

Which action will the administrator of the second account be able to perform?

When the AWS Cloud infrastructure experiences an event that may impact an organization, which AWS service can be used to see which of the organization’s resources are affected?

A chief financial officer has asked for a breakdown of costs per project in a single AWS account using cost explorer.

Which combination of options should be set to accomplish this? (Select two)

A company has deployed its infrastructure using AWS CloudFormation Recently the company made manual changes to the infrastructure. A SysOps Administrator is tasked with determining what was changed and updating the CloudFormation template

Which solution will ensure all the changes are captured?

A SysOps Administrator has been notified that some Amazon EC2 instances in the company’s environment might have a vulnerable software version installed.

What should be done to check all of the instances in the environment with the LEAST operational overhead?

An ecommerce site is using Amazon ElastiCache with Memcached to store session state for a web application and to cache frequently used data. For the last month, users have been complaining about performance. The metric data for the Amazon EC2 instances and the Amazon RDS instance appear normal, but the eviction count metrics are high.

What should be done to address this issue and improve performance?

A sysops administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance The administrator has been tasked with reconfiguring the infrastructure to support this approach

How can the administrator accomplish this with the LEAST administrative overhead?

A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE. The Administrator identified and resolved the template issue causing the failure.

How should the Administrator continue with the stack deployment?

A company runs an Amazon RDS MySQL DB instance. Corporate policy requires that a daily backup of the database must be copied to a separate security account.

What is the MOST cost-effective way to meet this requirement?

An application is running on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are configured in an Amazon EC2 Auto Scaling group. A SysOps Administrator must configure the application to scale based on the number of incoming requests.

Which solution accomplishes this with the LEAST amount of effort?

A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.

Which step will fix this issue?

A company requires that all access from on-premises applications to AWS services go over its AWS Direct Connect connection rather than the public internet. How would a SysOps Administrator implement this requirement?

A company wants to reduce costs across the entire company after discovering that several AWS accounts were using unauthorized services and incurring extremely high costs.

Which AWS service enables the company to reduce costs by controlling access to AWS services for all AWS accounts?

A SysOps Administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-1 Region. The Administrator finds that this template has failed to create an EC2 instance in the uswest-2 Region.

What is one cause for this failure?

A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to 1 in Amazon CloudWatch.

What is MOST likely causing this issue?

A SysOps Administrator must secure AWS CloudTrail logs. The Security team is concerned that an employee may modify or attempt to delete CloudTrail log files from its Amazon S3 bucket.

Which practices ensure that the log files are available and unaltered? (Choose two.)

A SysOps Administrator is tasked with deploying and managing a single CloudFormation templates across multiple AWS Accounts.

accomplish this?

A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles. Corporate policies require that developers are blocked from accessing some services.

What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?

A Development team is designing an application that processes sensitive information within a hybrid deployment. The team needs to ensure the application data is protected both in transit and at rest.

Which combination of actions should be taken to accomplish this? (Choose two.)

A SysOps Administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented stncl IP whitelisting that requires all build uploads to come from a single IP address.

What change should the Systems Administrator make to the existing build fleet to comply with this new requirement?

A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.

How should the Administrator ensure that this is done?

A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company’s AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.

What should be done to accomplish this?

A company has a multi-tier web application. In the web tier, all the servers are in private subnets inside a VPC. The development team wants to make changes to the application that requires access to Amazon S3.

What should be done to accomplish this?

A SysOps Administrator needs to monitor all the object upload and download activity of a single Amazon S3 bucket. Monitoring most include tracking the AWS account of the catier, the IAM user role of the caller, the time of the API call, and the IP address of the API.

Where can the administrator find this information?

An application team has asked a sysops administrator to provision an additional environment for an application in four additional regions. The application is running on more than 100 instances in us-east-1, using fully baked AMIs, An AWS CloudFormation template has been created to deploy resources in us-east-1.

What must the sysops administrator do to provision the application quickly?

A company relies on a fleet of Amazon EC2 instances to support an application. One of the EC2 instances was scheduled for hardware maintenance by AWS. An operations team did not remove the EC2 instance from the fleet in advance of the scheduled maintenance, and an unplanned outage resulted. A SysOps administrator must configure notifications to let the operations team know about scheduled maintenance in the future.

Which action should the SysOps administrator take to meet this requirement?

A company would like to review each change in the infrastructure before deploying updates in its AWS CloudFormation stacks.

Which action will allow an Administrator to understand the impact of these changes before implementation?

A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps Administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the Administrator to alter the application code.

The MOST effective way to reduce latency is to relaunch the EC2 instances in:

A SysOps administrator created an AWS service catalog portfolio and shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.

Which action will the administrator of the second account be able to perform?

When the AWS Cloud infrastructure experiences an event that may impact an organization, which AWS service can be used to see which of the organization’s resources are affected?

A chief financial officer has asked for a breakdown of costs per project in a single AWS account using cost explorer.

Which combination of options should be set to accomplish this? (Select two)

A company has deployed its infrastructure using AWS CloudFormation Recently the company made manual changes to the infrastructure. A SysOps Administrator is tasked with determining what was changed and updating the CloudFormation template

Which solution will ensure all the changes are captured?

A SysOps Administrator has been notified that some Amazon EC2 instances in the company’s environment might have a vulnerable software version installed.

What should be done to check all of the instances in the environment with the LEAST operational overhead?

An ecommerce site is using Amazon ElastiCache with Memcached to store session state for a web application and to cache frequently used data. For the last month, users have been complaining about performance. The metric data for the Amazon EC2 instances and the Amazon RDS instance appear normal, but the eviction count metrics are high.

What should be done to address this issue and improve performance?

A sysops administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance The administrator has been tasked with reconfiguring the infrastructure to support this approach

How can the administrator accomplish this with the LEAST administrative overhead?

A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE. The Administrator identified and resolved the template issue causing the failure.

How should the Administrator continue with the stack deployment?

A company runs an Amazon RDS MySQL DB instance. Corporate policy requires that a daily backup of the database must be copied to a separate security account.

What is the MOST cost-effective way to meet this requirement?

An application is running on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are configured in an Amazon EC2 Auto Scaling group. A SysOps Administrator must configure the application to scale based on the number of incoming requests.

Which solution accomplishes this with the LEAST amount of effort?

A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.

Which step will fix this issue?

A company requires that all access from on-premises applications to AWS services go over its AWS Direct Connect connection rather than the public internet. How would a SysOps Administrator implement this requirement?

A company wants to reduce costs across the entire company after discovering that several AWS accounts were using unauthorized services and incurring extremely high costs.

Which AWS service enables the company to reduce costs by controlling access to AWS services for all AWS accounts?

A SysOps Administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-1 Region. The Administrator finds that this template has failed to create an EC2 instance in the uswest-2 Region.

What is one cause for this failure?

A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to 1 in Amazon CloudWatch.

What is MOST likely causing this issue?

A SysOps Administrator must secure AWS CloudTrail logs. The Security team is concerned that an employee may modify or attempt to delete CloudTrail log files from its Amazon S3 bucket.

Which practices ensure that the log files are available and unaltered? (Choose two.)

A SysOps Administrator is tasked with deploying and managing a single CloudFormation templates across multiple AWS Accounts.

accomplish this?

A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles. Corporate policies require that developers are blocked from accessing some services.

What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?