Recommend!!

Get the Full AWS-SysOps dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AWS-SysOps-exam-dumps.html (305 New Questions)

Amazon
Exam Questions AWS-SysOps
AWS Certified SysOps Administrator - Associate

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AWS-SysOps dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AWS-SysOps-exam-dumps.html (305 New Questions)

NEW QUESTION 1
- (Exam Topic 2)
You need to update an existing AWS CloudFormation stack. If needed, a copy to the CloudFormation template is available in an Amazon SB bucket named
cloudformation-bucket
* 1. Use the us-east-2 Region for all resources.
* 2. Unless specified below, use the default configuration settings.
* 3. update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:
* a) Change the EC2 instance type to us-east-t2.nano.
* b) Allow SSH to connect to the EC2 instance from the IP address range 192.168.100.0/30.
* c) Replace the instance profile IAM role with IamRoleB.
* 4. Deploy the changes by updating the stack using the CFServiceR01e role.
* 5. Edit the stack options to prevent accidental deletion.
* 6. Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

Solution:
Here are the steps to update an existing AWS CloudFormation stack:
Log in to the AWS Management Console and navigate to the CloudFormation service in the us-east-2 Region.
Find the existing stack named 1700182 and click on it.
Click on the "Update" button.
Choose "Replace current template" and upload the updated CloudFormation template from the Amazon S3 bucket named "cloudformation-bucket"
In the "Parameter" section, update the EC2 instance type to us-east-t2.nano and add the IP address range 192.168.100.0/30 for SSH access.
Replace the instance profile IAM role with IamRoleB.
In the "Capabilities" section, check the checkbox for "IAM Resources"
Choose the role CFServiceR01e and click on "Update Stack"
Wait for the stack to be updated.
Once the update is complete, navigate to the stack and click on the "Stack options" button, and select "Prevent updates to prevent accidental deletion"
To get the value of the Prodlnstanceld , navigate to the "Outputs" tab in the CloudFormation stack and
find the key "Prodlnstanceld". The value corresponding to it is the value that you need to enter in the text box below.
Note:
You can use AWS CloudFormation to update an existing stack.
You can use the AWS CloudFormation service role to deploy updates.
You can refer to the AWS CloudFormation documentation for more information on how to update and manage stacks: https://aws.amazon.com/cloudformation/

Does this meet the goal?

A. Yes
B. No

Answer: A

NEW QUESTION 2
- (Exam Topic 1)
An errant process is known to use an entire processor and run at 100%. A SysOps administrator wants to automate restarting the instance once the problem
occurs for more than 2 minutes.
How can this be accomplished?

A. Create an Amazon CloudWatch alarm for the Amazon EC2 instance with basic monitorin
B. Enable an action to restart the instance.
C. Create a CloudWatch alarm for the EC2 instance with detailed monitorin
D. Enable an action to restart the instance.
E. Create an AWS Lambda function to restart the EC2 instance, triggered on a scheduled basis every 2 minutes.
F. Create a Lambda function to restart the EC2 instance, triggered by EC2 health checks.

Answer: B

NEW QUESTION 3
- (Exam Topic 1)
A company uses AWS Organizations. A SysOps administrator wants to use AWS Compute Optimizer and AWS tag policies in the management account to govern
all member accounts in the billing family. The SysOps administrator navigates to the AWS Organizations console but cannot activate tag policies through the
management account.
What could be the reason for this issue?

A. All features have not been enabled in the organization.

B. Consolidated billing has not been enabled.
C. The member accounts do not have tags enabled for cost allocation.
D. The member accounts have not manually enabled trusted access for Compute Optimizer.

Answer: C

NEW QUESTION 4

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AWS-SysOps dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AWS-SysOps-exam-dumps.html (305 New Questions)

- (Exam Topic 1)
A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company’s on-premises network to the VPC.
The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain
records. After the migration, the application is not able to connect to the customer data because of name resolution errors.
Which solution will give the application the ability to resolve the internal domain names?

A. Launch EC2 instances in the VP

B. On the EC2 instances, deploy a custom DNS forwarder that forwards all DNS requests to the on-premises DNS serve
C. Create an Amazon Route 53 private hosted zone that uses the EC2 instances for name servers.
D. Create an Amazon Route 53 Resolver outbound endpoin
E. Configure the outbound endpoint to forward DNS queries against the on-premises domain to the on-premises DNS server.
F. Set up two AWS Direct Connect connections between the AWS environment and the on-premises networ
G. Set up a link aggregation group (LAG) that includes the two connection
H. Change the VPC resolver address to point to the on-premises DNS server.
I. Create an Amazon Route 53 public hosted zone for the on-premises domai
J. Configure the network ACLs to forward DNS requests against the on-premises domain to the Route 53 public hosted zone.

Answer: B

Explanation:
https://docs.aws.amazon.com/zh_tw/Route53/latest/DeveloperGuide/resolver-forwarding-outbound-queries.html

NEW QUESTION 5
- (Exam Topic 1)
A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps administrator
inspects the VPC flow logs and finds the following entry:
2 111122223333 eni-<###> 192.0.2.15 203.0.113.56 40711 443 6 1 40 1418530010 1418530070 REJECT OK
What is a possible cause of these failed connections?

A. A security group is denying traffic on port 443.

B. The EC2 instance is shut down.
C. The network ACL is blocking HTTPS traffic.
D. The VPC has no internet gateway attached.

Answer: A

Explanation:
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html#flow-log-example-accepted
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html#
Accepted and rejected traffic: In this example, RDP traffic (destination port 3389, TCP protocol) to network interface eni-1235b8ca123456789 in account
123456789010 was rejected. 2 123456789010
eni-1235b8ca123456789 172.31.9.69 172.31.9.12 49761 3389 6 20 4249 1418530010 1418530070 REJECT OK

NEW QUESTION 6
- (Exam Topic 1)
A company is running a serverless application on AWS Lambda The application stores data in an Amazon RDS for MySQL DB instance Usage has steadily
increased and recently there have been numerous "too many connections" errors when the Lambda function attempts to connect to the database The company
already has configured the database to use the maximum max_connections value that is possible
What should a SysOps administrator do to resolve these errors'?

A. Create a read replica of the database Use Amazon Route 53 to create a weighted DNS record that contains both databases
B. Use Amazon RDS Proxy to create a proxy Update the connection string in the Lambda function
C. Increase the value in the max_connect_errors parameter in the parameter group that the database uses
D. Update the Lambda function's reserved concurrency to a higher value

Answer: B

Explanation:
https://aws.amazon.com/blogs/compute/using-amazon-rds-proxy-with-aws-lambda/
RDS Proxy acts as an intermediary between your application and an RDS database. RDS Proxy establishes and manages the necessary connection pools to your
database so that your application creates fewer database connections. Your Lambda functions interact with RDS Proxy instead of your database instance. It
handles the connection pooling necessary for scaling many simultaneous connections created by concurrent Lambda functions. This allows your Lambda
applications to reuse existing connections, rather than creating new connections for every function invocation.
Check "Database proxy for Amazon RDS" section in the link to see how RDS proxy help Lambda handle huge connections to RDS MySQL
https://aws.amazon.com/blogs/compute/using-amazon-rds-proxy-with-aws-lambda/

NEW QUESTION 7
- (Exam Topic 1)
A company plans to migrate several of its high performance computing (MPC) virtual machines (VMs) to Amazon EC2 instances on AWS. A SysOps administrator
must identify a placement group for this deployment. The strategy must minimize network latency and must maximize network throughput between the HPC VMs.
Which strategy should the SysOps administrator choose to meet these requirements?

A. Deploy the instances in a cluster placement group in one Availability Zone.

B. Deploy the instances in a partition placement group in two Availability Zones
C. Deploy the instances in a partition placement group in one Availability Zone
D. Deploy the instances in a spread placement group in two Availably Zones

Answer: A

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AWS-SysOps dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AWS-SysOps-exam-dumps.html (305 New Questions)

NEW QUESTION 8
- (Exam Topic 1)
An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General Purpose SSD volumes, an Amazon RDS PostgreSQL database, an
Amazon EFS file system, and static objects stored in an Amazon S3 bucket. The Security team now mandates that at-rest encryption be turned on immediately for
all aspects of the application, without creating new resources and without any downtime.
To satisfy the requirements, which one of these services can the SysOps administrator enable at-rest encryption on?

A. EBS General Purpose SSD volumes

B. RDS PostgreSQL database
C. Amazon EFS file systems
D. S3 objects within a bucket

Answer: D

Explanation:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingEncryption.html

NEW QUESTION 9
- (Exam Topic 1)
A company must migrate its applications to AWS The company is using Chef recipes for configuration management The company wants to continue to use the
existing Chef recipes after the applications are migrated to AWS.
What is the MOST operationally efficient solution that meets these requirements?

A. Use AWS Cloud Format ion to create an Amazon EC2 instance, install a Chef server, and add Chefrecipes.
B. Use AWS CloudFormation to create a stack and add layers for Chef recipes.
C. Use AWS Elastic Beanstalk with the Docker platform to upload Chef recipes.
D. Use AWS OpsWorks to create a stack and add layers with Chef recipes.

Answer: D

NEW QUESTION 10
- (Exam Topic 1)
A Sysops administrator creates an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that uses AWS Fargate. The cluster is deployed successfully. The
Sysops administrator needs to manage the cluster by using the kubect1 command line tool.
Which of the following must be configured on the Sysops administrator's machine so that kubect1 can communicate with the cluster API server?

A. The kubeconfig file

B. The kube-proxy Amazon EKS add-on
C. The Fargate profile
D. The eks-connector.yaml file

Answer: A

Explanation:
The kubeconfig file is a configuration file used to store cluster authentication information, which is required to make requests to the Amazon EKS cluster API
server. The kubeconfig file will need to be configured on the SysOps administrator's machine in order for kubectl to be able to communicate with the cluster API
server.
https://aws.amazon.com/blogs/developer/running-a-kubernetes-job-in-amazon-eks-on-aws-fargate-using-aws-ste

NEW QUESTION 11
- (Exam Topic 1)
A Sysops administrator needs to configure automatic rotation for Amazon RDS database credentials. The credentials must rotate every 30 days. The solution must
integrate with Amazon RDS.
Which solution will meet these requirements with the LEAST operational overhead?

A. Store the credentials in AWS Systems Manager Parameter Store as a secure strin
B. Configure automatic rotation with a rotation interval of 30 days.
C. Store the credentials in AWS Secrets Manage
D. Configure automatic rotation with a rotation interval of 30 days.
E. Store the credentials in a file in an Amazon S3 bucke
F. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.
G. Store the credentials in AWS Secrets Manage
H. Deploy an AWS Lambda function to automatically rotate the credentials every 30 days.

Answer: B

Explanation:
Storing the credentials in AWS Secrets Manager and configuring automatic rotation with a rotation interval of 30 days is the most efficient way to meet the
requirements with the least operational overhead. AWS Secrets Manager automatically rotates the credentials at the specified interval, so there is no need for an
additional AWS Lambda function or manual rotation. Additionally, Secrets Manager is integrated with Amazon RDS, so the credentials can be easily used with the
RDS database.

NEW QUESTION 12
- (Exam Topic 1)
A new website will run on Amazon EC2 instances behind an Application Load Balancer. Amazon Route 53 will be used to manage DNS records.
What type of record should be set in Route 53 to point the website’s apex domain name (for example.company.com to the Application Load Balancer?

A. CNAME
B. SOA

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AWS-SysOps dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AWS-SysOps-exam-dumps.html (305 New Questions)

C. TXT
D. ALIAS

Answer: D

NEW QUESTION 13
- (Exam Topic 1)
An application accesses data through a file system interface. The application runs on Amazon EC2 instances in multiple Availability Zones, all of which must share
the same data. While the amount of data is currently small, the company anticipates that it will grow to tens of terabytes over the lifetime of the application.
What is the MOST scalable storage solution to fulfill this requirement?

A. Connect a large Amazon EBS volume to multiple instances and schedule snapshots.
B. Deploy Amazon EFS in the VPC and create mount targets in multiple subnets.
C. Launch an EC2 instance and share data using SMB/CIFS or NFS.
D. Deploy an AWS Storage Gateway cached volume on Amazon EC2.

Answer: B

NEW QUESTION 14
- (Exam Topic 1)
A company requires that all IAM user accounts that have not been used for 90 days or more must have their access keys and passwords immediately disabled A
SysOps administrator must automate the process of disabling unused keys using the MOST operationally efficient method.
How should the SysOps administrator implement this solution?

A. Create an AWS Step Functions workflow to identify IAM users that have not been active for 90 days Run an AWS Lambda function when a scheduled Amazon
EventBridge (Amazon CloudWatch Events) rule is invoked to automatically remove the AWS access keys and passwords for these IAM users
B. Configure an AWS Config rule to identify IAM users that have not been active for 90 days Set up an automatic weekly batch process on an Amazon EC2
instance to disable the AWS access keys and passwords for these IAM users
C. Develop and run a Python script on an Amazon EC2 instance to programmatically identify IAM users that have not been active for 90 days Automatically delete
these 1AM users
D. Set up an AWS Config managed rule to identify IAM users that have not been active for 90 days Set up an AWS Systems Manager automation runbook to
disable the AWS access keys for these IAM users

Answer: D

NEW QUESTION 15
- (Exam Topic 1)
A global company handles a large amount of personally identifiable information (Pll) through an internal web portal. The company's application runs in a corporate
data center that is connected to AWS through an AWS Direct Connect connection. The application stores the Pll in Amazon S3. According to a compliance
requirement, traffic from the web portal to Amazon S3 must not travel across the internet.
What should a SysOps administrator do to meet the compliance requirement?

A. Provision an interface VPC endpoint for Amazon S3. Modify the application to use the interface endpoint.
B. Configure AWS Network Firewall to redirect traffic to the internal S3 address.
C. Modify the application to use the S3 path-style endpoint.
D. Set up a range of VPC network ACLs to redirect traffic to the Internal S3 address.

Answer: B

NEW QUESTION 16
- (Exam Topic 1)
A large multinational company has a core application that runs 24 hours a day, 7 days a week on Amazon EC2 and AWS Lambda. The company uses a
combination of operating systems across different AWS Regions. The company wants to achieve cost savings and wants to use a pricing model that provides the
most flexibility.
What should the company do to MAXIMIZE cost savings while meeting these requirements?

A. Establish the compute expense by the hou

B. Purchase a Compute Savings Plan.
C. Establish the compute expense by the hou
D. Purchase an EC2 Instance Savings Plan.
E. Purchase a Reserved Instance for the instance types, operating systems, Region, and tenancy.
F. Use EC2 Spot Instances to match the instances that run in each Region.

Answer: D

NEW QUESTION 17
- (Exam Topic 1)
A company hosts an internal application on Amazon EC2 instances. All application data and requests route through an AWS Site-to-Site VPN connection between
the on-premises network and AWS. The company must monitor the application for changes that allow network access outside of the corporate network. Any
change that exposes the application externally must be restricted automatically.
Which solution meets these requirements in the MOST operationally efficient manner?

A. Create an AWS Lambda function that updates security groups that are associated with the elastic network interface to remove inbound rules with noncorporate
CIDR range
B. Turn on VPC Flow Logs, and send the logs to Amazon CloudWatch Log
C. Create an Amazon CloudWatch alarm that matches traffic from noncorporate CIDR ranges, and publish a message to an Amazon Simple Notification Service
(Amazon SNS) topic with the Lambda function as a target.
D. Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule that targets an AWS Systems Manager Automation document to check for public

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AWS-SysOps dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AWS-SysOps-exam-dumps.html (305 New Questions)

IP addresses on the EC2 instance

E. If public IP addresses are found on the EC2 instances, initiate another Systems Manager Automation document to terminate the instances.
F. Configure AWS Config and a custom rule to monitor whether a security group allows inbound requestsfrom noncorporate CIDR range
G. Create an AWS Systems Manager Automation document to remove any noncorporate CIDR ranges from the application security groups.
H. Configure AWS Config and the managed rule for monitoring public IP associations with the EC2 instances by ta
I. Tag the EC2 instances with an identifie
J. Create an AWS Systems Manager Automation document to remove the public IP association from the EC2 instances.

Answer: C

Explanation:
https://aws.amazon.com/blogs/security/how-to-auto-remediate-internet-accessible-ports-with-aws-config-and-aw

NEW QUESTION 18
- (Exam Topic 1)
A SysOps administrator is setting up a fleet of Amazon EC2 instances in an Auto Scaling group for an application. The fleet should have 50% CPU available at that
times to accommodate bursts of traffic. The load will increase significantly between the hours of 09:00 and 17:00,7 days a week
How should the SysOps administrator configure the scaling of the EC2 instances to meet these requirements?

A. Create a target tracking scaling policy that runs when the CPU utilization is higher than 90%
B. Create a target tracking scaling policy that runs when the CPU utilization is higher than 50%. Create a scheduled scaling policy that ensures that the fleet is
available at 09:00 Create a second scheduled scaling policy that scales in the fleet at 17:00
C. Set the Auto Scaling group to start with 2 instances by setting the desired instances maximum instances, and minimum instances to 2 Create a scheduled
scaling policy that ensures that the fleet is available at 09:00
D. Create a scheduled scaling policy that ensures that the fleet is available at 09.00. Create a second scheduled scaling policy that scales in the fleet at 17:00

Answer: B

NEW QUESTION 19
- (Exam Topic 1)
A company plans to deploy a database on an Amazon Aurora MySQL DB cluster. The database will store data for a demonstration environment. The data must be
reset on a daily basis.
What is the MOST operationally efficient solution that meets these requirements?

A. Create a manual snapshot of the DB cluster after the data has been populate
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basi
C. Configure the function to restore the snapshot and then delete the previous DB cluster.
D. Enable the Backtrack feature during the creation of the DB cluste
E. Specify a target backtrack window of 48 hour
F. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basi
G. Configure the function to perform a backtrack operation.
H. Export a manual snapshot of the DB cluster to an Amazon S3 bucket after the data has been populated.Create an Amazon EventBridge (Amazon CloudWatch
Events) rule to invoke an AWS Lambda function on a daily basi
I. Configure the function to restore the snapshot from Amazon S3.
J. Set the DB cluster backup retention period to 2 day
K. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basi
L. Configure the function to restore the DB cluster to a point in time and then delete the previous DB cluster.

Answer: D

Explanation:
Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function on a daily basis. Configure the function to restore the DB
cluster to a point in time and then delete the previous DB cluster. This is the most operationally efficient solution that meets the requirements, as it will allow the
company to reset the database on a daily basis without having to manually take and restore snapshots. The other solutions (creating a manual snapshot of the DB
cluster, enabling the Backtrack feature, or exporting a manual snapshot of the DB cluster to Amazon S3) will require additional steps and resources to reset the
database on a daily basis.

NEW QUESTION 20
- (Exam Topic 1)
A company has mandated the use of multi-factor authentication (MFA) for all IAM users, and requires users to make all API calls using the CLI. However. users
are not prompted to enter MFA tokens, and are able to run CLI commands without MFA. In an attempt to enforce MFA, the company attached an IAM policy to all
users that denies API calls that have not been authenticated with MFA.
What additional step must be taken to ensure that API calls are authenticated using MFA?

A. Enable MFA on IAM roles, and require IAM users to use role credentials to sign API calls.
B. Ask the IAM users to log into the AWS Management Console with MFA before making API calls using the CLI.
C. Restrict the IAM users to use of the console, as MFA is not supported for CLI use.
D. Require users to use temporary credentials from the get-session token command to sign API calls.

Answer: D

NEW QUESTION 21
- (Exam Topic 1)
A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS
Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file.
What is the MOST operationally efficient solution that meets these requirements?

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivere
B. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB tabl

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AWS-SysOps dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AWS-SysOps-exam-dumps.html (305 New Questions)

C. The security team can use the values that are stored in DynamoDB to verify the integrity of the delivered files.
D. Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucke
E. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon S3 objec
F. The security team can use the information in the tag to verify the integrity of the delivered files.
G. Enable the CloudTrail file integrity feature on an Amazon S3 bucke
H. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.
I. Enable the CloudTrail file integrity feature on the trai
J. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.

Answer: D

Explanation:
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html "When you enable log file integrity validation, CloudTrail creates
a hash for every log file that it delivers.
Every hour, CloudTrail also creates and delivers a file that references the log files for the last hour and contains a hash of each. This file is called a digest file.
Validated log files are invaluable in security and forensic investigations"

NEW QUESTION 22
- (Exam Topic 1)
A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template it installs and configure necessary
software through AWS OpsWorks and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours but at
limes the process stalls due to installation errors.
The SysOps administrator must modify the CloudFormation template so if the process stalls, the entire stack will tail and roil back.
Based on these requirements what should be added to the template?

A. Conditions with a timeout set to 4 hours.

B. CreationPolicy with timeout set to 4 hours.
C. DependsOn a timeout set to 4 hours.
D. Metadata with a timeout set to 4 hours

Answer: B

NEW QUESTION 23
- (Exam Topic 1)
A company runs several workloads on AWS. The company identifies five AWS Trusted Advisor service quota metrics to monitor in a specific AWS Region. The
company wants to receive email notification each time resource usage exceeds 60% of one of the service quotas.
Which solution will meet these requirements?

A. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metri
B. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas.
C. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metri
D. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas.
E. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric.Configure an Amazon Simple Queue Service (Amazon SQS)
queue for email notification each time that usage exceeds 60% of one of the service quotas.
F. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric.Configure an Amazon Simple Notification Service (Amazon SNS)
topic for email notification each time that usage exceeds 60% of one of the service quotas.

Answer: A

Explanation:
CloudWatch alarms allow you to monitor AWS resources, and you can configure an SNS topic to send an email notification each time one of the alarms is
triggered. This will ensure that the company receives email notifications each time one of the service quotas is exceeded, allowing the company to take action as
needed.

NEW QUESTION 24
- (Exam Topic 1)
A company has a stateless application that is hosted on a fleet of 10 Amazon EC2 On-Demand Instances in an Auto Scaling group. A minimum of 6 instances are
needed to meet service requirements.
Which action will maintain uptime for the application MOST cost-effectively?

A. Use a Spot Fleet with an On-Demand capacity of 6 instances.

B. Update the Auto Scaling group with a minimum of 6 On-Demand Instances and a maximum of 10 On-Demand Instances.
C. Update the Auto Scaling group with a minimum of 1 On-Demand Instance and a maximum of 6 On-Demand Instances.
D. Use a Spot Fleet with a target capacity of 6 instances.

Answer: A

NEW QUESTION 25
- (Exam Topic 1)
A company uses AWS CloudFormation to deploy its application infrastructure Recently, a user accidentally changed a property of a database in a CloudFormation
template and performed a stack update that caused an interruption to the application A SysOps administrator must determine how to modify the deployment
process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.
Which solution will meet these requirements?

A. Set up an AWS Config rule to alert based on changes to any CloudFormation stack An AWS Lambda function can then describe the stack to determine if any
protected resources were modified and cancel the operation
B. Set up an Amazon CloudWatch Events event with a rule to trigger based on any CloudFormation API call An AWS Lambda function can then describe the stack
to determine if any protected resources were modified and cancel the operation
C. Launch the CloudFormation templates using a stack policy with an explicit allow for all resources and an explicit deny of the protected resources with an action

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AWS-SysOps dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AWS-SysOps-exam-dumps.html (305 New Questions)

of Update
D. Attach an IAM policy to the DevOps team role that prevents a CloudFormation stack from updating, with a condition based on the specific Amazon Resource
Names (ARNs) of the protected resources

Answer: B

NEW QUESTION 26
- (Exam Topic 1)
A company is attempting to manage its costs in the AWS Cloud. A SysOps administrator needs specific company-defined tags that are assigned to resources to
appear on the billing report.
What should the SysOps administrator do to meet this requirement?

A. Activate the tags as AWS generated cost allocation tags.

B. Activate the tags as user-defined cost allocation tags.
C. Create a new cost categor
D. Select the account billing dimension.
E. Create a new AWS Cost and Usage Repor
F. Include the resource IDs.

Answer: B

Explanation:
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/custom-tags.html "User-defined tags are tags that you define, create, and apply to resources. After
you have created and applied the user-defined tags, you can activate by using the Billing and Cost Management console for cost allocation tracking. "
To meet this requirement, the SysOps administrator should activate the company-defined tags as user-defined cost allocation tags. This will ensure that the tags
appear on the billing report and that the resources can be tracked with the specific tags. The other options (activating the tags as AWS generated cost allocation
tags, creating a new cost category and selecting the account billing dimension, and creating a new AWS Cost and Usage Report and including the resource IDs)
will not meet the requirements and are not the correct solutions for this issue.

NEW QUESTION 27
- (Exam Topic 1)
A company needs to upload gigabytes of files every day. The company need to achieve higher throughput and upload speeds to Amazon S3 Which action should
a SysOps administrator take to meet this requirement?

A. Create an Amazon CloudFront distribution with the GET HTTP method allowed and the S3 bucket as an origin.
B. Create an Amazon ElastiCache duster and enable caching for the S3 bucket
C. Set up AWS Global Accelerator and configure it with the S3 bucket
D. Enable S3 Transfer Acceleration and use the acceleration endpoint when uploading files

Answer: D

Explanation:
Enable Amazon S3 Transfer Acceleration Amazon S3 Transfer Acceleration can provide fast and secure transfers over long distances between your client and
Amazon S3. Transfer Acceleration uses Amazon CloudFront's globally distributed edge locations.
https://aws.amazon.com/premiumsupport/knowledge-center/s3-upload-large-files/

NEW QUESTION 28
- (Exam Topic 1)
A company wants to build a solution for its business-critical Amazon RDS for MySQL database. The database requires high availability across different geographic
locations. A SysOps administrator must build a solution to handle a disaster recovery (DR) scenario with the lowest recovery time objective (RTO) and recovery
point objective (RPO).
Which solution meets these requirements?

A. Create automated snapshots of the database on a schedul

B. Copy the snapshots to the DR Region.
C. Create a cross-Region read replica for the database.
D. Create a Multi-AZ read replica for the database.
E. Schedule AWS Lambda functions to create snapshots of the source database and to copy the snapshots to a DR Region.

Answer: B

NEW QUESTION 29
- (Exam Topic 1)
A company has created a NAT gateway in a public subnet in a VPC. The VPC also contains a private subnet that includes Amazon EC2 instances. The EC2
instances use the NAT gateway to access the internet to download patches and updates. The company has configured a VPC flow log for the elastic network
interface of the NAT gateway. The company is publishing the output to Amazon CloudWatch Logs.
A SysOps administrator must identify the top five internet destinations that the EC2 instances in the private subnet communicate with for downloads.
What should the SysOps administrator do to meet this requirement in the MOST operationally efficient way?

A. Use AWS CloudTrail Insights events to identify the top five internet destinations.
B. Use Amazon CloudFront standard logs (access logs) to identify the top five internet destinations.
C. Use CloudWatch Logs Insights to identify the top five internet destinations.
D. Change the flow log to publish logs to Amazon S3. Use Amazon Athena to query the log files in Amazon S3.

Answer: C

NEW QUESTION 30
- (Exam Topic 1)

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AWS-SysOps dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AWS-SysOps-exam-dumps.html (305 New Questions)

An application team uses an Amazon Aurora MySQL DB cluster with one Aurora Replica. The application team notices that the application read performance
degrades when user connections exceed 200. The number of user connections is typically consistent around 180. with occasional sudden increases above 200
connections. The application team wants the application to automatically scale as user demand increases or decreases.
Which solution will meet these requirements?

A. Migrate to a new Aurora multi-master DB cluste

B. Modify the application database connection string.
C. Modify the DB cluster by changing to serverless mode whenever user connections exceed 200.
D. Create an auto scaling policy with a target metric of 195 DatabaseConnections
E. Modify the DB cluster by increasing the Aurora Replica instance size.

Answer: C

NEW QUESTION 31
......

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AWS-SysOps dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AWS-SysOps-exam-dumps.html (305 New Questions)

Thank You for Trying Our Product

We offer two products:

1st - We have Practice Tests Software with Actual Exam Questions

2nd - Questons and Answers in PDF Format

AWS-SysOps Practice Exam Features:

* AWS-SysOps Questions and Answers Updated Frequently

* AWS-SysOps Practice Questions Verified by Expert Senior Certified Staff

* AWS-SysOps Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* AWS-SysOps Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

100% Actual & Verified — Instant Download, Please Click

Order The AWS-SysOps Practice Test Here

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Powered by TCPDF (www.tcpdf.org)