| Question.46 A company has a public website that recently experienced problems. Some links led to missing webpages, and other links rendered incorrect webpages. The application infrastructure was running properly, and all the provisioned resources were healthy. Application logs and dashboards did not show any errors, and no monitoring alarms were raised. Systems administrators were not aware of any problems until end users reported the issues. The company needs to proactively monitor the website for such issues in the future and must implement a solution as soon as possible. Which solution will meet these requirements with the LEAST operational overhead? (A) Rewrite the application to surface a custom error to the application log when issues occur. Automatically parse logs for errors. Create an Amazon CloudWatch alarm to provide alerts when issues are detected. (B) Create an AWS Lambda function to test the website. Configure the Lambda function to emit an Amazon CloudWatch custom metric when errors are detected. Configure a CloudWatch alarm to provide alerts when issues are detected. (C) Create an Amazon CloudWatch Synthetics canary. Use the CloudWatch Synthetics Recorder plugin to generate the script for the canary run. Configure the canary in line with requirements. Create an alarm to provide alerts when issues are detected. (D) In the Amazon CloudWatch console, turn on Application Insights. Create a CloudWatch alarm to provide alerts when an issue is detected. |
46. Click here to View Answer
Answer: C
| Question.47 A company has a multi-account environment. Account A has a production application that is hosted on an Amazon EC2 instance. The application needs to query data in an Amazon DynamoDB table that is hosted in Account B. A SysOps administrator needs to provide the EC2 instance in Account A with access to the DynamoDB table in Account B. What is the MOST secure solution that will meet these requirements? (A) Update the IAM policy that is attached to the EC2 instance’s IAM role to allow the dynamodb:Query permission on the DynamoDB table in Account B. Add a policy in Account A to allow the DynamoDB service principal to use the PassRole action to pass the role to Account B. (B) In Account B, create an IAM role that has permission to query the DynamoDB table. Add the EC2 instance’s IAM role to the trust policy on the newly created IAM role in Account Update the IAM policy that is attached to the EC2 instance’s IAM role to allow the sts:AssumeRole permission on the newly created IAM role in Account B. (C) Update the IAM policy that is attached to the EC2 instance’s IAM role to allow the dynamodb:Query permission on the DynamoDB table in Account B. Update the DynamoDB table’s resource policy to allow the query action from the EC2 instance’s IAM role. (D) In Account B, create a static IAM key that has the appropriate permissions to query the DynamoDB table. Embed these credentials into the credentials file on the EC2 instance. Reference the credentials every time the application needs to query the table. |
47. Click here to View Answer
Answer: B
| Question.48 A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the companys on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors. Which solution will give the application the ability to resolve the internal domain names? (A) Launch EC2 instances in the VPC. On the EC2 instances, deploy a custom DNS forwarder that forwards all DNS requests to the on-premises DNS server. Create an Amazon Route 53 private hosted zone that uses the EC2 instances for name servers. (B) Create an Amazon Route 53 Resolver outbound endpoint. Configure the outbound endpoint to forward DNS queries against the on-premises domain to the on-premises DNS server. (C) Set up two AWS Direct Connect connections between the AWS environment and the on-premises network. Set up a link aggregation group (LAG) that includes the two connections. Change the VPC resolver address to point to the on-premises DNS server. (D) Create an Amazon Route 53 public hosted zone for the on-premises domain. Configure the network ACLs to forward DNS requests against the on-premises domain to the Route 53 public hosted zone. |
48. Click here to View Answer
Answer: B
| Question.49 While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS. The customer gateway device resides in a data center with a NAT gateway in front of it. What address should be used to create the customer gateway resource? (A) The private IP address of the customer gateway device (B) The MAC address of the NAT device in front of the customer gateway device (C) The public IP address of the customer gateway device (D) The public IP address of the NAT device in front of the customer gateway device |
49. Click here to View Answer
Answer: D
| Question.50 A SysOps administrator creates a custom Amazon Machine Image (AMI) in the eu-west-2 Region and uses the AMI to launch Amazon EC2 instances. The SysOps administrator needs to use the same AMI to launch EC2 instances in two other Regions: us-east-1 and us-east-2. What must the SysOps administrator do to use the custom AMI in the additional Regions? (A) Copy the AMI to the additional Regions. (B) Make the AMI public in the Community AMIs section of the AWS Management Console. (C) Share the AMI to the additional Regions. Assign the required access permissions. (D) Copy the AMI to a new Amazon S3 bucket. Assign access permissions to the AMI for the additional Regions. |
50. Click here to View Answer
Answer: A