| Question.56 A company is building a web application on AWS. The company is using Amazon CloudFront with a domain name of www.example.com. All traffic to CloudFront must be encrypted in transit. The company already has provisioned an SSL certificate for www.example.com in AWS Certificate Manager (ACM). Which combination of steps should a SysOps administrator take to encrypt the traffic in transit? (Choose two.) (A) For each cache behavior in the CloudFront distribution, modify the Viewer Protocol Policy setting to redirect HTTP to HTTPS. (B) For each cache behavior in the CloudFront distribution, modify the Viewer Protocol Policy setting to allow HTTP and HTTPS. (C) Enter the alternate domain name (CNAME) of www.example.com for the CloudFront distribution. Select the custom SSL certificate. (D) Configure an AWS WAF web ACL for the CloudFront distribution. (E) Configure CloudFront Origin Shield for the CloudFront origin. |
56. Click here to View Answer
Answer: AC
| Question.57 A company is expanding its use of AWS services across its portfolios. The company wants to provision AWS accounts for each team to ensure a separation of business processes for security, compliance, and billing. Account creation and bootstrapping should be completed in a scalable and efficient way so new accounts are created with a defined baseline and governance guardrails in place. A SysOps administrator needs to design a provisioning process that saves time and resources. Which action should be taken to meet these requirements? (A) Automate using AWS Elastic Beanstalk to provision the AWS accounts, set up infrastructure, and integrate with AWS Organizations. (B) Create bootstrapping scripts in AWS OpsWorks and combine them with AWS CloudFormation templates to provision accounts and infrastructure. (C) Use AWS Config to provision accounts and deploy instances using AWS Service Catalog. (D) Use AWS Control Tower to create a template in Account Factory and use the template to provision new accounts. |
57. Click here to View Answer
Answer: D
| Question.58 A SysOps administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have logging enabled. The administrator needs to investigate HTTP Layer 7 status codes from the web application. Which log sources contain the status codes? (Choose two.) (A) VPC Flow Logs (B) AWS CloudTrail logs (C) ALB access logs (D) CloudFront access togs (E) RDS logs |
58. Click here to View Answer
Answer: CD
| Question.59 A company has a memory-intensive application that runs on a fleet of Amazon EC2 instances behind an Elastic Load Balancer (ELB). The instances run in an Auto Scaling group. A SysOps administrator must ensure that the application can scale based on the number of users that connect to the application. Which solution will meet these requirements? (A) Create a scaling policy that will scale the application based on the ActiveConnectionCount Amazon CloudWatch metric that is generated from the ELB. (B) Create a scaling policy that will scale the application based on the mem_used Amazon CloudWatch metric that is generated from the ELB. (C) Create a scheduled scaling policy to increase the number of EC2 instances in the Auto Scaling group to support additional connections. (D) Create and deploy a script on the ELB to expose the number of connected users as a custom Amazon CloudWatch metric. Create a scaling policy that uses the metric. |
59. Click here to View Answer
Answer: A
| Question 60 A company needs to deploy instances of an application and associated infrastructure to multiple AWS Regions. The company wants to use a single AWS CloudFormation template to achieve this goal. The company uses AWS Organizations and wants to administer and run this template from a central administration account. What should a SysOps administrator do to meet these requirements? (A) Create a CloudFormation template that is stored in Amazon S3. Configure Cross-Region Replication (CRR) on the S3 bucket. Reference the required accounts and remote Regions in the input template parameters. (B) In the central administration account, create a CloudFormation primary template that loads CloudFormation nested stacks from Amazon S3 buckets in the target Regions. (C) Create CloudFormation nested stacks by using a primary template in the central administration account. Configure the required accounts and Regions for deployment of the nested stacks. (D) Create a CloudFormation stack set that includes service-managed permissions. Deploy the stack set into the required accounts and Regions from the central administration account. |
60. Click here to View Answer
Answer: C