| Question.66 A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. A SysOps administrator notices that some of these EC2 instances show up as healthy in the Auto Scaling group but show up as unhealthy in the ALB target group. What is a possible reason for this issue? (A) Security groups are not allowing traffic between the ALB and the failing EC2 instances. (B) The Auto Scaling group health check is configured for EC2 status checks. (C) The EC2 instances are failing to launch and failing EC2 status checks. (D) The target group health check is configured with an incorrect port or path. |
66. Click here to View Answer
Answer: D
| Question.67 A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service. The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east-1 Region. The web portal must be highly available across multiple Regions. Which configuration will meet these requirements? (A) Deploy a copy of the stack in the us-west-2 Region. Create a single start of authority (SOA) record in Route 53 that includes the IP address from each ELB. Configure the SOA record with health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record. (B) Deploy a copy of the stack in the us-west-2 Region. Create an additional A record in Route 53 that includes the ELB in us-west-2 as an alias target. Configure the A records with a failover routing policy and health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record. (C) Deploy a new group of EC2 instances in the us-west-2 Region. Associate the new EC2 instances with the existing ELB, and configure load balancer health checks on all EC2 instances. Configure the ELB to update Route 53 when EC2 instances in us-west-2 fail health checks. (D) Deploy a new group of EC2 instances in the us-west-2 Region. Configure EC2 health checks on all EC2 instances in each Region. Configure a peering connection between the VPCs. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as the secondary record. |
67. Click here to View Answer
Answer: A
| Question.68 A SysOps administrator is deploying an application on 10 Amazon EC2 instances. The application must be highly available. The instances must be placed on distinct underlying hardware. What should the SysOps administrator do to meet these requirements? (A) Launch the instances into a cluster placement group in a single AWS Region. (B) Launch the instances into a partition placement group in multiple AWS Regions. (C) Launch the instances into a spread placement group in multiple AWS Regions. (D) Launch the instances into a spread placement group in a single AWS Region. |
68. Click here to View Answer
Answer: B
| Question.69 A company uses Amazon S3 to aggregate raw video footage from various media teams across the US. The company recently expanded into new geographies in Europe and Australia. The technical teams located in Europe and Australia reported delays when uploading large video files into the destination S3 bucket in the United States. What are the MOST cost effective ways to increase upload speeds into the S3 bucket? (Choose two.) (A) Create multiple AWS Direct Connect connections between AWS and branch offices in Europe and Australia for file uploads into the destination S3 bucket. (B) Create multiple AWS Site-to-Site VPN connections between AWS and branch offices in Europe and Australia for file uploads into the destination S3 bucket. (C) Use Amazon S3 Transfer Acceleration for file uploads into the destination S3 bucket. (D) Use AWS Global Accelerator for file uploads into the destination S3 bucket from the branch offices in Europe and Australia. (E) Use multipart uploads for file uploads into the destination S3 bucket from the branch offices in Europe and Australia. |
69. Click here to View Answer
Answer: CE
| Question.70 A company needs to deploy a new workload on AWS. The company must encrypt all data at rest and must rotate the encryption keys once each year. The workload uses an Amazon RDS for MySQL Multi-AZ database for data storage. Which configuration approach will meet these requirements? (A) Enable Transparent Data Encryption (TDE) in the MySQL configuration file. Manually rotate the key every 12 months. (B) Enable RDS encryption on the database at creation time by using the AWS managed key for Amazon RDS. (C) Create a new AWS Key Management Service (AWS KMS) customer managed key. Enable automatic key rotation. Enable RDS encryption on the database at creation time by using the KMS key. (D) Create a new AWS Key Management Service (AWS KMS) customer managed key. Enable automatic key rotation. Enable encryption on the Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the RDS DB instance. |
70. Click here to View Answer
Answer: C