| Question.71 A SysOps administrator is helping a development team deploy an application to AWS. The AWS CloudFormation template includes an Amazon Linux EC2 instance, an Amazon Aurora DB cluster, and a hardcoded database password that must be rotated every 90 days. What is the MOST secure way to manage the database password? (A) Use the AWS::SecretsManager::Secret resource with the GenerateSecretString property to automatically generate a password. Use the AWS::SecretsManager::RotationSchedule resource to define a rotation schedule for the password. Configure the application to retrieve the secret from AWS Secrets Manager to access the database. (B) Use the AWS::SecretsManager::Secret resource with the SecretString property Accept a password as a CloudFormation parameter Use the AllowedPattern property of the CloudFormation parameter to require a minimum length, uppercase and lowercase letters, and special characters. Configure the application to retrieve the secret from AWS Secrets Manager to access the database. (C) Use the AWS::SSM::Parameter resource. Accept input as a CloudFormation parameter to store the parameter as a secure string. Configure the application to retrieve the parameter from AWS Systems Manager Parameter Store to access the database. (D) Use the AWS::SSM::Parameter resource. Accept input as a CloudFormation parameter to store the parameter as a string. Configure the application to retrieve the parameter from AWS Systems Manager Parameter Store to access the database. |
71. Click here to View Answer
Answer: A
| Question.72 A company is deploying an ecommerce application to an AWS Region that is located in France. The company wants users from only France to be able to access the first version of the application. The company plans to add more countries for the next version of the application. A SysOps administrator needs to configure the routing policy in Amazon Route 53. Which solution will meet these requirements? (A) Use a geoproximity routing policy. Select France as the location in the record. (B) Use a geolocation routing policy. Select France as the location in the record. (C) Use an IP-based routing policy. Select all IP addresses that are allocated to France in the record. (D) Use a geoproximity routing policy. Select all IP addresses that are allocated to France in the record. |
72. Click here to View Answer
Answer: B
| Question.73 A company stores critical data in Amazon S3 buckets. A SysOps administrator must build a solution to record all S3 API activity. Which action will meet this requirement? (A) Configure S3 bucket metrics to record object access logs. (B) Create an AWS CloudTrail trail to log data events for all S3 objects. (C) Enable S3 server access logging for each S3 bucket. (D) Use AWS IAM Access Analyzer for Amazon S3 to store object access logs. |
73. Click here to View Answer
Answer: B
| Question.74 A company has an application that runs behind an Application Load Balancer (ALB) in the us-west-2 Region. An Amazon Route 53 record set contains an alias record for app.anycompany.com that references the ALB in us-west-2 and uses a simple routing policy. The application is experiencing an increase in users from other locations in the world. These users are experiencing high latency. Most of the new users are close to the ap-southeast-2 Region. The company deploys a copy of the application to ap-southeast-2. A SysOps administrator must implement a solution that automatically routes requests to the lowest latency endpoint for users without changing the URL. Which solution will meet these requirements? (A) Add a new value to the existing alias record for app.anycompany.com with the DNS name of the new ALB in ap-southeast-2. (B) Change the existing alias record to use a geolocation routing policy. Create two geolocation records, one record that references each ALSelect the location that is closest to each Region. (C) Change the existing alias record to use a latency routing policy. Create two latency records, one record that references each ALB. (D) Change the existing alias record to use a multivalue routing policy Add the DNS name of each ALB to the record. |
74. Click here to View Answer
Answer: D
| Question.75 A company requires that all activity in its AWS account be logged using AWS CloudTrail. Additionally, a SysOps administrator must know when CloudTrail log files are modified or deleted. How should the SysOps administrator meet these requirements? (A) Enable log file integrity validation. Use the AWS CLI to validate the log files. (B) Enable log file integrity validation. Use the AWS CloudTrail Processing Library to validate the log files. (C) Use CloudTrail Insights to monitor the log files for modifications. (D) Use Amazon CloudWatch Logs to monitor the log files for modifications. |
75. Click here to View Answer
Answer: B