| Question.86 A company is storing media content in an Amazon S3 bucket and uses Amazon CloudFront to distribute the content to its users. Due to licensing terms, the company is not authorized to distribute the content in some countries. A SysOps administrator must restrict access to certain countries. What is the MOST operationally efficient solution that meets these requirements? (A) Configure the S3 bucket policy to deny the GetObject operation based on the S3:LocationConstraint condition. (B) Create a secondary origin access identity (OAI). Configure the S3 bucket policy to prevent access from unauthorized countries. (C) Enable the geo restriction feature in the CloudFront distribution to prevent access from unauthorized countries. (D) Update the application to generate signed CloudFront URLs only for IP addresses in authorized counties. |
86. Click here to View Answer
Answer: C
| Question.87 A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented a strict IP allow list that requires all build uploads to come from a single IP address. What change should the systems administrator make to the existing build fleet to comply with this new requirement? (A) Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service. (B) Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service. (C) Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service. (D) Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service. |
87. Click here to View Answer
Answer: A
| Question.88 A companys SysOps administrator must ensure that all Amazon EC2 Windows instances that are launched in an AWS account have a third-party agent installed. The third-party agent has an .msi package. The company uses AWS Systems Manager for patching, and the Windows instances are tagged appropriately. The third-party agent requires periodic updates as new versions are released. The SysOps administrator must deploy these updates automatically. Which combination of steps will meet these requirements with the LEAST operational effort? (Choose two.) (A) Create a Systems Manager Distributor package for the third-party agent. (B) Make sure that Systems Manager Inventory is configured. If Systems Manager Inventory is not configured, set up a new inventory for instances that is based on the appropriate tag value for Windows. (C) Create a Systems Manager State Manager association to run the AWS-RunRemoteScript document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day. (D) Create a Systems Manager State Manager association to run the AWS-ConfigureAWSPackage document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day. (E) Create a Systems Manager OpsItem with the tag value for Windows. Attach the Systems Manager Distributor package to the OpsItem. Create a maintenance window that is specific to the package deployment. Configure the maintenance window to cover 24 hours a day. |
88. Click here to View Answer
Answer: AD
| Question.89 A SysOps administrator needs to update an AWS account name. What should the SysOps administrator do to accomplish this goal? (A) Add the AdministratorAccess policy to the SysOps administrators IAM user. (B) Add the AWS_ConfigureRole policy to the SysOps administrators IAM user. (C) Change the AWS account name through the AWS Trusted Advisor interface. (D) Sign in as the AWS account root user to make the change. |
89. Click here to View Answer
Answer: D
| Question.90 A company applies user-defined tags to resources that are associated with the company’s AWS workloads. Twenty days after applying the tags, the company notices that it cannot use the tags to filter views in the AWS Cost Explorer console. What is the reason for this issue? (A) It takes at least 30 days to be able to use tags to filter views in Cost Explorer. (B) The company has not activated the user-defined tags for cost allocation. (C) The company has not created an AWS Cost and Usage Report. (D) The company has not created a usage budget in AWS Budgets. |
90. Click here to View Answer
Answer: B