| Question.6 A SysOps administrator is using AWS Systems Manager Patch Manager to patch a fleet of Amazon EC2 instances. The SysOps administrator has configured a patch baseline and a maintenance window. The SysOps administrator also has used an instance tag to identify which instances to patch. The SysOps administrator must give Systems Manager the ability to access the EC2 instances. Which additional action must the SysOps administrator perform to meet this requirement? (A) Add an inbound rule to the instances’ security group. (B) Attach an IAM instance profile with access to Systems Manager to the instances. (C) Create a Systems Manager activation. Then activate the fleet of instances. (D) Manually specify the instances to patch instead of using tag-based selection. |
6. Click here to View Answer
Answer: B
| Question.7 A SysOps administrator wants to manage a web server application with AWS Elastic Beanstalk. The Elastic Beanstalk service must maintain full capacity for new deployments at all times. Which deployment policies satisfy this requirement? (Choose two.) (A) All at once (B) Immutable (C) Rebuild (D) Rolling (E) Rolling with additional batch |
7. Click here to View Answer
Answer: BE
| Question.8 A company has an application that uses a scheduled AWS Lambda function to retrieve datasets from external sources over the internet. The function is not associated with a VPC. The company is modifying the application to store the information that the Lambda function retrieves on an Amazon RDS DB instance in a private subnet. The VPC has two public subnets and two private subnets. A SysOps administrator must deploy a solution that allows the Lambda function to access the new database and continue to access the internet. Which solution meets these requirements? (A) Create a new Lambda function with VPC access and an Elastic IP address. Attach the function to public subnets in two Availability Zones. Associate a security group with the Elastic IP address. Configure the security group outbound rules to allow Lambda to access the required resources. (B) Create a new Lambda function with VPC access and two public IP addresses. Attach the function to public subnets in the same Availability Zones that the database uses. Associate a security group with the function. Configure the security group inbound rules to allow Lambda to access the required resources. (C) Reconfigure the Lambda function for VPC access. Add NAT gateways to the public subnets in the VPAdd route table entries in the private subnets to route through the NAT gateways to the internet. Attach the function to the private subnets that support the database. Associate a security group with the function. Configure the security group outbound rules to allow Lambda to access the internet. (D) Reconfigure the Lambda function for VPC access. Attach the function to the private subnets. Add route table entries in the private subnets to route through the internet gateway to the internet. Associate a security group with the subnets. Configure the security group inbound rules to allow Lambda to access the required resources through the internet gateway. |
8. Click here to View Answer
Answer: C
| Question.9 A company manages an application that uses Amazon ElastiCache for Redis with two extra-large nodes spread across two different Availability Zones. The companys IT team discovers that the ElastiCache for Redis cluster has 75% freeable memory. The application must maintain high availability. What is the MOST cost-effective way to resize the cluster? (A) Decrease the number of nodes in the ElastiCache for Redis cluster from 2 to 1. (B) Deploy a new ElastiCache for Redis cluster that uses large node types. Migrate the data from the original cluster to the new cluster. After the process is complete, shut down the original cluster. (C) Deploy a new ElastiCache for Redis cluster that uses large node types. Take a backup from the original cluster, and restore the backup in the new cluster. After the process is complete, shut down the original cluster. (D) Perform an online resizing for the ElastiCache for Redis cluster. Change the node types from extra-large nodes to large nodes. |
9. Click here to View Answer
Answer: A
| Question.10 A company wants to store sensitive financial data within Amazon S3 buckets. The company has a corporate policy that does not allow public read or write access to the buckets. A SysOps administrator must create a solution to automatically remove S3 permissions that allow public read or write access. Which AWS service should the SysOps administrator use to meet these requirements in the MOST operationally efficient manner? (A) AWS Config (B) AWS Security Hub (C) AWS Trusted Advisor (D) Amazon Inspector |
10. Click here to View Answer
Answer: D