| Question.101 A company must ensure that any objects uploaded to an S3 bucket are encrypted. Which of the following actions will meet this requirement? (Choose two.) (A) Implement AWS Shield to protect against unencrypted objects stored in S3 buckets. (B) Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket. (C) Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored. (D) Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted. (E) Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets. |
101. Click here to View Answer
Answer: CE
| Question.102 A company runs hundreds of Amazon EC2 instances in a single AWS Region. Each EC2 instance has two attached 1 GiB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volumes. A critical workload is using all the available IOPS capacity on the EBS volumes. According to company policy, the company cannot change instance types or EBS volume types without completing lengthy acceptance tests to validate that the companys applications will function properly. A SysOps administrator needs to increase the I/O performance of the EBS volumes as quickly as possible. Which action should the SysOps administrator take to meet these requirements? (A) Increase the size of the 1 GiB EBS volumes. (B) Add two additional elastic network interfaces on each EC2 instance. (C) Turn on Transfer Acceleration on the EBS volumes in the Region. (D) Add all the EC2 instances to a cluster placement group. |
102. Click here to View Answer
Answer: A
| Question.103 Your operational team needs administrative access to Compute Engine instances. The security team wants to ensure operational efficiency and the ability to determine who accessed a given instance. What should you do? (A) Generate a new SSH key pair and distribute the private key to each team member. (B) Ask each team member to generate their own SSH key pair and send you their public key. (C) Ask each team member to generate their own SSH key pair and add the public key to their Google account. Grant the compute.osAdminLogin role to the Google group corresponding to this team.(D) Generate a new SSH key pair and configure the public key as a project-wide public SSH key |
103. Click here to View Answer
Correct Answer: C
Explanation: This approach ensures that each team member uses their own credentials, allowing for individual access tracking and compliance with security best practices.
| Question.104 A SysOps administrator is troubleshooting an AWS CloudFormation stack creation that failed. Before the SysOps administrator can identify the problem, the stack and its resources are deleted. For future deployments, the SysOps administrator must preserve any resources that CloudFormation successfully created. What should the SysOps administrator do to meet this requirement? (A) Set the value of the DisableRollback parameter to False during stack creation (B) Set the value of the OnFailure parameter to DO_NOTHING during stack creation (C) Specify a rollback configuration that has a rollback trigger of DO_NOTHING during stack creation (D) Set the value of the OnFailure parameter to ROLLBACK during stack creation |
104. Click here to View Answer
Answer: D
| Question .105 A SysOps administrator notices that the cache hit ratio for an Amazon CloudFront distribution is less than 10%. The SysOps administrator needs to increase the cache hit ratio for the distribution, improve network performance, and reduce the load on the origin. Which combination of actions should the SysOps administrator take to meet these requirements? (Choose two.) (A) Enable CloudFront Origin Shield for the required AWS Regions. (B) Change the viewer protocol policy to use HTTPS only. (C) Add a second origin. Create an origin group that includes both origins. Activate CloudFront origin failover. (D) Turn on automatic compression of objects in the cache behavior settings. (E) Increase the CloudFront TTL values in the cache behavior settings. |
105. Click here to View Answer
Answer: CE