| Question.111 A company’s security policy states that connecting to Amazon EC2 instances is not permitted through SSH and ROP. If access is required, authorized staff can connect to instances by using AWS Systems Manager Session Manager. Users report that they are unable to connect to one specific Amazon EC2 instance that is running Ubuntu and has AWS Systems Manager Agent (SSM Agent) pre-installed. These users are able to use Session Manager to connect to other instances in the same subnet, and they are in an IAM group that has Session Manager permission for all instances. What should a SysOps administrator do to resolve this issue? (A) Add an inbound rule for port 22 in the security group associated with the Ubuntu instance. (B) Assign the AmazonSSMManagedInstanceCore managed policy to the EC2 instance profile for the Ubuntu instance. (C) Configure the SSM Agent to log in with a user name of ubuntu. (D) Generate a new key pair, configure Session Manager to use this new key pair, and provide the private key to the users. |
111. Click here to View Answer
Answer: B
| Question.112 A SysOps administrator needs to configure the Amazon Route 53 hosted zone for example.com and www.example.com to point to an Application Load Balancer (ALB). Which combination of actions should the SysOps administrator take to meet these requirements? (Choose two.) (A) Configure an A record for example.com to point to the IP address of the ALB. (B) Configure an A record for www.example.com to point to the IP address of the ALB. (C) Configure an alias record for example.com to point to the CNAME of the ALB. (D) Configure an alias record for www.example.com to point to the Route 53 example.com record. (E) Configure a CNAME record for example.com to point to the CNAME of the ALB. |
112. Click here to View Answer
Answer: CD
| Question.113 A SysOps administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a company’s account. The administrator must be alerted to potential issues. What should the administrator do to receive email alerts before low storage space affects EC2 instance performance? (A) Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications. (B) Use AWS CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic. (C) Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic. (D) Use AWS Trusted Advisor and enable email notification alerts for EC2 disk space. |
113. Click here to View Answer
Answer: C
| Question.114 A company has developed a service that is deployed on a fleet of Linux-based Amazon EC2 instances that are in an Auto Scaling group. The service occasionally fails unexpectedly because of an error in the application code. The company’s engineering team determines that resolving the underlying cause of the service failure could take several weeks. A SysOps administrator needs to create a solution to automate recovery if the service crashes on any of the EC2 instances. Which solutions will meet this requirement? (Choose two.) (A) Install the Amazon CloudWatch agent on the EC2 instances. Configure the CloudWatch agent to monitor the service. Set the CloudWatch action to restart if the service health check fails. (B) Tag the EC2 instances. Create an AWS Lambda function that uses AWS Systems Manager Session Manager to log in to the tagged EC2 instances and restart the service. Schedule the Lambda function to run every 5 minutes. (C) Tag the EC2 instances. Use AWS Systems Manager State Manager to create an association that uses the AWS-RunShellScript document. Configure the association command with a script that checks if the service is running and that starts the service if the service is not running. For targets, specify the EC2 instance tag. Schedule the association to run every 5 minutes. (D) Update the EC2 user data that is specified in the Auto Scaling group’s launch template to include a script that runs on a cron schedule every 5 minutes. Configure the script to check if the service is running and to start the service if the service is not running. Redeploy all the EC2 instances in the Auto Scaling group with the updated launch template. (E) Update the EC2 user data that is specified in the Auto Scaling group’s launch template to ensure that the service runs during startup. Redeploy all the EC2 instances in the Auto Scaling group with the updated launch template. |
114. Click here to View Answer
Answer: AB
| Question.115 A company deployed a new web application on multiple Amazon EC2 instances behind an Application Load Balancer (ALB). The EC2 instances run in an Auto Scaling group. Users report that they are frequently being prompted to log in. What should a SysOps administrator do to resolve this issue? (A) Configure an Amazon CloudFront distribution with the ALB as the origin. (B) Enable sticky sessions (session affinity) for the target group of EC2 instances. (C) Redeploy the EC2 instances in a spread placement group. (D) Replace the ALB with a Network Load Balancer. |
115. Click here to View Answer
Answer: C