| Question.31 A SysOps administrator notices a scale up event for an Amazon EC2 Auto Scaling group. Amazon CloudWatch shows a spike in the RequestCount metric for the associated Application Load Balancer. The administrator would like to know the IP addresses for the source of the requests. Where can the administrator find this information? (A) Auto Scaling logs (B) AWS CloudTrail logs (C) EC2 instance logs (D) Elastic Load Balancer access logs |
31. Click here to View Answer
Answer: D
| Question.32 A company has a policy that requires all Amazon EC2 instances to have a specific set of tags. If an EC2 instance does not have the required tags, the noncompliant instance should be terminated. What is the MOST operationally efficient solution that meets these requirement? (A) Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all EC2 instance state changes to an AWS Lambda function to determine if each instance is compliant. Terminate any noncompliant instances. (B) Create an IAM policy that enforces all EC2 instance tag requirements. If the required tags are not in place for an instance, the policy will terminate noncompliant instance. (C) Create an AWS Lambda function to determine if each EC2 instance is compliant and terminate an instance if it is noncompliant. Schedule the Lambda function to invoke every 5 minutes. (D) Create an AWS Config rule to check if the required tags are present. If an EC2 instance is noncompliant, invoke an AWS Systems Manager Automation document to terminate the instance. |
32. Click here to View Answer
Answer: D
| Question.33 A company is hosting applications on Amazon EC2 instances. The company is hosting a database on an Amazon RDS for PostgreSQL DB instance. The company requires all connections to the DB instance to be encrypted. What should a SysOps administrator do to meet this requirement? (A) Allow SSL connections to the database by using an inbound security group rule. (B) Encrypt the database by using an AWS Key Management Service (AWS KMS) encryption key. (C) Enforce SSL connections to the database by using a custom parameter group. (D) Patch the database with SSL/TLS by using a custom PostgreSQL extension. |
33. Click here to View Answer
Answer: C
| Question.34 A company creates a new member account by using AWS Organizations. A SysOps administrator needs to add AWS Business Support to the new account. Which combination of steps must the SysOps administrator take to meet this requirement? (Choose two.) (A) Sign in to the new account by using IAM credentials. Change the support plan. (B) Sign in to the new account by using root user credentials. Change the support plan. (C) Use the AWS Support API to change the support plan. (D) Reset the password of the account root user. (E) Create an IAM user that has administrator privileges in the new account. |
34. Click here to View Answer
Answer: BD
| Question.35 A SysOps administrator creates a new VPC that includes a public subnet and a private subnet. The SysOps administrator successfully launches 11 Amazon EC2 instances in the private subnet. The SysOps administrator attempts to launch one more EC2 instance in the same subnet. However, the SysOps administrator receives an error message that states that not enough free IP addresses are available. What must the SysOps administrator do to deploy more EC2 instances? (A) Edit the private subnet to change the CIDR block to /27. (B) Edit the private subnet to extend across a second Availability Zone. (C) Assign additional Elastic IP addresses to the private subnet. (D) Create a new private subnet to hold the required EC2 instances. |
35. Click here to View Answer
Answer: D