| Question.36 A company uses AWS Organizations. A SysOps administrator wants to use AWS Compute Optimizer and AWS tag policies in the management account to govern all member accounts in the billing family. The SysOps administrator navigates to the AWS Organizations console but cannot activate tag policies through the management account. What could be the reason for this issue? (A) All features have not been enabled in the organization. (B) Consolidated billing has not been enabled. (C) The member accounts do not have tags enabled for cost allocation. (D) The member accounts have not manually enabled trusted access for Compute Optimizer. |
36. Click here to View Answer
Answer: A
| Question.37 A company is implementing security and compliance by using AWS Trusted Advisor. The company’s SysOps team is validating the list of Trusted Advisor checks that it can access. Which factor will affect the quantity of available Trusted Advisor checks? (A) Whether at least one Amazon EC2 instance is in the running state (B) The AWS Support plan (C) An AWS Organizations service control policy (SCP) (D) Whether the AWS account root user has multi-factor authentication (MFA) enabled |
37. Click here to View Answer
Answer: B
| Question.38 A company needs to take an inventory of applications that are running on multiple Amazon EC2 instances. The company has configured users and roles with the appropriate permissions for AWS Systems Manager. An updated version of Systems Manager Agent has been installed and is running on every instance. While configuring an inventory collection, a SysOps administrator discovers that not all the instances in a single subnet are managed by Systems Manager. What must the SysOps administrator do to fix this issue? (A) Ensure that all the EC2 instances have the correct tags for Systems Manager access. (B) Configure AWS Identity and Access Management Access Analyzer to determine and automatically remediate the issue. (C) Ensure that all the EC2 instances have an instance profile with Systems Manager access. (D) Configure Systems Manager to use an interface VPC endpoint. |
38. Click here to View Answer
Answer: D
| Question.39 A companys application currently uses an IAM role that allows all access to all AWS services. A SysOps administrator must ensure that the companys IAM policies allow only the permissions that the application requires. How can the SysOps administrator create a policy to meet this requirement? (A) Turn on AWS CloudTrail. Generate a policy by using AWS Security Hub. (B) Turn on Amazon EventBridge (Amazon CloudWatch Events). Generate a policy by using AWS Identity and Access Management Access Analyzer. (C) Use the AWS CLI to run the get-generated-policy command in AWS Identity and Access Management Access Analyzer. (D) Turn on AWS CloudTrail. Generate a policy by using AWS Identity and Access Management Access Analyzer. |
39. Click here to View Answer
Answer: D
| Question.40 A company has an application that uses an Amazon Elastic File System (Amazon EFS) file system. A recent incident that involved an application logic error corrupted several files. The company wants to improve its ability to back up and recover the EFS file system. The company must be able to recover individual files rapidly. Which solution meets these requirements MOST cost-effectively? (A) Configure Amazon Data Lifecycle Manager (Amazon DLM) to archive a copy of the data to an Amazon S3 Glacier vault. Use S3 Glacier retrieval requests to retrieve individual files. (B) Create a second EFS file system in another AWS Region. Configure AWS DataSync to copy the data to the backup file system. Recover files by copying them from the backup EFS file system. (C) Enable AWS Backup in Amazon EFS to back up the file system to an Amazon S3 Glacier vault. Use S3 Glacier retrieval requests to retrieve individual files. (D) Enable AWS Backup in Amazon EFS to back up the file system to a backup vault. Use a partial restore job to retrieve individual files. |
40. Click here to View Answer
Answer: D