An application uses an Amazon Aurora MySQL DB cluster that Includes one Aurora Replica The application's read performance degrades when there are more than 200 user connections. The number of user connections is approximately 180 on a consistent basis Occasionally, the number of user connections increases rapidly to more than 200
A SysOps administrator must implement a solution that will scale the application automatically as user demand increases or decreases.
Which solution will meet these requirements?
A. Modify the DB cluster by increasing the Aurora Replica instance size. B. Modify the DB cluster by changing to serverless mode whenever the number of user connections exceeds 200. C. Migrate to a new Aurora DB cluster that has multiple writer instances. Modify the application's database connection string. D. Create an auto scaling policy that has a target value of 195 for the DatabaseConnections metric.
D. Create an auto scaling policy that has a target value of 195 for the DatabaseConnections metric.
Question 172:
A SysOps administrator is using Amazon EC2 instances to host an application. The SysOps administrator needs to grant permissions for the application to access an Amazon DynamoDB table. Which solution will meet this requirement?
A. Create access keys to access the DynamoDB table. Assign the access keys to the EC2 instance profile. B. Create an EC2 key pair to access the DynamoDB table. Assign the key pair to the EC2 instance profile. C. Create an IAM user to access the DynamoDB table. Assign the IAM user to the EC2 instance profile. D. Create an IAM role to access the DynamoDB table. Assign the IAM role to the EC2 instance profile.
D. Create an IAM role to access the DynamoDB table. Assign the IAM role to the EC2 instance profile. Explanation Explanation/Reference:Access to Amazon DynamoDB requires credentials. Those credentials must have permissions to access AWS resources, such as an Amazon DynamoDB table or an Amazon Elastic Compute Cloud (Amazon EC2) instance. The following sections provide details on how you can use AWS Identity and Access Management (IAM) and DynamoDB to help secure access to your resources. https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/authentication-and-access-control.html
Question 173:
A company hosts an application on an Amazon EC2 instance in a single AWS Region. The application requires support for non-HTTP TCP traffic and HTTP traffic. The company wants to deliver content with low latency by leveraging the AWS
network. The company also wants to implement an Auto Scaling group with an Elastic Load Balancer.
How should a SysOps administrator meet these requirements?
A. Create an Auto Scaling group with an Application Load Balancer (ALB). Add an Amazon CloudFront distribution with the ALB as the origin. B. Create an Auto Scaling group with an Application Load Balancer (ALB). Add an accelerator with AWS Global Accelerator with the ALB as an endpoint. C. Create an Auto Scaling group with a Network Load Balancer (NLB). Add an Amazon CloudFront distribution with the NLB as the origin. D. Create an Auto Scaling group with a Network Load Balancer (NLB). Add an accelerator with AWS Global Accelerator with the NLB as an endpoint.
D. Create an Auto Scaling group with a Network Load Balancer (NLB). Add an accelerator with AWS Global Accelerator with the NLB as an endpoint. AWS Global Accelerator and Amazon CloudFront are separate services that use the AWS global network and its edge locations around the world. CloudFront improves performance for both cacheable content (such as images and videos) and dynamic content (such as API acceleration and dynamic site delivery). Global Accelerator improves performance for a wide range of applications over TCP or UDP by proxying packets at the edge to applications running in one or more AWS Regions. Global Accelerator is a good fit for non-HTTP use cases, such as gaming (UDP), IoT (MQTT), or Voice over IP, as well as for HTTP use cases that specifically require static IP addresses or deterministic, fast regional failover. Both services integrate with AWS Shield for DDoS protection.
Question 174:
A SysOps administrator needs to control access to groups of Amazon EC2 instances using AWS Systems Manager Session Manager. Specific tags on the EC2 instances have already been added. Which additional actions should the administrator take to control access? (Choose two.)
A. Attach an IAM policy to the users or groups that require access to the EC2 instances. B. Attach an IAM role to control access to the EC2 instances. C. Create a placement group for the EC2 instances and add a specific tag. D. Create a service account and attach it to the EC2 instances that need to be controlled. E. Create an IAM policy that grants access to any EC2 instances with a tag specified in the Condition element.
B. Attach an IAM role to control access to the EC2 instances. E. Create an IAM policy that grants access to any EC2 instances with a tag specified in the Condition element. In the navigation pane, choose Roles, and then choose Create role. In the navigation pane, choose Roles, and then choose the existing role you want to associate with an instance profile for Systems Manager operations. On the Permissions tab, choose Add permissions, Attach policies. https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-profile.html The instance role for the instances must reference a policy that allows access to the appropriate services; you can create your own or use AmazonSSMManagedInstanceCore. https://aws.amazon.com/blogs/aws/new-session-manager/ Attach the IAM role to your private EC2 instance. https://aws.amazon.com/premiumsupport/knowledge-center/ec2-systems-manager-vpc-endpoints/
Question 175:
A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance.
Which of the following are possible causes of this issue? (Choose two.)
A. A network ACL associated with the bastion's subnet is blocking the network traffic. B. The instance does not have a private IP address. C. The route table associated with the bastion's subnet does not have a route to the internet gateway. D. The security group for the instance does not have an inbound rule on port 22. E. The security group for the instance does not have an outbound rule on port 3389.
A. A network ACL associated with the bastion's subnet is blocking the network traffic. C. The route table associated with the bastion's subnet does not have a route to the internet gateway.
Question 176:
A company has an application that runs only on Amazon EC2 Spot Instances. The instances run in an Amazon EC2 Auto Scaling group with scheduled scaling actions.
However, the capacity does not always increase at the scheduled times, and instances terminate many times a day. A Sysops administrator must ensure that the instances launch on time and have fewer interruptions.
Which action will meet these requirements?
A. Specify the capacity-optimized allocation strategy for Spot Instances. Add more instance types to the Auto Scaling group. B. Specify the capacity-optimized allocation strategy for Spot Instances. Increase the size of the instances in the Auto Scaling group. C. Specify the lowest-price allocation strategy for Spot Instances. Add more instance types to the Auto Scaling group. D. Specify the lowest-price allocation strategy for Spot Instances. Increase the size of the instances in the Auto Scaling group.
A. Specify the capacity-optimized allocation strategy for Spot Instances. Add more instance types to the Auto Scaling group. The correct answer is A. Specify the capacity-optimized allocation strategy for Spot Instances. Add more instance types to the Auto Scaling group. By using the capacity-optimized allocation strategy for Spot Instances, Amazon EC2 Auto Scaling will launch instances on the most available Spot Instance pools with the lowest prices. This helps to improve the chances of getting the required capacity at the scheduled times. Adding more instance types to the Auto Scaling group also increases the chances of finding available Spot Instances at any given time. It provides flexibility in selecting different instance types based on the availability and cost of Spot Instances in different pools. Option B (Specify the capacity-optimized allocation strategy for Spot Instances and increase the size of the instances in the Auto Scaling group) might not be the most efficient approach, as simply increasing the instance size may not necessarily address the issue of instances terminating frequently.
Question 177:
A SysOps administrator wants to upload a file that is 1 TB in size from on-premises to an Amazon S3 bucket using multipart uploads. What should the SysOps administrator do to meet this requirement?
A. Upload the file using the S3 console. B. Use the s3api copy-object command. C. Use the s3api put-object command. D. Use the s3 cp command.
D. Use the s3 cp command. It's a best practice to use aws s3 commands (such as aws s3 cp) for multipart uploads and downloads, because these aws s3 commands automatically perform multipart uploading and downloading based on the file size. By comparison, aws s3api commands, such as aws s3api create-multipart-upload, should be used only when aws s3 commands don't support a specific upload need, such as when the multipart upload involves multiple servers, a multipart upload is manually stopped and resumed later, or when the aws s3 command doesn't support a required request parameter. https://aws.amazon.com/premiumsupport/knowledge-center/s3-multipart-upload-cli/
Question 178:
A user is connected to an Amazon EC2 instance in a private subnet. The user is unable to access the internet from the instance by using the following curl command: curl http:/www.example.com.
A SysOps administrator reviews the VPC configuration and learns the following information:
1.
The private subnet has a route to a NAT gateway for CIDR 0.0.0.0/0
2.
The outbound security group for the EC2 instance contains one rule: outbound for port 443 to CIDR 0.0.0.0/0
3.
The inbound security group for the EC2 instance allows ports 22 and 443 from the user's IP address.
4.
The inbound network ACL for the subnet allows port 22 and port range 1024-65535 from CIDR 0.0.0.0/0
Which action will allow the user to complete the curl request successfully?
A. Add an additional inbound network ACL rule for port 80 to CIDR 0.0.0.0/0. B. Add an additional inbound security group rule for port 80 to CIDR 0.0.0.0/0. C. Add an additional outbound security group rule for port 80 to CIDR 0.0.0.0/0. D. Add an additional outbound security group rule for port 80 to the user's IP address.
C. Add an additional outbound security group rule for port 80 to CIDR 0.0.0.0/0.
Question 179:
A SysOps administrator is responsible for a legacy. CPU-heavy application The application can only be scaled vertically Currently, the application is deployed on a single t2 large Amazon EC2 instance The system is showing 90% CPU usage and significant performance latency after a few minutes.
What change should be made to alleviate the performance problem?
A. Change the Amazon EBS volume to Provisioned lOPs B. Upgrade to a compute-optimized instance C. Add additional t2.large instances to the application. D. Purchase Reserved Instances
B. Upgrade to a compute-optimized instance Explanation Explanation/Reference:Since the application is CPU-heavy and can only be scaled vertically, the best option to alleviate the performance problem would be to upgrade to a compute-optimized instance. Compute-optimized instances provide a higher ratio of vCPUs to memory than other families and are optimized for compute-bound applications that benefit from high-performance processors. Upgrading to a compute-optimized instance would provide more CPU resources for the application, which should help alleviate the performance problem.
Question 180:
A company's SysOps administrator deploys four new Amazon EC2 instances by using the standard Amazon Linux 2 Amazon Machine Image (AMI). The company needs to be able to use AWS Systems Manager to manage the instances The SysOps administrator notices that the instances do not appear in the Systems Manager console
What must the SysOps administrator do to resolve this issue?
A. Connect to each instance by using SSH Install Systems Manager Agent on each instance Configure Systems Manager Agent to start automatically when the instances start up B. Use AWS Certificate Manager (ACM) to create a TLS certificate Import the certificate into each instance Configure Systems Manager Agent to use the TLS certificate for secure communications C. Connect to each instance by using SSH Create an ssm-user account Add the ssm-user account to the /etcsudoers d directory D. Attach an IAM instance profile to the instances Ensure that the instance profile contains the AmazonSSMManagedinstanceCore policy
D. Attach an IAM instance profile to the instances Ensure that the instance profile contains the AmazonSSMManagedinstanceCore policy
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SOA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.