The SysOps administrator must dynamically reference the latest AMI ID from Systems Manager Parameter Store in CloudFormation templates for new AMI versions. (Select THREE):
A. Create a new Systems Manager parameter to store the AMI value in the standard parameter tier. B. Create a new Systems Manager parameter to store the AMI value in the advanced parameter tier. C. Enable trusted access with Organizations. D. Enable resource sharing with Organizations. E. Create a resource share by using AWS Resource Access Manager (AWS RAM). Specify the new parameter as the resource. Specify the entire organization as the principal. F. Create an Amazon EventBridge rule that invokes an AWS Lambda function when a new AMI is published. Program the Lambda function to assume an IAM role in all linked accounts and to update Parameter Store with the new AMI ID.
A. Create a new Systems Manager parameter to store the AMI value in the standard parameter tier. D. Enable resource sharing with Organizations. E. Create a resource share by using AWS Resource Access Manager (AWS RAM). Specify the new parameter as the resource. Specify the entire organization as the principal.
Question 362:
With the threat of ransomware viruses encrypting and holding company data hostage, which action should be taken to protect an Amazon S3 bucket?
A. Deny Post. Put. and Delete on the bucket. B. Enable server-side encryption on the bucket. C. Enable Amazon S3 versioning on the bucket. D. Enable snapshots on the bucket.
B. Enable server-side encryption on the bucket.
Question 363:
A company hosts an internal application on Amazon EC2 On-Demand Instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group. Employees use the application to provide product prices to potential customers. The Auto Scaling group is configured with a dynamic scaling policy and tracks average CPU utilization of the instances.
Employees have noticed that sometimes the application becomes slow or unresponsive. A SysOps administrator finds that some instances are experiencing a high CPU load. The Auto Scaling group cannot scale out because the company is reaching the EC2 instance service quota.
The SysOps administrator needs to implement a solution that provides a notification when the company reaches 70% or more of the EC2 instance service quota.
Which solution will meet these requirements in the MOST operationally efficient manner?
A. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances, and compares the total number against the applied quota value by using the Service Quotas API. Configure the Lambda function to publish an Amazon Simple Notification Service (Amazon SNS) notification if the quota utilization is equal to or greater than 70%. Create an Amazon EventBridge rule to invoke the Lambda function. B. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances, and compares the total number against the applied quota value by using the Amazon CloudWatch Metrics API. Configure the Lambda function to publish an Amazon Simple Notification Service (Amazon SNS) notification if the quota utilization is equal to or greater than 70%. Create an Amazon EventBridge rule to invoke the Lambda function. C. Use the Service Quotas console to create an Amazon CloudWatch alarm for the EC2 instances. Configure the alarm with quota utilization equal to or greater than 70%. Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS) notification when the alarm enters ALARM state. D. Create an Amazon CloudWatch alarm. Configure the alarm with a threshold of 70% for the CPUUtilization metric for the EC2 instances. Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.
C. Use the Service Quotas console to create an Amazon CloudWatch alarm for the EC2 instances. Configure the alarm with quota utilization equal to or greater than 70%. Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS) notification when the alarm enters ALARM state. https://docs.aws.amazon.com/servicequotas/latest/userguide/configure-cloudwatch.html You can create Amazon CloudWatch alarms to notify you when you're close to a quota value threshold. Setting an alarm can help alert you if you need to request a quota increase. To create a CloudWatch alarm for a quota Sign in to the AWS Management Console and open the Service Quotas console at https://console.aws.amazon.com/servicequotas/home. In the navigation pane, choose AWS services and then select a service. Select a quota that supports CloudWatch alarms. If you actively use the quota, utilization appears beneath the quota description. If CloudWatch alarms are supported, the CloudWatch alarms section appears at the bottom of the page. In Amazon CloudWatch alarms, choose Create. For Alarm threshold, choose a threshold. For Alarm name, enter a name for the alarm. This name must be unique within the AWS account. Choose Create.
Question 364:
A company recently acquired another corporation and all of that corporation's AWS accounts. A financial analyst needs the cost data from these accounts. A SysOps administrator uses Cost Explorer to generate cost and usage reports. The SysOps administrator notices that "No Tagkey" represents 20% of the monthly cost.
What should the SysOps administrator do to tag the "No Tagkey" resources?
A. Add the accounts to AWS Organizations. Use a service control policy (SCP) to tag all the untagged resources. B. Use an AWS Config rule to find the untagged resources. Set the remediation action to terminate the resources. C. Use Cost Explorer to find and tag all the untagged resources. D. Use Tag Editor to find and taq all the untaqqed resources.
D. Use Tag Editor to find and taq all the untaqqed resources. "You can add tags to resources when you create the resource. You can use the resource's service console or API to add, change, or remove those tags one resource at a time. To add tags to--or edit or delete tags of--multiple resources at once, use Tag Editor. With Tag Editor, you search for the resources that you want to tag, and then manage tags for the resources in your search results." https://docs.aws.amazon.com/ARG/latest/userguide/tag-editor.html
Question 365:
A company needs to take an inventory of applications that are running on multiple Amazon EC2 instances. The company has configured users and roles with the appropriate permissions for AWS Systems Manager. An updated version of Systems Manager Agent has been installed and is running on every instance. While configuring an inventory collection, a SysOps administrator discovers that not all the instances in a single subnet are managed by Systems Manager.
What must the SysOps administrator do to fix this issue?
A. Ensure that all the EC2 instances have the correct tags for Systems Manager access. B. Configure AWS Identity and Access Management Access Analyzer to determine and automatically remediate the issue. C. Ensure that all the EC2 instances have an instance profile with Systems Manager access. D. Configure Systems Manager to use an interface VPC endpoint.
C. Ensure that all the EC2 instances have an instance profile with Systems Manager access. Ensuring that all the EC2 instances have an instance profile with Systems Manager access is the most effective way to fix this issue. Having an instance profile with Systems Manager access will allow the SysOps administrator to configure the inventory collection for all the instances in the subnet, regardless of whether or not they are managed by Systems Manager.
Question 366:
A company plans to run a public web application on Amazon EC2 instances behind an Elastic Load Balancer (ELB). The company's security team wants to protect the website by using AWS Certificate Manager (ACM) certificates The ELB must automatically redirect any HTTP requests to HTTPS.
Which solution will meet these requirements?
A. Create an Application Load Balancer that has one HTTPS listener on port 80 Attach an SSLTLS certificate to listener port 80 Create a rule to redirect requests from HTTP to HTTPS B. Create an Application Load Balancer that has one HTTP listener on port 80 and one HTTPS protocol listener on port 443 Attach an SSL TLS certificate to listener port 443 Create a rule to redirect requests from port 80 to port 443 C. Create an Application Load Balancer that has two TCP listeners on port 80 and port 443 Attach an SSLTLS certificate to listener port 443 Create a rule to redirect requests from port 80 to port 443 D. Create a Network Load Balancer that has two TCP listeners on port 80 and port 443 Attach an SSLTLS certificate to listener port 443 Create a rule to redirect requests from port 80 to port 443
B. Create an Application Load Balancer that has one HTTP listener on port 80 and one HTTPS protocol listener on port 443 Attach an SSL TLS certificate to listener port 443 Create a rule to redirect requests from port 80 to port 443
Question 367:
A SysOps administrator needs to create alerts that are based on the read and write metrics of Amazon Elastic Block Store (Amazon EBS) volumes that are attached to an Amazon EC2 instance. The SysOps administrator creates and enables Amazon CloudWatch alarms for the DiskReadBytes metric and the DiskWriteBytes metric.
A custom monitoring tool that is installed on the EC2 instance with the same alarm configuration indicates that the volume metrics have exceeded the threshold. However, the CloudWatch alarms were not in ALARM state.
Which action will ensure that the CloudWatch alarms function correctly?
A. Install and configure the CloudWatch agent on the EC2 instance to capture the desired metrics. B. Install and configure AWS Systems Manager Agent on the EC2 instance to capture the desired metrics. C. Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EBS volumes. D. Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EC2 instance.
C. Reconfigure the CloudWatch alarms to use the VolumeReadBytes metric and the VolumeWriteBytes metric for the EBS volumes. CloudWatch can monitor I/O based on an entire EBS volume without the agent using the VolumeWriteBytes metric. The question is asking about "volume metrics". If the question were asking about alerting for used or free space in a file system on a volume, then you'd need the CloudWatch agent running on the OS to analyze things from the OS perspective, including I/O with the DiskWriteBytes metric. The VolumeWriteBytes and DiskWriteBytes metrics are basically looking for the same thing. It's like looking at a bucket from the inside or the outside to see what size it is. Both work. If you want to see inside of the bucket or what else is inside the bucket, then you, you need CloudWatch agent running on OS.
Question 368:
A SysOps administrator has used AWS Cloud Formal ion to deploy a serverless application Into a production VPC. The application consists of an AWS Lambda function an Amazon DynamoDB table, and an Amazon API Gateway API. The SysOps administrator must delete the AWS Cloud Formation stack without deleting the DynamoDB table.
Which action should the SysOps administrator take before deleting the AWS Cloud Formation stack?
A. Add a Retain deletion policy to the DynamoDB resource in the AWS CloudFormation stack B. Add a Snapshot deletion policy to the DynamoDB resource in the AWS CloudFormation stack. C. Enable termination protection on the AWS Cloud Formation stack. D. Update the application's IAM policy with a Deny statement for the dynamodb:DeleteTabie action.
A. Add a Retain deletion policy to the DynamoDB resource in the AWS CloudFormation stack To keep a resource when its stack is deleted, specify Retain for that resource. You can use Retain for any resource. For example, you can retain a nested stack, Amazon S3 bucket, or EC2 instance so that you can continue to use or modify those resources after you delete their stacks. The default policy is Snapshot for AWS::RDS::DBCluster resources and for AWS::RDS::DBInstance resources that don't specify the DBClusterIdentifier property.
Question 369:
A company has deployed a web application in a VPC that has subnets in three Availability Zones. The company launches three Amazon EC2 instances from an EC2 Auto Scaling group behind an Application Load Balancer (ALB). A SysOps administrator notices that two of the EC2 instances are in the same Availability Zone, rather than being distributed evenly across all three Availability Zones. There are no errors in the Auto Scaling group's activity history. What is the MOST likely reason for the unexpected placement of EC2 instances?
A. One Availability Zone did not have sufficient capacity for the requested EC2 instance type. B. The ALB was configured for only two Availability Zones. C. The Auto Scaling group was configured for only two Availability Zones. D. Amazon EC2 Auto Scaling randomly placed the instances in Availability Zones.
C. The Auto Scaling group was configured for only two Availability Zones. Explanation Explanation/Reference:the autoscaling group is responsable to add the instances in the subnets
Question 370:
A SysOps administrator must ensure that a company's Amazon EC2 instances auto scale as expected The SysOps administrator configures an Amazon EC2 Auto Scaling Lifecycle hook to send an event to Amazon EventBridge (Amazon CloudWatch Events), which then invokes an AWS Lambda function to configure the EC2 distances When the configuration is complete, the Lambda function calls the complete Lifecycle-action event to put the EC2 instances into service. In testing, the SysOps administrator discovers that the Lambda function is not invoked when the EC2 instances auto scale.
What should the SysOps administrator do to reserve this issue?
A. Add a permission to the Lambda function so that it can be invoked by the EventBridge (CloudWatch Events) rule. B. Change the lifecycle hook action to CONTINUE if the lifecycle hook experiences a fa* we or timeout. C. Configure a retry policy in the EventBridge (CloudWatch Events) rule to retry the Lambda function invocation upon failure. D. Update the Lambda function execution role so that it has permission to call the complete lifecycle-action event
A. Add a permission to the Lambda function so that it can be invoked by the EventBridge (CloudWatch Events) rule. To allow the EventBridge (CloudWatch Events) rule to invoke the Lambda function, the function's execution role needs to have the necessary permissions to be invoked by the rule. Specifically, the execution role needs to have an event pattern that matches the rule and an IAM policy that grants the necessary permissions to execute the Lambda function. By adding the necessary permissions to the Lambda function, the SysOps administrator can ensure that the function is invoked when the EC2 instances auto scale. Option D is incorrect because updating the Lambda function execution role so that it has permission to call the complete-lifecycle-action event will not address the issue of the Lambda function not being invoked by the EventBridge (CloudWatch Events) rule.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SOA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.