A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company's on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors. Which solution will give the application the ability to resolve the internal domain names?
A. Launch EC2 instances in the VPC. On the EC2 instances, deploy a custom DNS forwarder that forwards all DNS requests to the on-premises DNS server. Create an Amazon Route 53 private hosted zone that uses the EC2 instances for name servers. B. Create an Amazon Route 53 Resolver outbound endpoint. Configure the outbound endpoint to forward DNS queries against the on-premises domain to the on-premises DNS server. C. Set up two AWS Direct Connect connections between the AWS environment and the on-premises network. Set up a link aggregation group (LAG) that includes the two connections. Change the VPC resolver address to point to the on-premises DNS server. D. Create an Amazon Route 53 public hosted zone for the on-premises domain. Configure the network ACLs to forward DNS requests against the on-premises domain to the Route 53 public hosted zone.
B. Create an Amazon Route 53 Resolver outbound endpoint. Configure the outbound endpoint to forward DNS queries against the on-premises domain to the on-premises DNS server. To forward DNS queries that originate on Amazon EC2 instances in one or more VPCs to your network https://docs.aws.amazon.com/zh_tw/Route53/latest/DeveloperGuide/resolver-forwarding-outbound-queries.html
Question 32:
A company runs multiple workloads across an organization in AWS Organizations. The company's finance team needs detailed dashboards to track cost changes and provide detailed cost metrics. The finance team needs to track trends as granular as every hour.
What should a SysOps administrator do to meet these requirements in the MOST operationally efficient way?
A. Generate Amazon CloudWatch dashboards by using CloudWatch insights and AWS Cost Explorer data. B. Generate an AWS Cost and Usage Report. Store the report in Amazon S3. Use Amazon Athena to query the data. Use Amazon QuickSight to develop dashbosrds based on the data in the AWS Cost and Usage Report. C. Create an AWS Lambda function that runs once a day and assumes a role in every account in the organization. Configure the Lambda function to read AWS Cost Explorer data in each account and to store the cost data in an Amazon S3 bucket. Use Amazon Athena to query the data. Use Amazon QuickSight to display the data in dashboards. D. Create an IAM user for the finance team. Grant permissions to the IAM user to view AWS Cost Explorer data and billing data in the management account.
B. Generate an AWS Cost and Usage Report. Store the report in Amazon S3. Use Amazon Athena to query the data. Use Amazon QuickSight to develop dashbosrds based on the data in the AWS Cost and Usage Report. "You can extract the cost data of applications deployed on AWS through AWS Cost and Usage Report (AWS CUR), which contains the most comprehensive set of cost and usage data available. The CUR can be delivered to a specific Amazon S3 bucket, hourly, daily or weekly based on your selection." https://aws.amazon.com/blogs/mt/choose-create-and-track-your-unit-metrics-for-your-applications/ https://aws.amazon.com/blogs/awsmarketplace/using-cudos-dashboard-visualizations-aws-marketplace-spend-visibility-optimization/ https://wellarchitectedlabs.com/cost/200_labs/200_cloud_intelligence/ https://wellarchitectedlabs.com/ Cost/200_Cloud_Intelligence/Images/CIDframework.png?classes=lab_picture_large
Question 33:
CORRECT TEXT
If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the console by using the AWS Management Console shortcut from the VM desktop.
If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C, Command-V.
Use the following configuration requirements to create an Amazon DynamoDB Accelerator (DAX) cluster and modify an existing DynamoDB table.
1. Use the us-east-2 Region for all resources.
2. Use the default configuration settings unless different settings are specified in the following instructions.
3. Configure a DAX cluster to expire cached data items after 240 seconds and to expire cached queries after 120 seconds. ***Note: Configure these values before you finalize creation of the cluster. Otherwise, you will have to wait until cluster creation is complete before you can do this step.
4. Create a three-node DynamoDB DAX cluster that is named DaxLabCluster:
a. Use dax.t3.small instances.
b. Use the LabVPC VPC and the PrimaryPrivateSubnet and FailoverPrivateSubnet subnets.
c. Use the LabDAXSG security group.
d. Configure the DAX cluster to use the DynamoDBAccessRole IAM role.
5. Modify the LabDynamoDBTable DynamoDB table so that the table uses on-demand capacity.
Note: Do NOT wait until cluster creation is complete before you submit this exam lab.
Important: Click the Next button to complete this lab and continue to the next lab. Once you click the Next button, you will NOT be able to return to this lab.
A. Check the answer in explanation. B. Place Holder
A. Check the answer in explanation.
Steps mentioned above.
Select us-east2 region Congure DAX eluser with 240 seconds and create 3 cluster.
Use LabDAX5G security group to be configured.
Question 34:
A company is managing many accounts by using a single organization in AWS Organizations. The organization has all features enabled. The company wants to turn on AWS Config in all the accounts of the organization and in all AWS Regions.
What should a Sysops administrator do to meet these requirements in the MOST operationally efficient way?
A. Use AVVS CloudFormation StackSets to deploy stack instances that turn on AWS Config in all accounts and in all Regions. B. Use AWS CloudFormation StackSets to deploy stack policies that turn on AWS Config in all accounts and in all Regions. C. Use service control policies (SCPs) to configure AWS Config in all accounts and in all Regions. D. Create a script that uses the AWS CLI to turn on AWS Config in all accounts in the organization. Run the script from the organization's management account.
A. Use AVVS CloudFormation StackSets to deploy stack instances that turn on AWS Config in all accounts and in all Regions. Explanation Explanation/Reference:Option A (Use AWS CloudFormation Stack Sets to deploy stack instances that turn on AWS Config in all accounts and in all Regions) is the best option for achieving the goal in a highly efficient and scalable manner. AWS CloudFormation Stack Sets allow you to deploy CloudFormation stacks across multiple accounts and Regions in a single operation. By defining a stack that enables AWS Config and using Stack Sets, you can easily enable AWS Config in all accounts and Regions within the AWS organization. Option B (Use AWS CloudFormation Stack Sets to deploy stack policies that turn on AWS Config in all accounts and in all Regions) is not the correct option. Stack policies are used to control what actions can be performed on a CloudFormation stack, but they are not suitable for enabling AWS Config across multiple accounts and Regions.
Question 35:
A company hosts a production database on an Amazon Elastic Block Store (Amazon EBS) backed Amazon EC2 instance. As part of an annual disaster recovery exercise, the company needs to restore recent EBS snapshots to a new EC2 instance in a second Availability Zone.
After the snapshots are restored to EBS volumes, the resulting volumes must deliver all of their provisioned performance. The company must perform validation tests on the restored data as quickly as possible.
Which configuration will meet these requirements?
A. Enable EBS fast snapshot restore (FSR) on the snapshots for the second Availability Zone. Create new EBS volumes in the second Availability Zone from the snapshots. Attach the new EBS volumes to a new EC2 instance. B. Enable EBS fast snapshot restore (FSR) on the snapshots for the current Availability Zone. Create new EBS volumes in the second Availability Zone from the snapshots, Attach the new EBS volumes to a new EC2 instance. C. Specify Provisioned IOPS on the snapshots, Create new EBS volumes in the second Availability Zone from the snapshots. Attach the new EBS volumes to a new EC2 instance. D. Specify Provisioned IOPS on the existing EBS volumes. Create the snapshots. After the snapshots are completed, create new EBS volumes in the second Availability Zone from the snapshots. Attach the new EBS volumes to a new EC2 instance.
A. Enable EBS fast snapshot restore (FSR) on the snapshots for the second Availability Zone. Create new EBS volumes in the second Availability Zone from the snapshots. Attach the new EBS volumes to a new EC2 instance.
Question 36:
A SysOps administrator is responsible for a company's security groups. The company wants to maintain a documented trail of any changes that are made to the security groups. The SysOps administrator must receive notification whenever the security groups change.
Which solution will meet these requirements?
A. Set up Amazon Detective to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Queue Service (Amazon SOS) queue for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SQS queue. B. Set up AWS Systems Manager Change Manager to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SNS topic. C. Set up AWS Config to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SNS topic. D. Set up Amazon Detective to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SNS topic.
C. Set up AWS Config to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator's email address to the SNS topic. AWS Config, a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to help enable security and governance. You can create AWS Config rules that automatically check the configuration of AWS resources that are recorded by AWS Config. For this example, I use a Config rule that is invoked whenever a change is made to a security group. Attach the Config rule to an AWS Lambda function that examines the ingress rules of a security group to see if the group remains in compliance with the rules.
Question 37:
A company's social media application has strict data residency requirements. The company wants to use Amazon Route 53 to provide the application with DNS services.
A SysOps administrator must implement a solution that routes requests to a defined list of AWS Regions. The routing must be based on the user's location.
Which solution will meet these requirements?
A. Configure a Route 53 latency routing policy. B. Configure a Route 53 multivalue answer routing policy. C. Configure a Route 53 geolocation routing policy. D. Configure a Route 53 IP-based routing policy.
C. Configure a Route 53 geolocation routing policy.
Question 38:
A company has a stateless application that is hosted on a fleet of 10 Amazon EC2 On-Demand Instances in an Auto Scaling group. A minimum of 6 instances are needed to meet service requirements.
Which action will maintain uptime for the application MOST cost-effectively?
A. Use a Spot Fleet with an On-Demand capacity of 6 instances. B. Update the Auto Scaling group with a minimum of 6 On-Demand Instances and a maximum of 10 On-Demand Instances. C. Update the Auto Scaling group with a minimum of 1 On-Demand Instance and a maximum of 6 On-Demand Instances. D. Use a Spot Fleet with a target capacity of 6 instances.
A. Use a Spot Fleet with an On-Demand capacity of 6 instances.
Question 39:
A SysOps administrator needs to configure a caching layer for a read-heavy application that uses an Amazon RDS for PostgreSQL database. The application exists across three AWS Regions. Read and write activities occur in the primary Region. In the two secondary Regions, read-only activity occurs on RDS for PostgreSQL cross-Region read replicas.
The cache in each Region must consist of the same data to provide a consistent user experience across Regions.
Which solution for the caching layer will meet these requirements?
A. Set up an Amazon ElastiCache (Redis) global datastore. Include a read and write cluster in the primary Region. Include a read-only cluster in each secondary Region. B. Set up an Amazon ElastiCache (Memcached) global database. Include a read and write cluster in the primary Region. Include a read-only cluster in each secondary Region. C. Set up query caching on the RDS for PostgreSQL database in the primary Region. Configure query cache replication to the secondary RDS cross-Region replicas. D. Set up an Amazon ElastiCache (Memcached) cluster with cluster mode enabled in all three Regions. Set up ElastiCache cross-Region replication from the primary Region to the secondary Regions.
A. Set up an Amazon ElastiCache (Redis) global datastore. Include a read and write cluster in the primary Region. Include a read-only cluster in each secondary Region.
Question 40:
The SysOps administrator finds that users can no longer download a file from an S3 presigned URL after a few days.
A. The presigned URL's expiration date and time have passed. B. The SysOps administrator's access key is no longer valid. C. The S3 bucket's Block Public Access settings are enabled. D. The S3 object's ACL does not include READ access for the All Users group. E. The S3 object's ACL does not include READ_ACP access for the All Users group.
A. The presigned URL's expiration date and time have passed. B. The SysOps administrator's access key is no longer valid.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SOA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.