A company hosts an application on Amazon EC2 instances. The application periodically causes a surge in CPU utilization on the EC2 instances.
A SysOps administrator needs to implement a solution to detect when these surges occur. The solution also must send an email alert to the company's development team.
Which solution will meet these requirements?
A. Create an Amazon Simple Email Service (Amazon SES) email. Verify the development team's email address. Create an Amazon CloudWatch alarm for the EC2 instances Use the sum of the CPU utilization metric, an upper threshold of 80%. and a period of 15 minutes for the alarm. Link the alarm to the SES email. B. Create an Amazon Simple Email Service (Amazon SES) email. Verify the development team's email address. Create an Amazon CloudWatch alarm for the EC2 instances Use the average of the CPU utilization metric, an upper threshold of 80%. and a period of 5 minutes for the alarm. Link the alarm to the SES email. C. Create an Amazon Simple Notification Service (Amazon SNS) topic Subscribe the development team's email address to the SNS topic. Create an Amazon CloudWatch alarm for the EC2 instances. Use the sum of the CPU utilization metric, an upper threshold of 80%. and a period of 15 minutes for the alarm. Link the alarm to the SNS topic. D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the development team's email address to the SNS topic. Create an Amazon CloudWatch alarm for the EC2 instances. Use the average of the CPU utilization metric, an upper threshold of 80%. and a period of 5 minutes for the alarm. Link the alarm to the SNS topic
D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the development team's email address to the SNS topic. Create an Amazon CloudWatch alarm for the EC2 instances. Use the average of the CPU utilization metric, an upper threshold of 80%. and a period of 5 minutes for the alarm. Link the alarm to the SNS topic
Question 492:
An application team uses an Amazon Aurora MySQL DB cluster with one Aurora Replica. The application team notices that the application read performance degrades when user connections exceed 200. The number of user connections is typically consistent around 180. with occasional sudden increases above 200 connections. The application team wants the application to automatically scale as user demand increases or decreases.
Which solution will meet these requirements?
A. Migrate to a new Aurora multi-master DB cluster. Modify the application database connection string. B. Modify the DB cluster by changing to serverless mode whenever user connections exceed 200. C. Create an auto scaling policy with a target metric of 195 DatabaseConnections D. Modify the DB cluster by increasing the Aurora Replica instance size.
C. Create an auto scaling policy with a target metric of 195 DatabaseConnections Explanation Explanation/Reference:Aurora Auto Scaling "Policy details:" (*) "Average connections of Aurora Replicas", "Target value:" 195
Question 493:
A company has business-critical resources in one of its AWS accounts. The company wants to receive an email notification every time an AWS Management Console root user sign-in event occurs in the account.
Which solution will meet this requirement with the MOST operational efficiency?
A. Create an Amazon CloudWatch alarm that detects AWS Management Console root user sign-in events Configure the alarm to send email notifications directly through AWS Trusted Advisor. B. Launch an Amazon EC2 instance Schedule a script to run every hour to analyze AWS CloudTrail events. Configure the script to publish email notifications to an Amazon Simple Notification Service (Amazon SNS) topic when AWS Management Console root user sign- in events occur. C. Create an Amazon EventBndge rule that reacts to AWS Management Console root user sign-in events. Configure the rule to send email notifications to an Amazon Simple Queue Service (Amazon SQS) queue D. Create an Amazon EventBndge rule that reacts to AWS Management Console root user sign-in events. Configure the rule to publish email notifications to an Amazon Simple Notification Service (Amazon SNS) topic.
D. Create an Amazon EventBndge rule that reacts to AWS Management Console root user sign-in events. Configure the rule to publish email notifications to an Amazon Simple Notification Service (Amazon SNS) topic.
Question 494:
A SysOps administrator is tasked with deploying a company's infrastructure as code. The SysOps administrator want to write a single template that can be reused for multiple environments. How should the SysOps administrator use AWS CloudFormation to create a solution?
A. Use Amazon EC2 user data in a CloudFormation template B. Use nested stacks to provision resources C. Use parameters in a CloudFormation template D. Use stack policies to provision resources
C. Use parameters in a CloudFormation template Explanation Explanation/Reference:Reuse templates to replicate stacks in multiple environments After you have your stacks and resources set up, you can reuse your templates to replicate your infrastructure in multiple environments. For example, you can create environments for development, testing, and production so that you can test changes before implementing them into production. To make templates reusable, use the parameters, mappings, and conditions sections so that you can customize your stacks when you create them. For example, for your development environments, you can specify a lower-cost instance type compared to your production environment, but all other configurations and settings remain the same. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html#reuse
Question 495:
A company has developed a service that is deployed on a fleet of Linux-based Amazon EC2 instances that are in an Auto Scaling group. The service occasionally fails unexpectedly because of an error in the application code. The company's engineering team determines that resolving the underlying cause of the service failure could take several weeks.
A SysOps administrator needs to create a solution to automate recovery if the service crashes on any of the EC2 instances.
Which solutions will meet this requirement? (Choose two.)
A. Install the Amazon CloudWatch agent on the EC2 instances. Configure the CloudWatch agent to monitor the service. Set the CloudWatch action to restart if the service health check fails. B. Tag the EC2 instances. Create an AWS Lambda function that uses AWS Systems Manager Session Manager to log in to the tagged EC2 instances and restart the service. Schedule the Lambda function to run every 5 minutes. C. Tag the EC2 instances. Use AWS Systems Manager State Manager to create an association that uses the AWS-RunShellScript document. Configure the association command with a script that checks if the service is running and that starts the service if the service is not running. For targets, specify the EC2 instance tag. Schedule the association to run every 5 minutes. D. Update the EC2 user data that is specified in the Auto Scaling group's launch template to include a script that runs on a cron schedule every 5 minutes. Configure the script to check if the service is running and to start the service if the service is not running. Redeploy all the EC2 instances in the Auto Scaling group with the updated launch template. E. Update the EC2 user data that is specified in the Auto Scaling group's launch template to ensure that the service runs during startup. Redeploy all the EC2 instances in the Auto Scaling group with the updated launch template.
A. Install the Amazon CloudWatch agent on the EC2 instances. Configure the CloudWatch agent to monitor the service. Set the CloudWatch action to restart if the service health check fails. C. Tag the EC2 instances. Use AWS Systems Manager State Manager to create an association that uses the AWS-RunShellScript document. Configure the association command with a script that checks if the service is running and that starts the service if the service is not running. For targets, specify the EC2 instance tag. Schedule the association to run every 5 minutes.
Question 496:
A company has multiple AWS Site-to-Site VPN connections between a VPC and its branch offices. The company manages an Amazon Elasticsearch Service (Amazon ES) domain that is configured with public access. The Amazon ES domain has an open domain access policy. A SysOps administrator needs to ensure that Amazon ES can be accessed only from the branch offices while preserving existing data.
Which solution will meet these requirements?
A. Configure an identity-based access policy on Amazon ES. Add an allow statement to the policy that includes the Amazon Resource Name (ARN) for each branch office VPN connection. B. Configure an IP-based domain access policy on Amazon ES. Add an allow statement to the policy that includes the private IP CIDR blocks from each branch office network. C. Deploy a new Amazon ES domain in private subnets in a VPC, and import a snapshot from the old domain. Create a security group that allows inbound traffic from the branch office CIDR blocks. D. Reconfigure the Amazon ES domain in private subnets in a VPC. Create a security group that allows inbound traffic from the branch office CIDR blocks.
B. Configure an IP-based domain access policy on Amazon ES. Add an allow statement to the policy that includes the private IP CIDR blocks from each branch office network.
Question 497:
A SysOps administrator needs to secure the credentials for an Amazon RDS database that is created by an AWS CloudFormation template. The solution must encrypt the credentials and must support automatic rotation. Which solution will meet these requirements?
A. Create an AWS::SecretsManager::Secret resource in the CloudF ormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:secretsmanager dynamic reference. B. Create an AWS::SecretsManager::Secret resource in the CloudFormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:ssm-secure dynamic reference. C. Create an AWS::SSM::Parameter resource in he CloudFormation template. Reference the credentias in the AWS::RDS::DBInstance resource by using the resolve:ssm dynamic reference. D. Create parameters for the database credentials in the CloudFormation template. Use the Ref intrinsic function to provide the credentials to the AWS::RDS::DBInstance resource.
A. Create an AWS::SecretsManager::Secret resource in the CloudF ormation template. Reference the credentials in the AWS::RDS::DBInstance resource by using the resolve:secretsmanager dynamic reference. Explanation Explanation/Reference:AWS::SecretsManager::Secret resource to create secret and resolve:secretsmanager dynamic reference for AWS::RDS::DBInstance resource to reference it https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamicreferences.html https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_reference-secret.html
Question 498:
A company has an application that uses an Amazon RDS for MariaDB Multi-AZ database. The application becomes unavailable for several minutes every time the database experiences a failover during a planned maintenance event. What should a SysOps administrator do to reduce the downtime of the application during failover?
A. Create an RDS for MariaDB DB cluster that has multiple writer instances. Configure the application to retry failed queries on another primary node during maintenance events. B. Configure the RDS maintenance window settings to pool connections while a failover is in process. C. Configure an Amazon ElastiCache write-through cache for the database. Configure the application to connect to the cache instead of directly to the database. D. Create an RDS proxy that is associated with the database. Configure the application to connect to the proxy instead of directly to the database.
D. Create an RDS proxy that is associated with the database. Configure the application to connect to the proxy instead of directly to the database.
Question 499:
A SysOps administrator has been able to consolidate multiple, secure websites onto a single server, and each site is running on a different port. The administrator now wants to start a duplicate server in a second Availability Zone and put both behind a load balancer for high availability.
What would be the command line necessary to deploy one of the sites' certificates to the load balancer?
A. aws kms modify-listener ?load-balancer-name my-load-balancer - ertificates CertificateArn=arn:aws:iam::123456789012:server-certifiate/my-new-server-cert B. aws elb set-load-balancer-listener-ssl-certificate --load-balancer-name my-load-balancer ?load-balancer-port 443 ?ssl-certificate-id arn:aws:iam::123456789012:server-certificate/new-server-cert C. aws ec2 put-ssl-certificate ?load-balancer-name my-load-balancer ?load-balancer-port 443 ?ssl-certificate-id arn:aws:iam::123456789012:server-certificate/new-server-cert D. aws acm put-ssl-certificate ?load-balancer-name my-load-balancer ?load-balancer-port 443 ?ssl-certificate-id arn:aws:iam::123456789012:server-certificate/new-server-cert
A global company wants to allow anyone in the world to upload videos from a mobile phone. The company's mobile app uploads the videos across the public internet to an Amazon S3 bucket in the us-east-1 Region for further processing.
Videos that users upload from locations that are distant from us-east-1 have slower upload speeds than videos that users upload from close to us-east-1. In many cases, the slow uploads cause users from the distant locations to cancel their
uploads.
Which solution will improve the upload speeds for the users from distant locations?
A. Enable S3 Transfer Acceleration on the S3 bucket. Change the mobile app to use the S3 Transfer Acceleration endpoint for uploads. B. Create an S3 access point for the S3 bucket in several AWS Regions across the world. Change the mobile app to use the S3 access point endpoint for uploads. C. Use S3 Select on the S3 bucket. Change the mobile app to use the S3 Select global endpoint for uploads. D. Create new public Network Load Balancers (NLBs) in several AWS Regions across the world. Specify the S3 bucket as the target of the NLBs. Change the mobile app to use the closest NLB for uploads.
A. Enable S3 Transfer Acceleration on the S3 bucket. Change the mobile app to use the S3 Transfer Acceleration endpoint for uploads.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SOA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.