A company has an Auto Scaling group of Amazon EC2 instances that scale based on average CPU utilization. The Auto Scaling group events log indicates an InsufficientlnstanceCapacity error. Which actions should a SysOps administrator take to remediate this issue? (Select TWO.)
A. Change the instance type that the company is using. B. Configure the Auto Scaling group in different Availability Zones. C. Configure the Auto Scaling group to use different Amazon Elastic Block Store (Amazon EBS) volume sizes. D. Increase the maximum size of the Auto Scaling group. E. Request an increase in the instance service quota.
A. Change the instance type that the company is using. B. Configure the Auto Scaling group in different Availability Zones. Explanation Explanation/Reference:https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/troubleshooting-launch.html#troubleshooting-launch-capacity Solution To resolve the issue, try the following: Wait a few minutes and then submit your request again; capacity can shift frequently. Submit a new request with a reduced number of instances. For example, if you're making a single request to launch 15 instances, try making 3 requests for 5 instances, or 15 requests for 1 instance instead. ****If you're launching an instance, submit a new request without specifying an Availability Zone. ****If you're launching an instance, submit a new request using a different instance type (which you can resize at a later stage). For more information, see Change the instance type. If you are launching instances into a cluster placement group, you can get an insufficient capacity error. For more information, see Placement group rules and limitations.
Question 502:
A SysOps administrator is troubleshooting a website that will not load for users. The website is hosted by an Amazon CloudFront distribution that has an Amazon S3 bucket as the origin. The CloudFront distribution is named d11111abcdef8.cloudfront.net. The S3 bucket has the following Amazon Resource Name (ARN): arn:aws:s3:::example-com- website-files. The S3 bucket has S3 Block Public Access enabled. The SysOps administrator examines the website's DNS CNAME records and discovers that the record value is set to s3.amazonaws.com/example-com-website-files/.
What should the SysOps administrator do to configure the website for use with CloudFront?
A. Disable S3 Block Public Access on the S3 bucket. B. Create an S3 access point in the same AWS Region where the S3 bucket is located. Configure the access point policy to allow CloudFront to read from the S3 bucket. Point the CNAME record to the S3 access point name. C. Modify the value of the DNS CNAME record to be arn:aws:s3:::example-com-website- files instead of the S3 URL. D. Modify the value of the DNS CNAME record to be d11111abcdef8.cloudfront.net instead of the S3 URL.
D. Modify the value of the DNS CNAME record to be d11111abcdef8.cloudfront.net instead of the S3 URL.
Question 503:
A company is attempting to manage its costs in the AWS Cloud. A SysOps administrator needs specific company-defined tags that are assigned to resources to appear on the billing report.
What should the SysOps administrator do to meet this requirement?
A. Activate the tags as AWS generated cost allocation tags. B. Activate the tags as user-defined cost allocation tags. C. Create a new cost category. Select the account billing dimension. D. Create a new AWS Cost and Usage Report. Include the resource IDs.
B. Activate the tags as user-defined cost allocation tags. https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/custom-tags.html "User- defined tags are tags that you define, create, and apply to resources. After you have created and applied the user-defined tags, you can activate by using the Billing and Cost Management console for cost allocation tracking. " To meet this requirement, the SysOps administrator should activate the company-defined tags as user-defined cost allocation tags. This will ensure that the tags appear on the billing report and that the resources can be tracked with the specific tags. The other options (activating the tags as AWS generated cost allocation tags, creating a new cost category and selecting the account billing dimension, and creating a new AWS Cost and Usage Report and including the resource IDs) will not meet the requirements and are not the correct solutions for this issue.
Question 504:
A SysOps administrator migrates NAT instances to NAT gateways. After the migration, an application that is hosted on Amazon EC2 instances in a private subnet cannot access the internet. Which of the following are possible reasons for this problem? (Choose two.)
A. The application is using a protocol that the NAT gateway does not support. B. The NAT gateway is not in a security group. C. The NAT gateway is in an unsupported Availability Zone. D. The NAT gateway is not in the Available state. E. The port forwarding settings do not allow access to internal services from the internet.
A. The application is using a protocol that the NAT gateway does not support. D. The NAT gateway is not in the Available state. https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-troubleshooting.html#nat-gateway-troubleshooting-no-internet-connection
Question 505:
A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. A SysOpe administrator notices that some of these EC2 instances show up as heathy in the Auto Scaling g-out but show up as unhealthy in the ALB target group.
What is a possible reason for this issue?
A. Security groups ate rot allowing traffic between the ALB and the failing EC2 instances B. The Auto Seating group health check is configured for EC2 status checks C. The EC2 instances are failing to launch and failing EC2 status checks. D. The target group health check is configured with an incorrect port or path
D. The target group health check is configured with an incorrect port or path Explanation Explanation/Reference:Problem: Auto Scaling instances might pass the EC2 status checks. But they might fail the Elastic Load Balancing health checks for the target groups or Classic Load Balancers with which the Auto Scaling group is registered. Solution 1: To pass the Elastic Load Balancing health checks: OPTION D -> Verify that the security groups for your load balancer and Auto Scaling group are correctly configured.
Question 506:
A company's application is hosted by an internet provider at app.example.com. The company wants to access the application by using www.company.com, which the company owns and manages with Amazon Route 53. Which Route 53 record should be created to address this?
A. A record B. Alias record C. CNAME record D. Pointer (PTR) record
C. CNAME record You should never use a CNAME record for your root domain name (e.g. example.com). https://support.dnsimple.com/articles/differences-between-a-cname-alias-url/
Question 507:
A company has deployed an application on Amazon EC2 instances in a single VPC. The company has placed the EC2 instances in a private subnet in the VPC.
The EC2 instances need access to Amazon S3 buckets that are in the same AWS Region as the EC2 instances. A SysOps administrator must provide the EC2 instances with access to the S3 buckets without requiring any changes to the EC2 instances or the application. The EC2 instances must not have access to the internet.
Which solution will meet these requirements?
A. Create an S3 gateway endpoint that uses the default gateway endpoint policy. Associate the private subnet with the gateway endpoint. B. Create an S3 interface endpoint. Associate the EC2 instances with the interface endpoint. C. Configure a NAT gateway. Associate the private subnet with the NAT gateway. D. Configure a proxy EC2 instance. Update the private subnet route tables to route traffic through the proxy EC2 instance. Configure the proxy to route all S3 requests to the target S3 bucket.
A. Create an S3 gateway endpoint that uses the default gateway endpoint policy. Associate the private subnet with the gateway endpoint. Create an S3 gateway endpoint that uses the default gateway endpoint policy. Associate the private subnet with the gateway endpoint. Notes: Amazon S3 supports both gateway endpoints and interface endpoints. With a gateway endpoint, you can access Amazon S3 from your VPC, without requiring an internet gateway or NAT device for your VPC, and with no additional cost. However, gateway endpoints do not allow access from on-premises networks, from peered VPCs in other AWS Regions, or through a transit gateway. For those scenarios, you must use an interface endpoint, which is available for an additional cost. https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html Interface endpoints - These endpoints are directly accessible from applications that are on premises over VPN and AWS Direct Connect, or in a different AWS Region over VPC peering. https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html
Question 508:
A SysOps administrator must set up notifications for whenever combined billing exceeds a certain threshold for all AWS accounts within a company. The administrator has set up AWS Organizations and enabled Consolidated Billing. Which additional steps must the administrator perform to set up the billing alerts?
A. In the payer account: Enable billing alerts in the Billing and Cost Management console; publish an Amazon SNS message when the billing alert triggers. B. In each account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in Amazon CloudWatch; publish an SNS message when the alarm triggers. C. In the payer account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in the Billing and Cost Management console to publish an SNS message when the alarm triggers. D. In the payer account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in Amazon CloudWatch; publish an SNS message when the alarm triggers.
D. In the payer account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in Amazon CloudWatch; publish an SNS message when the alarm triggers.
Question 509:
A company is uploading important files as objects to Amazon S3 The company needs to be informed if an object is corrupted during the upload
What should a SysOps administrator do to meet this requirement?
A. Pass the Content-Disposition value as a request body during the object upload. B. Pass the Content-MD5 value as a request header during the object upload. C. Pass x-amz-objecWock-mode as a request header during the object upload D. Pass x-amz-server-side-encryption-customer-algorithm as a request body during the object upload.
B. Pass the Content-MD5 value as a request header during the object upload. Content-MD5 Header: The Content-MD5 header provides an MD5 checksum of the object being uploaded. Amazon S3 uses this checksum to verify the integrity of the object. Steps: This ensures that S3 can detect if the object is corrupted during the upload process. PUT Object - Amazon Simple Storage Service
Question 510:
A SysOps administrator has an AWS CloudFormation template that is used to deploy an encrypted Amazon Machine Image (AMI). The CloudFormation template will be used in a second account so the SysOps administrator copies the
encrypted AMI to the second account. When launching the new CloudFormation stack in the second account, it fails.
Which action should the SysOps administrator take to correct the issue?
A. Change the AMI permissions to mark the AMI as public. B. Deregister the AMI in the source account. C. Re-encrypt the destination AMI with an AWS Key Management Service (AWS KMS) key from the destination account. D. Update the CloudFormation template with the ID of the AMI in the destination account.
C. Re-encrypt the destination AMI with an AWS Key Management Service (AWS KMS) key from the destination account. While launching the instance from a shared encrypted AMI, you can specify a KMS key of your choice. You may also choose cmkSource to encrypt volumes in your account. However, we recommend that you re-encrypt the volumes using a KMS key in the target account. This protects you if the source KMS key is compromised, or if the source account revokes permissions, which could cause you to lose access to any encrypted volumes you created using cmkSource. https://aws.amazon.com/blogs/security/how-to-share-encrypted-amis-across-accounts-to-launch-encrypted-ec2-instances/
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SOA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.