A company is expanding its use of AWS services across its portfolios The company wants to provision AWS accounts for each team to ensure a separation of business processes for security compliance and billing Account creation and bootstrapping should be completed m a scalable and efficient way so new accounts are created with a defined baseline and governance guardrails in place A SysOps administrator needs to design a provisioning process that saves time and resources.
Which action should be taken to meet these requirements?
A. Automate using AWS Elastic Beanstalk to provision the AWS accounts set up infrastructure and integrate with AWS Organizations B. Create bootstrapping scripts in AWS OpsWorks and combine them with AWS CloudFormation templates to provision accounts and infrastructure C. Use AWS Config to provision accounts and deploy instances using AWS Service Catalog D. Use AWS Control Tower to create a template in Account Factory and use the template to provision new accounts
D. Use AWS Control Tower to create a template in Account Factory and use the template to provision new accounts If you are hosting more than a handful of accounts, it's beneficial to have an orchestration layer that facilitates account deployment and account governance. You can adopt AWS Control Tower as your primary way to provision accounts and infrastructure. With AWS Control Tower, you can more easily adhere to corporate standards, meet regulatory requirements, and follow best practices. AWS Control Tower enables end users on your distributed teams to provision new AWS accounts quickly, by means of configurable account templates in Account Factory. Meanwhile, your central cloud administrators can monitor that all accounts are aligned with established, company-wide compliance policies.
Question 542:
A company's IT department noticed an increase in the spend of their developer AWS account. There are over 50 developers using the account, and the finance team wants to determine the service costs incurred by each developer. What should a SysOps administrator do to collect this information? (Select TWO.)
A. Activate the createdBy tag in the account. B. Analyze the usage with Amazon CloudWatch dashboards. C. Analyze the usage with Cost Explorer. D. Configure AWS Trusted Advisor to track resource usage. E. Create a billing alarm in AWS Budgets.
A. Activate the createdBy tag in the account. C. Analyze the usage with Cost Explorer.
Question 543:
A company has a high performance computing (HPC) application that runs on Amazon EC2 instances. The application requires minimum latency and maximum network throughput between nodes. How should a SysOps administrator deploy the EC2 instances to meet these requirements?
A. Use a cluster placement group in a single Availability Zone. B. Use a cluster placement group across multiple Availability Zones. C. Use a partition placement group in a single Availability Zone. D. Use a partition placement group across multiple Availability Zones.
A. Use a cluster placement group in a single Availability Zone.
Question 544:
A company hosts a static website on Amazon S3. An Amazon CloudFront distribution presents this site to global users. The company uses the Managed-CachingDisabled CloudFront cache policy. The company's developers confirm that they
frequently update a file in Amazon S3 with new information.
Users report that the website presents correct information when the website first loads the file. However, the users' browsers do not retrieve the updated file after a refresh.
What should a SysOps administrator recommend to fix this issue?
A. Add a Cache-Control header field with max-age=0 to the S3 object. B. Change the CloudFront cache policy to Managed-CachingOptimized. C. Disable bucket versioning in the S3 bucket configuration. D. Enable content compression in the CloudFront configuration.
A. Add a Cache-Control header field with max-age=0 to the S3 object. You can control how long your files stay in a CloudFront cache before CloudFront forwards another request to your origin. Reducing the duration allows you to serve dynamic content. Increasing the duration means that your users get better performance because your files are more likely to be served directly from the edge cache. A longer duration also reduces the load on your origin. To change the cache duration for an individual file, you can configure your origin to add a Cache-Control header with the max-age or s-maxage directive, or an Expires header to the file. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html
Question 545:
A company has an existing public web application for www.example.com. The Application Load Balancer (ALB) is configured with a single HTTP 80 listener. A SysOps administrator must ensure that all web requests to www.example.com are encrypted between the client and the ALB.
The SysOps administrator already has requested and validated a public certificate for www.example.com in AWS Certificate Manager (ACM). Existing users of the application must not be required to change the endpoint to which they are connecting.
Which additional set of steps should the SysOps administrator take to meet these requirements?
A. Create an additional ALB listener for HTTPS on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate. B. Create an additional ALB listener for HTTPS on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate. Delete the original HTTP listener on port 80. C. Modify the ALB default rule for the HTTP port 80 listener. Create a rule in the listener to forward all traffic for the host www example.com to the target group. Specify the ACM certificate that was created for www.example.com as the default SSL certificate. D. Modify the ALB default rule for the HTTP port 80 listener to redirect to HTTPS on port 443. Create an additional HTTPS listener on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www example.com as the default SSL certificate.
D. Modify the ALB default rule for the HTTP port 80 listener to redirect to HTTPS on port 443. Create an additional HTTPS listener on port 443. Set the default action to forward all traffic to the target group. Specify the ACM certificate that was created for www example.com as the default SSL certificate.
Question 546:
A company currently runs its infrastructure within a VPC in a single Availability Zone. The VPC is connected to the company's on-premises data center through an AWS Site-to-Site VPN connection attached to a virtual private gateway. The on-premises route tables route all VPC networks to the VPN connection. Communication between the two environments is working correctly. A SysOps administrator created new VPC subnets within a new Availability Zone, and deployed new
resources within the subnets. However, communication cannot be established between the new resources and the on-premises environment. Which steps should the SysOps administrator take to resolve the issue?
A. Add a route to the route tables of the new subnets that send on-premises traffic to the virtual private gateway. B. Create a ticket with AWS Support to request adding Availability Zones to the Site-to-Site VPN route configuration. C. Establish a new Site-to-Site VPN connection between a virtual private gateway attached to the new Availability Zone and the on-premises data center. D. Replace the Site-to-Site VPN connection with an AWS Direct Connect connection.
A. Add a route to the route tables of the new subnets that send on-premises traffic to the virtual private gateway. Explanation Explanation/Reference:When new subnets are created within a new Availability Zone, they are associated with their own route tables. By default, these route tables do not have the necessary route to direct traffic from the new subnets to the on-premises data center via the existing Site-to-Site VPN connection. The SysOps administrator needs to add a route in the route table of the new subnets that points to the virtual private gateway, just like the route that is already present in the route table of the existing subnet.
Question 547:
A company is running Amazon EC2 On-Demand Instances in an Auto Scaling group. The instances process messages from an Amazon Simple Queue Service (Amazon SQS) queue. The Auto Scaling group is set to scale based on the number of messages in the queue. Messages can take up to 12 hours to process completely. A SysOps administrator must ensure that instances are not interrupted during message processing.
What should the SysOps administrator do to meet these requirements?
A. Enable instance scale-in protection for the specific instance in the Auto Scaling group at the start of message processing by calling the Amazon EC2 Auto Scaling API from the processing script. Disable instance scale-in protection after message processing is complete by calling the Amazon EC2 Auto Scaling API from the processing script. B. Set the Auto Scaling group's termination policy to OldestInstance. C. Set the Auto Scaling group's termination policy to OldestLaunchConfiguration. D. Suspend the Launch and Terminate scaling processes for the specific instance in the Auto Scaling group at the start of message processing by calling the Amazon EC2 Auto Scaling API from the processing script. Resume the scaling processes after message processing is complete by calling the Amazon EC2 Auto Scaling API from the processing script.
A. Enable instance scale-in protection for the specific instance in the Auto Scaling group at the start of message processing by calling the Amazon EC2 Auto Scaling API from the processing script. Disable instance scale-in protection after message processing is complete by calling the Amazon EC2 Auto Scaling API from the processing script. # Enable instance scale-in protection for specific instance. aws autoscaling set-instance-protection --instance-ids i-5f2e8a0d --auto-scaling-group-name my-asg --protected-from-scale-in # Disable instance scale-in protection for the specified instance. aws autoscaling set-instance-protection --instance-ids i-5f2e8a0d --auto-scaling-group-name my-asg --no-protected-from-scale-in https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html
Question 548:
A SysOps administrator has successfully deployed a VPC with an AWS Cloud Formation template The SysOps administrator wants to deploy me same template across multiple accounts that are managed through AWS Organizations. Which solution will meet this requirement with the LEAST operational overhead?
A. Assume the OrganizationAccountAcccssKolc IAM role from the management account. Deploy the template in each of the accounts B. Create an AWS Lambda function to assume a role in each account Deploy the template by using the AWS CloudFormation CreateStack API call C. Create an AWS Lambda function to query fc a list of accounts Deploy the template by using the AWS Cloudformation CreateStack API call. D. Use AWS CloudFormation StackSets from the management account to deploy the template in each of the accounts
D. Use AWS CloudFormation StackSets from the management account to deploy the template in each of the accounts Explanation Explanation/Reference:AWS CloudFormation StackSets extends the capability of stacks by enabling you to create, update, or delete stacks across multiple accounts and AWS Regions
Question 549:
A company has an Amazon RDS for MySQL DB instance that is configured as a Single-AZ DB instance. A SysOps administrator must configure the DB instance to fail over automatically in the event of a failure.
Which action will meet this requirement?
A. Change the DB instance to an RDS for PostgreSQL DB instance. B. Modify the DB instance to be a Multi-AZ DB instance. C. Create a read replica of the DB instance. D. Enable automated backups for the DB instance.
B. Modify the DB instance to be a Multi-AZ DB instance.
Question 550:
While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS The customer gateway device resides in a data center with a NAT gateway in front of it. What address should be used to create the customer gateway resource?
A. The private IP address of the customer gateway device B. The MAC address of the NAT device in front of the customer gateway device C. The public IP address of the customer gateway device D. The public IP address of the NAT device in front of the customer gateway device
D. The public IP address of the NAT device in front of the customer gateway device
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SOA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.