A company hosts its website on Amazon EC2 instances behind an Application Load Balancer. The company manages its DNS with Amazon Route 53. and wants to point its domain's zone apex to the website.
Which type of record should be used to meet these requirements?
A. A CNAME record for the domain's zone apex B. An A record for the domain's zone apex C. An AAAA record for the domain's zone apex D. An alias record for the domain's zone apex
D. An alias record for the domain's zone apex The DNS protocol does not allow you to create a CNAME record for the top node of a DNS namespace, also known as the zone apex. For example, if you register the DNS name example.com, the zone apex is example.com. You cannot create a CNAME record for example.com, but you can create CNAME records for www.example.com, newproduct.example.com, and so on. In addition, if you create a CNAME record for a subdomain, you cannot create any other records for that subdomain. For example, if you create a CNAME for www.example.com, you cannot create any other records for which the value of the Name field is www.example.com.
Question 552:
A company is running workloads on premises and on AWS. A SysOps administrator needs to automate tasks across all servers on premises by using AWS services. The SysOps administrator must not install long-term credentials on the on-premises servers.
What should the SysOps administrator do to meet these requirements?
A. Create an IAM role and instance profile that include AWS Systems Manager permissions. Attach the role to the on-premises servers. B. Create a managed-instance activation in AWS Systems Manager. Install the Systems Manager Agent (SSM Agent) on the on-premises servers. Register the servers with the activation code and ID from the instance activation. C. Create an AWS managed IAM policy that includes the appropriate AWS Systems Manager permissions. Download the IAM policy to the on-premises servers. D. Create an IAM user and an access key. Log on to the on-premises servers and install the AWS CLI. Configure the access key in the AWS credentials file after the AWS CLI is successfully installed.
B. Create a managed-instance activation in AWS Systems Manager. Install the Systems Manager Agent (SSM Agent) on the on-premises servers. Register the servers with the activation code and ID from the instance activation.
Question 553:
A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.
What is the SIMPLEST approach the SysOps administrator can take to ensure S3 buckets in those accounts can never be deleted?
A. Set up MFA Delete on all the S3 buckets to prevent the buckets from being deleted. B. Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts. C. Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts. D. Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.
B. Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts. Explanation Explanation/Reference:If you're using AWS Organizations, check the service control policies for any statements that explicitly deny Amazon S3 access. In particular, check the service control policies for statements denying the s3:PutBucketPolicy action. https://aws.amazon.com/tw/premiumsupport/knowledge-center/s3-access-denied-bucket-policy/ https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
Question 554:
A restaurant has a service that receives and processes delivery orders. The restaurant uses Amazon EventBridge for its event bus and event-driven routing requirements. When an order is ready for delivery, the service sends an event to a delivery company. The event notifies the delivery company that the order is ready for pickup.
For a short time during a day that included many orders, the restaurant could not deliver order completion events to the delivery company. The reason was that the delivery company's order receiving service was experiencing errors. The restaurant needs the capability to reprocess the orders that were undelivered.
Which solution will ensure that the orders can be reprocessed?
A. Configure an Amazon Simple Queue Service (Amazon SQS) queue as a new target in EventBridge for existing events. For reprocessing, create an EventBridge rule that processes orders from the SQS queue. Specify the delivery company as the rule's target. B. Configure an archive in EventBridge. Specify an event pattern to ensure that events are sent to the archive. Use the EventBridge replay capability to replay events from the appropriate time period. C. Create an EventBridge rule that matches the pattern for failed orders from AWS CloudTrail. Specify the delivery company as the rule's target. D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Set up message filter policies to filter on failed events.
B. Configure an archive in EventBridge. Specify an event pattern to ensure that events are sent to the archive. Use the EventBridge replay capability to replay events from the appropriate time period.
Question 555:
A SysOps administrator wants to manage a web server application with AWS Elastic Beanstalk. The Elastic Beanstalk service must maintain full capacity for new deployments at all times. Which deployment policies satisfy this requirement? (Select TWO.)
A. All at once B. Immutable C. Rebuild D. Rolling E. Rolling with additional batch
B. Immutable E. Rolling with additional batch Explanation Explanation/Reference:Immutable deployments perform an immutable update to launch a full set of new instances running the new version of the application in a separate Auto Scaling group, alongside the instances running the old version. Immutable deployments can prevent issues caused by partially completed rolling deployments. If the new instances don't pass health checks, Elastic Beanstalk terminates them, leaving the original instances untouched. To maintain full capacity during deployments, you can configure your environment to launch a new batch of instances before taking any instances out of service. This option is known as a rolling deployment with an additional batch. When the deployment completes, Elastic Beanstalk terminates the additional batch of instances. https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rolling-version-deploy.html
Question 556:
A Sysops administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-I Region. The administrator finds that this template has failed to create an EC2 instance in the us-west-2 Region. What is one cause for this failure?
A. Resource tags defined in the CloudFormation template are specific to the us-east-I Region. B. The Amazon Machine Image (AMI) ID referenced in the CloudFormation template could not be found in the us-west-2 Region. C. The cfn-init script did not run during resource provisioning in the us-west-2 Region. D. The IAM user was not created in the specified Region.
B. The Amazon Machine Image (AMI) ID referenced in the CloudFormation template could not be found in the us-west-2 Region. Explanation Explanation/Reference:One possible cause for the failure of the CloudFormation template to create an EC2 instance in the us-west-2 Region is that the Amazon Machine Image (AMI) ID referenced in the template could not be found in the us-west-2 Region. This could be due to the fact that the AMI is not available in that region, or the credentials used to access the AMI were not configured properly. The other options (resource tags defined in the CloudFormation template are specific to the us-east-I Region, the cfn-init script did not run during resource provisioning in the us-west-2 Region, and the IAM user was not created in the specified Region) are not valid causes for this failure.
Question 557:
A company is using an Amazon DynamoDB table for data. A SysOps administrator must configure replication of the table to another AWS Region for disaster recovery. What should the SysOps administrator do to meet this requirement?
A. Enable DynamoDB Accelerator (DAX). B. Enable DynamoDB Streams, and add a global secondary index (GSI). C. Enable DynamoDB Streams, and add a global table Region. D. Enable point-in-time recovery.
C. Enable DynamoDB Streams, and add a global table Region. Explanation Explanation/Reference:By enabling DynamoDB Streams, you can capture changes (inserts, updates, and deletes) made to the DynamoDB table. This stream of changes can then be replicated to another AWS Region using the Global Table feature of DynamoDB. Global Tables automatically replicates the data across multiple AWS Regions, providing a fully managed, multi-Region, and multi-master database.
Question 558:
A SysOps administrator is helping a development team deploy an application to AWS Trie AWS CloudFormat on temp ate includes an Amazon Linux EC2 Instance an Amazon Aurora DB cluster and a hard coded database password that must be rotated every 90 days.
What is the MOST secure way to manage the database password?
A. Use the AWS SecretsManager Secret resource with the GenerateSecretString property to automatically generate a password Use the AWS SecretsManager RotationSchedule resource lo define a rotation schedule lor the password Configure the application to retrieve the secret from AWS Secrets Manager access the database B. Use me AWS SecretsManager Secret resource with the SecretStrmg property Accept a password as a CloudFormation parameter Use the AllowedPatteen property of the CloudFormaton parameter to require e minimum length, uppercase and lowercase letters and special characters Configure me application to retrieve the secret from AWS Secrets Manager to access the database C. Use the AWS SSM Parameter resource Accept input as a Qoudformatton parameter to store the parameter as a secure sting Configure the application to retrieve the parameter from AWS Systems Manager Parameter Store to access the database D. Use the AWS SSM Parameter resource Accept input as a Cloudf ormetton parameter to store the parameter as a string Configure the application to retrieve the parameter from AWS Systems Manager Parameter Store to access the database
A. Use the AWS SecretsManager Secret resource with the GenerateSecretString property to automatically generate a password Use the AWS SecretsManager RotationSchedule resource lo define a rotation schedule lor the password Configure the application to retrieve the secret from AWS Secrets Manager access the database
Question 559:
A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal.
Which action should a SysOps administrator take to improve the performance of the file system?
A. Configure the file system for Provisioned Throughput. B. Enable encryption in transit on the file system. C. Identify any unused files in the file system, and remove the unused files. D. Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.
A. Configure the file system for Provisioned Throughput.
Question 560:
An AWS Lambda function that uses a Python runtime is having performance issues. A SysOps administrator needs to enable debug logging on the Lambda Insights extension.
Which solution will meet this requirement?
A. Enable the Python debugger in the first line of the Lambda function by using pdb.set_trace(). B. Pass the LAMBDA_INSIGHTS=true parameter as the first parameter of the Lambda function. C. Set the following environment variable on the Lambda function: LAMBDA_INSIGHTS_LOG_LEVEL=info. D. Use the following command in the first line of the Python code to configure monitoring: DETAILED_MONITORING=true.
C. Set the following environment variable on the Lambda function: LAMBDA_INSIGHTS_LOG_LEVEL=info.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SOA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.