A company decides to stop non-production Amazon EC2 instances during the EC2 instances. The company's IT manager must receive notification in near real time whenever an EC2 instance that has an environment type tag value of non-production is started during the night.
Which solution will meet this requirement with the MOST operational efficiency?
A. Configure an AWS Lambda function with an SMTP client library. Subscribe the Lambda function to the AWS Health Dashboard to receive notification whenever an EC2 instance is in the running state. Configure the Lambda function to use Amazon Pinpoint to send email notifications to the IT manager. Deploy a second Lambda function to throttle calls from the first Lambda function during the daytime. B. Deploy an AWS Lambda function that queries the Amazon EC2 API to determine the state of each EC2 instance. Use the EC2 instance scheduler to configure the Lambda function to run every minute during the night and to send an email notification to the IT manager for each non-production EC2 instance that is in the running state. C. Create an Amazon EventBridge rule that includes the EC2 Instance State-change Notification event type. Filter the event to capture only the running state. Create an AWS Lambda function as a target of the rule. Configure the Lambda function to check the current time and the EC2 instances' tags to determine the environment type. Create an Amazon Simple Notification Service (Amazon SNS) topic as a target of the Lambda function for notifications. Subscribe the IT manager's email address to the SNS topic. D. Store the EC2 instance metadata, including the environment type, in an Amazon DynamoDB table. Deploy a custom application to an EC2 instance. Configure the custom application to poll the DynamoDB data every minute during the night and to query the Amazon EC2 API to determine the state of each instance. Additionally, configure the custom application to send an email notification to the IT manager for each non-production EC2 instance that is in the running state.
C. Create an Amazon EventBridge rule that includes the EC2 Instance State-change Notification event type. Filter the event to capture only the running state. Create an AWS Lambda function as a target of the rule. Configure the Lambda function to check the current time and the EC2 instances' tags to determine the environment type. Create an Amazon Simple Notification Service (Amazon SNS) topic as a target of the Lambda function for notifications. Subscribe the IT manager's email address to the SNS topic.
Question 612:
A company's security policy requires incoming SSH traffic to be restricted to a defined set of addresses. The company is using an AWS Config rule to check whether security groups allow unrestricted incoming SSH traffic.
A SysOps administrator discovers a noncompliant resource and fixes the security group manually. The SysOps administrator wants to automate the remediation of other noncomphant resources.
What is the MOST operationally efficient solution that meets these requirements?
A. Create an Amazon CloudWatch alarm for the AWS Config rule's status metric Create an AWS Lambda function that can remove the noncompliant rule from the security group. Configure the alarm action to invoke the Lambda function. B. Configure an automatic remediation action on the AWS Config rule Specify the AWS- DisablelncommgSSHOnPort22 remediation action. C. Configure an Amazon EventBridge rule for AWS Config configuration item change events. Create an AWS Lambda function that can remove the noncompliant rule from the security group. Configure the rule to invoke the Lambda function. D. Create an AWS Lambda function that can analyze a security group's inbound rules to check for unrestricted SSH access. Configure the Lambda function to remove the noncompliant rule from the security group. Configure an Amazon EventBridge rule to invoke the Lambda function every hour.
B. Configure an automatic remediation action on the AWS Config rule Specify the AWS- DisablelncommgSSHOnPort22 remediation action.
Question 613:
A company requires that all activity in its AWS account be logged using AWS CloudTrail. Additionally, a SysOps administrator must know when CloudTrail log files are modified or deleted. How should the SysOps administrator meet these requirements?
A. Enable log file integrity validation. Use the AWS CLI to validate the log files. B. Enable log file integrity validation. Use the AWS CloudTrail Processing Library to validate the log files. C. Use CloudTrail Insights to monitor the log files for modifications. D. Use Amazon CloudWatch Logs to monitor the log files for modifications.
A. Enable log file integrity validation. Use the AWS CLI to validate the log files. To validate logs with the AWS Command Line Interface, use the CloudTrail validate-logs command. The command uses the digest files delivered to your Amazon S3 bucket to perform the validation. For information about digest files, see CloudTrail digest file structure. The AWS CLI allows you to detect the following types of changes: Modification or deletion of CloudTrail log files Modification or deletion of CloudTrail digest files Modification or deletion of both of the above https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-cli.html
Question 614:
CORRECT TEXT
If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the console by using the AWS Management Console shortcut from the VM desktop.
If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V. Configure Amazon EventBridge to meet the following requirements.
1. Use the us-east-2 Region for all resources.
2. Unless specified below, use the default configuration settings.
3. Use your own resource naming unless a resource name is specified below.
4. Ensure all Amazon EC2 events in the default event bus are replayable for the past 90 days.
5. Create a rule named RunFunction to send the exact message {"name":"example") every 15 minutes to an existing AWS Lambda function named LogEventFunction
6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2 Spot Instance is interrupted.
Do NOT create any topic subscriptions.
The notification must match the following structure:
Input path:
{`instance`:`detail.instance-id}
Input template:
`The EC2 Spot Instance has been interrupted.`
Important: Click the Next button to complete this lab and continue to the next lab. Once you click the Next button, you will NOT be able to return to this lab.
A. Check the answer in explanation. B. Place Holder
A. Check the answer in explanation.
Question 615:
A SysOps administrator needs to configure an Amazon S3 bucket to host a web application. The SysOps administrator has created the S3 bucket and has copied the static files for the web application to the S3 bucket.
The company has a policy that all $3 buckets must not be public.
What should the SysOps administrator do to meet these requirements?
A. Create an Amazon CloudFront distribution. Configure the S3 bucket as an origin with an origin access identity (OAI). Give the OAI the s3:GetObject permission in the S3 bucket policy. B. Configure static website hosting in the S3 bucket. Use Amazon Route 53 to create a DNS CNAME to point to the S3 website endpoint. C. Create an Application Load Balancer (ALB). Change the protocol to HTTPS in the ALB listener configuration. Forward the traffic to the S3 bucket. D. Create an accelerator in AWS Global Accelerator. Set up a listener configuration for port 443. Set the endpoint type to forward the traffic to the S3 bucket.
A. Create an Amazon CloudFront distribution. Configure the S3 bucket as an origin with an origin access identity (OAI). Give the OAI the s3:GetObject permission in the S3 bucket policy.
Question 616:
A SysOps administrator needs to deploy a critical update to a web application that runs on Amazon EC2 instances. The SysOps administrator must minimize application downtime during the update. The SysOps administrator also must minimize the risk of a failed deployment of the update.
Which deployment types will meet these requirements? (Select TWO.)
A. All-at-once deployment B. Blue/green deployment C. Canary deployment D. Immutable deployment E. In-place deployment
B. Blue/green deployment D. Immutable deployment
Question 617:
A SysOps administrator must ensure that all of a company's current and future Amazon S3 buckets have logging enabled If an S3 bucket does not have logging enabled an automated process must enable logging for the S3 bucket.
Which solution will meet these requirements?
A. Use AWS Trusted Advisor 10 perform a check for S3 buckets that do not have logging enabled Configure the check to enable logging for S3 buckets that do not have logging enabled. B. Configure an S3 bucket policy that requires all current and future S3 buckets to have logging enabled C. Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediation action that uses an AWS Lambda function to enable logging. D. Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediation action that uses the AWS-ConfigureS3BucketLoggmg AWS Systems Manager Automation runbook to enable logging.
C. Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediation action that uses an AWS Lambda function to enable logging. D. Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediation action that uses the AWS-ConfigureS3BucketLoggmg AWS Systems Manager Automation runbook to enable logging. AWS Config Managed Rule for S3 Logging: The s3-bucket-logging-enabled AWS Config rule checks whether S3 buckets have logging enabled. Steps: AWS Config Managed Rules Using AWS Lambda for Remediation: Create a Lambda function that enables logging on S3 buckets. Steps: Write a Lambda function in Python or Node.js to enable logging. Configure the function to trigger on non-compliant buckets. AWS Lambda Using AWS Systems Manager Automation: The AWS-ConfigureS3BucketLogging runbook automates enabling logging. Steps: Go to the AWS Management Console. Navigate to Systems Manager. Create an Automation document or use the existing AWS-ConfigureS3BucketLogging runbook. Configure the remediation action to use this runbook. AWS Systems Manager Automation
Question 618:
A company is building an interactive application for personal finance. The application stores financial data in Amazon S3, and the data must be encrypted. The company does not want to provide its own encryption keys. However, the company wants to maintain an audit trail that shows when an encryption key was used and who used the key.
Which solution will meet these requirements?
A. Use client-side encryption with client-provided keys. Upload the encrypted user data to Amazon S3. B. Use server-side encryption with S3 managed encryption keys (SSE-S3) to encrypt the user data on Amazon S3. C. Use server-side encryption with customer-provided encryption keys (SSE-C) to encrypt the user data on Amazon S3. D. Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) to encrypt the user data on Amazon S3.
D. Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) to encrypt the user data on Amazon S3. Explanation Explanation/Reference:https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#auditing_key_use
Question 619:
A company's SysOps administrator attempts to restore an Amazon Elastic Block Store (Amazon EBS) snapshot. However, the snapshot is missing because another system administrator accidentally deleted the snapshot. The company needs the ability to recover snapshots for a specified period of time after snapshots are deleted.
Which solution will provide this functionality?
A. Turn on deletion protection on individual EBS snapshots that need to be kept. B. Create an IAM policy that denies the deletion of EBS snapshots by using a condition statement for the snapshot age Apply the policy to all users C. Create a Recycle Bin retention rule for EBS snapshots for the desired retention period. D. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule an AWS Lambda function to copy EBS snapshots to Amazon S3 Glacier.
C. Create a Recycle Bin retention rule for EBS snapshots for the desired retention period. New Recycle Bin In order to give you more control over the deletion process, we are launching a Recycle Bin for EBS Snapshots. As you will see in a moment, you can now set up rules to retain deleted snapshots so that you can recover them after an accidental deletion. You can think of this as a two-level model, where individual AWS users are responsible for the initial deletion, and then a designated "Recycle Bin Administrator" (as specified by an IAM role) manages retention and recovery.
Question 620:
A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Users are reporting random logouts from the web application.
Which combination of actions should a SysOps administrator take to resolve this problem? (Select TWO.)
A. Change to the least outstanding requests algorithm on the ALB target group. B. Configure cookie forwarding in the CloudFront distribution's cache behavior settings. C. Configure header forwarding in the CloudFront distribution's cache behavior settings. D. Enable group-level stickiness on the ALB listener rule for the target groups. E. Enable sticky sessions on the ALB target group.
B. Configure cookie forwarding in the CloudFront distribution's cache behavior settings. E. Enable sticky sessions on the ALB target group. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html You can configure each cache behavior to do one of the following: Forward all cookies to your origin CloudFront includes all cookies sent by the viewer when it forwards requests to the origin. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/sticky-sessions.html By default, an Application Load Balancer routes each request independently to a registered target based on the chosen load-balancing algorithm.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SOA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.