A SysOps administrator is reviewing VPC Flow Logs to troubleshoot connectivity issues in a VPC. While reviewing the logs, the SysOps administrator notices that rejected traffic is not listed.
What should the SysOps administrator do to ensure that all traffic is logged?
A. Create a new flow log that has a filter setting to capture all traffic. B. Create a new flow log. Set the log record format to a custom format. Select the proper fields to include in the log. C. Edit the existing flow log. Change the filter setting to capture all traffic. D. Edit the existing flow log. Set the log record format to a custom format. Select the proper fields to include in the log.
A. Create a new flow log that has a filter setting to capture all traffic. Flow logs can help you with a number of tasks, such as: Diagnosing overly restrictive security group rules Monitoring the traffic that is reaching your instance Determining the direction of the traffic to and from the network interfaces Flow log data is collected outside of the path of your network traffic, and therefore does not affect network throughput or latency. You can create or delete flow logs without any risk of impact to network performance.
Question 62:
A company has migrated its application to AWS. The company will host the application on Amazon EC2 instances of multiple instance families. During initial testing, a SysOps administrator identifies performance issues on selected EC2
instances. The company has a strict budget allocation policy, so the SysOps administrator must use the right resource types with the performance characteristics to match the workload.
What should the SysOps administrator do to meet this requirement?
A. Purchase regional Reserved Instances (RIs) for immediate cost savings. Review and take action on the EC2 rightsizing recommendations in Cost Explorer. Exchange the RIs for the optimal instance family after rightsizing. B. Purchase zonal Reserved Instances (RIs) for the existing instances. Monitor the RI utilization in the AWS Billing and Cost Management console. Make adjustments to instance sizes to optimize utilization. C. Review and take action on AWS Compute Optimizer recommendations. Purchase Compute Savings Plans to reduce the cost that is required to run the compute resources. D. Review resource utilization metrics in the AWS Cost and Usage Report. Rightsize the EC2 instances. Create On-Demand Capacity Reservations for the rightsized resources.
C. Review and take action on AWS Compute Optimizer recommendations. Purchase Compute Savings Plans to reduce the cost that is required to run the compute resources.
Question 63:
A SysOps administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a company's account. The administrator must be alerted to potential issues.
What should the administrator do to receive email alerts before low storage space affects EC2 instance performance?
A. Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications B. Use AWS CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic. C. Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic. D. Use AWS Trusted Advisor and enable email notification alerts for EC2 disk space
C. Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic.
Question 64:
A company is creating a new multi-account architecture. A Sysops administrator must implement a login solution to centrally manage user access and permissions across all AWS accounts. The solution must be integrated with AWS Organizations and must be connected to a third-party Security Assertion Markup Language (SAML) 2.0 identity provider (IdP).
What should the SysOps administrator do to meet these requirements?
A. Configure an Amazon Cognito user pool. Integrate the user pool with the third-party IdP. B. Enable and configure AWS Single Sign-On with the third-party IdP. C. Federate the third-party IdP with AWS Identity and Access Management (IAM) for each AWS account in the organization. D. Integrate the third-party IdP directly with AWS Organizations.
B. Enable and configure AWS Single Sign-On with the third-party IdP. AWS Single Sign-On (AWS SSO) is an AWS service that enables you to manage access to multiple AWS accounts and business applications through a single AWS SSO portal. It is designed to work with your identity provider (IdP) using Security Assertion Markup Language (SAML) 2.0, which makes it easy to set up federation with AWS SSO. With AWS SSO, you can centrally manage users and permissions for all your AWS accounts and business applications from your AWS SSO directory. AWS SSO is integrated with AWS Organizations, which allows you to manage access to all the AWS accounts in your organization.
Question 65:
A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template it installs and configure necessary software through AWS OpsWorks and takes images of each EC2 instance. The
process of installing and configuring software can take between 2 to 3 hours but at limes the process stalls due to installation errors.
The SysOps administrator must modify the CloudFormation template so if the process stalls, the entire stack will tail and roil back.
Based on these requirements what should be added to the template?
A. Conditions with a timeout set to 4 hours. B. CreationPolicy with timeout set to 4 hours. C. DependsOn a timeout set to 4 hours. D. Metadata with a timeout set to 4 hours
B. CreationPolicy with timeout set to 4 hours. Explanation Explanation/Reference:When you provision an Amazon EC2 instance in an AWS CloudFormation stack, you might specify additional actions to configure the instance, such as install software packages or bootstrap applications. Normally, CloudFormation proceeds with stack creation after the instance has been successfully created. However, you can use a CreationPolicy so that CloudFormation proceeds with stack creation only after your configuration actions are done. That way you'll know your applications are ready to go after stack creation succeeds. A CreationPolicy instructs CloudFormation to wait on an instance until CloudFormation receives the specified number of signals. This policy takes effect only when CloudFormation creates the instance. Ref link: https://aws.amazon.com/blogs/devops/use-a-creationpolicy-to-wait-for-on-instance-configurations/ Ref link: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-creationpolicy.html
Question 66:
A company has scientists who upload large data objects to an Amazon S3 bucket. The scientists upload the objects as multipart uploads. The multipart uploads often fail because of poor end-client connectivity.
The company wants to optimize storage costs that are associated with the data. A SysOps administrator must implement a solution that presents metrics for incomplete uploads. The solution also must automatically delete any incomplete uploads after 7 days.
Which solution will meet these requirements?
A. Review the Incomplete Multipart Upload Bytes metric in the S3 Storage Lens dashboard. Create an S3 Lifecycle policy to automatically delete any incomplete multipart uploads after 7 days. B. Implement S3 Intelligent-Tiering to move data into lower-cost storage classes after 7 days. Create an S3 Storage Lens policy to automatically delete any incomplete multipart uploads after 7 days. C. Access the S3 console. Review the Metrics tab to check the storage that incomplete multipart uploads are consuming. Create an AWS Lambda function to delete any incomplete multipart uploads after 7 days. D. Use the S3 analytics storage class analysis tool to identify and measure incomplete multipart uploads. Configure an S3 bucket policy to enforce restrictions on multipart uploads to delete incomplete multipart uploads after 7 days.
A. Review the Incomplete Multipart Upload Bytes metric in the S3 Storage Lens dashboard. Create an S3 Lifecycle policy to automatically delete any incomplete multipart uploads after 7 days.
Question 67:
A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations. What should a SysOps administrator do to implement this requirement?
A. Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the AWS Management Console. B. Develop an IAM policy that limits the business units to provision EC2 instances only. Instruct the business units to launch instances by using an AWS CloudFormation template. C. Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog. Allow the business units to perform actions in AWS Service Catalog only. D. Share an AWS CloudFormation template with the business units. Instruct the business units to pass a role to AWS CloudFormation to allow the service to manage EC2 instances.
C. Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog. Allow the business units to perform actions in AWS Service Catalog only.
Question 68:
A SysOps administrator is setting up a fleet of Amazon EC2 instances in an Auto Scaling group for an application. The fleet should have 50% CPU available at that times to accommodate bursts of traffic. The load will increase significantly between the hours of
09:00 and 17:00,7 days a week.
How should the SysOps administrator configure the scaling of the EC2 instances to meet these requirements?
A. Create a target tracking scaling policy that runs when the CPU utilization is higher than 90% B. Create a target tracking scaling policy that runs when the CPU utilization is higher than 50%. Create a scheduled scaling policy that ensures that the fleet is available at 09:00 Create a second scheduled scaling policy that scales in the fleet at 17:00 C. Set the Auto Scaling group to start with 2 instances by setting the desired instances maximum instances, and minimum instances to 2 Create a scheduled scaling policy that ensures that the fleet is available at 09:00 D. Create a scheduled scaling policy that ensures that the fleet is available at 09.00. Create a second scheduled scaling policy that scales in the fleet at 17:00
B. Create a target tracking scaling policy that runs when the CPU utilization is higher than 50%. Create a scheduled scaling policy that ensures that the fleet is available at 09:00 Create a second scheduled scaling policy that scales in the fleet at 17:00 Create a target tracking scaling policy that runs when the CPU utilization is higher than 50%: This ensures that the fleet will have 50% CPU available at all times to accommodate bursts of traffic. Create a scheduled scaling policy that ensures that the fleet is available at 09:00: By scheduling the scaling action, the SysOps administrator can ensure that the number of instances is increased before the load increases significantly at 09:00. Create a second scheduled scaling policy that scales in the fleet at 17:00: Similarly, this second scheduled scaling policy allows scaling in the fleet after the peak hours are over at 17:00, which helps in optimizing costs during low traffic periods.
Question 69:
A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations.
Which solution will meet this requirement?
A. Configure Amazon Cognito to detect any compromised IAM credentials. B. Set up Amazon Inspector. Scan and monitor resources for unauthorized logins. C. Set up AWS Config. Add the iam-policy-blacklisted-check managed rule to the account. D. Configure Amazon GuardDuty to monitor the UnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding.
D. Configure Amazon GuardDuty to monitor the UnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding. Explanation Explanation/Reference:Guar duty IAM finding types: UnauthorizedAccess:IAMUser/ConsoleLoginSuccess.B UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.InsideAWS UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.OutsideAWS UnauthorizedAccess:IAMUser/MaliciousIPCaller UnauthorizedAccess:IAMUser/MaliciousIPCaller.Custom UnauthorizedAccess:IAMUser/TorIPCaller
Question 70:
The SysOps administrator needs to create a key policy that grants data engineers least privilege access to decrypt and read data from an S3 bucket encrypted with KMS.
A. "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:Encrypt", "kms:DescribeKey" B. "kms:ListAliases", "kms:GetKeyPolicy", "kms:Describe*", "kms:Decrypt" C. "kms:ListAliases", "kms:DescribeKey", "kms:Decrypt" D. "kms:Update*", "kms:TagResource", "kms:Revoke*", "kms:Put*", "kms:List*", "kms:Get*", "kms:Enable*", "kms:Disable*", "kms:Describe*", "kms:Delete*", "kms:Create*", kms:CancelKeyDeletion
C. "kms:ListAliases", "kms:DescribeKey", "kms:Decrypt"
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SOA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.