A SysOps administrator is responsible for the security of a company's AWS account. The company has a policy that a user may stop or terminate Amazon EC2 instances only when the user is authenticated by using a multi-factor authentication (MFA) device.
Which policy should the SysOps administrator apply to meet this requirement?
A. Option A B. Option B C. Option C D. Option D
A. Option A
Question 72:
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company's AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database.
What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?
A. Enter the DB instance connection string into the VPC1 route table. B. Configure VPC peering between the two VPCs. C. Add the same IPv4 CIDR range for both VPCs. D. Connect to the DB instance by using the DB instance's public IP address.
B. Configure VPC peering between the two VPCs. Explanation Explanation/Reference:VPC peering allows two VPCs to communicate with each other securely. By configuring VPC peering between the two VPCs, the SysOps administrator will be able to give the EC2 instance in VPC1 the ability to connect to the database in VPC2. Once the VPC peering is configured, the EC2 instance will be able to communicate with the database using the private IP address of the DB instance in the private subnet.
Question 73:
A company has a secure website running on Amazon EC2 instances behind an Application Load Balancer (ALB). An SSL certificate from AWS Certificate Manager (ACM) is used on the ALB. Users with legacy web browsers are experiencing issues with the website.
How should the SysOps administrator resolve these issues in the MOST operationally efficient manner?
A. Create a new SSL certificate in ACM and install the new certificate on the ALB to support legacy web browsers. B. Create a second ALB and install a custom SSL certificate with a different domain name on the second ALB to support legacy web browsers. C. Remove the ALB from the configuration and install a custom SSL certificate on each web server. D. Update the SSL negotiation configuration of the ALB with a security policy that contains ciphers for legacy web browsers.
D. Update the SSL negotiation configuration of the ALB with a security policy that contains ciphers for legacy web browsers. A client TLS negotiation error means that a TLS connection initiated by the client was unable to establish a session with the load balancer. TLS negotiation errors occur when clients try to connect to a load balancer using a protocol or cipher that the load balancer's security policy doesn't support. To establish a TLS connection, be sure that your client supports the following: One or more matching ciphers A protocol specified in the security policy
Question 74:
A SysOps administrator developed a Python script that uses the AWS SDK to conduct several maintenance tasks. The script needs to run automatically every night.
What is the MOST operationally efficient solution that meets this requirement?
A. Convert the Python script to an AWS Lambda (unction. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the function every night. B. Convert the Python script to an AWS Lambda function. Use AWS CloudTrail to invoke the function every night. C. Deploy the Python script to an Amazon EC2 Instance. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the instance to start and stop every night. D. Deploy the Python script to an Amazon EC2 instance. Use AWS Systems Manager to schedule the instance to start and stop every night.
A. Convert the Python script to an AWS Lambda (unction. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the function every night. Converting the Python script to an AWS Lambda function and using an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the function every night is a serverless and fully managed solution, which means that the administrator does not have to worry about managing the underlying infrastructure or scaling. AWS Lambda allows for easy deployment, scaling, and management of code in response to events. EventBridge (CloudWatch Events) provides a reliable way to schedule events and to invoke AWS services on a schedule.
Question 75:
A company's SysOps administrator regularly checks the AWS Personal Health Dashboard in each of the company's accounts. The accounts are part of an organization in AWS Organizations. The company recently added 10 more accounts to the organization. The SysOps administrator must consolidate the alerts from each account's Personal Health Dashboard.
Which solution will meet this requirement with the LEAST amount of effort?
A. Enable organizational view in AWS Health. B. Configure the Personal Health Dashboard in each account to forward events to a central AWS CloudTrail log. C. Create an AWS Lambda function to query the AWS Health API and to write all events to an Amazon DynamoDB table. D. Use the AWS Health API to write events to an Amazon DynamoDB table.
A. Enable organizational view in AWS Health. Explanation Explanation/Reference:Enabling the organizational view in AWS Health will allow the SysOps administrator to consolidate the alerts from each account's Personal Health Dashboard. It will also provide the administrator with a single view of all the accounts in the organization, allowing them to easily monitor the health of all the accounts in the organization. Reference: [1] https://aws.amazon.com/premiumsupport/knowledge-center/organizational-view-health-dashboard/
Question 76:
AnyCompany has acquired Example Corp and is attempting to consolidate the business systems of both companies. AnyCompany's IT department needs to integrate with Example Corp's IT ticketing system.
A SysOps administrator must implement a solution that uses Amazon CloudWatch alarms for Amazon EC2 instances in AnyCompany's account to create new tickets in Example Corp's ticketing system. The ticketing system provides an HTTPS endpoint for the creation of new tickets. The ticketing system accepts messages in the following JSON format:
Which approach to creating tickets from the CloudWatch alarms will meet these requirements with the LEAST development time?
A. Create an Amazon EventBridge rule that filters appropriate events and specifies EventBridge API destinations as a target. Configure EventBridge API destinations to send events to the HTTPS endpoint. In the EventBridge rule, create an input transformer to convert the source to a compatible output for the ticketing system. B. Create an Amazon EventBridge rule that filters appropriate events and specifies an Amazon Kinesis data stream as the target. Create an AWS Lambda function to receive events from the Kinesis data stream. Configure the Lambda function to start an AWS Glue job to transform the data and forward the output to the HTTPS endpoint. C. Create an Amazon EventBridge rule that filters appropriate events and specifies Amazon Simple Notification Service (Amazon SNS) as a target. Configure Amazon SNS to transform the events and send the events to the HTTPS endpoint. D. Create an Amazon EventBridge rule that filters appropriate events and specifies an AWS Step Functions state machine as a target. Create an AWS Lambda function and an AWS Glue job in Step Functions to transform the events and send the events to the HTTPS endpoint.
C. Create an Amazon EventBridge rule that filters appropriate events and specifies Amazon Simple Notification Service (Amazon SNS) as a target. Configure Amazon SNS to transform the events and send the events to the HTTPS endpoint. Option C requires the LEAST development time, it leverages Amazon SNS message to eliminate the need to write custom code or uttilize additional services like AWS Lambda or AWS Glue for data transformation. Option A would require more time because it would require custom code to change the events from CloudWatch alarms into the required JSON format. It will also would require you to configure the ticketing system to accept requests from Amazon EventBridge.
Question 77:
A company's financial department needs to view the cost details of each project in an AWS account A SysOps administrator must perform the initial configuration that is required to view cost for each project in Cost Explorer
Which solution will meet this requirement?
A. Activate cost allocation tags Add a project tag to the appropriate resources B. Configure consolidated billing Create AWS Cost and Usage Reports C. Use AWS Budgets Create AWS Budgets reports D. Use cost categories to define custom groups that are based on AWS cost and usage dimensions
A. Activate cost allocation tags Add a project tag to the appropriate resources Cost allocation tags are used to track AWS costs on a detailed level. By activating cost allocation tags and adding a project tag to the appropriate resources, the financial department will be able to view the cost details of each project in Cost Explorer. https://wa.aws.amazon.com/wat.concept.costalloctag.en.html#:~:text=You%20can%20use%20tags%20to,and%20track%20your%20AWS%20costs.
Question 78:
An application accesses databases that run on an Amazon Aurora PostgreSQL Multi-AZ DB cluster. The application is gaining more users and is experiencing an increased load. A SysOps administrator needs to improve the application performance by pooling and sharing database user connections.
Which solution will meet this requirement?
A. Increase the IOPS of the DB cluster. B. Use Amazon RDS Proxy to set up a proxy. Associate the proxy with the DB cluster. C. Enable Enhanced Monitoring on the DB cluster. Move the logs to Amazon CloudWatch. D. Enable Performance Insights for 35 days on the DB cluster.
B. Use Amazon RDS Proxy to set up a proxy. Associate the proxy with the DB cluster.
Question 79:
A company is managing multiple AWS accounts in AWS Organizations The company is reviewing internal security of Its AWS environment The company's security administrator has their own AWS account and wants to review the VPC configuration of developer AWS accounts.
Which solution will meet these requirements in the MOST secure manner?
A. Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to an IAM user Share the user credentials with the security administrator B. Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC actions Assign the policy to an IAM user Share the user credentials with the security administrator C. Create an IAM policy in each developer account that has administrator access related to VPC resources Assign the policy to a cross-account IAM role Ask the security administrator to assume the role from their account D. Create an IAM policy m each developer account that has read-only access related to VPC resources Assign the policy to a cross-account IAM role Ask the security administrator to assume the role from their account
D. Create an IAM policy m each developer account that has read-only access related to VPC resources Assign the policy to a cross-account IAM role Ask the security administrator to assume the role from their account Explanation Explanation/Reference:The most secure way for the security administrator to review the VPC configuration of developer AWS accounts would be to create an IAM policy in each developer account that has read-only access related to VPC resources and assign the policy to a cross-account IAM role. The security administrator can then assume the role from their own account to review the VPC configuration. This approach avoids sharing user credentials and provides the security administrator with the necessary permissions to review the VPC configuration without granting unnecessary access.
Question 80:
A SysOps Administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance. The administrator has been tasked with reconfiguring the infrastructure to support this approach.
How can the administrator accomplish this with the LEAST administrative overhead?
A. Use Amazon CloudFront to log the URL and forward the request. B. Use Amazon CloudFront to rewrite the header based on the microservice and forward the request. C. Use an Application Load Balancer (ALB) and do path-based routing. D. Use a Network Load Balancer (NLB) and do path-based routing.
C. Use an Application Load Balancer (ALB) and do path-based routing. Explanation Explanation/Reference:https://aws.amazon.com/premiumsupport/knowledge-center/elb-achieve-path-based-routing-alb/
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SOA-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.