Browsed by
Category: AWS Certified Associate

[Newest Version] Easily Pass DVA-C01 Exam with Updated Real DVA-C01 Exam Materials

[Newest Version] Easily Pass DVA-C01 Exam with Updated Real DVA-C01 Exam Materials

How to pass Hotest DVA-C01 vce dumps exam easily with less time? We provides the most valid DVA-C01 pdf to boost your success rate in AWS Certified Associate May 23,2022 Hotest DVA-C01 vce dumps AWS Certified Developer – Associate (DVA-C01) exam. If you are one of the successful candidates with We DVA-C01 new questions, do not hesitate to share your reviews on our AWS Certified Associate materials.

We Geekcert has our own expert team. They selected and published the latest DVA-C01 preparation materials from Official Exam-Center.

The following are the DVA-C01 free dumps. Go through and check the validity and accuracy of our DVA-C01 dumps.We have sample questions for DVA-C01 free dumps. You can download and check the real questions of updated DVA-C01 dumps.

Question 1:

You are inserting 1000 new items every second in a DynamoDB table. Once an hour these items are analyzed and then are no longer needed. You need to minimize provisioned throughput, storage, and API calls.

Given these requirements, what is the most efficient way to manage these Items after the analysis?

A. Retain the items in a single table

B. Delete items individually over a 24 hour period

C. Delete the table and create a new table per hour

D. Create a new table per hour

Correct Answer: C


Question 2:

You have written an application that uses the Elastic Load Balancing service to spread traffic to several

web servers. Your users complain that they are sometimes forced to login again in the middle of using your

application, after they have already logged in. This is not behavior you have designed.

What is a possible solution to prevent this happening?

A. Use instance memory to save session state.

B. Use instance storage to save session state.

C. Use EBS to save session state

D. Use ElastiCache to save session state.

E. Use Glacier to save session slate.

Correct Answer: D

https://aws.amazon.com/caching/session-management/


Question 3:

How can you secure data at rest on an EBS volume?

A. Attach the volume to an instance using EC2\’s SSL interface.

B. Write the data randomly instead of sequentially.

C. Use an encrypted file system on top of the BBS volume.

D. Encrypt the volume using the S3 server-side encryption service.

E. Create an IAM policy that restricts read and write access to the volume.

Correct Answer: C


Question 4:

An application is designed to use Amazon SQS to manage messages from many independent senders. Each sender\’s messages must be processed in the order they are received.

Which SQS feature should be implemented by the Developer?

A. Configure each sender with a unique MessageGroupId

B. Enable MessageDeduplicationIds on the SQS queue

C. Configure each message with unique MessageGroupIds.

D. Enable ContentBasedDeduplication on the SQS queue

Correct Answer: A


Question 5:

A Developer wants to find a list of items in a global secondary index from an Amazon DynamoDB table.

Which DynamoDB API call can the Developer use in order to consume the LEAST number of read capacity units?

A. Scan operation using eventually-consistent reads

B. Query operation using strongly-consistent reads

C. Query operation using eventually-consistent reads

D. Scan operation using strongly-consistent reads

Correct Answer: C

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-query-scan.html


Question 6:

Queries to an Amazon DynamoDB table are consuming a large amount of read capacity. The table has a significant number of large attributes. The application does not need all of the attribute data.

How can DynamoDB costs be minimized while maximizing application performance?

A. Batch all the writes, and perform the write operations when no or few reads are being performed.

B. Create a global secondary index with a minimum set of projected attributes.

C. Implement exponential backoffs in the application.

D. Load balance the reads to the table using an Application Load Balancer.

Correct Answer: C

https://docs.aws.amazon.com/AWSEC2/latest/APIReference/query-api-troubleshooting.html


Question 7:

An advertising company has a dynamic website with heavy traffic. The company wants to migrate the

website infrastructure to AWS to handle everything except website development.

Which solution BEST meets these requirements?

A. Use AWS VM Import to migrate a web server image to AWS Launch the image on a compute-optimized Amazon EC2 instanceLaunch.

B. Launch multiple Amazon Lighsall instance behind a load balancer. Set up the website on those instances.

C. Deploy the website code in an AWS Elastic Beanstalk environment. Use Auto Scaling to scale the numbers of instance

D. Use Amazon S3 to host the website. Use Amazon CloudFornt to deliver the content at scale.

Correct Answer: C


Question 8:

You are writing to a DynamoDB table and receive the following exception:” ProvisionedThroughputExceededException”. though according to your Cloudwatch metrics for the table, you are not exceeding your provisioned throughput.

What could be an for this?

A. You haven\’t provisioned enough DynamoDB storage instances

B. You\’re exceeding your capacity on a particular Range Key

C. You\’re exceeding your capacity on a particular Hash Key

D. You\’re exceeding your capacity on a particular Sort Key

E. You haven\’t configured DynamoDB Auto Scaling triggers

Correct Answer: C

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.CoreCompon ents.html#HowItWorks.CoreComponents.PrimaryKey https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.Partitions.ht ml https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-partition-key- design.html


Question 9:

A Developer is creating a web application that requires authentication, but also needs to support guest access to provide users limited access without having to authenticate. What service can provide support for the application to allow guest access?

A. IAM temporary credentials using AWS STS.

B. Amazon Directory Service

C. Amazon Cognito with unauthenticated access enabled

D. IAM with SAML integration

Correct Answer: A

https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-gettingstarted-hello-world.html https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-commandreference-sam-deploy.html https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-commandreference-sam-package.html


Question 10:

A company recently migrated its web, application and NoSQL database tiers to AWS. The company is using Auto Scaling to scale the web and application tiers. More than 95 percent of the Amazon DynamoDB requests are repeated read- requests.

How can the DynamoDB NoSQL tier be scaled up to cache these repeated requests?

A. Amazon EMR

B. Amazon DynamoDB Accelerator

C. Amazon SQS

D. Amazon CloudFront

Correct Answer: B

Reference: https://aws.amazon.com/dynamodb/dax/


Question 11:

Which of the following services are key/value stores? Choose 3 answers A. Amazon ElastiCache

B. Simple Notification Service

C. DynamoDB

D. Simple Workflow Service

E. Simple Storage Service

Correct Answer: ACE


Question 12:

What type of block cipher does Amazon S3 offer for server side encryption?

A. Triple DES

B. Advanced Encryption Standard

C. Blowfish

D. RC5

Correct Answer: B

https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html


Question 13:

A company has an application that logs all information to Amazon S3. Whenever there is a new log file, an AWS Lambda function is invoked to process the log files. The code works, gathering all of the necessary information. However, when checking the Lambda function logs, duplicate entries with the same request ID are found.

What is causing the duplicate entries?

A. The S3 bucket name was specified incorrectly.

B. The Lambda function failed, and the Lambda service retired the invocation with a delay.

C. There was an S3 outage, which caused duplicate entries of the sale log file.

D. The application stopped intermittently and then resumed.

Correct Answer: B


Question 14:

A Development team wants to instrument their code to provide more detailed information to AWS X-Ray than simple outgoing and incoming requests. This will generate large amounts of data, so the Development team wants to implement indexing so they can filter the data.

What should the Development team do to achieve this?

A. Add annotations to the segment document and the code

B. Add metadata to the segment document and the code

C. Configure the necessary X-Ray environment variables

D. Install required plugins for the appropriate AWS SDK

Correct Answer: A

https://docs.aws.amazon.com/xray/latest/devguide/xray-sdk-python-segment.html

https://docs.aws.amazon.com/xray/latest/devguide/xray-concepts.html#xray-concepts-annotations


Question 15:

A Developer is going to deploy an AWS Lambda function that requires significant CPU utilization. Which approach will MINIMIZE the average runtime of the function?

A. Deploy the function into multiple AWS Regions

B. Deploy the function into multiple Availability Zones

C. Deploy the function using Lambda layers

D. Deploy the function with its memory allocation set to the maximum amount

Correct Answer: D


Free Sharing Updated SOA-C02 VCE and PDF Exam Practice Materials

Free Sharing Updated SOA-C02 VCE and PDF Exam Practice Materials

Tens of thousands of competitors, pages of hard questions and unsatisfied exam preparation situations… Do not worried about all those annoying things! We, help you with your AWS Certified Associate Newest SOA-C02 vce dumps AWS Certified SysOps Administrator – Associate (SOA-C02) exam. We will assist you clear the Apr 27,2022 Newest SOA-C02 free download exam with AWS Certified Associate SOA-C02 dumps. We SOA-C02 vce are the most comprehensive ones.

We Geekcert has our own expert team. They selected and published the latest SOA-C02 preparation materials from Official Exam-Center.

The following are the SOA-C02 free dumps. Go through and check the validity and accuracy of our SOA-C02 dumps.Although questions are from SOA-C02 free dumps, the validity and accuracy of the SOA-C02 dumps are absolutely guaranteed.

Question 1:

A SysOps administrator is creating two AWS CloudFormation templates. The first template will create a VPC with associated resources, such as subnets, route tables, and an internet gateway. The second template will deploy application resources within the VPC that was created by the first template. The second template should refer to the resources created by the first template.

How can this be accomplished with the LEAST amount of administrative effort?

A. Add an export field to the outputs of the first template and import the values in the second template.

B. Create a custom resource that queries the stack created by the first template and retrieves the required values.

C. Create a mapping in the first template that is referenced by the second template.

D. Input the names of resources in the first template and refer to those names in the second template as a parameter.

Correct Answer: C


Question 2:

A company has deployed a web application in a VPC that has subnets in three Availability Zones. The company launches three Amazon EC2 instances from an EC2 Auto Scaling group behind an Application Load Balancer (ALB).

A SysOps administrator notices that two of the EC2 instances are in the same Availability Zone, rather than being distributed evenly across all three Availability Zones. There are no errors in the Auto Scaling group\’s activity history.

What is the MOST likely reason for the unexpected placement of EC2 instances?

A. One Availability Zone did not have sufficient capacity for the requested EC2 instance type.

B. The ALB was configured for only two Availability Zones.

C. The Auto Scaling group was configured for only two Availability Zones.

D. Amazon EC2 Auto Scaling randomly placed the instances in Availability Zones.

Correct Answer: B


Question 3:

A company is running an application on premises and wants to use AWS for data backup. All of the data must be available locally. The backup application can write only to block-based storage that is compatible with the Portable Operating System Interface (POSIX).

Which backup solution will meet these requirements?

A. Configure the backup software to use Amazon S3 as the target for the data backups.

B. Configure the backup software to use Amazon S3 Glacier as the target for the data backups.

C. Use AWS Storage Gateway, and configure it to use gateway-cached volumes.

D. Use AWS Storage Gateway, and configure it to use gateway-stored volumes.

Correct Answer: D


Question 4:

A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS Identity and Access Management (IAM) to restrict access to specific trails. The company\’s security team needs the ability to trace the integrity of each file.

What is the MOST operationally efficient solution that meets these requirements?

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB table. The security team can use the values that are stored in DynamoDB to verify the integrity of the delivered files.

B. Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon 53 object. The security team can use the information in the tag to verify the integrity of the delivered files.

C. Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.

D. Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.

Correct Answer: C


Question 5:

A company has an Amazon RDS DB instance. The company wants to implement a caching service while maintaining high availability.

Which combination of actions will meet these requirements? (Choose two.)

A. Add Auto Discovery to the data store.

B. Create an Amazon ElastiCache for Memcached data store.

C. Create an Amazon ElastiCache for Redis data store.

D. Enable Multi-AZ for the data store.

E. Enable Multi-threading for the data store.

Correct Answer: AD


Question 6:

An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General Purpose SSD volumes, an Amazon RDS PostgreSQL database, an Amazon EFS file system, and static objects stored in an Amazon S3 bucket. The Security team now mandates that at-rest encryption be turned on immediately for all aspects of the application, without creating new resources and without any downtime.

To satisfy the requirements, which one of these services can the SysOps administrator enable at-rest encryption on?

A. EBS General Purpose SSD volumes

B. RDS PostgreSQL database

C. Amazon EFS file systems

D. S3 objects within a bucket

Correct Answer: B


Question 7:

A manufacturing company uses an Amazon RDS DB instance to store inventory of all stock items. The company maintains several AWS Lambda functions that interact with the database to add, update, and delete items. The Lambda functions use hardcoded credentials to connect to the database.

A SysOps administrator must ensure that the database credentials are never stored in plaintext and that the password is rotated every 30 days.

Which solution will meet these requirements in the MOST operationally efficient manner?

A. Store the database password as an environment variable for each Lambda function. Create a new Lambda function that is named PasswordRotate. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the PasswordRotate function every 30 days to change the database password and update the environment variable for each Lambda function.

B. Use AWS Key Management Service (AWS KMS) to encrypt the database password and to store the encrypted password as an environment variable for each Lambda function. Grant each Lambda function access to the KMS key so that the database password can be decrypted when required. Create a new Lambda function that is named PasswordRotate to change the password every 30 days.

C. Use AWS Secrets Manager to store credentials for the database. Create a Secrets Manager secret and select the database so that Secrets Manager will use a Lambda function to update the database password automatically. Specify an automatic rotation schedule of 30 days. Update each Lambda function to access the database password from Secrets Manager.

D. Use AWS Systems Manager Parameter Store to create a secure string to store credentials for the database. Create a new Lambda function called PasswordRotate. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the PasswordRotate function every 30 days to change the database password and to update the secret within Parameter Store. Update each Lambda function to access the database password from Parameter Store.

Correct Answer: C


Question 8:

A company hosts its website in the us-east-1 Region. The company is preparing to deploy its website into the eu-central-1 Region. Website visitors who are located in Europe should access the website that is hosted in eu-central-1. All other visitors access the website that is hosted in us-east-1. The company uses Amazon Route 53 to manage the website\’s DNS records.

Which routing policy should a SysOps administrator apply to the Route 53 record set to meet these requirements?

A. Geolocation routing policy

B. Geoproximity routing policy

C. Latency routing policy

D. Multivalue answer routing policy

Correct Answer: D


Question 9:

A company is running a website on Amazon EC2 instances that are in an Auto Scaling group. When the website traffic increases, additional instances take several minutes to become available because of a long-running user data script that installs software. A SysOps administrator must decrease the time that is required for new instances to become available.

Which action should the SysOps administrator take to meet this requirement?

A. Reduce the scaling thresholds so that instances are added before traffic increases.

B. Purchase Reserved Instances to cover 100% of the maximum capacity of the Auto Scaling group.

C. Update the Auto Scaling group to launch instances that have a storage optimized instance type.

D. Use EC2 Image Builder to prepare an Amazon Machine Image (AMI) that has pre-installed software.

Correct Answer: C


Question 10:

A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network. What actions should the SysOps administrator take to meet these requirements?

A. Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.

B. Create a VPC endpoint for the S3 bucket, and create an S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.

C. Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket.

D. Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway.

Correct Answer: B


Question 11:

A SysOps administrator notices a scale-up event for an Amazon EC2 Auto Scaling group. Amazon CloudWatch shows a spike in the RequestCount metric for the associated Application Load Balancer. The administrator would like to know the IP addresses for the source of the requests.

Where can the administrator find this information?

A. Auto Scaling logs

B. AWS CloudTrail logs

C. EC2 instance logs

D. Elastic Load Balancer access logs

Correct Answer: B


Question 12:

A company is using an Amazon Aurora MySQL DB cluster that has point-in-time recovery, backtracking, and automatic backup enabled. A SysOps administrator needs to be able to roll back the DB cluster to a specific recovery point within the previous 72 hours. Restores must be completed in the same production DB cluster.

Which solution will meet these requirements?

A. Create an Aurora Replica. Promote the replica to replace the primary DB instance.

B. Create an AWS Lambda function to restore an automatic backup to the existing DB cluster.

C. Use backtracking to rewind the existing DB cluster to the desired recovery point.

D. Use point-in-time recovery to restore the existing DB cluster to the desired recovery point.

Correct Answer: D


Question 13:

A company is running a flash sale on its website. The website is hosted on burstable performance Amazon EC2 instances in an Auto Scaling group. The Auto Scaling group is configured to launch instances when the CPU utilization is above

70%.

A couple of hours into the sale, users report slow load times and error messages for refused connections. A SysOps administrator reviews Amazon CloudWatch metrics and notices that the CPU utilization is at 20% across the entire fleet of

instances.

The SysOps administrator must restore the website\’s functionality without making changes to the network infrastructure. Which solution will meet these requirements?

A. Activate unlimited mode for the instances in the Auto Scaling group.

B. Implement an Amazon CloudFront distribution to offload the traffic from the Auto Scaling group.

C. Move the website to a different AWS Region that is closer to the users.

D. Reduce the desired size of the Auto Scaling group to artificially increase CPU average utilization.

Correct Answer: C


Question 14:

A company uses Amazon Elasticsearch Service (Amazon ES) to analyze sales and customer usage data. Members of the company\’s geographically dispersed sales team are traveling. They need to log in to Kibana by using their existing corporate credentials that are stored in Active Directory. The company has deployed Active Directory Federation Services (AD FS) to enable authentication to cloud services.

Which solution will meet these requirements?

A. Configure Active Directory as an authentication provider in Amazon ES. Add the Active Directory server\’s domain name to Amazon ES. Configure Kibana to use Amazon ES authentication.

B. Deploy an Amazon Cognito user pool. Configure Active Directory as an external identity provider for the user pool. Enable Amazon Cognito authentication for Kibana on Amazon ES.

C. Enable Active Directory user authentication in Kibana. Create an IP-based custom domain access policy in Amazon ES that includes the Active Directory server\’s IP address.

D. Establish a trust relationship with Kibana on the Active Directory server. Enable Active Directory user authentication in Kibana. Add the Active Directory server\’s IP address to Kibana.

Correct Answer: B


Question 15:

An Amazon EC2 instance is running an application that uses Amazon Simple Queue Service (Amazon SQS) queues. A SysOps administrator must ensure that the application can read, write, and delete messages from the SQS queues. Which solution will meet these requirements in the MOST secure manner?

A. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues. Embed the IAM user\’s credentials in the application\’s configuration.

B. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues. Export the IAM user\’s access key and secret access key as environment variables on the EC2 instance.

C. Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows sqs:* permissions to the appropriate queues.

D. Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.

Correct Answer: D


[PDF and VCE] Geekcert Latest Amazon SOA-C02 Exam Practice Materials Free Downloading

[PDF and VCE] Geekcert Latest Amazon SOA-C02 Exam Practice Materials Free Downloading

This dump is 100% valid to pass Amazon AWS Certified Associate Jan 15,2022 Hotest SOA-C02 practice exam. The only tips is please do not just memorize the questions and answers, you need to get through understanding of it because the question changed a little in the real exam. Follow the instructions in the Geekcert AWS Certified Associate Newest SOA-C02 study guide AWS Certified SysOps Administrator – Associate (SOA-C02) PDF and VCEs. All Geekcert materials will help you pass your Amazon AWS Certified Associate exam successfully.

Geekcert – any SOA-C02 exam, SOA-C02 easy pass. Geekcert – help candidates on all SOA-C02 certification exams preparation. pass SOA-C02 certification exams, get it certifications easily. Geekcert – SOA-C02 certification with money back assurance. association of certification SOA-C02 exam resources – Geekcert. Geekcert| SOA-C02 exam dumps with pdf and vce, 100% pass guaranteed!

We Geekcert has our own expert team. They selected and published the latest SOA-C02 preparation materials from Amazon Official Exam-Center: https://www.geekcert.com/soa-c02.html

The following are the SOA-C02 free dumps. Go through and check the validity and accuracy of our SOA-C02 dumps.Free sample questions of SOA-C02 free dumps are provided here. All the following questions are from the latest real SOA-C02 dumps.

Question 1:

A SysOps administrator is creating two AWS CloudFormation templates. The first template will create a VPC with associated resources, such as subnets, route tables, and an internet gateway. The second template will deploy application resources within the VPC that was created by the first template. The second template should refer to the resources created by the first template.

How can this be accomplished with the LEAST amount of administrative effort?

A. Add an export field to the outputs of the first template and import the values in the second template.

B. Create a custom resource that queries the stack created by the first template and retrieves the required values.

C. Create a mapping in the first template that is referenced by the second template.

D. Input the names of resources in the first template and refer to those names in the second template as a parameter.

Correct Answer: C


Question 2:

A company has deployed a web application in a VPC that has subnets in three Availability Zones. The company launches three Amazon EC2 instances from an EC2 Auto Scaling group behind an Application Load Balancer (ALB).

A SysOps administrator notices that two of the EC2 instances are in the same Availability Zone, rather than being distributed evenly across all three Availability Zones. There are no errors in the Auto Scaling group\’s activity history.

What is the MOST likely reason for the unexpected placement of EC2 instances?

A. One Availability Zone did not have sufficient capacity for the requested EC2 instance type.

B. The ALB was configured for only two Availability Zones.

C. The Auto Scaling group was configured for only two Availability Zones.

D. Amazon EC2 Auto Scaling randomly placed the instances in Availability Zones.

Correct Answer: B


Question 3:

A company is running an application on premises and wants to use AWS for data backup. All of the data must be available locally. The backup application can write only to block-based storage that is compatible with the Portable Operating System Interface (POSIX).

Which backup solution will meet these requirements?

A. Configure the backup software to use Amazon S3 as the target for the data backups.

B. Configure the backup software to use Amazon S3 Glacier as the target for the data backups.

C. Use AWS Storage Gateway, and configure it to use gateway-cached volumes.

D. Use AWS Storage Gateway, and configure it to use gateway-stored volumes.

Correct Answer: D


Question 4:

A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS Identity and Access Management (IAM) to restrict

access to specific trails. The company\’s security team needs the ability to trace the integrity of each file.

What is the MOST operationally efficient solution that meets these requirements?

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB table. The security team can use the values that are stored in DynamoDB to verify the integrity of the delivered files.

B. Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon 53 object. The security team can use the information in the tag to verify the integrity of the delivered files.

C. Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.

D. Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.

Correct Answer: C


Question 5:

A company has an Amazon RDS DB instance. The company wants to implement a caching service while maintaining high availability.

Which combination of actions will meet these requirements? (Choose two.)

A. Add Auto Discovery to the data store.

B. Create an Amazon ElastiCache for Memcached data store.

C. Create an Amazon ElastiCache for Redis data store.

D. Enable Multi-AZ for the data store.

E. Enable Multi-threading for the data store.

Correct Answer: AD


Question 6:

An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General Purpose SSD volumes, an Amazon RDS PostgreSQL database, an Amazon EFS file system, and static objects stored in an Amazon S3 bucket. The Security team now mandates that at-rest encryption be turned on immediately for all aspects of the application, without creating new resources and without any downtime.

To satisfy the requirements, which one of these services can the SysOps administrator enable at-rest encryption on?

A. EBS General Purpose SSD volumes

B. RDS PostgreSQL database

C. Amazon EFS file systems

D. S3 objects within a bucket

Correct Answer: B


Question 7:

A manufacturing company uses an Amazon RDS DB instance to store inventory of all stock items. The company maintains several AWS Lambda functions that interact with the database to add, update, and delete items. The Lambda functions use hardcoded credentials to connect to the database.

A SysOps administrator must ensure that the database credentials are never stored in plaintext and that the password is rotated every 30 days.

Which solution will meet these requirements in the MOST operationally efficient manner?

A. Store the database password as an environment variable for each Lambda function. Create a new Lambda function that is named PasswordRotate. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the PasswordRotate function every 30 days to change the database password and update the environment variable for each Lambda function.

B. Use AWS Key Management Service (AWS KMS) to encrypt the database password and to store the encrypted password as an environment variable for each Lambda function. Grant each Lambda function access to the KMS key so that the database password can be decrypted when required. Create a new Lambda function that is named PasswordRotate to change the password every 30 days.

C. Use AWS Secrets Manager to store credentials for the database. Create a Secrets Manager secret and select the database so that Secrets Manager will use a Lambda function to update the database password automatically. Specify an automatic rotation schedule of 30 days. Update each Lambda function to access the database password from Secrets Manager.

D. Use AWS Systems Manager Parameter Store to create a secure string to store credentials for the database. Create a new Lambda function called PasswordRotate. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the PasswordRotate function every 30 days to change the database password and to update the secret within Parameter Store. Update each Lambda function to access the database password from Parameter Store.

Correct Answer: C


Question 8:

A company hosts its website in the us-east-1 Region. The company is preparing to deploy its website into the eu-central-1 Region. Website visitors who are located in Europe should access the website that is hosted in eu-central-1. All other visitors access the website that is hosted in us-east-1. The company uses Amazon Route 53 to manage the website\’s DNS records.

Which routing policy should a SysOps administrator apply to the Route 53 record set to meet these requirements?

A. Geolocation routing policy

B. Geoproximity routing policy

C. Latency routing policy

D. Multivalue answer routing policy

Correct Answer: D

Reference: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html


Question 9:

A company is running a website on Amazon EC2 instances that are in an Auto Scaling group. When the website traffic increases, additional instances take several minutes to become available because of a long-running user data script that installs software. A SysOps administrator must decrease the time that is required for new instances to become available.

Which action should the SysOps administrator take to meet this requirement?

A. Reduce the scaling thresholds so that instances are added before traffic increases.

B. Purchase Reserved Instances to cover 100% of the maximum capacity of the Auto Scaling group.

C. Update the Auto Scaling group to launch instances that have a storage optimized instance type.

D. Use EC2 Image Builder to prepare an Amazon Machine Image (AMI) that has pre-installed software.

Correct Answer: C


Question 10:

A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network.

What actions should the SysOps administrator take to meet these requirements?

A. Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.

B. Create a VPC endpoint for the S3 bucket, and create an S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source.

C. Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket.

D. Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway.

Correct Answer: B


Question 11:

A SysOps administrator notices a scale-up event for an Amazon EC2 Auto Scaling group. Amazon CloudWatch shows a spike in the RequestCount metric for the associated Application Load Balancer. The administrator would like to know the IP addresses for the source of the requests.

Where can the administrator find this information?

A. Auto Scaling logs

B. AWS CloudTrail logs

C. EC2 instance logs

D. Elastic Load Balancer access logs

Correct Answer: A

Reference: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-dg.pdf (206)


Question 12:

A company is using an Amazon Aurora MySQL DB cluster that has point-in-time recovery, backtracking, and automatic backup enabled. A SysOps administrator needs to be able to roll back the DB cluster to a specific recovery point within the previous 72 hours. Restores must be completed in the same production DB cluster.

Which solution will meet these requirements?

A. Create an Aurora Replica. Promote the replica to replace the primary DB instance.

B. Create an AWS Lambda function to restore an automatic backup to the existing DB cluster.

C. Use backtracking to rewind the existing DB cluster to the desired recovery point.

D. Use point-in-time recovery to restore the existing DB cluster to the desired recovery point.

Correct Answer: D

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/aurora-mysql-slow-snapshot

restore/


Question 13:

A company is running a flash sale on its website. The website is hosted on burstable performance Amazon EC2 instances in an Auto Scaling group. The Auto Scaling group is configured to launch instances when the CPU utilization is above 70%.

A couple of hours into the sale, users report slow load times and error messages for refused connections. A SysOps administrator reviews Amazon CloudWatch metrics and notices that the CPU utilization is at 20% across the entire fleet of instances.

The SysOps administrator must restore the website\’s functionality without making changes to the network infrastructure.

Which solution will meet these requirements?

A. Activate unlimited mode for the instances in the Auto Scaling group.

B. Implement an Amazon CloudFront distribution to offload the traffic from the Auto Scaling group.

C. Move the website to a different AWS Region that is closer to the users.

D. Reduce the desired size of the Auto Scaling group to artificially increase CPU average utilization.

Correct Answer: C

Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instanceshow-to.html


Question 14:

A company uses Amazon Elasticsearch Service (Amazon ES) to analyze sales and customer usage data. Members of the company\’s geographically dispersed sales team are traveling. They need to log in to Kibana by using their existing corporate credentials that are stored in Active Directory. The company has deployed Active Directory Federation Services (AD FS) to enable authentication to cloud services.

Which solution will meet these requirements?

A. Configure Active Directory as an authentication provider in Amazon ES. Add the Active Directory server\’s domain name to Amazon ES. Configure Kibana to use Amazon ES authentication.

B. Deploy an Amazon Cognito user pool. Configure Active Directory as an external identity provider for the user pool. Enable Amazon Cognito authentication for Kibana on Amazon ES.

C. Enable Active Directory user authentication in Kibana. Create an IP-based custom domain access policy in Amazon ES that includes the Active Directory server\’s IP address.

D. Establish a trust relationship with Kibana on the Active Directory server. Enable Active Directory user authentication in Kibana. Add the Active Directory server\’s IP address to Kibana.

Correct Answer: B

Reference: https://aws.amazon.com/blogs/security/how-to-enable-secure-access-to-kibana-using-awssingle-sign-on/


Question 15:

An Amazon EC2 instance is running an application that uses Amazon Simple Queue Service (Amazon SQS) queues. A SysOps administrator must ensure that the application can read, write, and delete messages from the SQS queues.

Which solution will meet these requirements in the MOST secure manner?

A. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.

Embed the IAM user\’s credentials in the application\’s configuration.

B. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues. Export the IAM user\’s access key and secret access key as environment variables on the EC2 instance.

C. Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows sqs:* permissions to the appropriate queues.

D. Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.

Correct Answer: D