How to pass Amazon SOA-C02 exam with the help of dumps?

Question # 1

A SysOps administrator needs to configure an Amazon S3 bucket to host a webapplication. The SysOps administrator has created the S3 bucket and has copied the staticfiles for the web application to the S3 bucket.The company has a policy that all S3 buckets must not be public. What should the SysOps administrator do to meet these requirements?

A. Create an Amazon CloudFront distribution. Configure the S3 bucket as an origin with anorigin access identity (OAI). Give the OAI the s3:GetObject permission in the S3 bucketpolicy.
B. Configure static website hosting in the S3 bucket. Use Amazon Route 53 to create aDNS CNAME to point to the S3 website endpomt.
C. Create an Application Load Balancer (ALB). Change the protocol to HTTPS in the ALBlistener configuration. Forward the traffic to the S3 bucket.
D. Create an accelerator in AWS Global Accelerator. Set up a listener configuration for port443. Set the endpoint type to forward the traffic to the S3 bucket.

Show Answer

Question # 2

A company uses AWS Organizations to host several applications across multiple AWSaccounts. Several teams are responsible for building and maintaining the infrastructure ofthe applications across the AWS accounts.A SysOps administrator must implement a solution to ensure that user accounts andpermissions are centrally managed. The solution must be integrated with the company'sexisting on-premises Active Directory environment. The SysOps administrator already hasenabled AWS 1AM Identity Center (AWS Single Sign-On) and has set up an AWS DirectConnect connection.What is the MOST operationally efficient solution that meets these requirements?

A. Create a Simple AD domain, and establish a forest trust relationship with the onpremisesActive Directory domain. Set the Simple AD domain as the identity source for1AM Identity Center. Create the required role-based permission sets. Assign each group ofusers to the AWS accounts that the group will manage.
B. Create an Active Directory domain controller on an Amazon EC2 instance that is joinedto the on-premises Active Directory domain. Set the Active Directory domain controller asthe identity source for 1AM Identity Center. Create the required role-based permission sets.Assign each group of users to the AWS accounts that the group will manage.
C. Create an AD Connector that is associated with the on-premises Active Directorydomain. Set the AD Connector as the identity source for 1AM Identity Center. Create therequired role-based permission sets. Assign each group of users to the AWS accounts thatthe group will manage.
D. Use the built-in SSO directory as the identity source for 1AM Identity Center. Copy theusers and groups from the on-premises Active Directory domain. Create the required rolebasedpermission sets. Assign each group of users to the AWS accounts that the group willmanage.

Show Answer

Question # 3

A SysOps administrator is investigating a company's web application for performanceproblems The application runs on Amazon EC2 instances that are in an Auto Scalinggroup. The application receives large traffic increases at random times throughout the day.During periods of rapid traffic increases, the Auto Scaling group is not adding capacity fastenough. As a result, users are experiencing poor performance.The company wants to minimize costs without adversely affecting the user experiencewhen web traffic surges quickly. The company needs a solution that adds more capacity tome Auto Scaling group for larger traffic increases than for smaller traffic increases.How should the SysOps administrator configure the Auto Scaling group to meet theserequirements?

A. Create a simple scaling policy with settings to make larger adjustments in capacity whenthe system is under heavy load
B. Create a step scaling policy with settings to make larger adjustments in capacity whenthe system is under heavy load.
C. Create a target tracking scaling policy with settings to make larger adjustments incapacity when the system is under heavy load
D. Use Amazon EC2 Auto Scaling lifecycle hooks Adjust the Auto Scaling group'smaximum number of instances after every scaling event

Show Answer

Question # 4

A company hosts an application on Amazon EC2 instances The instances are in anAmazon EC2 Auto Scaling group that uses a launch template The amount of applicationtraffic changes throughout the day. Scaling events happen frequently.A SysOps administrator needs to help developers troubleshoot the application. When ascaling event removes an instance. EC2 Auto Scaling terminates the instance before thedevelopers can log in to the instance to diagnose issues.Which solution will prevent termination of the instance so that the developers can log in tothe instance?

A. Ensure that the Delete on termination setting is turned off in the UserData section of thelaunch template
B. Update the Auto Scaling group by enabling instance scale-in protection for newlylaunched instances.
C. Use Amazon Inspector to configure a rules package to protect the instances fromtermination.
D. Use Amazon GuardDuty to configure rules to protect the instances from termination.

Show Answer

Question # 5

A company is creating a new multi-account environment in AWS Organizations. The company will use AWS Control Tower to deploy the environment. Users must be able tocreate resources in approved AWS Regions only. The company must configure and governall accounts by using a standard baseline configuration Which combination of steps willmeet these requirements in the MOST operationally efficient way? (Select TWO.)

A. Create a permission set and a custom permissions policy in AWS IAM Identity Center(AWS Single Sign-On) for each user to prevent each user from creating resources inunapproved Regions.
B. Deploy AWS Config rules in each AWS account to govern the account's securitycompliance and to delete any resources that are created in unapproved Regions.
C. Deploy AWS Lambda functions to configure security settings across all accounts in theorganization and to delete any resources that are created in unapproved Regions.
D. Implement a service control policy (SCP) to deny any access to AWS based on therequested Region.
E. Modify the AWS Control Tower landing zone settings to govern the approved Regions.

Show Answer

Question # 6

A company runs a high performance computing (HPC) application on an Amazon EC2instance The company needs to scale this architecture to two or more EC2 instances. TheEC2 instances wilt need to communicate with each other at high speeds with low latency tosupport the application.The company wants to ensure that the network performance can support the requiredcommunication between the EC2 instances.What should a SysOps administrator do to meet these requirements?

A. Create a cluster placement group. Back up the existing EC2 instance to an AmazonMachine Image (AMI). Restore the EC2 instance from the AMI into the placement groupLaunch the additional EC2 instances into the placement group
B. Back up the existing EC2 instance to an Amazon Machine Image (AMI). Create a launchtemplate from the existing EC2 instance by specifying the AMI. Create an Auto Scalinggroup and configure the desired instance count.
C. Create a Network Load Balancer (NLB) and a target group. Launch the new EC2instances and register them with the target group Register the existing EC2 instance withthe target group. Pass all application traffic through the NLB.
D. Back up the existing EC2 Instance to an Amazon Machine Image (AMI). Createadditional clones of the EC2 instance from the AMI in the same Availability Zone where theexisting EC2 instance is located.

Show Answer

Question # 7

A SysOps administrator wants to securely share an object from a private Amazon S3bucket with a group of users who do not have an AWS account. What is the MOSToperationally efficient solution that will meet this requirement?

A. Attach an S3 bucket policy that only allows object downloads from the users' IP addresses.
B. Create an 1AM role that has access to the object. Instruct the users to assume the role.
C. Create an 1AM user that has access to the object. Share the credentials with the users.
D. Generate a presigned URL for the object. Share the URL with the users.

Show Answer

Question # 8

A company migrates a write-once, read-many (WORM) drive to an Amazon S3 bucket thathas S3 Object Lock configured in governance mode. During the migration, the companycopies unneeded data to the S3 bucket.A SysOps administrator attempts to delete the unneeded data from the S3 bucket by usingthe AWS CLI. However, the SysOps administrator receives an error.Which combination of steps should the SysOps administrator take to successfully deletethe unneeded data? (Select TWO.)

A. Increase the Retain Until Date.
B. Assume a role that has the s3:BypassLegalRetention permission.
C. Assume a role that has the s3:BypassGovernanceRetention permission.
D. Include the x-amz-bypass-governance-retention:true header in the request when issuingthe delete command.
E. Include the x-amz-bypass-legal-retention:true header in the request when issuing thedelete command.

Show Answer

Question # 9

A company has a secure website running on Amazon EC2 instances behind an ApplicationLoad Balancer (ALB). An SSL certificate from AWS Certificate Manager (ACM) is used onthe ALB. Users with legacy web browsers are experiencing issues with the website.How should the SysOps administrator resolve these issues in the MOST operationallyefficient manner?

A. Create a new SSL certificate in ACM and install the new certificate on the ALB tosupport legacy web browsers.
B. Create a second ALB and install a custom SSL certificate with a different domain nameon the second ALB to support legacy web browsers.
C. Remove the ALB from the configuration and install a custom SSL certificate on eachweb server.
D. Update the SSL negotiation configuration of the ALB with a security policy that containsciphers for legacy web browsers.

Show Answer

Question # 10

A company has an application that is deployed 10 two AWS Regions in an active-passiveconfiguration. The application runs on Amazon EC2 instances behind an Application LoadBalancer (ALB) in each Region. The instances are in an Amazon EC2 Auto Scaling groupin each Region. The application uses an Amazon Route 53 hosted zone (or DNS. ASysOps administrator needs to configure automatic failover to the secondary Region.What should the SysOps administrator do to meet these requirements

A. Configure Route 53 alias records that point to each ALB. Choose a failover routingpolicy. Set Evaluate Target Health to Yes.
B. Configure CNAME records that point to each ALB. Choose a failover routing policy. SetEvaluate Target Health to Yes.
C. Configure Elastic Load Balancing (ELB) health checks for the Auto Scaling group. Add a target group to the ALB in the primary Region. Include the EC2 instances in the secondaryRegion astargets.
D. Configure EC2 health checks for the Auto Scaling group. Add a target group to the ALBin the primary Region. Include the EC2 instances in the secondary Region as targets.

Show Answer

Question # 11

A company receives an alert from an Amazon CloudWatch alarm The alarm indicates that a web application that Is running on Amazon EC2 instances is not responding to requestsThe EC2 instances have a Red Hat Enterprise Linux operating system and are in an AutoScaling group. The Auto Scaling group has a minimum capacity of 2 and a maximumcapacity of 5.An Investigation reveals that the web application is experiencing oul-of-memory errors. Thecompany adds memory lo the web application and wants to track operating systemmemory utilization. A CloudWatch memory metric does not currently exist tor the EC2Instances in the Auto Scaling groupWhat should a SysOps administrator do to provide a CloudWatch memory metric for theEC2 instances?

A. Use an Amazon Machine Image (AMI) that includes the CloudWatch agent.
B. Turn on CloudWatch detailed monitoring
C. Turn on Instance Metadata Service Version 2 (IMOSv2).
D. Use an Amazon Machine Image (AMI) that is based on Amazon Linux.

Show Answer

Question # 12

A company runs an application on hundreds of Amazon EC2 instances in three AvailabilityZones The application calls a third-parly API over the public internet A SysOpsadministrator must provide the third party with a list of static IP addresses so that the thirdparty can allow traffic from the applicationWhich solution will meet these requirements?

A. Add a NAT gateway in the public subnet of each Availability Zone. Make the NATgateway the default route of all private subnets In those Availability Zones.
B. Allocate one Elastic IP address in each Availability Zone. Associate the Elastic IPaddress with all the instances in the Availability Zone
C. Place the instances behind a Network Load Balancer (NLB). Send the traffic to theinterne! through the private IP address of the NLB
D. Update the main route table to send the traffic to the internet through an Elastic IPaddress that is assigned to each instance.

Show Answer

Question # 13

A company has a cluster of Linux Amazon EC2 Spot Instances that read many files fromand write many files to attached Amazon Elastic Block Store (Amazon EBS) volumes. TheEC2 instances are frequently started and stopped. As part of the process when an EC2instance starts, an EBS volume is restored from a snapshot.EBS volumes that are restored from snapshots are experiencing initial performance that islower than expected. The company's workload needs almost all the provisioned IOPS onthe attached EBS volumes. The EC2 instances are unable to support the workload whenthe performance of the EBS volumes is too low. A SysOps administrator must implement asolution to ensure that the EBS volumes provide the expected performance when they arerestored from snapshots.Which solution will meet these requirements?

A. Configure fast snapshot restore (FSR) on the snapshots that are used.
B. Restore each snapshot onto an unencrypted EBS volume. Encrypt the EBS volume when the performance stabilizes.
C. Format the EBS volumes as XFS file systems before restoring the snapshots.
D. Increase the Linux read-ahead buffer to 1 MiB.

Show Answer

Question # 14

A SysOps administrator manages policies for many AWS member accounts in an AWSOrganizations structure. Administrators on other teams have access to the account rootuser credentials of the member accounts. The SysOps administrator must prevent allteams, including their administrators, from using Amazon DynamoDB. The solution mustnot affect the ability of the teams to access other AWS services.Which solution will meet these requirements?

A. In all member accounts, configure 1AM policies that deny access to all DynamoDBresources for all users, including the root user.
B. Create a service control policy (SCP) in the management account to deny allDynamoDB actions. Apply the SCP to the root of the organization
C. In all member accounts, configure 1AM policies that deny AmazonDynamoDBFullAccess to all users, including the root user.
D. Remove the default service control policy (SCP) in the management account. Create areplacement SCP that includes a single statement that denies all DynamoDB actions.

Show Answer

Question # 15

A Sysops administrator launches an Amazon EC2 instance from a Windows AmazonMachine Image (AMI). The EC2 instance includes additional Amazon Elastic Block Store(Amazon EBS) volumes. When the instance is launched, none of the additional AmazonElastic Block Store (Amazon EBS) volumes are initialized and ready for use through a driveletter. The SysOps administrator needs to automate the EBS volume initialization.Which solution will meet these requirements in the MOST operationally efficient way?

A. Create an Amazon EventBridge rule. Configure an AWS Systems Manager Automationrunbook as a target of the EventBridge rule to initialize the disks after an EC2 instancelaunch event.
B. Create an AmazolkventBridge rule. Configure an AWS Lambda function as a target ofthe EventBridge rule to initialize the drives after the AMI is launched.
C. Create an AWS Config rule to automatically initialize the EBS volumes on Windows EC2instances.
D. Add the secondary volume configuration to the DriveLetterMappingConfig.json file.Configure the InitializeDisks.ps1 Windows PowerShell script to run at launch. Create a newAMI from the running EC2 instance.

Show Answer

Question # 16

A company stores its data in an Amazon S3 bucket. The company is required to classifythe data and find any sensitive personal information in its S3 files. Which solution will meet these requirements?

A. Create an AWS Config rule to discover sensitive personal information in the S3 files andmark them as noncompliant.
B. Create an S3 event-driven artificial intelligence/machine learning (AI/ML) pipeline toclassify sensitive personal information by using Amazon Recognition.
C. Enable Amazon GuardDuty. Configure S3 protection to monitor all data inside Amazon S3.
D. Enable Amazon Macie. Create a discovery job that uses the managed data identifier.

Show Answer

Question # 17

A company hosts a web application on Amazon EC2 instances behind an Application LoadBalancer (ALB). The company uses Amazon Route 53 to route traffic.The company also has a static website that is configured in an Amazon S3 bucket.A SysOps administrator must use the static website as a backup to the web application.The failover to the static website must be fully automated.Which combination of actions will meet these requirements? (Choose two.)

A. Create a primary failover routing policy record. Configure the value to be the ALB.
B. Create an AWS Lambda function to switch from the primary website to the secondarywebsite when the health check fails.
C. Create a primary failover routing policy record. Configure the value to be the ALB.Associate the record with a Route 53 health check.
D. Create a secondary failover routing policy record. Configure the value to be the staticwebsite. Associate the record with a Route 53 health check.
E. Create a secondary failover routing policy record. Configure the value to be the staticwebsite.

Show Answer

Question # 18

A company is using AWS Certificate Manager (ACM) to manage public SSL/TLScertificates. A SysOps administrator needs to send an email notification when a certificatehas less than 14 days until expiration.Which solution will meet this requirement with the LEAST operational overhead?

A. Create an Amazon CloudWatch custom metric to monitor certificate expiration for allACM certificates. Create an Amazon EventBridge rule that has an event source of a ws.cloud watch Configure the rule to send an event to a target Amazon Simple NotificationService (Amazon SNS) topic if the DaysToExpiry metric is less than 14. Subscribe theappropriate email addresses to the SNS topic.
B. Create an Amazon EventBridge rule that has an event source of aws.acm. Configure therule to evaluate the DaysToExpiry melric for all ACM certificates.Configure the rule to send an event to a target Amazon Simple Notification Service(Amazon SNS) topic if DaysToExpiry is less than 14. Subscribe the appropriate emailaddresses to the SNS topic.
C. Create an Amazon CloudWatch dashboard that displays the DaysToExpiry metric for allACM certificates. If DaysToExpiry is less than 14, send an emailmessage to the appropriate email addresses. Send the email message by running apredefined CLI command to publish to an Amazon Simple Notification Service (AmazonSNS) topic.
D. Create an Amazon EventBridge rule that has an event source of aws.acm. Configure therule to evaluate the DaysToExpiry metric for all ACM certificates. Configure a target SMSidentity that uses a predefined email template. Configure the rule to send an event to thetarget SMS identity if DaysToExpiry is less than 14.

Show Answer

Question # 19

A company wants to monitor the security groups of its Amazon EC2 instances to ensurethat SSH is not open to the public. If the port is opened, the company needs to close theport as soon as possible.Which combination of actions should a SysOps administrator take to meet theserequirements? (Select TWO.)

A. Add an Amazon CloudWatch alarm to detect the security groups that allow SSH.
B. Add an AWS Config rule to detect the security groups that allow SSH.
C. Add an assessment template to Amazon Inspector to detect the security groups that allow SSH
D. Call an AWS Systems Manager Automation runbook to close the port.
E. Call AWS Systems Manager Run Command to close the port.

Show Answer

Question # 20

A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances onAWS. A SysOps administrator needs to keep the instances and all of the instances’ data,even if someone deletes the stack.Which solution will meet these requirements?

A. Set the DeletionPolicy attribute to Snapshot for the EC2 instance resource in theCloudFormation template.
B. Automate backups by using Amazon Data Lifecycle Manager (Amazon DLM).
C. Create a backup plan in AWS Backup.
D. Set the DeletionPolicy attribute to Retain for the EC2 instance resource in theCloudFormation template.

Show Answer

Question # 21

A company has a compliance requirement that no security groups can allow SSH ports tobe open to all IP addresses. A SysOps administrator must implement a solution that willnotify the company's SysOps team when a security group rule violates this requirement.The solution also must remediate the security group rule automatically.Which solution will meet these requirements?

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes anAWS Lambda function when a security group changes. Configure the Lambda function to evaluate the security group for compliance, remove all inbound security group rules on allports, and notify the SysOps team if the security group is noncompliant.
B. Create an AWS CloudTrail metric filter for security group changes. Create an AmazonCloudWatch alarm to notify the SysOps team through an Amazon Simple NotificationService (Amazon SNS) topic when (he metric is greater than 0. Subscribe an AWS Lambdafunction to the SNS topic to remediate the security group rule by removing the rule.
C. Activate the AWS Config restricted-ssh managed rule. Add automatic remediation to theAWS Config rule by using the AWS Systems Manager Automation AWSDisablePublicAccessForSecurityGrouprunbook. Create an Amazon EventBridge (AmazonCloudWatch Events) rule to notify the SysOps team when the rule is noncompliant.
D. Create an AWS CloudTrail metric filter for security group changes. Create an AmazonCloudWatch alarm for when the metric is greater than 0. Add an AWS Systems Manageraction to the CloudWatch alarm to suspend the security group by using the SystemsManager Automation AWS-DisablePublicAccessForSecurityGroup runbook when the alarmis in ALARM state. Add an Amazon Simple Notification Service (Amazon SNS) topic as asecond target to notify the SysOps team.

Show Answer

Question # 22

A SysOps administrator manages a company's Amazon S3 buckets. The SysOpsadministrator has identified 5 GB of incomplete multipart uploads in an S3 bucket in thecompany's AWS account. The SysOps administrator needs to reduce the number ofincomplete multipart upload objects in the S3 bucket.Which solution will meet this requirement?

A. Create an S3 Lifecycle rule on the S3 bucket to delete expired markers or incompletemultipart uploads
B. Require users that perform uploads of files into Amazon S3 to use the S3 TransferUtility.
C. Enable S3 Versioning on the S3 bucket that contains the incomplete multipart uploads.
D. Create an S3 Object Lambda Access Point to delete incomplete multipart uploads.

Show Answer

Question # 23

A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company’s AWS accountThe SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys anAmazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a privatesubnet. An application that runs on the EC2 instance needs to connect to the database. What should the SysOps administrator do to give the EC2 instance the ability to connect tothe database?

A. Enter the DB instance connection string into the VPC1 route table.
B. Configure VPC peering between the two VPCs.
C. Add the same IPv4 CIDR range for both VPCs.
D. Connect to the DB instance by using the DB instance’s public IP address.

Show Answer

Question # 24

A company has a policy that requires all Amazon EC2 instances to have a specific set oftags. If an EC2 instance does not have the required tags, the noncompliant instance shouldbe terminated.What is the MOST operationally efficient solution that meets these requirements?

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all EC2instance state changes to an AWS Lambda function to determine if each instance iscompliant. Terminate any noncompliant instances.
B. Create an IAM policy that enforces all EC2 instance tag requirements. If the requiredtags are not in place for an instance, the policy will terminate noncompliant instance.
C. Create an AWS Lambda function to determine if each EC2 instance is compliant andterminate an instance if it is noncompliant. Schedule the Lambda function to invoke every 5minutes.
D. Create an AWS Config rule to check if the required tags are present. If an EC2 instanceis noncompliant, invoke an AWS Systems Manager Automation document to terminate theinstance.

Show Answer

Question # 25

A company is using an Amazon CloudWatch alarm lo monitor the FreeLocalStorage metricfor an Amazon Aurora PostgreSQL production database The alarm goes into ALARM stateand indicates that the database is running low on temporary storage. A SysOpsadministrator discovers that a weekly report is using most of the temporary storage that iscurrently allocated.What should the SysOps administrator do to solve this problem?

A. Turn on Aurora PostgreSQL query plan management.
B. Modify the configuration of the DB cluster to turn on storage auto scaling.
C. Add an Aurora read replica to the DB cluster. Modify the report lo use the new read replica.
D. Modify the DB instance class for each DB instance In the DB cluster to increase the instance size.

Show Answer

Question # 26

A SysOps administrator is responsible for more than 50 Amazon EC2 instances mat aredeployed in a single production AWS account The EC2 instances are running severaldifferent operating systems The company's standards require patching to be completed atleast once a month.The SysOps administrator wants to use AWS Systems Manager to reduce the number ofhours the company spends on operating system patching each month.Which combination of steps should the SysOps administrator take to meet theserequirements? (Select THREE.)

A. Group similar EC2 instances together into resource groups by using AWS ResourceGroups
B. Create a schedule in Systems Manager Patch Manager. Specify the appropriateresource group as the target
C. Specify Systems Manager Automation runbooks to patch the operating systems.Register the runbooks as tasks in the maintenance window. Specify the appropriateresource group as the target
D. Create a Systems Manager Automation runbook to monitor and control the state of thepatches required. Apply the runbook to Systems Manager Patch Manager
E. Create a single Systems Manager maintenance window for each resource group
F. Configure Systems Manager Fleet Manager to apply a Systems Manager Automationrunbook to the appropriate resource group.

Show Answer

Question # 27

A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances.These EC2 instances upload build artifacts to a third-party service. The third-party servicerecently implemented a strict IP allow list that requires all build uploads to come from asingle IP address.What change should the systems administrator make to the existing build fleet to complywith this new requirement?

A. Move all of the EC2 instances behind a NAT gateway and provide the gateway IPaddress to the service.
B. Move all of the EC2 instances behind an internet gateway and provide the gateway IPaddress to the service.
C. Move all of the EC2 instances into a single Availability Zone and provide the AvailabilityZone IP address to the service.
D. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to theservice.

Show Answer

Question # 28

A Sysops administrator wants to share a copy of a production database with a migrationaccount. The production database is hosted on an Amazon RDS DB instance and isencrypted at rest with an AWS Key Management Service (AWS KMS) key that has an alias ofWhat must the Sysops administrator do to meet these requirements with the LEAST administrative overhead?

A. Take a snapshot of the RDS DB instance in the production account. Amend the KMSkey policy of the production-rds-key KMS key to give access to the migration account's rootuser. Share the snapshot with the migration account.
B. Create an RDS read replica in the migration account. Configure the KMS key policy toreplicate the production-rds-key KMS key to the migration account.
C. Take a snapshot of the RDS DB instance in the production account. Share the snapshotwith the migration account. In the migration account, create a new KMS key that has anidentical alias.
D. Use native database toolsets to export the RDS DB instance to Amazon S3. Create anS3 bucket and an S3 bucket policy for cross-account access between the productionaccount and the migration account. Use native database toolsets to import the databasefrom Amazon S3 to a new RDS DB instance.

Show Answer

Question # 29

A company runs a web application on three Amazon EC2 instances behind an ApplicationLoad Balancer (ALB). Web traffic increases significantly during the same 9-hour periodevery day and causes a decrease in the application's performance. A SysOps administratormust scale the application ahead of the changes in demand to accommodate the increasedtraffic.Which solution will meet these requirements?

A. Create an Amazon CloudWatch alarm to monitor application latency. Configure an alarmaction to increase the size of each EC2 instance if the latency threshold is reached.
B. Create an Amazon EventBridge rule to monitor application latency. Configure the rule toadd an EC2 instance to the ALB if the latency threshold is reached
C. Deploy the application to an EC2 Auto Scaling group that uses a target tracking scalingpolicy. Attach the ALB to the Auto Scaling group.
D. Deploy the application to an EC2 Auto Scaling group that uses a scheduled scalingpolicy. Attach the ALB to the Auto Scaling group.

Show Answer

Question # 30

ASysOps administrator configures an application to run on Amazon EC2 instances behindan Application Load Balancer (ALB) in a simple scaling Auto Scaling group with the defaultsettings. The Auto Scaling group is configured to use the RequestCountPerTarget metricfor scaling. The SysOps administrator notices that the RequestCountPerTarget metricexceeded the specified limit twice in 180 seconds.How will the number of EC2 instances in this Auto Scaling group be affected in thisscenario?

A. The Auto Scaling group will launch an additional EC2 instance every time theRequestCountPerTarget metric exceeds the predefined limit.
B. The Auto Scaling group will launch one EC2 instance and will wait for the defaultcooldown period before launching another instance.
C. The Auto Scaling group will send an alert to the ALB to rebalance the traffic and not addnew EC2 instances until the load is normalized.
D. The Auto Scaling group will try to distribute the traffic among all EC2 instances beforelaunching another instance.

Show Answer

Question # 31

A company's SysOps administrator maintains a highly available environment. Theenvironment includes Amazon EC2 instances and an Amazon RDS Multi-AZ database.The EC2 instances are in an Auto Scaling group behind an Application Load Balancer.Recently, the company conducted a failover test. The SysOps administrator needs todecrease the failover time of the RDS database by at least 10%.Which solution will meet this requirement?

A. Increase the RDS instance size.
B. Modify the RDS cluster to run in a single Availability Zone.
C. Create a read replica in another AWS Region. Promote the read replica in case offailure.
D. Create an RDS proxy. Point the application to the proxy endpoint.

Show Answer

Question # 32

A company has developed a service that is deployed on a fleet of Linux-based AmazonEC2 instances that are in an Auto Scaling group. The service occasionally failsunexpectedly because of an error in the application code. The company's engineering teamdetermines that resolving the underlying cause of the service failure could take severalweeks.A SysOps administrator needs to create a solution to automate recovery if the servicecrashes on any of the EC2 instances.Which solutions will meet this requirement? (Select TWO.)

A. Install the Amazon CloudWatch agent on the EC2 instances. Configure the CloudWatchagent to monitor the service. Set the CloudWatch action to restart if the service healthcheck fails.
B. Tag the EC2 instances. Create an AWS Lambda function that uses AWS SystemsManager Session Manager to log in to the tagged EC2 instances and restart the service.Schedule the Lambda function to run every 5 minutes.
C. Tag the EC2 instances. Use AWS Systems Manager State Manager to create anassociation that uses the AWS-RunSheIIScript document. Configure the associationcommand with a script that checks if the service is running and that starts the service if theservice is not running. For targets, specify the EC2 instance tag. Schedule the associationto run every 5 minutes.
D. Update the EC2 user data that is specified in the Auto Scaling group's launch templateto include a script that runs on a cron schedule every 5 minutes.
E. Update the EC2 user data that is specified in the Auto Scaling group's launch templateto ensure that the service runs during startup. Redeploy all the EC2 instances in the AutoScaling group with the updated launch template.

Show Answer

Question # 33

Users of a company's internal web application recently experienced applicationperformance issues for a brief period The application includes frontend web servers thatrun in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster The application alsoincludes a bacKend Amazon Aurora PostgreSQL DB cluster that includes one DB instance.A SysOps administrator determines that the source of the performance issues was highutilization of the DB cluster. The single writer instance experienced more than 90%utilization for 11 minutes The cause of the high utilization was an automated report that isscheduled to run one time each weekWhat should the SysOps administrator do to ensure that users do not experienceperformance Issues each week when the report runs?

A. Increase the size of the DB instance. Monitor the performance during the nextscheduled run of the report
B. Add a reader instance. Change the database connection string of the report applicationto use the newly created reader instance.
C. Add another writer instance Change the database connection string of the reportapplication to use the newly created writer instance.
D. Configure auto scaling for the DB cluster Set the minimum capacity units, maximumcapacity units, and target utilization

Show Answer

Question # 34

A company has an application that collects notifications from thousands of alarm systems.The notifications include alarm notifications and information notifications. The informationnotifications include the system arming processes, disarming processes, and sensorstatus. All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS)queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. ASysOps administrator needs to implement a solution that prioritizes alarm notifications overinformation notifications.Which solution will meet these requirements?

A. Adjust the Auto Scaling group to scale faster when a high number of messages is in thequeue.
B. Use the Amazon Simple Notification Service (Amazon SNS) fanout feature with AmazonSQS to send the notifications in parallel to all the EC2 instances.
C. Add an Amazon DynamoDB stream to accelerate the message processing.
D. Create a queue for alarm notifications and a queue for information notifications. Updatethe application to collect messages from the alarm notifications queue first.

Show Answer

Question # 35

A company that uses AWS Organizations recently implemented AWS Control Tower Thecompany now needs to centralize identity management A SysOps administrator mustfederate AWS 1AM Identity Center with an external SAML 2.0 identity provider (IdP) tocentrally manage access to all the company's accounts and cloud applicationsWhich prerequisites must the SysOps administrator have so that the SysOps administratorcan connect to the external IdP? (Select TWO.)

A. A copy of the 1AM Identity Center SAML metadata
B. The IdP metadata, including the public X.509 certificate
C. The IP address of the IdP
D. Root access to the management account
E. Administrative permissions to the member accounts of the organization

Show Answer

Question # 36

A company uses AWS Organizations to manage its multi-account environment. Theorganization contains a dedicated account for security and a dedicated account for logging.A SysOps administrator needs to implement a centralized solution that provides alertswhen a resource metric in any account crosses a standard defined threshold.Which solution will meet these requirements?

A. Deploy an AWS CloudFormation stack set to the accounts in the organization. Use atemplate that creates the required Amazon CloudWatch alarms and references an AmazonSimple Notification Service (Amazon SNS) topic in the logging account with publishpermissions for all the accounts.
B. Deploy an AWS CloudFormation stack in each account. Use the stack to deploy therequired Amazon CloudWalch alarms and the required Amazon Simple Notification Service(Amazon SNS) topic.
C. Deploy an AWS Lambda function on a cron job in each account. Configure the Lambdafunction to read resources that are in the account and to invoke an Amazon SimpleNotification Service (Amazon SNS) topic if any metrics cross the defined threshold.
D. Deploy an AWS CloudFormation change set to the organization. Use a template tocreate the required Amazon CloudWatch alarms and to send alerts to a verified AmazonSimple Email Service (Amazon SES) identity.

Show Answer

Question # 37

A company hosts a production MySQL database on an Amazon Aurora single-node DBcluster. The database is queried heavily for reporting purposes. The DB cluster isexperiencing periods of performance degradation because of high CPU utilization andmaximum connections errors. A SysOps administrator needs to improve the stability of thedatabase.Which solution will meet these requirements?

A. Create an Aurora Replica node. Create an Auto Scaling policy to scale replicas basedon CPU utilization. Ensure that all reporting requests use the read-only connection string.
B. Create a second Aurora MySQL single-node DB cluster in a second Availability Zone.Ensure that all reporting requests use the connection string for this additional node.
C. Create an AWS Lambda function that caches reporting requests. Ensure that allreporting requests call the Lambda function.
D. Create a multi-node Amazon ElastiCache cluster. Ensure that all reporting requests usethe ElastiCache cluster. Use the database if the data is not in the cache.

Show Answer

Question # 38

A company runs its web application on multiple Amazon EC2 instances that are part of anAuto Scaling group. The company wants the Auto Scaling group to scale out as soon asCPU utilization rises above 50% for the instances.How should a SysOps administrator configure the Auto Scaling group to meet theserequirements?

A. Configure the Auto Scaling group to scale based on events.
B. Configure the Auto Scaling group to scale based on a schedule.
C. Configure the Auto Scaling group to scale dynamically based on demand.
D. Configure the Auto Scaling group to use predictive scaling.

Show Answer

Question # 39

A company manages its production applications across several AWS accounts. Thecompany hosts the production applications on Amazon EC2 instances that run AmazonLinux 2. The EC2 instances are spread across multiple VPCs. Each VPC uses its ownAmazon Route 53 private hosted zone for private DNS.A VPC from Account A needs to resolve private DNS records from a private hosted zonethat is associated with a different VPC in Account B.What should a SysOps administrator do to meet these requirements?

A. In Account A, create an AWS Systems Manager document that updates the/etc/resolv.conf file across all EC2 instances to point to the AWS provided default DNSresolver for the VPC in Account B.
B. In Account A, create an AWS CloudFormation template that associates the privatehosted zone from Account B with the private hosted zone in Account A.
C. In Account A, use the AWS CLI to create a VPC association authorization. When theassociation is created, use the AWS CLI in Account B to associate the VPC from AccountA with the private hosted zone in Account B.
D. In Account B, use the AWS CLI to create a VPC association authorization. When the association is created, use the AWS CLI in Account A to associate the VPC from AccountB with the private hosted zone in Account A.

Show Answer

Question # 40

A company is running production workloads that use a Multi-AZ deployment of an AmazonRDS for MySQL db.m6g.xlarge (general purpose) standard DB instance. Users report thatthey are frequently encountering a "too many connections" error. A SysOps administrator observes that the number of connections on the database is high.The SysOps administrator needs to resolve this issue while keeping code changes to a minimum.Which solution will meet these requirements MOST cost-effectively?

A. Modify the RDS for MySQL DB instance to a larger instance size.
B. Migrate the RDS for MySQL DB instance to Amazon DynamoDB.
C. Configure RDS Proxy. Modify the application configuration file to use the RDS Proxy endpoint.
D. Modify the RDS for MySQL DB instance to a memory optimized DB instance.

Show Answer

Question # 41

A company's social media application has strict data residency requirements. The companywants to use Amazon Route 53 to provide the application with DNS services. A SysOpsadministrator must implement a solution that routes requests to a defined list of AWSRegions. The routing must be based on the user's location. Which solution will meet theserequirements?

A. Configure a Route 53 latency routing policy.
B. Configure a Route 53 multivalue answer routing policy.
C. Configure a Route 53 geolocation routing policy.
D. Configure a Route 53 IP-based routing policy.

Show Answer

Question # 42

A company is running Amazon EC2 On-Demand Instances in an Auto Scaling group. Theinstances process messages from an Amazon Simple Queue Service (Amazon SQS)queue. The Auto Scaling group is set to scale based on the number of messages in thequeue. Messages can take up to 12 hours to process completely. A SysOps administratormust ensure that instances are not interrupted during message processing.What should the SysOps administrator do to meet these requirements?

A. Enable instance scale-in protection for the specific instance in the Auto Scaling group atthe start of message processing by calling the Amazon EC2 Auto Scaling API from theprocessing script. Disable instance scale-in protection after message processing iscomplete by calling the Amazon EC2 Auto Scaling API from the processing script.
B. Set the Auto Scaling group's termination policy to OldestInstance.
C. Set the Auto Scaling group's termination policy to OldestLaunchConfiguration.
D. Suspend the Launch and Terminate scaling processes for the specific instance in theAuto Scaling group at the start of message processing by calling the Amazon EC2 AutoScaling API from the processing script. Resume the scaling processes after messageprocessing is complete by calling the Amazon EC2 Auto Scaling API from the processingscript.

Show Answer

Question # 43

A company deployed a new web application on multiple Amazon EC2 instances behind anApplication Load Balancer (ALB). The EC2 instances run in an Auto Scaling group. Usersreport that they are frequently being prompted to log in.What should a SysOps administrator do to resolve this issue?

A. Configure an Amazon CloudFront distribution with the ALB as the origin.
B. Enable sticky sessions (session affinity) for the target group of EC2 instances.
C. Redeploy the EC2 instances in a spread placement group.
D. Replace the ALB with a Network Load Balancer.

Show Answer

Question # 44

A company is implementing a monitoring solution that is based on machine learning. Themonitoring solution consumes Amazon EventBridge (Amazon CloudWatch Events) eventsthat are generated by Amazon EC2 Auto Scaling. The monitoring solution providesdetection of anomalous behavior such as unanticipated scaling events and is configured asan EventBridge (CloudWatch Events) API destination.During initial testing, the company discovers that the monitoring solution is not receivingevents. However, Amazon CloudWatch is showing that the EventBridge (CloudWatchEvents) rule is being invoked. A SysOps administrator must implement a solution toretrieve client error details to help resolve this issue.Which solution will meet these requirements with the LEAST operational effort?

A. Create an EventBridge (CloudWatch Events) archive for the event pattern to replay theevents. Increase the logging on the monitoring solution. Use replay to invoke themonitoring solution. Examine the error details.
B. Add an Amazon Simple Queue Service (Amazon SQS) standard queue as a dead-letterqueue for the target. Process the messages in the dead-letter queue to retrieve errordetails.
C. Create a second EventBridge (CloudWatch Events) rule for the same event pattern totarget an AWS Lambda function. Configure the Lambda function to invoke the monitoringsolution and to record the results to Amazon CloudWatch Logs. Examine the errors in thelogs.
D. Configure the EventBridge (CloudWatch Events) rule to send error messages to anAmazon Simple Notification Service (Amazon SNS) topic.

Show Answer

Question # 45

A company is using an Amazon EC2 Auto Scaling group to support a workload A Sytfhecompany now needs to centruito Scaling group is configured with two similar scalingpolicies dP) to centrally manage access to One scaling policy adds 5 instances when CPUutilization reaches 80%. The other sctrator can connect to the extemahen CPU utilizationleaches 80%.What will happen when CPU utilization reaches the 80% threshold?

A. Amazon EC2 Auto Scaling will add 5 instances
B. Amazon EC2 Auto Scaling will add 10 instances
C. Amazon EC2 Auto Scaling will add 15 instances.
D. The Auto Scaling group will not scale because of conflicting policies

Show Answer

Question # 46

A global company operates out of five AWS Regions. A SysOps administrator wants toidentify all the company's tagged and untagged Amazon EC2 instance The company requires the output to display the instance ID and tags. What is the MOST operationally efficient way for the SysOps administrator to meet theserequirements?

A. Create a tag-based resource group in AWS Resource Groups.
B. Use AWS Trusted Advisor. Export the EC2 On-Demand Instances check results from Trusted Advisor.
C. Use Cost Explorer. Choose a service type of EC2-Instances, and group by Resource.
D. Use Tag Editor in AWS Resource Groups. Select all Regions, and choose a resourcetype of AWS::EC2::Instance.

Show Answer

Question # 47

A Sysops administrator configured AWS Backup to capture snapshots from a singleAmazon EC2 instance that has one Amazon Elastic Block Store (Amazon EBS) volumeattached. On the first snapshot, the EBS volume has 10 GiB of data. On the secondsnapshot, the EBS volume still contains 10 GiB of data, but 4 GiB have changed. On thethird snapshot, 2 GiB of data have been added to the volume, for a total of 12 GiB.How much total storage is required to store these snapshots?

A. 12 GiB
B. 16 GiB
C. 26 GiB
D. 32 GiB

Show Answer

Question # 48

A SysOps administrator has set up a new Amazon EC2 instance as a web server in apublic subnet. The instance uses HTTP port 80 and HTTPS port 443.The SysOps administrator has confirmed internet connectivity by downloading operatingsystem updates and software from public repositories. However, the SysOps administratorcannot access the instance from a web browser on the internet.Which combination of steps should the SysOps administrator take to troubleshoot thisissue? (Select THREE.)

A. Ensure that the inbound rules of the instance's security group allow traffic on ports 80 and 443.
B. Ensure that the outbound rules of the instance's security group allow traffic on ports 80 and 443.
C. Ensure that ephemeral ports 1024-65535 are allowed in the inbound rules of thenetwork ACL that is associated with the instance's subnet.
D. Ensure that ephemeral ports 1024-65535 are allowed in the outbound rules of thenetwork ACL that is associated with the instance's subnet.
E. Ensure that the filtering rules for any firewalls that are running on the instance allowinbound traffic on ports 80 and 443.
F. Ensure that AWS WAF is turned on for the instance and is blocking web traffic.

Show Answer

Question # 49

A SysOps administrator needs to ensure that an Amazon RDS for PostgreSQL DBinstance has available backups The DB instance has automated backups turned on with abackup retention period of 7 days. However, no automated backups for the DB instancehave been created in the past month. What could be the cause of the lack of automated backups?

A. The Amazon S3 bucket that stores the backups is full
B. The DB instance is in the STORAGE_FULL state
C. The DB instance is not configured for Multi-AZ.
D. The backup retention period must be 30 days.

Show Answer

Question # 50

A company needs to monitor the disk utilization of Amazon Elastic Block Store (AmazonEBS) volumes The EBS volumes are attached to Amazon EC2 Linux Instances A SysOpsadministrator must set up an Amazon CloudWatch alarm that provides an alert when diskutilization increases to more than 80%.Which combination of steps must the SysOps administrator lake lo meet theserequirements? (Select THREE.)

A. Create an 1AM role that includes the Cloud Watch AgentServerPol icy AWS managedpolicy Attach me role to the instances
B. Create an 1AM role that includes the CloudWatchApplicationInsightsReadOnlyAccessAWS managed policy. Attach the role to the instances
C. Install and start the CloudWatch agent by using AWS Systems Manager or thecommand line
D. Install and start the CloudWatch agent by using an 1AM role. Attach the Cloud WatchAgentServerPolicy AWS managed policy to the role.
E. Configure a CloudWatch alarm to enter ALARM state when the disk_used_percentCloudWatch metric is greater than 80%.
F. Configure a CloudWatch alarm to enter ALARM state when the disk_used CloudWatchmetric is greater than 80% or when the disk_free CloudWatch metric is less than 20%.

Show Answer

Question # 51

A company is experiencing issues with legacy software running on Amazon EC2 instances.Errors occur when the total CPU utilization on the EC2 instances exceeds 80%. A shorttermsolution is required while the software is being rewritten. A SysOps administrator istasked with creating a solution to restart the instances when the CPU utilization rises above80%.Which solution meets these requirements with the LEAST operational overhead?

A. Write a script that monitors the CPU utilization of the EC2 instances and reboots theinstances when utilization exceeds 80%. Run the script as a cron job.
B. Add an Amazon CloudWatch alarm for CPU utilization and configure the alarm action toreboot the EC2 instances.
C. Create an Amazon EventBridge rule using the predefined patterns for CPU utilization ofthe EC2 instances. When utilization exceeds 80%, invoke an AWS Lambda function torestart the instances.
D. Add an Amazon CloudWatch alarm for CPU utilization and configure an AWS SystemsManager Automation runbook to reboot the EC2 instances when utilization exceeds 80%.

Show Answer

Question # 52

A company has an on-premises DNS solution and wants to resolve DNS records in anAmazon Route 53 private hosted zone for example.com. The company has set up an AWSDirect Connect connection for network connectivity between the on-premises network andthe VPC. A SysOps administrator must ensure that an on-premises server can queryrecords in the example.com domain.What should the SysOps administrator do to meet these requirements?

A. Create a Route 53 Resolver inbound endpoint Attach a security group to the endpoint toallow inbound traffic on TCP/UDP port 53 from the on-premises DNS servers.
B. Create a Route 53 Resolver inbound endpoint. Attach a security group to the endpoint toallow outbound traffic on TCP/UDP port 53 to the on-premises DNSservers.
C. Create a Route 53 Resolver outbound endpoint. Attach a security group to the endpointto allow inbound traffic on TCP/UDP port 53 from the on-premises DNS servers.
D. Create a Route 53 Resolver outbound endpoint. Attach a security group to the endpointto allow outbound traffic on TCP/UDP port 53 to the on-premises DNS servers.

Show Answer

Question # 53

A company is supposed to receive a data file every hour in an Amazon S3 bucket. An S3event notification invokes an AWS Lambda function each time a file arrives. The function processes the data for use by an application.The application team notices that sometimes the file does not arrive. The application teamwants to receive a notification whenever the file does not arrive.What is the MOST operationally efficient solution that meets these requirements?

A. Add an S3 Lifecycle rule on the S3 bucket with a scope that is limited to objects thatwere created in the last hour. Configure another S3 event notification to be invoked by thelifecycle transition when the number of objects transitioned is zero. Publish a message toan Amazon Simple Notification Service (Amazon SNS) topic to notify the application team.
B. Configure another S3 event notification to invoke a Lambda function that posts amessage to an Amazon Simple Queue Service (Amazon SQS) queue. Create an AmazonCloudWatch alarm to publish a message to an Amazon Simple Notification Service(Amazon SNS) topic to notify the application team when theApproximateAgeOfOldestMessage metric of the queue is greater than 1 hour.
C. Create an Amazon CloudWatch alarm to publish a message to an Amazon SimpleNotification Service (Amazon SNS) topic to alert the application team when the Invocationsmetric of the Lambda function is zero for an hour. Configure the alarm to treat missing dataas breaching.
D. Create a new Lambda function to get the timestamp of the newest file in the S3 bucket.If the timestamp is more than 1 hour ago, publish a message to an Amazon SimpleNotification Service (Amazon SNS) topic to notify the application team. Create an AmazonEventBridge (Amazon CloudWatch Events) rule to invoke the new function hourly.

Show Answer

Question # 54

A SysOps administrator maintains the security and compliance of a company's AWSaccount. To ensure the company's Amazon EC2 instances are following company policy, aSysOps administrator wants to terminate any EC2 instance that do not contain adepartment tag. Noncompliant resources must be terminated in near real time.Which solution will meet these requirements?

A. Create an AWS Config rule with the required-tags managed rule to identify noncompliantresources. Configure automatic remediation to run the AWS-TerminateEC2lnstanceautomation runbook to terminate noncompliant resources.
B. Create a new Amazon EventBridge rule to monitor when new EC2 instances arecreated. Send the event to an Simple Notification Service (Amazon SNS) topic forautomatic remediation.
C. Ensure all users who can create EC2 instances also have the permissions to use theec2:CreateTags and ec2:DescribeTags actions. Change the instance's shutdown behaviorto terminate.
D. Ensure AWS Systems Manager Compliance is configured to manage the EC2instances. Call the AWS-StopEC2lnstances automation runbook to stop noncompliantresources.

Show Answer

Question # 55

A company is running an application on a group of Amazon EC2 instances behind anApplication Load Balancer The EC2 instances run across three Availability Zones Thecompany needs to provide the customers with a maximum of two static IP addresses fortheir applicationsHow should a SysOps administrator meet these requirement?

A. Add AWS Global Accelerator in front of the Application Load Balancer
B. Add an internal Network Load Balancer behind the Application Load Balancer
C. Configure the Application Load Balancer in only two Availability Zones.
D. Create two Elastic IP addresses and assign them to the Application Load Balancer.

Show Answer

Question # 56

A company wants to reduce costs for jobs that can be completed at any time. The jobscurrently run by using multiple Amazon EC2 On-Demand Instances, and the jobs takeslightly less than 2 hours to complete. If a job fails for any reason, it must be restarted fromthe beginning.Which solution will meet these requirements MOST cost-effectively?

A. Purchase Reserved Instances for the jobs.
B. Submit a request for a one-time Spot Instance for the jobs.
C. Submit a request for Spot Instances with a defined duration for the jobs.
D. Use a mixture of On-Demand Instances and Spot Instances for the jobs.

Show Answer

Question # 57

A SysOps administrator is examining the following AWS CloudFormation template: Why will the stack creation fail?

A. The Outputs section of the Cloud Formation template was omitted.
B. The Parameters section of the CtoudFormation template was omitted.
C. The PnvateDnsName cannot be set from a CloudFormation template.
D. The VPC was not specified in the CloudFormation template.

Show Answer

Question # 58

A company manages a set of accounts on AWS by using AWS Organizations. Thecompany's security team wants to use a native AWS service to regularly scan all AWSaccounts against the Center for Internet Security (CIS) AWS Foundations Benchmark.What is the MOST operationally efficient way to meet these requirements?

A. Designate a central security account as the AWS Security Hub administrator account.Create a script that sends an invitation from the Security Hub administrator account andaccepts the invitation from the member account. Run the script every time a new account iscreated. Configure Security Hub to run the CIS AWS Foundations Benchmark scans.
B. Run the CIS AWS Foundations Benchmark across all accounts by using AmazonInspector.
C. Designate a central security account as the Amazon GuardDuty administrator account.Create a script that sends an invitation from the GuardDuty administrator account andaccepts the invitation from the member account. Run the script every time a new account iscreated. Configure GuardDuty to run the CIS AWS Foundations Benchmark scans.
D. Designate an AWS Security Hub administrator account. Configure new accounts in theorganization to automatically become member accounts. Enable CIS AWS FoundationsBenchmark scans.

Show Answer

Question # 59

A SysOps administrator must ensure that all of a company's current and future Amazon S3buckets have logging enabled If an S3 bucket does not have logging enabled anautomated process must enable logging for the S3 bucket.Which solution will meet these requirements?

A. Use AWS Trusted Advisor 10 perform a check for S3 buckets that do not have loggingenabled Configure the check to enable logging for S3 buckets that do not have loggingenabled.
B. Configure an S3 bucket policy that requires all current and future S3 buckets to havelogging enabled
C. Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediationaction that uses an AWS Lambda function to enable logging.
D. Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediationaction that uses the AWS-ConfigureS3BucketLoggmg AWS Systems Manager Automationrunbook to enable logging.

Show Answer

Question # 60

An application is deployed in a VPC in both the us-east-2 and eu-west-1 Regions. Asignificant amount of data needs to be transferred between the two Regions. What is theMOST cost-effective way to set up the data transfer?

A. Establish a VPN connection between the Regions using third-party VPN products from AWS Marketplace.
B. Establish Amazon CloudFront distributions tor the Amazon EC2 instances from both Regions.
C. Establish an inter-Region VPC peering connection between the VPCs.
D. Establish an AWS PrivateLinK connection between the two Regions.

Show Answer

Question # 61

A company is running distributed computing software to manage a fleet of 20 Amazon EC2instances for calculations. The fleet includes 2 control nodes and 18 task nodes to run thecalculations. Control nodes can automatically start the task nodes.Currently, all the nodes run on demand. The control nodes must be available 24 hours aday, 7 days a week. The task nodes run for 4 hours each day. A SysOps administratorneeds to optimize the cost of this solution.Which combination of actions will meet these requirements? (Choose two.)

A. Purchase EC2 Instance Savings Plans for the control nodes.
B. Use Dedicated Hosts for the control nodes.
C. Use Reserved Instances for the task nodes.
D. Use Spot Instances for the control nodes. Use On-Demand Instances if there is no Spot availability.
E. Use Spot Instances for the task nodes. Use On-Demand Instances if there is no Spot availability.

Show Answer

Question # 62

A user is connected to an Amazon EC2 instance in a private subnet. The user is unable toaccess the internet from the instance by using the following curl command: curlhttp:/www.example.com.A SysOps administrator reviews the VPC configuration and learns the followinginformation: • The private subnet has a route to a NAT gateway for CIDR 0.0.0.0/0• The outbound security group for the EC2 instance contains one rule: outbound for port443 to CIDR 0.0.0.0/0• The inbound security group for the EC2 instance allows ports 22 and 443 from the user'sIP address.• The inbound network ACL for the subnet allows port 22 and port range 1024-65535 fromCIDR 0.0.0.0/0Which action will allow the user to complete the curl request successfully?

A. Add an additional inbound network ACL rule for port 80 to CIDR 0.0.0.0/0.
B. Add an additional inbound security group rule for port 80 to CIDR 0.0.0.0/0.
C. Add an additional outbound security group rule for port 80 to CIDR 0.0.0.0/0.
D. Add an additional outbound security group rule for port 80 to the user's IP address.

Show Answer

Question # 63

A company runs a worker process on three Amazon EC2 instances. The instances are inan Auto Scaling group that is configured to use a simple scaling policy. The instancesprocess messages from an Amazon Simple Queue Service (Amazon SOS) queue.Random periods of increased messages are causing a decrease in the performance of theworker process. A SysOps administrator must scale the instances to accommodate theincreased number of messages. Which solution will meet these requirements?

A. Use CloudWatch to create a metric math expression to calculate the approximate age ofthe oldest message in the SQS queue. Create a target tracking scaling policy for the metricmath expression to modify the Auto Scaling group.
B. Use CloudWatch to create a metric math expression to calculate the approximatenumber of messages visible in the SQS queue for each instance. Create a target trackingscaling policy for the metric math expression to modify the Auto Scaling group.
C. Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group.Create a target tracking scaling policy for the ALBRequestCountPerTarget metric to modifythe Auto Scaling group.
D. Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group.Create a scheduled scaling policy for the Auto Scaling group.

Show Answer

Question # 64

A company runs a single-page web application on AWS The application uses AmazonCloudFront lo deliver static content from an Amazon S3 bucket origin The application alsouses an Amazon Elastic Kubemetes Service (Amazon EKS) duster to serve API callsUsers sometimes report that the website is not operational, even when monitoring showsthat the index page is reachable and that the EKS cluster is healthy. A SysOpsadministrator must Implement additional monitoring that can delect when the website is notoperational before users report the problem.Which solution will meet these requirements?

A. Create an Amazon CloudWatch Synthetics heartbeat monitor canary that points to thefully qualified domain name (FQDN) of the website.
B. Create an Amazon CloudWatch Synthetics API canary that monitors the availability ofAPI endpoints from the EKS cluster.
C. Create an Amazon CloudWatch RUM app monitor that points to the fully qualifieddomain name (FQDN) of the website. Configure the app monitor to collect performancetelemetry and JavaScript errors
D. Create an Amazon CloudWatch RUM app monitor that uses the API endpoints from theEKS cluster

Show Answer

Question # 65

A new application runs on Amazon EC2 instances and accesses data in an Amazon RDSdatabase instance. When fully deployed in production, the application fails. The databasecan be queried from a console on a bastion host. When looking at the web server logs, thefollowing error is repeated multiple times:"** Error Establishing a Database ConnectionWhich of the following may be causes of the connectivity problems? {Select TWO.)

A. The security group for the database does not have the appropriate egress rule from thedatabase to the web server.
B. The certificate used by the web server is not trusted by the RDS instance.
C. The security group for the database does not have the appropriate ingress rule from theweb server to the database.
D. The port used by the application developer does not match the port specified in the RDSconfiguration.
E. The database is still being created and is not available for connectivity.

Show Answer

Question # 66

A company has many accounts in an organization in AWS Organizations The companymust automate resource provisioning from the organization's management account to themember accounts.Which solution will meet this requirement?

A. Create an AWS CkHJdFormation change set Deploy the change set to all memberaccounts
B. Create an AWS CtoudFormation nested stack Deploy the nested stack to all memberaccounts.
C. Create an AWS CtoudFormation stack set Deploy the stack set to all member accounts.
D. Create an AWS Serverless Application Model (AWS SAM) template. Deploy thetemplate to all member accounts.

Show Answer

Question # 67

A SysOps administrator must analyze Amazon CloudWatch logs across 10 AWS Lambdafunctions for historical errors. The logs are in JSON format and are stored in Amazon S3.Errors sometimes do not appear in the same field, but all errors begin with the same string prefix.What is the MOST operationally efficient way for the SysOps administrator to analyze thelog files?

A. Use S3 Select to write a query to search for errors. Run the query across all log groupsof interest.
B. Create an AWS Glue processing job to index the logs of interest. Run a query inAmazon Athena to search for errors.
C. Use Amazon CloudWatch Logs Insights to write a query to search for errors. Run thequery across all log groups of interest.
D. Use Amazon CloudWatch Contributor Insights to create a rule. Apply the rule across alllog groups of interest.

Show Answer

Question # 68

A company has 50 AWS accounts and wants to create an identical Amazon VPC in eachaccount. Any changes the company makes to the VPCs in the future must be implementedon every VPC.What is the MOST operationally efficient method to deploy and update the VPCs in eachaccount?

A. Create an AWS Cloud Formation template that defines the VPC. Sign in to the AWSManagement Console under each account. Create a stack from the template.
B. Create a shell script that configures the VPC using the AWS CLI. Provide a list ofaccounts to the shell script from a text file. Create the VPC in every account in the list.
C. Create an AWS Lambda function that configures the VPC. Store the account informationin Amazon DynamoDB. Grant Lambda access to the DynamoDB table. Create the VPC inevery account in the list.
D. Create an AWS Cloud Formation template that defines the VPC. Create an AWSCloudFormation StackSet based on the template. Deploy the template to all accounts usingthe stack set.

Show Answer

Question # 69

A development team created and deployed a new AWS Lambda function 15 minutes ago.Although the function was invoked many times. Amazon CloudWatch Logs are not showingany log messages.What is one cause of this?

A. The developers did not enable log messages for this Lambda function.
B. The Lambda function's role does not include permissions to create CloudWatch Logs items.
C. The Lambda function raises an exception before the first log statement has been reached.
D. The Lambda functions creates local log files that have to be shipped to CloudWatch Logs first before becoming visible.

Show Answer

Question # 70

A company hosts an internal application on Amazon EC2 On-Demand Instances behind anApplication Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scalinggroup. Employees use the application to provide product prices to potential customers. TheAuto Scaling group is configured with a dynamic scaling policy and tracks average CPUutilization of the instances.Employees have noticed that sometimes the application becomes slow or unresponsive. ASysOps administrator finds that some instances are experiencing a high CPU load. TheAuto Scaling group cannot scale out because the company is reaching the EC2 instanceservice quota.The SysOps administrator needs to implement a solution that provides a notification whenthe company reaches 70% or more of thte EC2 instance service quota.Which solution will meet these requirements in the MOST operationally efficient manner?

A. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances,and compares the total number against the applied quota value by using the ServiceQuotas API. Configure the Lambda function to publish an Amazon Simple NotificationService (Amazon SNS) notification if the quota utilization is equal to or greater than 70%.Create an Amazon EventBridge rule to invoke the Lambda function.
B. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances,and compares the total number against the applied quota value by using the AmazonCloudWatch Metrics API. Configure the Lambda function to publish an Amazon SimpleNotification Service (Amazon SNS) notification if the quota utilization is equal to or greaterthan 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
C. Use the Service Quotas console to create an Amazon CloudWatch alarm for the EC2instances. Configure the alarm with quota utilization equal to or greater than 70%.Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS)notification when the alarm enters ALARM state.
D. Create an Amazon CloudWatch alarm. Configure the alarm with a threshold of 70% forthe CPUUtilization metric for the EC2 instances. Configure the alarm to publish an AmazonSimple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.

Show Answer

Question # 71

A company hosts an internal application on Amazon EC2 On-Demand Instances behind anApplication Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scalinggroup. Employees use the application to provide product prices to potential customers. TheAuto Scaling group is configured with a dynamic scaling policy and tracks average CPUutilization of the instances.Employees have noticed that sometimes the application becomes slow or unresponsive. ASysOps administrator finds that some instances are experiencing a high CPU load. TheAuto Scaling group cannot scale out because the company is reaching the EC2 instanceservice quota.The SysOps administrator needs to implement a solution that provides a notification whenthe company reaches 70% or more of thte EC2 instance service quota.Which solution will meet these requirements in the MOST operationally efficient manner?

A. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances,and compares the total number against the applied quota value by using the ServiceQuotas API. Configure the Lambda function to publish an Amazon Simple NotificationService (Amazon SNS) notification if the quota utilization is equal to or greater than 70%.Create an Amazon EventBridge rule to invoke the Lambda function.
B. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances,and compares the total number against the applied quota value by using the AmazonCloudWatch Metrics API. Configure the Lambda function to publish an Amazon SimpleNotification Service (Amazon SNS) notification if the quota utilization is equal to or greaterthan 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
C. Use the Service Quotas console to create an Amazon CloudWatch alarm for the EC2instances. Configure the alarm with quota utilization equal to or greater than 70%.Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS)notification when the alarm enters ALARM state.
D. Create an Amazon CloudWatch alarm. Configure the alarm with a threshold of 70% forthe CPUUtilization metric for the EC2 instances. Configure the alarm to publish an AmazonSimple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.

Show Answer

Question # 72

A company hosts an internal application on Amazon EC2 On-Demand Instances behind anApplication Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scalinggroup. Employees use the application to provide product prices to potential customers. TheAuto Scaling group is configured with a dynamic scaling policy and tracks average CPUutilization of the instances.Employees have noticed that sometimes the application becomes slow or unresponsive. ASysOps administrator finds that some instances are experiencing a high CPU load. TheAuto Scaling group cannot scale out because the company is reaching the EC2 instanceservice quota.The SysOps administrator needs to implement a solution that provides a notification whenthe company reaches 70% or more of thte EC2 instance service quota.Which solution will meet these requirements in the MOST operationally efficient manner?

A. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances,and compares the total number against the applied quota value by using the ServiceQuotas API. Configure the Lambda function to publish an Amazon Simple NotificationService (Amazon SNS) notification if the quota utilization is equal to or greater than 70%.Create an Amazon EventBridge rule to invoke the Lambda function.
B. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances,and compares the total number against the applied quota value by using the AmazonCloudWatch Metrics API. Configure the Lambda function to publish an Amazon SimpleNotification Service (Amazon SNS) notification if the quota utilization is equal to or greaterthan 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
C. Use the Service Quotas console to create an Amazon CloudWatch alarm for the EC2instances. Configure the alarm with quota utilization equal to or greater than 70%.Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS)notification when the alarm enters ALARM state.
D. Create an Amazon CloudWatch alarm. Configure the alarm with a threshold of 70% forthe CPUUtilization metric for the EC2 instances. Configure the alarm to publish an AmazonSimple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.

Show Answer

Question # 73

A company hosts an internet web application on Amazon EC2 instances. The company isreplacing the application with a new AWS Lambda function. During a transition period, thecompany must route some traffic to the legacy application and some traffic to the newLambda function. The company needs to use the URL path of request to determine therouting. Which solution will meet these requirements?

A. Configure a Gateway Load Balancer to use the URL path to direct traffic to the legacyapplication and the new Lambda function.
B. Configure a Network Load Balancer to use the URL path to direct traffic to the legacyapplication and the new Lambda function.
C. Configure a Network Load Balancer to use a regular expression to match the URL pathto direct traffic to the new Lambda function.
D. Configure an Application Load Balancer to use the URL path to direct traffic to thelegacy application and the new Lambda function.

Show Answer

Question # 74

A company hosts an internet web application on Amazon EC2 instances. The company isreplacing the application with a new AWS Lambda function. During a transition period, thecompany must route some traffic to the legacy application and some traffic to the newLambda function. The company needs to use the URL path of request to determine therouting. Which solution will meet these requirements?

A. Configure a Gateway Load Balancer to use the URL path to direct traffic to the legacyapplication and the new Lambda function.
B. Configure a Network Load Balancer to use the URL path to direct traffic to the legacyapplication and the new Lambda function.
C. Configure a Network Load Balancer to use a regular expression to match the URL pathto direct traffic to the new Lambda function.
D. Configure an Application Load Balancer to use the URL path to direct traffic to thelegacy application and the new Lambda function.

Show Answer

Question # 75

A company has an application that uses Amazon DynamoDB tables The tables are spreadacross AWS accounts and AWS Regions. The company uses AWS CloudFormation todeploy AWS resources.A new team at the company is deleting unused AWS resources. The team accidentallydeletes several production DynamoDB tables by running an AWS Lambda function that makes a DynamoDB DeleteTable API call. The table deletions cause an application outageA SysOps administrator must implement a solution that minimizes the chance of accidentaldeletions of tables. The solution also must minimize data loss that results from accidentaldeletions.Which combination of steps will meet these requirements? (Select TWO.)

A. Enable termination protection for the CloudFormation stacks that deploy the DynamoDBtables.
B. Enable deletion protection for the DynamoDB tables
C. Enable point-in-time recovery for (he DynamoDB tables. Restore the tables if they areaccidentally deleted.
D. Schedule daily backups of the DynamoDB tables. Restore the tables if they areaccidentally deleted.
E. Export the DynamoDB tables to Amazon S3 every day. Use Import from Amazon S3 torestore data for tables that are accidentally deleted

Show Answer

Question # 76

A company runs its applications on a large number of Amazon EC2 instances. A SysOpsadministrator must implement a solution to notify the operations team whenever an EC2instance slate changes.What is the MOST operationally efficient solution that meets these requirements?

A. Create a script that captures instance state changes and publishes a notification to anAmazon Simple Notification Service (Amazon SNS) topic. Use AWS Systems ManagerRun Command to run the script on all EC2 instances.
B. Create an Amazon EventBridge event rule that captures EC2 instance state changes.Set an Amazon Simple Notification Service (Amazon SNS) topic as the target.
C. Create an Amazon EventBridge event rule that captures EC2 instance state changes.Set as the target an AWS Lambda function that publishes a notification to an AmazonSimple Notification Service (Amazon SNS) topic.
D. Create an AWS Config custom rule that evaluates instance state changes withautomatic remediation. Use the rule to invoke an AWS Lambda function that publishes anotification to an Amazon Simple Notification Service (Amazon SNS) topic.

Show Answer

Question # 77

A company is planning to host an application on a set of Amazon EC2 instances that aredistributed across multiple Availability Zones. The application must be able to scale tomillions of requests each second.A SysOps administrator must design a solution to distribute the traffic to the EC2 instances.The solution must be optimized to handle sudden and volatile traffic patterns while using asingle static IP address for each Availability Zone.Which solution will meet these requirements?

A. Amazon Simple Queue Service (Amazon SQS) queue
B. Application Load Balancer
C. AWS Global Accelerator
D. Network Load Balancer

Show Answer

Question # 78

A company is planning to host an application on a set of Amazon EC2 instances that aredistributed across multiple Availability Zones. The application must be able to scale tomillions of requests each second.A SysOps administrator must design a solution to distribute the traffic to the EC2 instances.The solution must be optimized to handle sudden and volatile traffic patterns while using asingle static IP address for each Availability Zone.Which solution will meet these requirements?

A. Amazon Simple Queue Service (Amazon SQS) queue
B. Application Load Balancer
C. AWS Global Accelerator
D. Network Load Balancer

Show Answer

Question # 79

A SysOps administrator is managing a Memcached cluster in Amazon ElastiCache. Thecluster has been heavily used recently, and the administrator wants to use a largerinstance type with more memory.What should the administrator use to make this change?

A. Use the ModifycacheCluster API and specify a new cacheNodeType.
B. Use the createcacheciuster API and specify a new cacheNodeType.
C. Use the Modi fyCacheParameterGcoup API and specify a new CacheNodeType.
D. Use the Rebootcacheclustcr API and specify a new CacheNodeType.

Show Answer

Question # 80

A company has multiple AWS accounts. The company uses AWS Organizations with anorganizational unit (OU) for the production account and another OU for the developmentaccount. Corporate policies state that developers may use only approved AWS services inthe production account.What is the MOST operationally efficient solution to control the production account?

A. Create a customer managed policy in AWS Identity and Access Management (IAM).Apply the policy to all users within the production account.
B. Create a job function policy in AWS Identity and Access Management (IAM). Apply thepolicy to all users within the production OU.
C. Create a service control policy (SCP). Apply the SCP to the production OU.
D. Create an IAM policy. Apply the policy in Amazon API Gateway to restrict the production account.

Show Answer

Question # 81

A company has multiple AWS accounts. The company uses AWS Organizations with anorganizational unit (OU) for the production account and another OU for the developmentaccount. Corporate policies state that developers may use only approved AWS services inthe production account.What is the MOST operationally efficient solution to control the production account?

A. Create a customer managed policy in AWS Identity and Access Management (IAM).Apply the policy to all users within the production account.
B. Create a job function policy in AWS Identity and Access Management (IAM). Apply thepolicy to all users within the production OU.
C. Create a service control policy (SCP). Apply the SCP to the production OU.
D. Create an IAM policy. Apply the policy in Amazon API Gateway to restrict the production account.

Show Answer

Question # 82

A company has an AWS Lambda function in Account A. The Lambda function needs toread the objects in an Amazon S3 bucket in Account B. A SysOps administrator mustcreate corresponding 1AM roles in both accounts.Which solution will meet these requirements?

A. In Account A, create a Lambda execution role to assume the role in Account B. InAccount B. create a role that the function can assume to gain access to the S3 bucket.
B. In Account A, create a Lambda execution role that provides access to the S3 bucket. InAccount B. create a role that the function can assume.
C. In Accou nt A. create a role that the function can assume. In Account B, create a Lambda execution role that provides access to the S3 bucket.
D. In Account A. create a role that the function can assume to gain access to the S3bucket. In Account B. create a Lambda execution role to assume the role in Account A.

Show Answer

Question # 83

A SysOps administrator needs to implement a backup strategy for Amazon EC2 resourcesand Amazon RDS resources. The backup strategy must meet the following retentionrequirements:• Daily backups: must be kept for 6 days• Weekly backups: must be kept for 4 weeks:• Monthly backups: must be kept for 11 months• Yearly backups: must be kept for 7 yearsWhich backup strategy will meet these requirements with the LEAST administrative effort?

A. Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (AmazonEBS) snapshot policy. Create tags on each resource that needs to be backed up. Createmultiple schedules according to the requirements within the policy. Set the appropriatefrequency and retention period.
B. Use AWS Backup to create a new backup plan for each retention requirement with abackup frequency of daily, weekly, monthly, or yearly. Set the retention period to match therequirement. Create tags on each resource that needs to be backed up. Set up resourceassignment by using the tags.
C. Create an AWS Lambda function. Program the Lambda function to use native tooling totake backups of file systems in Amazon EC2 and to make copies of databases in AmazonRDS. Create an Amazon EventBridge rule to invoke the Lambda function.
D. Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (AmazonEBS) snapshot policy. Create tags on each resource that needs to be backed up. Set upresource assignment by using the tags. Create multiple schedules according to therequirements within the policy. Set the appropriate frequency and retention period. InAmazon RDS, activate automated backups on the required DB instances.

Show Answer

Question # 84

A SysOps administrator needs to design a disaster recovery (DR) plan for an application onAWS. The application runs on Amazon EC2 instances behind an Application LoadBalancer (ALB). The instances are in an Auto Scaling group. The application uses anAmazon Aurora PostgreSQL database. The recovery time objective (RTO) and recoverypoint objective (RPO) are 15 minutes each.Which combination of steps should the SysOps administrator take to meet theserequirements MOST cost-effectively? (Select TWO.)

A. Configure Aurora backups to be exported to the DR Region.
B. Configure the Aurora cluster to replicate data to the DR Region by using the Aurora global database option.
C. Configure the DR Region with an ALB and an Auto Scaling group. Use the sameconfiguration as in the primary Region.
D. Configure the DR Region with an ALB and an Auto Scaling group. Set the Auto Scalinggroup's minimum capacity, maximum capacity, and desired capacity to 1.
E. Manually launch a new ALB and a new Auto Scaling group by using AWSCloudFormation during a failover activity.

Show Answer

Question # 85

An application runs on Amazon EC2 instances in an Auto Scaling group. Following the deployment of a new feature on the EC2 instances, some instances were marked asunhealthy and then replaced by the Auto Scaling group. The EC2 instances terminatedbefore a SysOps administrator could determine the cause of the health status changes. Totroubleshoot this issue, the SysOps administrator wants to ensure that an AWS Lambdafunction is invoked in this situation.How should the SysOps administrator meet these requirements?

A. Activate the instance scale-in protection setting for the Auto Scaling group. Invoke theLambda function through Amazon EventBridge (Amazon CloudWatch Events).
B. Activate the instance scale-in protection setting for the Auto Scaling group. Invoke theLambda function through Amazon Route 53.
C. Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function throughAmazon EventBridge (Amazon CloudWatch Events).
D. Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function throughAmazon Route 53.

Show Answer