- Email support@dumps4free.com
Topic 1: Mix Questions
A SysOps administrator is troubleshooting connection timeouts to an Amazon EC2
instance that has a public IP address. The instance has a private IP address of
172.31.16.139. When the SysOps administrator tries to ping the instance's public IP
address from the remote IP address 203.0.113.12, the response is "request timed out." The
flow logs contain the following information:
What is one cause of the problem?
A.
Inbound security group deny rule
B.
Outbound security group deny rule
C.
Network ACL inbound rules
D.
Network ACL outbound rules
Network ACL outbound rules
A company's public website is hosted in an Amazon S3 bucket in the us-east-1 Region
behind an Amazon CloudFront distribution. The company wants to ensure that the website
is protected from DDoS attacks. A SysOps administrator needs to deploy a solution that
gives the company the ability to maintain control over the rate limit at which DDoS
protections are applied.
Which solution will meet these requirements?
A.
Deploy a global-scoped AWS WAF web ACL with an allow default action. Configure an
AWS WAF rate-based rule to block matching traffic. Associate the web ACL with the
CloudFront distribution.
B.
Deploy an AWS WAF web ACL with an allow default action in us-east-1. Configure an
AWS WAF rate-based rule to block matching traffic. Associate the web ACL with the S3
bucket.
C.
Deploy a global-scoped AWS WAF web ACL with a block default action. Configure an AWS WAF rate-based rule to allow matching traffic. Associate the web ACL with the CloudFront distribution.
D.
Deploy an AWS WAF web ACL with a block default action in us-east-1. Configure an AWS WAF rate-based rule to allow matching traffic. Associate the web ACL with the S3 bucket.
Deploy an AWS WAF web ACL with an allow default action in us-east-1. Configure an
AWS WAF rate-based rule to block matching traffic. Associate the web ACL with the S3
bucket.
A company has a web application with a database tier that consists of an Amazon EC2 instance that runs MySQL. A SysOps administrator needs to minimize potential data loss and the time that is required to recover in the event of a database failure. What is the MOST operationally efficient solution that meets these requirements?
A.
Create an Amazon CloudWatch alarm for the StatusCheckFailed_System metric to invoke an AWS Lambda function that stops and starts the EC2 instance.
B.
Create an Amazon RDS for MySQL Multi-AZ DB instance. Use a MySQL native backup
that is stored in Amazon S3 to restore the data to the new database. Update the
connection string in the web application.
C.
Create an Amazon RDS for MySQL Single-AZ DB instance with a read replica. Use a
MySQL native backup that is stored in Amazon S3 to restore the data to the new database.
Update the connection string in the web application.
D.
Use Amazon Data Lifecycle Manager (Amazon DLM) to take a snapshot of the Amazon
Elastic Block Store (Amazon EBS) volume every hour. In the event of an EC2 instance
failure, restore the EBS volume from a snapshot.
Use Amazon Data Lifecycle Manager (Amazon DLM) to take a snapshot of the Amazon
Elastic Block Store (Amazon EBS) volume every hour. In the event of an EC2 instance
failure, restore the EBS volume from a snapshot.
An Amazon S3 Inventory report reveals that more than 1 million objects in an S3 bucket
are not encrypted These objects must be encrypted, and all future objects must be
encrypted at the time they are written
Which combination of actions should a SysOps administrator take to meet these
requirements? (Select TWO )
A.
Create an AWS Config rule that runs evaluations against configuration changes to the S3 bucket When an unencrypted object is found run an AWS Systems Manager Automation document to encrypt the object in place
B.
Edit the properties of the S3 bucket to enable default server-side encryption
C.
Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted Create an S3 Batch Operations job to copy each object in place with en
D.
Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted
Send each object name as a message to an Amazon Simple Queue Service (Amazon
SQS) queue Use the SQS queue to invoke an AWS Lambda function to tag each object
with a key of "Encryption" and a value of "SSE-KMS"
E.
Use S3 Event Notifications to invoke an AWS Lambda function on all new object-created
events for the S3 bucket Configure the Lambda function to check whether the object is
encrypted and to run an AWS Systems Manager Automation document to encrypt the
object in place when an unencrypted object is found
Edit the properties of the S3 bucket to enable default server-side encryption
Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted Create an S3 Batch Operations job to copy each object in place with en
Explanation: https://aws.amazon.com/blogs/storage/encrypting-objects-with-amazon-s3-
batch-operations/
A company has deployed a web application in a VPC that has subnets in three Availability
Zones. The company launches three Amazon EC2 instances from an
EC2 Auto Scaling group behind an Application Load Balancer (ALB).
A SysOps administrator notices that two of the EC2 instances are in the same Availability
Zone, rather than being distributed evenly across all three Availability
Zones. There are no errors in the Auto Scaling group's activity history.
What is the MOST likely reason for the unexpected placement of EC2 instances?
A.
One Availability Zone did not have sufficient capacity for the requested EC2 instance type.
B.
The ALB was configured for only two Availability Zones.
C.
he Auto Scaling group was configured for only two Availability Zones.
D.
Amazon EC2 Auto Scaling randomly placed the instances in Availability Zones
The ALB was configured for only two Availability Zones.
he Auto Scaling group was configured for only two Availability Zones.
| Page 12 out of 98 Pages |
| Previous |