- Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 382 DISCUSSION
:
 Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 382
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A SysOps administrator wants to securely share an object from a private Amazon S3 bucket with a group of users who do not have an AWS
account.

What is the MOST operationally e\cient solution that will meet this requirement?

A. Attach an S3 bucket policy that only allows object downloads from the users' IP addresses.

B. Create an IAM role that has access to the object. Instruct the users to assume the role.

C. Create an IAM user that has access to the object. Share the credentials with the users.

D. Generate a presigned URL for the object. Share the URL with the users. Most Voted

Hide Answer

Suggested Answer: D

Community vote distribution

D (100%)

by  WinAndWin at Jan. 1, 2024, 10:48 a.m.

Disclaimers:
- ExamTopics website is not related to, a\liated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  Learning4life 2 months ago
Selected Answer: D
https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html
upvoted 2 times

  nharaz 3 months, 1 week ago

Selected Answer: D
https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html
upvoted 3 times

  WinAndWin 3 months, 1 week ago

Selected Answer: D
D is correct. https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html
upvoted 3 times
:
 Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 383 DISCUSSION
:
 Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 383
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company is running an ecommerce application on AWS. The application maintains many open but idle connections to an Amazon Aurora DB
cluster. During times of peak usage, the database produces the following error message: "Too many connections." The database clients are also
experiencing errors.

Which solution will resolve these errors?

A. Increase the read capacity units (RCUs) and the write capacity units (WCUs) on the database.

B. Con5gure RDS Proxy. Update the application with the RDS Proxy endpoint. Most Voted

C. Turn on enhanced networking for the DB instances.

D. Modify the DB cluster to use a burstable instance type.

Hide Answer

Suggested Answer: B

Community vote distribution

B (100%)

by  WinAndWin at Jan. 1, 2024, 10:53 a.m.

Disclaimers:
- ExamTopics website is not related to, aeliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  dinuts 1 month, 3 weeks ago
Selected Answer: B
B-->Using RDS Proxy, you can handle unpredictable surges in database traffic that otherwise might cause issues due to oversubscribing
connections or creating new connections at a fast rate. RDS Proxy establishes a database connection pool and reuses connections in this pool
without the memory and CPU overhead of opening a new database connection each time. To protect the database against oversubscription, you
can control the number of database connections that are created. https://aws.amazon.com/rds/proxy/
upvoted 2 times

  Learning4life 2 months ago

Selected Answer: B
Too many connections -> RDS Proxy
upvoted 2 times

  WinAndWin 3 months, 1 week ago

Selected Answer: B
B is correct.
RDS proxy is solved the issue https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy.howitworks.html
upvoted 3 times
:
 Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 384 DISCUSSION
:
 Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 384
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A SysOps administrator is troubleshooting a VPC with public and private subnets that leverage custom network ACLs. Instances in the private
subnet are unable to access the internet. There is an internet gateway attached to the public subnet. The private subnet has a route to a NAT
gateway that is also attached to the public subnet. The Amazon EC2 instances are associated with the default security group for the VPC.

What is causing the issue in this scenario?

A. There is a network ACL on the private subnet set to deny all outbound tra^c. Most Voted

B. There is no NAT gateway deployed in the private subnet of the VPC.

C. The default security group for the VPC blocks all inbound tra^c to the EC2 instances.

D. The default security group for the VPC blocks all outbound tra^c from the EC2 instances.

Hide Answer

Suggested Answer: D

Community vote distribution

A (100%)

by  LemonGremlin at Dec. 31, 2023, 11:04 p.m.

Disclaimers:
- ExamTopics website is not related to, a^liated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  LudiVoss 3 months ago
Selected Answer: A
It is A, default security groups don't block anything so it can only be in ACL.
upvoted 2 times

  WinAndWin 3 months, 1 week ago

Selected Answer: A
A is the best one.
upvoted 3 times

  LemonGremlin 3 months, 1 week ago

Selected Answer: A
There is a network ACL on the private subnet set to deny all outbound traffic.

Network ACLs (Access Control Lists) are stateless and operate at the subnet level. If there is a network ACL on the private subnet that is
configured to deny all outbound traffic, it would prevent instances in the private subnet from accessing the internet through the NAT gateway.
upvoted 3 times
:
 Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 387 DISCUSSION
:
 Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 387
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company has a stateless application that is hosted on a Zeet of 10 Amazon EC2 On-Demand Instances in an Auto Scaling group. A minimum of
6 instances are needed to meet service requirements.

Which action will maintain uptime for the application MOST cost-effectively?

A. Use a Spot Fleet with an On-Demand capacity of 6 instances. Most Voted

B. Update the Auto Scaling group with a minimum of 6 On-Demand Instances and a maximum of 10 On-Demand Instances.

C. Update the Auto Scaling group with a minimum of 1 On-Demand Instance and a maximum of 6 On-Demand Instances.

D. Use a Spot Fleet with a target capacity of 6 instances.

Hide Answer

Suggested Answer: A

Community vote distribution

A (100%)

by  WinAndWin at Jan. 1, 2024, 11:20 a.m.

Disclaimers:
- ExamTopics website is not related to, acliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  Learning4life 2 months, 2 weeks ago
Selected Answer: A
To ensure that you always have instance capacity, you can include a request for On-Demand capacity in your Spot Fleet request. In your Spot
Fleet request, you specify your desired target capacity and how much of that capacity must be On-Demand. The balance comprises Spot
capacity, which is launched if there is available Amazon EC2 capacity and availability. For example, if in your Spot Fleet request you specify the
target capacity as 10 and the On-Demand capacity as 8, Amazon EC2 launches 8 capacity units as On-Demand, and 2 capacity units (10-8=2) as
Spot.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/on-demand-in-spot.html
upvoted 2 times

  nharaz 3 months, 1 week ago

Selected Answer: A
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet.html
upvoted 3 times

  WinAndWin 3 months, 1 week ago

Selected Answer: A
A is correct.
Amazon EC2 Auto Scaling allocates your Spot Instances from the N number of pools per Availability Zone that you specify and from the Spot
Instance pools with the lowest price in each Availability Zone.
Reference: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups.html
upvoted 2 times
:
 Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 388 DISCUSSION

Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate

Question #: 388
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company has developed a service that is deployed on a Yeet of Linux-based Amazon EC2 instances that are in an Auto Scaling group. The
service occasionally fails unexpectedly because of an error in the application code. The company's engineering team determines that resolving
the underlying cause of the service failure could take several weeks.

A SysOps administrator needs to create a solution to automate recovery if the service crashes on any of the EC2 instances.

Which solutions will meet this requirement? (Choose two.)

A. Install the Amazon CloudWatch agent on the EC2 instances. Con5gure the CloudWatch agent to monitor the service. Set the CloudWatch
action to restart if the service health check fails. Most Voted

B. Tag the EC2 instances. Create an AWS Lambda function that uses AWS Systems Manager Session Manager to log in to the tagged EC2
instances and restart the service. Schedule the Lambda function to run every 5 minutes.

C. Tag the EC2 instances. Use AWS Systems Manager State Manager to create an association that uses the AWS-RunShellScript document.
Con5gure the association command with a script that checks if the service is running and that starts the service if the service is not running.
For targets, specify the EC2 instance tag. Schedule the association to run every 5 minutes. Most Voted

D. Update the EC2 user data that is speci5ed in the Auto Scaling group's launch template to include a script that runs on a cron schedule every
5 minutes. Con5gure the script to check if the service is running and to start the service if the service is not running. Redeploy all the EC2
instances in the Auto Scaling group with the updated launch template.

E. Update the EC2 user data that is speci5ed in the Auto Scaling group's launch template to ensure that the service runs during startup.
Redeploy all the EC2 instances in the Auto Scaling group with the updated launch template.

Hide Answer

Suggested Answer: AB

Community vote distribution

AC (63%) AE (25%) 13%
:
 by  nharaz at Jan. 1, 2024, 3:09 p.m.
Disclaimers:
- ExamTopics website is not related to, ailiated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  seetpt 4 days, 8 hours ago
Selected Answer: AC
AC seems right
upvoted 1 times

  MomenAWS 2 weeks, 6 days ago

Selected Answer: AD
I think you all ignored the question request. It asks for two solutions, meaning each one should be valid.
That being said, let's review the answers.
-B: it doesn't give a complete solution. It is only will restart the service every 5. Min this doesn't apply to the question "automate recovery IF the
service crashes on any of the EC2 instances."
-E: In my opinion, this option is the same as B since it will guarantee the service is running on the startup; however, who knows what will happen
next?
-I think A is valid and straightforward, so it is either AC or AD
I will go with "AD" because the instances in the ASG might change over time, so I don't know if this will affect the tags mentioned in the C option.
upvoted 1 times

  stoy123 1 month, 1 week ago

Selected Answer: AC
A and C
upvoted 2 times

  null0xAF 2 months ago

Selected Answer: AE
answer is AE

Cloudwatch agent will restart Server if service is not running (A), server will restart with the service running(E), I don't see why it would be C if you
are already monitoring with Cloudwatch agent, the agent literally has the ability to trigger a sns topic that can invoke the lambda function. . .
upvoted 2 times

  tdlAws 2 months, 3 weeks ago

Maybe C and D
upvoted 1 times

  nharaz 3 months, 1 week ago

Selected Answer: AC
A and C are straight forward however is too complex.

Use Systems Manager state -

>Tag the EC2 instances for targeted management.>Use AWS Systems Manager State Manager to create an association that uses the AWS-
RunShellScript document.>Configure the association to run a script that checks if the service is running and starts the service if it's
not.>Schedule the association to run at regular intervals (e.g., every 5 minutes) to ensure continuous monitoring and recovery.
upvoted 2 times

  nharaz 3 months, 1 week ago

Typo error B is too complex
upvoted 1 times
:
 Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 389 DISCUSSION

Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate

Question #: 389
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company's web application runs on Amazon EC2 instances in a single AWS Region. The infrastructure must be designed so the application
remains available with no performance degradation in the event of an Availability Zone (AZ) failure. To ensure optimal performance, the
application must maintain a minimum of 12 instances at all times.

Which solution will meet the requirements with the fewest running instances possible?

A. 2 AZs with 6 instances in each AZ

B. 2 AZs with 12 instances in each AZ

C. 3 AZs with 4 instances in each AZ

D. 3 AZs with 6 instances in each AZ Most Voted

Hide Answer

Suggested Answer: C

Community vote distribution

D (79%) B (21%)

by  LemonGremlin at Dec. 31, 2023, 11:43 p.m.

Disclaimers:
- ExamTopics website is not related to, aeliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  Learning4life 2 months, 2 weeks ago
Selected Answer: D
The question states that 12 instances need to be running at all times. In 3 AZ's with 6 instances in each = 18 instances. If you lose 1 AZ, you
have instances running.
:
 upvoted 3 times

  superkid69 3 months ago

D running the instance is lower B.
upvoted 2 times

  jerry8964 3 months ago

Selected Answer: D
D. 3 AZs with 6 instances in each AZ.

Here's why this solution is optimal:

High Availability: Distributing instances across three AZs provides high availability. In the event of a failure in one AZ, the remaining two AZs can
continue to serve the application without performance degradation.

Load Distribution: With 6 instances in each of the 3 AZs, the application maintains a total of 18 instances. This setup exceeds the minimum
requirement of 12 instances, ensuring that even if one AZ fails, there are still 12 instances available (6 in each of the remaining two AZs) to handle
the load without performance issues.

Fewest Running Instances: This solution provides a balance between high availability and cost-efficiency. It ensures that there are enough
instances to handle an AZ failure without unnecessarily doubling the number of instances.
upvoted 3 times

  CofkoCof 3 months ago

Selected Answer: D
D makes the most sense

MAX number is 18, if one AZ drops you have 12

For B: you would have MAX 24, which is more than 18

upvoted 3 times

  JIMBOB2 3 months, 1 week ago

why not D ?
will have max of 18 but will still drop to 12 if one AZ fails
upvoted 1 times

  LemonGremlin 3 months, 1 week ago

options C and D distribute the instances across three AZs, which might lead to more running instances than necessary.
upvoted 1 times

  Kipalom 3 months, 1 week ago

Selected Answer: D
The question is "Which solution will meet the requirements with the fewest running instances possible?", so I go for D with 3 AZ and 6 instances,
as we than have the maximum of 18 instances, instead with 2 AZs and 12 instances which would equal to maximum 24 instances.
upvoted 2 times

  LemonGremlin 3 months, 1 week ago

options C and D distribute the instances across three AZs, which might lead to more running instances than necessary.
upvoted 1 times

  WinAndWin 3 months, 1 week ago

Selected Answer: B
the application must maintain a minimum of 12 instances at all times. it means that 12 per available zone.
B is correct.
upvoted 1 times

  mdrude 3 months ago

How does that mean 12 per AZ?
upvoted 1 times

  LemonGremlin 3 months, 1 week ago

Selected Answer: B
B. 2 AZs with 12 instances in each AZ

This configuration provides redundancy across two AZs and meets the minimum instance requirement. In the event of an AZ failure, the other AZ
can handle the load. Option A (2 AZs with 6 instances in each AZ) does not meet the minimum instance requirement during an AZ failure, and
options C and D distribute the instances across three AZs, which might lead to more running instances than necessary.
upvoted 2 times
:
 Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 390 DISCUSSION

Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate

Question #: 390
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company needs to monitor the disk utilization of Amazon Elastic Block Store (Amazon EBS) volumes. The EBS volumes are attached to Amazon
EC2 Linux instances. A SysOps administrator must set up an Amazon CloudWatch alarm that provides an alert when disk utilization increases to
more than 80%.

Which combination of steps must the SysOps administrator take to meet these requirements? (Choose three.)

A. Create an IAM role that includes the CloudWatchAgentServerPolicy AWS managed policy. Attach the role to the instances. Most Voted

B. Create an IAM role that includes the CloudWatchApplicationInsightsReadOnlyAccess AWS managed policy. Attach the role to the instances.

C. Install and start the CloudWatch agent by using AWS Systems Manager or the command line. Most Voted

D. Install and start the CloudWatch agent by using an IAM role. Attach the CloudWatchAgentServerPolicy AWS managed policy to the role.

E. Con5gure a CloudWatch alarm to enter ALARM state when the disk_used_percent CloudWatch metric is greater than 80%. Most Voted

F. Con5gure a CloudWatch alarm to enter ALARM state when the disk_used CloudWatch metric is greater than 80% or when the disk_free
CloudWatch metric is less than 20%.

Hide Answer

Suggested Answer: ACD

Community vote distribution

ACE (87%) 13%

by  LemonGremlin at Dec. 31, 2023, 11:53 p.m.

Disclaimers:
- ExamTopics website is not related to, afliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
:
   March2023 1 month ago
Selected Answer: ACE
ACE for sure
upvoted 3 times

  stoy123 1 month, 1 week ago

Selected Answer: ACE
A C and E
upvoted 3 times

  dinuts 1 month, 3 weeks ago

Selected Answer: ACE
E instead of D because attaching the CloudWatchAgentServerPolicy directly to an IAM role assigned to the EC2 instances (as in option A) is more
straightforward
upvoted 3 times

  Ja13 2 months, 2 weeks ago

Selected Answer: ACE
A, C and E. E is not an option to vote
upvoted 4 times

  ogogundare 3 months ago

For me, i think the answer are A, C and E
upvoted 3 times

  tdlAws 2 months, 3 weeks ago

A,C,E I agree
upvoted 2 times

  LemonGremlin 3 months, 1 week ago

Selected Answer: CDE
Option D: This step involves creating an IAM role that includes the CloudWatchAgentServerPolicy AWS managed policy. The
CloudWatchAgentServerPolicy provides the necessary permissions for the CloudWatch agent to collect metrics from the instances. Attaching
this role to the instances ensures they have the required permissions to send data to CloudWatch.

Option C: Installing and starting the CloudWatch agent is crucial for collecting and sending metrics to CloudWatch. This can be done using AWS
Systems Manager or the command line. This step ensures that the instances are set up to report disk utilization metrics.

Option E: Configuring a CloudWatch alarm is essential for setting up monitoring thresholds and triggering alerts. In this case, the alarm is
configured to enter the ALARM state when the disk_used_percent CloudWatch metric exceeds 80%. This means that if the disk utilization on any
of the monitored instances goes above 80%, an alert will be triggered.
upvoted 2 times

  stoy123 1 month, 1 week ago

this is AI generated and completely wrong!
upvoted 1 times

Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 391 DISCUSSION
:
 Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 391
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

An ecommerce company uses an Amazon ElastiCache for Redis cluster for in-memory caching of popular product queries on a shopping website.
The cache eviction policy is randomly evicting keys whether or not a TTL is set. A SysOps administrator must improve the cache hit ratio without
increasing costs.

Which solution will meet these requirements?

A. Add another node to the ElastiCache cluster.

B. Increase the ElastiCache TTL value.

C. Change the eviction policy to randomly evict keys that have a TTL set.

D. Change the eviction policy to evict the least frequently used keys. Most Voted

Hide Answer

Suggested Answer: B

Community vote distribution

D (100%)

by  nharaz at Jan. 1, 2024, 7:40 p.m.

Disclaimers:
- ExamTopics website is not related to, abliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  Learning4life 2 months ago
Selected Answer: D
See chart for eviction policies
https://docs.aws.amazon.com/whitepapers/latest/database-caching-strategies-using-redis/evictions.html
upvoted 3 times

  Kipalom 3 months, 1 week ago

Selected Answer: D
"The cache eviction policy is randomly evicting keys whether or not a TTL is set." is a sign that currently the eviction policy "allkeys-random" is in
use. As we want to drop frequently used entries the answer should be "allkeys-lfu" for evicting least frequently used entries.
upvoted 4 times

  nharaz 3 months, 1 week ago

Selected Answer: D
Ways to Improve Cache Hit Ratio for Cost Reduction:
To improve your CHR, consider optimizing your caching strategy. This could involve fine-tuning TTL (Time-To-Live) parameters, implementing
LRU (Least Recently Used) eviction policies, or increasing cache size.

https://www.dragonflydb.io/guides/elasticache-cost-optimization
upvoted 1 times

Get IT Certi*cation
:
 Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 393 DISCUSSION
:
 Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 393
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company has scientists who upload large data objects to an Amazon S3 bucket. The scientists upload the objects as multipart uploads. The
multipart uploads often fail because of poor end-client connectivity.

The company wants to optimize storage costs that are associated with the data. A SysOps administrator must implement a solution that presents
metrics for incomplete uploads. The solution also must automatically delete any incomplete uploads after 7 days.

Which solution will meet these requirements?

A. Review the Incomplete Multipart Upload Bytes metric in the S3 Storage Lens dashboard. Create an S3 Lifecycle policy to automatically
delete any incomplete multipart uploads after 7 days. Most Voted

B. Implement S3 Intelligent-Tiering to move data into lower-cost storage classes after 7 days. Create an S3 Storage Lens policy to
automatically delete any incomplete multipart uploads after 7 days.

C. Access the S3 console. Review the Metrics tab to check the storage that incomplete multipart uploads are consuming. Create an AWS
Lambda function to delete any incomplete multipart uploads after 7 days.

D. Use the S3 analytics storage class analysis tool to identify and measure incomplete multipart uploads. Con5gure an S3 bucket policy to
enforce restrictions on multipart uploads to delete incomplete multipart uploads after 7 days.

Hide Answer

Suggested Answer: D

Community vote distribution

A (100%)

by  nharaz at Jan. 1, 2024, 7:54 p.m.

Disclaimers:
- ExamTopics website is not related to, aeliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  nharaz Highly Voted  3 months, 1 week ago
Selected Answer: A
Amazon S3 supports a bucket lifecycle rule that you can use to direct Amazon S3 to stop multipart uploads that aren't completed within a
specified number of days after being initiated. When a multipart upload isn't completed within the specified time frame, it becomes eligible for an
abort operation. Amazon S3 then stops the multipart upload and deletes the parts associated with the multipart upload.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpu-abort-incomplete-mpu-lifecycle-config.html#
upvoted 9 times

  Kipalom Highly Voted  3 months, 1 week ago

Selected Answer: A
In my opinion the bucket policy is just a rule, it doesn't do the deleting. So for me its the answer A. As the Storage Lens is having metrics for
uncompleted multipart uploads and the lifecycle rule actually really deletes old uncompleted uploads.
upvoted 8 times
:
 Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 394 DISCUSSION

Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate

Question #: 394
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company stores data in Amazon S3 buckets that are provisioned in three separate AWS Regions. The data is copied from the S3 buckets to the
data center over the public internet using a VPN. The SysOps administrator notices that, occasionally, the transfers take longer than usual, and
determines the issue is congestion within the company's ISP network.

What is the MOST cost-effective approach the administrator can take to ensure consistent transfer times from S3 to the data center?

A. Establish an AWS Direct Connect link to each Region. Create a private virtual interface over each link.

B. Establish an AWS Direct Connect link to each Region. Create a public virtual interface over each link.

C. Establish an AWS Direct Connect link to one of the Regions. Create a private virtual interface over that link. Most Voted

D. Establish an AWS Direct Connect link to one of the Regions. Create a public virtual interface over that link.

Hide Answer

Suggested Answer: B

Community vote distribution

C (75%) D (15%) 5%

by  nharaz at Jan. 1, 2024, 7:57 p.m.

Disclaimers:
- ExamTopics website is not related to, adliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  dinuts Highly Voted  1 month, 3 weeks ago
Selected Answer: C
I would also say C because 1. the ISP is a problem so a private wired connection would solve this and 2. the question mentions "most cost-
effective" => 1 DC connection is cheaper than 3. You can replicate the buckets cross region within the aws network or w/e, there are solutions
:
 upvoted 7 times

  dinuts 1 month, 3 weeks ago

DX* not DC
upvoted 1 times

  henro4niger Highly Voted  2 months ago

why is no one talking about option C. To me that is the correct option. With public virtual interface, you will still pay for data transfer charges and
it is not even as fast as private virtual interface. Also while creating multiple direct link would be faster, it is not the most cost effective option. I
will choose option CCCCCC
upvoted 5 times

  seetpt Most Recent  4 days, 7 hours ago

Selected Answer: C
C should be it
upvoted 1 times

  Manoel 1 week, 2 days ago

Correct is D
Q: What is a virtual interface (VIF)?

A virtual interface (VIF) is necessary to access AWS services, and is either public or private. A public virtual interface enables access to public
services, such as Amazon S3. A private virtual interface enables access to your VPC. For more information, see AWS Direct Connect virtual
interfaces.

https://aws.amazon.com/directconnect/faqs/
upvoted 1 times

  awsamar 1 month, 1 week ago

Selected Answer: D
First lets make some things clear:
1. Private VIF provides connection to VPC in just 1 specific region.
so: Since we can reach 1 bucket in region, what is going to happen to other region buckets?
Eventually even if we manage to set up connections via that one VPC with other regions it would incur inter-region data transfer charges!
2.Public VIF allows you to access all AWS public services - means S3 regardless of S3 bucket's region. Transfer cost is the same for all regions.
We are not charged data transfer rates for transferring data out of S3 to our Direct Connect location.

I hope this makes it clear that we will be using 1 DX connection and public VIF(virtual interface) to access those 3 different region buckets
bypassing internet.
upvoted 1 times

  March2023 1 month, 1 week ago

Selected Answer: C
should be C
upvoted 3 times

  nakuaadam 1 month, 2 weeks ago

Selected Answer: C
To setup a Direct Connect to one or more VPC in many different
regions (same account), you must use a Direct Connect Gateway
1) create one AWS Direct Connect in one region
2) create one Direct Connect Gateway
3) create Private virtual interface to VPCs in regions
upvoted 4 times

  Learning4life 2 months, 2 weeks ago

Selected Answer: B
See response below
upvoted 1 times
:
   Learning4life 2 months, 2 weeks ago
Selected Answer: D
Each region needs a Direct Connect established. Once established, you will setup a private virtual interface to your VPC, but outside of your VPC
is where you need a public virtual interface to communicate with services such as S3, Amazon Glacier, etc. This is diagramed out in Stephane
Marek's course.
upvoted 2 times

  Learning4life 2 months, 2 weeks ago

Correction, the answer is B. You can use a Direct Connect Gateway to establish connections to other regions.
upvoted 1 times

  nharaz 3 months, 1 week ago

Selected Answer: A
A - provides dedicated, private connections to each AWS Region using AWS Direct Connect, ensuring a more consistent and reliable data
transfer mechanism compared to relying on the public internet.
upvoted 1 times

Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 398 DISCUSSION
:
 Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 398
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company uses Amazon CloudFront to serve static content to end users. The company's marketing team recently deployed updates to 150
images on the company's website. However, the website is not displaying some of the new images.

A SysOps administrator reviews the CloudFront distribution's cache settings. The default TTL for the distribution is set to 1 week (604,800
seconds).

What should the SysOps administrator do to refresh the cache with the new images in the MOST operationally ebcient way?

A. Create a new CloudFront distribution that has the same origin. Set the default TTL to 1 minute (60 seconds). Switch Amazon Route 53 DNS
records to use the new distribution.

B. Instruct the marketing team to upload the new images to a different location. When the new images are uploaded, update the website to
locate the new images.

C. Issue a CloudFront invalidation request to immediately expire the new images from the marketing team's update. Most Voted

D. Update the existing CloudFront distribution to recon5gure the default TTL to 1 minute (60 seconds). During submission of the new
con5guration, include the gag to invalidate objects in the speci5ed path.

Hide Answer

Suggested Answer: C

Community vote distribution

C (100%)

by  WinAndWin at Jan. 1, 2024, 2:24 p.m.

Disclaimers:
- ExamTopics website is not related to, abliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  seetpt 4 days, 7 hours ago
Selected Answer: C
C is correct. Checked it via cloudfront UI.
upvoted 1 times

  nharaz 3 months, 1 week ago

Selected Answer: C
To ensure that users receive the latest content, the cached content in CloudFront needs to be invalidated.

https://medium.com/@viveknavadia/why-cloudfront-invalidation-is-required-after-every-new-deployment-how-to-implement-it-
cd80fefe345#:~:text=Amazon%20CloudFront%20is%20a%20content,can%20be%20delivered%20to%20users.
upvoted 3 times

  WinAndWin 3 months, 1 week ago

Selected Answer: C
C is correct.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Invalidation.html
upvoted 4 times
:
 Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 399 DISCUSSION
:
 Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 399
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A SysOps administrator is responsible for a company's disaster recovery procedures. The company has a source Amazon S3 bucket in a
production account, and it wants to replicate objects from the source to a destination S3 bucket in a nonproduction account. The SysOps
administrator con5gures S3 cross-Region, cross-account replication to copy the source S3 bucket to the destination S3 bucket. When the SysOps
administrator attempts to access objects in the destination S3 bucket, they receive an Access Denied error.

Which solution will resolve this problem?

A. Modify the replication con5guration to change object ownership to the destination S3 bucket owner. Most Voted

B. Ensure that the replication rule applies to all objects in the source S3 bucket and is not scoped to a single pre5x.

C. Retry the request when the S3 Replication Time Control (S3 RTC) has elapsed.

D. Verify that the storage class for the replicated objects did not change between the source S3 bucket and the destination S3 bucket.

Hide Answer

Suggested Answer: D

Community vote distribution

A (100%)

by  Kipalom at Jan. 1, 2024, 10:47 p.m.

Disclaimers:
- ExamTopics website is not related to, afliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  nharaz Highly Voted  3 months, 1 week ago
Selected Answer: A
https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-change-owner.html
upvoted 5 times

  LemonGremlin Most Recent  3 months, 1 week ago

Selected Answer: A
By changing the object ownership to the destination S3 bucket owner, you ensure that the destination account has the necessary permissions to
access and manage the replicated objects. This helps resolve the Access Denied error.
upvoted 3 times

  Kipalom 3 months, 1 week ago

Selected Answer: A
Thats a hard one. D doesn't seem to be the solution for me, as only "verifiying" doesn't solve the issue. For me its A, although after creating the
configuration one can't change the setting for the ownership, so you have to create a new configuration.
upvoted 3 times
:
 Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 400 DISCUSSION
:
 Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 400
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company is running Amazon RDS for PostgreSQL Multi-AZ DB clusters. The company uses an AWS CloudFormation template to create the
databases individually with a default size of 100 GB. The company creates the databases every Monday and deletes the databases every Friday.

Occasionally, the databases run low on disk space and initiate an Amazon CloudWatch alarm. A SysOps administrator must prevent the databases
from running low on disk space in the future.

Which solution will meet these requirements with the FEWEST changes to the application?

A. Modify the CloudFormation template to use Amazon Aurora PostgreSQL as the DB engine.

B. Modify the CloudFormation template to use Amazon DynamoDB as the database. Activate storage auto scaling during creation of the
tables.

C. Modify the Cloud Formation template to activate storage auto scaling on the existing DB instances. Most Voted

D. Create a CloudWatch alarm to monitor DB instance storage space. Con5gure the alarm to invoke the VACUUM command.

Hide Answer

Suggested Answer: B

Community vote distribution

C (90%) 10%

by  LemonGremlin at Jan. 1, 2024, 12:10 a.m.

Disclaimers:
- ExamTopics website is not related to, aaliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  LemonGremlin Highly Voted  3 months, 1 week ago
Selected Answer: C
I think C- Modify the CloudFormation template to activate storage auto scaling on the existing DB instances.
upvoted 5 times

  Learning4life Most Recent  2 months ago

Selected Answer: C
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html
upvoted 4 times

  Kipalom 3 months, 1 week ago

Selected Answer: B
B it is https://aws.amazon.com/de/about-aws/whats-new/2019/06/rds-storage-auto-scaling/
upvoted 1 times

  WinAndWin 3 months, 1 week ago

A company is running Amazon RDS for PostgreSQL Multi-AZ DB clusters. it did not mention anything about Amazon DynamoDB.
upvoted 3 times
:
 Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 401 DISCUSSION

Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate

Question #: 401
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A SysOps administrator wants to share a copy of a production database with a migration account. The production database is hosted on an
Amazon RDS DB instance and is encrypted at rest with an AWS Key Management Service (AWS KMS) key that has an alias of production-rds-key.

What must the SysOps administrator do to meet these requirements with the LEAST administrative overhead?

A. Take a snapshot of the RDS DB instance in the production account. Amend the KMS key policy of the production-rds-key KMS key to give
access to the migration account's root user. Share the snapshot with the migration account. Most Voted

B. Create an RDS read replica in the migration account. Con5gure the KMS key policy to replicate the production-rds-key KMS key to the
migration account.

C. Take a snapshot of the RDS DB instance in the production account. Share the snapshot with the migration account. In the migration
account, create a new KMS key that has an identical alias.

D. Use native database toolsets to export the RDS DB instance to Amazon S3. Create an S3 bucket and an S3 bucket policy for cross account
access between the production account and the migration account. Use native database toolsets to import the database from Amazon S3 to a
new RDS DB instance.

Hide Answer

Suggested Answer: B

Community vote distribution

A (77%) B (23%)

by  WinAndWin at Jan. 1, 2024, 2:37 p.m.

Disclaimers:
- ExamTopics website is not related to, aeliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
:
   nharaz Highly Voted  3 months, 1 week ago
Selected Answer: A
https://repost.aws/knowledge-center/share-encrypted-rds-snapshot-kms-key
upvoted 6 times

  LemonGremlin Most Recent  3 months, 1 week ago

Selected Answer: B
Option B is generally more straightforward, as it leverages RDS read replicas and KMS key replication to achieve the goal without the need for
complex manual snapshot sharing or exporting/importing data.
upvoted 2 times

  magistrum 1 month, 3 weeks ago

only question i have is the copy is a read only replica...can't do much else if they need to write to it as part of migration....
upvoted 1 times

  Kipalom 3 months, 1 week ago

Selected Answer: A
As its not possible to create a read replica in another account, I go for A. Make a snapshot, make sure the migration account kann use the KMS
key and share the snapshot for decryption.
upvoted 4 times

  March2023 1 month, 2 weeks ago

https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automate-the-replication-of-amazon-rds-instances-across-aws-
accounts.html
upvoted 1 times

  WinAndWin 3 months, 1 week ago

Selected Answer: B
- C, D are not correct.
- I think B
upvoted 1 times

Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 402 DISCUSSION
:
 Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 402
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company hosts a continuous integration and continuous delivery (CI/CD) environment on AWS. The CI/CD environment includes a Jenkins
server that is hosted on an Amazon EC2 instance. A 500 GB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volume is
attached to the EC2 instance.

Because of disk throughput limitations, the Jenkins server reports performance issues that are resulting in slower builds on the server. The EBS
volume needs to sustain 3,000 IOPS while performing nightly build tasks.

A SysOps administrator examines the server's history in Amazon CloudWatch. The BurstBalance metric has had a value of 0 during nightly builds.
The SysOps administrator needs to improve the performance and meet the sustained throughput requirements.

Which solution will meet these requirements MOST cost-effectively?

A. Double the gp2 EBS volume size from 500 GB to 1,000 GB.

B. Change the volume type from gp2 to General Purpose SSD (gp3). Most Voted

C. Change the volume type from gp2 to Throughput Optimized HDD (st1).

D. Change the volume type from gp2 to Provisioned IOPS SSD (io2).

Hide Answer

Suggested Answer: A

Community vote distribution

B (100%)

by  LemonGremlin at Dec. 30, 2023, 1:35 a.m.

Disclaimers:
- ExamTopics website is not related to, adliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  LemonGremlin Highly Voted  3 months, 2 weeks ago
Selected Answer: B
B. Change the volume type from gp2 to General Purpose SSD (gp3).

Explanation:

The gp3 volume type is designed to provide baseline performance of 3,000 IOPS and a throughput of up to 125 MB/s. This aligns with the
requirement to sustain 3,000 IOPS during nightly build tasks.

gp3 volumes are a good fit for a wide range of transactional workloads and offer a more cost-effective solution compared to Provisioned IOPS
SSD (io2) volumes.
upvoted 6 times

  Kipalom Most Recent  3 months, 1 week ago

Selected Answer: B
What LemonGremlin says +100
upvoted 4 times
:
 Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 404 DISCUSSION

Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate

Question #: 404
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A SysOps administrator receives an alert that a production Auto Scaling group has been scaled down to two Amazon EC2 instances. The Auto
Scaling group was originally con5gured with a minimum capacity of three instances. However, the SysOps administrator con5rms that the
con5guration now reZects a minimum capacity of two instances.

Which AWS service will help identify who made the change?

A. AWS Con5g Most Voted

B. Amazon Inspector

C. Amazon Macie

D. Amazon Cloud Watch Logs

Hide Answer

Suggested Answer: C

Community vote distribution

A (100%)

by  LemonGremlin at Dec. 30, 2023, 1:37 a.m.

Disclaimers:
- ExamTopics website is not related to, aaliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
:
   LemonGremlin Highly Voted  3 months, 2 weeks ago
Selected Answer: A
A. AWS Config

Explanation:

AWS Config provides a detailed view of the configuration changes made to resources in your AWS account. It records configuration changes and
allows you to view the configuration history.

By using AWS Config, you can check the historical changes to the Auto Scaling group configuration, including changes to the minimum capacity,
and identify who made the change.
upvoted 5 times

  nharaz Highly Voted  3 months, 1 week ago

Selected Answer: A
AWS Config achieves this by calling the CloudTrail LookupEvents API. By selecting the link, AWS Config will redirect you to the CloudTrail event
history. From the Amazon CloudTrail event you can get additional details including but not limited to who made changes to the resource and
when.

https://aws.amazon.com/blogs/mt/how-to-use-aws-config-and-cloudtrail-to-find-who-made-changes-to-a-
resource/#:~:text=AWS%20Config%20achieves%20this%20by,to%20the%20resource%20and%20when.
upvoted 5 times

  Learning4life Most Recent  2 months, 1 week ago

Selected Answer: A
https://aws.amazon.com/blogs/mt/how-to-track-changes-to-auto-scaling-groups-using-aws-config/
upvoted 3 times

  WinAndWin 3 months, 1 week ago

Selected Answer: A
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors
and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired
configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource
configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to
simplify compliance auditing, security analysis, change management, and operational troubleshooting.
Answer is A. AWS Config
upvoted 4 times

Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 405 DISCUSSION
:
 Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 405
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company wants to store sensitive 5nancial data within Amazon S3 buckets. The company has a corporate policy that does not allow public read
or write access to the buckets. A SysOps administrator must create a solution to automatically remove S3 permissions that allow public read or
write access.

Which AWS service should the SysOps administrator use to meet these requirements in the MOST operationally e[cient manner?

A. AWS Con5g Most Voted

B. AWS Security Hub

C. AWS Trusted Advisor

D. Amazon Inspector

Hide Answer

Suggested Answer: D

Community vote distribution

A (100%)

by  LemonGremlin at Jan. 1, 2024, 12:13 a.m.

Disclaimers:
- ExamTopics website is not related to, a[liated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  LemonGremlin Highly Voted  3 months, 1 week ago
Selected Answer: A
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. It can be used to monitor and
detect changes to S3 bucket policies that may introduce public read or write access.
upvoted 6 times

  klayytech Most Recent  2 weeks, 6 days ago

Selected Answer: A
AWS Config enables you to assess, audit, and evaluate the configurations of your AWS resources. It continuously monitors and records your
AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With AWS
Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories,
and determine your overall compliance against the configurations specified in your internal guidelines.
upvoted 3 times

  Learning4life 2 months, 1 week ago

Selected Answer: A
AWS Config enables you to assess, audit, and evaluate the configurations of your AWS resources. It continuously monitors and records your
AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With AWS
Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories,
and determine your overall compliance against the configurations specified in your internal guidelines.
upvoted 4 times
:
 Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 406 DISCUSSION

Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate

Question #: 406
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A SysOps administrator must create an IAM policy for a developer who needs access to speci5c AWS services. Based on the requirements, the
SysOps administrator creates the following policy:

Which actions does this policy allow? (Choose two.)

A. Create an AWS Storage Gateway.

B. Create an IAM role for an AWS Lambda function.

C. Delete an Amazon Simple Queue Service (Amazon SQS) queue.

D. Describe AWS load balancers. Most Voted

E. Invoke an AWS Lambda function. Most Voted

Hide Answer

Suggested Answer: E
:
 Community vote distribution
E (50%) D (50%)

by  LemonGremlin at Dec. 30, 2023, 1:40 a.m.

Disclaimers:
- ExamTopics website is not related to, abliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  LemonGremlin Highly Voted  3 months ago
Selected Answer: E
D & E. BOTH CORRECT
upvoted 5 times

  LemonGremlin Highly Voted  3 months ago

Selected Answer: E
It is both D & E.
upvoted 5 times

  klayytech Most Recent  2 weeks, 6 days ago

Selected Answer: D
D & E. BOTH CORRECT
upvoted 2 times

  henro4niger 2 months ago

D and E The question said choose two options
upvoted 3 times

  superkimo 3 months ago

E also correct, we have to choose two answers not just one :D
upvoted 3 times

  Kipalom 3 months, 1 week ago

Selected Answer: D
DE are the right answers. Can a admin allow multiples answers?
upvoted 4 times

  WinAndWin 3 months, 1 week ago

DE is correct.
upvoted 3 times

  LemonGremlin 3 months, 2 weeks ago

Selected Answer: D
D. Describe AWS load balancers (elasticloadbalancing:*):

The policy allows any action (*) for Elastic Load Balancing (elasticloadbalancing).
This includes actions like describing, creating, updating, and deleting load balancers.
E. Invoke an AWS Lambda function (lambda:*):

The policy allows any action (*) for AWS Lambda (lambda).
This includes actions like creating, updating, deleting, and invoking Lambda functions.
upvoted 4 times
:
 Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 408 DISCUSSION

Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate

Question #: 408
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

Users are reporting consistent forced logouts from a stateful web application. The logouts occur before the expiration of a 15-minute application
logout timer.

The web application is hosted on Amazon EC2 instances that are in an Auto Scaling group. The instances run behind an Application Load
Balancer (ALB) that has a single target group. The ALB is con5gured as the origin in an Amazon CloudFront distribution. Session a_nity (sticky
sessions) is already enabled on the ALB target group and uses duration-based cookies. The web application generates its own application cookie.

Which combination of actions should a SysOps administrator take to resolve the logout problem? (Choose two.)

A. Change to the least outstanding requests algorithm on the ALB target group.

B. Con5gure cookie forwarding in the CloudFront distribution's cache behavior settings. Most Voted

C. Con5gure the duration-based cookie to be named AWSALB.

D. Con5gure the ALB to use the expiration cookie header.

E. Change the ALB to use application-based cookies. Most Voted

Hide Answer

Suggested Answer: AD

Community vote distribution

BE (93%) 7%

by  LemonGremlin at Jan. 1, 2024, 12:15 a.m.

Disclaimers:
- ExamTopics website is not related to, a_liated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
:
   seetpt 5 days, 4 hours ago
Selected Answer: BE
BE is correct
upvoted 1 times

  klayytech 2 weeks, 6 days ago

Selected Answer: BE
The two actions the SysOps administrator should take to resolve the logout problem are:

B. Configure cookie forwarding in the CloudFront distribution's cache behavior settings.

E. Change the ALB to use application-based cookies.

upvoted 2 times

  Learning4life 2 months ago

Selected Answer: BE
What Kipalom said.
upvoted 4 times

  LemonGremlin 3 months, 1 week ago

Selected Answer: BE
After researching more, it is BE.

Configure cookie forwarding in the CloudFront distribution's cache behavior settings (Option B).
Change the ALB to use application-based cookies (Option E).
upvoted 3 times

  Kipalom 3 months, 1 week ago

Selected Answer: BE
As the application is generating its own cookies, we don't need the duration-based cookie generated by the load balancer. So for me its
forwarding cookies and allowing application-based cookies. BE
upvoted 4 times

  LemonGremlin 3 months, 1 week ago

Selected Answer: BC
I think it is

B. Configure cookie forwarding in the CloudFront distribution's cache behavior settings.

C. Configure the duration-based cookie to be named AWSALB.
upvoted 1 times

Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 410 DISCUSSION

Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate

Question #: 410
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company has a cluster of Linux Amazon EC2 Spot Instances that read many 5les from and write many 5les to attached Amazon Elastic Block
Store (Amazon EBS) volumes. The EC2 instances are frequently started and stopped. As part of the process when an EC2 instance starts, an EBS
volume is restored from a snapshot.

EBS volumes that are restored from snapshots are experiencing initial performance that is lower than expected. The company's workload needs
almost all the provisioned IOPS on the attached EBS volumes. The EC2 instances are unable to support the workload when the performance of the
EBS volumes is too low. A SysOps administrator must implement a solution to ensure that the EBS volumes provide the expected performance
when they are restored from snapshots.

Which solution will meet these requirements?

A. Con5gure fast snapshot restore (FSR) on the snapshots that are used. Most Voted

B. Restore each snapshot onto an unencrypted EBS volume. Encrypt the EBS volume when the performance stabilizes.

C. Format the EBS volumes as XFS 5le systems before restoring the snapshots.

D. Increase the Linux read-ahead buffer to 1 MiB.

Hide Answer

Suggested Answer: A

Community vote distribution

A (100%)

by  WinAndWin at Jan. 1, 2024, 3:10 p.m.

Disclaimers:
- ExamTopics website is not related to, adliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.
:
 Comments
  gamebase 4 weeks, 1 day ago
Selected Answer: A
Fast Snapshot Restore (FSR) will solve this.
https://docs.aws.amazon.com/ebs/latest/userguide/ebs-fast-snapshot-restore.html
upvoted 3 times

  stoy123 1 month, 1 week ago

Selected Answer: A
A for sure
upvoted 3 times

  ahmedsamosam 2 months, 3 weeks ago

The issue described here is a common one with Amazon EBS volumes restored from snapshots. When an EBS volume is created from a
snapshot, the data isn't fully loaded into the volume until it is accessed for the first time. This means that the initial I/O performance of the volume
can be lower than expected, which can be problematic for high-performance workloads.

To resolve this issue, the most suitable solution would be:

A. Configure fast snapshot restore (FSR) on the snapshots that are used: Fast Snapshot Restore (FSR) immediately enables a snapshot's data to
be fully realized on the volume, eliminating the need for the lazy loading of data.
upvoted 3 times

  ogogundare 3 months ago

C will be a good answer to pre format a volume before using it. This way it improves performance
upvoted 1 times

  WinAndWin 3 months, 1 week ago

Selected Answer: A
I think A is correct
upvoted 3 times

Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 412 DISCUSSION
:
 Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 412
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company is running workloads on premises and on AWS. A SysOps administrator needs to automate tasks across all servers on premises by
using AWS services. The SysOps administrator must not install long-term credentials on the on-premises servers.

What should the SysOps administrator do to meet these requirements?

A. Create an IAM role and instance pro5le that include AWS Systems Manager permissions. Attach the role to the on-premises servers.

B. Create a managed-instance activation in AWS Systems Manager. Install the Systems Manager Agent (SSM Agent) on the on-premises
servers. Register the servers with the activation code and ID from the instance activation. Most Voted

C. Create an AWS managed IAM policy that includes the appropriate AWS Systems Manager permissions. Download the IAM policy to the on-
premises servers.

D. Create an IAM user and an access key. Log on to the on-premises servers and install the AWS CLI. Con5gure the access key in the AWS
credentials 5le after the AWS CLI is successfully installed.

Hide Answer

Suggested Answer: B

Community vote distribution

B (100%)

by  WinAndWin at Jan. 1, 2024, 3:12 p.m.

Disclaimers:
- ExamTopics website is not related to, acliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  Learning4life Highly Voted  2 months, 3 weeks ago
Selected Answer: B
Answer is B. Question states on-premises and in AWS. https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-managed-
instance-activation.html
upvoted 5 times

  WinAndWin Most Recent  3 months, 1 week ago

Selected Answer: B
I think B is correct
upvoted 3 times
:
 Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 413 DISCUSSION

Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate

Question #: 413
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company has deployed an application on AWS. The application runs on a Yeet of Linux Amazon EC2 instances that are in an Auto Scaling group.
The Auto Scaling group is con5gured to use launch templates. The launch templates launch Amazon Elastic Block Store (Amazon EBS) backed
EC2 instances that use General Purpose SSD (gp3) EBS volumes for primary storage.

A SysOps administrator needs to implement a solution to ensure that all the EC2 instances can share the same underlying 5les. The solution also
must ensure that the data is consistent.

Which solution will meet these requirements?

A. Create an Amazon Elastic File System (Amazon EFS) 5le system. Create a new launch template version that includes user data that mounts
the EFS 5le system. Update the Auto Scaling group to use the new launch template version to cycle in newer EC2 instances and to terminate
the older EC2 instances. Most Voted

B. Enable Multi-Attach on the EBS volumes. Create a new launch template version that includes user data that mounts the EBS volume. Update
the Auto Scaling group to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances.

C. Create a cron job that synchronizes the data between the EBS volumes for all the EC2 instances in the Auto Scaling group. Create a
lifecycle hook during instance launch to con5gure the cron job on all the EC2 instances. Rotate out the older EC2 instances.

D. Create a new launch template version that creates an Amazon Elastic File System (Amazon EFS) 5le system. Update the Auto Scaling group
to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances.

Hide Answer

Suggested Answer: D

Community vote distribution

A (100%)

by  LemonGremlin at Jan. 1, 2024, 12:19 a.m.

Disclaimers:
:
 - ExamTopics website is not related to, agliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  Learning4life 2 months, 1 week ago
Selected Answer: A
A and D are very similar, but after re-reading A, it includes the User Data, which will generate a user data script used during the initial boot
process to setup the EFS mounts, and persist them across reboots.
upvoted 3 times

  nharaz 3 months, 1 week ago

Selected Answer: A
The key word is Linux Amazon EC2 so the answer could be creating an Amazon Elastic File system. Amazon EFS is a fully managed service
providing network file sharing (NFS) shared file system storage for Linux workloads. Amazon EFS makes it quick and efficient to create and
configure file systems.
upvoted 4 times

  LemonGremlin 3 months, 1 week ago

Selected Answer: A
Please let me know why this is not A
A. Create an Amazon Elastic File System (Amazon EFS) file system. Create a new launch template version that includes user data that mounts
the EFS file system. Update the Auto Scaling group to use the new launch template version to cycle in newer EC2 instances and to terminate the
older EC2 instances.
upvoted 4 times

  Kipalom 3 months, 1 week ago

I can't, because its A!
upvoted 2 times

Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 414 DISCUSSION
:
 Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 414
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company has 50 AWS accounts and wants to create an identical Amazon VPC in each account. Any changes the company makes to the VPCs in
the future must be implemented on every VPC.

What is the MOST operationally eZcient method to deploy and update the VPCs in each account?

A. Create an AWS CloudFormation template that de5nes the VPC. Sign in to the AWS Management Console under each account. Create a
stack from the template.

B. Create a shell script that con5gures the VPC using the AWS CLI. Provide a list of accounts to the shell script from a text 5le. Create the VPC
in every account in the list.

C. Create an AWS Lambda function that con5gures the VPStore the account information in Amazon DynamoDB. Grant Lambda access to the
DynamoDB table. Create the VPC in every account in the list.

D. Create an AWS CloudFormation template that de5nes the VPC. Create an AWS CloudFormation StackSet based on the template. Deploy the
template to all accounts using the stack set. Most Voted

Hide Answer

Suggested Answer: C

Community vote distribution

D (100%)

by  LemonGremlin at Jan. 1, 2024, 12:20 a.m.

Disclaimers:
- ExamTopics website is not related to, aZliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  LemonGremlin Highly Voted  3 months, 1 week ago
Selected Answer: D
The MOST operationally efficient method to deploy and update identical Amazon VPCs in multiple AWS accounts is:

D. Create an AWS CloudFormation template that defines the VPC. Create an AWS CloudFormation StackSet based on the template. Deploy the
template to all accounts using the stack set.
upvoted 10 times

  joshnort Most Recent  6 days, 10 hours ago

Selected Answer: D
D: Create an AWS CloudFormation template that defines the VPC. Create an AWS CloudFormation StackSet based on the template. Deploy the
template to all accounts using the stack set.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/what-is-cfnstacksets.html
upvoted 1 times
:
 Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 415 DISCUSSION
:
 Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 415
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps
administrator inspects the VPC Zow logs and 5nds the following entry:

What is a possible cause of these failed connections?

A. A security group deny rule is blocking tra\c on port 443.

B. The EC2 instance is shut down.

C. The network ACL is blocking HTTPS tra\c. Most Voted

D. The VPC has no internet gateway attached.

Hide Answer

Suggested Answer: A

Community vote distribution

C (100%)

by  LemonGremlin at Dec. 30, 2023, 1:48 a.m.

Disclaimers:
- ExamTopics website is not related to, a\liated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  nharaz 3 months, 1 week ago
Selected Answer: C
This Question is tricky
https://www.examtopics.com/discussions/amazon/view/50839-exam-aws-certified-sysops-administrator-associate-topic-1/
upvoted 2 times

  LemonGremlin 3 months, 1 week ago

Selected Answer: C
Answer is C.
please see the section "Accepted and rejected traffic" example in below page
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html#flow-log-example-accepted-rejected
upvoted 4 times

  Kipalom 3 months, 1 week ago

Selected Answer: C
Its C, as "eni" is showing that the elastic network interface (network ACL) is denying the request
upvoted 3 times

  LemonGremlin 3 months, 2 weeks ago

Selected Answer: C
I think this is C
upvoted 3 times
:
 Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 418 DISCUSSION

Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate

Question #: 418
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company's VPC has an existing IPv4 con5guration. The IPv4 con5guration includes public subnets, private subnets, NAT gateways, default route
tables, and ACLs.

The company associates an IPv6 CIDR block with the VPC. The company adds IPv6 allocations to each existing subnet and adds routes to the
route tables. The company updates the ACLs to allow all IPv6 tra]c.

Public subnets are working as expected, but private subnets are not allowing internet IPv6 connections.

What should a SysOps administrator do to allow outbound-only connectivity for the new IPv6 subnets?

A. Con5gure an egress-only internet gateway and associate it with the VPC. Create a default route in the route tables that are associated with
the private subnets. Con5gure the default route to point to the egress-only internet gateway. Most Voted

B. Turn on IPv6 NAT on the NAT gateways. Create a default route in the route tables that are associated with the private subnets. Con5gure
the default route to point to the NAT gateways.

C. Con5gure a new IPv6-only NAT gateway. Create a default route in the route tables that are associated with the private subnets. Con5gure
the default route to point to the IPv6-only NAT gateway.

D. Create a default route in the route tables that are associated with the private subnets. Con5gure the default route to point to the existing
internet gateway.

Hide Answer

Suggested Answer: C

Community vote distribution

A (100%)

by  Kipalom at Jan. 1, 2024, 11:54 p.m.

Disclaimers:
:
 - ExamTopics website is not related to, a]liated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
  Kipalom Highly Voted  3 months, 1 week ago
Selected Answer: A
An egress-only internet gateway is specifically designed for allowing outbound IPv6 traffic from instances in private subnets while preventing
incoming traffic initiated by external sources.
upvoted 5 times

  klayytech Most Recent  2 weeks, 6 days ago

Selected Answer: A
An egress-only internet gateway is specifically designed for allowing outbound IPv6 traffic from instances in private subnets while preventing
incoming traffic initiated by external sources.
upvoted 3 times

  Learning4life 2 months, 3 weeks ago

Answer is A.
https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html
upvoted 4 times

  Learning4life 2 months, 3 weeks ago

An egress-only internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows outbound
communication over IPv6 from instances in your VPC to the internet, and prevents the internet from initiating an IPv6 connection with your
instances.
upvoted 2 times

  JIMBOB2 3 months, 1 week ago

Think this is A
upvoted 2 times

Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 419 DISCUSSION

Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate

Question #: 419
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company runs a worker process on three Amazon EC2 instances. The instances are in an Auto Scaling group that is con5gured to use a simple
scaling policy. The instances process messages from an Amazon Simple Queue Service (Amazon SQS) queue.

Random periods of increased messages are causing a decrease in the performance of the worker process. A SysOps administrator must scale the
instances to accommodate the increased number of messages.

Which solution will meet these requirements?

A. Use CloudWatch to create a metric math expression to calculate the approximate age of the oldest message in the SQS queue. Create a
target tracking scaling policy for the metric math expression to modify the Auto Scaling group.

B. Use CloudWatch to create a metric math expression to calculate the approximate number of messages visible in the SQS queue for each
instance. Create a target tracking scaling policy for the metric math expression to modify the Auto Scaling group. Most Voted

C. Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group. Create a target tracking scaling policy for the
ALBRequestCountPerTarget metric to modify the Auto Scaling group.

D. Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group. Create a scheduled scaling policy for the Auto
Scaling group.

Hide Answer

Suggested Answer: B

Community vote distribution

B (90%) 10%

by  LemonGremlin at Jan. 3, 2024, 1:06 a.m.

Disclaimers:
- ExamTopics website is not related to, adliated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.
:
 Comments
  nharaz Highly Voted  3 months, 1 week ago
Selected Answer: B
https://aws.amazon.com/blogs/mt/enhance-cloudwatch-metrics-with-metric-math-functions/
upvoted 5 times

  RazSteel Most Recent  3 months, 1 week ago

Selected Answer: C
think its C
upvoted 1 times

  LemonGremlin 3 months, 1 week ago

Selected Answer: B
B is correct;
Metric math expression for the SQS queue:

By using CloudWatch to create a metric math expression, you can calculate the approximate number of messages visible in the SQS queue for
each instance. This metric provides insights into the workload on each EC2 instance and can be used to make scaling decisions.

Creating a target tracking scaling policy for this metric allows the Auto Scaling group to automatically adjust the number of instances based on
the calculated metric, ensuring that there are enough instances to handle the increased number of messages.
upvoted 4 times

Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

:
 - Expert Veri5ed, Online, Free.

UNLIMITED ACCESS

Get Unlimited Contributor Access to the all ExamTopics Exams!

Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certi5cation Exams Easily. Get Unlimited Access

 Amazon Discussions

 EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 420 DISCUSSION

Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate

Question #: 420
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]

A company has created a NAT gateway in a public subnet in a VPC. The VPC also contains a private subnet that includes Amazon EC2 instances.
The EC2 instances use the NAT gateway to access the internet to download patches and updates. The company has con5gured a VPC Zow log for
the elastic network interface of the NAT gateway. The company is publishing the output to Amazon CloudWatch Logs.

A SysOps administrator must identify the top 5ve internet destinations that the EC2 instances in the private subnet communicate with for
downloads.

What should the SysOps administrator do to meet this requirement in the MOST operationally e]cient way?

A. Use AWS CloudTrail Insights events to identify the top 5ve internet destinations.

B. Use Amazon CloudFront standard logs (access logs) to identify the top 5ve internet destinations.

C. Use CloudWatch Logs Insights to identify the top 5ve internet destinations. Most Voted

D. Change the Zow log to publish logs to Amazon S3. Use Amazon Athena to query the log 5les in Amazon S3.

Hide Answer

Suggested Answer: A

Community vote distribution

C (100%)

by  JIMBOB2 at Dec. 30, 2023, 3:58 p.m.

Disclaimers:
- ExamTopics website is not related to, a]liated with, endorsed or authorized by Amazon.
- Trademarks, certi5cation & product names are used for reference only and belong to Amazon.

Comments
:
   LemonGremlin Highly Voted  3 months, 1 week ago
Selected Answer: C
Pretty sure this is C:
To identify the top five internet destinations that the EC2 instances in the private subnet communicate with for downloads using VPC flow logs,
the most operationally efficient way would be:

C. Use CloudWatch Logs Insights to identify the top five internet destinations.

Explanation:

VPC Flow Logs and CloudWatch Logs:

VPC flow logs capture information about the IP traffic going to and from network interfaces in a VPC.
The flow log data can be sent to CloudWatch Logs for analysis and monitoring.
CloudWatch Logs Insights is a fully managed service that allows you to search, analyze, and visualize log data.
upvoted 5 times

  Learning4life Most Recent  2 months, 2 weeks ago

Selected Answer: C
"You can use CloudWatch Logs Insights to find the top contributors. For more information about the following query commands, see How can I
find the top contributors to traffic through the NAT gateway in my VPC."
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax-examples.html
upvoted 2 times

  ogogundare 3 months ago

The correct answer is C since it said it publishing the logs to cloudwatch logs
https://repost.aws/knowledge-center/vpc-flow-logs-and-cloudwatch-logs-insights
upvoted 3 times

  WinAndWin 3 months, 1 week ago

Selected Answer: C
I think C.
upvoted 2 times

  JIMBOB2 3 months, 1 week ago

i'd say C
upvoted 2 times

Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

: