A company has an application that is running on Amazon EC2 instances in a VPC. The application needs access to download software updates from the internet. The VPC has public subnets and private signets. The company's security policy requires all ECS instances to be deployed in private subnets

What should a SysOps administrator do to meet those requirements?

A. Add an internet gateway to the VPC In the route table for the private subnets, odd a route to the interne; gateway.

B. Add a NAT gateway to a private subnet. In the route table for the private subnets, add a route to the NAT gateway.

C. Add a NAT gateway to a public subnet in the route table for the private subnets, add a route to the NAT gateway.

D. Add two internet gateways to the VPC. In The route tablet for the private subnets and public subnets, add a route to each internet gateway.

A SysOps administrator is provisioning an Amazon Elastic File System (Amazon EFS) file system to provide shared storage across multiple Amazon EC2 instances The instances all exist in the same VPC across multiple Availability Zones. There are two instances In each Availability Zone. The SysOps administrator must make the file system accessible to each instance with the lowest possible latency.

Which solution will meet these requirements?

A. Create a mount target for the EFS file system in the VPC. Use the mount target to mount the file system on each of the instances

B. Create a mount target for the EFS file system in one Availability Zone of the VPC. Use the mount target to mount the file system on the instances in that Availability Zone. Share the directory with the other instances.

C. Create a mount target for each instance. Use each mount target to mount the EFS file system on each respective instance.

D. Create a mount target in each Availability Zone of the VPC Use the mount target to mount the EFS file system on the Instances in the respective Availability Zone.

A SysOps administrator is reviewing AWS Trusted Advisor recommendations. The SysOps administrator notices that all the application servers for a finance application are listed in the Low Utilization Amazon EC2 Instances check. The application runs on three instances across three Availability Zones. The SysOps administrator must reduce the cost of running the application without affecting the application's availability or design.

Which solution will meet these requirements?

A. Reduce the number of application servers.

B. Apply rightsizing recommendations from AWS Cost Explorer to reduce the instance size.

C. Provision an Application Load Balancer in front of the instances.

D. Scale up the instance size of the application servers.

A company is using an AWS KMS customer master key (CMK) with imported key material The company references the CMK by its alias in the Java application to encrypt data The CMK must be rotated every 6 months

What is the process to rotate the key?

A. Enable automatic key rotation for the CMK and specify a period of 6 months

B. Create a new CMK with new imported material, and update the key alias to point to the new CMK.

C. Delete the current key material, and import new material into the existing CMK

D. Import a copy of the existing key material into a new CMK as a backup, and set the rotation schedule for 6 months

A company has a mobile app that uses Amazon S3 to store images The images are popular for a week, and then the number of access requests decreases over time The images must be highly available and must be immediately accessible upon request A SysOps administrator must reduce S3 storage costs for the company.

Which solution will meet these requirements MOST cost-effectively?

A. Create an S3 Lifecycle policy to transition the images to S3 Glacier after 7 days

B. Create an S3 Lifecycle policy to transition the images to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 7 days

C. Create an S3 Lifecycle policy to transition the images to S3 Standard after 7 days

D. Create an S3 Lifecycle policy to transition the images to S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days

A SysOps administrator wants to protect objects in an Amazon S3 bucket from accidental overwrite and deletion. Noncurrent objects must be kept for 90 days and then must be permanently deleted. Objects must reside within the same AWS

Region as the original S3 bucket.

Which solution meets these requirements?

A. Create an Amazon Data Lifecycle Manager (Amazon DLM) lifecycle policy for the S3 bucket. Add a rule to the lifecycle policy to delete noncurrent objects after 90 days.

B. Create an AWS Backup policy for the S3 bucket. Create a backup rule that includes a lifecycle to expire noncurrent objects after 90 days.

C. Enable S3 Cross-Region Replication on the S3 bucket. Create an S3 Lifecycle policy for the bucket to expire noncurrent objects after 90 days.

D. Enable S3 Versioning on the S3 bucket. Create an S3 Lifecycle policy for the bucket to expire noncurrent objects after 90 days.

A SysOps administrator needs to design a disaster recovery (DR) plan for an application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The application uses an Amazon Aurora PostgreSQL database. The recovery time objective (RTO) and recovery point objective (RPO) are 15 minutes each.

Which combination of steps should the SysOps administrator take to meet these requirements MOST cost-effectively? (Choose two.)

A. Configure Aurora backups to be exported to the DR Region.

B. Configure the Aurora cluster to replicate data to the DR Region by using the Aurora global database option.

C. Configure the DR Region with an ALB and an Auto Scaling group. Use the same configuration as in the primary Region.

D. Configure the DR Region with an ALB and an Auto Scaling group. Set the Auto Scaling group's minimum capacity, maximum capacity, and desired capacity to 1.

E. Manually launch a new ALB and a new Auto Scaling group by using AWS CloudFormation during a failover activity.

A company has deployed an application on Amazon EC2 instances in a single VPC. The company has placed the EC2 instances in a private subnet in the VPC.

The EC2 instances need access to Amazon S3 buckets that are in the same AWS Region as the EC2 instances. A SysOps administrator must provide the EC2 instances with access to the S3 buckets without requiring any changes to the EC2 instances or the application. The EC2 instances must not have access to the internet.

Which solution will meet these requirements?

A. Create an S3 gateway endpoint that uses the default gateway endpoint policy. Associate the private subnet with the gateway endpoint.

B. Create an S3 interface endpoint. Associate the EC2 instances with the interface endpoint.

C. Configure a NAT gateway. Associate the private subnet with the NAT gateway.

D. Configure a proxy EC2 instance. Update the private subnet route tables to route traffic through the proxy EC2 instance. Configure the proxy to route all S3 requests to the target S3 bucket.

A company uses AWS Organizations to manage its multi-account environment. The organization contains a dedicated account for security and a dedicated account for logging. A SysOps administrator needs to implement a centralized solution that provides alerts when a resource metric in any account crosses a standard defined threshold.

Which solution will meet these requirements?

A. Deploy an AWS CloudFormation stack set to the accounts in the organization. Use a template that creates the required Amazon CloudWatch alarms and references an Amazon Simple Notification Service (Amazon SNS) topic in the logging account with publish permissions for all the accounts.

B. Deploy an AWS CloudFormation stack in each account. Use the stack to deploy the required Amazon CloudWalch alarms and the required Amazon Simple Notification Service (Amazon SNS) topic.

C. Deploy an AWS Lambda function on a cron job in each account. Configure the Lambda function to read resources that are in the account and to invoke an Amazon Simple Notification Service (Amazon SNS) topic if any metrics cross the defined threshold.

D. Deploy an AWS CloudFormation change set to the organization. Use a template to create the required Amazon CloudWatch alarms and to send alerts to a verified Amazon Simple Email Service (Amazon SES) identity.

CORRECT TEXT Update an existing AWS CloudFormation stack. If needed, a copy 0t the CloudFormation template is available in an Amazon SB bucket named cloudformation-bucket

1.

Use the us-east-2 Region for all resources.

2.

Unless specified below, use the default configuration settings.

3.

update the Amazon EQ instance named Devinstance by making the following changes to the stack named 1700182:

a) Change the EC2 instance type to us-east-t2.nano.

b) Allow SSH to connect to the EC2 instance from the IP address range 192.168.100.0/30.

c) Replace the instance profile IAM role with IamRoleB.

4.

Deploy the changes by updating the stack using the CFServiceR01e role.

5.

Edit the stack options to prevent accidental deletion.

6.

Using the output from the stack, enter the value of the Prodlnstanceld in the text box below:

A. Check the answer in explanation.

B. Place Holder