A company uses Amazon Route 53 to manage the public DNS records for the domain
example.com. The company deploys an Amazon CloudFront distribution to deliver static
assets for a new corporate website. The company wants to create a subdomain that is
named "static" and must route traffic for the subdomain to the
CloudFront distribution.
How should a SysOps administrator create a new record for the subdomain in Route 53?

A.

Create a CNAME record. Enter static.cloudfront.net as the record name. Enter the
CloudFront distribution's public IP address as the value.

B.

Create a CNAME record. Enter static.example.com as the record name. Enter the
CloudFront distribution's private IP address as the value.

C.

Create an A record. Enter static.cloudfront.net as the record name. Enter the CloudFront
distribution's ID as an alias target.

D.

Create an A record. Enter static.example.com as the record name. Enter the CloudFront distribution's domain name as an alias target.

A large company is using AWS Organizations to manage its multi-account AWS
environment. According to company policy, all users should have read-level access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be
available outside the organization. A SysOps administrator must set up the permissions
and add a bucket policy to the S3 bucket.
Which parameters should be specified to accomplish this in the MOST efficient manner?

A.

Specify "' as the principal and PrincipalOrgld as a condition.

B.

Specify all account numbers as the principal.

C.

Specify PrincipalOrgld as the principal.

D.

Specify the organization's management account as the principal.

A company uses Amazon Elasticsearch Service (Amazon ES) to analyze sales and
customer usage data. Members of the company's geographically dispersed sales team are
traveling. They need to log in to Kibana by using their existing corporate credentials that
are stored in Active Directory. The company has deployed
Active Directory Federation Services (AD FS) to enable authentication to cloud services.
Which solution will meet these requirements?

A.

Configure Active Directory as an authentication provider in Amazon ES. Add the Active
Directory server's domain name to Amazon ES. Configure Kibana to use Amazon ES
authentication.

B.

Deploy an Amazon Cognito user pool. Configure Active Directory as an external identity
provider for the user pool. Enable Amazon Cognito authentication for Kibana on Amazon
ES.

C.

Enable Active Directory user authentication in Kibana. Create an IP-based custom
domain access policy in Amazon ES that includes the Active Directory server's IP address.

D.

Establish a trust relationship with Kibana on the Active Directory server. Enable Active
Directory user authentication in Kibana. Add the Active Directory server's IP address to
Kibana.

A SysOps administrator has launched a large general purpose Amazon EC2 instance to
regularly process large data files. The instance has an attached 1 TB General Purpose
SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volume. The instance also is EBSoptimized.
To save costs, the SysOps administrator stops the instance each evening and
restarts the instance each morning.
When data processing is active, Amazon CloudWatch metrics on the instance show a
consistent 3.000 VolumeReadOps. The SysOps administrator must improve the I/O
performance while ensuring data integrity.
Which action will meet these requirements?

A.

Change the instance type to a large, burstable, general purpose instance.

B.

Change the instance type to an extra large general purpose instance.

C.

Increase the EBS volume to a 2 TB General Purpose SSD (gp2) volume.

D.

Move the data that resides on the EBS volume to the instance store

A SysOps administrator needs to design a high-traffic static website. The website must be highly available and must provide the lowest possible latency to users across the globe. Which solution will meet these requirements?

A.

Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create an Amazon CloudFront distribution in each AWS Region, and set the S3 bucket as the origin. Use Amazon Route 53 to create a DNS record that uses a geolocation routing policy
to route traffic to the correct CloudFront distribution based on where the request originates.

B.

Create an Amazon S3 bucket, and upload the website content to the S3 bucket. Create
an Amazon CloudFront distribution, and set the S3 bucket as the origin. Use Amazon
Route 53 to create an alias record that points to the CloudFront distribution.

C.

Create an Application Load Balancer (ALB) and a target group. Create an Amazon EC2 Auto Scaling group with at least two EC2 instances in the associated target group. Store
the website content on the EC2 instances. Use Amazon Route 53 to create an alias record
that points to the ALB.

D.

Create an Application Load Balancer (ALB) and a target group in two Regions. Create
an Amazon EC2 Auto Scaling group in each Region with at least two EC2 instances in
each target group. Store the website content on the EC2 instances. Use Amazon Route 53
to create a DNS record that uses a geolocation routing policy to route traffic to the correct
ALB based on where the request originates.

A company wants to build a solution for its business-critical Amazon RDS for MySQL
database. The database requires high availability across different geographic locations. A
SysOps administrator must build a solution to handle a disaster recovery (DR) scenario
with the lowest recovery time objective (RTO) and recovery point objective (RPO).
Which solution meets these requirements?

A.

Create automated snapshots of the database on a schedule. Copy the snapshots to the
DR Region.

B.

Create a cross-Region read replica for the database

C.

Create a Multi-AZ read replica for the database.

D.

Schedule AWS Lambda functions to create snapshots of the source database and to copy the snapshots to a DR Region.

A company has an existing web application that runs on two Amazon EC2 instances
behind an Application Load Balancer (ALB) across two Availability Zones The application
uses an Amazon RDS Multi-AZ DB Instance Amazon Route 53 record sets route requests
tor dynamic content to the load balancer and requests for static content to an Amazon S3
bucket Site visitors are reporting extremely long loading times.
Which actions should be taken to improve the performance of the website? (Select TWO )

A.

Add Amazon CloudFront caching for static content

B.

Change the load balancer listener from HTTPS to TCP

C.

Enable Amazon Route 53 latency-based routing

D.

Implement Amazon EC2 Auto Scaling for the web servers

E.

Move the static content from Amazon S3 to the web servers

An application runs on multiple Amazon EC2 instances in an Auto Scaling group The Auto
Scaling group is configured to use the latest version of a launch template A SysOps
administrator must devise a solution that centrally manages the application logs and retains
the logs for no more than 90 days
Which solution will meet these requirements?

A.

Launch an Amazon Machine Image (AMI) that is preconfigured with the Amazon CloudWatch Logs agent to send logs to an Amazon S3 bucket Apply a 90-day S3 Lifecycle policy on the S3 bucket to expire the application logs

B.

Launch an Amazon Machine Image (AMI) that is preconfigured with the Amazon CloudWatch Logs agent to send logs to a log group Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule to perform an instance refresh every 90 days

C.

Update the launch template user data to install and configure the Amazon CloudWatch
Logs agent to send logs to a log group Configure the retention period on the log group to
be 90 days

D.

Update the launch template user data to install and configure the Amazon CloudWatch
Logs agent to send logs to a log group Set the log rotation configuration of the EC2
instances to 90 days

While setting up an AWS managed VPN connection, a SysOps administrator creates a
customer gateway resource in AWS. The customer gateway device resides in a data center
with a NAT gateway in front of it.
What address should be used to create the customer gateway resource?

A.

The private IP address of the customer gateway device

B.

The MAC address of the NAT device in front of the customer gateway device

C.

The public IP address of the customer gateway device

D.

The public IP address of the NAT device in front of the customer gateway device

A SysOps administrator must create an IAM policy for a developer who needs access to specific AWS services. Based on the requirements, the SysOps administrator creates the following policy:

Which actions does this policy allow? (Select TWO.)

A.

Create an AWS Storage Gateway.

B.

Create an IAM role for an AWS Lambda function.

C.

Delete an Amazon Simple Queue Service (Amazon SQS) queue.

D.

Describe AWS load balancers.

E.

Invoke an AWS Lambda function.