A SysOps administrator has used AWS Cloud Formal ion to deploy a serverless application
Into a production VPC. The application consists of an AWS Lambda function an Amazon
DynamoDB table, and an Amazon API Gateway API. The SysOps administrator must
delete the AWS Cloud Formation stack without deleting the DynamoDB table.
Which action should the SysOps administrator take before deleting the AWS Cloud
Formation stack?

A.

Add a Retain deletion policy to the DynamoDB resource in the AWS CloudFormation stack

B.

Add a Snapshot deletion policy to the DynamoDB resource in the AWS CloudFormation stack.

C.

Enable termination protection on the AWS Cloud Formation stack.

D.

Update the application's IAM policy with a Deny statement for the
dynamodb:DeleteTabie action.

A company is managing multiple AWS accounts in AWS Organizations. The company is
reviewing internal security of its AWS environment. The company's security administrator
has their own AWS account and wants to review the VPC configuration of developer AWS
accounts.
Which solution will meet these requirements in the MOST secure manner?

A.

Create an IAM policy in each developer account that has read-only access related to VPC resources Assign the policy to an IAM user. Share the user credentials with the
security administrator.

B.

Create an IAM policy in each developer account that has administrator access to all
Amazon EC2 actions, including VPC actions. Assign the policy to an IAM
user. Share the user credentials with the security administrator.

C.

Create an IAM policy in each developer account that has administrator access related to
VPC resources. Assign the policy to a cross-account IAM role. Ask the security
administrator to assume the role from their account.

D.

Create an IAM policy in each developer account that has read-only access related to
VPC resources Assign the policy to a cross-account IAM role Ask the security administrator
to assume the role from their account.

A SysOps administrator launches an Amazon EC2 Linux instance in a public subnet. When
the instance is running, the SysOps administrator obtains the public IP address and
attempts to remotely connect to the instance multiple times. However, the SysOps
administrator always receives a timeout error.
Which action will allow the SysOps administrator to remotely connect to the instance?

A.

Add a route table entry in the public subnet for the SysOps administrator's IP address.

B.

Add an outbound network ACL rule to allow TCP port 22 for the SysOps administrator's IP address.

C.

Modify the instance security group to allow inbound SSH traffic from the SysOps administrator's IP address.

D.

Modify the instance security group to allow outbound SSH traffic to the SysOps
administrator's IP address.

A recent organizational audit uncovered an existing Amazon RDS database that is not
currently configured for high availability. Given the critical nature of this database, it must
be configured for high availability as soon as possible.
How can this requirement be met?

A.

Switch to an active/passive database pair using the create-db-instance-read-replica with
the --availability-zone flag.

B.

Specify high availability when creating a new RDS instance, and live-migrate the data.

C.

Modify the RDS instance using the console to include the Multi-AZ option.

D.

Use the modify-db-instance command with the --na flag

A company is using an Amazon DynamoDB table for data. A SysOps administrator must
configure replication of the table to another AWS Region for disaster recovery.
What should the SysOps administrator do to meet this requirement?

A.

Enable DynamoDB Accelerator (DAX).

B.

Enable DynamoDB Streams, and add a global secondary index (GSI).

C.

Enable DynamoDB Streams, and-add a global table Region.

D.

Enable point-in-time recovery.

A company recently acquired another corporation and all of that corporation's AWS accounts. A financial analyst needs the cost data from these accounts. A SysOps administrator uses Cost Explorer to generate cost and usage reports. The SysOps administrator notices that "No Tagkey" represents 20% of the monthly cost. What should the SysOps administrator do to tag the "No Tagkey" resources?

A.

Add the accounts to AWS Organizations. Use a service control policy (SCP) to tag all the untagged resources.

B.

Use an AWS Config rule to find the untagged resources. Set the remediation action to terminate the resources.

C.

Use Cost Explorer to find and tag all the untagged resources.

D.

Use Taq Editor to find and taq all the untaqqed resources.

A software development company has multiple developers who work on the same product.
Each developer must have their own development environment, and these development
environments must be identical. Each development environment consists of Amazon EC2
instances and an Amazon RDS DB instance. The development environments should be
created only when necessary, and they must be terminated each night to minimize costs.
What is the MOST operationally efficient solution that meets these requirements?

A.

Provide developers with access to the same AWS CloudFormation template so that they
can provision their development environment when necessary. Schedule a nightly cron job
on each development instance to stop all running processes to reduce CPU utilization to
nearly zero.

B.

Provide developers with access to the same AWS CloudFormation template so that they
can provision their development environment when necessary. Schedule a nightly Amazon
EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to
delete the AWS CloudFormation stacks.

C.

Provide developers with CLI commands so that they can provision their own
development environment when necessary. Schedule a nightly Amazon EventBridge
(Amazon CloudWatch Events) rule to invoke an AWS Lambda function to terminate all EC2
instances and the DB instance.

D.

Provide developers with CLI commands so that they can provision their own
development environment when necessary. Schedule a nightly Amazon EventBridge
(Amazon CloudWatch Events) rule to cause AWS CloudFormation to delete all of the

A company has an Auto Scaling group of Amazon EC2 instances that scale based on
average CPU utilization. The Auto Scaling group events log indicates an
InsufficientlnstanceCapacity error.
Which actions should a SysOps administrator take to remediate this issue? (Select TWO.

A.

Change the instance type that the company is using.

B.

Configure the Auto Scaling group in different Availability Zones.

C.

Configure the Auto Scaling group to use different Amazon Elastic Block Store (Amazon EBS) volume sizes.

D.

Increase the maximum size of the Auto Scaling group.

E.

Request an increase in the instance service quota

A SysOps administrator receives notification that an application that is running on Amazon
EC2 instances has failed to authenticate to an Amazon RDS database To troubleshoot, the
SysOps administrator needs to investigate AWS Secrets Manager password rotation
Which Amazon CloudWatch log will provide insight into the password rotation?

A.

AWS CloudTrail logs

B.

EC2 instance application logs

C.

AWS Lambda function logs

D.

RDS database logs

A company stores files on 50 Amazon S3 buckets in the same AWS Region. The company
wants to connect to the S3 buckets securely over a private connection from its Amazon
EC2 instances. The company needs a solution that produces no additional cost.
Which solution will meet these requirements?

A.

Create a gateway VPC endpoint for each S3 bucket. Attach the gateway VPC endpoints
to each subnet inside the VPC.

B.

Create an interface VPC endpoint for each S3 bucket. Attach the interface VPC
endpoints to each subnet inside the VPC.

C.

Create one gateway VPC endpoint for all the S3 buckets. Add the gateway VPC
endpoint to the VPC route table.

D.

Create one interface VPC endpoint for all the S3 buckets. Add the interface VPC endpoint to the VPC route table.