Topic 1: Mix Questions
A SysOps administrator needs to implement a backup strategy for Amazon EC2 resources
and Amazon RDS resources. The backup strategy must meet the following retention
requirements:
• Daily backups: must be kept for 6 days
• Weekly backups: must be kept for 4 weeks:
• Monthly backups: must be kept for 11 months
• Yearly backups: must be kept for 7 years
Which backup strategy will meet these requirements with the LEAST administrative effort?
A. Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (Amazon EBS) snapshot policy. Create tags on each resource that needs to be backed up. Create multiple schedules according to the requirements within the policy. Set the appropriate frequency and retention period.
B. Use AWS Backup to create a new backup plan for each retention requirement with a backup frequency of daily, weekly, monthly, or yearly. Set the retention period to match the requirement. Create tags on each resource that needs to be backed up. Set up resource assignment by using the tags.
C. Create an AWS Lambda function. Program the Lambda function to use native tooling to take backups of file systems in Amazon EC2 and to make copies of databases in Amazon RDS. Create an Amazon EventBridge rule to invoke the Lambda function.
D. Use Amazon Data Lifecycle Manager to create an Amazon Elastic Block Store (Amazon EBS) snapshot policy. Create tags on each resource that needs to be backed up. Set up resource assignment by using the tags. Create multiple schedules according to the requirements within the policy. Set the appropriate frequency and retention period. In Amazon RDS, activate automated backups on the required DB instances.
Explanation:
AWS Backup provides a centralized way to manage backups across AWS services. Here's
how to implement the required backup strategy with minimal administrative effort:
Create Backup Plans: Set up different backup plans in AWS Backup, each
configured for a specific backup frequency—daily, weekly, monthly, and yearly.
Set Retention Periods: For each backup plan, configure the retention settings to
align with the required retention durations: 6 days, 4 weeks, 11 months, and 7
years respectively.
Tag Resources: Apply tags to each EC2 and RDS resource that needs to be
backed up. This allows for the automated inclusion of these resources in the
respective backup plans based on their tags.
Assign Resources to Backup Plans: Use the tags to define which resources are
included in each backup plan, ensuring that all necessary resources are backed up
according to the defined schedules and retention policies.
A Sysops administrator configured AWS Backup to capture snapshots from a single Amazon EC2 instance that has one Amazon Elastic Block Store (Amazon EBS) volume attached. On the first snapshot, the EBS volume has 10 GiB of data. On the second snapshot, the EBS volume still contains 10 GiB of data, but 4 GiB have changed. On the third snapshot, 2 GiB of data have been added to the volume, for a total of 12 GiB. How much total storage is required to store these snapshots?
A. 12 GiB
B. 16 GiB
C. 26 GiB
D. 32 GiB
Explanation:
AWS EBS snapshots are incremental, meaning that after the initial full snapshot, only the
blocks that have changed since the last snapshot are saved. Here’s how the storage adds up based on your scenario:
First Snapshot: Captures all 10 GiB of data.
Second Snapshot: Only 4 GiB have changed, so only these changed blocks are
stored.
Third Snapshot: An additional 2 GiB of data are added, making only these new 2
GiB stored.
Thus, the total storage required is 10 GiB (initial snapshot) + 4 GiB (second snapshot) + 2
GiB (third snapshot) = 16 GiB.
A SysOps administrator must configure a resilient tier of Amazon EC2 instances for a high performance computing (HPC) application. The HPC application requires minimum latency between nodes Which actions should the SysOps administrator take to meet these requirements? (Select TWO.)
A. Create an Amazon Elastic File System (Amazon EPS) file system Mount the file system to the EC2 instances by using user data
B. Create a Multi-AZ Network Load Balancer in front of the EC2 instances
C. Place the EC2 instances in an Auto Scaling group within a single subnet
D. Launch the EC2 instances into a cluster placement group
E. Launch the EC2 instances into a partition placement group
A company needs to take an inventory of applications that are running on multiple Amazon EC2 instances. The company has configured users and roles with the appropriate permissions for AWS Systems Manager. An updated version of Systems Manager Agent has been installed and is running on every instance. While configuring an inventory collection, a SysOps administrator discovers that not all the instances in a single subnet are managed by Systems Manager. What must the SysOps administrator do to fix this issue?
A. Ensure that all the EC2 instances have the correct tags for Systems Manager access.
B. Configure AWS Identity and Access Management Access Analyzer to determine and automatically remediate the issue.
C. Ensure that all the EC2 instances have an instance profile with Systems Manager access.
D. Configure Systems Manager to use an interface VPC endpoint.
Explanation: Ensuring that all the EC2 instances have an instance profile with Systems Manager access is the most effective way to fix this issue. Having an instance profile with Systems Manager access will allow the SysOps administrator to configure the inventory collection for all the instances in the subnet, regardless of whether or not they are managed by Systems Manager.
A user working in the Amazon EC2 console increased the size of an Amazon Elastic Block Store (Amazon EBS) volume attached to an Amazon EC2 Windows instance. The change is not reflected in the file system. What should a SysOps administrator do to resolve this issue?
A. Extend the file system with operating system-level tools to use the new storage capacity.
B. Reattach the EBS volume to the EC2 instance.
C. Reboot the EC2 instance that is attached to the EBS volume.
D. Take a snapshot of the EBS volume. Replace the original volume with a volume that is created from the snapshot.
Explanation: After increasing the size of an Amazon EBS volume, the operating system must be configured to use the additional space. For a Windows instance, you need to extend the file system using disk management tools.
A SysOps administrator has Nocked public access to all company Amazon S3 buckets. The SysOps administrator wants to be notified when an S3 bucket becomes publicly readable in the future. What is the MOST operationally efficient way to meet this requirement?
A. Create an AWS Lambda function that periodically checks the public access settings for each S3 bucket. Set up Amazon Simple Notification Service (Amazon SNS) to send notifications.
B. Create a cron script that uses the S3 API to check the public access settings for each S3 bucket. Set up Amazon Simple Notification Service (Amazon SNS) to send notifications
C. Enable S3 Event notified tons for each S3 bucket. Subscribe S3 Event Notifications to an Amazon Simple Notification Service (Amazon SNS) topic.
D. Enable the s3-bucket-public-read-prohibited managed rule in AWS Config. Subscribe the AWS Config rule to an Amazon Simple Notification Service (Amazon SNS) topic.
Explanation: AWS Config can continuously monitor and record your AWS resource configurations. It provides AWS Config rules that automatically check the configuration of AWS resources and notify you of compliance and non-compliance.
A company has created an AWS CloudFormation template that consists of the AWS: EC2 Instance resource and a custom Cloud Formation resource The custom CloudFormation resource is an AWS Lambda function that attempts to run automation on the Amazon EC2 instance. During testing, the Lambda function fails because the Lambda function tries to run before the EC2 instance is launched. Which solution will resolve this issue?
A. Add a DependsOn attribute to the custom resource. Specify the EC2 instance in the DependsOn attribute.
B. Update the custom resource's service token to point to a valid Lambda function
C. Update the Lambda function to use the cfn-response module to send a response to the custom resource.
D. Use the Fn::lf intrinsic function to check for the EC2 instance before the custom resource runs.
Explanation:
DependsOn Attribute in CloudFormation:
The DependsOn attribute in AWS CloudFormation ensures that one resource is
created only after another resource has been successfully created. In this case, it
ensures that the EC2 instance is fully launched before the custom resource (the
Lambda function) is executed.
Steps:
Resources:
MyEC2Instance:
Type: AWS::EC2::Instance
Properties:
# EC2 properties
MyCustomResource:
Type: Custom::MyCustomResource
DependsOn: MyEC2Instance
Properties:
ServiceToken: !GetAtt MyLambdaFunction.Arn
# Other properties
A company has many accounts in an organization in AWS Organizations The company must automate resource provisioning from the organization's management account to the member accounts. Which solution will meet this requirement?
A. Create an AWS CkHJdFormation change set Deploy the change set to all member accounts
B. Create an AWS CtoudFormation nested stack Deploy the nested stack to all member accounts.
C. Create an AWS CtoudFormation stack set Deploy the stack set to all member accounts.
D. Create an AWS Serverless Application Model (AWS SAM) template. Deploy the template to all member accounts.
A company wants to track its AWS costs in all member accounts that are part of an organization in AWS Organizations. Managers of the member accounts want to receive a notification when the estimated costs exceed a predetermined amount each month. The managers are unable to configure a billing alarm. The IAM permissions for all users are correct. What could be the cause of this issue?
A. The management/payer account does not have billing alerts turned on.
B. The company has not configured AWS Resource Access Manager (AWS RAM) to share billing information between the member accounts and the management/payer account.
C. Amazon GuardDuty is turned on for all the accounts.
D. The company has not configured an AWS Config rule to monitor billing.
Explanation:
For member accounts in AWS Organizations to receive notifications about estimated costs
exceeding a predetermined amount, billing alerts must be enabled in the
management/payer account.
A company deploys a new application on three Amazon EC2 instances across three Availability Zones The company uses a Network Load Balancer (NLB) to route traffic lo the EC2 instances. A SysOps administrator must implement a solution so that the EC2 instances allow traffic from only the NLB. What should the SysOps administrator do to meet these requirements with the LEAST operational overhead?
A. Configure the security group that is associated with the EC2 instances to allow traffic from only the security group that is associated with the NLB.
B. Configure the security group that is associated with the EC2 instances to allow traffic from only the elastic network interfaces that are associated with the NLB.
C. Create a network ACL. Associate the network ACL with the application subnets. Configure the network ACL to allow inbound traffic from only the CIDR ranges of the NLB.
D. Use a third-party firewall solution that is installed on a separate EC2 instance. Configure a firewall rule that allows traffic to the application's EC2 instances from only the subnets where the NLB is deployed
| Page 16 out of 49 Pages |
| Previous |
Copyright © - All Rights Reserved