A SysOps administrator is helping a development team deploy an application to AWS Trie
AWS CloudFormat on temp ate includes an Amazon Linux EC2 Instance an Amazon
Aurora DB cluster and a hard coded database password that must be rotated every 90
days
What is the MOST secure way to manage the database password?

A.

Use the AWS SecretsManager Secret resource with the GenerateSecretString property
to automatically generate a password Use the AWS SecretsManager RotationSchedule
resource lo define a rotation schedule lor the password Configure the application to retrieve
the secret from AWS Secrets Manager access the database

B.

Use me AWS SecretsManager Secret resource with the SecretStrmg property Accept a
password as a CloudFormation parameter Use the AllowedPatteen property of the
CloudFormaton parameter to require e minimum length, uppercase and lowercase letters
and special characters Configure me application to retrieve the secret from AWS Secrets
Manager to access the database

C.

Use the AWS SSM Parameter resource Accept input as a Qoudformatton parameter to
store the parameter as a secure sting Configure the application to retrieve the parameter
from AWS Systems Manager Parameter Store to access the database

D.

Use me AWS SSM Parameter resource Accept input as a Cloudf ormetton parameter to
store the parameter as a string Configure the application to retrieve the parameter from
AWS Systems Manager Parameter Store to access the database

A SysOps administrator applies the following policy to an AWS CloudFormation stack:

What is the result of this policy?

A.

Users that assume an IAM role with a logical ID that begins with "Production" are prevented from running the update-stack command.

B.

Users can update all resources in the stack except for resources that have a logical ID that begins with "Production".

C.

Users can update all resources in the stack except for resources that have an attribute that begins with "Production".

D.

Users in an IAM group with a logical ID that begins with "Production" are prevented from running the update-stack command.

An application team uses an Amazon Aurora MySQL DB cluster with one Aurora Replica.
The application team notices that the application read performance degrades when user
connections exceed 200. The number of user connections is typically consistent around
180. with occasional sudden increases above 200 connections. The application team wants
the application to automatically scale as user demand increases or decreases.
Which solution will meet these requirements?

A.

Migrate to a new Aurora multi-master DB cluster. Modify the application database connection string.

B.

Modify the DB cluster by changing to serverless mode whenever user connections

C.

Create an auto scaling policy with a target metric of 195 DatabaseConnections

D.

Modify the DB cluster by increasing the Aurora Replica instance size.

A SysOps administrator is provisioning an Amazon Elastic File System (Amazon EFS) file
system to provide shared storage across multiple Amazon EC2 instances The instances all
exist in the same VPC across multiple Availability Zones. There are two instances In each
Availability Zone. The SysOps administrator must make the file system accessible to each
instance with the lowest possible latency.
Which solution will meet these requirements?

A.

Create a mount target for the EFS file system in the VPC. Use the mount target to
mount the file system on each of the instances

B.

Create a mount target for the EFS file system in one Availability Zone of the VPC. Use
the mount target to mount the file system on the instances in that Availability Zone. Share
the directory with the other instances.

C.

Create a mount target for each instance. Use each mount target to mount the EFS file
system on each respective instance.

D.

Create a mount target in each Availability Zone of the VPC Use the mount target to mount the EFS file system on the Instances in the respective
Availability Zone.

A company is expanding its fleet of Amazon EC2 instances before an expected increase of traffic. When a SysOps administrator attempts to add more instances, an InstanceLimitExceeded error is returned.
What should the SysOps administrator do to resolve this error?

A.

Add an additional CIDR block to the VPC.

B.

Launch the EC2 instances in a different Availability Zone.

C.

Launch new EC2 instances in another VPC.

D.

Use Service Quotas to request an EC2 quota increase

A company is releasing a new static website hosted on Amazon S3. The static website
hosting feature was enabled on the bucket and content was uploaded: however, upon
navigating to the site, the following error message is received:
403 Forbidden - Access Denied
What change should be made to fix this error?

A.

Add a bucket policy that grants everyone read access to the bucket.

B.

Add a bucket policy that grants everyone read access to the bucket objects.

C.

Remove the default bucket policy that denies read access to the bucket.

D.

Configure cross-origin resource sharing (CORS) on the bucket.

A company has mandated the use of multi-factor authentication (MFA) for all IAM users,
and requires users to make all API calls using the CLI. However. users are not prompted to
enter MFA tokens, and are able to run CLI commands without MFA. In an attempt to
enforce MFA, the company attached an IAM policy to all users that denies API calls that
have not been authenticated with MFA.
What additional step must be taken to ensure that API calls are authenticated using MFA?

A.

Enable MFA on IAM roles, and require IAM users to use role credentials to sign API calls.

B.

Ask the IAM users to log into the AWS Management Console with MFA before making API calls using the CLI.

C.

Restrict the IAM users to use of the console, as MFA is not supported for CLI use.

D.

Require users to use temporary credentials from the get-session token command to sign API calls.

A recent audit found that most resources belonging to the development team were in
violation of patch compliance standards The resources were properly tagged Which service
should be used to quickly remediate the issue and bring the resources back into
compliance?

A.

AWS Config

B.

Amazon Inspector

C.

AWS Trusted Advisor

D.

AWS Systems Manager

A company is partnering with an external vendor to provide data processing services. For
this integration, the vendor must host the company's data in an Amazon S3 bucket in the
vendor's AWS account. The vendor is allowing the company to provide an AWS Key
Management Service (AWS KMS) key to encrypt the company's data. The vendor has
provided an IAM role Amazon Resource Name (ARN) to the company for this integration.
What should a SysOps administrator do to configure this integration?

A.

Create a new KMS key. Add the vendor's IAM role ARN to the KMS key policy. Provide
the new KMS key ARN to the vendor.

B.

Create a new KMS key. Create a new IAM user. Add the vendor's IAM role ARN to an
inline policy that is attached to the IAM user. Provide the new IAM user ARN to the vendor.

C.

Configure encryption using the KMS managed S3 key. Add the vendor's IAM role ARN
to the KMS managed S3 key policy. Provide the KMS managed S3 key ARN to the vendor.

D.

Configure encryption using the KMS managed S3 key. Create an S3 bucket. Add the
vendor's IAM role ARN to the S3 bucket policy. Provide the S3 bucket ARN to the vendor.

A large company is using AWS Organizations to manage its multi-account AWS
environment. According to company policy, all users should have read-level access to a
particular Amazon S3 bucket in a central account. The S3 bucket data should not be
available outside the organization. A SysOps administrator must set up the permissions
and add a bucket policy to the S3 bucket.
Which parameters should be specified to accomplish this in the MOST efficient manner?

A.

Specify '*' as the principal and PrincipalOrgld as a condition.

B.

Specify all account numbers as the principal.

C.

Specify PrincipalOrgld as the principal.

D.

Specify the organization's management account as the principal