A company has a high performance computing (HPC) application that runs on Amazon EC2 instances. The application requires minimum latency and maximum network throughput between nodes.
How should a SysOps administrator deploy the EC2 instances to meet these requirements?

A. Use a cluster placement group in a single Availability Zone.

B. Use a cluster placement group across multiple Availability Zones.

C. Use a partition placement group in a single Availability Zone.

D. Use a partition placement group across multiple Availability Zones.

A SysOps administrator is using Amazon EC2 instances to host an application. The SysOps administrator needs to grant permissions for the application to access an Amazon DynamoDB table.
Which solution will meet this requirement?

A. Create access keys to access the DynamoDB table. Assign the access keys to the EC2 instance profile.

B. Create an EC2 key pair to access the DynamoDB table. Assign the key pair to the EC2 instance profile.

C. Create an IAM user to access the DynamoDB table. Assign the IAM user to the EC2 instance profile.

D. Create an IAM role to access the DynamoDB table. Assign the IAM role to the EC2 instance profile.

A SysOps administrator has used flaws CloudFormation to deploy a serverless application into a production VPC. The application consists of an flaws Lambda function, an Amazon DynamoDB table, and an Amazon API Gateway API. The SysOps administrator must delete the flaws CloudFormation stack without deleting the DynamoDB table.
Which action should the SysOps administrator take before deleting the flaws CloudFormation stack?

A. Add a Retain deletion policy to the DynamoDB resource in the flaws CloudFormation stack.

B. Add a Snapshot deletion policy to the DynamoDB resource in the flaws CloudFormation stack.

C. Enable termination protection on the flaws CloudFormation stack.

D. Update the application’s IAM policy with a Deny statement for the dynamodb:DeleteTable action.

A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability for an on-premises website. The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns 2xx or 3xx HTTP codes. All other traffic should be directed to the secondary passive server. The failover record type, set ID, and routing policy have been set appropriately for both primary and secondary servers.
Which next step should be taken to configure Route 53?

A. Create an A record for each server. Associate the records with the Route 53 HTTP health check.

B. Create an A record for each server. Associate the records with the Route 53 TCP health check.

C. Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 HTTP health check.

D. Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 TCP health check.

A company uses flaws CloudFormation templates to deploy cloud infrastructure. An analysis of all the company's templates shows that the company has declared the same components in multiple templates. A SysOps administrator needs to create dedicated templates that have their own parameters and conditions for these common components.
Which solution will meet this requirement?

A. Develop a CloudFormation change set.

B. Develop CloudFormation macros.

C. Develop CloudFormation nested stacks.

D. Develop CloudFormation stack sets.

A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations.
What should a SysOps administrator do to implement this requirement?

A. Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the flaws Management Console.

B. Develop an IAM policy that limits the business units to provision EC2 instances only. Instruct the business units to launch instances by using an flaws CloudFormation template.

C. Publish a product and launch constraint role for EC2 instances by using flaws Service Catalog. Allow the business units to perform actions in flaws Service Catalog only.

D. Share an flaws CloudFormation template with the business units. Instruct the business units to pass a role to flaws CloudFormation to allow the service to manage EC2 instances.

A company is running an ecommerce application on flaws. The application maintains many open but idle connections to an Amazon Aurora DB cluster. During times of peak usage, the database produces the following error message: "Too many connections." The database clients are also experiencing errors.
Which solution will resolve these errors?

A. Increase the read capacity units (RCUs) and the write capacity units (WCUs) on the database.

B. Configure RDS Proxy. Update the application with the RDS Proxy endpoint.

C. Turn on enhanced networking for the DB instances.

D. Modify the DB cluster to use a burstable instance type.

A SysOps administrator has set up a new Amazon EC2 instance as a web server in a public subnet. The instance uses HTTP port 80 and HTTPS port 443.
The SysOps administrator has confirmed internet connectivity by downloading operating system updates and software from public repositories. However, the SysOps administrator cannot access the instance from a web browser on the internet.
Which combination of steps should the SysOps administrator take to troubleshoot this issue? (Choose three.)

A. Ensure that the inbound rules of the instance’s security group allow traffic on ports 80 and 443.

B. Ensure that the outbound rules of the instance’s security group allow traffic on ports 80 and 443.

C. Ensure that ephemeral ports 1024-65535 are allowed in the inbound rules of the network ACL that is associated with the instance’s subnet.

D. Ensure that ephemeral ports 1024-65535 are allowed in the outbound rules of the network ACL that is associated with the instance’s subnet.

E. Ensure that the filtering rules for any firewalls that are running on the instance allow inbound traffic on ports 80 and 443.

F. Ensure that flaws WAF is turned on for the instance and is blocking web traffic.

A company has an infernal web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto
Scaling group in a single Availability Zone. A SysOps administrator must make the application highly available.
Which action should the SysOps administrator take to meet this requirement?

A. Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.

B. Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.

C. Update the Auto Scaling group to launch new instances in a second Availability Zone in the same flaws Region.

D. Update the Auto Scaling group to launch new instances in an Availability Zone in a second flaws Region.

A company with multiple flaws accounts needs to obtain recommendations for flaws Lambda functions and identify optimal resource configurations for each Lambda function.
How should a SysOps administrator provide these recommendations?

A. Create an flaws Serverless Application Repository and export the Lambda function recommendations.

B. Enable flaws Compute Optimizer and export the Lambda function recommendations.

C. Enable all features of flaws Organizations and export the recommendations from flaws CloudTrail Insights.

D. Run flaws Trusted Advisor and export the Lambda function recommendations.

A company runs a retail website on multiple Amazon EC2 instances behind an Application Load Balancer (ALB). The company must secure traffic to the website over an HTTPS connection.
Which combination of actions should a SysOps administrator take to meet these requirements? (Choose two.)

A. Attach the certificate to each EC2 instance.

B. Attach the certificate to the ALB.

C. Create a private certificate in flaws Certificate Manager (ACM).

D. Create a public certificate in flaws Certificate Manager (ACM).

E. Export the certificate, and attach it to the website.

A SysOps administrator is responsible for the security of a company's flaws account. The company has a policy that a user may stop or terminate Amazon EC2 instances only when the user is authenticated by using a multi-factor authentication (MFA) device.
Which policy should the SysOps administrator apply to meet this requirement?

A SysOps administrator is responsible for a large fleet of Amazon EC2 instances and must know whether any instances will be affected by upcoming hardware maintenance.
Which option would provide this information with the LEAST administrative overhead?

A. Deploy a third-party monitoring solution to provide real-time EC2 instance monitoring.

B. List any instances with failed system status checks using the flaws Management Console.

C. Monitor flaws CloudTrail for StopInstances API calls.

D. Review the flaws Personal Health Dashboard.

A company's SysOps administrator maintains a highly available environment. The environment includes Amazon EC2 instances and an Amazon RDS Multi-AZ database. The EC2 instances are in an Auto Scaling group behind an Application Load Balancer.
Recently, the company conducted a failover test. The SysOps administrator needs to decrease the failover time of the RDS database by at least 10%.
Which solution will meet this requirement?

A. Increase the RDS instance size.

B. Modify the RDS cluster to run in a single Availability Zone.

C. Create a read replica in another flaws Region. Promote the read replica in case of failure.

D. Create an RDS proxy. Point the application to the proxy endpoint.

A SysOps administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically. Currently, the application is deployed on a single t3.large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency after a few minutes.
What change should be made to alleviate the performance problem?

A. Change the Amazon EBS volume to Provisioned IOPs.

B. Upgrade to a compute-optimized instance.

C. Add additional t2.large instances to the application.

D. Purchase Reserved Instances.

A company uses flaws Organizations. A SysOps administrator wants to use flaws Compute Optimizer and flaws tag policies in the management account to govern all member accounts in the billing family. The SysOps administrator navigates to the flaws Organizations console but cannot activate tag policies through the management account.
What could be the reason for this issue?

A. All features have not been enabled in the organization.

B. Consolidated billing has not been enabled.

C. The member accounts do not have tags enabled for cost allocation.

D. The member accounts have not manually enabled trusted access for Compute Optimizer.

A company has a critical serverless application that uses multiple flaws Lambda functions. Each Lambda function generates 1 GB of log data daily in its own Amazon CloudWatch Logs log group. The company's security team asks for a count of application errors, grouped by type, across all of the log groups.
What should a SysOps administrator do to meet this requirement?

A. Perform a CloudWatch Logs Insights query that uses the stats command and count function.

B. Perform a CloudWatch Logs search that uses the groupby keyword and count function.

C. Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords.

D. Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.

A company’s architecture team must receive immediate email notification whenever new Amazon EC2 instances are launched in the company's main flaws production account.
‘What should a SysOps administrator do to meet this requirement?

A. Create a user data script that sends an email message through a smart host connector. Include the architecture team’s email address in the user data script as the recipient. Ensure that all new EC2 instances include the user data script as part of a standardized build process.

B. Create an Amazon Simple Notification Service (Amazon SNS) topic and a subscription that uses the email protocol. Enter the architecture team’s email address as the subscriber. Create an Amazon EventBridge rule that reacts when EC2 instances are launched. Specify the SNS topic as the rule’s target.

C. Create an Amazon Simple Queue Service (Amazon SQS) queue and a subscription that uses the email protocol. Enter the architecture team’s email address as the subscriber. Create an Amazon EventBridge rule that reacts when EC2 instances are launched. Specify the SQS queue as the rule’s target.

D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure flaws Systems Manager to publish EC2 events to the SNS topic. Create an flaws Lambda function to poll the SNS topic. Configure the Lambda function to send any messages to the architecture team’s email address.

A company has an application that collects notifications from thousands of alarm systems. The notifications include alarm notifications and information notifications. The information notifications include the system arming processes, disarming processes, and sensor status.
All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS) queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. A SysOps administrator needs to implement a solution that prioritizes alarm notifications over information notifications.
Which solution will meet these requirements?

A. Adjust the Auto Scaling group to scale faster when a high number of messages is in the queue.

B. Use the Amazon Simple Notification Service (Amazon SNS) fanout feature with Amazon SQS to send the notifications in parallel to all the C2 instances

C. Add an Amazon DynamoDB stream to accelerate the message processing

D. Create a queue for alarm notifications and a queue for information notifications. Update the application to collect messages from the alarm notifications queue first.

A company is using Amazon CloudFront to serve static content for its web application to its users. The CloudFront distribution uses an existing on-premises website as a custom origin.
The company requires the use of TLS between CloudFront and the origin server. This configuration has worked as expected for several months. However, users are now experiencing HTTP 502 (Bad Gateway) errors when they view webpages that include content from the CloudFront distribution.
What should a SysOps administrator do to resolve this problem?

A. Examine the expiration date on the certificate on the origin site. Validate that the certificate has not expired. Replace the certificate if necessary.

B. Examine the hostname on the certificate on the origin site. Validate that the hostname matches one of the hostnames on the CloudFront distribution. Replace the certificate if necessary.

C. Examine the firewall rules that are associated with the origin server. Validate that port 443 is open for inbound traffic from the internet. Create an inbound rule if necessary.

D. Examine the network ACL rules that are associated with the CloudFront distribution. Validate that port 443 is open for outbound traffic to the origin server. Create an outbound rule if necessary.

A company uses flaws Organizations to host several applications across multiple flaws accounts. Several teams are responsible for building and maintaining the infrastructure of the applications across the flaws accounts.
A SysOps administrator must implement a solution to ensure that user accounts and permissions are centrally managed. The solution must be integrated with the company's existing on-premises Active Directory environment. The SysOps administrator already has enabled flaws IAM Identity Center (flaws Single Sign-On) and has set up an flaws Direct Connect connection.
What is the MOST operationally efficient solution that meets these requirements?

A. Create a Simple AD domain, and establish a forest trust relationship with the on-premises Active Directory domain. Set the Simple AD domain as the identity source for IAM Identity Center. Create the required role-based permission sets. Assign each group of users to the flaws accounts that the group will manage.

B. Create an Active Directory domain controller on an Amazon EC2 instance that is joined to the on-premises Active Directory domain. Set the Active Directory domain controller as the identity source for IAM Identity Center. Create the required role-based permission sets. Assign each group of users to the flaws accounts that the group will manage.

C. Create an AD Connector that is associated with the on-premises Active Directory domain. Set the AD Connector as the identity source for IAM Identity Center. Create the required role-based permission sets. Assign each group of users to the flaws accounts that the group will manage.

D. Use the built-in SSO directory as the identity source for IAM Identity Center. Copy the users and groups from the on-premises Active Directory domain. Create the required role-based permission sets. Assign each group of users to the flaws accounts that the group will manage.

A developer creates an flaws Lambda function that runs when an object is put into an Amazon S3 bucket. The function reformats the object and places the object back into the S3 bucket. During testing, the developer notices a recursive invocation loop. The developer asks a SysOps administrator to immediately stop the recursive invocations.
What should the SysOps administrator do to stop the loop without errors?

A. Delete all the objects from the S3 bucket.

B. Set the function’s reserved concurrency to 0.

C. Update the S3 bucket policy to deny access for the function.

D. Publish a new version of the function.

A company runs a web application on three Amazon EC2 instances behind an Application Load Balancer (ALB). The company notices that random periods of increased traffic cause a degradation in the application’s performance. A SysOps administrator must scale the application to meet the increased traffic.
Which solution meets these requirements?

A. Create an Amazon CloudWatch alarm to monitor application latency and increase the size of each EC2 instance if the desired threshold is reached.

B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to monitor application latency and add an EC2 instance to the ALB if the desired threshold is reached.

C. Deploy the application to an Auto Scaling group of EC2 instances with a target tracking scaling policy. Attach the ALB to the Auto Scaling group.

D. Deploy the application to an Auto Scaling group of EC2 instances with a scheduled scaling policy. Attach the ALB to the Auto Scaling group.

A company wants to prohibit its developers from using a particular family of Amazon EC2 instances. The company uses flaws Organizations and wants to apply the restriction across multiple accounts.
What is the MOST operationally efficient way for the company to apply service control policies (SCPs) to meet these requirements?

A. Add the accounts to an organizational unit (OU). Apply the SCPs to the OU.

B. Add the accounts to resource groups in flaws Resource Groups. Apply the SCPs to the resource groups.

C. Apply the SCPs to each developer account

D. Enroll the accounts with flaws Control Tower. Apply the SCPs to the flaws Control Tower management account.

A company has a hybrid environment. The company has set up an flaws Direct Connect connection between the company's on-premises data center and a workload that runs in a VPC. The company uses Amazon Route 53 for DNS on flaws. The company uses a private hosted zone to manage DNS names for a set of services that are hosted on flaws.
The company wants the on-premises servers to use Route 53 for DNS resolution of the private hosted zone.
Which solution will meet these requirements?

A. Create a Route 53 inbound endpoint. Ensure that security groups and routing allow the traffic from the on-premises data center. Configure the DNS server on the on-premises network to conditionally forward DNS queries for the private hosted zone’s domain name to the IP addresses of the inbound endpoint.

B. Create a Route 53 outbound endpoint. Ensure that security groups and routing allow the traffic from the VPC. Configure the DNS server on the on-premises network to conditionally forward DNS queries for the private hosted zone’s domain name to the IP addresses of the outbound endpoint.

C. Edit the private hosted zone in Route 53 with a TXT record that references the on-premises DNS servers. Configure the DNS server on the on-premises network to conditionally forward DNS queries for the private hosted zone’s domain name to the base of the VPC CIDR IPv4 network range, plus two.

D. Edit the private hosted zone in Route 53 with a PTR record that references the on-premises DNS servers. Configure the DNS server on the on-premises network to conditionally forward DNS queries for the private hosted zone’s domain name to the base of the VPC CIDR IPv4 network range, plus two.

A company is using Amazon Elastic Container Service (Amazon ECS) to run a containerized application on Amazon EC2 instances. A SysOps administrator needs to monitor only traffic flows between the ECS tasks.
Which combination of steps should the SysOps administrator take to meet this requirement? (Choose two.)

A. Configure Amazon CloudWatch Logs on the elastic network interface of each task.

B. Configure VPC Flow Logs on the elastic network interface of each task.

C. Specify the awsvpc network mode in the task definition.

D. Specify the bridge network mode in the task definition.

E. Specify the host network mode in the task definition.

A company runs an application on Amazon EC2 instances that are in an Amazon EC2 Auto Scaling group. Scale-out actions take a long time to become complete because of long-running boot scripts. A SysOps administrator must implement a solution to reduce the required time for scale-out actions without overprovisioning the Auto Scaling group.
Which solution will meet these requirements?

A. Change the launch configuration to use a larger instance size.

B. Increase the minimum number of instances in the Auto Scaling group.

C. Add a predictive scaling policy to the Auto Scaling group.

D. Add a warm pool to the Auto Scaling group.

A SysOps administrator must configure Amazon S3 to host a simple nonproduction webpage. The SysOps administrator has created an empty S3 bucket from the
flaws Management Console. The S3 bucket has the default configuration in place.
Which combination of actions should the SysOps administrator take to complete this process? (Choose two.)

A. Configure the S3 bucket by using the “Redirect requests for an object” functionality to point to the bucket root URL.

B. Turn off the “Block all public access” setting. Allow public access by using a bucket ACL that contains WEBSITE.

C. Turn off the “Block all public access” setting. Allow public access by using a bucket ACL that allows access to the AuthenticatedUsers grantee.

D. Turn off the “Block all public access” setting. Set a bucket policy that allows “Principal”: the s3:GetObject action.

E. Create an index.html document. Configure static website hosting, and upload the index document to the S3 bucket.

A SysOps administrator launches an Amazon EC2 Linux instance in a public subnet. When the instance is running, the SysOps administrator obtains the public IP address and attempts to remotely connect to the Instance multiple times. However, the SysOps administrator always receives a timeout error.
Which action will allow the SysOps administrator to remotely connect to the instance?

A. Add a route table entry in the public subnet for the SysOps administrator’s IP address.

B. Add an outbound network ACL rule to allow TCP port 22 for the SysOps administrator’s IP address.

C. Modify the instance security group to allow inbound SSH traffic from the SysOps administrator’s IP address.

D. Modify the instance security group to allow outbound SSH traffic to the SysOps administrator’s IP address.

A company applies user-defined tags to resources that are associated with the company's flaws workloads. Twenty days after applying the tags, the company notices that it cannot use the tags to filter views in the flaws Cost Explorer console.
What is the reason for this issue?

A. It takes at least 30 days to be able to use tags to filter views in Cost Explorer.

B. The company has not activated the user-defined tags for cost allocation.

C. The company has not created an flaws Cost and Usage Report.

D. The company has not created a usage budget in flaws Budgets.

A SysOps administrator has an flaws CloudFormation template that is used to deploy an encrypted Amazon Machine Image (AMI). The CloudFormation template will be used in a second account so the SysOps administrator copies the encrypted AMI to the second account. When launching the new CloudFormation stack in the second account, it fails.
Which action should the SysOps administrator take to correct the issue?

A. Change the AMI permissions to mark the AMI as public.

B. Deregister the AMI in the source account.

C. Re-encrypt the destination AMI with an flaws Key Management Service (flaws KMS) key from the destination account.

D. Update the CloudFormation template with the ID of the AMI in the destination account.

A company recently acquired another corporation and all of that corporation's flaws accounts. A financial analyst needs the cost data from these accounts. A
SysOps administrator uses Cost Explorer to generate cost and usage reports. The SysOps administrator notices that "No Tagkey" represents 20% of the monthly cost.
What should the SysOps administrator do to tag the "No Tagkey" resources?

A. Add the accounts to flaws Organizations. Use a service control policy (SCP) to tag all the untagged resources.

B. Use an flaws Config rule to find the untagged resources. Set the remediation action to terminate the resources.

C. Use Cost Explorer to find and tag all the untagged resources.

D. Use Tag Editor to find and tag all the untagged resources.

A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps administrator inspects the VPC flow logs and finds the following entry:
What is a possible cause of these failed connections?

A. A security group deny rule is blocking traffic on port 443.

B. The EC2 instance is shut down.

C. The network ACL is blocking HTTPS traffic.

D. The VPC has no internet gateway attached.

A SysOps administrator needs to deploy an application in multiple flaws Regions. The SysOps administrator must implement a solution that routes users to the Region with the lowest latency. In case of failure, the solution must automatically route requests to a Region with a healthy instance of the application. The company needs a solution with the shortest time to failover.
Which solution will meet these requirements?

A. Create Amazon Route 53 A records that have the same name for each endpoint. Use a latency routing policy. Associate a health check with each record.

B. Create Amazon Route 53 A records that have the same name for each endpoint. Use a failover routing policy. Associate a health check with each record.

C. Create an flaws Global Accelerator standard accelerator. Create an endpoint group for each Region. Add a listener to the accelerator. Associate the endpoint group with the listener.

D. Create Amazon Route 53 A records that have the same name for each endpoint. Use a geolocation routing policy. Associate a health check with each record.

A company uses an Amazon Simple Queue Service (Amazon SQS) standard queue with its application. The application sends messages to the queue with unique message bodies. The company decides to switch to an SQS FIFO queue.
What must the company do to migrate to an SQS FIFO queue?

A. Create a new SQS FIFO queue. Turn on content-based deduplication on the new FIFO queue. Update the application to include a message group ID in the messages.

B. Create a new SQS FIFO queue. Update the application to include the DelaySeconds parameter in the messages.

C. Modify the queue type from SQS standard to SQS FIFO. Turn off content-based deduplication on the queue. Update the application to include a message group ID in the messages.

D. Modify the queue type from SQS standard to SQS FIFO. Update the application to send messages with identical message bodies and to include the DelaySeconds parameter in the messages.

A company hosts a continuous integration and continuous delivery (CI/CD) environment on flaws. The CI/CD environment includes a Jenkins server that is hosted on an Amazon EC2 instance. A 500 GB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volume is attached to the EC2 instance.
Because of disk throughput limitations, the Jenkins server reports performance issues that are resulting in slower builds on the server. The EBS volume needs to sustain 3,000 IOPS while performing nightly build tasks.
A SysOps administrator examines the server's history in Amazon CloudWatch. The BurstBalance metric has had a value of 0 during nightly builds. The SysOps administrator needs to improve the performance and meet the sustained throughput requirements.
Which solution will meet these requirements MOST cost-effectively?

A. Double the gp2 EBS volume size from 500 GB to 1,000 GB.

B. Change the volume type from gp2 to General Purpose SSD (gp3).

C. Change the volume type from gp2 to Throughput Optimized HDD (st1).

D. Change the volume type from gp2 to Provisioned IOPS SSD (io2).

A company runs an application on Amazon EC2 instances. The EC2 instances are in an Auto Scaling group and run behind an Application Load Balancer (ALB). The application experiences errors when total requests exceed 100 requests per second. A SysOps administrator must collect information about total requests for a 2-week period to determine when requests exceeded this threshold.
What should the SysOps administrator do to collect this data?

A. Use the ALB’s RequestCount metric. Configure a time range of 2 weeks and a period of 1 minute. Examine the chart to determine peak traffic times and volumes.

B. Use Amazon CloudWatch metric math to generate a sum of request counts for all the EC2 instances over a 2-week period. Sort by a 1-minute interval.

C. Create Amazon CloudWatch custom metrics on the EC2 launch configuration templates to create aggregated request metrics across all the EC2 instances.

D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule. Configure an EC2 event matching pattern that creates a metric that is based on EC2 requests. Display the data in a graph.

A SysOps administrator is preparing to deploy an application to Amazon EC2 instances that are in an Auto Scaling group. The application requires dependencies to be installed. Application updates are issued weekly.
The SysOps administrator needs to implement a solution to incorporate the application updates on a regular basis. The solution also must conduct a vulnerability scan during Amazon Machine Image (AMI) creation.
What is the MOST operationally efficient solution that meets these requirements?

A. Create a script that uses Packer. Schedule a cron job to run the script.

B. Install the application and its dependencies on an EC2 instance. Create an AMI of the EC2 instance.

C. Use EC2 Image Builder with a custom recipe to install the application and its dependencies.

D. Invoke the EC2 CreateImage API operation by using an Amazon EventBridge scheduled rule.

A company is building an interactive application for personal finance. The application stores financial data in Amazon S3, and the data must be encrypted. The company does not want to provide its own encryption keys. However, the company wants to maintain an audit trail that shows when an encryption key was used and who used the key.
Which solution will meet these requirements?

A. Use client-side encryption with client-provided keys. Upload the encrypted user data to Amazon S3.

B. Use server-side encryption with S3 managed encryption keys (SSE-S3) to encrypt the user data on Amazon S3.

C. Use server-side encryption with customer-provided encryption keys (SSE-C) to encrypt the user data on Amazon S3.

D. Use server-side encryption with flaws KMS managed encryption keys (SSE-KMS) to encrypt the user data on Amazon S3.

A developer creates a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The developer reviews the deployment and notices some suspicious traffic to the application. The traffic is malicious and is coming from a single public IP address. A SysOps administrator must block the public IP address.
Which solution will meet this requirement?

A. Create a security group rule to deny all inbound traffic from the suspicious IP address. Associate the security group with the ALB.

B. Implement Amazon Detective to monitor traffic and to block malicious activity from the internet. Configure Detective to integrate with the ALB.

C. Implement flaws Resource Access Manager (flaws RAM) to manage traffic rules and to block malicious activity from the internet. Associate flaws RAM with the ALB.

D. Add the malicious IP address to an IP set in flaws WAF. Create a web ACL. Include an IP set rule with the action set to BLOCK. Associate the web ACL with the ALB.

A SysOps administrator wants to use flaws Systems Manager Patch Manager to automate the process of patching Amazon EC2 Windows instances. The SysOps administrator wants to ensure that patches are auto-approved 2 days after the release date for development instances. Patches also must be auto-approved 5 days after the release date for production instances. Maintenance must occur only during a 2-hour window for all instances.
Which solution will meet these requirements?

A. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and one patch baseline. Add an auto-approval delay to each patch group. Create a single maintenance window.

B. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and two patch baselines. Specify an auto-approval delay in each of the patch baselines. Create a single maintenance window.

C. Use tags to identity development instances and production instances. In Patch Manager, create two patch groups and one patch baseline, Create two separate maintenance windows, each with an auto-approval delay.

D. Use tags to identify development instances. In Patch Manager, create one patch group and one patch baseline. Specify auto-approval delays in the patch baseline, Add development instances to the new patch group. Use predefined Patch Manager patch baselines for all remaining instances. Create a single maintenance window.

A SysOps administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a company's account. The administrator must be alerted to potential issues.
What should the administrator do to receive email alerts before low storage space affects EC2 instance performance?

A. Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications.

B. Use flaws CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic.

C. Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic.

D. Use flaws Trusted Advisor and enable email notification alerts for EC2 disk space.

A company wants to use only IPv6 for all its Amazon EC2 instances. The EC2 instances must not be accessible from the internet, but the EC2 instances must be able to access the internet. The company creates a dual-stack VPC and IPv6-only subnets.
How should a SysOps administrator configure the VPC to meet these requirements?

A. Create and attach a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.

B. Create and attach an internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway. Attach the custom route table to the IPv6-only subnets.

C. Create and attach an egress-only internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the egress-only internet gateway. Attach the custom route table to the IPv6-only subnets.

D. Create and attach an internet gateway and a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway and all IPv4 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.

A company’s SysOps administrator must ensure that all Amazon EC2 Windows instances that are launched in an flaws account have a third-party agent installed. The third-party agent has an .msi package. The company uses flaws Systems Manager for patching, and the Windows instances are tagged appropriately. The third-party agent requires periodic updates as new versions are released. The SysOps administrator must deploy these updates automatically.
Which combination of steps will meet these requirements with the LEAST operational effort? (Choose two.)

A. Create a Systems Manager Distributor package for the third-party agent.

B. Make sure that Systems Manager Inventory is configured. If Systems Manager Inventory is not configured, set up a new inventory for instances that is based on the appropriate tag value for Windows.

C. Create a Systems Manager State Manager association to run the flaws-RunRemoteScript document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day.

D. Create a Systems Manager State Manager association to run the flaws-ConfigureAWSPackage document. Populate the details of the third-party agent package. Specify instance tags based on the appropriate tag value for Windows with a schedule of 1 day.

E. Create a Systems Manager OpsItem with the tag value for Windows. Attach the Systems Manager Distributor package to the OpsItem. Create a maintenance window that is specific to the package deployment. Configure the maintenance window to cover 24 hours a day.

A SysOps administrator must create an IAM policy for a developer who needs access to specific flaws services. Based on the requirements, the SysOps administrator creates the following policy:
Which actions does this policy allow? (Choose two.)

A. Create an flaws Storage Gateway.

B. Create an IAM role for an flaws Lambda function.

C. Delete an Amazon Simple Queue Service (Amazon SQS) queue.

D. Describe flaws load balancers.

E. Invoke an flaws Lambda function.

A SysOps administrator needs to create a report that shows how many bytes are sent to and received from each target group member for an Application Load Balancer (ALB).
Which combination of steps should the SysOps administrator take to meet these requirements? (Choose two.)

A. Enable access logging for the ALB. Save the logs to an Amazon S3 bucket.

B. Install the Amazon CloudWatch agent on the instances in the target group.

C. Use Amazon Athena to query the ALB logs. Query the table. Use the received_bytes and sent_bytes fields to calculate the total bytes grouped by the target port field.

D. Use Amazon Athena to query the ALB logs. Query the table. Use the received_bytes and sent_bytes fields to calculate the total bytes grouped by the client port field.

E. Create an Amazon CloudWatch dashboard that shows the Sum statistic of the ProcessedBytes metric for the ALB.

A company has a stateless application that is hosted on a fleet of 10 Amazon EC2 On-Demand Instances in an Auto Scaling group. A minimum of 6 instances are needed to meet service requirements.
Which action will maintain uptime for the application MOST cost-effectively?

A. Use a Spot Fleet with an On-Demand capacity of 6 instances.

B. Update the Auto Scaling group with a minimum of 6 On-Demand Instances and a maximum of 10 On-Demand Instances.

C. Update the Auto Scaling group with a minimum of 1 On-Demand Instance and a maximum of 6 On-Demand Instances.

D. Use a Spot Fleet with a target capacity of 6 instances.

An application runs on Amazon EC2 instances in an Auto Scaling group. Following the deployment of a new feature on the EC2 instances, some instances were marked as unhealthy and then replaced by the Auto Scaling group. The EC2 instances terminated before a SysOps administrator could determine the cause of the health status changes. To troubleshoot this issue, the SysOps administrator wants to ensure that an flaws Lambda function is invoked in this situation.
How should the SysOps administrator meet these requirements?

A. Activate the instance scale-in protection setting for the Auto Scaling group. Invoke the Lambda function through Amazon EventBridge (Amazon CloudWatch Events).

B. Activate the instance scale-in protection setting for the Auto Scaling group. Invoke the Lambda function through Amazon Route 53.

C. Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function through Amazon EventBridge (Amazon CloudWatch Events).

D. Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function through Amazon Route 53.

A company recently purchased Savings Plans. The company wants to receive email notification when the company’s utilization drops below 90% for a given day.
Which solution will meet this requirement?

A. Create an Amazon CloudWatch alarm to monitor the Savings Plan check in flaws Trusted Advisor. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification when the utilization drops below 90% for a given day.

B. Create an Amazon CloudWatch alarm to monitor the SavingsPlansUtilization metric under the flaws/SavingsPlans namespace in CloudWatch. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification when the utilization drops below 90% for a given day.

C. Create a Savings Plans alert to monitor the daily utilization of the Savings Plans. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification when the utilization drops below 90% for a given day.

D. Use flaws Budgets to create a Savings Plans budget to track the daily utilization of the Savings Plans. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification when the utilization drops below 90% for a given day.

The security team is concerned because the number of flaws Identity and Access Management (IAM) policies being used in the environment is increasing. The team tasked a SysOps administrator to report on the current number of IAM policies in use and the total available IAM policies.
Which flaws service should the administrator use to check how current IAM policy usage compares to current service limits?

A. flaws Trusted Advisor

B. Amazon Inspector

C. flaws Config

D. flaws Organizations