Question 41
A SysOps administrator has created an AWS Service Catalog portfolio and has shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.
Which action will the administrator of the second account be able to perform?
A. Add a product from the imported portfolio to a local portfolio.
B. Add new products to the imported portfolio.
C. Change the launch role for the products contained in the imported portfolio.
D. Customize the products in the imported portfolio.
Question 42
A company has migrated its application to AWS. The company will host the application on Amazon EC2 instances of multiple instance families.
During initial testing, a SysOps administrator identifies performance issues on selected EC2 instances. The company has a strict budget al__cpLocation policy, so theSysOps administrator must use the right resource types with the performance characteristics to match the workload.
What should the SysOps administrator do to meet this requirement?
A. Purchase regional Reserved Instances (RIs) for immediate cost savings. Review and take action on the EC2 rightsizing recommendations in Cost Explorer. Exchange the RIs for the optimal instance family after rightsizing.
B. Purchase zonal Reserved Instances (RIs) for the existing instances. Monitor the RI utilization in the AWS Billing and Cost Management console. Make adjustments to instance sizes to optimize utilization.
C. Review and take action on AWS Compute Optimizer recommendations. Purchase Compute Savings Plans to reduce the cost that is required to run the compute resources.
D. Review resource utilization metrics in the AWS Cost and Usage Report. Rightsize the EC2 instances. Create On-Demand Capacity Reservations for the rightsized resources.
Question 43
A SysOps administrator is tasked with deploying a company's infrastructure as code. The SysOps administrator want to write a single template that can be reused for multiple environments.
How should the SysOps administrator use AWS CloudFormation to create a solution?
A. Use Amazon EC2 user data in a CloudFormation template.
B. Use nested stacks to provision resources.
C. Use parameters in a CloudFormation template.
D. Use stack policies to provision resources.
Question 44
A SysOps administrator is responsible for a large fleet of Amazon EC2 instances and must know whether any instances will be affected by upcoming hardware maintenance.
Which option would provide this information with the LEAST administrative overhead?
A. Deploy a third-party monitoring solution to provide real-time EC2 instance monitoring.
B. List any instances with failed system status checks using the AWS Management Console.
C. Monitor AWS CloudTrail for StopInstances API calls.
D. Review the AWS Personal Health Dashboard.
Question 45
A SysOps administrator is attempting to deploy resources by using an AWS CloudFormation template. An Amazon EC2 instance that is defined in the template fails to launch and produces an InsufficientInstanceCapacity error.
Which actions should the SysOps administrator take to resolve this error? (Choose two.)
A. Create a separate AWS CloudFormation template for the EC2 instance.
B. Modify the AWS CloudFormation template to not specify an Availability Zone for the EC2 instance.
C. Modify the AWS CloudFormation template to use a different EC2 instance type.
D. Use a different Amazon Machine Image (AMI) for the EC2 instance.
E. Use the AWS CLI's validate-template command before creating a stack from the template.
Question 46
A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company uses Amazon Route 53 to route traffic.
The company also has a static website that is configured in an Amazon S3 bucket.
A SysOps administrator must use the static website as a backup to the web application. The failover to the static website must be fully automated.
Which combination of actions will meet these requirements? (Choose two.)
A. Create a primary failover routing policy record. Configure the value to be the ALB.
B. Create an AWS Lambda function to switch from the primary website to the secondary website when the health check fails.
C. Create a primary failover routing policy record. Configure the value to be the ALB. Associate the record with a Route 53 health check.
D. Create a secondary failover routing policy record. Configure the value to be the static website. Associate the record with a Route 53 health check.
E. Create a secondary failover routing policy record. Configure the value to be the static website.
Question 47
A data analytics application is running on an Amazon EC2 instance. A SysOps administrator must add custom dimensions to the metrics collected by the AmazonCloudWatch agent.
How can the SysOps administrator meet this requirement?
A. Create a custom shell script to extract the dimensions and collect the metrics using the Amazon CloudWatch agent.
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to evaluate the required custom dimensions and send the metrics to Amazon Simple Notification Service (Amazon SNS).
C. Create an AWS Lambda function to collect the metrics from AWS CloudTrail and send the metrics to an Amazon CloudWatch Logs group.
D. Create an append_dimensions field in the Amazon CloudWatch agent configuration file to collect the metrics.
Question 48
A company stores its data in an Amazon S3 bucket. The company is required to classify the data and find any sensitive personal information in its S3 files.
Which solution will meet these requirements?
A. Create an AWS Config rule to discover sensitive personal information in the S3 files and mark them as noncompliant.
B. Create an S3 event-driven artificial intelligence/machine learning (AI/ML) pipeline to classify sensitive personal information by using Amazon Rekognition.
C. Enable Amazon GuardDuty. Configure S3 protection to monitor all data inside Amazon S3.
D. Enable Amazon Macie. Create a discovery job that uses the managed data identifier.
Question 49
A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service.
The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east-1 Region. The web portal must be highly available across multiple Regions.
Which configuration will meet these requirements?
A. Deploy a copy of the stack in the us-west-2 Region. Create a single start of authority (SOA) record in Route 53 that includes the IP address from each ELB. Configure the SOA record with health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
B. Deploy a copy of the stack in the us-west-2 Region. Create an additional A record in Route 53 that includes the ELB in us-west-2 as an alias target. Configure the A records with a failover routing policy and health checks. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
C. Deploy a new group of EC2 instances in the us-west-2 Region. Associate the new EC2 instances with the existing ELB, and configure load balancer health checks on all EC2 instances. Configure the ELB to update Route 53 when EC2 instances in us-west-2 fail health checks.
D. Deploy a new group of EC2 instances in the us-west-2 Region. Configure EC2 health checks on all EC2 instances in each Region. Configure a peering connection between the VPCs. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as the secondary record.
Question 50
A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance.
Which of the following are possible causes of this issue? (Choose two.)
A. A network ACL associated with the bastion's subnet is blocking the network traffic.
B. The instance does not have a private IP address.
C. The route table associated with the bastion's subnet does not have a route to the internet gateway.
D. The security group for the instance does not have an inbound rule on port 22.
E. The security group for the instance does not have an outbound rule on port 3389.
