Last Updated on October 31, 2022 by InfraExam
SOA-C01 : AWS-SysOps : Part 28
An organization stores files on Amazon S3. Employees download the files, edit them with the same file name to the same folder on Amazon S3. Occasionally the files are unintentionally modified or deleted.
What is the MOST cost-effective way to ensure that these files can be recovered to their correct state?
- Enable cross-region replication on the Amazon S3 bucket
- Enable versioning on the Amazon S3 bucket
- Use Lifecycle Management to move the files to Amazon Glacier
- Copy the edited files to Amazon Elastic File System
A company has a web application that runs both on-premises and on Amazon EC2 instances. Over time, both the on-premises servers and EC2 instances begin crashing. A SysOps Administrator suspects a memory leak in the application and wants a unified method to monitor memory utilization over time.
How can the Administrator track both the EC2 memory utilization and on-premises server memory utilization over time?
- Write a script or use a third-party application to report memory utilization for both EC2 instances and on-premises servers.
- Use Amazon CloudWatch agent for both Amazon EC2 instances and on-premises servers to report MemoryUtilization metrics to CloudWatch and set a CloudWatch alarm for notifications.
- Use CloudWatch agent for Amazon EC2 instances to report memory utilization to CloudWatch, and set CloudWatch alarms for notifications. Use a third-party application for the on-premises servers.
- Configure a load balancer to route traffic to both on-premises servers and EC2 instances, then use CloudWatch as the unified view of the metrics for the load balancer.
Website users report that an application’s pages are loading slowly at the beginning of the workday. The application runs on Amazon EC2 instances, and data is stored in an Amazon RDS database. The SysOps Administrator suspects the issue is related to high CPU usage on a component of this application.
How can the Administrator find out which component is causing the performance bottleneck?
- Use AWS CloudTrail to review the resource usage history for each component.
- Use Amazon CloudWatch metrics to examine the resource usage of each component.
- Use Amazon Inspector to view the resource usage details for each component.
- Use Amazon CloudWatch Events to examine the high usage events for each component.
Enhanced Monitoring provides granular real-time metrics that you can review in addition to Amazon CloudWatch metrics, which provide statistics each minute.
A SysOps Administrator has an AWS Direct Connect connection in place in region us-east-1, between an AWS account and a data center. The Administrator is now required to connect the data center to a VPC in another AWS Region, us-west-2, which must have consistent network performance and low-latency.
What is the MOST efficient and quickest way to establish this connectivity?
- Create an AWS VPN CloudHub architecture, and use software VPN to connect to the VPC in region us-west-2.
- Create a new Direct Connect connection between the data center and region us-west-2.
- Create a VPC peering connection between the VPC in region us-east-1 and us-west-2, and access the VPC in us-west-2 from the data center.
- Use Direct Connect gateway with the existing Direct Connect connection to connect to the Virtual Private Gateway of the VPC in region us-west-2.
A new application is being tested for deployment on an Amazon EC2 instance that requires greater IOPS than currently provided by the single 4TB General Purpose SSD (gp2) volume.
Which actions should be taken to provide additional Amazon EBS IOPS for the application? (Choose two.)
- Increase the size of the General Purpose (gp2) volume
- Use RAID 0 to distribute I/O across multiple volumes
- Migrate to a Provisioned IOPS SSD (io1) volume
- Enable MAX I/O performance mode on the General Purpose (gp2) volume
- Use RAID 1 to distribute I/O across multiple volumes
A web service runs on Amazon EC2 instances behind an Elastic Load Balancing (ELB) load balancer. External clients must whitelist specific public IP addresses in their firewalls to access the service.
What load balancer or ELB feature should be used for this application?
- Network Load Balancer
- Application Load Balancer
- Classic Load Balancer
- Load balancer target groups
While creating the wait condition resource in AWS CloudFormation, a SysOps Administrator receives the error “received 0 signals out of the 1 expected from the EC2 instance”.
What steps should be taken to troubleshoot this issue? (Choose two.)
- Confirm from the cfn logs that the cfn-signal command was successfully run on the instance.
- Try to re-create the stack with a different IAM user.
- Check that the instance has a route to the Internet through a NAT device.
- Update the AWS CloudFormation stack service role to have iam:PassRole permission.
- Delete the existing stack and attempt to create a new once.
An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General Purpose SSD volumes, am Amazon RDS PostgreSQL database, an Amazon EFS file system, and static objects stored in an Amazon S3 bucket. The Security team now mandates that at-rest encryption be turned on immediately for all aspects of the application, without creating new resources and without any downtime.
To satisfy the requirements, which one of these services can the SysOps Administrator enable at-rest encryption on?
- EBS General Purpose SSD volumes
- RDS PostgreSQL database
- Amazon EFS file systems
- S3 objects within a bucket
A SysOps Administrator noticed that a large number of Elastic IP addresses are being created on the company’s AWS account., but they are not being associated with Amazon EC2 instances, and are incurring Elastic IP address charges in the monthly bill.
How can the Administrator identify who is creating the Elastic IP address?
- Attach a cost-allocation tag to each requested Elastic IP address with the IAM user name of the Developer who creates it.
- Query AWS CloudTrail logs by using Amazon Athena to search for Elastic IP address events.
- Create a CloudWatch alarm on the EIPCreated metric and send an Amazon SNS notification when the alarm triggers.
- Use Amazon Inspector to get a report of all Elastic IP addresses created in the last 30 days.
An application is running on Amazon EC2 instances behind a Classic Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. Occasionally multiple incoming requests will receive a 5xx HTTP response when making a request to the Classic Load Balancer. From the Amazon CloudWatch metrics, a SysOps Administrator observes the Elastic Load Balancing (ELB) SpillOverCount metric to be greater than zero during these occasions.
These errors can be avoided by triggering scaling actions on which ELB metric?
An application running by a SysOps Administrator is under repeated, large-scale distributed denial of service (DDoS) attacks. Each time an attack occurs, multiple customers reach out to the Support team to report outages. The Administrator wants to minimize potential downtime from the DDoS attacks. The company requires 24/7 support.
Which AWS service should be set up to protect the application?
- AWS Trusted Advisor
- AWS Shield Advanced
- Amazon Cognito
- Amazon Inspector
Malicious traffic is reaching company web servers from a single IP address located in another country. The SysOps Administrator is tasked with blocking this IP address.
How should the Administrator implement the restriction?
- Edit the security group for the web servers and add a deny entry for the IP address
- Edit the network access control list for the web server subnet and add a deny entry for the IP address
- Edit the VPC route table to route the malicious IP address to a black hole
- Use Amazon CloudFront’s geo restriction feature to block traffic from the IP address
A SysOps Administrator needs Amazon EC2 instances in two different VPCs in private subnets to be able to communicate. A peering connection between the two VPCs has been created using the AWS Management Console and shows a status of Active. The instances are still unable to send traffic to each other.
Why are the EC2 instances unable to communicate?
- One or both of the VPCs do not have an Internet Gateway attached
- The route tables have not been updated
- The peering connection has not been properly tagged
- One or both of the instances do not have an Elastic IP address assigned
A SysOps Administrator must ensure that AWS CloudFormation deployment changes are properly tracked for governance.
Which AWS service should be used to accomplish this?
- AWS Artifact
- AWS Config
- Amazon Inspector
- AWS Trusted Advisor
With the threat of ransomware viruses encrypting and holding company data hostage, which action should be taken to protect an Amazon S3 bucket?
- Deny Post, Put, and Delete on the bucket
- Enable server-side encryption on the bucket
- Enable Amazon S3 versioning on the bucket
- Enable snapshots on the bucket
A SysOps Administrator has implemented an Auto Scaling group with a step scaling policy. The
Administrator notices that the additional instances have not been included in the aggregated metrics.
Why are the additional instances missing from the aggregated metrics?
- The warm-up period has not expired
- The instances are still in the boot process
- The instances have not been attached to the Auto Scaling group
- The instances are included in a different set of metrics
Recently several critical files were mistakenly deleted from a shared Amazon S3 bucket. A SysOps Administrator needs to prevent accidental deletions from occurring in the future by enabling MFA Delete.
Once enabled, which bucket activities will require MFA authentication? (Choose two.)
- Permanently removing an object version from the bucket
- Disabling default object encryption for the bucket
- Listing all versions of deleted objects in the bucket
- Suspending versioning on the bucket
- Enabling MFA Add on the bucket
A SysOps Administrator has an AWS Lambda function that stops all Amazon EC2 instances in a test environment at night and on the weekend. Stopping instances causes some servers to become corrupt due to the nature of the applications running on them.
What can the SysOps Administrator use to identify these EC2 instances?
- AWS Config
- Amazon EC2 termination protection
- Resource tagging
- Amazon CloudWatch
A company has Amazon EC2 instances that serve web content behind an Elastic Load Balancing (ELB) load balancer. The ELB Amazon CloudWatch metrics from a few hours ago indicate a significant number of 4XX errors. The EC2 instances from the time of these errors have been deleted.
At the time of the 4XX errors, how can an Administrator obtain information about who originated these requests?
- If ELB access logs have been enabled, the information can be retrieved from the S3 bucket
- Contact AWS Support to obtain application logs from the deleted instances
- Amazon S3 always keeps a backup of application logs from EC2 instances. Retrieve these logs for analysis
- Use AWS Trusted Advisor to obtain ELB access logs
A SysOps Administrator is managing an application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS MySQL DB instance. The Administrator must ensure that that application stays available if the database becomes unresponsive.
How can these requirements be met?
- Create read replicas for the RDS database and use them in case of a database failure
- Create a new RDS instance from the snapshot of the original RDS instance if a failure occurs
- Keep a separate RDS database running and switch the endpoint in the web application if a failure occurs
- Modify the RDS instance to be a Multi-AZ deployment