問題1
A company is storing backups in an Amazon S3 bucket. These backups must not be deleted for at least 3 months after creation.
What should the CloudOps engineer do?
A company is storing backups in an Amazon S3 bucket. These backups must not be deleted for at least 3 months after creation.
What should the CloudOps engineer do?
正確答案: D
說明:(僅 NewDumps 成員可見)
問題2
A company moves workloads from public subnets to private subnets to improve security. During testing, the company discovers that servers in the private subnets cannot reach an external API. The VPC has a CIDR block of 10.0.0.0/16. The VPC contains two public subnets and two private subnets. The VPC has one internet gateway and has a NAT gateway in each of the private subnets.
The company must ensure that workloads that run in the private subnets can reach the external API.
Which solution will meet this requirement?
A company moves workloads from public subnets to private subnets to improve security. During testing, the company discovers that servers in the private subnets cannot reach an external API. The VPC has a CIDR block of 10.0.0.0/16. The VPC contains two public subnets and two private subnets. The VPC has one internet gateway and has a NAT gateway in each of the private subnets.
The company must ensure that workloads that run in the private subnets can reach the external API.
Which solution will meet this requirement?
正確答案: B
說明:(僅 NewDumps 成員可見)
問題3
A CloudOps engineer wants to provide access to AWS services by attaching an IAM policy to multiple IAM users. The CloudOps engineer also wants to be able to change the policy and create new versions.
Which combination of actions will meet these requirements? (Select TWO.)
A CloudOps engineer wants to provide access to AWS services by attaching an IAM policy to multiple IAM users. The CloudOps engineer also wants to be able to change the policy and create new versions.
Which combination of actions will meet these requirements? (Select TWO.)
正確答案: B,C
說明:(僅 NewDumps 成員可見)
問題4
A CloudOps engineer is maintaining a web application that uses an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have logging enabled. The CloudOps engineer needs to investigate HTTP Layer 7 status codes from the web application.
Which log sources contain the status codes? (Select TWO.)
A CloudOps engineer is maintaining a web application that uses an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have logging enabled. The CloudOps engineer needs to investigate HTTP Layer 7 status codes from the web application.
Which log sources contain the status codes? (Select TWO.)
正確答案: C,E
說明:(僅 NewDumps 成員可見)
問題5
A company is using an Amazon Aurora MySQL DB cluster that has point-in-time recovery, backtracking, and automatic backup enabled. A CloudOps engineer needs to roll back the DB cluster to a specific recovery point within the previous 72 hours. Restores must be completed in the same production DB cluster.
Which solution will meet these requirements?
A company is using an Amazon Aurora MySQL DB cluster that has point-in-time recovery, backtracking, and automatic backup enabled. A CloudOps engineer needs to roll back the DB cluster to a specific recovery point within the previous 72 hours. Restores must be completed in the same production DB cluster.
Which solution will meet these requirements?
正確答案: A
說明:(僅 NewDumps 成員可見)
問題6
A company hosts a database on an Amazon RDS Multi-AZ DB instance. The database is not encrypted. The company's new security policy requires all AWS resources to be encrypted at rest and in transit.
What should a CloudOps engineer do to encrypt the database?
A company hosts a database on an Amazon RDS Multi-AZ DB instance. The database is not encrypted. The company's new security policy requires all AWS resources to be encrypted at rest and in transit.
What should a CloudOps engineer do to encrypt the database?
正確答案: A
說明:(僅 NewDumps 成員可見)
問題7
A company is storing backups in an Amazon S3 bucket. The backups must not be deleted for at least 3 months after the backups are created.
What should a CloudOps engineer do to meet this requirement?
A company is storing backups in an Amazon S3 bucket. The backups must not be deleted for at least 3 months after the backups are created.
What should a CloudOps engineer do to meet this requirement?
正確答案: D
說明:(僅 NewDumps 成員可見)
問題8
A company's Amazon EC2 instance with high CPU utilization is a t3.large instance running a test web app.
The company determines the app would run better on a compute-optimized large instance.
What should the CloudOps engineer do?
A company's Amazon EC2 instance with high CPU utilization is a t3.large instance running a test web app.
The company determines the app would run better on a compute-optimized large instance.
What should the CloudOps engineer do?
正確答案: B
說明:(僅 NewDumps 成員可見)
問題9
A CloudOps engineer is troubleshooting a website that will not load for users. The website is hosted by an Amazon CloudFront distribution that has an Amazon S3 bucket as the origin. The CloudFront distribution is named d111111abcdef8.cloudfront.net. The S3 bucket has the following Amazon Resource Name (ARN): arn:
aws:s3:::example-com-website-files. The S3 bucket has S3 Block Public Access enabled. The CloudOps engineer examines the website ' s DNS CNAME records and discovers that the record value is set to s3.
amazonaws.com/example-com-website-files/.
What should the CloudOps engineer do to configure the website for use with CloudFront?
A CloudOps engineer is troubleshooting a website that will not load for users. The website is hosted by an Amazon CloudFront distribution that has an Amazon S3 bucket as the origin. The CloudFront distribution is named d111111abcdef8.cloudfront.net. The S3 bucket has the following Amazon Resource Name (ARN): arn:
aws:s3:::example-com-website-files. The S3 bucket has S3 Block Public Access enabled. The CloudOps engineer examines the website ' s DNS CNAME records and discovers that the record value is set to s3.
amazonaws.com/example-com-website-files/.
What should the CloudOps engineer do to configure the website for use with CloudFront?
正確答案: B
說明:(僅 NewDumps 成員可見)
問題10
A company runs applications on Amazon EC2 instances. The company wants to ensure that SSH ports on the EC2 instances are never open. The company has enabled AWS Config and has set up the restricted-ssh AWS managed rule.
A CloudOps engineer must implement a solution to remediate SSH port access for noncompliant security groups.
What should the engineer do to meet this requirement with the MOST operational efficiency?
A company runs applications on Amazon EC2 instances. The company wants to ensure that SSH ports on the EC2 instances are never open. The company has enabled AWS Config and has set up the restricted-ssh AWS managed rule.
A CloudOps engineer must implement a solution to remediate SSH port access for noncompliant security groups.
What should the engineer do to meet this requirement with the MOST operational efficiency?
正確答案: D
說明:(僅 NewDumps 成員可見)
問題11
A company is running workloads on premises and on AWS. A CloudOps engineer needs to automate tasks across all servers on premises by using AWS services. The CloudOps engineer must not install long-term credentials on the on-premises servers.
What should the CloudOps engineer do to meet these requirements?
A company is running workloads on premises and on AWS. A CloudOps engineer needs to automate tasks across all servers on premises by using AWS services. The CloudOps engineer must not install long-term credentials on the on-premises servers.
What should the CloudOps engineer do to meet these requirements?
正確答案: C
說明:(僅 NewDumps 成員可見)