AWS-SysOps | ExamData

Question#251

As part of an operational audit, an Administrator is tasked with showing that all security responsibilities under the customer's control are properly executed.
Which of the following items is the customer responsible for providing to the auditor? (Choose two.)

A. Physical data center access logs
B. AWS CloudTrail logs showing API calls
C. Amazon EC2 instance system logs
D. Storage device destruction records
E. Xen Hypervisor system logs

Discover Answer

CD

Question#252

A colleague is attempting to launch several new CloudFormation stacks, and receives the following error response:

What should be done to address the error?

A. Add a Pause to the CloudFormation templates.
B. Add an exponential backoff between CreateStack API calls.
C. Run the CloudFormation API calls from a larger Amazon EC2 instance.
D. Combine stack templates into one, and retry the CreateStack API call.

Discover Answer

B
Reference:
https://forums.aws.amazon.com/thread.jspa?threadID=100414

Question#253

A security policy allows instances in the Production and Development accounts to write application logs to an Amazon S3 bucket belonging to the Security team's account. Only the Security team should be allowed to delete logs from the S3 bucket.
Using the `myAppRole` EC2 role, the production and development teams report that the application servers are not able to write to the S3 bucket.
Which changes need to be made to the policy to allow the application logs to be written to the S3 bucket?
Production Account: 111111111111

Dev Account: 222222222222 -

Security Account: 555555555555 -

A. Update the Action for the Allow policy from ג€s3:*ג€ to ג€s3:PutObjectג€
B. Change the order of the statements in the bucket policy, moving the Deny policy above the Allow policy.
C. Update the Action for the Deny policy from ג€s3:*ג€ to ג€s3: Delete*ג€.
D. Remove the bucket policy, because the default security behavior will not allow objects to be deleted by non bucket owners.

Discover Answer

A

Question#254

A company is auditing their infrastructure to obtain a compliance certification.
Which of the following options are the company's responsibility within the Shared Responsibility Model? (Choose two.)

A. AWS API endpoint SSL Certificates
B. EC2 Instance Operating System updates
C. EBS Encryption-at-result algorithms
D. IAM user password policies
E. AWS Hypervisor software updates

Discover Answer

AB

Question#255

Which instance characteristics are required if an Administrator wants to ensure use of the Amazon EC2 auto-recovery option? (Choose two.)

A. The instance only has EBS volumes.
B. The instance has EC2 Instance Store root volumes.
C. The tenancy attribute is set to ג€defaultג€ (shred tenancy).
D. The tenancy attribute is set to ג€Dedicatedג€.
E. The instance type belongs to the d2, i2 or i3 instance type.

Discover Answer

AC
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html

Question#256

Which two steps are required to generate a report detailing specific cost allocation tags when creating a Monthly Cost Allocation report? (Choose two.)

A. Use AWS CloudTrail to export the events for the specified resources.
B. Use an AWS Lambda function to read the resources' metadata, and write the specified tags to a DynamoDB table.
C. Activate the ג€requestedג€ tags by clicking Manage report tags on the Billing Preferences page.
D. Select the checkbox for Cost Allocation Report in the AWS account's Billing Management Console.
E. Create a new Budget using the Billing Management Console, use the ג€Include costs related to Tagsג€ feature, and select the requested tags.

Discover Answer

BD

Question#257

A company has a fleet of EC2 instances, and needs to remotely execute scripts for all of the instances.
Which Amazon EC2 Systems Manager feature allows this?

A. System Manager Automation
B. System Manager Run Command
C. System Manager Parameter Store
D. System Manager Inventory

Discover Answer

B

Question#258

A corporate policy requires all new infrastructure deployments to use scalable and reusable resources to improve resources delivery times. The policy also restricts resource configuration management to the systems operations team. The development team requests the ability to deploy resources on demand in an effort to streamline their software development lifecycle.
What can the systems operations team do to ensure company policy is followed while also meeting the development team's requests?

A. Create an AWS CloudFormation on template with the requested resources, and give it to the development team to adjust as needed.
B. Provision the resources using the CLI, and create the necessary IAM permissions to allow the development team to modify them as needed.
C. Create the AWS Service Catalog product and share with the development team through the Service Catalog.
D. Grant the development team access to the AWS CloudFormation Design Template Editor to specify the needed resources and configurations. Once the templates are complete, the system operations team will launch the resources.

Discover Answer

D

Question#259

An application hosted on AWS is going through an external compliance assessment. An Administrator has been tasked with providing proof of physical security at the facilities that are hosting the application.
What should the Administrator do?

A. Work with AWS support to schedule a tour for the auditors.
B. Send a copy of the AWS Security whitepaper to the auditors.
C. Obtain a relevant report from AWS Artifact and share it with the auditors.
D. Find the address for the AWS Direct Connect facility on the AWS Website.

Discover Answer

B

Question#260

What can an Administrator do to monitor whether an organization's instances are compliant with corporate policies and guidelines?

A. Check the instances' metadata to determine what software is running.
B. Use AWS CloudTrail logs to identify the applications running on the instances.
C. Set CloudWatch alarms that are triggered with any software change on the instances.
D. Using Config Rules in the AWS Config service to check the instance's configuration and applications.

Discover Answer

D