You are tasked with the migration of a highly trafficked Node JS application to AWS in order to comply with
organizational standards Chef recipes must be used to configure the application servers that host this
application and to support application lifecycle events.
Which deployment option meets these requirements while minimizing administrative burden?
A. Create a new stack within Opsworks add the appropriate layers to the stack and deploy the application
B. Create a new application within Elastic Beanstalk and deploy this application to a new environment
C. Launch a Mode JS server from a community AMI and manually deploy the application to the launched EC2 instance
D. Launch and configure Chef Server on an EC2 instance and leverage the AWS CLI to launch application servers and configure those instances using Chef.
A user has created an ELB with Auto Scaling. Which of the below mentioned offerings from ELB helps the user to stop sending new requests traffic from the load balancer to the EC2 instance when the instance is being deregistered while continuing in-flight requests?
A. ELB sticky session
B. ELB deregistration check
C. ELB connection draining
D. ELB auto registration Off
An AWS account wants to be part of the consolidated billing of his organization's payee account. How can the owner of that account achieve this?
A. The payee account has to request AWS support to link the other accounts with his account
B. The owner of the linked account should add the payee account to his master account list from the billing console
C. The payee account will send a request to the linked account to be a part of consolidated billing
D. The owner of the linked account requests the payee account to add his account to consolidated billing
A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 in this VPC. The user is trying to create another subnet with the same VPC for CIDR 20.0.0.1/24. What will happen in this scenario?
A. The VPC will modify the first subnet CIDR automatically to allow the second subnet IP range
B. It is not possible to create a subnet with the same CIDR as VPC
C. The second subnet will be created
D. It will throw a CIDR overlaps error
Your organization is preparing for a security assessment of your use of AWS.
In preparation for this assessment, which two IAM best practices should you consider implementing?
(Choose two.)
A. Create individual IAM users for everyone in your organization
B. Configure MFA on the root account and for privileged IAM users
C. Assign IAM users and groups configured with policies granting least privilege access
D. Ensure all users have been assigned and are frequently rotating a password, access ID/secret key, and X.509 certificate
Network ACLs in a VPC operate at the ______.
A. TCP level
B. instance level
C. subnet level
D. gateway level
Can you use the AWS Identity and Access Management (IAM) to assign permissions determining who can manage or modify RDS resources?
A. No, AWS IAM is used only to assign IDs to AWS users.
B. No, this permission cannot be assigned by AWS IAM.
C. Yes, you can.
D. No, AWS IAM is used only to assign activities.
An administrator is responding to an alarm that reports increased application latency. Upon review, the Administrator notices that the Amazon RDS Aurora database frequently runs at 100% CPU utilization. The application is read heavy and does frequent lookups of a product table.
What should the Administrator do to reduce the application latency?
A. Move the product table to Amazon Redshift and use an interleaved sort key
B. Add Aurora Replicas and use a Reader Endpoint for product table lookups
C. Move the product table to Amazon CloudFront and set the cache-control headers to public
D. Use Auto Scaling to add extra Aurora nodes and set a trigger based on CPU utilization
A SysOps Administrator manages an application that stores object metadata in Amazon S3. There is a requirement to have S2 server-side encryption enabled on all new objects in the bucket.
How can the Administrator ensure that all new objects to the bucket satisfy this requirement?
A. Create an S3 lifecycle rule to automatically encrypt all new objects.
B. Enable default bucket encryption to ensure that all new objects are encrypted.
C. Use put-object-acl to allow objects to be encrypted with S2 server-side encryption.
D. Apply the authorization header to S3 requests for S3 server-side encryption.
A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented strict IP whitelisting that requires all build uploads to come from a single IP address.
What change should the systems administrator make to the existing build fleet to comply with this new requirement?
A. Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.
B. Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.
C. Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.
D. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.
