[August-2021]New Braindump2go AWS-SysOps Dumps with PDF and VCE[Q982-Q1001]

August/2021 Latest Braindump2go AWS-SysOps Exam Dumps with PDF and VCE Free Updated Today! Following are some new AWS-SysOps Real Exam Questions!

QUESTION 694
A company is using AWS CloudFormation templates to deploy AWS resources. The company needs to update one of its AWS CloudFormation stacks.
What can the company do to find out how the changes will impact the resources that are running?

A. Investigate the change sets.
B. Investigate the stack policies.
C. Investigate the Metadata section.
D. Investigate the Resources section.

Answer: D

QUESTION 695
A developer has created a Node js web application on a local development machine. The developer wants to use AWS technology to host the website. The developer needs a solution that requires the least possible operational overhead and no code changes.
Which AWS service should the developer use to meet these requirements?

A. AWS Elastic Beanstalk
B. Amazon EC2
C. AWS Lambda
D. Amazon Elastic Kubernetes Service (Amazon EKS)

Answer: A

QUESTION 696
An application is processing clickstream data using Amazon Kinesis. The clickstream data feed into Kinesis experiences periodic spikes. The PutRecords API call occasionally fails and the logs show that the failed call returns the response shown below:

Which techniques will help mitigate this exception? (Choose two.)

A. Implement retries with exponential backoff.
B. Use a PutRecord API instead of PutRecords.
C. Reduce the frequency and/or size of the requests.
D. Use Amazon SNS instead of Kinesis.
E. Reduce the number of KCL consumers.

Answer: BC

QUESTION 697
A developer is creating a serverless ecommerce application that is based on AWS Lambda. An asynchronous workflow manages the checkout process and must orchestrate different Lambda functions. The workflow runs one function for each item in the shopping cart. The developer is using AWS Step Functions to orchestrate the process.
The checkout process is running the Lambda functions serially, and the developer needs to improve the performance of the process.
What should the developer do to meet these requirements?

A. Use a Choice state to identify the size of the cart and invoke a specific Lambda function with the entire cart content.
B. Use a Retry field for a second run to process all the items that failed.
C. Use a Parallel state to iterate over all the items in parallel.
D. Use a Map state to iterate over all the items in the cart.

Answer: D

QUESTION 698
A company uses a third-party tool to build, bundle, and package its applications on-premises, and store them locally. The company uses Amazon EC2 instances to run its front-end applications.
How can an application be deployed from the source control system onto the EC2 instances?

A. Use AWS CodeDeploy and point it to the local storage to directly deploy a bundle in a .zip, .tar, or .tar.gz format.
B. Upload the bundle to an Amazon S3 bucket and specify the S3 location when doing a deployment using AWS CodeDeploy.
C. Create a repository using AWS CodeCommit to automatically trigger a deployment to the EC2 instances.
D. Use AWS CodeBuild to automatically deploy the latest build to the latest EC2 instances.

Answer: A

QUESTION 699
A developer is creating AWS CloudFormation templates to manage an application’s deployment in Amazon Elastic Container Service (Amazon ECS) through AWS CodeDeploy. The developer wants to automatically deploy new versions of the application to a percentage of users before the new version becomes available for all users.
How should the developer manage the deployment of the new version?

A. Modify the CloudFormation template to include a Transform section and the AWS::CodeDeploy::BlueGreen hook.
B. Deploy the new version in a new CloudFormation stack. After testing is complete, update the application’s DNS records for the new stack.
C. Run CloudFormation stack updates on the application stack to deploy new application versions when they are available.
D. Create a nested stack for the new version. Include a Transform section and the AWS::CodeDeploy::BlueGreen hook.

Answer: A

QUESTION 700
A company wants to make sure that only one user from its Admin group has the permanent right to delete an Amazon EC2 resource. There should be no changes in the existing policy under the Admin group.
What should a developer use to meet these requirements?

A. AWS managed policy
B. Inline policy
C. IAM trust relationship
D. AWS Security Token Service (AWS STS)

Answer: A

QUESTION 701
An AWS Lambda function accesses two Amazon DynamoDB tables. A developer wants to improve the performance of the Lambda function by identifying bottlenecks in the function.
How can the developer inspect the timing of the DynamoDB API calls?

A. Add DynamoDB as an event source to the Lambda function. View the performance with Amazon CloudWatch metrics.
B. Place an Application Load Balancer (ALB) in front of the two DynamoDB tables. Inspect the ALB logs.
C. Limit Lambda to no more than five concurrent invocations. Monitor from the Lambda console.
D. Enable AWS X-Ray tracing for the function. View the traces from the X-Ray service.

Answer: D

QUESTION 702
A company is planning to deploy an application on AWS behind an Elastic Load Balancer. The application uses an HTTP/HTTPS listener and must access the client IP addresses.
Which load-balancing solution meets these requirements?

A. Use an Application Load Balancer and the X-Forwarded-For headers.
B. Use a Network Load Balancer (NLB). Enable proxy protocol support on the NLB and the target application.
C. Use an Application Load Balancer. Register the targets by the instance ID.
D. Use a Network Load Balancer and the X-Forwarded-For headers.

Answer: A

QUESTION 703
A company has an Amazon S3 bucket containing premier content that it intends to make available to only paid subscribers of its website. The S3 bucket currently has default permissions of all objects being private to prevent inadvertent exposure of the premier content non-playing website visitors.
How can the company limit the ability to download a premier content file in the S3 bucket to paid subscribers only?

A. Apply a bucket policy that allows anonymous users to download the content form the S3 bucket.
B. Generate a pre-signed object URL for the premier content file when a paid subscriber requests a download.
C. Add a bucket policy that requires multi-factor authentication for requests to access the S3 bucket objects.
D. Enable server-side encryption on the S3 bucket for data protection against the non-paying website visitors.

Answer: B

QUESTION 704
A developer is building a website that will be hosted in an Amazon S3 bucket with static website hosting enabled. The developer will use Amazon Route 53 for the DNS service and will use an alias record to point the company’s domain to the bucket. The developer must redirect one S3 object to a different URL.
What should the developer use so that the redirect will work correctly from a page on the website?

A. A Route 53 CNAME alias record that points to the new location
B. An S3 object-level redirect through system-defined metadata
C. A Route 53 A record that points to the new location
D. A redirect that is configured within the S3 bucket’s policy

Answer: A

QUESTION 705
A developer is creating an event handling system. To handle messages asynchronously, the developer created a standard Amazon SQS queue. Quality assurance testing reveals that some events were processed multiple times.
What is the recommended way to ensure the events are not processed more than once?

A. Change long polling to short polling.
B. Use a FIFO queue and configure deduplication.
C. Convert the standard SQS queue into a FIFO queue.
D. Send the messages with message timers.

Answer: B

QUESTION 706
A developer has written a multi-threaded application that is running on a fleet of Amazon EC2 instances. The operations team has requested a graphical method to monitor the number of running threads over time.
What is the MOST efficient way to fulfill this request?

A. Periodically send the thread count to AWS X-Ray segments, then generate a service graph on demand.
B. Create a custom Amazon CloudWatch metric and periodically perform a PutMetricData call with the current thread count.
C. Periodically log thread count data to Amazon S3. Use Amazon Kinesis to process the data into a graph.
D. Periodically write the current thread count to a table using Amazon DynamoDB and use Amazon CloudFront to create a graph.

Answer: B

QUESTION 707
A developer is storing JSON files in an Amazon S3 bucket. The developer wants to securely share an object with a specific group of people.
How can the developer securely provide temporary access to the objects that are stored in the S3 bucket?

A. Set object retention on the files. Use the AWS software development kit (SDK) to restore the object before subsequent requests. Provide the bucket’s S3 URL.
B. Use the AWS software development kit (SDK) to generate a presigned URL. Provide the presigned URL.
C. Set a bucket policy that restricts access after a period of time. Provide the bucket’s S3 URL.
D. Configure static web hosting on the S3 bucket. Provide the bucket’s web URL.

Answer: B

QUESTION 708
A developer is building an application that processes a stream of user-supplied data. The data stream must be consumed by multiple Amazon EC2 based processing applications in parallel and in real time. Each processor must be able to resume without losing data if there is a service interruption. The Application Architect plans to add other processors in the near future, and wants to minimize the amount data duplication involved.
Which solution will satisfy these requirements?

A. Publish the data to Amazon SQS.
B. Publish the data to Amazon Kinesis Data Firehose.
C. Publish the data to Amazon CloudWatch Events.
D. Publish the data to Amazon Kinesis Data Streams.

Answer: D

QUESTION 982
A SysOps administrator is implementing automated I/O load performance testing as part of the continuous integration/continuous delivery (CI/CD) process for an application. The application uses an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume for each instance that is restored from a snapshot and requires consistent I/O performance. During the initial tests, the I/O performance results are sporadic. The SysOps administrator must ensure that the tests yield more consistent results.
Which actions could the SysOps administrator take to accomplish this goal? (Choose two.)

A. Restore the EBS volume from the snapshot with fast snapshot restore enabled.
B. Restore the EBS volume from the snapshot using the cold HDD volume type.
C. Restore the EBS volume from the snapshot and pre-warm the volume by reading all of the blocks.
D. Restore the EBS volume from the snapshot and configure encryption.
E. Restore the EBS volume from the snapshot and configure I/O block size at random.

Answer: AB
Explanation:
https://aws.amazon.com/ebs/faqs/

QUESTION 983
A streaming services company has a three-tier web application hosted on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). When the Auto Scaling group scales in, a deregistration delay occurs and the delay is sometimes longer than the time required to terminate the EC2 instance. A SysOps administrator must ensure that the latest logs are delivered to an external system before the EC2 instance is terminated.
Which solution will solve this problem?

A. Add a lifecycle hook to the Auto Scaling group to put the EC2 instance in a wait state until the log files have been delivered.
B. Configure a fixed response for the ALB to use custom error messages to respond to incoming requests with HTTP error response codes.
C. Create an Amazon CloudWatch alarm based on the RequestCountPerTarget metric for the Auto Scaling group. Modify the cooldown period to wait until the EC2 instance is terminated.
D. Update the launch configuration to enable scale-in protection for the Auto Scaling group and detach the EC2 instance protected for termination.

Answer: D

QUESTION 984
A SysOps administrator needs to register targets for a Network Load Balancer (NLB) using IP addresses.
Which prerequisite should the SysOps administrator validate to perform this task?

A. Ensure the NLB listener security policy is set to ELBSecurityPolicy-TLS-1-2-Ext-2018-06, ELBSecurityPolicy-FS-1-2-Res-2019-08, or ELBSecurityPolicy-TLS-1-0-2015-04.
B. Ensure the health check setting on the NLB for the Matcher configuration is between 200 and 399.
C. Ensure the targets are within any of these CIDR blocks: 10.0.0.0/8 (RFC 1918), 100.64.0.0/10 (RFC 6598), 172.16.0.0/12 (RFC 1918), or 192.168.0.0/16 (RFC 1918).
D. Ensure the NLB is exposed as an endpoint service before registering the targets using IP addresses.

Answer: D

QUESTION 985
A company has a web application that is deployed in a VPC. Inbound traffic to this web application comes in through an internet gateway and arrives at a Network Load Balancer (NLB). From there, the traffic travels to multiple Amazon EC2 instances in two private subnets. The company wants to perform deep packet inspection on the inbound traffic to identify potential hacking attempts.
Which solution meets these requirements?

A. Configure AWS Shield for the VPC.
B. Use AWS Network Firewall on the VPC. Configure Network Firewall to perform deep packet inspection.
C. Use AWS Network Firewall on the subnets. Configure Network Firewall to perform deep packet inspection.
D. Set up Traffic Mirroring on an inbound port of the NLB.

Answer: D

QUESTION 986
A SysOps administrator has set up a new public Application Load Balancer (ALB) in front of a pair of private web servers in multiple Availability Zones. After deploying an updated AWS CloudFormation template with many changes, user traffic now goes to one web server only.
What is the MOST likely reason that the traffic is not being balanced between both servers?

A. The faulty server is returning HTTP 200 codes and has been removed.
B. Sticky sessions have been disabled in the ALB for the working server.
C. The ALB is using a custom ping path that is not found on the faulty server.
D. The web clients are using HTTP/2, which is terminated at the ALB.

Answer: A

QUESTION 987
A company’s AWS account users are launching Amazon EC2 instances without required cost allocation tags. A SysOps administrator needs to prevent users within an organization in AWS Organizations from launching new EC2 instances that do not have the required tags. The solution must require the least possible operational overhead.
Which solution meets these requirements?

A. Set up an AWS Lambda function that will initiate a run instance event and check for the required tags.
Configure the function to prevent the launch of EC2 instances if the tags are missing.
B. Set up an AWS Config rule to monitor for EC2 instances that lack the required tags.
C. Set up a service control policy (SCP) that prevents the launch of EC2 instances that lack the required tags.
Attach the SCP to the organization root.
D. Set up an Amazon CloudWatch alarm to stop any EC2 instances that lack the required tags.

Answer: C

QUESTION 988
A company recently migrated its three-tier web application to AWS. The application runs on Amazon EC2 instances that are in an Auto Scaling group. A SysOps administrator must create a monitoring dashboard to watch CPU and network utilization for each instance at 1-minute intervals.
How can the SysOps administrator meet this requirement?

A. Create an Amazon CloudWatch dashboard with basic monitoring.
B. Set up AWS CloudTrail with a dashboard on Amazon QuickSight.
C. Create an Amazon CloudWatch dashboard, and enable detailed monitoring.
D. Use the AWS Personal Health Dashboard.

Answer: A
Explanation:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-monitoring.html

QUESTION 989
A company is hosting backend web services across Amazon EC2 Linux instances in public subnets in a VPC. A SysOps administrator tries to connect to the instance by using SSH but is unable to connect.
What could be the cause of the failed connection?

A. The security group does not allow inbound traffic on port 22.
B. The network ACL does not allow outbound traffic on port 80.
C. The security group does not allow outbound traffic on port 3389.
D. The network ACL does not allow inbound traffic on port 443.

Answer: D

QUESTION 990
A company uses many Amazon Elastic Block Store (Amazon EBS) volumes. The company wants to use Amazon Data Lifecycle Manager (Amazon DLM) to manage the lifecycle of EBS snapshots that have tags of “Production” and “Compliance”.
Which combination of the following are needed to turn on this feature? (Choose two.)

A. A minimum storage requirement of 5 GB
B. One IAM role for Amazon DLM and another IAM role for the users
C. Encryption of the EBS volumes
D. A minimum baseline performance of 3 IOPS/GB
E. Tagging of the EBS volumes

Answer: BE

QUESTION 991
A company is creating an application that will keep records. The application will run on Amazon EC2 instances and will use an Amazon Aurora MySQL database as its data store. To maintain compliance, the application must not retain information that is determined to be sensitive.
Which technique should a SysOps administrator use to detect if sensitive data is being stored in the application?

A. Export data from the database by using an AWS Lambda function. Store the data in Amazon S3. Use Amazon Macie to examine the stored data. Examine the report for any sensitive data that is discovered.
B. Install the Amazon GuardDuty plugin for Aurora. Configure GuardDuty to examine the database. Add the corresponding EC2 CIDR ranges to the trusted IP list in GuardDuty. Examine the report for any sensitive data that is discovered.
C. Deploy Amazon Inspector by installing the Amazon Inspector agent on all EC2 instances. Set the Amazon Inspector assessment type to HOST assessment. Include NETWORK communications with the Aurora DB cluster. Examine the report for any sensitive data that is discovered.
D. Use VPC Flow Logs to examine traffic between the EC2 instances and the Aurora DB cluster. Store the log files in Amazon S3. Use Amazon Detective to examine the extracted log files. Examine the report for any sensitive data that is discovered.

Answer: A

QUESTION 992
A SysOps administrator needs a secure way to connect to AWS Key Management Service (AWS KMS) within a VPC. The SysOps administrator must ensure that connections to AWS KMS do not traverse the internet.
What is the MOST secure solution that meets these requirements?

A. Use a bastion host to connect to AWS KMS.
B. Use a NAT gateway to connect to AWS KMS.
C. Use a VPC gateway endpoint for Amazon S3 to connect to AWS KMS.
D. Use a VPC interface endpoint to connect to AWS KMS.

Answer: B

QUESTION 993
A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations.
What should a SysOps administrator do to implement this requirement?

A. Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the AWS Management Console.
B. Develop an IAM policy that limits the business units to provision EC2 instances only. Instruct the business units to launch instances by using an AWS CloudFormation template.
C. Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog. Allow the business units to perform actions in AWS Service Catalog only.
D. Share an AWS CloudFormation template with the business units. Instruct the business units to pass a role to AWS CloudFormation to allow the service to manage EC2 instances.

Answer: C

QUESTION 994
A company has an application that is running on an Amazon EC2 instance in one Availability Zone. A SysOps administrator needs to make the application highly available. The SysOps administrator has created a launch configuration from the running EC2 instance. The SysOps administrator also has properly configured a load balancer.
What should the SysOps administrator do next to make the application highly available?

A. Create an Auto Scaling group by using the launch configuration across at least two Availability Zones.
Configure a minimum capacity of 1, a desired capacity of 1, and a maximum capacity of 1.
B. Create an Auto Scaling group by using the launch configuration across at least three Availability Zones.
Configure a minimum capacity of 2, a desired capacity of 2, and a maximum capacity of 2.
C. Create an Auto Scaling group by using the launch configuration across at least two AWS Regions.
Configure a minimum capacity of 1, a desired capacity of 1, and a maximum capacity of 1.
D. Create an Auto Scaling group by using the launch configuration across at least three AWS Regions.
Configure a minimum capacity of 2, a desired capacity of 2, and a maximum capacity of 2.

Answer: B

QUESTION 995
A SysOps administrator is testing a new batch job. The batch job will upload 20 GB of data from Amazon EC2 instances in a private subnet to an Amazon S3 bucket each day. After the first test is complete, a small cost is reported. The cost has the heading “NAT Gateway – Data Processed.”
Which change can the SysOps administrator make to eliminate this cost for future tests?

A. Configure and use a VPC endpoint.
B. Write an S3 bucket policy to enforce encryption in transit for the uploads.
C. Configure the S3 bucket to use the S3 Intelligent-Tiering storage class.
D. Disable cross-origin resource sharing (CORS) for the S3 bucket.

Answer: A
Explanation:
https://stackoverflow.com/questions/64121570/reduce-cost-of-nat-gateway-data-processed

QUESTION 996
A SysOps administrator is deploying a fleet of over 100 Amazon EC2 instances in an Amazon VPC. After the instances are set up and serving clients, a new DNS server needs to be added to the instances for DNS resolution.
What is the MOST efficient way to make this change?

A. Update the DHCP options set for the Amazon VPC.
B. Use AWS OpsWorks to update the DNS server configuration for each instance.
C. Use AWS Systems Manager to update the DMS server configuration for each instance.
D. Write a script to update the DNS server configuration for each instance.

Answer: A

QUESTION 997
A company wants to track Amazon EC2 usage charges that are based on the value of a tag that is named Business-Unit. Company leaders instruct developers to update all EC2 resources with the tag. The developers notify the leaders that they have completed this task.
Later that week, a finance team member checks Cost Explorer. The finance team member sees EC2 costs in the different accounts but cannot find the Business-Unit tag to filter by or group by.
What is the MOST likely reason that the Business-Unit tag is absent?

A. The Business-Unit tag is not activated as a cost allocation tag in the AWS Billing and Cost Management console.
B. The Business-Unit tag is not valid because tag key names do not support dashes (-).
C. The instances have been rebooted, and the developers neglected to re-add the Business-Unit tag after the reboot.
D. The IAM user does not have permission to view the tags in Cost Explorer.

Answer: A

QUESTION 998
A developer created a new application that uses Spot Fleet for a variety of instance families across multiple Availability Zones.
What should the developer do to ensure that the Spot Fleet is configured for cost optimization?

A. Deploy a capacityOptimized allocation strategy for provisioning Spot Instances.
B. Ensure instance capacity by specifying the desired target capacity and how much of that capacity must be On-Demand.
C. Use the lowestPrice allocation strategy with InstancePoolsToUseCount in the Spot Fleet request.
D. Launch instances up to the Spot Fleet target capacity or the maximum acceptable payment amount.

Answer: B

QUESTION 999
A SysOps administrator must run a script on production servers to fix an issue. The company has a policy to block all remote interactive access to production servers.
Based on this situation, how should the administrator run the script?

A. Share and use the Amazon EC2 key pairs to gain access to the servers and run the script.
B. Put the script into the user data of the instances.
C. Configure the script to run as a cron job or scheduled task on the EC2 instances.
D. Use AWS Systems Manager to run the script.

Answer: C

QUESTION 1000
A company is hosting a website on an Amazon EC2 instance that runs in a public subnet inside a VPC. The company uses Amazon CloudWatch Logs for web server log analysis.
A SysOps administrator has installed and configured the CloudWatch Logs agent on the EC2 instance and has confirmed that the agent is running. However, logs are not showing up in CloudWatch Logs.
Which solution will resolve this issue?

A. Modify the EC2 instance security group rules to allow inbound traffic on port 80.
B. Create an IAM user that has the proper permissions for CloudWatch logs. Create an IAM instance profile, and associate it with the IAM user. Associate the instance profile with the EC2 instance.
C. Create an IAM role that has the proper permissions for CloudWatch logs. Create an IAM instance profile, and associate it with the IAM role. Associate the instance profile with the EC2 instance.
D. Modify the VPC’s network ACL rules for the public subnet to allow inbound traffic on port 80.

Answer: B

QUESTION 1001
A company’s audit shows that users have been changing cost-related tags on Amazon EC2 instances after deployment. The company has an organization in AWS Organizations with many AWS accounts.
The company needs a solution to detect the EC2 instances automatically. The solution must require the least possible operational overhead.
Which solution meets these requirements?

A. Use service control policies (SCPs) to track EC2 instances that do not have the required tags.
B. Use Amazon Inspector to run a report to identify EC2 instances that do not have the required tags.
C. Use an AWS Config rule to track EC2 instances that do not have the required tags.
D. Use AWS Well-Architected Tool (AWS WA Tool) to run a report to identify EC2 instances that do not have the required tags.

Answer: A


Resources From:

1.2021 Latest Braindump2go AWS-SysOps Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/aws-sysops.html

2.2021 Latest Braindump2go AWS-SysOps PDF and AWS-SysOps VCE Dumps Free Share:
https://drive.google.com/drive/folders/1-kckNIRM9eMaU2urIinqFqegqkOXzZ8e?usp=sharing

3.2021 Free Braindump2go AWS-SysOps Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/AWS-SysOps-PDF-Dumps(982-1001).pdf

Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!