[April-2021]Free AWS-SysOps Exam PDF and VCE Dumps Offered by Braindump2go[Q953-Q966]
April/2021 Latest Braindump2go AWS-SysOps Exam Dumps with PDF and VCE Free Updated Today! Foloowing are some new AWS-SysOps Real Exam Questions! QUESTION 953 A company is migrating its exchange server from its on-premises location to a VPC in the AWS Cloud. Users working from home connect using a secure, encrypted channel over the internet to the exchange server. However, after the migration to AWS, users are having trouble receiving email. The VPC flow log records display the following.
A. SMTP traffic from the network interface was blocked by an outbound network ACL B. SMTP traffic from the network interface was blocked by an outbound security group C. SMTP traffic to the network interface was blocked by an inbound network ACL D. SMTP traffic to the network interface was blocked by an inbound security group Answer: A QUESTION 954 A SysOps administrator is configuring an application on AWS to be used over the internet by departments in other countries. For remote locations, the company requires a static public IP address to be explicitly allowed as a target for outgoing internet traffic. How should the SysOps administrator deploy the application to meet this requirement? A. Deploy the application on an Amazon Elastic Container Service (Amazon ECS) cluster Configure an AWS App Mesh service mesh. B. Deploy the application as AWS Lambda functions behind an Application Load Balancer C. Deploy the application on Amazon EC2 instances behind an internet-facing Network Load Balancer D. Deploy the application on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster behind an Amazon API Gateway Answer: C QUESTION 955 A SysOps administrator needs to register targets for a Network Load Balancer (NL8) using IP addresses. Which prerequisite should the SysOps administrator validate to perform this task? A. Ensure the NLB listener security policy is set to ELBSecuntyPohcy-TLS-1-2-Ext-2018-06, ELBSecuntyPolicy-FS-1-2-Res-2019-08 or ELBSecuntyPolicy-TLS-1-0-2015-04 B. Ensure the heath check setting on the NLB for the Matcher configuration is between 200 and 399 C. Ensure the targets are within any of these CIDR blocks: 10.0.0.0/8 (RFC I918)r 100.64.0.0/10 (RFC 6598): 172.16.0.0/12 (RFC 1918), or 192.168.0.0/16 (RFC 1918). D. Ensure the NLB is exposed as an endpoint service before registering the targets using IP addresses Answer: A QUESTION 956 A SysOps administrator must deploy a company's infrastructure as code (laC). The administrator needs to write a single template that can be reused for multiple environments in a safe, repeatable manner. How should the administrator meet this requirement by using AWS Cloud Formation? A. Use duplicate resource definitions for each environment selected based on conditions B. Use nested stacks to provision the resources C. Use parameter references and mappings for resource attributes D. Use AWS Cloud Formation StackSets to provision the resources Answer: B QUESTION 957 Which type routing protocol operates by exchanging the entire routing information? A. exterior gateway protocols B. link-state protocols C. distance-vector protocols D. Path-vector protocols Answer: B QUESTION 958 Which component of an Ethernet frame is used to notify a host that traffic is coming? A. Type field B. preamable C. Data field D. start of frame delimiter Answer: B QUESTION 959 Which command must be present in a Cisco device configuration to enable the device to resolve an FQDN? A. ip domain-name B. ip domain-lookup C. ip host D. ip name-server Answer: B QUESTION 960 A company has an application that is hosted on two Amazon EC2 instances in different Availability Zones. Both instances contain data that is critical for the company's business. Backups need to be retained for 7 days and need to be updated every 12 hours. Which solution will meet these requirements with the LEAST amount of effort? A. Use an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule to create snapshots of the Amazon Elastic Block Store (Amazon EBS) volumes. B. Use Amazon Data Lifecycle Manager (Amazon DLM) to create a snapshot lifecycle policy for both instances. C. Create a batch job to generate automated snapshots of the Amazon Elastic Block Store (Amazon EBS) volumes. D. Create an AWS Lambda function to copy the data to Amazon S3 Glacier. Answer: A Explanation: https://docs.aws.amazon.com/eventbridge/latest/userguide/take-scheduled-snapshot.html QUESTION 961 A SysOps administrator is re-architecting an application. The SysOps administrator has moved the database from a public subnet, where the database used a public endpoint, into a private subnet to restrict access from the public network. After this change, an AWS Lambda function that requires read access to the database cannot connect to the database. The SysOps administrator must resolve this issue without compromising security. Which solution meets these requirements? A. Create an AWS PrivateLink interface endpoint for the Lambda function. Connect to the database using its private endpoint. B. Connect the Lambda function to the database VPC. Connect to the database using its private endpoint. C. Attach an IAM role to the Lambda function with read permissions to the database. D. Move the database to a public subnet. Use security groups for secure access. Answer: D Explanation: https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/ QUESTION 962 A company that hosts a multi-tier ecommerce web application on AWS has been alerted to suspicious application traffic. The architecture consists of Amazon EC2 instances deployed across multiple Availability Zones behind an Application Load Balancer (ALB). After examining the instance logs, a SysOps administrator determines that the suspicious traffic is an attempted SQL injection attack. What should the SysOps administrator do to prevent similar attacks? A. Create an Amazon CloudFront distribution with the ALB as the origin. Enable AWS Shield Advanced to protect from SQL injection attacks at edge locations. B. Create an AWS WAF web ACL, and configure a SQL injection rule to add to the web ACL. Associate the WAF web ACL with the ALB. C. Enable Amazon GuardDuty. Use Amazon EventBridge (Amazon CloudWatch Events) to trigger an AWS Lambda function every time GuardDuty detects SQL injection. D. Install Amazon Inspector on the EC2 instances, and configure a rules package. Use the findings reports to identify and block SQL injection attacks. Answer: A QUESTION 963 An Amazon EC2 instance has a secondary Amazon Elastic Block Store (EBS) volume attached that contains sensitive data. A new company policy requires the secondary volume to be encrypted at rest. Which solution will meet this requirement? A. Create a snapshot of the volume. Create a new volume from the snapshot with the Encrypted parameter set to true. Detach the original volume and attach the new volume to the instance. B. Create an encrypted Amazon Machine Image (AMI) of the EC2 instance. Launch a new instance with the encrypted AMI. Terminate the original instance. C. Stop the EC2 instance. Encrypt the volume with AWS CloudHSM. Start the instance and verify encryption. D. Stop the EC2 instance. Modify the instance properties and set the Encrypted parameter to true. Start the instance and verify encryption. Answer: A QUESTION 964 A SysOps administrator recently launched an application consisting of web servers running on Amazon EC2 instances, an Amazon ElastiCache cluster communicating on port 6379, and an Amazon RDS for PostgreSQL DB instance communicating on port 5432. The web servers are in the security group web-sg, the ElastiCache cluster is in the security group cache-sg, and the DB instance is in the security group database-sg. The application fails on start, with the error message "Unable to connect to the database". The rules in web-sg are as follows.
Which change should the SysOps administrator make to web-sg to correct the issue without compromising security? A. Add a new inbound rule: database-sg TCP 5432 B. Add a new outbound rule: database-sg TCP 5432 C. Add a new outbound rule: 0.0.0.0/0 All Traffic 0-65535 D. Change the outbound rule to: cache-sg TCP 5432 Answer: A QUESTION 965 A kernel patch for AWS Linux has been released, and systems need to be updated to the new version. A SysOps administrator must apply an in-place update to an existing Amazon EC2 instance without replacing the instance. How should the SysOps administrator apply the new software version to the instance? A. Add the instance to a patch group and patch baseline containing the desired patch by using AWS Systems Manager Patch Manager. B. Develop a new version of the instance's Amazon Machine Image (AMI). Apply that new AMI to the instance. C. Develop a new user data script containing the patch. Configure the instance with the new script. D. Run commands on the instance remotely using the AWS CLI. Answer: A QUESTION 966 A company needs to implement a system for object-based storage in a write-once, read-many (WORM) model. Objects cannot be deleted or changed after they are stored, even by an AWS account root user or administrators. Which solution will meet these requirements? A. Set up Amazon S3 Cross-Region Replication and run daily updates. B. Set up Amazon S3 Object Lock in governance mode with S3 Versioning enabled. C. Set up Amazon S3 Object Lock in compliance mode with S3 Versioning enabled. D. Set up an Amazon S3 Lifecycle policy to move the objects to Amazon S3 Glacier. Answer: B Explanation: https://aws.amazon.com/blogs/storage/protecting-data-with-amazon-s3-object-lock/
Resources From: 1.2021 Latest Braindump2go AWS-SysOps Exam Dumps (PDF & VCE) Free Share: https://www.braindump2go.com/aws-sysops.html 2.2021 Latest Braindump2go AWS-SysOps PDF and AWS-SysOps VCE Dumps Free Share: https://drive.google.com/drive/folders/1-kckNIRM9eMaU2urIinqFqegqkOXzZ8e?usp=sharing 3.2021 Free Braindump2go AWS-SysOps Exam Questions Download: https://www.braindump2go.com/free-online-pdf/AWS-SysOps-PDF-Dumps(953-966).pdf Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!
|