A company wants to use only IPv6 for all its Amazon EC2 instances. The EC2 instances must not be accessible from the internet, but the EC2 instances must be able to access the internet. The company creates a dual-stack VPC and IPv6-only subnets. How should a SysOps administrator configure the VPC to meet these requirements?

A. Create and attach a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.

B. Create and attach an internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway. Attach the custom route table to the IPv6-only subnets.

C. Create and attach an egress-only internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the egress-only internet gateway. Attach the custom route table to the IPv6-only subnets.

D. Create and attach an internet gateway and a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway and all IPv4 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.

The company wants to improve the security and high availability of a two-tier web application that was rehosted to AWS, currently in a single Availability Zone. (Select TWO)

A. Place the web-tier instances in an Auto Scaling group. Configure the Auto Scaling group to support a Multi-AZ deployment into private subnets that are behind an internet-facing Application Load Balancer.

B. Place the web-tier instances in an Auto Scaling group. Configure the Auto Scaling group in multiple AWS Regions. Deploy the EC2 instances into private subnets that are behind an internet-facing Application Load Balancer.

C. Launch an additional EC2 instance to host SQL Server. Place the new database EC2 instance in a second AWS Region. Enable replication between the two database EC2 instances.

D. Use AWS Database Migration Service (AWS DMS) to migrate the database EC2 instance to Amazon RDS for SQL Server with Multi-AZ Database Mirroring (DBM).

E. Use AWS Database Migration Service (AWS DMS) to migrate the database EC2 instance to Amazon DynamoDB.

A company maintains a large set of sensitive data in an Amazon S3 bucket. The company's security team asks a SyeOps administrator to help verify that all current objects in the S3 bucket are encrypted. What is the MOST operationally efficient solution that meets these requirements?

A. Create a script that runs against the S3 bucket and outputs the status of each object.

B. Create an S3 Inventory configuration on the S3 bucket Induce the appropriate status fields.

C. Provide the security team with an IAM user that has read access to the S3 bucket.

D. Use the AWS CLI to output a list of all objects in the S3 bucket.

A SysOps administrator maintains the security and compliance of a company's AWS account. To ensure the company's Amazon EC2 instances are following company policy, a SysOps administrator wants to terminate any EC2 instance that do not contain a department tag. Noncompliant resources must be terminated in near real time. Which solution will meet these requirements?

A. Create an AWS Config rule with the required-tags managed rule to identify noncompliant resources. Configure automatic remediation to run the AWS-TerminateEC2lnstance automation runbook to terminate noncompliant resources.

B. Create a new Amazon EventBridge rule to monitor when new EC2 instances are created. Send the event to an Simple Notification Service (Amazon SNS) topic for automatic remediation.

C. Ensure all users who can create EC2 instances also have the permissions to use the ec2:CreateTags and ec2:DescribeTags actions. Change the instance's shutdown behavior to terminate.

D. Ensure AWS Systems Manager Compliance is configured to manage the EC2 instances. Call the AWS-StopEC2lnstances automation runbook to stop noncompliant resources.

The SysOps administrator needs to address high disk I/O issues during EC2 instance bootstrap in an Auto Scaling group. (Select TWO)

A. Increase the EC2 instance size.

B. Increase the EBS volume capacity.

C. Increase the EBS volume IOPS.

D. Increase the EBS volume throughput.

E. Change the instance type to an instance that is not Nitro-based.

A company is deploying an ecommerce application to an AWS Region that is located in France. The company wants users from only France to be able to access the first version of the application. The company plans to add more countries for the next version of the application. A SysOps administrator needs to configure the routing policy in Amazon Route 53. Which solution will meet these requirements?

A. Use a geoproximity routing policy. Select France as the location in the record.

B. Use a geolocation routing policy. Select France as the location in the record.

C. Use an IP-based routing policy. Select all IP addresses that are allocated to France in the record.

D. Use a geoproximity routing policy. Select all IP addresses that are allocated to France in the record.

A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template it installs and configure necessary software through AWS OpsWorks and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours but at limes the process stalls due to installation errors. The SysOps administrator must modify the CloudFormation template so if the process stalls, the entire stack will tail and roil back. Based on these requirements what should be added to the template?

A. Conditions with a timeout set to 4 hours.

B. CreationPolicy with timeout set to 4 hours.

C. DependsOn a timeout set to 4 hours.

D. Metadata with a timeout set to 4 hours

A company has an organization in AWS Organizations. The company uses shared VPCs to provide networking resources across accounts A SysOps administrator has been able to successfully launch and manage Amazon EC2 instances in a participant account However the SysOps administrator is now receiving an InstanceLimitExceeded error when the SysOps administrator tries to launch a new EC2 instance What should the SysOps administrator do to resolve this error')

A. Request an instance quota increase from the account that owns the VPC

B. Launch additional EC2 instances in a different AWS Region

C. Request an instance quota increase from the parte pant account

D. Launch additional EC2 instances by using a different Amazon Machine image (AMI)

A SysOps administrator receives an alert from Amazon GuardDuty about suspicious network activity on an Amazon FC2 instance. The GuardDuty finding lists a new external IP address as a traffic destination. The SysOps administrator does not recognize the external IP address. The SysOps administrator must block traffic to the external IP address that GuardDuty identified Which solution will meet this requirement?

A. Create a new security group to block traffic to the external IP address. Assign the new security group to the EC2 instance

B. Use VPC flow logs with Amazon Athena to block traffic to the external IP address

C. Create a network ACL Add an outbound deny rule tor traffic to the external IP address

D. Create a new security group to block traffic to the external IP address Assign the new security group to the entire VPC

Users are reporting consistent forced logouts from a stateful web application. The web application Is hosted on Amazon EC2 instances that are in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has multiple target groups with one listener rule The ALB is configured as the origin in an Amazon CloudFront distribution. Which combination of actions should a SysOps administrator take to resolve the logout problem? (Select TWO.)

A. Change to the least outstanding requests algorithm on the ALB target group.

B. Configure cookie forwarding in the CloudFront distribution's cache behavior settings.

C. Configure header forwarding in the CloudFront distribution's cache behavior settings.

D. Enable group-level stickiness on the ALB listener rule for the target groups.

E. Configure weighted target groups on the ALB.

A SysOps administrator is reviewing AWS Trusted Advisor recommendations. The SysOps administrator notices that all the application servers for a finance application are listed in the Low Utilization Amazon EC2 Instances check. The application runs on three instances across three Availability Zones. The SysOps administrator must reduce the cost of running the application without affecting the application's availability or design. Which solution will meet these requirements?

A. Reduce the number of application servers.

B. Apply rightsizing recommendations from AWS Cost Explorer to reduce the instance size.

C. Provision an Application Load Balancer in front of the instances.

D. Scale up the instance size of the application servers.

A SysOps administrator wants to securely share an object from a private Amazon S3 bucket with a group of users who do not have an AWS account. What is the MOST operationally efficient solution that will meet this requirement?

A. Attach an S3 bucket policy that only allows object downloads from the users' IP addresses.

B. Create an 1AM role that has access to the object. Instruct the users to assume the role

C. Create an 1AM user that has access to the object. Share the credentials with the users.

D. Generate a presigned URL for the object. Share the URL with the users.