CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-SysOps

Free AWS-SysOps Exam Braindumps (page: 15)

Page 14 of 121
PDF with 477 Questions

A compliance team requires all administrator passwords for Amazon RDS DB instances to be changed at least annually.
Which solution meets this requirement in the MOST operationally efficient manner?

  1. Store the database credentials in AWS Secrets Manager. Configure automatic rotation for the secret every 365 days.
  2. Store the database credentials as a parameter in the RDS parameter group. Create a database trigger to rotate the password every 365 days.
  3. Store the database credentials in a private Amazon S3 bucket. Schedule an AWS Lambda function to generate a new set of credentials every 365 days.
  4. Store the database credentials in AWS Systems Manager Parameter Store as a secure string parameter. Configure automatic rotation for the parameter every 365 days.

Answer(s): A



A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented a strict IP allow list that requires all build uploads to come from a single IP address.
What change should the systems administrator make to the existing build fleet to comply with this new requirement?

  1. Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.
  2. Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.
  3. Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.
  4. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.

Answer(s): A



A company uses an Amazon CloudFront distribution to deliver its website. Traffic logs for the website must be centrally stored, and all data must be encrypted at rest.
Which solution will meet these requirements?

  1. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with internet access and server-side encryption that uses the default AWS managed customer master key (CMK). Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination.
  2. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with VPC access and server-side encryption that uses AES-256. Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination.
  3. Create an Amazon S3 bucket that is configured with default server-side encryption that uses AES-256. Configure CloudFront to use the S3 bucket as a log destination.
  4. Create an Amazon S3 bucket that is configured with no default encryption. Enable encryption in the CloudFront distribution, and use the S3 bucket as a log destination.

Answer(s): C



An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba41fc, and it is actively used by 10 Amazon EC2 hosts. The organization has become concerned that the file system is not encrypted.
How can this be resolved?

  1. Enable encryption on each host's connection to the Amazon EFS volume. Each connection must be recreated for encryption to take effect.
  2. Enable encryption on the existing EFS volume by using the AWS Command Line Interface.
  3. Enable encryption on each host's local drive. Restart each host to encrypt the drive.
  4. Enable encryption on a newly created volume and copy all data from the original volume. Reconnect each host to the new volume.

Answer(s): D






Post your Comments and Discuss Amazon AWS-SysOps exam with other Community members:

AWS-SysOps Discussions & Posts