CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-SysOps

Free AWS-SysOps Exam Braindumps (page: 17)

Page 16 of 121
PDF with 477 Questions

A company has a stateful, long-running workload on a single xlarge general purpose Amazon EC2 On-Demand Instance Metrics show that the service is always using 80% of its available memory and 40% of its available CPU. A SysOps administrator must reduce the cost of the service without negatively affecting performance.
Which change in instance type will meet these requirements?

  1. Change to one large compute optimized On-Demand Instance.
  2. Change to one large memory optimized On-Demand Instance.
  3. Change to one xlarge general purpose Spot Instance.
  4. Change to two large general purpose On-Demand Instances.

Answer(s): B



A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS
Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file.
What is the MOST operationally efficient solution that meets these requirements?

  1. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB table. The security team can use the values that are stored in DynamoDB to verify the integrity of the delivered files.
  2. Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon 53 object. The security team can use the information in the tag to verify the integrity of the delivered files.
  3. Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.
  4. Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.

Answer(s): D



When the AWS Cloud infrastructure experiences an event that may impact an organization, which AWS service can be used to see which of the organization's resources are affected?

  1. AWS Service Health Dashboard
  2. AWS Trusted Advisor
  3. AWS Personal Health Dashboard
  4. AWS Systems Manager

Answer(s): C

Explanation:


Reference:

https://docs.aws.amazon.com/health/latest/ug/getting-started-phd.html



A company is using an AWS KMS customer master key (CMK) with imported key material. The company references the CMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months.
What is the process to rotate the key?

  1. Enable automatic key rotation for the CMK, and specify a period of 6 months.
  2. Create a new CMK with new imported material, and update the key alias to point to the new CMK.
  3. Delete the current key material, and import new material into the existing CMK.
  4. Import a copy of the existing key material into a new CMK as a backup, and set the rotation schedule for 6 months.

Answer(s): B

Explanation:


Reference:

https://aws.amazon.com/kms/faqs/






Post your Comments and Discuss Amazon AWS-SysOps exam with other Community members:

AWS-SysOps Discussions & Posts