CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-SysOps

Free AWS-SysOps Exam Braindumps (page: 31)

Page 30 of 121
PDF with 477 Questions

A company wants to be alerted through email when IAM CreateUser API calls are made within its AWS account.
Which combination of actions should a SysOps administrator take to meet this requirement? (Choose two.)

  1. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS CloudTrail as the event source and IAM CreateUser as the specific API call for the event pattern.
  2. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with Amazon CloudSearch as the event source and IAM CreateUser as the specific API call for the event pattern.
  3. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS IAM Access Analyzer as the event source and IAM CreateUser as the specific API call for the event pattern.
  4. Use an Amazon Simple Notification Service (Amazon SNS) topic as an event target with an email subscription.
  5. Use an Amazon Simple Email Service (Amazon SES) notification as an event target with an email subscription.

Answer(s): A,D



A database is running on an Amazon RDS Multi-AZ DB instance. A recent security audit found the database to be out of compliance because it was not encrypted.
Which approach will resolve the encryption requirement?

  1. Log in to the RDS console and select the encryption box to encrypt the database.
  2. Create a new encrypted Amazon EBS volume and attach it to the instance.
  3. Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance.
  4. Take a snapshot of the RDS instance, copy and encrypt the snapshot, and then restore to the new RDS instance.

Answer(s): D



A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.
What is the SIMPLEST approach the SysOps administrator can take to ensure S3 buckets in those accounts can never be deleted?

  1. Set up MFA Delete on all the S3 buckets to prevent the buckets from being deleted.
  2. Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.
  3. Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.
  4. Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.

Answer(s): B



A company has an application that is running on Amazon EC2 instances in a VPC. The application needs access to download software updates from the internet. The VPC has public subnets and private subnets. The company’s security policy requires all EC2 instances to be deployed in private subnets.
What should a SysOps administrator do to meet these requirements?

  1. Add an internet gateway to the VPC. In the route table for the private subnets, add a route to the internet gateway.
  2. Add aNAT gateway to a private subnet. In the route table for the private subnets, add a route to the NAT gateway.
  3. Add a NAT gateway to public subnet. In the route table for the private subnets, add a route to the NAT gateway.
  4. Add two internet gateways to the VPC. In the route tables for the private subnets and public subnets, add a route to each internet gateway.

Answer(s): C






Post your Comments and Discuss Amazon AWS-SysOps exam with other Community members:

AWS-SysOps Discussions & Posts