CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-SysOps

Free AWS-SysOps Exam Braindumps (page: 45)

Page 44 of 121
PDF with 477 Questions

A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations.
Which solution will meet this requirement?

  1. Configure Amazon Cognito to detect any compromised IAM credentials.
  2. Set up Amazon Inspector. Scan and monitor resources for unauthorized logins.
  3. Set up AWS Config. Add the iam-policy-blacklisted-check managed rule to the account.
  4. Configure Amazon GuardDuty to monitor the UnauthorizedAccess:IAMUser/ConsoleLoginSuccess.B finding.

Answer(s): D



A company has an Amazon RDS DB instance. The company wants to implement a caching service while maintaining high availability.
Which combination of actions will meet these requirements? (Choose two.)

  1. Add Auto Discovery to the data store.
  2. Create an Amazon ElastiCache for Memcached data store.
  3. Create an Amazon ElastiCache for Redis data store.
  4. Enable Multi-AZ for the data store.
  5. Enable Multi-threading for the data store.

Answer(s): C,D



A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account’s Amazon S3 bucket.
Moving forward, how can the SysOps administrator confirm that the log files have not been modified after being delivered to the S3 bucket?

  1. Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
  2. Enable log file integrity validation and use digest files to verify the hash value of the log file.
  3. Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.
  4. Enable S3 server access logging to track requests made to the log bucket for security audits.

Answer(s): B



A SysOps administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue with the bucket owner, the administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution.
Which action should the administrator take to ensure that users access objects in Amazon S3 by using only CloudFront URLs?

  1. Encrypt the S3 bucket content with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).
  2. Create an origin access identity and grant it permissions to read objects in the S3 bucket.
  3. Assign an IAM user to the CloudFront distribution and grant the user permissions in the S3 bucket policy.
  4. Assign an IAM role to the CloudFront distribution and grant the role permissions in the S3 bucket policy.

Answer(s): B






Post your Comments and Discuss Amazon AWS-SysOps exam with other Community members:

AWS-SysOps Discussions & Posts