A sysops administrator must generate a report that provides a breakdown of all API activity by a specific user over the course of a year. AWS CloudTrail has already been enabled.
How should this report be generated?
A, Access the Cloud Trail logs stored in the Amazon S3 bucket tied to Cloud Trail. Use Amazon Athena to extract the information needed to generate the report
B. Locate the monthly reports that CloudTrail sends that are emailed to the account's root user. Forward the reports to the auditor using a secure channel
C. Use the AWS Management Console to search for the user name in the CloudTrail history. Filter by API and download the report in CSV format
D. Use the CloudTrail digest files stored in the company's Amazon S3 bucket. Send the logs to Amazon QuickSight to create the report.
A SysOps Administrator has an AWS CloudFormation template of the company’s existing infrastructure in us-west-2. The Administrator attempts to use the template to launch a new stack in eu-west-1, but the stack only partially deploys, receives an error message, and then rolls back.
Why would this template fail to deploy? (Choose two.)
A company has a VPC with public and private subnets An Amazon EC2 based application resides in the private subnets and needs to process raw csv files stored in an Amazon S3 bucket A sysops administrator has set up the correct 1AM role with the required permissions for the application to access the S3 bucket, but the application is unable to communicate with the S3 bucket
Which action will solve this problem while adhering to least privilege access?
Security has identified an IP address that should be explicity denied for both ingress and egress requests for all services in an Amazon VPC immediately.
Which feature can be used to meet this requirement?
A company is releasing a now static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded, however, upon navigating to the site, the following error message is received:
403 Forbiddan - Access Denied
What change should be made to fix this error'?
A company developed and now runs a memory-intensive application on multiple Amazon EC2 Linux instances. The memory utilization metrics of the EC2 Linux instances must be monitored every minute.
How should the SysOps Administrator publish the memory metrics? (Choose two.)
An organization has developed a new memory-intensive application that is deployed to a large Amazon EC2 Linux fleet. There is concern about potential memory exhaustion, so the Development team wants to monitor memory usage by using Amazon CloudWatch.
What is the MOST efficient way to accomplish this goal?
A company is expanding its use of AWS services across its portfolios. The company wants to provision AWS accounts for each team to ensure a separation of business processes for security, compliance, and billing account creation and bootstrapping should be completed in a scalable and efficient way so new accounts are created with a defined baseline and governance guardrails in place. A sysops administrator needs to design a provisioning process that save time and resources.
Which action should be taken to meet these requirements?
A security audit revealed that the security groups in a VPC have ports 22 and 3389 open to all. introducing a possible threat that instances can be stopped or configurations can be modified. A SysOps administrator needs to automate remediation.
What should the administrator do to meet these requirements?
A SysOps Administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-1 Region. The Administrator finds that this template has failed to create an EC2 instance in the uswest-2 Region.
What is one cause for this failure?
PDF + Testing Engine |
---|
$56 |
Testing Engine |
---|
$42 |
PDF (Q&A) |
---|
$35 |
Amazon Web Services Free Exams |
---|
|