TEST BORRADO, QUIZÁS LE INTERESE: SysOpsGG
COMENTARIOS |
ESTADÍSTICAS |
RÉCORDS
|
|---|
REALIZAR TEST
|
Título del Test:
SysOpsGG Descripción: SysOps AWS Autor: gg OTROS TESTS DEL AUTOR Fecha de Creación: 26/07/2024 Categoría: Informática Número Preguntas: 59 |
COMPARTE EL TEST
COMENTAR
No hay ningún comentario sobre este test.
Temario:
|
A development team created and deployed a new AWS Lambda function 15 minutes ago. Although the function was invoked many times, Amazon CloudWatch Logs are not showing any log messages.
What is one cause of this? The developers did not enable log messages for this Lambda function. The Lambda function's role does not include permissions to create CloudWatch Logs items. The Lambda function raises an exception before the first log statement has been reached. The Lambda functions creates local log files that have to be shipped to CloudWatch Logs first before becoming visible. A company has an Amazon EC2 instance that has high CPU utilization. The EC2 instance is a t3.large instance and is running a test web application. The company discovers that the web application would operate better on a compute optimized large instance. What should a SysOps administrator do to make this change? Migrate the EC2 instance to a compute optimized instance by using AWS VM Import/Export. Enable hibernation on the EC2 instance. Change the instance type to a compute optimized instance. Disable hibernation on the EC2 instance. Stop the EC2 instance. Change the instance type to a compute optimized instance. Start the EC2 instance. Change the instance type to a compute optimized instance while the EC2 instance is running. A SysOps administrator created an AWS CloudFormation template that provisions an Amazon EventBridge rule that invokes an AWS Lambda function. The Lambda function is designed to write event details to an Amazon CloudWatch log group. The function has permissions to write events to Amazon CloudWatch Logs. However, the SysOps administrator discovered that the Lambda function is not running. How should the SysOps administrator resolve the problem? Update the CloudFormation stack to include an AWS::IAM::Role resource with the required IAM permissions for EventBridge to invoke the function. Assign the role to the EventBridge rule. Update the CloudFormation stack to include an AWS::IAM::Role resource with the required IAM permissions for the function. Assign the role as the function execution role. Update the CloudFormation stack with an AWS::Lambda::Permission resource to ensure events.amazonaws.com has permissions to invoke the function. Update the CloudFormation stack with an AWS::Lambda::Permission resource to ensure lambda.amazonaws.com has permissions to invoke the function. A company is using AWS Certificate Manager (ACM) to manage public SSL/TLS certificates. A SysOps administrator needs to send an email notification when a certificate has less than 14 days until expiration. Which solution will meet this requirement with the LEAST operational overhead? Create an Amazon CloudWatch custom metric to monitor certificate expiration for all ACM certificates. Create an Amazon EventBridge rule that has an event source of aws.cloudwatch. Configure the rule to send an event to a target Amazon Simple Notification Service (Amazon SNS) topic if the DaysToExpiry metric is less than 14. Subscribe the appropriate email addresses to the SNS topic. Create an Amazon EventBridge rule that has an event source of aws.acm. Configure the rule to evaluate the DaysToExpiry metric for all ACM certificates. Configure the rule to send an event to a target Amazon Simple Notification Service (Amazon SNS) topic if DaysToExpiry is less than 14. Subscribe the appropriate email addresses to the SNS topic. Create an Amazon CloudWatch dashboard that displays the DaysToExpiry metric for all ACM certificates. If DaysToExpiry is less than 14, send an email message to the appropriate email addresses. Send the email message by running a predefined CLI command to publish to an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon EventBridge rule that has an event source of aws.acm. Configure the rule to evaluate the DaysToExpiry metric for all ACM certificates. Configure a target SMS identity that uses a predefined email template. Configure the rule to send an event to the target SMS identity if DaysToExpiry is less than 14. A global company wants to allow anyone in the world to upload videos from a mobile phone. The company's mobile app uploads the videos across the public internet to an Amazon S3 bucket in the us-east-1 Region for further processing. Videos that users upload from locations that are distant from us-east-1 have slower upload speeds than videos that users upload from close to us-east-1. In many cases, the slow uploads cause users from the distant locations to cancel their uploads. Which solution will improve the upload speeds for the users from distant locations? Enable S3 Transfer Acceleration on the S3 bucket. Change the mobile app to use the S3 Transfer Acceleration endpoint for uploads. Create an S3 access point for the S3 bucket in several AWS Regions across the world. Change the mobile app to use the S3 access point endpoint for uploads. Use S3 Select on the S3 bucket. Change the mobile app to use the S3 Select global endpoint for uploads. Create new public Network Load Balancers (NLBs) in several AWS Regions across the world. Specify the S3 bucket as the target of the NLBs. Change the mobile app to use the closest NLB for uploads. A company's SysOps administrator uses AWS IAM Identity Center (AWS Single Sign-On) to connect to an Active Directory. The SysOps administrator creates a new account that all the company's users need to access. The SysOps administrator uses the Active Directory Domain Users group for permissions to the new account because all users are already members of the group. When users try to log in, their access is denied. Which action will resolve this access issue? Create a new group. Add users to the new group to provide access. Correct the time on the Active Directory domain controllers. Remove the account. Re-add the account to the organization that is integrated with IAM Identity Center. Correct the permissions on the Active Directory group so that IAM Identity Center has read access. A SysOps administrator has noticed millions of LIST requests on an Amazon S3 bucket. Which services or features can the administrator use to investigate where the requests are coming from? (Choose two.) AWS CloudTrail data events Amazon EventBridge AWS Health Dashboard Amazon S3 server access logging AWS Trusted Adviso. A company has an application that uses an Amazon RDS for MariaDB Multi-AZ database. The application becomes unavailable for several minutes every time the database experiences a failover during a planned maintenance event. What should a SysOps administrator do to reduce the downtime of the application during failover? Create an RDS for MariaDB DB cluster that has multiple writer instances. Configure the application to retry failed queries on another primary node during maintenance events. Configure the RDS maintenance window settings to pool connections while a failover is in process. Configure an Amazon ElastiCache write-through cache for the database. Configure the application to connect to the cache instead of directly to the database. Create an RDS proxy that is associated with the database. Configure the application to connect to the proxy instead of directly to the database. A SysOps administrator needs to monitor a process that runs on Linux Amazon EC2 instances. If the process stops, the process must restart automatically. The Amazon CloudWatch agent is already installed on all the EC2 instances. Which solution will meet these requirements? Add a procstat monitoring configuration to the CloudWatch agent for the process. Create an Amazon EventBridge event rule that initiates an AWS Systems Manager Automation runbook to restart the process after the process stops. Add a StatsD monitoring configuration to the CloudWatch agent for the process. Create a CloudWatch alarm that initiates an AWS Systems Manager Automation runbook to restart the process after the process stops. Add a StatsD monitoring configuration to the CloudWatch agent for the process. Create an Amazon EventBridge event rule that initiates an AWS Systems Manager Automation runbook to restart the process after the process stops. Add a procstat monitoring configuration to the CloudWatch agent for the process. Create a CloudWatch alarm that initiates an AWS Systems Manager Automation runbook to restart the process after the process stops. A company has an AWS Site-to-Site VPN connection between on-premises resources and resources that are hosted in a VPC. A SysOps administrator launches an Amazon EC2 instance that has only a private IP address into a private subnet in the VPC. The EC2 instance runs Microsoft Windows Server. A security group for the EC2 instance has rules that allow inbound traffic from the on-premises network over the VPN connection. The on-premises environment contains a third-party network firewall. Rules in the third-party network firewall allow Remote Desktop Protocol (RDP) traffic to flow between the on-premises users over the VPN connection. The on-premises users are unable to connect to the EC2 instance and receive a timeout error. What should the SysOps administrator do to troubleshoot this issue? Create Amazon CloudWatch logs for the EC2 instance to check for blocked traffic. Create Amazon CloudWatch logs for the Site-to-Site VPN connection to check for blocked traffic. Create VPC flow logs for the EC2 instance's elastic network interface to check for rejected traffic. Instruct users to use EC2 Instance Connect as a connection method. A company wants to apply an existing Amazon Route 53 private hosted zone to a new VPC to allow for customized resource name resolution within the VPC. The SysOps administrator created the VPC and added the appropriate resource record sets to the private hosted zone. Which step should the SysOps administrator take to complete the setup? Associate the Route 53 private hosted zone with the VPC. Create a rule in the default security group for the VPC that allows traffic to the Route 53 Resolver. Ensure the VPC network ACLs allow traffic to the Route 53 Resolver. Ensure there is a route to the Route 53 Resolver in each of the VPC route tables. A company uses AWS Organizations to host several applications across multiple AWS accounts. Several teams are responsible for building and maintaining the infrastructure of the applications across the AWS accounts. A SysOps administrator must implement a solution to ensure that user accounts and permissions are centrally managed. The solution must be integrated with the company's existing on-premises Active Directory environment. The SysOps administrator already has enabled AWS IAM Identity Center (AWS Single Sign-On) and has set up an AWS Direct Connect connection. What is the MOST operationally efficient solution that meets these requirements? Create a Simple AD domain, and establish a forest trust relationship with the on-premises Active Directory domain. Set the Simple AD domain as the identity source for IAM Identity Center. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage. Create an Active Directory domain controller on an Amazon EC2 instance that is joined to the on-premises Active Directory domain. Set the Active Directory domain controller as the identity source for IAM Identity Center. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage. Create an AD Connector that is associated with the on-premises Active Directory domain. Set the AD Connector as the identity source for IAM Identity Center. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage. Use the built-in SSO directory as the identity source for IAM Identity Center. Copy the users and groups from the on-premises Active Directory domain. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage. A SysOps administrator is using IAM credentials to try to upload a file to a customer's Amazon S3 bucket that is named DOC-EXAMPLE-BUCKET. The SysOps administrator is receiving an AccessDenied message. Which combination of configuration changes will correct this problem? (Choose two.) Add this IAM policy to the SysOps administrator user: { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowAccess", "Effect": "Allow", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*" } ] } Add this IAM policy to the customer S3 bucket: { "Version": "2008-10-17", "Statement": [ { "Sid": "AllowAccess", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<SysOps Administrator Account Number>:root" }, "Action": "s3:PutObject", "Resource": [ "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*" ] } ] } Add this IAM policy to the SysOps administrator user: { "Version": "2008-10-17", "Statement": [ { "Sid": "AllowAccess", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<SysOps Administrator Account Number>:root" }, "Action": "s3:PutObject", "Resource": [ "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*" ] } ] } Add this IAM policy to the customer account root user: { "Version": "2008-10-17", "Statement": [ { "Sid": "AllowAccess", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<SysOps Administrator Account Number>:root" }, "Action": "s3:PutObject", "Resource": [ "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*" ] } ] } Add this IAM policy to the SysOps administrator account root user: { "Version": "2008-10-17", "Statement": [ { "Sid": "AllowTrainingPeaksAccess", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<Customer Account Number>:root" }, "Action": "s3:PutObject", "Resource": [ "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*" ] } ] }. A company has attached the following policy to an IAM user: { "Version": "2012-10-17", "Statement": [ { “Effect”: "Allow", "Action": “rds:Describe*”, "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:*", "Resource": "*", "Condition": { "stringEquals": { "ec2:Region": “us-east-1” } } }, { "Effect": "Deny", "NotaAction”: [ “ec2:*”, "s3:Getobject" ], "Resource": "*" } ] } Which of the following actions are allowed for the IAM user? Amazon RDS DescribeDBInstances action in the us-east-1 Region Amazon S3 PutObject operation in a bucket named testbucket Amazon EC2 DescribeInstances action in the us-east-1 Region Amazon EC2 AttachNetworkInterface action in the eu-west-1 Region. A company manages its production applications across several AWS accounts. The company hosts the production applications on Amazon EC2 instances that run Amazon Linux 2. The EC2 instances are spread across multiple VPCs. Each VPC uses its own Amazon Route 53 private hosted zone for private DNS. A VPC from Account A needs to resolve private DNS records from a private hosted zone that is associated with a different VPC in Account B. What should a SysOps administrator do to meet these requirements? In Account A, create an AWS Systems Manager document that updates the /etc/resolv.conf file across all EC2 instances to point to the AWS provided default DNS resolver for the VPC in Account B. In Account A, create an AWS CloudFormation template that associates the private hosted zone from Account B with the private hosted zone in Account A. In Account A, use the AWS CLI to create a VPC association authorization. When the association is created, use the AWS CLI in Account B to associate the VPC from Account A with the private hosted zone in Account B. In Account B, use the AWS CLI to create a VPC association authorization. When the association is created, use the AWS CLI in Account A to associate the VPC from Account B with the private hosted zone in Account A. A company has created a NAT gateway in a public subnet in a VPC. The VPC also contains a private subnet that includes Amazon EC2 instances. The EC2 instances use the NAT gateway to access the internet to download patches and updates. The company has configured a VPC flow log for the elastic network interface of the NAT gateway. The company is publishing the output to Amazon CloudWatch Logs. A SysOps administrator must identify the top five internet destinations that the EC2 instances in the private subnet communicate with for downloads. What should the SysOps administrator do to meet this requirement in the MOST operationally efficient way? Use AWS CloudTrail Insights events to identify the top five internet destinations. Use Amazon CloudFront standard logs (access logs) to identify the top five internet destinations. Use CloudWatch Logs Insights to identify the top five internet destinations. Change the flow log to publish logs to Amazon S3. Use Amazon Athena to query the log files in Amazon S3. A company runs a worker process on three Amazon EC2 instances. The instances are in an Auto Scaling group that is configured to use a simple scaling policy. The instances process messages from an Amazon Simple Queue Service (Amazon SQS) queue. Random periods of increased messages are causing a decrease in the performance of the worker process. A SysOps administrator must scale the instances to accommodate the increased number of messages. Which solution will meet these requirements? Use CloudWatch to create a metric math expression to calculate the approximate age of the oldest message in the SQS queue. Create a target tracking scaling policy for the metric math expression to modify the Auto Scaling group. Use CloudWatch to create a metric math expression to calculate the approximate number of messages visible in the SQS queue for each instance. Create a target tracking scaling policy for the metric math expression to modify the Auto Scaling group. Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group. Create a target tracking scaling policy for the ALBRequestCountPerTarget metric to modify the Auto Scaling group. Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group. Create a scheduled scaling policy for the Auto Scaling group. A company's VPC has an existing IPv4 configuration. The IPv4 configuration includes public subnets, private subnets, NAT gateways, default route tables, and ACLs. The company associates an IPv6 CIDR block with the VPC. The company adds IPv6 allocations to each existing subnet and adds routes to the route tables. The company updates the ACLs to allow all IPv6 traffic. Public subnets are working as expected, but private subnets are not allowing internet IPv6 connections. What should a SysOps administrator do to allow outbound-only connectivity for the new IPv6 subnets? Configure an egress-only internet gateway and associate it with the VPC. Create a default route in the route tables that are associated with the private subnets. Configure the default route to point to the egress-only internet gateway. Turn on IPv6 NAT on the NAT gateways. Create a default route in the route tables that are associated with the private subnets. Configure the default route to point to the NAT gateways. Configure a new IPv6-only NAT gateway. Create a default route in the route tables that are associated with the private subnets. Configure the default route to point to the IPv6-only NAT gateway. Create a default route in the route tables that are associated with the private subnets. Configure the default route to point to the existing internet gateway. A company runs its web application on multiple Amazon EC2 instances that are part of an Auto Scaling group. The company wants the Auto Scaling group to scale out as soon as CPU utilization rises above 50% for the instances. How should a SysOps administrator configure the Auto Scaling group to meet these requirements? Configure the Auto Scaling group to scale based on events. Configure the Auto Scaling group to scale based on a schedule. Configure the Auto Scaling group to scale dynamically based on demand. Configure the Auto Scaling group to use predictive scaling. A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps administrator inspects the VPC flow logs and finds the following entry 2 111122223333 eni-<###> 192.0.2.15 203.0.113.56 40711 443 6 1 40 1418530010 1418530070 REJECT OK What is a possible cause of these failed connections? A security group deny rule is blocking traffic on port 443. The EC2 instance is shut down. The network ACL is blocking HTTPS traffic. The VPC has no internet gateway attached. A company has 50 AWS accounts and wants to create an identical Amazon VPC in each account. Any changes the company makes to the VPCs in the future must be implemented on every VPC. What is the MOST operationally efficient method to deploy and update the VPCs in each account? Create an AWS CloudFormation template that defines the VPC. Sign in to the AWS Management Console under each account. Create a stack from the template. Create a shell script that configures the VPC using the AWS CLI. Provide a list of accounts to the shell script from a text file. Create the VPC in every account in the list. Create an AWS Lambda function that configures the VPStore the account information in Amazon DynamoDB. Grant Lambda access to the DynamoDB table. Create the VPC in every account in the list. Create an AWS CloudFormation template that defines the VPC. Create an AWS CloudFormation StackSet based on the template. Deploy the template to all accounts using the stack set. A company has deployed an application on AWS. The application runs on a fleet of Linux Amazon EC2 instances that are in an Auto Scaling group. The Auto Scaling group is configured to use launch templates. The launch templates launch Amazon Elastic Block Store (Amazon EBS) backed EC2 instances that use General Purpose SSD (gp3) EBS volumes for primary storage. A SysOps administrator needs to implement a solution to ensure that all the EC2 instances can share the same underlying files. The solution also must ensure that the data is consistent. Which solution will meet these requirements? Create an Amazon Elastic File System (Amazon EFS) file system. Create a new launch template version that includes user data that mounts the EFS file system. Update the Auto Scaling group to use the new launch template version to cycle in newer EC2 instances and to terminate the older EC2 instances. Enable Multi-Attach on the EBS volumes. Create a new launch template version that includes user data that mounts the EBS volume. Update the Auto Scaling group to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances. Create a cron job that synchronizes the data between the EBS volumes for all the EC2 instances in the Auto Scaling group. Create a lifecycle hook during instance launch to configure the cron job on all the EC2 instances. Rotate out the older EC2 instances. Create a new launch template version that creates an Amazon Elastic File System (Amazon EFS) file system. Update the Auto Scaling group to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances. A company is running workloads on premises and on AWS. A SysOps administrator needs to automate tasks across all servers on premises by using AWS services. The SysOps administrator must not install long-term credentials on the on-premises servers. What should the SysOps administrator do to meet these requirements? Create an IAM role and instance profile that include AWS Systems Manager permissions. Attach the role to the on-premises servers. Create a managed-instance activation in AWS Systems Manager. Install the Systems Manager Agent (SSM Agent) on the on-premises servers. Register the servers with the activation code and ID from the instance activation. Create an AWS managed IAM policy that includes the appropriate AWS Systems Manager permissions. Download the IAM policy to the on-premises servers. Create an IAM user and an access key. Log on to the on-premises servers and install the AWS CLI. Configure the access key in the AWS credentials file after the AWS CLI is successfully installed. A company recently deployed an application in production. The production environment currently runs on a single Amazon EC2 instance that hosts the application's web application and a MariaDB database. Company policy states that all IT production environments must be highly available. What should a SysOps administrator do to meet this requirement? Migrate the database from the EC2 instance to an Amazon RDS for MariaDB Multi-AZ DB instance. Run the application on EC2 instances that are in an Auto Scaling group that extends across multiple Availability Zones. Place the EC2 instances behind a load balancer. Migrate the database from the EC2 instance to an Amazon RDS for MariaDB Multi-AZ DB instance. Use AWS Application Migration Service to convert the application into an AWS Lambda function. Specify the Multi-AZ option for the Lambda function. Copy the database to a different EC2 instance in a different Availability Zone. Use AWS Backup to create Amazon Machine Images (AMIs) of the application EC2 instance and the database EC2 instance. Create an AWS Lambda function that performs health checks every minute. In case of failure, configure the Lambda function to launch a new EC2 instance from the AMIs that AWS Backup created. Migrate the database to a different EC2 instance. Place the application EC2 instance in an Auto Scaling group that extends across multiple Availability Zones. Create an Amazon Machine Image (AMI) from the database EC2 instance. Use the AMI to launch a second database EC2 instance in a different Availability Zone. Put the second database EC2 instance in the stopped state. Use the second database EC2 instance as a standby. Users are reporting consistent forced logouts from a stateful web application. The logouts occur before the expiration of a 15-minute application logout timer. The web application is hosted on Amazon EC2 instances that are in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has a single target group. The ALB is configured as the origin in an Amazon CloudFront distribution. Session affinity (sticky sessions) is already enabled on the ALB target group and uses duration-based cookies. The web application generates its own application cookie. Which combination of actions should a SysOps administrator take to resolve the logout problem? (Choose two.) Change to the least outstanding requests algorithm on the ALB target group. Configure cookie forwarding in the CloudFront distribution's cache behavior settings. Configure the duration-based cookie to be named AWSALB. Configure the ALB to use the expiration cookie header. Change the ALB to use application-based cookies. A SysOps administrator is re-architecting an application. The SysOps administrator has moved the database from a public subnet, where the database used a public endpoint, into a private subnet to restrict access from the public network. After this change, an AWS Lambda function that requires read access to the database cannot connect to the database. The SysOps administrator must resolve this issue without compromising security. Which solution meets these requirements? Create an AWS PrivateLink interface endpoint for the Lambda function. Connect to the database using its private endpoint. Connect the Lambda function to the database VPC. Connect to the database using its private endpoint. Attach an IAM role to the Lambda function with read permissions to the database. Move the database to a public subnet. Use security groups for secure access. A SysOps administrator must create an IAM policy for a developer who needs access to specific AWS services. Based on the requirements, the SysOps administrator creates the following policy: { "Version": "2012-10-17", "Statement": [ { "Action": [ "storagegateway:Describe*", "elasticloadbalancing:*", "lambda:*", "sqs:List*" ], "Effect": "Allow", "Resource": "*" } ] } Which actions does this policy allow? (Choose two.) Create an AWS Storage Gateway. Create an IAM role for an AWS Lambda function. Delete an Amazon Simple Queue Service (Amazon SQS) queue. Describe AWS load balancers. Invoke an AWS Lambda function. A company wants to store sensitive financial data within Amazon S3 buckets. The company has a corporate policy that does not allow public read or write access to the buckets. A SysOps administrator must create a solution to automatically remove S3 permissions that allow public read or write access. Which AWS service should the SysOps administrator use to meet these requirements in the MOST operationally efficient manner? AWS Config AWS Security Hub AWS Trusted Advisor Amazon Inspector. A company is running an application on a group of Amazon EC2 instances behind an Application Load Balancer. The EC2 instances run across three Availability Zones. The company needs to provide the customers with a maximum of two static IP addresses for their applications. How should a SysOps administrator meet these requirements? Add AWS Global Accelerator in front of the Application Load Balancer. Add an internal Network Load Balancer behind the Application Load Balancer. Configure the Application Load Balancer in only two Availability Zones. Create two Elastic IP addresses and assign them to the Application Load Balancer. A SysOps administrator wants to share a copy of a production database with a migration account. The production database is hosted on an Amazon RDS DB instance and is encrypted at rest with an AWS Key Management Service (AWS KMS) key that has an alias of production-rds-key. What must the SysOps administrator do to meet these requirements with the LEAST administrative overhead? Take a snapshot of the RDS DB instance in the production account. Amend the KMS key policy of the production-rds-key KMS key to give access to the migration account's root user. Share the snapshot with the migration account. Create an RDS read replica in the migration account. Configure the KMS key policy to replicate the production-rds-key KMS key to the migration account. Take a snapshot of the RDS DB instance in the production account. Share the snapshot with the migration account. In the migration account, create a new KMS key that has an identical alias. Use native database toolsets to export the RDS DB instance to Amazon S3. Create an S3 bucket and an S3 bucket policy for cross account access between the production account and the migration account. Use native database toolsets to import the database from Amazon S3 to a new RDS DB instance. A company is running Amazon RDS for PostgreSQL Multi-AZ DB clusters. The company uses an AWS CloudFormation template to create the databases individually with a default size of 100 GB. The company creates the databases every Monday and deletes the databases every Friday. Occasionally, the databases run low on disk space and initiate an Amazon CloudWatch alarm. A SysOps administrator must prevent the databases from running low on disk space in the future. Which solution will meet these requirements with the FEWEST changes to the application? Modify the CloudFormation template to use Amazon Aurora PostgreSQL as the DB engine. Modify the CloudFormation template to use Amazon DynamoDB as the database. Activate storage auto scaling during creation of the tables. Modify the Cloud Formation template to activate storage auto scaling on the existing DB instances. Create a CloudWatch alarm to monitor DB instance storage space. Configure the alarm to invoke the VACUUM command. A company uses Amazon CloudFront to serve static content to end users. The company's marketing team recently deployed updates to 150 images on the company's website. However, the website is not displaying some of the new images. A SysOps administrator reviews the CloudFront distribution's cache settings. The default TTL for the distribution is set to 1 week (604,800 seconds). What should the SysOps administrator do to refresh the cache with the new images in the MOST operationally efficient way? Create a new CloudFront distribution that has the same origin. Set the default TTL to 1 minute (60 seconds). Switch Amazon Route 53 DNS records to use the new distribution. Instruct the marketing team to upload the new images to a different location. When the new images are uploaded, update the website to locate the new images. Issue a CloudFront invalidation request to immediately expire the new images from the marketing team's update. Update the existing CloudFront distribution to reconfigure the default TTL to 1 minute (60 seconds). During submission of the new configuration, include the flag to invalidate objects in the specified path. A company is transitioning away from applications that are hosted on Amazon EC2 instances. The company wants to implement a serverless architecture that uses Amazon S3, Amazon API Gateway, AWS Lambda, and Amazon CloudFront. As part of this transition, the company has Elastic IP addresses that are unassociated with any EC2 instances after the EC2 instances are terminated. A SysOps administrator needs to automate the process of releasing all unassociated Elastic IP addresses that remain after the EC2 instances are terminated. Which solution will meet this requirement in the MOST operationally efficient way? Activate the eip-attached AWS Config managed rule to run automatically when resource changes occur in the AWS account. Configure automatic remediation for the rule. Specify the AWS-ReleaseElasticIP AWS Systems Manager Automation runbook for remediation. Specify an appropriate role that has permission for the remediation. Create a custom Lambda function that calls the EC2 ReleaseAddress API operation and specifies the Elastic IP address AllocationId. Invoke the Lambda function by using an Amazon EventBridge rule. Specify AWS services as the event source, All Events as the event type, and AWS Trusted Advisor as the target. Create an Amazon EventBridge rule. Specify AWS services as the event source, Instance State-change Notification as the event type, and Amazon EC2 as the service. Invoke a Lambda function that extracts the Elastic IP address from the notification. Use AWS CloudFormation to release the address by specifying the AllocationId as an input parameter. Create a custom Lambda function that calls the EC2 ReleaseAddress API operation and specifies the Elastic IP address AllocationId. Invoke the Lambda function by using an Amazon EventBridge rule. Specify AWS services as the event source, Instance State-change Notification as the event type, and Amazon EC2 as the service. A company has several member accounts that are in an organization in AWS Organizations. The company recently discovered that administrators have been using account root user credentials. The company must prevent the administrators from using root user credentials to perform any actions on Amazon EC2 instances. What should a SysOps administrator do to meet this requirement? Create an identity-based IAM policy in each member account to deny actions on EC2 instances by the root user. In the organization's management account, create a service control policy (SCP) to deny actions on EC2 instances by the root user in all member accounts. Use AWS Config to prevent any actions on EC2 instances by the root user. Use Amazon Inspector in each member account to scan for root user logins and to prevent any actions on EC2 instances by the root user. A company has an Amazon EC2 instance that supports a production system. The EC2 instance is backed by an Amazon Elastic Block Store (Amazon EBS) volume. The EBS volume's drive has filled to 100% capacity, which is causing the application on the EC2 instance to experience errors. Which solution will remediate these errors in the LEAST amount of time? Modify the EBS volume by adding additional drive space. Log on to the EC2 instance. Use the file system-specific commands to extend the file system. Create a snapshot of the existing EBS volume. When the snapshot is complete, create an EBS volume of a larger size from the snapshot in the same Availability Zone as the EC2 instance. Attach the new EBS volume to the EC2 instance. Mount the file system. Create a new EBS volume of a larger size in the same Availability Zone as the EC2 instance. Attach the EBS volume to the EC2 instance. Copy the data from the existing EBS volume to the new EBS volume. Stop the EC2 instance. Change the EC2 instance to a larger instance size that includes additional drive space. Start the EC2 instance. A company has scientists who upload large data objects to an Amazon S3 bucket. The scientists upload the objects as multipart uploads. The multipart uploads often fail because of poor end-client connectivity. The company wants to optimize storage costs that are associated with the data. A SysOps administrator must implement a solution that presents metrics for incomplete uploads. The solution also must automatically delete any incomplete uploads after 7 days. Which solution will meet these requirements? Review the Incomplete Multipart Upload Bytes metric in the S3 Storage Lens dashboard. Create an S3 Lifecycle policy to automatically delete any incomplete multipart uploads after 7 days. Implement S3 Intelligent-Tiering to move data into lower-cost storage classes after 7 days. Create an S3 Storage Lens policy to automatically delete any incomplete multipart uploads after 7 days. Access the S3 console. Review the Metrics tab to check the storage that incomplete multipart uploads are consuming. Create an AWS Lambda function to delete any incomplete multipart uploads after 7 days. Use the S3 analytics storage class analysis tool to identify and measure incomplete multipart uploads. Configure an S3 bucket policy to enforce restrictions on multipart uploads to delete incomplete multipart uploads after 7 days. An ecommerce company uses an Amazon ElastiCache for Redis cluster for in-memory caching of popular product queries on a shopping website. The cache eviction policy is randomly evicting keys whether or not a TTL is set. A SysOps administrator must improve the cache hit ratio without increasing costs. Which solution will meet these requirements? Add another node to the ElastiCache cluster. Increase the ElastiCache TTL value. Change the eviction policy to randomly evict keys that have a TTL set. Change the eviction policy to evict the least frequently used keys. A company needs to monitor the disk utilization of Amazon Elastic Block Store (Amazon EBS) volumes. The EBS volumes are attached to Amazon EC2 Linux instances. A SysOps administrator must set up an Amazon CloudWatch alarm that provides an alert when disk utilization increases to more than 80%. Which combination of steps must the SysOps administrator take to meet these requirements? (Choose three.) Create an IAM role that includes the CloudWatchAgentServerPolicy AWS managed policy. Attach the role to the instances. Create an IAM role that includes the CloudWatchApplicationInsightsReadOnlyAccess AWS managed policy. Attach the role to the instances. Install and start the CloudWatch agent by using AWS Systems Manager or the command line. Install and start the CloudWatch agent by using an IAM role. Attach the CloudWatchAgentServerPolicy AWS managed policy to the role. Configure a CloudWatch alarm to enter ALARM state when the disk_used_percent CloudWatch metric is greater than 80%. Configure a CloudWatch alarm to enter ALARM state when the disk_used CloudWatch metric is greater than 80% or when the disk_free CloudWatch metric is less than 20%. A company's web application runs on Amazon EC2 instances in a single AWS Region. The infrastructure must be designed so the application remains available with no performance degradation in the event of an Availability Zone (AZ) failure. To ensure optimal performance, the application must maintain a minimum of 12 instances at all times. Which solution will meet the requirements with the fewest running instances possible? 2 AZs with 6 instances in each AZ 2 AZs with 12 instances in each AZ 3 AZs with 4 instances in each AZ 3 AZs with 6 instances in each AZ. A company has developed a service that is deployed on a fleet of Linux-based Amazon EC2 instances that are in an Auto Scaling group. The service occasionally fails unexpectedly because of an error in the application code. The company's engineering team determines that resolving the underlying cause of the service failure could take several weeks. A SysOps administrator needs to create a solution to automate recovery if the service crashes on any of the EC2 instances. Which solutions will meet this requirement? (Choose two.) Install the Amazon CloudWatch agent on the EC2 instances. Configure the CloudWatch agent to monitor the service. Set the CloudWatch action to restart if the service health check fails. Tag the EC2 instances. Create an AWS Lambda function that uses AWS Systems Manager Session Manager to log in to the tagged EC2 instances and restart the service. Schedule the Lambda function to run every 5 minutes. Tag the EC2 instances. Use AWS Systems Manager State Manager to create an association that uses the AWS-RunShellScript document. Configure the association command with a script that checks if the service is running and that starts the service if the service is not running. For targets, specify the EC2 instance tag. Schedule the association to run every 5 minutes. Update the EC2 user data that is specified in the Auto Scaling group's launch template to include a script that runs on a cron schedule every 5 minutes. Configure the script to check if the service is running and to start the service if the service is not running. Redeploy all the EC2 instances in the Auto Scaling group with the updated launch template. Update the EC2 user data that is specified in the Auto Scaling group's launch template to ensure that the service runs during startup. Redeploy all the EC2 instances in the Auto Scaling group with the updated launch template. A company has a stateless application that is hosted on a fleet of 10 Amazon EC2 On-Demand Instances in an Auto Scaling group. A minimum of 6 instances are needed to meet service requirements. Which action will maintain uptime for the application MOST cost-effectively? Use a Spot Fleet with an On-Demand capacity of 6 instances. Update the Auto Scaling group with a minimum of 6 On-Demand Instances and a maximum of 10 On-Demand Instances. Update the Auto Scaling group with a minimum of 1 On-Demand Instance and a maximum of 6 On-Demand Instances. Use a Spot Fleet with a target capacity of 6 instances. A SysOps administrator has set up a new Amazon EC2 instance as a web server in a public subnet. The instance uses HTTP port 80 and HTTPS port 443. The SysOps administrator has confirmed internet connectivity by downloading operating system updates and software from public repositories. However, the SysOps administrator cannot access the instance from a web browser on the internet. Which combination of steps should the SysOps administrator take to troubleshoot this issue? (Choose three.) Ensure that the inbound rules of the instance’s security group allow traffic on ports 80 and 443. Ensure that the outbound rules of the instance’s security group allow traffic on ports 80 and 443. Ensure that ephemeral ports 1024-65535 are allowed in the inbound rules of the network ACL that is associated with the instance's subnet. Ensure that ephemeral ports 1024-65535 are allowed in the outbound rules of the network ACL that is associated with the instance’s subnet. Ensure that the filtering rules for any firewalls that are running on the instance allow inbound traffic on ports 80 and 443. Ensure that AWS WAF is turned on for the instance and is blocking web traffic. A company has a high performance computing (HPC) application that runs on Amazon EC2 instances. The application requires minimum latency and maximum network throughput between nodes. How should a SysOps administrator deploy the EC2 instances to meet these requirements? Use a cluster placement group in a single Availability Zone. Use a cluster placement group across multiple Availability Zones. Use a partition placement group in a single Availability Zone. Use a partition placement group across multiple Availability Zones. A company stores its internal data within an Amazon S3 bucket. All existing data within the S3 bucket is protected by using server-side encryption with Amazon S3 managed encryption keys (SSE-S3). S3 Versioning is enabled. A SysOps administrator must replicate the internal data to another S3 bucket in a different AWS account for disaster recovery. All the existing data is copied from the source S3 bucket to the destination S3 bucket. Which replication solution is MOST operationally efficient? Add a replication rule to the source bucket and specify the destination bucket. Create a bucket policy for the destination bucket to allow the owner of the source bucket to replicate objects. Schedule an AWS Batch job with Amazon EventBridge to copy new objects from the source bucket to the destination bucket. Create a Batch Operations IAM role in the destination account. Configure an Amazon S3 event notification for the source bucket to invoke an AWS Lambda function to copy new objects to the destination bucket. Ensure that the Lambda function has cross-account access permissions. Run a scheduled script on an Amazon EC2 instance to copy new objects from the source bucket to the destination bucket. Assign cross-account access permissions to the EC2 instance's role. A SysOps administrator is troubleshooting a VPC with public and private subnets that leverage custom network ACLs. Instances in the private subnet are unable to access the internet. There is an internet gateway attached to the public subnet. The private subnet has a route to a NAT gateway that is also attached to the public subnet. The Amazon EC2 instances are associated with the default security group for the VPC. What is causing the issue in this scenario? There is a network ACL on the private subnet set to deny all outbound traffic. There is no NAT gateway deployed in the private subnet of the VPC. The default security group for the VPC blocks all inbound traffic to the EC2 instances. The default security group for the VPC blocks all outbound traffic from the EC2 instances. A company is running an ecommerce application on AWS. The application maintains many open but idle connections to an Amazon Aurora DB cluster. During times of peak usage, the database produces the following error message: "Too many connections." The database clients are also experiencing errors. Which solution will resolve these errors? Increase the read capacity units (RCUs) and the write capacity units (WCUs) on the database. Configure RDS Proxy. Update the application with the RDS Proxy endpoint. Turn on enhanced networking for the DB instances. Modify the DB cluster to use a burstable instance type. A custom application must be installed on all Amazon EC2 instances. The application is small, updated frequently, and can be installed automatically. How can the application be deployed on new EC2 instances? Launch a script that downloads and installs the application using Amazon EC2 user data. Create a custom API using Amazon API Gateway to call an installation executable from an AWS CloudFormation template. Use AWS Systems Manager to inject the application into an AMI. Configure AWS CodePipeline to deploy code changes and updates. A SysOps administrator notices that the cache hit ratio for an Amazon CloudFront distribution is less than 10%. The SysOps administrator needs to increase the cache hit ratio for the distribution, improve network performance, and reduce the load on the origin. Which combination of actions should the SysOps administrator take to meet these requirements? (Choose two.) Enable CloudFront Origin Shield for the required AWS Regions. Change the viewer protocol policy to use HTTPS only. Add a second origin. Create an origin group that includes both origins. Activate CloudFront origin failover. Turn on automatic compression of objects in the cache behavior settings. Increase the CloudFront TTL values in the cache behavior settings. A SysOps administrator configured VPC flow logs by using the default format. The SysOps administrator specified Amazon CloudWatch Logs as the destination. This solution has worked successfully for several months. However, because of additional troubleshooting requirements, the SysOps administrator needs to include the tcp-flags field on the flow logs. What should the SysOps administrator do to meet this requirement? Create a new flow log. Include the tcp-flags field in the custom log format. Delete the original flow log. In the CloudWatch Logs log group, modify the filter to include the tcp-flags field and the type field. In CloudWatch Metrics, modify the metric configuration to include the tcp-flags field. Modify the existing flow log. Include the tcp-flags field and the type field in the custom log format. Save the configuration. A company deploys a new application to Amazon EC2 instances. The application code is stored in an AWS CodeCommit repository. The company uses an AWS CodePipeline pipeline to deploy the code to the EC2 instances through a continuous integration and continuous delivery (CI/CD) process. A SysOps administrator needs to ensure that sensitive database information is configured properly on the EC2 instances to prevent accidental leakage of credentials. Which solutions will store and retrieve the sensitive information in the MOST secure manner? (Choose two.) Store the values in AWS Secrets Manager. Update the code to retrieve these values when the application starts. Store the values as environmental variables that the application can use. Store the values in AWS Systems Manager Parameter Store as secret strings. Update the code to retrieve these values when the application starts. Store the values as environmental variables that the application can use. Store the values in an AWS Lambda function. Update the code to invoke the Lambda function when the application starts. Configure the Lambda function to inject the values as environmental variables that the application can use. Store the configuration information in a file on the EC2 instances. Ensure that the underlying drives are encrypted by AWS Key Management Service (AWS KMS). Update the application to read the file when the application starts. Store the values as environmental variables. Store the values in a text file in an Amazon S3 bucket. In the CI/CD pipeline, copy the file to the EC2 instance in an appropriate location on a disk that the application can read. A company has implemented a Kubernetes cluster on Amazon Elastic Kubernetes Service (Amazon ECS) to host a microservices-based application. The company expects application traffic to increase significantly for the next month and wants to prevent the application from crashing because of the high number of requests. Which solution will meet these requirements with the LEAST administrative overhead? Create a second EKS cluster. Load balance the workload between the two clusters. Implement the Kubernetes Horizontal Pod Autoscaler. Set a target CPU utilization percentage. Migrate the application from Amazon EKS to Amazon EC2 for the next month. Migrate the application back to Amazon EKS when the month ends. Implement the Kubernetes Vertical Pod Autoscaler. Set a target CPU utilization percentage. A company has users that deploy Amazon EC2 instances that have more disk performance capacity than is required. A SysOps administrator needs to review all Amazon Elastic Block Store (Amazon EBS) volumes that are associated with the instances and create cost optimization recommendations based on IOPS and throughput. What should the SysOps administrator do to meet these requirements in the MOST operationally efficient way? Use the monitoring graphs in the EC2 console to view metrics for EBS volumes. Review the consumed space against the provisioned space on each volume. Identify any volumes that have low utilization. Stop the EC2 instances from the EC2 console. Change the EC2 instance type for Amazon EBS-optimized. Start the EC2 instances. Opt in to AWS Compute Optimizer. Allow sufficient time for metrics to be gathered. Review the Compute Optimizer findings for EBS volumes. Install the fio tool onto the EC2 instances and create a .cfg file to approximate the required workloads. Use the benchmark results to gauge whether the provisioned EBS volumes are of the most appropriate type. A SysOps administrator manages policies for many AWS member accounts in an AWS Organizations structure. Administrators on other teams have access to the account root user credentials of the member accounts. The SysOps administrator must prevent all teams, including their administrators, from using Amazon DynamoDB. The solution must not affect the ability of the teams to access other AWS services. Which solution will meet these requirements? In all member accounts, configure IAM policies that deny access to all DynamoDB resources for all users, including the root user. Create a service control policy (SCP) in the management account to deny all DynamoDB actions. Apply the SCP to the root of the organization In all member accounts, configure IAM policies that deny AmazonDynamoDBFullAccess to all users, including the root user. Remove the default service control policy (SCP) in the management account. Create a replacement SCP that includes a single statement that denies all DynamoDB actions. A SysOps administrator needs to create an Amazon S3 bucket as a resource in an AWS CloudFormation template. The bucket name must be randomly generated, and the bucket must be encrypted. Other resources in the template will reference the bucket. Which CloudFormation resource definition should the SysOps administrator use to meet these requirements? Bucket: Type: AWS::S3::Bucket Properties: BucketName: "DOC-EXAMPLE-BUCKET" BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 Bucket: Type: AWS::S3::Bucket Properties: BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 Bucket: Type: AWS::S3::Bucket Properties: BucketName: "DOC-EXAMPLE-BUCKET" Bucket: Type: AWS::S3::Bucket Properties:. A company has a large on-premises tape backup solution. The company has started to use AWS Storage Gateway. The company created a Tape Gateway to replace the existing on-premises hardware. The company's backup engineer noticed that some of the backup jobs that were supposed to write to AWS failed to run because of a "Not Enough Space" error. The company does not want these failures to happen again. The company also wants to consistently have enough tape available on AWS. What is the MOST operationally efficient way for a SysOps administrator to meet these requirements? Create an AWS Lambda function that runs on an hourly basis and checks how many tapes have available space. If the available tapes are below a certain threshold, provision more. Install the Amazon CloudWatch agent on the on-premises system. Push the log files to a CloudWatch log group. Create an AWS Lambda function that creates more tapes when the "Not Enough Space" error appears. Create a metric filter and a metric alarm that launches the Lambda function. Create an additional Tape Gateway with its own set of tapes. Configure Amazon Simple Notification Service (Amazon SNS) to send a notification to the backup engineer if the tapes that are associated with the primary Tape Gateway do not have available space. Configure tape auto-create on the Tape Gateway. In the auto-create settings, configure a minimum number of tapes, an appropriate barcode prefix, and a tape pool. A SysOps administrator needs to deploy an application in multiple AWS Regions. The SysOps administrator must implement a solution that routes users to the Region with the lowest latency. In case of failure, the solution must automatically route requests to a Region with a healthy instance of the application. The company needs a solution with the shortest time to failover. Which solution will meet these requirements? Create Amazon Route 53 A records that have the same name for each endpoint. Use a latency routing policy. Associate a health check with each record. Create Amazon Route 53 A records that have the same name for each endpoint. Use a failover routing policy. Associate a health check with each record. Create an AWS Global Accelerator standard accelerator. Create an endpoint group for each Region. Add a listener to the accelerator. Associate the endpoint group with the listener. Create Amazon Route 53 A records that have the same name for each endpoint. Use a geolocation routing policy. Associate a health check with each record. A company's SysOps administrator manages a fleet of hundreds of Amazon EC2 instances that run Windows-based workloads and Linux-based workloads. Each EC2 instance has a tag that identifies its operating system. All the EC2 instances run AWS Systems Manager Session Manager. A zero-day vulnerability is reported, and no patches are available. The company's security team provides code for all the relevant operating systems to reduce the risk of the vulnerability. The SysOps administrator needs to implement the code on the EC2 instances and must provide a report that shows that the code has successfully run on all the instances. What should the SysOps administrator do to meet these requirements as quickly as possible? Use Systems Manager Run Command. Choose either the AWS-RunShellScript document or the AWS-RunPowerShellScript document. Configure Run Command with the code from the security team. Specify the operating system tag in the Targets parameter. Run the command. Provide the command history's evidence to the security team. Create an AWS Lambda function that connects to the EC2 instances through Session Manager. Configure the Lambda function to identify the operating system, run the code from the security team, and return the results to an Amazon RDS DB instance. Query the DB instance for the results. Provide the results as evidence to the security team. Log on to each EC2 instance. Run the code from the security team on each EC2 instance. Copy and paste the results of each run into a single spreadsheet. Provide the spreadsheet as evidence to the security team. Update the launch templates of the EC2 instances to include the code from the security team in the user data. Relaunch the EC2 instances by using the updated launch templates. Retrieve the EC2 instance logs of each instance. Provide the EC2 instance logs as evidence to the security team. A company needs to deploy instances of an application and associated infrastructure to multiple AWS Regions. The company wants to use a single AWS CloudFormation template to achieve this goal. The company uses AWS Organizations and wants to administer and run this template from a central administration account. What should a SysOps administrator do to meet these requirements? Create a CloudFormation template that is stored in Amazon S3. Configure Cross-Region Replication (CRR) on the S3 bucket. Reference the required accounts and remote Regions in the input template parameters. In the central administration account, create a CloudFormation primary template that loads CloudFormation nested stacks from Amazon S3 buckets in the target Regions. Create CloudFormation nested stacks by using a primary template in the central administration account. Configure the required accounts and Regions for deployment of the nested stacks. Create a CloudFormation stack set that includes service-managed permissions. Deploy the stack set into the required accounts and Regions from the central administration account. A company is trying to connect two applications. One application runs in an on-premises data center that has a hostname of host1.onprem private. The other application runs on an Amazon EC2 instance that has a hostname of host1.awscloud private. An AWS Site-to-Site VPN connection is in place between the on-premises network and AWS. The application that runs in the data center tries to connect to the application that runs on the EC2 instance, but DNS resolution fails. A SysOps administrator must implement DNS resolution between on-premises and AWS resources. Which solution allows the on-premises application to resolve the EC2 instance hostname? Set up an Amazon Route 53 inbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the inbound resolver endpoint. Set up an Amazon Route 53 inbound resolver endpoint. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the inbound resolver endpoint. Set up an Amazon Route 53 outbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the AWS Region of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the outbound resolver endpoint. Set up an Amazon Route 53 outbound resolver endpoint. Associate the resolver with the AWS Region of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the outbound resolver endpoint. |
Denunciar Test