TD-Timed Mode Set 2 - AWS Certified SysOps Administrator Associate

A medical technology company has a number of resources hosted in AWS. An upcoming external IT audit will be conducted on the AWS resources to meet the strict security compliance requirements of the company. The SysOps Administrator has been tasked to provide log files for all activities carried out on the existing AWS resources, including all AWS API calls made. Which of the following AWS services should the Administrator use to fulfill this requirement?

AWS CloudTrail

A government agency needs to automate recurring tasks in their finance department such as data synchronization, infrastructure selection, and patch management, which will improve their current processes. The SysOps Administrator needs to use a tool that can coordinate multiple AWS services into serverless workflows. Which of the following options is the most cost-effective service?

AWS Step Functions

A startup plans to deploy hundreds of Raspberry Pi devices on all floors of a government building. All of the single-board devices must have consistent configuration settings and must be managed centrally. Which of the following is the MOST suitable service to use in this scenario?

AWS Systems Manager

A web development company is using a fleet of On-Demand EC2 instances. You are working as their IT Consultant when a critical security vulnerability was discovered on the OS that the company is using. You are instructed to ensure that all EC2 instances are updated with the latest security patches as soon as possible. Which of the following AWS services can you use to fulfill this task?

AWS Systems Manager

A company has an application running on several EC2 instances. The instances are part of an auto-scaling group fronted by an application load balancer. The auto-scaling group is set to perform health checks on both the instances and the load balancer, as well as to terminate unhealthy instances. The company wants to inspect the unhealthy instances before they are terminated. Which option accomplishes this requirement?

Add a lifecycle hook to the auto-scaling group to pause an instance before it's terminated.

A company launched a health and fitness tracker application that is hosted on a fleet of Spot EC2 Instances in a public subnet of Amazon VPC. As part of security monitoring, the IT Operations team noticed that there are several requests coming from this specific IP address: 137.33.105.110, which originates from a country where they do not have any users. The IT Security department has advised that all subsequent traffic from this IP address should be blocked. How can the SysOps Administrator achieve this requirement?

Add an Inbound Rule for the NACL which will deny incoming traffic from 137.33.105.110/32

A SysOps Administrator needs to set up an event notification for all system alerts happening on the RDS instance, which should be sent to the IT Operations team's emails and mobile phones. Which of the following services will help you achieve this requirement?

Amazon SNS

A startup hosted a photo editing application on a large On-Demand EC2 instance. The application allows users to add effects and filters to their photos which are then stored as a media file in an S3 bucket. Which of the following services will help them build a scalable and decoupled architecture in AWS for this application?

Amazon SQS

A merchandising company utilizes Amazon Elasticache for Redis to boost the performance of its inventory management application. The Elasticache for Redis cluster includes two extra-large nodes distributed across two Availability Zones. The company's SysOps team monitored the metrics for the cluster and found that it still has 80% freeable memory. What is the MOST cost-effective approach to resize the cluster while maintaining high availability for the application?

Change the node types from extra-large to large by performing an online resizing on the ElastiCache for Redis cluster.

A technology company is planning to use an Auto Scaling group of On-Demand EC2 Instances that would be used to host a suite of web-based applications written in ReactJS and NodeJS. These applications would be running 24/7 throughout the year and as the Systems Administrator, you are responsible in ensuring that the architecture is both elastic and cost-effective. The instance type would need to be upgraded during the year depending on the usage of the application. Which of the following is the most suitable instance purchasing option to use?

Convertible Reserved Instances

A test site runs on a group of Amazon EC2 instances in us-east1 on a VPC. The application needs to have an incoming and outgoing connection to the internet. Which steps should a SysOps administrator perform to provide internet connectivity to the EC2 instances in the us-east1 region? (Select TWO.)

Create a route entry on the VPC's routing table for the subnet that points to the internet gateway Create an Internet Gateway and attach it to the VPC in us-east1

A SysOps Administrator needs to secure an Amazon RDS MySQL database instance which is being used by an Auto Scaling group of On-Demand EC2 instances in a VPC. The Administrator also has to make sure that the database traffic is encrypted to meet the security compliance requirements. Which of the following should you do to ensure maximum security for the database and its connections? (Select TWO.)

Create a security group for the servers and another security group for the RDS MySQL database. Configure to only allow inbound traffic from the security group of the EC2 instances to the security group of the database. Create a snapshot of the running MySQL instance and start a new encrypted MySQL instance from the encrypted copy of the snapshot.

An application is deployed in AWS by creating a CloudFormation stack. A junior engineer accidentally updated production resources during a stack change set execution, causing significant downtime. This issue prompted the DevOps team to modify the deployment process. The SysOps administrator still wants to allow the team to deploy changes to the infrastructure. Still, he needs to ensure that he can prevent accidental changes on specific production resources. What should the SysOps administrator perform to achieve the requirement?

Define a stack policy that explicitly allows updates on all resources but denies Update:* actions on protected resources. Set the newly created stack policy on the existing CloudFormation stack for the production environment

A tech lead plans to deploy a highly available web application on 12 Amazon EC2 instances. She is required to deploy each of the instances on distinct underlying hardware. What solution should the tech lead implement to meet the requirements?

Deploy the instances in a single region and place them into a spread placement group.

A tech lead plans to deploy a highly available web application on 12 Amazon EC2 instances. She is required to deploy each of the instances on distinct underlying hardware. What solution should the tech lead implement to meet the requirements?

Deploy the instances in a single region and place them into a spread placement group.

A SysOps Administrator needs to design a highly available and scalable cloud architecture for the company's latest AI-based data analytics. To be able to meet the requirements, the manager advised the Administrator to leverage the available services in AWS to scale their compute and storage resources. Which of the following processes are covered by AWS Auto Scaling?

Dynamically adjust the number of Amazon Aurora Read Replicas provisioned for an Aurora DB cluster to handle sudden increases in active connections or workload

A Junior DevOps Engineer needs to monitor an ELB for one of the web applications and asked you where to find the information such as the client's IP address, latencies, request paths, and server responses. Which of the following options would you recommend to get the above information?

ELB Access Logs

company has an application that is hosted on a fleet of EC2 instances with an Application Load Balancer that evenly distributes the incoming traffic. There once was an incident where a Junior DevOps Engineer accidentally made changes in the ALB in production that brought the whole application down. These situations should not happen again and hence, you have to monitor any activity or changes made to your AWS resources. Which of the following services does not help you capture the monitoring information about the ELB activity?

ELB health checks

A former colleague reached out to you for consultation. He uploads a Django project in Elastic Beanstalk through CLI using instructions he read in a blog post, but for some reason he could not create the environment he needs for his project. He encounters an error message saying "The instance profile aws-elasticbeanstalk-ec2-role associated with the environment does not exist." What are the possible causes of this issue? (SELECT TWO.)

Elastic Beanstalk CLI did not create one because your IAM role has no permission to create roles. IAM role already exists but has insufficient permissions that Elastic Beanstalk needs.

A leading bank has a web application that is heavily using the RDS instance for its database tier. The SysOps Administrator is instructed to monitor how the different processes or threads on a DB instance use the CPU such as the percentage of the CPU bandwidth and total memory consumed by each process. Which of the following is the most suitable solution to properly monitor the database?

Enable Enhanced Monitoring in RDS

A software development company allows its 75 developers to create and manage resources using a Developer AWS Account. The finance team notices a significant spending increase in the account. The SysOps Administrator is assigned to collect information about the service costs of each developer to optimize costs. How can the SysOps Administrator achieve this requirement? (Select TWO.)

Enable the createdBy tag in the Billing and Management console. Use Cost Explorer to gain insight into the resources created by developers.

An Augmented Reality (AR) gaming company currently has three VPC's in the us-east-1 region namely: VPC Alpha, VPC Bravo, and VPC Charlie. You are instructed to ensure that all Reserved EC2 instances in all VPC's can communicate with each other. Which of the following options should you implement to satisfy the given requirement? (Select TWO.)

Ensure that the three VPCs do not have matching or overlapping IPv4 CIDR blocks Set up a VPC Peering with a 'full mesh' configuration for all three VPCs.

A data analytics company is heavily using AWS and has two VPCs in their account: VPC-A (10.10.0.0/16) and VPC-B (192.168.0.0/16). As their Systems Administrator, you established a VPC peering connection between the two VPCs which has an ID of pcx-tutsd0j0. Which of the following route entries need to be added to the route tables to ensure that traffic can flow across the VPCs? (Select TWO.)

In VPC-B - Destination: 10.10.0.0/16 and Target: pcx-tutsd0j0 In VPC-A - Destination: 192.168.0.0/16 and Target: pcx-tutsd0j0

A startup recently launched a web application that uses Amazon ElastiCache for Memcached to store session state. A SysOps Administrator has been tasked to monitor the ElastiCache performance in Amazon CloudWatch. After checking the cache metric data, the Administrator noticed that the number of evictions in the cluster is increasing. Which of the following options should the Administrator do to improve the performance of the cluster? (Select TWO.)

Increase the number of nodes in your cluster Change the node size of your cluster

A leading US-based 24/7 online news network is planning to expand its reach and launch its paid news subscription in Europe, Asia and Oceania regions. You are instructed to implement multi-region AWS deployments for all their cloud infrastructure where their online platform is hosted. In this scenario, which Amazon Route 53 feature would minimize response time of their platform for its subscribers?

Latency-based routing

A leading financial firm is planning to host their new online accounting application in AWS which should support IPv6 address. As their SysOps Administrator, you set up a virtual private cloud (VPC) with a single public subnet and an Internet gateway to enable communication over the Internet. Which of these options is not needed to satisfy the given requirement?

Launch an egress-only Internet gateway

A large accounting firm has a web application that consists of an Application Load Balancer and an Auto Scaling Group of EC2 Instances running Linux and Apache HTTP servers. For its database tier, they also have a running RDS instance to host the MySQL database. Which security measures fall within AWS responsibilities?

Protect against network packet sniffing

An image hosting company sets up an infrastructure in the us-east-2 region where EC2 instances store and request photos from an S3 bucket. The senior SysOps administrator is required to restrict access to the S3 bucket to Amazon EC2 instances in a single VPC to secure the infrastructure. He also needs to ensure that all network traffic flows over the AWS private network only. What solution should the SysOps administrator implement to achieve the requirement

Provision a VPC endpoint to allow your EC2 instances and S3 bucket to communicate. Configure the S3 bucket's policy to conditionally limit all S3 actions on the bucket if the request is coming from the IP address of the VPC endpoint.

An image hosting company sets up an infrastructure in the us-east-2 region where EC2 instances store and request photos from an S3 bucket. The senior SysOps administrator is required to restrict access to the S3 bucket to Amazon EC2 instances in a single VPC to secure the infrastructure. He also needs to ensure that all network traffic flows over the AWS private network only. What solution should the SysOps administrator implement to achieve the requirement?

Provision a VPC endpoint to allow your EC2 instances and S3 bucket to communicate. Configure the S3 bucket's policy to conditionally limit all S3 actions on the bucket if the request is coming from the IP address of the VPC endpoint.

A tech startup company plans to develop a mobile application that sends and fetches data to a DynamoDB table. The app is using the DynamoDB SDK and root account access keys to connect to DynamoDB. Which of the following is the best option to improve the security of this architecture?

Provision an IAM role with web identity federation that validates calls to DynamoDB using a well-known third party identity provider such as Login with Amazon, Facebook, Google, or any OpenID Connect (OIDC) 2.0 compatible provider.

A technology consulting company launched an RDS-MySQL Instance that will host a heavily used relational database. Manual snapshots of the database are done on schedule when the company conducts its disaster recovery activities. To meet the strict compliance requirement, the SysOps Administrator needs to ensure that there are no outages when a snapshot is being created for the database. Which of the following options is the best way to accomplish this?

Re-design the RDS instance to use Multi-AZ deployments configuration.

A company has an online stock exchange application with a daily batch job that aggregates all intraday data and stores the result to an existing Amazon EFS. Currently, the batch processing is handled by several On-Demand EC2 instances and takes less than 3 hours to complete to generate a report that will only be used internally in the company. The batch job can be easily and safely re-run in the event that there is a problem in the processing since the data being processed are not mission-critical. To further reduce its operating costs, the company is looking for ways to optimize its current architecture. As the SysOps Administrator, which is the MOST cost-effective and secure solution that you should implement?

Request for a Spot Fleet to process the batch execution. Create a new EFS file system with encryption at rest enabled then copy all data from the current file system. After the data is copied over, delete the unencrypted file system. Use the new EFS file system when storing the results processed by the Spot instances.

A shoe company provisioned an Amazon Aurora database cluster with MySQL support. In addition, backtracking, point-in-time recovery, and automatic backup are enabled for the database cluster. However, a developer mistakenly performed a DELETE query without a WHERE clause on the database. The SysOps administrator needs to roll back the database cluster to a specific point in time within the last 72 hours and ensure that the database restore procedure will be done on the same DB instance and not by creating a new one. What should the SysOps administrator do to restore the database?

Rewind the Aurora database cluster to the desired recovery point by using backtracking.

A SysOps Administrator is managing a web application that uses Amazon ElastiCache for Memcached to cache frequently accessed data. The customers have been complaining about the system performance for the past 3 months. The Administrator monitors the metrics of each service using Amazon CloudWatch. Upon checking, the metrics of the EC2 instances of the web tier are normal but the eviction count has exceeded its threshold. What should the Administrator do to rectify this issue?

Scale the cluster by increasing the number of nodes.

An IT Consulting company has three separate AWS accounts in different regions with one VPC on each account. The manager instructed you to connect the three VPCs to each other and reminded you that these VPCs have no overlapping IPv4 or IPv6 CIDR blocks. Which of the following is the most cost-effective connectivity option for this scenario?

Set up a VPC peering connection between the 3 VPCs.

A startup has a limited budget to spend on AWS services each month. If the SysOps Administrator overspends it, the following month's budget will be deducted to cover the additional expenses. What should the Administrator do to keep the costs in check?

Set up a billing alarm in AWS CloudWatch

A SysOps Administrator needs to set up a PostgreSQL database server that runs on a Reserved EC2 instance which will be used by various internal applications within a VPC. To simplify the naming convention of the database server, the Administrator is planning to allocate a custom domain name for the database. Which of the following should the Administrator do to complete this task?

Set up a private hosted zone in Route 53. Create an A or AAAA record, such as db.tutorialsdojo.com, and specify the IP address of the database server.

A leading insurance firm has a VPC in the US East (N. Virginia) region for their head office in New York and another VPC in the US West (N. California) for their regional office in California. There is a requirement to establish a low latency, high-bandwidth connection between their on-premises data center in Chicago and both of their VPCs in AWS. As the SysOps Administrator of the firm, how could you implement this in a cost-effective manner?

Set up an AWS Direct Connect connection to the on-premises data center. Launch a new AWS Direct Connect Gateway with a virtual private gateway and connect the VPCs from US East and US West regions. Integrate the Direct Connect connection to the Direct Connect Gateway.

A company is heavily using AWS CloudFormation templates to automate the deployment of their cloud resources. The SysOps Administrator needs to write a template that will automatically copy objects from an existing S3 bucket into the new one. Which of the following is the most suitable configuration for this scenario?

Set up an AWS Lambda function and configure it to perform the copy operation. Integrate the Lambda function to the CloudFormation template as a custom resource

A multinational financial firm is planning to deploy and test their prototype batch processing system on a set of EC2 instances in AWS. The system will process sample financial data for 6 hours once a week in a span of 8 months for testing. The prototype system doesn't handle any live data and is capable of reprocessing the sample data in the event of server outages. Which of the following would be the most cost-effective instance purchasing option to use in hosting the system?

Spot Instances

A company hosted a real estate listing website on 4 On-Demand EC2 instances with an Application Load Balancer in front that evenly distributes the incoming traffic and a MySQL RDS instance. Due to the recent TV and social media advertisements, the average response time for the website visitors has significantly increased as well as the CPU Usage of the EC2 instances. Upon further checking, the SysOps Administrator noticed that the CPU Usage of the EC2 instances is hitting 90% at peak times while the CPU Usage for the database is at 20%, with average database operations of 3000. Which two options could improve response times? (Select TWO.)

Switch to a different EC2 instance type that has a greater CPU/memory ratio. Configure an Auto Scaling group for the EC2 instances based on a CPU load threshold.

A SysOps Administrator needs to implement a highly available and scalable cloud architecture in AWS for the new online remittance system of the organization. The Administrator set up an Application Load Balancer and launched an Auto Scaling group of Spot EC2 instances on their UAT VPC. The QA team conducted performance testing on the new system and found out a defect in the application server. The Administrator wants to investigate the problem and make the necessary changes without invoking the scaling down processes, which is why the Administrator temporarily suspended the Terminate scaling process. What will be its effect on the Auto Scaling group's Availability Zone rebalancing process (AZRebalance) during this period?

The Auto Scaling group can grow up to ten percent larger than its maximum size.

A SysOps Administrator launched an EBS-backed On-Demand EC2 Instance to host a web application. However, the instance always terminates after going into the pending state. Which of the following could be the cause of this issue? (Select TWO.)

The EBS volume limit has been reached The root EBS volume is encrypted and you do not have permission to access the KMS key for decryption

A Senior Systems Administrator has recently launched an Auto Scaling group of Spot EC2 instances with an Application Load Balancer. To properly monitor all of the web applications in your VPC, your manager wants to enable the Detailed Monitoring feature in CloudWatch. This will allow the Administrator to monitor the CPUUtilization, DiskReadBytes, NetworkIn and other metrics of the instances. Which of the following statements is true about this feature?

The EC2 instances of the Auto Scaling group will send CloudWatch data metrics every minute with an additional charge.

A company has two On-Demand EC2 instances in a custom VPC that are launched in two separate subnets named Tango and Delta respectively. The SysOps Administrator logged into the first instance and was able to reach the HTTP port on the other instance. However, when the Administrator attempted to ping the second instance, it did not respond. What are the two possible causes of this issue? (Select TWO.)

The second instance's security group does not allow inbound ICMP traffic The NACL on subnet Delta does not allow outbound ICMP traffic

An international IT Consulting company is planning on setting up multiple accounts in AWS to separate their various departments and projects teams. For security purposes, the IT Security department has a requirement to ensure that certain services and actions are not allowed across all the accounts. How would you achieve this in the most effective way?

Use AWS Organizations and Service Control Policies to control services on each account

An electronics manufacturing company has recently decided to adopt a hybrid cloud infrastructure that will store their backup data from their on-premises data center to AWS. You are instructed to upload their archive files with a total size of 70 TB to Amazon Glacier. Using the AWS CLI, you uploaded a file named tutorialsdojo.zip to Glacier and received a response shown below. However, you noticed that you cannot assign a custom key name, such as tutorialsdojo.zip, to the archives that you upload. {"archiveId": "kKB7ymWJVpPSwhGP6ycSOAekp9ZYe_--zM_mw6k76ZFGEIWQX-ybtRDvc2VkPSDtfKmQrj0IRQLSGsNuDp-AJVlu2ccmDSyDUmZwKbwbpAdGATGDiB3hHO0bjbGehXTcApVud_wyDw","checksum": "969fb39823836d81f0cc028195fcdbcbbe76cdde932d4646fa7de5f21e18aa67","location": "/0123456789012/vaults/my-vault/archives/kKB7ymWJVpPSwhGP6ycSOAekp9ZYe_--zM_mw6k76ZFGEIWQX-ybtRDvc2VkPSDtfKmQrj0IRQLSGsNuDp-AJVlu2ccmDSyDUmZwKbwbpAdGATGDiB3hHO0bjbGehXTcApVud_wyDw"} Which of the following options can ensure that you can have the same file in Glacier in the most cost-effective way? (Select TWO.)

Use AWS Snowball Edge to upload the archive files to Glacier by using the S3 lifecycle policy Upload the archive files in Amazon S3 Infrequent Access. Set up a lifecycle policy to move the archives to Glacier

An electronics manufacturing company has recently decided to adopt a hybrid cloud infrastructure that will store their backup data from their on-premises data center to AWS. You are instructed to upload their archive files with a total size of 70 TB to Amazon Glacier. Using the AWS CLI, you uploaded a file named tutorialsdojo.zip to Glacier and received a response shown below. However, you noticed that you cannot assign a custom key name, such as tutorialsdojo.zip, to the archives that you upload.{"archiveId": "kKB7ymWJVpPSwhGP6ycSOAekp9ZYe_--zM_mw6k76ZFGEIWQX-ybtRDvc2VkPSDtfKmQrj0IRQLSGsNuDp-AJVlu2ccmDSyDUmZwKbwbpAdGATGDiB3hHO0bjbGehXTcApVud_wyDw","checksum": "969fb39823836d81f0cc028195fcdbcbbe76cdde932d4646fa7de5f21e18aa67","location": "/0123456789012/vaults/my-vault/archives/kKB7ymWJVpPSwhGP6ycSOAekp9ZYe_--zM_mw6k76ZFGEIWQX-ybtRDvc2VkPSDtfKmQrj0IRQLSGsNuDp-AJVlu2ccmDSyDUmZwKbwbpAdGATGDiB3hHO0bjbGehXTcApVud_wyDw"}

Use AWS Snowball Edge to upload the archive files to Glacier by using the S3 lifecycle policy. Upload the archive files in Amazon S3 Infrequent Access. Set up a lifecycle policy to move the archives to Glacier.

A document management system that is hosted in AWS uses an S3 bucket to store its data. Due to a recent cyberattack, the IT Security department mandated that all objects must be encrypted at rest. Which of the following is a valid option to use to fulfill this requirement? (Select TWO.)

Use AWS server-side encryption for the S3 bucket with AWS Managed Keys Use AWS server-side encryption for the S3 bucket with Customer-Provided Keys

A crowdfunding company has hired you for consultation services. They have set up many crowdfunding projects on their website using Lambda, CloudFront, and S3, and they have asked you to evaluate them. They want to add new features, such as logging statistical data on how much their website is being accessed, how successful their crowdfunding projects are, and a way to check if people within their company are maliciously modifying website content. Which of the following will you recommend to address these requests in a cost-effective way? (Select TWO.)

Use CloudTrail to log all activity within the AWS account Use CloudFront monitoring and usage reporting features to analyze access data and viewer data

A SysOps Administrator needs to produce regular reports and statistics on EC2 resource consumption across different regions. In an upcoming meeting, the Administrator is asked to present these findings to the CTO and Data Analytics team. Aggregating these statistics would detail a lot of information on resource consumption with ease. What is the procedure for viewing aggregation statistics in CloudWatch?

Use CloudWatch Metric Math to query metrics and apply mathematical operations on these metrics.

A global news website is deployed in AWS which uses an Application Load Balancer, an Auto Scaling group of On-Demand EC2 instances, and an RDS MySQL Database. Lately, there are a lot of readers that are complaining about the slow loading of the articles in the website. As the Systems Administrator of the company, you analyzed the current architecture and you found that there is a high number of read operations in the database which affects the website's performance. Which of the following options would you consider to resolve the issue in a cost-effective manner?

Use Read Replicas

A company plans to develop a solution to enforce the tagging of all EC2 instances that will be launched in the VPC including all of the EBS volumes that are attached in the instances. This is to allow administrators to easily manage tags on provisioned products with a consistent taxonomy. With this strategy, the company will be able to centrally manage commonly deployed IT services, helping them to achieve consistent governance and meet compliance requirements. Which of the following is the most suitable solution that they should implement to meet this requirement?

Use the AWS Service Catalog TagOption Library

A commercial bank plans to use AWS to host its application. The SysOps Administrator is instructed to create a CloudFormation template that will launch a large On-Demand EC2 Instance and install the 3rd-party application package. Once the instance has been launched and the application installed successfully, it should signal AWS CloudFormation that the process is complete. Conversely, it should also signal AWS CloudFormation if the installation fails. Which of the following options should the Administrator use to achieve this requirement?

Use the cfn-signal and cfn-init helper scripts

A finance organization is running an application on its on-premises data center but needs to use AWS for backing up its data. The manager requires that the backup data is made available locally to comply with regulatory requirements. The backup software can only write to block-based storage compatible with Portable Operating System Interface (POSIX). Which backup solution will help the SysOps admin meet the requirements?

Utilize AWS Storage Gateway and configure it to operate using stored volumes.

A SysOps Administrator is using AWS CloudFormation to provision the required resources and access policies across multiple AWS accounts. The Administrator received a request from one of the development teams to be able to create, overwrite, and delete any object in an S3 bucket as well as to write additional ACL for the applicable bucket. Which bucket ACL permission should the Administrator grant?

WRITE and WRITE_ACP

A global technology company has thousands of employees around the globe that are using Amazon VPC Cloud. As part of the company's security compliance, IT auditors have requested a Credential report which contains a list of AWS users that contains their current status, their access key usage, and if they are using Multi-Factor Authentication (MFA) or not. How can the SysOps Administrator generate the report required by the auditors?

You can go to AWS IAM Console and download the Credential report

A company needs to ensure the safety of its employees by measuring the temperature of their facility every 5 minutes using smart sensors. They want to send the custom data metrics of their application to CloudWatch to view the data graphs visually. Which of the below statements is true regarding the scenario above?

You can use AWS CLI or API to upload the data metrics to CloudWatch

A popular online graphic design tool startup uses a standard S3 bucket that has versioning enabled to store the user-generated images on its platform. They have millions of users around the globe that store their logos, graphics, infographics, and other designs on their platform. Lately, there are a lot of users complaining that they receive a lot of HTTP 503 responses on the platform. Which of the following options could be the reason why this issue exists?

You might have one or more objects in the bucket for which there are millions of versions.

A company plans to set up a bucket ACL in Amazon S3 to allow users to list all the objects in the tutorialsdojo bucket and retrieve them. The SysOps Administrator prepared the below policy using the AWS Policy Generator. What will happen if the Administrator applies this bucket policy in S3? { "Id": "TutorialsDojo.com S3 Policy", "Version": "2012-10-17","Statement": [{"Sid": "TutsDojo_S3_GetObject_and_ListBucket_Policy"," Action": ["s3:GetObject","s3:ListBucket"],"Effect": " Allow","Resource": "arn:aws:s3:::tutorialsdojo","Principal": "*"}]}

You will be prompted with an "Action does not apply to any resource(s) in statement" error.

A company wants to track and review the usage of its resources due to an exorbitant AWS bill that they received recently. The SysOps Administrator needs to view the costs for the current month as well as the last three months. She also needs to be able to forecast expenses for the current billing period. Which of the following AWS Cost Management tools should the Administrator use?

Cost Explorer

A SysOps Administrator launched 3 On-Demand EC2 instances that have an ELB and a DynamoDB attached to run an online game. The Administrator brought in 15 people for the beta testing and tells everyone to first visit the login screen before starting. However, some of them cannot connect to the game while others are having no problem connecting at all. What should the Administrator do to determine the cause of the problem?

Create VPC Flow Logs to check if traffic is reaching all of your instances in CloudWatch

A company has an upcoming IT security audit and your manager instructed you to encrypt all objects being uploaded to their S3 bucket. You decided to implement server-side encryption by supplying your own encryption key. Which of the following request headers is not valid when using server-side encryption with customer-provided encryption keys?

x-amz-server-side-encryption

A facial recognition system is using an Auto Scaling group of On-Demand EC2 instances. It has one specific instance which is causing an error and must be terminated immediately. Using the AWS CLI, how can you terminate an instance from the specified Auto Scaling group without updating the size of the group?

terminate-instance-in-auto-scaling-group --instance-id --no-should-decrement-desired-capacity