Free AWS-SysOps Exam Dumps

Question 66

- (Exam Topic 1)
A company must ensure that any objects uploaded to an S3 bucket are encrypted. Which of the following actions will meet this requirement? (Choose two.)

A. Implement AWS Shield to protect against unencrypted objects stored in S3 buckets.
B. Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket.
C. Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.
D. Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.
E. Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.

Correct Answer:CE
https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-bucket-encryption.html
You can set the default encryption behavior on an Amazon S3 bucket so that all objects are encrypted when they are stored in the bucket. The objects are encrypted using server-side encryption with either Amazon S3-managed keys (SSE-S3) or AWS Key Management Service (AWS KMS) customer master keys (CMKs).
https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/ How to Prevent Uploads of Unencrypted Objects to Amazon S3#
By using an S3 bucket policy, you can enforce the encryption requirement when users upload objects, instead of assigning a restrictive IAM policy to all users.

Question 67

- (Exam Topic 1)
A company has a new requirement stating that all resources In AWS must be tagged according to a set policy. Which AWS service should be used to enforce and continually Identify all resources that are not in compliance with the policy?

A. AWS CloudTrail
B. Amazon Inspector
C. AWS Config
D. AWS Systems Manager

Correct Answer:C

Question 68

- (Exam Topic 1)
A SysOps administrator creates an AWS CloudFormation template to define an application stack that can be deployed in multiple AWS Regions.
The SysOps administrator also creates an Amazon CloudWatch dashboard by using the AWS Management Console. Each deployment of the application requires its own CloudWatch dashboard.
How can the SysOps administrator automate the creation of the CloudWatch dashboard each time the application is deployed?

A. Create a script by using the AWS CLI to run the aws cloudformation put-dashboard command with the name of the dashboar
B. Run the command each time a new CloudFormation stack is created.
C. Export the existing CloudWatch dashboard as JSO
D. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resourc
E. Include the exported JSON in the resource's DashboardBody property.
F. Update the CloudFormation template to define an resourc
G. Use the intrinsic Ref function to reference the ID of the existing CloudWatch dashboard.
H. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resourc
I. Specify the name of the existingdashboard in the DashboardName property.

Correct Answer:B
You can only use the Intrinsic Ref function to reference a resource that is being created at the same time as the current CloudFormation template. The question states that the CloudWatch dashboard was previously created using the AWS Management Console, so there is no ID to reference the existing CloudWatch dashboard in the CloudFormation template. You would need to export the existing CloudWatch dashboard as JSON, then use the DashboardBody property in the CloudFormation template to replicate it upon each deployment
(https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/CloudWatch-Dashboard-Body-Structu

Question 69

- (Exam Topic 1)
A SysOps administrator is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company. All data must be encrypted at rest.
How should the administrator implement this process?

A. Write a script to download the encrypted snapshot, decrypt it using the AWS KMS encryption key usedto encrypt the snapshot, then create a new volume in each account.
B. Update the key policy to grant permission to the AWS KMS encryption key used to encrypt the snapshot with all relevant accounts, then share the snapshot with those accounts.
C. Create an Amazon EC2 instance based on the snapshot, then save the instance's Amazon EBS volume as a snapshot and share it with the other account
D. Require each account owner to create a new volume from that snapshot and encrypt it.
E. Create a new unencrypted RDS instance from the encrypted snapshot, connect to the instance using SSH/RD
F. export the database contents into a file, then share this file with the other accounts.

Correct Answer:B

Question 70

- (Exam Topic 1)
A SysOps administrator needs to develop a solution that provides email notification and inserts a record into a database every time a file is put into an Amazon S3 bucket.
What is the MOST operationally efficient solution that meets these requirements?

A. Set up an S3 event notification that targets an Amazon Simple Notification Service (Amazon SNS) topic Create two subscriptions for the SNS topic Use one subscription to send the email notification Use the other subscription to invoke an AWS Lambda function that inserts the record into the database
B. Set up an Amazon CloudWatch alarm that enters ALARM state whenever an object is created in the S3 bucket Configure the alarm to invoke an AWS Lambda (unction that sends the email notification and inserts the record into the database
C. Create an AWS Lambda function to send the email notification and insert the record into the database whenever a new object is detected in the S3 bucket invoke the function every minute with an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule.
D. Set up two S3 event notifications Target a separate AWS Lambda function with each notification Configure one function to send the email notification Configure the other function to insert the record into the database

Correct Answer:C