Solution:
Does this meet the goal?
Correct Answer:A
An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General Purpose SSD volumes, an Amazon RDS PostgreSQL database, an Amazon EFS file system, and static objects stored in an Amazon S3 bucket. The Security team now mandates that at-rest encryption be turned on immediately for all aspects of the application, without creating new resources and without any downtime.
To satisfy the requirements, which one of these services can the SysOps administrator enable at-rest encryption on?
Correct Answer:B
A company uses AWS Organizations to manage multiple AWS accounts with consolidated billing enabled. Organization member account owners want the benefits of Reserved Instances (RIs) but do not want to share RIs with other accounts. Which solution will meet these requirements?
Correct Answer:B
A company wants to automate the process of patching managed instances and applying patches for
operating systems and applications.
Which service should a SysOps administrator use to meet this requirement?
Correct Answer:A
AWS Systems Manager Patch Manager is the correct answer. AWS Systems Manager Patch Manager
automates the process of patching managed instances with both security-related and other types of
updates. You can use Patch Manager to apply patches for both operating systems and applications.
(On Windows Server, application support is limited to updates for Microsoft applications.) You can use
Patch Manager to install Service Packs on Windows instances and perform minor version upgrades on
Linux instances.
Patch Manager uses patch baselines, which include rules for auto-approving patches within days of
their release, as well as a list of approved and rejected patches. You can install patches on a regular
basis by scheduling patching to run as a Systems Manager maintenance window task. You can also
install patches individually or to large groups of instances by using Amazon EC2 tags.
The rest answers are fictitious AWS services.
A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network. What actions should the SysOps administrator take to meet these requirements?
Correct Answer:B