A SysOps Administrator is trying to set up an Amazon Route 53 domain name to route traffic to a website hosted on Amazon S3. The domain name of the website is www.anycompany.com and the S3 bucket name is anycompany-static. After the record set is set up in Route 53, the domain name www.anycompany.com does not seem to work, and the static website is not displayed in the browser.
Which of the following is a cause of this?

A. The S3 bucket must be configured with Amazon CloudFront first
B. The Route 53 record set must have an IAM role that allows access to the S3 bucket
C. The Route 53 record set must be in the same region as the S3 bucket
D. The S3 bucket name must match the record set name in Route 53

A company issued SSL certificates to its users, and needs to ensure the private keys that are used to sign the certificates are encrypted. The company needs to be able to store the private keys and perform cryptographic signing operations in a secure environment.
Which service should be used to meet these requirements?

A. AWS CloudHSM
B. AWS KMS
C. AWS Certificate Manager
D. Amazon Connect

A SysOps Administrator observes a large number of rogue HTTP requests on an Application Load Balancer (ALB). The requests originate from various IP addresses.
Which action should be taken to block this traffic?

A. Use Amazon CloudFront to cache the traffic and block access to the web servers
B. Use Amazon GuardDuty to protect the web servers from bots and scrapers
C. Use AWS Lambda to analyze the web server logs, detect bot traffic, and block the IP address in the security groups
D. Use AWS WAF rate-based blacklisting to block this traffic when it exceeds a defined threshold

A company is using AWS Storage Gateway to create block storage volumes and mount them as Internet Small Computer Systems Interface (iSCSI) devices from on-premises servers. As the Storage Gateway has taken on several new projects, some of the Development teams report that the performance of the iSCSI drives has degraded. When checking the Amazon CloudWatch metrics, a SysOps Administrator notices that the CacheHitPercent metric is below 60% and the CachePercentUsed metric is above 90%.
What steps should the Administrator take to increase Storage Gateway performance?

A. Change the default block size for the Storage Gateway from 64 KB to 128 KB, 256 KB, or 512 KB to improve I/O performance.
B. Create a larger disk for the cached volume. In the AWS Management Console, edit the local disks, then select the new disk as the cached volume.
C. Ensure that the physical disks for the Storage Gateway are in a RAID 1 configuration to allow higher throughput.
D. Take point-in-time snapshots of all the volumes in Storage Gateway, flush the cache completely, then restore the volumes from the clean snapshots.

A Development team is designing an application that processes sensitive information within a hybrid deployment. The team needs to ensure the application data is protected both in transit and at rest.
Which combination of actions should be taken to accomplish this? (Choose two.)

A. Use a VPN to set up a tunnel between the on-premises data center and the AWS resources
B. Use AWS Certificate Manager to create TLS/SSL certificates
C. Use AWS CloudHSM to encrypt the data
D. Use AWS KMS to create TLS/SSL certificates
E. Use AWS KMS to manage the encryption keys used for data encryption

A Development team recently deployed a new version of a web application to production. After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data.
Which AWS service will mitigate this issue?

A. AWS Shield Standard
B. AWS WAF
C. Elastic Load Balancing
D. Amazon Cognito

A security researcher has published a new Common Vulnerabilities and Exposures (CVE) report that impacts a popular operating system. A SysOps Administrator is concerned with the new CVE report and wants to patch the company’s systems immediately. The administrator contacts AWS Support and requests the patch be applied to all Amazon EC2 instances.
How will AWS respond to this request?

A. AWS will apply the patch during the next maintenance window, and will provide the Administrator with a report of all patched EC2 instances.
B. AWS will relaunch the EC2 instances with the latest version of the Amazon Machine Image (AMI), and will provide the Administrator with a report of all patched EC2 instances.
C. AWS will research the vulnerability to see if the Administrator’s operating system is impacted, and will patch the EC2 instances that are affected.
D. AWS will review the shared responsibility model with the Administrator and advise them regarding how to patch the EC2 instances.

A company has deployed a NAT instance to allow web servers to obtain software updates from the internet. There is high latency on the NAT instance as the network grows. A SysOps Administrator needs to reduce latency on the instance in a manner that is efficient, cost-effective, and allows for scaling with future demand.
Which action should be taken to accomplish this?

A. Add a second NAT instance and place both instances behind a load balancer
B. Convert the NAT instance to a larger instance size
C. Replace the NAT instance with a NAT gateway
D. Replace the NAT instance with a virtual private gateway

A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an ELB Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.
Which condition should be used with the alarm?

A. AWS/ApplicationELB HealthyHostCount <= 0
B. AWS/ApplicationELB UnhealthyHostCount >= 1
C. AWS/EC2 StatusCheckFailed <= 0
D. AWS/EC2 StatusCheckFailed >= 1

An enterprise is using federated Security Assertion Markup Language (SAML) to access the AWS Management Console.
How should the SAML assertion mapping be configured?

A. Map the group attribute to an AWS group. The AWS group is assigned IAM policies that govern access to AWS resources.
B. Map the policy attribute to IAM policies the federated user is assigned to. These policies govern access to AWS resources.
C. Map the role attribute to an AWS role. The AWS role is assigned IAM policies that govern access to AWS resources.
D. Map the user attribute to an AWS user. The AWS user is assigned specific IAM policies that govern access to AWS resources.