A company recently migrated from a third-party security application to Amazon Inspector. A sysops administrator discovered that a list of security findings is missing for some Amazon EC2 instances.
Which action will resolve this problem?

A. Generate the missing security findings list manually by logging in to the affected EC2 instances and running CLI commands.
B. Log in to the affected EC2 instances. Download and install the Amazon Inspector agent from AWS Marketplace on each instance.
C. Use a network reachability package to analyze network configurations to find security vulnerabilities on the affected EC2 instances.
D. Verify that the Amazon Inspector agent is installed and running on the affected instances. Restart the Amazon Inspector agent.

A security audit revealed that the security groups in a VPC have ports 22 and 3389 open to all, introducing a possible threat that instances can be stopped or configurations can be modified. A sysops administrator needs to automate remediation.
What should the sysops administrator do to meet these requirements?

A. Create an IAM managed policy to deny access to ports 22 and 3389 on any security groups in a VPC.
B. Define an AWS Config rule and remediation action with AWS Systems Manager automation documents.
C. Enable AWS Trusted Advisor to remediate public port access.
D. Use AWS Systems Manager configuration compliance to remediate public port access.

A sysops administrator set up an Amazon ElastiCache for Memcached cluster for an application. During testing, the application experiences increased latency. Amazon CloudWatch metrics for the Memcached cluster show CPUUtilization is consistently above 95% and FreeableMemory is consistently under 1 MB.
Which action will solve the problem?

A. Configure ElastiCache automatic scaling for the Memcached cluster. Set the CPUUtilization metrics as a scaling trigger above 75% and FreeableMemory below 10 MB.
B. Configure ElastiCache read replicas for each Memcached node in different Availability Zones to distribute the workload.
C. Deploy an Application Load Balancer to distribute the workload to Memcached cluster nodes.
D. Replace the Memcached cluster and select a node type that has a higher CPU and memory.

A sysops administrator must monitor a fleet of Amazon EC2 Linux instances with the constraint that no agents be installed. The sysops administrator chooses Amazon CloudWatch as the monitoring tool.
Which metrics can be measured given the constraints? (Choose three.)

A. CPU Utilization
B. Disk Read Operations
C. Memory Utilization
D. Network Packets In
E. Network Packets Dropped
F. CPU Ready Time

A financial service company is running distributed computing software to manage a fleet of 20 servers for their calculations. There are 2 control nodes and 18 worker nodes to run the calculations. Worker nodes can be automatically started by the control nodes when required. Currently, all nodes are running on demand, and the worker nodes are used for approximately 4 hours each day.
Which combination of actions will be MOST cost-effective? (Choose two.)

A. Use Dedicated Hosts for the control nodes.
B. Use Reserved Instances for the control nodes.
C. Use Reserved Instances for the worker nodes.
D. Use Spot Instances for the control nodes and On-Demand Instances if there is no Spot availability.
E. Use Spot Instances for the worker nodes and On-Demand Instances if there is no Spot availability.

A popular auctioning platform requires near-real-time access to dynamic bidding information. The platform must be available at all times. The current Amazon RDS instance often reaches 100% CPU utilization during the weekend auction and can no longer be resized. To improve application performance, a sysops administrator is evaluating Amazon ElastiCache, and has chosen Redis (cluster mode enabled) instead of Memcached.
What are reasons for making this choice? (Choose two.)

A. Data partitioning
B. Multi-threaded processing
C. Multi-AZ with automatic failover
D. Multi-region with automatic failover
E. Online resharding

A company's application running on Amazon EC2 Linux recently crashed because it ran out of available memory. Management wants to be alerted if this ever happens again.
Which combination of steps will accomplish this? (Choose two.)

A. Create an Amazon CloudWatch dashboard to monitor the memory usage metrics on the instance over time.
B. Create an alarm on the dashboard that publishes an Amazon SNS notification to alert the CIO when a threshold is passed.
C. Create an alarm on the metric that publishes an Amazon SNS notification to alert the CIO when a threshold is passed.
D. Create an alarm on the AWS Personal Health Dashboard that publishes an Amazon SNS notification to alert the CIO when the system is out of memory.
E. Configure the Amazon CloudWatch agent to collect and push memory usage metrics on the instance.

A SysOps Administrator must remove public IP addresses from all Amazon EC2 instances to prevent exposure to the internet. However, many corporate applications running on those EC2 instances need to access Amazon S3 buckets. The Administrator is tasked with allowing the EC2 instances to continue to access the S3 buckets.
Which solutions can be used? (Choose two.)

A. Deploy a NAT gateway, and configure the route tables accordingly in the VPC where the EC2 instances are running.
B. Modify the network ACLs with private IP addresses in the routes to connect to Amazon S3.
C. Modify the security groups on the EC2 instances with private IP addresses in the routes to connect to Amazon S3.
D. Set up AWS Direct Connect, and configure a virtual interface between the EC2 instances and the S3 buckets.
E. Set up a VPC endpoint in the VPC where the EC2 instances are running, and configure the route tables accordingly.

A SysOps Administrator is maintaining an application running on Amazon EBS-backed Amazon EC2 instances in an Amazon EC2 Auto Scaling group. The application is set to automatically terminate unhealthy instances. The Administrator wants to preserve application logs from these instances for future analysis.
Which action will accomplish this?

A. Change the storage type from EBS to instance store.
B. Configure an Amazon CloudWatch Events rule to transfer the logs to Amazon S3 upon an EC2 state change to terminated.
C. Configure the unified CloudWatch agent to stream the logs to Amazon CloudWatch Logs.
D. Configure VPC Flow Logs for the subnet hosting the EC2 instance.

A SysOps Administrator using AWS KMS needs to rotate all customer master keys (CMKs) every week to meet Information Security guidelines.
Which option would meet the requirement?

A. Create a new CMK every 7 days to manually rotate the encryption keys.
B. Enable key rotation on the CMKs and set the rotation period to 7 days.
C. Switch to using AWS CloudHSM as AWS KMS does not support key rotation.
D. Use data keys for each encryption task to avoid the need to rotate keys.