AWS-SysOps 無料問題集「Amazon AWS Certified SysOps Administrator - Associate」

（A）Log in to the affected EC2 instances. Download and install the Amazon Inspector agent from AWS Marketplace on each instance.

（B）Use a network reachability package to analyze network configurations to find security vulnerabilities on the affected EC2 instances.

（C）Verify that the Amazon Inspector agent is installed and running on the affected instances. Restart the Amazon Inspector agent.

（D）Generate the missing security findings list manually by logging in to the affected EC2 instances and running CLI commands.

（A）Develop an AWS Lambda function to update the corporate DNS IP address on all the EC2 instances.

（B）Update the Amazon Machine Images (AMIs) of the EC2 instances to configure the updated corporate DNS IP address.

（C）Run a shell script to update the corporate DNS IP address on each EC2 instance.

（D）Use the AWS Systems Manager Run Command to update the corporate DNS IP address on all the EC2 instances.

（A）Use Amazon GuardDuty to protect the web servers from bots and scrapers

（B）Use Amazon CloudFront to cache the traffic and block access to the web servers

（C）Use AWS Lambda to analyze the web server logs, detect bot traffic, and block the IP address in the security groups

（D）Use AWS WAF rate-based blacklisting to block this traffic when it exceeds a defined threshold

（A）Define permissions boundaries to allow approved actions only

（B）Apply service control policies (SCPs) to allow approved actions only

（C）Apply service control policies (SCPs) to prevent restricted actions

（D）Define permissions boundaries to prevent restricted actions

（A）InstanceName is a reserved tag for AWS.
Thus, AWS will not allow this tag

（B）AWS will allow both the tags and show properly in the cost distribution report

（C）AWS will not allow the tags as the value is the same for different keys

（D）AWS will allow tags but will not show correctly in the cost allocation report due to the same value of the two separate keys

（A）The user should use the same encryption key for all versions of the same object

（B）It is possible to have different encryption keys for different versions of the same object

（C）AWS S3 does not allow the user to upload his own keys for server side encryption

（D）The SSE-C does not work when versioning is enabled

（A）sts:GetFederationToken

（B）sts:AssumeRole

（C）sts:AssumeRoleWithSAML

（D）sts:AssumeRoleWithWebIdentity

（A）OK

（B）THRESHOLD

（C）ERROR

（D）ALERT

（A）Set up auto scaling with CloudWatch alarms using SNS to notify you when you are running too many Instances in a given account

（B）Consolidate your accounts so you have a single bill for all accounts and projects

（C）Set up CloudWatch billing alerts for all AWS resources used by each project, with a notification occurring when the amount for each resource tagged to a particular project matches the budget allocated to the project.

（D）Set up CloudWatch billing alerts for all AWS resources used by each account, with email notifications when it hits 50%. 80% and 90% of its budgeted monthly spend

（A）Query AWS CloudTrail logs by using Amazon Athena to search for Elastic IP address events.

（B）Create a CloudWatch alarm on the EIPCreated metric and send an Amazon SNS notification when the alarm triggers.

（C）Use Amazon Inspector to get a report of all Elastic IP addresses created in the last 30 days.

（D）Attach a cost-allocation tag to each requested Elastic IP address with the IAM user name of the Developer who creates it.

（A）20

（B）5

（C）10

（D）2

（A）The private IP address of the customer gateway device

（B）The public IP address of the NAT device in front of the customer gateway device

（C）The MAC address of the NAT device in front of the customer gateway device

（D）The public IP address of the customer gateway device

（A）AWS SES

（B）HTTP

（C）Email JSON

（D）AWS SQS

（A）Network access control list (NACL) restriction

（B）Amazon GuardDuty geo-blocking

（C）AWS Shield geo-restriction

（D）Amazon CloudFront geo-restriction

（E）Amazon Route 53 geolocation routing