ExamGecko
Search Search Login
Home Home / Amazon / SOA-C02

Amazon SOA-C02 Practice Test - Questions Answers, Page 31

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company's application on EC2 instances relies on a Single-AZ RDS for MySQL DB instance. The SysOps administrator needs to ensure failover to minimize downtime.
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company's AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database. What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?
A company needs to monitor the disk utilization of Amazon Elastic Block Store (Amazon EBS) volumes The EBS volumes are attached to Amazon EC2 Linux Instances A SysOps administrator must set up an Amazon CloudWatch alarm that provides an alert when disk utilization increases to more than 80%. Which combination of steps must the SysOps administrator lake lo meet these requirements? (Select THREE.)
A company uses AWS CloudFormation to manage a stack of Amazon EC2 instances on AWS. A SysOps administrator needs to keep the instances and all of the instances' data, even if someone deletes the stack. Which solution will meet these requirements?
A SysOps administrator is optimizing the cost of a workload. The workload is running in multiple AWS Regions and is using AWS Lambda with Amazon EC2 On-Demand Instances for the compute. The overall usage is predictable. The amount of compute that is consumed in each Region varies, depending on the users' locations. Which approach should the SysOps administrator use to optimize this workload?
The SysOps administrator must dynamically reference the latest AMI ID from Systems Manager Parameter Store in CloudFormation templates for new AMI versions.
A company has an application that collects notifications from thousands of alarm systems. The notifications include alarm notifications and information notifications. The information notifications include the system arming processes, disarming processes, and sensor status. All notifications are kept as messages in an Amazon Simple Queue Service (Amazon SQS) queue. Amazon EC2 instances that are in an Auto Scaling group process the messages. A SysOps administrator needs to implement a solution that prioritizes alarm notifications over information notifications. Which solution will meet these requirements?
A team of developers is using several Amazon S3 buckets as centralized repositories. Users across the world upload large sets of files to these repositories. The development team's applications later process these files. A SysOps administrator sets up a new S3 bucket. DOC-EXAMPLE-BUCKET, to support a new workload. The new S3 bucket also receives regular uploads of large sets of files from users worldwide. When the new S3 bucket is put into production, the upload performance from certain geographic areas is lower than the upload performance that the existing S3 buckets provide. What should the SysOps administrator do to remediate this issue?
The SysOps administrator must modify the AWS Config rule that deletes noncompliant SSH inbound rules to update the rule to allow SSH from specific trusted IP addresses instead.
The SysOps administrator needs to address high disk I/O issues during EC2 instance bootstrap in an Auto Scaling group.

Question 301

Report
Export
Collapse

A company has a cluster of Linux Amazon EC2 Spot Instances that read many files from and write many files to attached Amazon Elastic Block Store (Amazon EBS) volumes. The EC2 instances are frequently started and stopped. As part of the process when an EC2 instance starts, an EBS volume is restored from a snapshot.

EBS volumes that are restored from snapshots are experiencing initial performance that is lower than expected. The company's workload needs almost all the provisioned IOPS on the attached EBS volumes. The EC2 instances are unable to support the workload when the performance of the EBS volumes is too low. A SysOps administrator must implement a solution to ensure that the EBS volumes provide the expected performance when they are restored from snapshots.

Which solution will meet these requirements?

A.
Configure fast snapshot restore (FSR) on the snapshots that are used.
A.
Configure fast snapshot restore (FSR) on the snapshots that are used.
Answers
B.
Restore each snapshot onto an unencrypted EBS volume. Encrypt the EBS volume when the performance stabilizes.
B.
Restore each snapshot onto an unencrypted EBS volume. Encrypt the EBS volume when the performance stabilizes.
Answers
C.
Format the EBS volumes as XFS file systems before restoring the snapshots.
C.
Format the EBS volumes as XFS file systems before restoring the snapshots.
Answers
D.
Increase the Linux read-ahead buffer to 1 MiB.
D.
Increase the Linux read-ahead buffer to 1 MiB.
Answers
Suggested answer: A

Explanation:

For EBS volumes restored from snapshots to immediately achieve the required IOPS performance, Fast Snapshot Restore (FSR) can be utilized:

Enable FSR: Fast Snapshot Restore can be enabled on specific snapshots. This feature pre-warms the EBS volume created from a snapshot to its full performance level immediately after it is provisioned.

Operational Impact: By enabling FSR, any EBS volume created from these enabled snapshots will provide the provisioned IOPS performance right from the start, eliminating the performance lag that typically occurs as the data is lazily loaded from S3.

Cost Considerations: While FSR increases costs due to the pre-warming of data, it is justified by the need for immediate high performance, especially in environments where EBS volume responsiveness is critical to application performance.

This solution directly addresses the challenge of initial performance degradation and ensures that the EBS volumes can handle the required workload immediately upon restoration from a snapshot.

Question 302

Report
Export
Collapse

A SysOps administrator launches an Amazon EC2 instance in a private subnet of a VPC. When the SysOps administrator attempts a curl command from the command line of the EC2 instance, the SysOps administrator cannot connect to https:www.example.com.

What should the SysOps administrator do to resolve this issue?

A.
Ensure that there is an outbound security group for port 443 to 0.0.0.0/0.
A.
Ensure that there is an outbound security group for port 443 to 0.0.0.0/0.
Answers
B.
Ensure that there is an inbound security group for port 443 from 0.0.0.0/0.
B.
Ensure that there is an inbound security group for port 443 from 0.0.0.0/0.
Answers
C.
Ensure that there is an outbound network ACL for ephemeral ports 1024-66535 to 0.0.0.0/0.
C.
Ensure that there is an outbound network ACL for ephemeral ports 1024-66535 to 0.0.0.0/0.
Answers
D.
Ensure that there is an outbound network ACL for port 80 to 0.0.0.0/0.
D.
Ensure that there is an outbound network ACL for port 80 to 0.0.0.0/0.
Answers
Suggested answer: A

Explanation:

To resolve the issue of the EC2 instance in a private subnet not being able to connect to external websites via HTTPS (port 443), it is necessary to adjust the security group settings:

Outbound Security Group Rules: Verify that the security group associated with the EC2 instance allows outbound traffic on port 443 to any destination (0.0.0.0/0). This rule is crucial because it enables the instance to initiate HTTPS connections to external websites.

Network ACLs: While the primary concern here is the security group, ensure also that the Network Access Control List (ACL) associated with the subnet permits outbound HTTPS traffic. However, the ACLs by default allow all outbound traffic unless specifically restricted.

Internet Connectivity: Since the instance is in a private subnet, ensure that it has a route to the internet through a NAT Gateway or NAT Instance located in a public subnet. Without this, the instance won't be able to reach external networks even if the security groups and ACLs are correctly configured.

By ensuring that the security group permits outbound HTTPS traffic, you address the most common configuration oversight that would prevent such connectivity.

Question 303

Report
Export
Collapse

A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations.

What should a SysOps administrator do to implement this requirement?

A.
Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the AWS Management Console.
A.
Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the AWS Management Console.
Answers
B.
Develop an IAM policy that limits the business units to provision EC2 instances only. Instruct the business units to launch instances by using an AWS CloudFormation template.
B.
Develop an IAM policy that limits the business units to provision EC2 instances only. Instruct the business units to launch instances by using an AWS CloudFormation template.
Answers
C.
Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog. Allow the business units to perform actions in AWS Service Catalog only.
C.
Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog. Allow the business units to perform actions in AWS Service Catalog only.
Answers
D.
Share an AWS CloudFormation template with the business units. Instruct the business units to pass a role to AWS CloudFormation to allow the service to manage EC2 instances.
D.
Share an AWS CloudFormation template with the business units. Instruct the business units to pass a role to AWS CloudFormation to allow the service to manage EC2 instances.
Answers
Suggested answer: C

Explanation:

To enforce the use of approved EC2 instance configurations across different business units efficiently:

AWS Service Catalog: Utilize AWS Service Catalog to manage and govern commonly deployed IT services. Create a catalog of pre-approved products (in this case, EC2 instance configurations).

Publish Products: Define and publish EC2 instance configurations as products within the Service Catalog. These products will incorporate all the necessary and approved configurations, options, and software.

Launch Constraints: Assign launch constraints to these products, ensuring that users can only launch EC2 instances as defined by the pre-approved configurations.

Control Access: Grant business units access only to the Service Catalog for provisioning EC2 instances. This ensures they use only those configurations that comply with company policies and standards.

This approach not only standardizes resource deployment but also simplifies management and enhances compliance across the organization.

Question 304

Report
Export
Collapse

A company is supposed to receive a data file every hour in an Amazon S3 bucket. An S3 event notification invokes an AWS Lambda function each time a file arrives. The function processes the data for use by an application.

The application team notices that sometimes the file does not arrive. The application team wants to receive a notification whenever the file does not arrive.

What is the MOST operationally efficient solution that meets these requirements?

A.
Add an S3 Lifecycle rule on the S3 bucket with a scope that is limited to objects that were created in the last hour. Configure another S3 event notification to be invoked by the lifecycle transition when the number of objects transitioned is zero. Publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify the application team.
A.
Add an S3 Lifecycle rule on the S3 bucket with a scope that is limited to objects that were created in the last hour. Configure another S3 event notification to be invoked by the lifecycle transition when the number of objects transitioned is zero. Publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify the application team.
Answers
B.
Configure another S3 event notification to invoke a Lambda function that posts a message to an Amazon Simple Queue Service (Amazon SQS) queue. Create an Amazon CloudWatch alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify the application team when the ApproximateAgeOfOldestMessage metric of the queue is greater than 1 hour.
B.
Configure another S3 event notification to invoke a Lambda function that posts a message to an Amazon Simple Queue Service (Amazon SQS) queue. Create an Amazon CloudWatch alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify the application team when the ApproximateAgeOfOldestMessage metric of the queue is greater than 1 hour.
Answers
C.
Create an Amazon CloudWatch alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to alert the application team when the Invocations metric of the Lambda function is zero for an hour. Configure the alarm to treat missing data as breaching.
C.
Create an Amazon CloudWatch alarm to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to alert the application team when the Invocations metric of the Lambda function is zero for an hour. Configure the alarm to treat missing data as breaching.
Answers
D.
Create a new Lambda function to get the timestamp of the newest file in the S3 bucket. If the timestamp is more than 1 hour ago, publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify the application team. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the new function hourly.
D.
Create a new Lambda function to get the timestamp of the newest file in the S3 bucket. If the timestamp is more than 1 hour ago, publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify the application team. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the new function hourly.
Answers
Suggested answer: C

Question 305

Report
Export
Collapse

A global company operates out of five AWS Regions. A SysOps administrator wants to identify all the company's tagged and untagged Amazon EC2 instances.

The company requires the output to display the instance ID and tags.

What is the MOST operationally efficient way for the SysOps administrator to meet these requirements?

A.
Create a tag-based resource group in AWS Resource Groups.
A.
Create a tag-based resource group in AWS Resource Groups.
Answers
B.
Use AWS Trusted Advisor. Export the EC2 On-Demand Instances check results from Trusted Advisor.
B.
Use AWS Trusted Advisor. Export the EC2 On-Demand Instances check results from Trusted Advisor.
Answers
C.
Use Cost Explorer. Choose a service type of EC2-Instances, and group by Resource.
C.
Use Cost Explorer. Choose a service type of EC2-Instances, and group by Resource.
Answers
D.
Use Tag Editor in AWS Resource Groups. Select all Regions, and choose a resource type of AWS::EC2::Instance.
D.
Use Tag Editor in AWS Resource Groups. Select all Regions, and choose a resource type of AWS::EC2::Instance.
Answers
Suggested answer: D

Explanation:

To identify both tagged and untagged EC2 instances across multiple AWS Regions efficiently:

AWS Tag Editor: Tag Editor allows you to search for resources across your AWS account by tags, including both tagged and untagged resources.

Search Setup: In the Tag Editor, select all the Regions where the company operates. Specify the resource type as AWS::EC2::Instance to focus the search on EC2 instances.

View and Export Data: Execute the search to view all EC2 instances, along with their associated tags and instance IDs. This data can be exported for further analysis or reporting.

Using the Tag Editor is an operationally efficient way to quickly get a comprehensive view of resource tagging across multiple Regions, aiding in compliance and resource management tasks.

Question 306

Report
Export
Collapse

A SysOps administrator needs to control access to groups of Amazon EC2 instances using AWS Systems Manager Session Manager. Specific tags on the EC2 instances have already been added.

Which additional actions should the administrator take to control access? (Choose two.)

A.
Attach an IAM policy to the users or groups that require access to the EC2 instances.
A.
Attach an IAM policy to the users or groups that require access to the EC2 instances.
Answers
B.
Attach an IAM role to control access to the EC2 instances.
B.
Attach an IAM role to control access to the EC2 instances.
Answers
C.
Create a placement group for the EC2 instances and add a specific tag.
C.
Create a placement group for the EC2 instances and add a specific tag.
Answers
D.
Create a service account and attach it to the EC2 instances that need to be controlled.
D.
Create a service account and attach it to the EC2 instances that need to be controlled.
Answers
E.
Create an IAM policy that grants access to any EC2 instances with a tag specified in the Condition element.
E.
Create an IAM policy that grants access to any EC2 instances with a tag specified in the Condition element.
Answers
Suggested answer: A, E

Explanation:

To control access to Amazon EC2 instances using AWS Systems Manager Session Manager based on specific tags:

Attach an IAM Policy to Users or Groups: Create and attach an Identity and Access Management (IAM) policy to the IAM users or groups who need access to the EC2 instances. This policy should specify the permissions required to use Session Manager to start sessions with the instances.

Create an IAM Policy with Tag-Based Conditions: Create an IAM policy that includes a condition element to allow access to EC2 instances based on specific tags. This policy can be designed to grant the ssm:StartSession permission only for instances that match certain tags, as defined in the condition block of the IAM policy. Here is a sample condition block that could be used:

'Condition': {

'StringEquals': {

'ec2:ResourceTag/YourTagName': 'YourTagValue'

}

}

This ensures that only authorized users can initiate sessions with instances that have the specified tags, enhancing security and operational management.

By implementing these policies, you ensure that only the appropriate personnel have the controlled access required, based on the specific business needs and security guidelines.

Question 307

Report
Export
Collapse

An application runs on Amazon EC2 instances in an Auto Scaling group. Following the deployment of a new feature on the EC2 instances, some instances were marked as unhealthy and then replaced by the Auto Scaling group. The EC2 instances terminated before a SysOps administrator could determine the cause of the health status changes. To troubleshoot this issue, the SysOps administrator wants to ensure that an AWS Lambda function is invoked in this situation.

How should the SysOps administrator meet these requirements?

A.
Activate the instance scale-in protection setting for the Auto Scaling group. Invoke the Lambda function through Amazon EventBridge (Amazon CloudWatch Events).
A.
Activate the instance scale-in protection setting for the Auto Scaling group. Invoke the Lambda function through Amazon EventBridge (Amazon CloudWatch Events).
Answers
B.
Activate the instance scale-in protection setting for the Auto Scaling group. Invoke the Lambda function through Amazon Route 53.
B.
Activate the instance scale-in protection setting for the Auto Scaling group. Invoke the Lambda function through Amazon Route 53.
Answers
C.
Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function through Amazon EventBridge (Amazon CloudWatch Events).
C.
Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function through Amazon EventBridge (Amazon CloudWatch Events).
Answers
D.
Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function through Amazon Route 53.
D.
Add a lifecycle hook to the Auto Scaling group to invoke the Lambda function through Amazon Route 53.
Answers
Suggested answer: C

Explanation:

To enable troubleshooting of EC2 instances marked as unhealthy before they are terminated by the Auto Scaling group, you can use lifecycle hooks:

Add a Lifecycle Hook: Configure a lifecycle hook in the Auto Scaling group. This hook will hold the instance in a 'wait' state either when it launches or terminates (in this case, when it's about to be terminated due to health check failure).

Integration with Amazon EventBridge (CloudWatch Events): Set up the lifecycle hook to send an event to EventBridge (formerly CloudWatch Events) when an instance is in the termination lifecycle state.

Invoke Lambda Function: Configure EventBridge to trigger an AWS Lambda function when it receives the termination lifecycle event from the Auto Scaling group. This Lambda function can then perform necessary diagnostics, logging, or data capture activities on the instance before it's terminated.

This configuration allows the SysOps administrator to perform necessary investigations on why instances were marked unhealthy before they are automatically replaced, offering a chance to diagnose and potentially correct underlying issues.

Question 308

Report
Export
Collapse

A company hosts an internal application on Amazon EC2 On-Demand Instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group. Employees use the application to provide product prices to potential customers. The Auto Scaling group is configured with a dynamic scaling policy and tracks average CPU utilization of the instances.

Employees have noticed that sometimes the application becomes slow or unresponsive. A SysOps administrator finds that some instances are experiencing a high CPU load. The Auto Scaling group cannot scale out because the company is reaching the EC2 instance service quota.

The SysOps administrator needs to implement a solution that provides a notification when the company reaches 70% or more of thte EC2 instance service quota.

Which solution will meet these requirements in the MOST operationally efficient manner?

A.
Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances, and compares the total number against the applied quota value by using the Service Quotas API. Configure the Lambda function to publish an Amazon Simple Notification Service (Amazon SNS) notification if the quota utilization is equal to or greater than 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
A.
Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances, and compares the total number against the applied quota value by using the Service Quotas API. Configure the Lambda function to publish an Amazon Simple Notification Service (Amazon SNS) notification if the quota utilization is equal to or greater than 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
Answers
B.
Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances, and compares the total number against the applied quota value by using the Amazon CloudWatch Metrics API. Configure the Lambda function to publish an Amazon Simple Notification Service (Amazon SNS) notification if the quota utilization is equal to or greater than 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
B.
Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances, and compares the total number against the applied quota value by using the Amazon CloudWatch Metrics API. Configure the Lambda function to publish an Amazon Simple Notification Service (Amazon SNS) notification if the quota utilization is equal to or greater than 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
Answers
C.
Use the Service Quotas console to create an Amazon CloudWatch alarm for the EC2 instances. Configure the alarm with quota utilization equal to or greater than 70%. Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.
C.
Use the Service Quotas console to create an Amazon CloudWatch alarm for the EC2 instances. Configure the alarm with quota utilization equal to or greater than 70%. Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.
Answers
D.
Create an Amazon CloudWatch alarm. Configure the alarm with a threshold of 70% for the CPUUtilization metric for the EC2 instances. Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.
D.
Create an Amazon CloudWatch alarm. Configure the alarm with a threshold of 70% for the CPUUtilization metric for the EC2 instances. Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.
Answers
Suggested answer: C

Explanation:

To monitor and receive alerts when the EC2 instance service quota usage reaches 70% or more:

Service Quotas Console: Navigate to the Service Quotas console within AWS and identify the specific quota for EC2 instances.

Create a CloudWatch Alarm: Directly from the Service Quotas console, set up a CloudWatch alarm for the EC2 instance quota metric. Configure the alarm to trigger when the quota utilization reaches or exceeds 70%.

Notification Setup: Link this alarm to an Amazon SNS topic that will send a notification to relevant stakeholders or systems when the quota usage threshold is breached.

This method provides an automated, straightforward way to monitor resource limits and ensures that stakeholders are promptly notified, enabling them to take proactive measures to manage the quota and prevent service disruption.

Question 309

Report
Export
Collapse

A company wants to track its expenditures for Amazon EC2 and Amazon RDS within AWS. The company decides to implement more rigorous tagging requirements for resources in its AWS accounts. A SysOps administrator needs to identify all noncompliant resources.

What is the MOST operationally efficient solution that meets these requirements?

A.
Create a rule in Amazon EventBridge (Amazon CloudWatch Events) that invokes a custom AWS Lambda function that will evaluate all created or updated resources for the specified tags.
A.
Create a rule in Amazon EventBridge (Amazon CloudWatch Events) that invokes a custom AWS Lambda function that will evaluate all created or updated resources for the specified tags.
Answers
B.
Create a rule in AWS Config that invokes a custom AWS Lambda function that will evaluate all resources for the specified tags.
B.
Create a rule in AWS Config that invokes a custom AWS Lambda function that will evaluate all resources for the specified tags.
Answers
C.
Create a rule in AWS Config with the required-tags managed rule to evaluate all resources for the specified tags.
C.
Create a rule in AWS Config with the required-tags managed rule to evaluate all resources for the specified tags.
Answers
D.
Create a rule in Amazon EventBridge (Amazon CloudWatch Events) with a managed rule to evaluate all created or updated resources for the specified tags.
D.
Create a rule in Amazon EventBridge (Amazon CloudWatch Events) with a managed rule to evaluate all created or updated resources for the specified tags.
Answers
Suggested answer: C

Explanation:

To efficiently monitor and identify noncompliant resources in terms of tagging within AWS, using AWS Config with a managed rule for required tagging is most appropriate:

AWS Config Setup: Configure AWS Config to monitor and record configurations of AWS resources within your environment.

Managed Rule for Required Tags: Utilize the 'required-tags' managed rule in AWS Config, which checks whether your resources have the specific tags you define as mandatory. This rule can be customized to specify which tags are required and can automatically evaluate all existing and new resources in your environment.

Compliance Reporting: AWS Config provides detailed compliance reporting that helps you identify resources that do not meet the tagging requirements, facilitating easy remediation.

This approach leverages AWS Config's capabilities for continuous monitoring and evaluation without needing to write custom code or manage additional services, providing an operationally efficient solution for compliance management.

Question 310

Report
Export
Collapse

A user is connected to an Amazon EC2 instance in a private subnet. The user is unable to access the internet from the instance by using the following curl command: curl http:/www.example.com.

A SysOps administrator reviews the VPC configuration and learns the following information:

* The private subnet has a route to a NAT gateway for CIDR 0.0.0.0/0

* The outbound security group for the EC2 instance contains one rule: outbound for port 443 to CIDR 0.0.0.0/0

* The inbound security group for the EC2 instance allows ports 22 and 443 from the user's IP address.

* The inbound network ACL for the subnet allows port 22 and port range 1024-65535 from CIDR 0.0.0.0/0

Which action will allow the user to complete the curl request successfully?

A.
Add an additional inbound network ACL rule for port 80 to CIDR 0.0.0.0/0.
A.
Add an additional inbound network ACL rule for port 80 to CIDR 0.0.0.0/0.
Answers
B.
Add an additional inbound security group rule for port 80 to CIDR 0.0.0.0/0.
B.
Add an additional inbound security group rule for port 80 to CIDR 0.0.0.0/0.
Answers
C.
Add an additional outbound security group rule for port 80 to CIDR 0.0.0.0/0.
C.
Add an additional outbound security group rule for port 80 to CIDR 0.0.0.0/0.
Answers
D.
Add an additional outbound security group rule for port 80 to the user's IP address.
D.
Add an additional outbound security group rule for port 80 to the user's IP address.
Answers
Suggested answer: C

Explanation:

Since the EC2 instance is attempting to access the internet using HTTP (port 80) but is configured only to allow HTTPS (port 443) traffic, the security group needs adjustment:

Security Group Configuration: The outbound rules of the security group associated with the EC2 instance must allow traffic over HTTP. Add an outbound rule that enables port 80 to destination 0.0.0.0/0. This rule will allow the instance to send HTTP requests to any IP address on the internet.

Test Connectivity: After updating the security group, test the connectivity using the curl command again to ensure the configuration allows internet access via HTTP.

This change is necessary because the existing security group configuration does not permit outbound HTTP traffic, which is essential for accessing websites using HTTP.

Total 425 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms