To configure central configuration for Security Hub in an AWS Organization, the SysOps administrator must ensure it's set up centrally.
Options:
To centrally manage Security Hub across an organization, AWS allows you to delegate a member account as the Security Hub administrator. This enables centralized configuration and security insights without directly using the management account, which is a best practice.
Delegating a Non-Management Account: AWS recommends using a designated Security Hub administrator account (different from the management account) for central security configurations.
Security Hub Central Configuration: Configuring Security Hub in this manner ensures that security findings from all member accounts are consolidated and manageable from the designated administrator account.
The SysOps administrator must restart the web server if specific errors are detected in logs on EC2 instances behind a load balancer.
Options (Select THREE):
Installing the CloudWatch agent enables log monitoring, and a CloudWatch metric filter allows alerting on specific errors. Using EventBridge to trigger a Systems Manager Automation runbook automates the restart of the web server, creating an efficient and automated solution.
A webpage is stored in an Amazon S3 bucket behind an Application Load Balancer (ALB). Configure the SS bucket to serve a static error page in the event of a failure at the primary site.
1. Use the us-east-2 Region for all resources.
2. Unless specified below, use the default configuration settings.
3. There is an existing hosted zone named lab-
751906329398-26023898.com that contains an A record with a simple routing policy that routes traffic to an existing ALB.
4. Configure the existing S3 bucket named lab-751906329398-26023898.com as a static hosted website using the object named index.html as the index document
5. For the index-html object, configure the S3 ACL to allow for public read access. Ensure public access to the S3 bucketjs allowed.
6. In Amazon Route 53, change the A record for domain lab-751906329398-26023898.com to a primary record for a failover routing policy. Configure the record so that it evaluates the health of the ALB to determine failover.
7. Create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing 53 bucket.
Here are the steps to configure an Amazon S3 bucket to serve a static error page in the event of a failure at the primary site:
Log in to the AWS Management Console and navigate to the S3 service in the us-east-2 Region.
Find the existing S3 bucket named lab-751906329398-26023898.com and click on it.
In the 'Properties' tab, click on 'Static website hosting' and select 'Use this bucket to host a website'.
In 'Index Document' field, enter the name of the object that you want to use as the index document, in this case, 'index.html'
In the 'Permissions' tab, click on 'Block Public Access', and make sure that 'Block all public access' is turned OFF.
Click on 'Bucket Policy' and add the following policy to allow public read access:
{
'Version': '2012-10-17',
'Statement': [
{
'Sid': 'PublicReadGetObject',
'Effect': 'Allow',
'Principal': '*',
'Action': 's3:GetObject',
'Resource': 'arn:aws:s3:::lab-751906329398-26023898.com/*'
}
]
}
Now navigate to the Amazon Route 53 service, and find the existing hosted zone named lab-751906329398-26023898.com.
Click on the 'A record' and update the routing policy to 'Primary - Failover' and add the existing ALB as the primary record.
Click on 'Create Record' button and create a new secondary failover alias record for the domain lab-751906329398-26023898.com that routes traffic to the existing S3 bucket.
Now, when the primary site (ALB) goes down, traffic will be automatically routed to the S3 bucket serving the static error page.
Note:
You can use CloudWatch to monitor the health of your ALB.
You can use Amazon S3 to host a static website.
You can use Amazon Route 53 for routing traffic to different resources based on health checks.
You can refer to the AWS documentation for more information on how to configure and use these services:
https://aws.amazon.com/route53/
https://aws.amazon.com/cloudwatch/
Users of a company's internal web application recently experienced application performance issues for a brief period The application includes frontend web servers that run in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster The application also includes a bacKend Amazon Aurora PostgreSQL DB cluster that includes one DB instance.
A SysOps administrator determines that the source of the performance issues was high utilization of the DB cluster. The single writer instance experienced more than 90% utilization for 11 minutes The cause of the high utilization was an automated report that is scheduled to run one time each week
What should the SysOps administrator do to ensure that users do not experience performance Issues each week when the report runs?
Increasing DB Instance Size:
Increasing the instance size provides more CPU and memory resources, which can help handle higher loads.
Steps:
Go to the AWS Management Console.
Navigate to RDS and select the DB instance.
Modify the instance to increase its size.
Apply the changes during the next maintenance window or immediately if it is a critical issue.
Monitoring Performance:
After resizing, monitor the instance during the next report run to ensure that it handles the load effectively.
A company's architeclure team must receive immediate email notification whenever new Amazon EC2 Instances are launched In the company's main AWS production account
What should a SysOps administrator do to meet this requirement?
Create an SNS Topic and Subscription:
Amazon SNS allows you to send notifications to multiple endpoints.
Steps:
Go to the AWS Management Console.
Navigate to SNS and create a new topic.
Create a subscription for the topic using the email protocol.
Enter the architecture team's email address as the subscriber.
Create an EventBridge Rule:
Amazon EventBridge can monitor events and trigger actions.
Steps:
Go to the AWS Management Console.
Navigate to EventBridge.
Create a new rule that reacts to EC2 instance launch events.
Specify the SNS topic as the rule's target.
Taryn
4 days agoAnjelica
12 days agoAngella
14 days agoDion
19 days agoDwight
1 months agoFlo
1 months agoKris
1 months agoKindra
2 months agoHollis
2 months agoMelissa
2 months agoBrock
2 months agoLavonda
2 months agoCyndy
3 months agoMelinda
3 months agoOmer
3 months agoBrendan
3 months agoInes
3 months agoIra
4 months agoCornell
5 months agoJoanna
6 months agoMaricela
6 months agoElliott
6 months agoKenneth
6 months agoDorian
7 months ago