AWS-SysOps | Amazon AWS-SysOps Secret 2020

Actualtests offers free demo for AWS-SysOps exam. "Amazon AWS Certified SysOps Administrator - Associate", also known as AWS-SysOps exam, is a Amazon Certification. This set of posts, Passing the Amazon AWS-SysOps exam, will help you answer those questions. The AWS-SysOps Questions & Answers covers all the knowledge points of the real exam. 100% real Amazon AWS-SysOps exams and revised by experts!

Also have AWS-SysOps free dumps questions for you:

NEW QUESTION 1

An organization is generating digital policy files which are required by the admins for verification. Once the files are verified they may not be required in the future unless there is some compliance issue. If the organization wants to save them in a cost effective way, which is the best possible solution?

  • A. AWS RRS
  • B. AWS S3
  • C. AWS RDS
  • D. AWS Glacier

Answer: D

Explanation:

Amazon S3 stores objects according to their storage class. There are three major storage classes: Standard, Reduced Redundancy and Glacier. Standard is for AWS S3 and provides very high durability. However, the costs are a little higher. Reduced redundancy is for less critical files. Glacier is for archival and the files which are accessed infrequently. It is an extremely low-cost storage service that provides secure and durable storage for data archiving and backup.

NEW QUESTION 2

You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch.
Which method would be the best way to authenticate your CloudWatch PUT request?

  • A. Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to launch instances in that role
  • B. Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch configuration to inject the userscredentials into the instance User Data
  • C. Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission to instances from the Auto Scaling group
  • D. Create an IAM user with the PutMetricData permission and put the credentials in a private repository and have applications on the server pull the credentials as needed

Answer: A

NEW QUESTION 3

A user has launched an RDS postgreSQL DB with AWS. The user did not specify the maintenance window during creation. The user has configured RDS to update the DB instance type from micro to large. If the user wants to have it during the maintenance window, what will AWS do?

  • A. AWS will not allow to update the DB until the maintenance window is configured
  • B. AWS will select the default maintenance window if the user has not provided it
  • C. AWS will ask the user to specify the maintenance window during the update
  • D. It is not possible to change the DB size from micro to large with RDS

Answer: B

Explanation:

AWS RDS has a compulsory maintenance window which by default is 30 minutes. If the user does not specify the maintenance window during the creation of RDS then AWS will select a 30-minute maintenance window randomly from an 8-hour block of time per region. In this case, Amazon RDS assigns a 30-minute maintenance window on a randomly selected day of the week.

NEW QUESTION 4

A system admin wants to add more zones to the existing ELB. The system admin wants to perform this activity from CLI. Which of the below mentioned command helps the system admin to add new zones to the existing ELB?

  • A. elb-enable-zones-for-lb
  • B. elb-add-zones-for-lb
  • C. It is not possible to add more zones to the existing ELB
  • D. elb-configure-zones-for-lb

Answer: A

Explanation:

The user has created an Elastic Load Balancer with the availability zone and wants to add more zones to the existing ELB. The user can do so in two ways:
From the console or CLI, add new zones to ELB;

NEW QUESTION 5

A user has setup a billing alarm using CloudWatch for $200. The usage of AWS exceeded $200 after some days. The user wants to increase the limit from $200 to $400? What should the user do?

  • A. Create a new alarm of $400 and link it with the first alarm
  • B. It is not possible to modify the alarm once it has crossed the usage limit
  • C. Update the alarm to set the limit at $400 instead of $200
  • D. Create a new alarm for the additional $200 amount

Answer: C

Explanation:

AWS CloudWatch supports enabling the billing alarm on the total AWS charges. The estimated charges are calculated and sent several times daily to CloudWatch in the form of metric data. This data will be stored for 14 days. This data also includes the estimated charges for every service in AWS used by the user, as well as the estimated overall AWS charges. If the user wants to increase the limit, the user can modify the alarm and specify a new threshold.

NEW QUESTION 6

The compliance department within your multi-national organization requires that all data for your customers that reside in the European Union (EU) must not leave the EU and also
data for customers that reside in the US must not leave the US without explicit authorization.
What must you do to comply with this requirement for a web based profile management application running on EC2?

  • A. Run EC2 instances in multiple AWS Availability Zones in single Region and leverage an Elastic Load Balancer with session stickiness to route traffic to the appropriate zone to create their profile
  • B. Run EC2 instances in multiple Regions and leverage Route 53's Latency Based Routing capabilities to route traffic to the appropriate region to create their profile
  • C. Run EC2 instances in multiple Regions and leverage a third party data provider to determine if a user needs to be redirect to the appropriate region to create their profile
  • D. Run EC2 instances in multiple AWS Availability Zones in a single Region and leverage a third party data provider to determine if a user needs to be redirect to the appropriate zone to create their profile

Answer: C

NEW QUESTION 7

Which of the below mentioned AWS RDS logs cannot be viewed from the console for MySQL?

  • A. Error Log
  • B. Slow Query Log
  • C. Transaction Log
  • D. General Log

Answer: C

Explanation:

The user can view, download, and watch the database logs using the Amazon RDS console, the Command Line Interface (CLI., or the Amazon RDS API. For the MySQL RDS, the user can view the error log, slow querylog, and general logs. RDS does not support viewing the transaction logs.

NEW QUESTION 8

A user has created a VPC with public and private subnets using the VPC Wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24. Which of the below mentioned entries are required in the main route table to allow the instances in VPC to communicate with each other?

  • A. Destination : 20.0.0.0/24 and Target : VPC
  • B. Destination : 20.0.0.0/16 and Target : ALL
  • C. Destination : 20.0.0.0/0 and Target : ALL
  • D. Destination : 20.0.0.0/24 and Target : Local

Answer: D

NEW QUESTION 9

A user has launched an EC2 instance from an instance store backed AMI. The infrastructure team wants to create an AMI from the running instance. Which of the below mentioned credentials is not required while creating the AMI?

  • A. AWS account ID
  • B. X.509 certificate and private key
  • C. AWS login ID to login to the console
  • D. Access key and secret access key

Answer: C

Explanation:

When the user has launched an EC2 instance from an instance store backed AMI and the admin team wants to create an AMI from it, the user needs to setup the AWS AMI or the API tools first. Once the tool is setup the user will need the following credentials:
AWS account ID;
AWS access and secret access key;
X.509 certificate with private key.

NEW QUESTION 10

Which method can be used to prevent an IP address block from accessing public objects in an S3 bucket?

  • A. Create a bucket policy and apply it to the bucket
  • B. Create a NACL and attach it to the VPC of the bucket
  • C. Create an ACL and apply it to all objects in the bucket
  • D. Modify the IAM policies of any users that would access the bucket

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

NEW QUESTION 11

Your mission is to create a lights-out datacenter environment, and you plan to use AWS OpsWorks to accomplish this. First you created a stack and added an App Server layer with an instance running in it. Next you added an application to the instance, and now you need to deploy a MySQL RDS database instance.
Which of the following answers accurately describe how to add a backend database server to an OpsWorks stack? Choose 3 answers

  • A. Add a new database layer and then add recipes to the deploy actions of the database and App Server layer
  • B. Use OpsWorks' "Clone Stack" feature to create a second RDS stack in another Availability Zone for redundancy in the event of a failure in the Primary A
  • C. To switch to the secondary RDS instance, set the [:database] attributes to values that are appropriate for your server which you can do by using custom JSO
  • D. The variables that characterize the RDS database connection—host, user, and so on—are set using the corresponding values from the deploy JSON's [:depioy][:app_name][:database] attribute
  • E. Cookbook attributes are stored in a repository, so OpsWorks requires that the "password": "your_password" attribute for the RDS instance must be encrypted using at least a 256-bit ke
  • F. Set up the connection between the app server and the RDS layer by using a custom recip
  • G. The recipe configures the app server as required, typically by creating a configuration fil
  • H. The recipe gets the connection data such as the host and database name from a set of attributes in the stack configuration and deployment JSON that AWS OpsWorks installs on every instanc

Answer: BCE

NEW QUESTION 12

An organization has created 10 IAM users. The organization wants each of the IAM users to have access to a separate DyanmoDB table. All the users are added to the same group and the organization wants to setup a group level policy for this. How can the organization achieve this?

  • A. Define the group policy and add a condition which allows the access based on the IAM name
  • B. Create a DynamoDB table with the same name as the IAM user name and define the policy rule which grants access based on the DynamoDB ARN using a variable
  • C. Create a separate DynamoDB database for each user and configure a policy in the group based on the DB variable
  • D. It is not possible to have a group level policy which allows different IAM users to different DynamoDB Tables

Answer: D

Explanation:

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. AWS DynamoDB has only tables and the organization cannot makeseparate databases. The organization should create a table with the same name as the IAM user name and use the ARN of DynamoDB as part of the group policy. The sample policy is shown below:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["dynamodb:*"],
"Resource": "arn:aws:dynamodb:region:account-number-without-hyphens:table/${aws:username}"
}
]
}

NEW QUESTION 13

An organization wants to move to Cloud. They are looking for a secure encrypted database storage option. Which of the below mentioned AWS functionalities helps them to achieve this?

  • A. AWS MFA with EBS
  • B. AWS EBS encryption
  • C. Multi-tier encryption with Redshift
  • D. AWS S3 server side storage

Answer: B

Explanation:

AWS EBS supports encryption of the volume while creating new volumes. It also supports creating volumes from existing snapshots provided the snapshots are created from encrypted volumes. The data at rest, the I/O as well as all the snapshots of EBS will be encrypted. The encryption occurs on the servers that host the EC2 instances, providing encryption of data as it moves between the EC2 instances and EBS storage. EBS encryption is based on the AES-256 cryptographic algorithm, which is the industry standard

NEW QUESTION 14

A user has configured an EC2 instance in the US-East-1a zone. The user has enabled detailed monitoring of the instance. The user is trying to get the data from CloudWatch using a CLI. Which of the below mentioned CloudWatch endpoint URLs should the user use?

  • A. monitoring.us-east-1.amazonaws.com
  • B. monitoring.us-east-1-a.amazonaws.com
  • C. monitoring.us-east-1a.amazonaws.com
  • D. cloudwatch.us-east-1a.amazonaws.com

Answer: A

Explanation:

The CloudWatch resources are always region specific and they will have the end point as region specific. If the user is trying to access the metric in the US-East-1 region, the endpoint URL will be: monitoring.us-east- 1.amazonaws.com

NEW QUESTION 15

An organization has setup consolidated billing with 3 different AWS accounts. Which of the below mentioned advantages will organization receive in terms of the AWS pricing?

  • A. The consolidated billing does not bring any cost advantage for the organization
  • B. All AWS accounts will be charged for S3 storage by combining the total storage of each account
  • C. The EC2 instances of each account will receive a total of 750*3 micro instance hours free
  • D. The free usage tier for all the 3 accounts will be 3 years and not a single year

Answer: B

Explanation:

AWS consolidated billing enables the organization to consolidate payments for multiple Amazon Web Services (AWS. accounts within a single organization by making a single paying account. For billing purposes, AWS treats all the accounts on the consolidated bill as one account. Some services, such as Amazon EC2 and Amazon S3 have volume pricing tiers across certain usage dimensions that give the user lower prices when he uses the service more.

NEW QUESTION 16

A user is receiving a notification from the RDS DB whenever there is a change in the DB security group. The user does not want to receive these notifications for only a month. Thus, he does not want to delete the notification. How can the user configure this?

  • A. Change the Disable button for notification to “Yes” in the RDS console
  • B. Set the send mail flag to false in the DB event notification console
  • C. The only option is to delete the notification from the console
  • D. Change the Enable button for notification to “No” in the RDS console

Answer: D

Explanation:

Amazon RDS uses the Amazon Simple Notification Service to provide a notification when an Amazon RDS event occurs. Event notifications are sent to the addresses that the user has provided while creating the subscription. The user can easily turn off the notification without deleting a subscription by setting the Enabled radio button to No in the Amazon RDS console or by setting the Enabled parameter to false using the CLI or Amazon RDS API.

NEW QUESTION 17

A user is trying to understand the CloudWatch metrics for the AWS services. It is required that the user should first understand the namespace for the AWS services. Which of the below mentioned is not a valid namespace for the AWS services?

  • A. AWS/StorageGateway
  • B. AWS/CloudTrail
  • C. AWS/ElastiCache
  • D. AWS/SWF

Answer: B

Explanation:

Amazon CloudWatch is basically a metrics repository. The AWS product puts metrics into this repository, and the user can retrieve the data or statistics based on those metrics. To distinguish the data for each service, the CloudWatch metric has a namespace. Namespaces are containers for metrics. All AWS services that provide the Amazon CloudWatch data use a namespace string, beginning with "AWS/". All the services which are supported by CloudWatch will have some namespace. CloudWatch does not monitor CloudTrail. Thus, the namespace “AWS/CloudTrail” is incorrect.

NEW QUESTION 18

An AWS root account owner is trying to create a policy to access RDS. Which of the below mentioned
statements is true with respect to the above information?

  • A. Create a policy which allows the users to access RDS and apply it to the RDS instances
  • B. The user cannot access the RDS database if he is not assigned the correct IAM policy
  • C. The root account owner should create a policy for the IAM user and give him access to the RDS services
  • D. The policy should be created for the user and provide access for RDS

Answer: C

Explanation:

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the account owner wants to create a policy for RDS, the owner has to create an IAM user and define the policy which entitles the IAM user with various RDS services such as Launch Instance, Manage security group, Manage parameter group etc.

NEW QUESTION 19

A root account owner is trying to understand the S3 bucket ACL. Which of the below mentioned options cannot be used to grant ACL on the object using the authorized predefined group?

  • A. Authenticated user group
  • B. All users group
  • C. Log Delivery Group
  • D. Canonical user group

Answer: D

Explanation:

An S3 bucket ACL grantee can be an AWS account or one of the predefined Amazon S3 groups. Amazon S3 has a set of predefined groups. When granting account access to a group, the user can specify one of the URLs of that group instead of a canonical user ID. AWS S3 has the following predefined groups: Authenticated Users group: It represents all AWS accounts. All Users group: Access permission to this group allows anyone to access the resource. Log Delivery group: WRITE permission on a bucket enables this group to write server access logs to the bucket.

NEW QUESTION 20

A user is planning to schedule a backup for an EBS volume. The user wants security of the snapshot data. How can the user achieve data encryption with a snapshot?

  • A. Use encrypted EBS volumes so that the snapshot will be encrypted by AWS
  • B. While creating a snapshot select the snapshot with encryption
  • C. By default the snapshot is encrypted by AWS
  • D. Enable server side encryption for the snapshot using S3

Answer: A

Explanation:

AWS EBS supports encryption of the volume. It also supports creating volumes from existing snapshots provided the snapshots are created from encrypted volumes. The data at rest, the I/O as well as all the snapshots of the encrypted EBS will also be encrypted. EBS encryption is based on the AES-256 cryptographic algorithm, which is the industry standard.

NEW QUESTION 21

A user has created an ELB with the availability zone US-East-1A. The user wants to add more zones to ELB to achieve High Availability. How can the user add more zones to the existing ELB?

  • A. It is not possible to add more zones to the existing ELB
  • B. The only option is to launch instances in different zones and add to ELB
  • C. The user should stop the ELB and add zones and instances as required
  • D. The user can add zones on the fly from the AWS console

Answer: D

Explanation:

The user has created an Elastic Load Balancer with the availability zone and wants to add more zones to the existing ELB. The user can do so in two ways:
From the console or CLI, add new zones to ELB;
Launch instances in a separate AZ and add instances to the existing ELB.

NEW QUESTION 22

You are running a database on an EC2 instance, with the data stored on Elastic Block Store (EBS) for persistence At times throughout the day, you are seeing large variance in the response times of the database queries Looking into the instance with the isolate command you see a lot of wait time on the disk volume that the database's data is stored on.
What two ways can you improve the performance of the database's storage while maintaining the current persistence of the data?
Choose 2 answers

  • A. Move to an SSD backed instance
  • B. Move the database to an EBS-Optimized Instance
  • C. T Use Provisioned IOPs EBS
  • D. Use the ephemeral storage on an m2 4xiarge Instance Instead

Answer: AB

NEW QUESTION 23

Your organization's security policy requires that all privileged users either use frequently rotated passwords or one-time access credentials in addition to username/password.
Which two of the following options would allow an organization to enforce this policy for AWS users?
Choose 2 answers

  • A. Configure multi-factor authentication for privileged 1AM users
  • B. Create 1AM users for privileged accounts
  • C. Implement identity federation between your organization's Identity provider leveraging the 1AM Security Token Service
  • D. Enable the 1AM single-use password policy option for privileged users

Answer: CD

NEW QUESTION 24

An application that you are managing has EC2 instances & Dynamo OB tables deployed to several AWS Regions In order to monitor the performance of the application globally, you would like to see two graphs 1) Avg CPU Utilization across all EC2 instances and 2) Number of Throttled Requests for all DynamoDB tables.
How can you accomplish this?

  • A. Tag your resources with the application name, and select the tag name as the dimension in the Cloudwatch Management console to view the respective graphs
  • B. Use the Cloud Watch CLI tools to pull the respective metrics from each regional endpoint Aggregate the data offline & store it for graphing in CloudWatc
  • C. Add SNMP traps to each instance and DynamoDB table Leverage a central monitoring server to capture data from each instance and table Put the aggregate data into Cloud Watch for graphin
  • D. Add a CloudWatch agent to each instance and attach one to each DynamoDB tabl
  • E. When configuring the agent set the appropriate application name & view the graphs in CloudWatc

Answer: C

NEW QUESTION 25

What are characteristics of Amazon S3? Choose 2 answers

  • A. Objects are directly accessible via a URL
  • B. S3 should be used to host a relational database
  • C. S3 allows you to store objects or virtually unlimited size
  • D. S3 allows you to store virtually unlimited amounts of data
  • E. S3 offers Provisioned IOPS

Answer: AD

NEW QUESTION 26

A user is running a batch process on EBS backed EC2 instances. The batch process starts a few instances to process hadoop Map reduce jobs which can run between 50 – 600 minutes or sometimes for more time. The user wants to configure that the instance gets terminated only when the process is completed. How can the user configure this with CloudWatch?

  • A. Setup the CloudWatch action to terminate the instance when the CPU utilization is less than 5%
  • B. Setup the CloudWatch with Auto Scaling to terminate all the instances
  • C. Setup a job which terminates all instances after 600 minutes
  • D. It is not possible to terminate instances automatically

Answer: D

Explanation:

Amazon CloudWatch alarm watches a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The user can setup an action which terminates the instances when their CPU utilization is below a certain threshold for a certain period of time. The EC2 action can either terminate or stop the instance as part of the EC2 action.

NEW QUESTION 27

An application you maintain consists of multiple EC2 instances in a default tenancy VPC. This application has undergone an internal audit and has been determined to require dedicated hardware for one instance. Your compliance team has given you a week to move this instance to single-tenant hardware.
Which process will have minimal impact on your application while complying with this requirement?

  • A. Create a new VPC with tenancy=dedicated and migrate to the new VPC
  • B. Use ec2-reboot-instances command line and set the parameter "dedicated=true"
  • C. Right click on the instance, select properties and check the box for dedicated tenancy
  • D. Stop the instance, create an AMI, launch a new instance with tenancy=dedicated, and terminate the old instance

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-CreateVpc.html

NEW QUESTION 28

A user had aggregated the CloudWatch metric data on the AMI ID. The user observed some abnormal
behaviour of the CPU utilization metric while viewing the last 2 weeks of data. The user wants to share that data with his manager. How can the user achieve this easily with the AWS console?

  • A. The user can use the copy URL functionality of CloudWatch to share the exact details
  • B. The user can use the export data option from the CloudWatch console to export the current data point
  • C. The user has to find the period and data and provide all the aggregation information to the manager
  • D. The user can use the CloudWatch data copy functionality to copy the current data points

Answer: A

Explanation:

Amazon CloudWatch provides the functionality to graph the metric data generated either by the AWS services or the custom metric to make it easier for the user to analyse. The console provides the option to save the URL or bookmark it so that it can be used in the future by typing the same URL. The Copy URL functionality is available under the console when the user selects any metric to view.

NEW QUESTION 29

An organization is planning to create a user with IAM. They are trying to understand the limitations of IAM so that they can plan accordingly. Which of the below mentioned statements is not true with respect to the
limitations of IAM?

  • A. One IAM user can be a part of a maximum of 5 groups
  • B. The organization can create 100 groups per AWS account
  • C. One AWS account can have a maximum of 5000 IAM users
  • D. One AWS account can have 250 roles

Answer: A

Explanation:

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The default maximums for each of the IAM entities is given below: Groups per AWS account: 100 Users per AWS account: 5000 Roles per AWS account: 250 Number of groups per user: 10 (that is, one user can be part of these many groups.

NEW QUESTION 30
......

Thanks for reading the newest AWS-SysOps exam dumps! We recommend you to try the PREMIUM Simply pass AWS-SysOps dumps in VCE and PDF here: https://www.simply-pass.com/Amazon-exam/AWS-SysOps-dumps.html (387 Q&As Dumps)