AWS-SysOps | Renovate AWS-SysOps Discount Pack 2021

It is more faster and easier to pass the Amazon AWS-SysOps exam by using Precise Amazon Amazon AWS Certified SysOps Administrator - Associate questuins and answers. Immediate access to the Renew AWS-SysOps Exam and find the same core area AWS-SysOps questions with professionally verified answers, then PASS your exam with a high score now.

Also have AWS-SysOps free dumps questions for you:

NEW QUESTION 1

A user is planning to evaluate AWS for their internal use. The user does not want to incur any charge on his account during the evaluation. Which of the below mentioned AWS services would incur a charge if used?

  • A. AWS S3 with 1 GB of storage
  • B. AWS micro instance running 24 hours daily
  • C. AWS ELB running 24 hours a day
  • D. AWS PIOPS volume of 10 GB size

Answer: D

Explanation:

AWS is introducing a free usage tier for one year to help the new AWS customers get started in Cloud. The free tier can be used for anything that the user wants to run in the Cloud. AWS offers a handful of AWS services as a part of this which includes 750 hours of free micro instances and 750 hours of ELB. It includes the AWS S3 of 5 GB and AWS EBS general purpose volume upto 30 GB. PIOPS is not part of free usage tier.

NEW QUESTION 2

A user is trying to understand AWS SNS. To which of the below mentioned end points is SNS unable to send a notification?

  • A. Email JSON
  • B. HTTP
  • C. AWS SQS
  • D. AWS SES

Answer: D

Explanation:

Amazon Simple Notification Service (Amazon SNS. is a fast, flexible, and fully managed push messaging service. Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue Service (SQS. queues or to any HTTP endpoint. The user can select one the following transports as part of the subscription requests: “HTTP”, “HTTPS”,”Email”, “Email-JSON”, “SQS”, “and SMS”.

NEW QUESTION 3

A user has created an Auto Scaling group using CLI. The user wants to enable CloudWatch detailed monitoring for that group. How can the user configure this?

  • A. When the user sets an alarm on the Auto Scaling group, it automatically enables detail monitoring
  • B. By default detailed monitoring is enabled for Auto Scaling
  • C. Auto Scaling does not support detailed monitoring
  • D. Enable detail monitoring from the AWS console

Answer: B

Explanation:

CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. To enable detailed instance monitoring for a new Auto Scaling group, the user does not need to take any extra steps. When the user creates an Auto Scaling launch config as the first step for creating an Auto Scaling group, each launch configuration contains a flag named InstanceMonitoring.Enabled. The default value of this flag is true. Thus, the user does not need to set this flag if he wants detailed monitoring.

NEW QUESTION 4

What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment if the primary DB instance fails?

  • A. The IP of the primary DB Instance is switched to the standby DB Instanc
  • B. A new DB instance is created in the standby availability zon
  • C. The canonical name record (CNAME) is changed from primary to standb
  • D. The RDS (Relational Database Service) DB instance reboot

Answer: D

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_RebootInstance.html

NEW QUESTION 5

A user has created an Auto Scaling group with default configurations from CLI. The user wants to setup the CloudWatch alarm on the EC2 instances, which are launched by the Auto Scaling group. The user has setup an alarm to monitor the CPU utilization every minute. Which of the below mentioned statements is true?

  • A. It will fetch the data at every minute but the four data points [corresponding to 4 minutes] will not have value since the EC2 basic monitoring metrics are collected every five minutes
  • B. It will fetch the data at every minute as detailed monitoring on EC2 will be enabled by the default launch configuration of Auto Scaling
  • C. The alarm creation will fail since the user has not enabled detailed monitoring on the EC2 instances
  • D. The user has to first enable detailed monitoring on the EC2 instances to support alarm monitoring at every minute

Answer: B

Explanation:

CloudWatch is used to monitor AWS as well as the custom services. To enable detailed instance monitoring for a new Auto Scaling group, the user does not need to take any extra steps. When the user creates an Auto Scaling launch config using CLI, each launch configuration contains a flag named InstanceMonitoring.Enabled. The default value of this flag is true. Thus, by default detailed monitoring will be enabled for Auto Scaling as well as for all the instances launched by that Auto Scaling group.

NEW QUESTION 6

You have a web-style application with a stateless but CPU and memory-intensive web tier running on a cc2 8xlarge EC2 instance inside of a VPC The instance when under load is having problems returning requests within the SLA as defined by your business The application maintains its state in a DynamoDB table, but the data tier is properly provisioned and responses are consistently fast.
How can you best resolve the issue of the application responses not meeting your SLA?

  • A. Add another cc2 8xlarge application instance, and put both behind an Elastic Load Balancer
  • B. Move the cc2 8xlarge to the same Availability Zone as the DynamoDB table
  • C. Cache the database responses in ElastiCache for more rapid access
  • D. Move the database from DynamoDB to RDS MySQL in scale-out read-replica configuration

Answer: B

Explanation:
Reference:
http://aws.amazon.com/elasticmapreduce/faqs/

NEW QUESTION 7

A user has enabled session stickiness with ELB. The user does not want ELB to manage the cookie; instead he wants the application to manage the cookie. What will happen when the server instance, which is bound to a cookie, crashes?

  • A. The response will have a cookie but stickiness will be deleted
  • B. The session will not be sticky until a new cookie is inserted
  • C. ELB will throw an error due to cookie unavailability
  • D. The session will be sticky and ELB will route requests to another server as ELB keeps replicating the Cookie

Answer: B

Explanation:

With Elastic Load Balancer, if the admin has enabled a sticky session with application controlled stickiness, the load balancer uses a special cookie generated by the application to associate the session with the original server which handles the request. ELB follows the lifetime of the application-generated cookie corresponding to the cookie name specified in the ELB policy configuration. The load balancer only inserts a new stickiness cookie if the application response includes a new application cookie. The load balancer stickiness cookie does not update with each request. If the application cookie is explicitly removed or expires, the session stops being sticky until a new application cookie is issued.

NEW QUESTION 8

A user has created a queue named “myqueue” in US-East region with AWS SQS. The user’s AWS account ID is 123456789012. If the user wants to perform some action on this queue, which of the below Queue URL should he use?

  • A. http://sqs.us-east-1.amazonaws.com/123456789012/myqueue
  • B. http://sqs.amazonaws.com/123456789012/myqueue
  • C. http://sq
  • D. 123456789012.us-east-1.amazonaws.com/myqueue
  • E. http:// 123456789012.sq
  • F. us-east-1.amazonaws.com/myqueue

Answer: A

Explanation:

When creating a new queue in SQS, the user must provide a queue name that is unique within the scope of all queues of user’s account. If the user creates queues using both the latest WSDL and a previous version, he will have a single namespace for all his queues. Amazon SQS assigns each queue created by user an identifier called a queue URL, which includes the queue name and other components that Amazon SQS determines. Whenever the user wants to perform an action on a queue, he must provide its queue URL. The queue URL for the account id 123456789012 & queue name “myqueue” in US-East-1 region will be http:// sqs.us-east-1.amazonaws.com/123456789012/myqueue.

NEW QUESTION 9

A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring on Elastic Load balancing. Which of the below mentioned statements will help the user understand this functionality better?

  • A. ELB sends data to CloudWatch every minute only and does not charge the user
  • B. ELB will send data every minute and will charge the user extra
  • C. ELB is not supported by CloudWatch
  • D. It is not possible to setup detailed monitoring for ELB

Answer: A

Explanation:

CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. Elastic Load Balancing includes 10 metrics and 2 dimensions, and sends data to CloudWatch every minute. This does not cost extra.

NEW QUESTION 10

A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created public and VPN only subnets along with hardware VPN access to connect to the user’s data centre. The user has not yet launched any instance as well as modified or deleted any setup. He wants to delete this VPC from the console. Will the console allow the user to delete the VPC?

  • A. Yes, the console will delete all the setups and also delete the virtual private gateway
  • B. No, the console will ask the user to manually detach the virtual private gateway first and then allow deleting the VPC
  • C. Yes, the console will delete all the setups and detach the virtual private gateway
  • D. No, since the NAT instance is running

Answer: C

Explanation:

The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the virtual private gateway is attached with VPC and the user deletes the VPC from the console it will first detach the gateway automatically and only then delete the VPC.

NEW QUESTION 11

A user has created a VPC with CIDR 20.0.0.0/24. The user has created a public subnet with CIDR 20.0.0.0/25. The user is trying to create the private subnet with CIDR 20.0.0.128/25. Which of the below mentioned statements is true in this scenario?

  • A. It will not allow the user to create the private subnet due to a CIDR overlap
  • B. It will allow the user to create a private subnet with CIDR as 20.0.0.128/25
  • C. This statement is wrong as AWS does not allow CIDR 20.0.0.0/25
  • D. It will not allow the user to create a private subnet due to a wrong CIDR range

Answer: B

Explanation:

When the user creates a subnet in VPC, he specifies the CIDR block for the subnet. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC., or a subset (to enable multiple subnets.. If the user creates more than one subnet in a VPC, the CIDR blocks of the subnets must not overlap. Thus, in this case the user has created a VPC with the CIDR block 20.0.0.0/24, which supports 256 IP addresses (20.0.0.0 to 20.0.0.255.. The user can break this CIDR block into two subnets, each supporting 128 IP addresses. One subnet uses the CIDR block 20.0.0.0/25 (for addresses 20.0.0.0 - 20.0.0.127. and the other uses the CIDR block 20.0.0.128/25 (for addresses 20.0.0.128 - 20.0.0.255..

NEW QUESTION 12

In order to optimize performance for a compute cluster that requires low inter-node latency, which feature in the following list should you use?

  • A. AWS Direct Connect
  • B. Placement Groups
  • C. VPC private subnets
  • D. EC2 Dedicated Instances
  • E. Multiple Availability Zones

Answer: D

NEW QUESTION 13

The majority of your Infrastructure is on premises and you have a small footprint on AWS Your company has decided to roll out a new application that is heavily dependent on low latency connectivity to LOAP for authentication Your security policy requires minimal changes to the company's existing application user management processes.
What option would you implement to successfully launch this application1?

  • A. Create a second, independent LOAP server in AWS for your application to use for authentication
  • B. Establish a VPN connection so your applications can authenticate against your existing on-premises LDAP servers
  • C. Establish a VPN connection between your data center and AWS create a LDAP replica on AWS and configure your application to use the LDAP replica for authentication
  • D. Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between your new and existing domains and use the new domain for authentication

Answer: D

Explanation:
Reference:
http://msdn.microsoft.com/en-us/library/azure/jj156090.aspx

NEW QUESTION 14

A user has created a VPC with the public subnet. The user has created a security group for that VPC. Which of the below mentioned statements is true when a security group is created?

  • A. It can connect to the AWS services, such as S3 and RDS by default
  • B. It will have all the inbound traffic by default
  • C. It will have all the outbound traffic by default
  • D. It will by default allow traffic to the internet gateway

Answer: C

Explanation:

A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. AWS provides two features the user can use to increase security in VPC: security groups and network ACLs. Security groups work at the instance level while ACLs work at the subnet level. When a user creates a security group with AWS VPC, by default it will allow all the outbound traffic but block all inbound traffic.

NEW QUESTION 15

An AWS account owner has setup multiple IAM users. One IAM user only has CloudWatch access. He has setup the alarm action which stops the EC2 instances when the CPU utilization is below the threshold limit. What will happen in this case?

  • A. It is not possible to stop the instance using the CloudWatch alarm
  • B. CloudWatch will stop the instance when the action is executed
  • C. The user cannot set an alarm on EC2 since he does not have the permission
  • D. The user can setup the action but it will not be executed if the user does not have EC2 rights

Answer: D

Explanation:

Amazon CloudWatch alarms watch a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The user can setup an action which stops the instances when their CPU utilization is below a certain threshold for a certain period of time. The EC2 action can either terminate or stop the instance as part of the EC2 action. If the IAM user has read/write permissions for Amazon CloudWatch but not for Amazon EC2, he can still create an alarm. However, the stop or terminate actions will not be performed on the Amazon EC2 instance.

NEW QUESTION 16

When you put objects in Amazon S3, what is the indication that an object was successfully stored?

  • A. Each S3 account has a special bucket named_s3_log
  • B. Success codes are written to this bucket with a timestamp and checksu
  • C. A success code is inserted into the S3 object metadat
  • D. A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successfu
  • E. Amazon S3 is engineered for 99.999999999% durabilit
  • F. Therefore there is no need to confirm that data was inserte

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPUT.html

NEW QUESTION 17

A user has created a web application with Auto Scaling. The user is regularly monitoring the application and he observed that the traffic is highest on Thursday and Friday between 8 AM to 6 PM. What is the best solution to handle scaling in this case?

  • A. Add a new instance manually by 8 AM Thursday and terminate the same by 6 PM Friday
  • B. Schedule Auto Scaling to scale up by 8 AM Thursday and scale down after 6 PM on Friday
  • C. Schedule a policy which may scale up every day at 8 AM and scales down by 6 PM
  • D. Configure a batch process to add a instance by 8 AM and remove it by Friday 6 PM

Answer: B

Explanation:

Auto Scaling based on a schedule allows the user to scale the application in response to predictable load changes. In this case the load increases by Thursday and decreases by Friday. Thus, the user can setup the scaling activity based on the predictable traffic patterns of the web application using Auto Scaling scale by Schedule.

NEW QUESTION 18

An organization has launched 5 instances: 2 for production and 3 for testing. The organization wants that one particular group of IAM users should only access the test instances and not the production ones. How can the organization set that as a part of the policy?

  • A. Launch the test and production instances in separate regions and allow region wise access to the group
  • B. Define the IAM policy which allows access based on the instance ID
  • C. Create an IAM policy with a condition which allows access to only small instances
  • D. Define the tags on the test and production servers and add a condition to the IAM policy which allows access to specific tags

Answer: D

Explanation:

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The user can add conditions as a part of the IAM policies. The condition can be set on AWS Tags, Time, and Client IP as well as on various parameters. If the organization wants the user to access only specific instances he should define proper tags and add to the IAM policy condition.
The sample policy is shown below.
"Statement": [
{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/InstanceType": "Production"
}
}
}
]

NEW QUESTION 19

A user has setup a custom application which generates a number in decimals. The user wants to track that number and setup the alarm whenever the number is above a certain limit. The application is sending the data to CloudWatch at regular intervals for this purpose. Which of the below mentioned statements is not true with respect to the above scenario?

  • A. The user can get the aggregate data of the numbers generated over a minute and send it to CloudWatch
  • B. The user has to supply the timezone with each data point
  • C. CloudWatch will not truncate the number until it has an exponent larger than 126 (i.
  • D. (1 x 10^126.
  • E. The user can create a file in the JSON format with the metric name and value and supply it to CloudWatch

Answer: B

NEW QUESTION 20

An organization's security policy requires multiple copies of all critical data to be replicated across at least a primary and backup data center. The organization has decided to store some critical data on Amazon S3.
Which option should you implement to ensure this requirement is met?

  • A. Use the S3 copy API to replicate data between two S3 buckets in different regions
  • B. You do not need to implement anything since S3 data is automatically replicated between regions
  • C. Use the S3 copy API to replicate data between two S3 buckets in different facilities within an AWS Region
  • D. You do not need to implement anything since S3 data is automatically replicated between multiple facilities within an AWS Region

Answer: D

NEW QUESTION 21

An organization has created 10 IAM users. The organization wants each of the IAM users to have access to a separate DyanmoDB table. All the users are added to the same group and the organization wants to setup a group level policy for this. How can the organization achieve this?

  • A. Define the group policy and add a condition which allows the access based on the IAM name
  • B. Create a DynamoDB table with the same name as the IAM user name and define the policy rule which grants access based on the DynamoDB ARN using a variable
  • C. Create a separate DynamoDB database for each user and configure a policy in the group based on the DB variable
  • D. It is not possible to have a group level policy which allows different IAM users to different DynamoDB Tables

Answer: D

Explanation:

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. AWS DynamoDB has only tables and the organization cannot makeseparate databases. The organization should create a table with the same name as the IAM user name and use the ARN of DynamoDB as part of the group policy. The sample policy is shown below:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["dynamodb:*"],
"Resource": "arn:aws:dynamodb:region:account-number-without-hyphens:table/${aws:username}"
}
]
}

NEW QUESTION 22

Your organization is preparing for a security assessment of your use of AWS.
In preparation for this assessment, which two IAM best practices should you consider implementing? Choose 2 answers

  • A. Create individual IAM users for everyone in your organization
  • B. Configure MFA on the root account and for privileged IAM users
  • C. Assign IAM users and groups configured with policies granting least privilege access
  • D. Ensure all users have been assigned and are frequently rotating a password, access ID/secret key, and X.509 certificate

Answer: BC

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

NEW QUESTION 23

A user is trying to connect to a running EC2 instance using SSH. However, the user gets an Unprotected
Private Key File error. Which of the below mentioned options can be a possible reason for rejection?

  • A. The private key file has the wrong file permission
  • B. The ppk file used for SSH is read only
  • C. The public key file has the wrong permission
  • D. The user has provided the wrong user name for the OS login

Answer: A

Explanation:

While doing SSH to an EC2 instance, if you get an Unprotected Private Key File error it means that the private key file's permissions on your computer are too open. Ideally the private key should have the Unix permission of 0400. To fix that, run the command: chmod 0400 /path/to/private.key

NEW QUESTION 24

A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the
VPN gateway (vgw-12345. to connect to the user’s data centre. The user’s data centre has CIDR 172.28.0.0/12. The user has also setup a NAT instance (i-123456. to allow traffic to the internet from the VPN subnet. Which of the below mentioned options is not a valid entry for the main route table in this scenario?

  • A. Destination: 20.0.1.0/24 and Target: i-12345
  • B. Destination: 0.0.0.0/0 and Target: i-12345
  • C. Destination: 172.28.0.0/12 and Target: vgw-12345
  • D. Destination: 20.0.0.0/16 and Target: local

Answer: A

Explanation:

The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the user has setup a NAT instance to route all the internet requests then all requests to the internet should be routed to it. All requests to the organization’s DC will be routed to the VPN gateway. Here are the valid entries for the main route table in this scenario: Destination: 0.0.0.0/0 & Target: i-12345 (To route all internet traffic to the NAT Instance. Destination: 172.28.0.0/12 & Target: vgw-12345 (To route all the organization’s data centre traffic to the VPN gateway. Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC.

NEW QUESTION 25

A user has enabled detailed CloudWatch monitoring with the AWS Simple Notification Service. Which of the below mentioned statements helps the user understand detailed monitoring better?

  • A. SNS will send data every minute after configuration
  • B. There is no need to enable since SNS provides data every minute
  • C. AWS CloudWatch does not support monitoring for SNS
  • D. SNS cannot provide data every minute

Answer: D

Explanation:

CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. The AWS SNS service sends data every 5 minutes. Thus, it supports only the basic monitoring. The user cannot enable detailed monitoring with SNS.

NEW QUESTION 26

Your organization's security policy requires that all privileged users either use frequently rotated passwords or one-time access credentials in addition to username/password.
Which two of the following options would allow an organization to enforce this policy for AWS users?
Choose 2 answers

  • A. Configure multi-factor authentication for privileged 1AM users
  • B. Create 1AM users for privileged accounts
  • C. Implement identity federation between your organization's Identity provider leveraging the 1AM Security Token Service
  • D. Enable the 1AM single-use password policy option for privileged users

Answer: CD

NEW QUESTION 27

A sys admin is maintaining an application on AWS. The application is installed on EC2 and user has configured ELB and Auto Scaling. Considering future load increase, the user is planning to launch new servers proactively so that they get registered with ELB. How can the user add these instances with Auto Scaling?

  • A. Increase the desired capacity of the Auto Scaling group
  • B. Increase the maximum limit of the Auto Scaling group
  • C. Launch an instance manually and register it with ELB on the fly
  • D. Decrease the minimum limit of the Auto Scaling grou

Answer: A

Explanation:

A user can increase the desired capacity of the Auto Scaling group and Auto Scaling will launch a new instance as per the new capacity. The newly launched instances will be registered with ELB if Auto Scaling group is configured with ELB. If the user decreases the minimum size the instances will be removed from Auto Scaling. Increasing the maximum size will not add instances but only set the maximum instance cap.

NEW QUESTION 28

Amazon EBS snapshots have which of the following two characteristics? (Choose 2.) Choose 2 answers

  • A. EBS snapshots only save incremental changes from snapshot to snapshot
  • B. EBS snapshots can be created in real-time without stopping an EC2 instance
  • C. EBS snapshots can only be restored to an EBS volume of the same size or smaller
  • D. EBS snapshots can only be restored and mounted to an instance in the same Availability Zone as the original EBS volume

Answer: AD

NEW QUESTION 29

A user has created numerous EBS volumes. What is the general limit for each AWS account for the maximum number of EBS volumes that can be created?

  • A. 10000
  • B. 5000
  • C. 100
  • D. 1000

Answer: B

Explanation:

A user can attach multiple EBS volumes to the same instance within the limits specified by his AWS account. Each AWS account has a limit on the number of Amazon EBS volumes that the user can create, and the total storage available. The default limit for the maximum number of volumes that can be created is 5000.

NEW QUESTION 30
......

P.S. Certshared now are offering 100% pass ensure AWS-SysOps dumps! All AWS-SysOps exam questions have been updated with correct answers: https://www.certshared.com/exam/AWS-SysOps/ (387 New Questions)