[Dec-2024] Updated SysOps Administrator AWS-SysOps Exam Questions BUNDLE PACK
Master The Amazon Content AWS-SysOps EXAM DUMPS WITH GUARANTEED SUCCESS!
Eligibility Requirements
Since this certification relates to the middle level, the applicants need to meet several requirements concerning their working experience and knowledge of several areas. These can be summarized into the next list:
- Knowledge of network technologies, including DNS, firewalls, TCP/IP among the rest, and understanding of virtualization
- Solid skills in operating or managing AWS systems along with providing their audit and monitoring
- At least one year of core AWS experience as well as a minimum of 1-2 years of working experience in systems administrator's role
- Appropriate understanding of the AWS security concepts alongside prior experience in executing compliance needs and security controls
- Proper understanding of the tenets of AWS – cloud architecture, SDKs/API, and AWS CLI tools
NEW QUESTION # 163
A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR
20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is planning to host a web server in the public subnet (port 80) and a DB server in the private subnet (port 3306). The user is configuring a security group for the public subnet (WebSecGrp) and the private subnet (DBSecGrp). Which of the below mentioned entries is required in the web server security group (WebSecGrp)?
- A. Configure port 80 InBound for source 20.0.0.0/16
- B. 80 for Destination 0.0.0.0/0 Outbound
- C. Configure Destination as DB Security group ID (DbSecGrp) for port 3306 Outbound
- D. Configure port 3306 for source 20.0.0.0/24 InBound
Answer: C
Explanation:
Explanation/Reference:
Explanation:
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet to host the web server and DB server respectively, the user should configure that the instances in the public subnet can receive inbound traffic directly from the internet. Thus, the user should configure port 80 with source 0.0.0.0/0 in InBound. The user should configure that the instance in the public subnet can send traffic to the private subnet instances on the DB port. Thus, the user should configure the DB security group of the private subnet (DbSecGrp) as the destination for port 3306 in Outbound.
NEW QUESTION # 164
You have established a virtual private cloud (VPC) peering relationship between VPC 1 and VPC 2. VPC 1 has routes to VPC 2, yet hosts in VPC 1 cannot connect to hosts in VPC 2. Which of the following is possible cause?
- A. Security groups to VPC2 are blocking the traffic
- B. The subnet route table in VPC 2 does not have routes to VPC 1
- C. The network access control list applied to VPC2 denies by default
- D. The VPCs have not been attached to virtual private gateway
Answer: C
NEW QUESTION # 165
EBS (Elastic Block Store) can be best described as:
- A. transient instance storage.
- B. persistent block storage.
- C. transient block storage.
- D. persistent internet storage.
Answer: B
Explanation:
Explanation
Amazon Elastic Block Store (Amazon EBS) provides block level (file system type) storage volumes for use with Amazon EC2 instances. Amazon EBS volumes are highly available and reliable storage volumes that can be attached to any running instance that is in the same Availability Zone. Amazon EBS volumes that are attached to an Amazon EC2 instance are exposed as storage volumes that persist independently from the life of the instance.
References:
NEW QUESTION # 166
An AWS root account owner is trying to create a policy to access RDS. Which of the below mentioned statements is true with respect to the above information?
- A. The user cannot access the RDS database if he is not assigned the correct IAM policy
- B. The root account owner should create a policy for the IAM user and give him access to the RDS services
- C. The policy should be created for the user and provide access for RDS
- D. Create a policy which allows the users to access RDS and apply it to the RDS instances
Answer: B
Explanation:
AWS Identity andAccess Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the account owner wants to create a policy for RDS, the owner has to create an IAM user and define the policy which entitles theIAM user with various RDS services such as Launch Instance, Manage security group, Manage parameter group etc.
NEW QUESTION # 167
A sys admin has created a shopping cart application and hosted it on EC2. The EC2 instances are running behind ELB. The admin wants to ensure that the end user request will always go to the EC2 instance where the user session has been created. How can the admin configure this?
- A. Enable ELB cross zone load balancing
- B. Enable ELB cookie setup
- C. Enable ELB connection draining
- D. Enable ELB sticky session
Answer: D
Explanation:
Generally AWS ELB routes each request to a zone with the minimum load. The Elastic Load Balancer provides a feature called sticky session which binds the user's session with a specific EC2 instance. If the sticky session is enabled the first request from the user will be redirected to any of the EC2 instances. But, henceforth, all requests from the same user will be redirected to the same EC2 instance. This ensures that all requests coming from the user during the session will be sent to the same application instance.
NEW QUESTION # 168
A user is checking the CloudWatch metrics from the AWS console.
The user notices that the CloudWatch data is coming in UTC.
The user wants to convert the data to a local time zone.
How can the user perform this?
- A. The user should have send the local timezone while uploading the data so that CloudWatch will show the data only in the local timezone
- B. In the CloudWatch dashboard the user should set the local timezone so that CloudWatch shows the data only in the local time zone
- C. The CloudWatch data is always in UTC; the user has to manually convert the data
- D. In the CloudWatch console select the local timezone under the Time Range tab to view the data as per the local timezone
Answer: D
Explanation:
If the user is viewing the data inside the CloudWatch console, the console provides options to filter values either using the relative period, such as days/hours or using the Absolute tab where the user can provide data with a specific date and time. The console also provides the option to search using the local timezone under the time range caption in the console because the time range tab allows the user to change the time zone.
NEW QUESTION # 169
A sys admin is trying to understand EBS snapshots. Which of the below mentioned statements will not be useful to the admin to understand the concepts about a snapshot?
- A. The snapshot is incremental
- B. The snapshot is synchronous
- C. It is recommended to stop the instance before taking a snapshot for consistent data
- D. The snapshot captures the data that has been written to the hard disk when the snapshot command was executed
Answer: B
Explanation:
Explanation
The AWS snapshot is a point in time backup of an EBS volume. When the snapshot command is executed it will capture the current state of the data that is written on the drive and take a backup. For a better and consistent snapshot of the root EBS volume, AWS recommends stopping the instance. For additional volumes it is recommended to unmount the device. The snapshots are asynchronous and incremental.
NEW QUESTION # 170
A SysOps Administrator is responsible for managing a set of 12.micro Amazon EC2 instances. The
Administrator wants to automatically reboot any instance that exceeds 80% CPU utilization.
Which of these solutions would meet the requirements?
- A. Create an Amazon CloudWatch alarm on the CPUCreditBalancemetric and specify a terminate alarm
action. - B. Create an Amazon CloudWatch alarm on the CPUUtilizationmetric and specify a terminate alarm
action. - C. Create an Amazon CloudWatch alarm on the CPUUtilizationmetric and specify a reboot alarm action.
- D. Create an Amazon CloudWatch alarm on the CPUCreditBalance metric and specify a reboot alarm
action.
Answer: C
NEW QUESTION # 171
Your business is building a new application that will store its entire customer database on a RDS MySQL database, and will have various applications and users that will query that data for different purposes.
Large analytics jobs on the database are likely to cause other applications to not be able to get the query results they need to, before time out. Also, as your data grows, these analytics jobs will start to take more time, increasing the negative effect on the other applications.
How do you solve the contention issues between these different workloads on the same data?
- A. Use ElastiCache to offload the analytics job data
- B. Run the RDS instance on the largest size possible
- C. Create RDS Read-Replicas for the analytics work
- D. Enable Multi-AZ mode on the RDS instance
Answer: C
Explanation:
Explanation/Reference:
https://aws.amazon.com/rds/details/read-replicas/
NEW QUESTION # 172
A SysOps Administrator needs to report on Amazon EC2 instance cost by both project and environment (production, staging, development).
Which action would impact the operations team the LEAST?
- A. Use AWS Organizations to create a new organization for each project, then for each environment use a separate linked AWS account
- B. Add the project and environment information to the instance metadata so that the values can be queried and rolled up into reports
- C. For each project and environment, create a new AWS account and link them to the master payer for unified management and billing
- D. Implement cost allocation tagging in the Billing and Cost Management console to implement tags to identify resources by project and environment
Answer: D
NEW QUESTION # 173
An organization (Account ID 123412341234. has attached the below mentioned IAM policy to a user. What does this policy statement entitle the user to perform?
"Statement": [
{
"Sid": "AllowUsersAllActionsForCredentials",
"Effect": "Allow",
"Action": [
"iam:*AccessKey*",
],
"Resource": ["arn:aws:iam:: 123412341234:user/${aws:username}"]
}
]
- A. 0
- B. 0
- C. 0
- D. 0
Answer: B
Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage
users and user permissions for various AWS services. If the organization (Account ID
123412341234. wants some of their users to manage keys (access and secret access keys. of all
IAM users, the organization should set the below mentioned policy which entitles the IAM user to
modify keys of all IAM users with CLI, SDK or API.
"Statement": [
{
"Sid": "AllowUsersAllActionsForCredentials",
"Effect": "Allow",
"Action": [
"iam:*AccessKey*",
],
"Resource": ["arn:aws:iam:: 123412341234:user/${aws:username}"]
}
]
NEW QUESTION # 174
A web application runs on Amazon EC2 instances with public IPs assigned behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS Multi-AZ DB instance. The Application Load Balancer, EC2 instances, and RDS DB instance all run in separate sets of subnets. The EC2 instances can communicate with the DB instance, but cannot connect with external services.
What is the MOST likely solution?
- A. Create and attach a virtual private gateway to the VPC. Create a route table for the EC2 instances' subnets that sends Internet traffic to the gateway.
- B. Create a VPC peering connection to a VPC that has an Internet gateway attached. Create a route table for the EC2 instances' subnets that sends Internet traffic to the peered VPC.
- C. Assign a public IP address to the database server and restart the database engine.
- D. Create and attach an Internet gateway to the VPC. Create a route table for the EC2 instance's subnets that sends Internet traffic to the gateway.
Answer: B
NEW QUESTION # 175
A company has created a separate AWS account for all development work to protect the production
environment. In this development account, developers have permission to manipulate IAM policies and roles.
Corporate policies require that developers are blocked from accessing some services.
What is the BEST way to grant the developers privileges in the development account while still complying with
corporate policies?
- A. Create a job function policy in IAM and apply it to all users within the development account.
- B. Create a customer managed policy in IAM and apply it to all users within the development account.
- C. Create a service control policy in AWS Organizations and apply it to the development account.
- D. Create an IAM policy and apply it in API Gateway to restrict the development account.
Answer: B
Explanation:
Explanation/Reference: https://aws.amazon.com/blogs/security/how-to-create-a-limited-iam-administrator-by-using-
managed-policies/
NEW QUESTION # 176
A user needs to put sensitive data in an Amazon S3 bucket that can be accessed through an S3 VPC endpoint only. The user must ensure that resources in the VPC can only access the single S3 bucket.
Which combination of actions will meet the requirements? (select TWO.)
- A. Configure the VPC endpoint policy to only allow the VPC to access the specific S3 bucket.
- B. Modify the VPC peering configuration to only allow access to the S3 private Endpoint.
- C. Configure the bucket policy to only allow access through the S3 Private Endpoint.
- D. Modify the VPC endpoint policy on the bucket to only allow the VPC to access it.
- E. Configure the IAM policy attached to the S3 bucket to only allow access from the specific VPC.
Answer: A,D
Explanation:
Explanation/Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies-vpc-endpoint.html
NEW QUESTION # 177
A SysOps Administrator needs an Amazon EBS volume type for a big data application. The application data is
accessed infrequently and stored sequentially.
What EBS volume type will be the MOST cost-effective solution?
- A. Throughout Optimized HDD (st1)
- B. General Purpose SSD (gp2)
- C. Cold HDD (sc1)
- D. Provisioned IOPS SSD (io1)
Answer: C
Explanation:
SC1 is backed by hard disk drives (HDDs) and provides the lowest cost per GB of all EBS volume types. It is
ideal for less frequently accessed workloads with large, cold datasets. Similar to st1, sc1 provides a burst
model: these volumes can burst up to 80 MB/s per TB, with a baseline throughput of 12 MB/s per TB and a
maximum throughput of 250 MB/s per volume. For infrequently accessed data, sc1 provides extremely
inexpensive storage. SC1 is designed to deliver the expected throughput performance 99% of the time and has
enough I/O credits to support a full-volume scan at the burst rate.
Reference: https://aws.amazon.com/ebs/features/
NEW QUESTION # 178
A SysOps administrator has created a VPC that contains a public subnet and a private subnet. Amazon EC2 instances that were launched in the private subnet cannot access the internet. The default network ACL is active on all subnets in the VPC, and all security groups allow all outbound traffic:
Which solution will provide the EC2 instances in the private subnet with access to the internet?
- A. Create a NAT gateway in the private subnet. Create a route from the private subnet to the NAT gateway.
- B. Create a NAT gateway in the private subnet. Create a route from the public subnet to the NAT gateway.
- C. Create a NAT gateway in the public subnet. Create a route from the private subnet to the NAT gateway.
- D. Create a NAT gateway in the public subnet. Create a route from the public subnet to the NAT gateway.
Answer: C
Explanation:
Explanation/Reference: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
NEW QUESTION # 179
......
Pass Amazon AWS-SysOps Exam – Experts Are Here To Help You: https://www.prepawayete.com/Amazon/AWS-SysOps-practice-exam-dumps.html
Get Latest SysOps Administrator AWS-SysOps Practice Test For Quick Preparation: https://drive.google.com/open?id=1ubEjw6fY8bwA2jMooe4qbgQpm2AfIi4L