aiotestking uk

AWS-SysOps Exam Questions - Online Test


AWS-SysOps Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. - (Topic 2) 

A user has launched 10 instances from the same AMI ID using Auto Scaling. The user is trying to see the 

average CPU utilization across all instances of the last 2 weeks under the CloudWatch console. How can the user achieve this? 

A. View the Auto Scaling CPU metrics 

B. Aggregate the data over the instance AMI ID 

C. The user has to use the CloudWatchanalyser to find the average data across instances 

D. It is not possible to see the average CPU utilization of the same AMI ID since the instance ID is different 

Answer:

Explanation: 

Amazon CloudWatch is basically a metrics repository. Either the user can send the custom data or an AWS product can put metrics into the repository, and the user can retrieve the statistics based on those metrics. The statistics are metric data aggregations over specified periods of time. Aggregations are made using the namespace, metric name, dimensions, and the data point unit of measure, within the time period that is specified by the user. To aggregate the data across instances launched with AMI, the user should select the AMI ID under EC2 metrics and select the aggregate average to view the data. 

Q2. A user has deployed an application on his private cloud. The user is using his own monitoring tool. He wants to configure that whenever there is an error, the monitoring tool should notify him via SMS. Which of the below mentioned AWS services will help in this scenario? 

A. None because the user infrastructure is in the private cloud/ 

B. AWS SNS 

C. AWS SES 

D. AWS SMS 

Answer:

Amazon Simple Notification Service (Amazon SNS. is a fast, flexible, and fully managed push messaging service. Amazon SNS can be used to make push notifications to mobile 

devices. Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue Service (SQS. queues or to any HTTP endpoint. In this case user can use the SNS apis to send SMS. 

Q3. - (Topic 2) 

A user has recently started using EC2. The user launched one EC2 instance in the default subnet in EC2-VPC Which of the below mentioned options is not attached or available with the EC2 instance when it is launched? 

A. Public IP address 

B. Internet gateway 

C. Elastic IP 

D. Private IP address 

Answer:

Explanation: 

A Virtual Private Cloud (VPC. is a virtual network dedicated to a user’s AWS account. A subnet is a range of IP addresses in the VPC. The user can launch the AWS resources into a subnet. There are two supported platforms into which a user can launch instances: EC2-Classic and EC2-VPC (default subnet.. A default VPC has all the benefits of EC2-VPC and the ease of use of EC2-Classic. Each instance that the user launches into a default subnet has a private IP address and a public IP address. These instances can communicate with the internet through an internet gateway. An internet gateway enables the EC2 instances to connect to the internet through the Amazon EC2 network edge. 

Q4. - (Topic 2) 

A user has enabled the Multi AZ feature with the MS SQL RDS database server. Which of the below 

mentioned statements will help the user understand the Multi AZ feature better? 

A. In a Multi AZ, AWS runs two DBs in parallel and copies the data asynchronously to the replica copy 

B. In a Multi AZ, AWS runs two DBs in parallel and copies the data synchronously to the replica copy 

C. In a Multi AZ, AWS runs just one DB but copies the data synchronously to the standby replica 

D. AWS MS SQL does not support the Multi AZ feature 

Answer:

Explanation: 

Amazon RDS provides high availability and failover support for DB instances using Multi-AZ deployments. In a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to a standby replica to provide data redundancy, eliminate I/O freezes, and minimize latency spikes during system backups. Running a DB instance with high availability can enhance availability during planned system maintenance, and help protect your databases against DB instance failure and Availability Zone disruption.Note that the high-availability feature is not a scaling solution for read-only scenarios; you cannot use a standby replica to serve read traffic. To service read-only traffic, you should use a read replica. 

Q5. - (Topic 2) 

A user has setup connection draining with ELB to allow in-flight requests to continue while the instance is being deregistered through Auto Scaling. If the user has not specified the draining time, how long will ELB allow inflight requests traffic to continue? 

A. 600 seconds 

B. 3600 seconds 

C. 300 seconds 

D. 0 seconds 

Answer:

Explanation: 

The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the instances are deregistering or become unhealthy, while ensuring that inflight requests continue to be served. The user can specify a maximum time (3600 seconds. for the load balancer to keep the connections alive before reporting the instance as deregistered. If the user does not specify the maximum timeout period, by default, the load balancer will close the connections to the deregistering instance after 300 seconds. 

Q6. - (Topic 3) 

A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR 

20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306.. The user is configuring a security group for the public subnet (WebSecGrp. and the private subnet (DBSecGrp.. Which of the below mentioned entries is required in the private subnet database security group (DBSecGrp.? 

A. Allow Inbound on port 3306 for Source Web Server Security Group (WebSecGrp. 

B. Allow Inbound on port 3306 from source 20.0.0.0/16 

C. Allow Outbound on port 3306 for Destination Web Server Security Group (WebSecGrp. 

D. Allow Outbound on port 80 for Destination NAT Instance IP 

Answer:

Explanation: 

A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet to host the web server and DB server respectively, the user should configure that the instances in the private subnet can receive inbound traffic from the public subnet on the DB port. Thus, configure port 3306 in Inbound with the source as the Web Server Security Group (WebSecGrp.. The user should configure ports 80 and 443 for Destination 0.0.0.0/0 as the route table directs traffic to the NAT instance from the private subnet. 

Q7. - (Topic 2) 

A sys admin has created a shopping cart application and hosted it on EC2. The EC2 instances are running behind ELB. The admin wants to ensure that the end user request will always go to the EC2 instance where the user session has been created. How can the admin configure this? 

A. Enable ELB cross zone load balancing 

B. Enable ELB cookie setup 

C. Enable ELB sticky session 

D. Enable ELB connection draining 

Answer:

Explanation: 

Generally AWS ELB routes each request to a zone with the minimum load. The Elastic Load Balancer provides a feature called sticky session which binds the user’s session with a specific EC2 instance. If the sticky session is enabled the first request from the user will be redirected to any of the EC2 instances. But, henceforth, all requests from the same user will be redirected to the same EC2 instance. This ensures that all requests coming from the user during the session will be sent to the same application instance. 

Q8. - (Topic 2) 

A user is trying to connect to a running EC2 instance using SSH. However, the user gets a connection time out error. Which of the below mentioned options is not a possible reason for rejection? 

A. The access key to connect to the instance is wrong 

B. The security group is not configured properly 

C. The private key used to launch the instance is not correct 

D. The instance CPU is heavily loaded 

Answer:

Explanation: 

If the user is trying to connect to a Linux EC2 instance and receives the connection time out error the probable reasons are: Security group is not configured with the SSH port The private key pair is not right The user name to login is wrong The instance CPU is heavily loaded, so it does not allow more connections 

Q9. - (Topic 2) 

A sys admin has created the below mentioned policy and applied to an S3 object named aws.jpg. The aws.jpg is inside a bucket named cloudacademy. What does this policy define? 

"Statement": [{ 

"Sid": "Stmt1388811069831", 

"Effect": "Allow", 

"Principal": { "AWS": "*"}, 

"Action": [ "s3:GetObjectAcl", "s3:ListBucket", "s3:GetObject"], 

"Resource": [ "arn:aws:s3:::cloudacademy/*.jpg"] 

}] 

A. It is not possible to define a policy at the object level 

B. It will make all the objects of the bucket cloudacademy as public 

C. It will make the bucket cloudacademy as public 

D. the aws.jpg object as public 

Answer:

Explanation: 

A system admin can grant permission to the S3 objects or buckets to any user or make objects public using the bucket policy and user policy. Both use the JSON-based access policy language. Generally if the user is defining the ACL on the bucket, the objects in the bucket do not inherit it and vice a versa. The bucket policy can be defined at the bucket level which allows the objects as well as the bucket to be public with a single policy applied to that bucket. It cannot be applied at the object level. 

Q10. - (Topic 2) 

A root account owner has created an S3 bucket testmycloud. The account owner wants to allow everyone to upload the objects as well as enforce that the person who uploaded the object should manage the permission of those objects. Which is the easiest way to achieve this? 

A. The root account owner should create a bucket policy which allows the IAM users to upload the object 

B. The root account owner should create the bucket policy which allows the other account owners to set the object policy of that bucket 

C. The root account should use ACL with the bucket to allow everyone to upload the object 

D. The root account should create the IAM users and provide them the permission to upload content to the bucket 

Answer:

Explanation: 

Each AWS S3 bucket and object has an ACL (Access Control List. associated with it. An ACL is a list of grants identifying the grantee and the permission granted. The user can use ACLs to grant basic read/write permissions to other AWS accounts. ACLs use an Amazon S3–specific XML schema. The user cannot grant permissions to other users in his account. ACLs are suitable for specific scenarios. For example, if a bucket owner allows other AWS accounts to upload objects, permissions to these objects can only be managed using the object ACL by the AWS account that owns the object.