aiotestking uk

AWS-SysOps Exam Questions - Online Test


AWS-SysOps Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. - (Topic 2) 

A user has launched an EC2 instance. The user is planning to setup the CloudWatch alarm. Which of the 

below mentioned actions is not supported by the CloudWatch alarm? 

A. Notify the Auto Scaling launch config to scale up 

B. Send an SMS using SNS 

C. Notify the Auto Scaling group to scale down 

D. Stop the EC2 instance 

Answer:

Explanation: 

A user can create a CloudWatch alarm that takes various actions when the alarm changes state. An alarm watches a single metric over the time period that the user has specified, and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The actions could be sending a notification to an Amazon Simple Notification Service topic (SMS, Email, and HTTP end point.,notifying the Auto Scaling policy or changing the state of the instance to Stop/Terminate. 

Q2. - (Topic 1) 

You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers deployed using an Auto Scaling Group Your database is running on Relational 

Database Service (RDS) The application serves out technical articles and responses to them in general there are more views of an article than there are responses to the article. On occasion, an article on the site becomes extremely popular resulting in significant traffic Increases that causes the site to go down. 

What could you do to help alleviate the pressure on the infrastructure while maintaining availability during these events? 

Choose 3 answers 

A. Leverage CloudFront for the delivery of the articles. 

B. Add RDS read-replicas for the read traffic going to your relational database 

C. Leverage ElastiCache for caching the most frequently used data. 

D. Use SOS to queue up the requests for the technical posts and deliver them out of the queue. 

E. Use Route53 health checks to fail over to an S3 bucket for an error page. 

Answer: A,C,E 

Q3. - (Topic 3) 

A user is trying to connect to a running EC2 instance using SSH. However, the user gets a Host key not found error. Which of the below mentioned options is a possible reason for rejection? 

A. The user has provided the wrong user name for the OS login 

B. The instance CPU is heavily loaded 

C. The security group is not configured properly 

D. The access key to connect to the instance is wrong 

Answer:

Explanation: 

If the user is trying to connect to a Linux EC2 instance and receives the Host Key not found error the probable reasons are: The private key pair is not right The user name to login is wrong 

Q4. - (Topic 3) 

A sysadmin has created the below mentioned policy on an S3 bucket named cloudacademy. What does this policy define? 

"Statement": [{ 

"Sid": "Stmt1388811069831", 

"Effect": "Allow", 

"Principal": { "AWS": "*"}, 

"Action": [ "s3:GetObjectAcl", "s3:ListBucket"], 

"Resource": [ "arn:aws:s3:::cloudacademy] 

}] 

A. It will make the cloudacademy bucket as well as all its objects as public 

B. It will allow everyone to view the ACL of the bucket 

C. It will give an error as no object is defined as part of the policy while the action defines the rule about the object 

D. It will make the cloudacademy bucket as public 

Answer:

Explanation: 

A sysadmin can grant permission to the S3 objects or the buckets to any user or make objects public using the bucket policy and user policy. Both use the JSON-based access policy language. Generally if the user is defining the ACL on the bucket, the objects in the bucket do not inherit it and vice a versa. The bucket policy can be defined at the bucket level which allows the objects as well as the bucket to be public with a single policy applied to that bucket. In the sample policy the action says “S3:ListBucket” for effect Allow on 

Resource arn:aws:s3:::cloudacademy. This will make the cloudacademy bucket public. 

"Statement": [{ 

"Sid": "Stmt1388811069831", 

"Effect": "Allow", 

"Principal": { "AWS": "*" }, 

"Action": [ "s3:GetObjectAcl", "s3:ListBucket"], 

"Resource": [ "arn:aws:s3:::cloudacademy] 

}] 

Q5. - (Topic 3) 

An organization is measuring the latency of an application every minute and storing data inside a file in the JSON format. The organization wants to send all latency data to AWS CloudWatch. How can the organization achieve this? 

A. The user has to parse the file before uploading data to CloudWatch 

B. It is not possible to upload the custom data to CloudWatch 

C. The user can supply the file as an input to the CloudWatch command 

D. The user can use the CloudWatch Import command to import data from the file to CloudWatch 

Answer:

Explanation: 

AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. The user has to always include the namespace as part of the request. If the user wants to upload the custom data from a Amazon AWS-SysOps : Practice Test file, he can supply file name along with the parameter -- metric-data to command put-metric-data. 

Q6. - (Topic 3) 

A user is using the AWS SQS to decouple the services. Which of the below mentioned operations is not 

supported by SQS? 

A. SendMessageBatch 

B. DeleteMessageBatch 

C. CreateQueue 

D. DeleteMessageQueue 

Answer:

Explanation: 

Amazon Simple Queue Service (SQS. is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. The user can perform the following set of operations using the Amazon SQS: 

CreateQueue, ListQueues, DeleteQueue, SendMessage, SendMessageBatch, 

ReceiveMessage, DeleteMessage, DeleteMessageBatch, ChangeMessageVisibility, 

ChangeMessageVisibilityBatch, SetQueueAttributes, GetQueueAttributes, GetQueueUrl, 

AddPermission and RemovePermission. Operations can be performed only by the AWS account owner or an AWS account that the account owner has delegated to. 

Q7. - (Topic 2) 

A user has setup an RDS DB with Oracle. The user wants to get notifications when someone modifies the 

security group of that DB. How can the user configure that? 

A. It is not possible to get the notifications on a change in the security group 

B. Configure SNS to monitor security group changes 

C. Configure event notification on the DB security group 

D. Configure the CloudWatch alarm on the DB for a change in the security group 

Answer:

Explanation: 

Amazon RDS uses the Amazon Simple Notification Service to provide a notification when an Amazon RDS event occurs. These events can be configured for source categories, such as DB instance, DB security group, DB snapshot and DB parameter group. If the user is subscribed to a Configuration Change category for a DB security group, he will be notified when the DB security group is changed. 

Q8. - (Topic 3) 

A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the 

VPN gateway (vgw-12345. to connect to the user’s data centre. The user’s data centre has CIDR 172.28.0.0/12. The user has also setup a NAT instance (i-123456. to allow traffic to the internet from the VPN subnet. Which of the below mentioned options is not a valid entry for the main route table in this scenario? 

A. Destination: 20.0.1.0/24 and Target: i-12345 

B. Destination: 0.0.0.0/0 and Target: i-12345 

C. Destination: 172.28.0.0/12 and Target: vgw-12345 

D. Destination: 20.0.0.0/16 and Target: local 

Answer:

Explanation: 

The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the user has setup a NAT instance to route all the internet requests then all requests to the internet should be routed to it. All requests to the organization’s DC will be routed to the VPN gateway. Here are the valid entries for the main route table in this scenario: Destination: 0.0.0.0/0 & Target: i-12345 (To route all internet traffic to the NAT Instance. Destination: 172.28.0.0/12 & Target: vgw-12345 (To route all the organization’s data centre traffic to the VPN gateway. Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC. 

Q9. - (Topic 3) 

An organization has created a Queue named “modularqueue” with SQS. The organization is not performing any operations such as SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission on the queue. What can happen in this scenario? 

A. AWS SQS sends notification after 15 days for inactivity on queue 

B. AWS SQS can delete queue after 30 days without notification 

C. AWS SQS marks queue inactive after 30 days 

D. AWS SQS notifies the user after 2 weeks and deletes the queue after 3 weeks. 

Answer:

Explanation: 

Amazon SQS can delete a queue without notification if one of the following actions hasn't been performed on it for 30 consecutive days: SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission. 

Q10. - (Topic 2) 

A user has configured a VPC with a new subnet. The user has created a security group. The user wants to configure that instances of the same subnet communicate with each other. How can the user configure this with the security group? 

A. There is no need for a security group modification as all the instances can communicate with each other inside the same subnet 

B. Configure the subnet as the source in the security group and allow traffic on all the protocols and ports 

C. Configure the security group itself as the source and allow traffic on all the protocols and ports 

D. The user has to use VPC peering to configure this 

Answer:

Explanation: 

A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. AWS provides two features that the user can use to increase security in VPC: security groups and network ACLs. Security groups work at the instance level. If the user is using the default security group it will have a rule which allows the instances to communicate with other. For a new security group the user has to specify the rule, add it to define the source as the security group itself, and select all the protocols and ports for that source.