aiotestking uk

AWS-SysOps Exam Questions - Online Test


AWS-SysOps Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. - (Topic 3) 

A user is trying to connect to a running EC2 instance using SSH. However, the user gets a Host key not found error. Which of the below mentioned options is a possible reason for rejection? 

A. The user has provided the wrong user name for the OS login 

B. The instance CPU is heavily loaded 

C. The security group is not configured properly 

D. The access key to connect to the instance is wrong 

Answer:

Explanation: 

If the user is trying to connect to a Linux EC2 instance and receives the Host Key not found error the probable reasons are: The private key pair is not right The user name to login is wrong 

Q2. - (Topic 3) 

A user is having data generated randomly based on a certain event. The user wants to upload that data to CloudWatch. It may happen that event may not have data generated for some period due to andomness. Which of the below mentioned options is a recommended option for this case? 

A. For the period when there is no data, the user should not send the data at all 

B. For the period when there is no data the user should send a blank value 

C. For the period when there is no data the user should send the value as 0 

D. The user must upload the data to CloudWatch as having no data for some period will cause an error at CloudWatch monitoring 

Answer:

Explanation: 

AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. When the user data is more random and not generated at regular intervals, there can be a period which has no associated data. The user can either publish the zero (0. Value for that period or not publish the data at all. It is recommended that the user should publish zero instead of no value to monitor the health of the application. This is helpful in an alarm as well as in the generation of the sample data count. 

Q3. - (Topic 2) 

A user has setup Auto Scaling with ELB on the EC2 instances. The user wants to configure that whenever the CPU utilization is below 10%, Auto Scaling should remove one instance. How can the user configure this? 

A. The user can get an email using SNS when the CPU utilization is less than 10%. The user can use the desired capacity of Auto Scaling to remove the instance B. Use CloudWatch to monitor the data and Auto Scaling to remove the instances using scheduled actions 

C. Configure CloudWatch to send a notification to Auto Scaling Launch configuration when the CPU utilization is less than 10% and configure the Auto Scaling policy to remove the instance 

D. Configure CloudWatch to send a notification to the Auto Scaling group when the CPU Utilization is less than 10% and configure the Auto Scaling policy to remove the instance 

Answer:

Explanation: 

Amazon CloudWatch alarms watch a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The user can setup to receive a notification on the Auto Scaling group with the CloudWatch alarm when the CPU utilization is below a certain threshold. The user can configure the Auto Scaling policy to take action for removing the instance. When the CPU utilization is below 10% CloudWatch will send an alarm to the Auto Scaling group to execute the policy. 

Q4. - (Topic 1) 

What are characteristics of Amazon S3? Choose 2 answers 

A. Objects are directly accessible via a URL 

B. S3 should be used to host a relational database 

C. S3 allows you to store objects or virtually unlimited size 

D. S3 allows you to store virtually unlimited amounts of data 

E. S3 offers Provisioned IOPS 

Answer: A,D 

Q5. - (Topic 1) 

You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch. 

Which method would be the best way to authenticate your CloudWatch PUT request? 

A. Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to launch instances in that role 

B. Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch configuration to inject the userscredentials into the instance User Data 

C. Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission to instances from the Auto Scaling group 

D. Create an IAM user with the PutMetricData permission and put the credentials in a private repository and have applications on the server pull the credentials as needed 

Answer:

Q6. - (Topic 3) 

A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at Rest. If the user is supplying his own keys for encryption (SSE-C., which of the below mentioned statements is true? 

A. The user should use the same encryption key for all versions of the same object 

B. It is possible to have different encryption keys for different versions of the same object 

C. AWS S3 does not allow the user to upload his own keys for server side encryption 

D. The SSE-C does not work when versioning is enabled 

Answer:

Explanation: 

AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key (SSE-C.. If the bucket is versioning-enabled, each object version uploaded by the user using the SSE-C feature can have its own encryption key. The user is responsible for tracking which encryption key was used for which object's version 

Q7. - (Topic 3) 

A user has created a mobile application which makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK and root account access/secret access key to connect to DynamoDB from mobile. Which of the below mentioned statements is true with respect to the best practice for security in this scenario? 

A. The user should create a separate IAM user for each mobile application and provide DynamoDB access with it 

B. The user should create an IAM role with DynamoDB and EC2 access. Attach the role with EC2 and route all calls from the mobile through EC2 

C. The application should use an IAM role with web identity federation which validates calls to DynamoDB with identity providers, such as Google, Amazon, and Facebook 

D. Create an IAM Role with DynamoDB access and attach it with the mobile application 

Answer:

Explanation: 

With AWS IAM a user is creating an application which runs on an EC2 instance and makes requests to AWS, such as DynamoDB or S3 calls. Here it is recommended that the user should not create an IAM user and pass the user's credentials to the application or embed those credentials inside the application. If the user is creating an app that runs on a mobile phone and makes requests to AWS, the user should not create an IAMuser and distribute the user's access key with the app. Instead, he should use an identity provider, such as Login with Amazon, Facebook, or Google to authenticate the users, and then use that identity to get temporary security credentials. 

Q8. - (Topic 2) 

A user has created a VPC with CIDR 20.0.0.0/24. The user has created a public subnet with CIDR 20.0.0.0/25 and a private subnet with CIDR 20.0.0.128/25. The user has launched one instance each in the private and public subnets. Which of the below mentioned options cannot be the correct IP address (private IP. assigned to an instance in the public or private subnet? 

A. 20.0.0.255 

B. 20.0.0.132 

C. 20.0.0.122 

D. 20.0.0.55 

Answer:

Explanation: 

When the user creates a subnet in VPC, he specifies the CIDR block for the subnet. In this case the user has created a VPC with the CIDR block 20.0.0.0/24, which supports 256 IP addresses (20.0.0.0 to 20.0.0.255.. The public subnet will have IP addresses between 20.0.0.0 - 20.0.0.127 and the private subnet will have IP addresses between 20.0.0.128 -20.0.0.255. AWS reserves the first four IP addresses and the last IP address in each subnet’s CIDR block. These are not available for the user to use. Thus, the instance cannot have an IP address of 20.0.0.255 

Q9. - (Topic 1) 

Your organization's security policy requires that all privileged users either use frequently rotated passwords or one-time access credentials in addition to username/password. 

Which two of the following options would allow an organization to enforce this policy for AWS users? 

Choose 2 answers 

A. Configure multi-factor authentication for privileged 1AM users 

B. Create 1AM users for privileged accounts 

C. Implement identity federation between your organization's Identity provider leveraging the 1AM Security Token Service 

D. Enable the 1AM single-use password policy option for privileged users 

Answer: C,D 

Q10. - (Topic 1) 

You receive a frantic call from a new DBA who accidentally dropped a table containing all your customers. 

Which Amazon RDS feature will allow you to reliably restore your database to within 5 minutes of when the mistake was made? 

A. Multi-AZ RDS 

B. RDS snapshots 

C. RDS read replicas 

D. RDS automated backup 

Answer:

Explanation: Reference: 

http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.BackingUpAndRestoringAmazonRDSInstances.html