aiotestking uk

AWS-SysOps Exam Questions - Online Test


AWS-SysOps Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. - (Topic 3) 

A user is trying to understand the CloudWatch metrics for the AWS services. It is required that the user should first understand the namespace for the AWS services. Which of the below mentioned is not a valid namespace for the AWS services? 

A. AWS/StorageGateway 

B. AWS/CloudTrail 

C. AWS/ElastiCache 

D. AWS/SWF 

Answer:

Explanation: 

Amazon CloudWatch is basically a metrics repository. The AWS product puts metrics into this repository, and the user can retrieve the data or statistics based on those metrics. To distinguish the data for each service, the CloudWatch metric has a namespace. Namespaces are containers for metrics. All AWS services that provide the Amazon CloudWatch data use a namespace string, beginning with "AWS/". All the services which are supported by CloudWatch will have some namespace. CloudWatch does not monitor CloudTrail. Thus, the namespace “AWS/CloudTrail” is incorrect. 

Q2. - (Topic 2) 

A sys admin is maintaining an application on AWS. The application is installed on EC2 and user has configured ELB and Auto Scaling. Considering future load increase, the user is planning to launch new servers proactively so that they get registered with ELB. How can the user add these instances with Auto Scaling? 

A. Increase the desired capacity of the Auto Scaling group 

B. Increase the maximum limit of the Auto Scaling group 

C. Launch an instance manually and register it with ELB on the fly 

D. Decrease the minimum limit of the Auto Scaling grou 

Answer:

Explanation: 

A user can increase the desired capacity of the Auto Scaling group and Auto Scaling will launch a new instance as per the new capacity. The newly launched instances will be registered with ELB if Auto Scaling group is configured with ELB. If the user decreases the minimum size the instances will be removed from Auto Scaling. Increasing the maximum size will not add instances but only set the maximum instance cap. 

Q3. - (Topic 2) 

A root AWS account owner is trying to understand various options to set the permission to AWS S3. Which of the below mentioned options is not the right option to grant permission for S3? 

A. User Access Policy 

B. S3 Object Access Policy 

C. S3 Bucket Access Policy 

D. S3 ACL 

Answer:

Explanation: 

Amazon S3 provides a set of operations to work with the Amazon S3 resources. Managing S3 resource access refers to granting others permissions to work with S3. There are three ways the root account owner can define access with S3: S3 ACL: The user can use ACLs to grant basic read/write permissions to other AWS accounts. S3 Bucket Policy: The policy is used to grant other AWS accounts or IAM users permissions for the bucket and the objects in it. User Access Policy: Define an IAM user and assign him the IAM policy which grants him access to S3. 

Q4. - (Topic 3) 

A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. Which of the below mentioned SSL protocols is not supported by the security policy? 

A. TLS 1.3 

B. TLS 1.2 

C. SSL 2.0 

D. SSL 3.0 

Answer:

Explanation: 

Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. Elastic Load Balancing supports the following versions of the SSL protocol: TLS 1.2 TLS 1.1 TLS 1.0 SSL 3.0 SSL 2.0 

Q5. - (Topic 3) 

George has shared an EC2 AMI created in the US East region from his AWS account with Stefano. George copies the same AMI to the US West region. Can Stefano access the copied AMI of George’s account from the US West region? 

A. No, copy AMI does not copy the permission 

B. It is not possible to share the AMI with a specific account 

C. Yes, since copy AMI copies all private account sharing permissions 

D. Yes, since copy AMI copies all the permissions attached with the AMI 

Answer:

Explanation: 

Within EC2, when the user copies an AMI, the new AMI is fully independent of the source AMI; there is no link to the original (source. AMI. AWS does not copy launch the permissions, user-defined tags or the Amazon S3 bucket permissions from the source AMI to the new AMI. Thus, in this case by default Stefano will not have access to the AMI in the US West region. 

Q6. - (Topic 3) 

A user has launched multiple EC2 instances for the purpose of development and testing in the same region. The user wants to find the separate cost for the production and development instances. How can the user find the cost distribution? 

A. The user should download the activity report of the EC2 services as it has the instance ID wise data 

B. It is not possible to get the AWS cost usage data of single region instances separately 

C. The user should use Cost Distribution Metadata and AWS detailed billing 

D. The user should use Cost Allocation Tags and AWS billing reports 

Answer:

Explanation: 

AWS provides cost allocation tags to categorize and track the AWS costs. When the user applies tags to his AWS resources (such as Amazon EC2 instances or Amazon S3 buckets., AWS generates a cost allocation report as a comma-separated value (CSV file. with the usage and costs aggregated by those tags. The user can apply tags which represent business categories (such as cost centres, application names, or instance type – Production/Dev. to organize usage costs across multiple services. 

Q7. - (Topic 2) 

A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user’s data centre. Which of the below mentioned options is a valid entry for the main route table in this scenario? 

A. Destination: 20.0.0.0/24 and Target: vgw-12345 

B. Destination: 20.0.0.0/16 and Target: ALL 

C. Destination: 20.0.1.0/16 and Target: vgw-12345 

D. Destination: 0.0.0.0/0 and Target: vgw-12345 

Answer:

Explanation: 

The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. Here are the valid entries for the main route table in this scenario: Destination: 0.0.0.0/0 & Target: vgw-12345 (To route all internet traffic to the VPN gateway. Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC. 

Q8. - (Topic 2) 

A user has launched a large EBS backed EC2 instance in the US-East-1a region. The user wants to achieve Disaster Recovery (DR. for that instance by creating another small instance in Europe. How can the user achieve DR? 

A. Copy the running instance using the “Instance Copy” command to the EU region 

B. Create an AMI of the instance and copy the AMI to the EU region. Then launch the instance from the EU AMI 

C. Copy the instance from the US East region to the EU region 

D. Use the “Launch more like this” option to copy the instance from one region to another 

Answer:

Explanation: 

To launch an EC2 instance it is required to have an AMI in that region. If the AMI is not available in that region, then create a new AMI or use the copy command to copy the AMI from one region to the other region. 

Q9. - (Topic 3) 

A user has configured an HTTPS listener on an ELB. The user has not configured any security policy which can help to negotiate SSL between the client and ELB. What will ELB do in this scenario? 

A. By default ELB will select the first version of the security policy 

B. By default ELB will select the latest version of the policy 

C. ELB creation will fail without a security policy 

D. It is not required to have a security policy since SSL is already installed 

Answer:

Explanation: 

Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. If the user has created an HTTPS/SSL listener without associating any security policy, Elastic Load Balancing will, bydefault, associate the latest version of the ELBSecurityPolicy-YYYY-MM with the load balancer. 

Q10. - (Topic 3) 

A user runs the command “dd if=/dev/zero of=/dev/xvdfbs=1M” on a fresh blank EBS volume attached to a Linux instance. Which of the below mentioned activities is the user performing with the command given above? 

A. Creating a file system on the EBS volume 

B. Mounting the device to the instance 

C. Pre warming the EBS volume 

D. Formatting the EBS volume 

Answer:

Explanation: 

When the user creates a new EBS volume and is trying to access it for the first time it will encounter reduced IOPS due to wiping or initiating of the block storage. To avoid this as well as achieve the best performance it is required to pre warm the EBS volume. For a blank volume attached with a Linux OS, the “dd” command is used to write to all the blocks on the device. In the command “dd if=/dev/zero of=/dev/xvdfbs=1M” the parameter “if =import file” should be set to one of the Linux virtual devices, such as /dev/zero. The “of=output file” parameter should be set to the drive that the user wishes to warm. The “bs” parameter sets the block size of the write operation; for optimal performance, this should be set to 1 MB.