Amazon

AWS-SYSOPS Exam

AWS Certified SysOps Administrator - Associate Exam

Questions & Answers

Demo

Question: 1

You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied for the next 24 hours. Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?

A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block

B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block

C. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block

D. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block

Answer: B

Question: 2

When preparing for a compliance assessment of your system built inside of AWS. what are three best-practices for you to prepare for an audit? Choose 3 answers

A. Gather evidence of your IT operational controls

B. Request and obtain applicable third-party audited AWS compliance reports and certifications

C. Request and obtain a compliance and security tour of an AWS data center for a pre-assessment security review

D. Request and obtain approval from AWS to perform relevant network scans and in-depth penetration tests of your system's Instances and endpoints

E. Schedule meetings with AWS's third-party auditors to provide evidence of AWS compliance that maps to your control objectives

Answer: ABD

Question: 3

You have started a new job and are reviewing your company's infrastructure on AWS You notice one web application where they have an Elastic Load Balancer (&B) in front of web instances in an Auto Scaling Group When you check the metrics for the ELB in CloudWatch you see four healthy instances In Availability Zone (AZ) A and zero in AZ B There are zero unhealthy instances. What do you need to fix to balance the instances across AZs?

A. Set the ELB to only be attached to another AZ

B. Make sure Auto Scaling is configured to launch in both AZs

C. Make sure your AMI is available in both AZs

D. Make sure the maximum size of the Auto Scaling Group is greater than 4

Answer: B

Question: 4

You have been asked to leverage Amazon VPC BC2 and SOS to implement an application that submits and receives millions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS Which option will provide the most scalable solution for communicating between the application and SQS?

A. Ensure the application instances are properly configured with an Elastic Load Balancer

B. Ensure the application instances are launched in private subnets with the EBS-optimized option enabled

C. Ensure the application instances are launched in public subnets with the associate-public-IPaddress= true option enabled

D. Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SQS queue size

Answer: B

Question: 5

You have identified network throughput as a bottleneck on your m1.small EC2 instance when uploading data Into Amazon S3 In the same region.

How do you remedy this situation?

A. Add an additional ENI

B. Change to a larger Instance

C. Use DirectConnect between EC2 and S3

D. Use EBS PIOPS on the local volume

Answer: B

Question: 6

When attached to an Amazon VPC which two components provide connectivity with external networks? Choose 2 answers

A. Elastic IPS (EIP)

B. NAT Gateway (NAT)

C. Internet Gateway {IGW)

D. Virtual Private Gateway (VGW)

Answer: C,D

Question: 7

Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases/ decreases and has been performing well Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175. What should you do to avoid potential service disruptions during the ramp up in traffic?

A. Ensure that you have pre-allocated 175 Elastic IP addresses so that each server will be able to obtain one as it launches

B. Check the service limits in Trusted Advisor and adjust as necessary so the forecasted count remains within limits.

C. Change your Auto Scaling configuration to set a desired capacity of 175 prior to the launch of the marketing campaign

D. Pre-warm your Elastic Load Balancer to match the requests per second anticipated during peak demand prior to the marketing campaign

Answer: D

Question: 8

You have an Auto Scaling group associated with an Elastic Load Balancer (ELB). You have noticed that instances launched via the Auto Scaling group are being marked unhealthy due to an ELB health check, but these unhealthy instances are not being terminated What do you need to do to ensure trial instances marked unhealthy by the ELB will be terminated and replaced?

A. Change the thresholds set on the Auto Scaling group health check

B. Add an Elastic Load Balancing health check to your Auto Scaling group

C. Increase the value for the Health check interval set on the Elastic Load Balancer

D. Change the health check set on the Elastic Load Balancer to use TCP rather than HTTP checks

Answer: B

Question: 9

Which two AWS services provide out-of-the-box user configurable automatic backup-as-a-service and backup rotation options?

Choose 2 answers

A. Amazon S3

B. Amazon RDS

C. Amazon EBS

D. Amazon Red shift

Answer: B,D

Question: 10

An organization has configured a VPC with an Internet Gateway (IGW). pairs of public and private subnets (each with one subnet per Availability Zone), and an Elastic Load Balancer (ELB) configured to use the public subnets The application s web tier leverages the ELB. Auto Scaling and a mum-AZ RDS database instance The organization would like to eliminate any potential single points ft failure in this design. What step should you take to achieve this organization's objective?

A. Nothing, there are no single points of failure in this architecture.

B. Create and attach a second IGW to provide redundant internet connectivity.

C. Create and configure a second Elastic Load Balancer to provide a redundant load balancer.

D. Create a second multi-AZ RDS instance in another Availability Zone and configure replication to provide a redundant database.

Answer: A

Question: 11

Which of the following are characteristics of Amazon VPC subnets? Choose 2 answers

A.Each subnet maps to a single Availability Zone

B. A CIDR block mask of /25 is the smallest range supported

C. Instances in a private subnet can communicate with the internet only if they have an Elastic IP.

D. By default, all subnets can route between each other, whether they are private or public

E. V Each subnet spans at least 2 Availability zones to provide a high-availability environment

Answer: C, E

Question: 12

You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch. Which method would be the best way to authenticate your CloudWatch PUT request?

A. Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to launch instances in that role

B. Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch configuration to inject the userscredentials into the instance User Data

C. Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission to instances from the Auto Scaling group

D. Create an IAM user with the PutMetricData permission and put the credentials in a private repository and have applications on the server pull the credentials as needed

Answer: A