Visit Official SkillCertPro Website :-
For a full set of 700+ questions. Go to
https://skillcertpro.com/product/aws-certified-sysops-administrator-associate-practice-exam-tests/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 1:
In AWS, which security aspects are the customer’s responsibility? Choose 4 answers
A. Controlling physical access to compute resources
B. Patch management on the EC2 instances operating system
C. Encryption of EBS (Elastic Block Storage) volumes
D. Life-cycle management of IAM credentials
E. Decommissioning storage devices
F. Security Group and ACL (Access Control List) settings
Answer: B, C, D, F
Explanation:
As per the shared responsibility shown below, the users are required to Patch management on the EC2 instances operating system Encryption of EBS (Elastic Block Storage) volumes Life-cycle management of IAM credentials Security Group and ACL (Access Control List) settings For more information on AWS shared responsibility model, please visit the link: https://aws.amazon.com/blogs/security/tag/shared-responsibility-model/
Question 2:
Which method can be used to prevent an IP address block from accessing public objects in an S3 bucket?
A. Create a bucket policy and apply it to the bucket
B. Create a NACL and attach it to the VPC of the bucket
C. Create an ACL and apply it to all objects in the bucket
D. Modify the IAM policies of any users that would access the bucket
Answer: A
Explanation:
A bucket policy as shown below can be used to prevent an IP address block from accessing public objects in an S3 bucket
{
""Version"": ""2012-10-17"",
""Id"": ""S3PolicyId1"",
""Statement"": [
{
""Sid"": ""IPAllow"",
""Effect"": ""Allow"",
""Principal"": ""*"",
""Action"": ""s3:*"",
""Resource"": ""arn:aws:s3:::examplebucket/*"",
""Condition"": {
""IpAddress"": {""aws:SourceIp"": ""54.240.143.0/24""},
""NotIpAddress"": {""aws:SourceIp"": ""54.240.143.188/32""}
}
}
]
}
For more examples on bucket policies please visit the URL:
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html"
Question 3:
Does VPC support multicast?
A. True
B. False
Answer: B
Explanation:
As per the documentation this is not possible. For more information on VPC please visit the link: https://aws.amazon.com/vpc/faqs/
Question 4:
You manage EC2 instances in two different VPCs and you would like instances in both VPCs to be able to easily communicate with each other. You are considering using VPC peering. Will this work? Choose the 2 correct answers from the options given below
A. Yes, as long as all EC2 instances have a public IP.
B. Yes, as long as the VPC’s are in the same region.
C. Yes, as long as the VPCs’ CIDR blocks don’t overlap.
D. Yes, as long as the VPCs are in the same account.
Answer: B, C
Explanation:
To create a VPC peering connection with another VPC, you need to be aware of the following limitations and rules:
You cannot create a VPC peering connection between VPCs that have matching or overlapping IPv4 or IPv6 CIDR blocks. Amazon always assigns your VPC a unique IPv6 CIDR block. If your IPv6 CIDR blocks are unique but your IPv4 blocks are not, you cannot create the peering connection.
You cannot create a VPC peering connection between VPCs in different regions.
You have a limit on the number active and pending VPC peering connections that you can have per VPC.
VPC peering does not support transitive peering relationships; in a VPC peering connection, your VPC does not have access to any other VPCs that the peer VPC may be peered with. This includes VPC peering connections that are established entirely within your own AWS account.
You cannot have more than one VPC peering connection between the same two VPCs at the same time.
A placement group can span peered VPCs; however, you do not get full-bisection bandwidth between instances in peered VPCs. Unicast reverse path forwarding in VPC peering connections is not supported.
You can enable resources on either side of a VPC peering connection to communicate with each other over IPv6; however, IPv6 communication is not automatic. You must associate an IPv6 CIDR block with each VPC, enable the instances in the VPCs for IPv6 communication, and add routes to your route tables that route IPv6 traffic intended for the peer VPC to the VPC peering connection.
For more information on VPC peering please visit the URL:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html"
Question 5:
"Is the below cloudformation template a valid one?
{
""Parameters: : {
""KeyName"" :{
""Description"":""The EC2 Key Pair to allow SSH access to the instance"",
""Type"":""AWS::EC2::KeyPair::KeyName""
}
}
}
"
A. True
B. False
Answer: B
Explanation:
{
""Parameters"" : {
""KeyName"" : {
""Description"" : ""The EC2 Key Pair to allow SSH access to the instance"",
""Type"" : ""AWS::EC2::KeyPair::KeyName""
}
}
}
There has to be a resources section in the template, this is a mandatory section.
For more information on template basics please visit the link:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/gettingstarted.templatebasics.html"
For a full set of 700+ questions. Go to
https://skillcertpro.com/product/aws-certified-sysops-administrator-associate-practice-exam-tests/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 6:
In an S3 bucket policy if you want to deny an IP Address access, what is the attribute that can be used along with the condition clause in the policy? Choose an answer from the options below
A. NotIpAddress
B. DenyIpAddress
C. Cancel IpAddress
D. None of the above
Answer: A
Explanation:
{
""Version"": ""2012-10-17"",
""Statement"": {
""Effect"": ""Deny"",
""Action"": ""*"",
""Resource"": ""*"",
""Condition"": {""NotIpAddress"": {""aws:SourceIp"": [
""192.0.2.0/24"",
""203.0.113.0/24""
]}}
}
}
For more information on bucket policies , please visit the URL:
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html"
Question 7:
What sort of host might you set up in your AWS environment that can be used as a way to “hop” into your environment to gain access to secure servers within a private subnet?
A. This is not possible
B. Bastion host
C. VPN
D. Sneaker-net
Answer: B
Explanation:
A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. In AWS, A bastion host is kept on a public subnet. Users log on to the bastion host via SSH or RDP and then use that session to manage other hosts in the private subnets. This is a security practice adopted by many organization to secure the assets in their private subnets.
Question 8:
Which of the below instances is normally used as a jump server to access EC2 instances in a private subnet in a VPC. Choose an answer from the options below
A. Bastion Host
B. Primary Host
C. Backup Host
D. Secondary Host
Answer: A
Explanation:
A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. In AWS, A bastion host is kept on a public subnet. Users log on to the bastion host via SSH or RDP and then use that session to manage other hosts in the private subnets. This is a security practice adopted by many organization to secure the assets in their private subnets.
Question 9:
A user has provisioned 2000 IOPS to the EBS volume. The application hosted on that EBS is experiencing less IOPS than provisioned. Which of the below mentioned options does not affect the IOPS of the volume?
A. The application does not have enough IO for the volume
B. The instance is EBS optimized
C. The EC2 instance has 10 Gigabit Network connectivity
D. The volume size is too large
Answer: D
Explanation:
A general EBS volume has a maximum IOPS of 3000, so even if you provision a volume of large size, it will not make a difference to the IOPS for the volume. For information on the various EBS volumes, please visit the link: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html
Question 10:
A user has a weighing plant. The user measures the weight of some goods every 5 minutes and sends data to AWS CloudWatch for monitoring and tracking. Which of the below mentioned parameters is mandatory for the user to include in the request list?
A. Value
B. Namespace
C. Metric Name
D. Timezone
Answer: B
Explanation:
A general syntax of the put-metric-data command which is used to publish the data on to cloudwatch is given below. AWS cloudwatch put-metric-data --metric-name PageViewCount --namespace MyService --value 2 --timestamp 2016-10-14T12:00:00.000Z If you go to the below link you will see the mandatory parameters for this command which is namespace and metricname URL: http://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricData.html For information on publishing custom metrics, please visit the link: http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publishingMetrics.html
For a full set of 700+ questions. Go to
https://skillcertpro.com/product/aws-certified-sysops-administrator-associate-practice-exam-tests/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.