Amazon AWS-SysOps Resource 2021

NEW QUESTION 1

Which of the following statements about this S3 bucket policy is true?

• A. Denies the server with the IP address 192.166 100.0 full access to the "mybucket" bucket
• B. Denies the server with the IP address 192.166 100.188 full access to the "mybucket bucket
• C. Grants all the servers within the 192 168 100 0/24 subnet full access to the "mybucket" bucket
• D. Grants all the servers within the 192 168 100 188/32 subnet full access to the "mybucket" bucket

Answer: C

NEW QUESTION 2

An organization (account ID 123412341234. has configured the IAM policy to allow the user to modify his
credentials. What will the below mentioned statement allow the user to perform?
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"iam:AddUserToGroup",
"iam:RemoveUserFromGroup",
"iam:GetGroup"
],
"Resource": "arn:aws:iam:: 123412341234:group/TestingGroup"
}]

• A. The IAM policy will throw an error due to an invalid resource name
• B. The IAM policy will allow the user to subscribe to any IAM group
• C. Allow the IAM user to update the membership of the group called TestingGroup
• D. Allow the IAM user to delete the TestingGroup

Answer: C

Explanation:

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the organization (account ID 123412341234. wants their users to manage their subscription to the groups, they should create a relevant policy for that. The below mentioned policy allows the respective IAM user to update the membership of the group called MarketingGroup.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"iam:AddUserToGroup",
"iam:RemoveUserFromGroup",
"iam:GetGroup"
],
"Resource": "arn:aws:iam:: 123412341234:group/ TestingGroup "
}]

NEW QUESTION 3

A user has created a VPC with CIDR 20.0.0.0/16. The user has created public and VPN only subnets along with hardware VPN access to connect to the user’s datacenter. The user wants to make so that all traffic coming to the public subnet follows the organization’s proxy policy. How can the user make this happen?

• A. Setting up a NAT with the proxy protocol and configure that the public subnet receives traffic from NAT
• B. Settin up a proxy policy in the internet gateway connected with the public subnet
• C. It is not possible to setup the proxy policy for a public subnet
• D. Setting the route table and security group of the public subnet which receives traffic from a virtual private gateway

Answer: D

Explanation:

The user can create subnets within a VPC. If the user wants to connect to VPC from his own data centre, he can setup public and VPN only subnets which uses hardware VPN access to connect with his data centre. When the user has configured this setup, it will update the main route table used with the VPN-only subnet, create a custom route table and associate it with the public subnet. It also creates an internet gateway for the public subnet. By default the internet traffic of the VPN subnet is routed to a virtual private gateway while the internet traffic of the public subnet is routed through the internet gateway. The user can set up the route and security group rules. These rules enable the traffic to come from the organization’s network over the virtual private gateway to the public subnet to allow proxy settings on that public subnet.

NEW QUESTION 4

A user has configured ELB with two EBS backed instances. The user has stopped the instances for 1 week to save costs. The user restarts the instances after 1 week. Which of the below mentioned statements will help the user to understand the ELB and instance registration better?

• A. There is no way to register the stopped instances with ELB
• B. The user cannot stop the instances if they are registered with ELB
• C. If the instances have the same Elastic IP assigned after reboot they will be registered with ELB
• D. The instances will automatically get registered with ELB

Answer: C

Explanation:

Elastic Load Balancing registers the user’s load balancer with his EC2 instance using the associated IP address. When the instances are stopped and started back they will have a different IP address. Thus, they will not get registered with ELB unless the user manually registers them. If the instances are assigned the same Elastic IP after reboot they will automatically get registered with ELB.

NEW QUESTION 5

A sys admin has created a shopping cart application and hosted it on EC2. The EC2 instances are running behind ELB. The admin wants to ensure that the end user request will always go to the EC2 instance where the user session has been created. How can the admin configure this?

• A. Enable ELB cross zone load balancing
• B. Enable ELB cookie setup
• C. Enable ELB sticky session
• D. Enable ELB connection draining

Answer: C

Explanation:

Generally AWS ELB routes each request to a zone with the minimum load. The Elastic Load Balancer provides a feature called sticky session which binds the user’s session with a specific EC2 instance. If the sticky session is enabled the first request from the user will be redirected to any of the EC2 instances. But, henceforth, all requests from the same user will be redirected to the same EC2 instance. This ensures that all requests coming from the user during the session will be sent to the same application instance.

NEW QUESTION 6

An application that you are managing has EC2 instances & Dynamo OB tables deployed to several AWS Regions In order to monitor the performance of the application globally, you would like to see two graphs 1) Avg CPU Utilization across all EC2 instances and 2) Number of Throttled Requests for all DynamoDB tables.
How can you accomplish this?

• A. Tag your resources with the application name, and select the tag name as the dimension in the Cloudwatch Management console to view the respective graphs
• B. Use the Cloud Watch CLI tools to pull the respective metrics from each regional endpoint Aggregate the data offline & store it for graphing in CloudWatc
• C. Add SNMP traps to each instance and DynamoDB table Leverage a central monitoring server to capture data from each instance and table Put the aggregate data into Cloud Watch for graphin
• D. Add a CloudWatch agent to each instance and attach one to each DynamoDB tabl
• E. When configuring the agent set the appropriate application name & view the graphs in CloudWatc

Answer: C

NEW QUESTION 7

An admin is planning to monitor the ELB. Which of the below mentioned services does not help the admin capture the monitoring information about the ELB activity?

• A. ELB Access logs
• B. ELB health check
• C. CloudWatch metrics
• D. ELB API calls with CloudTrail

Answer: B

Explanation:

The admin can capture information about Elastic Load Balancer using either: CloudWatch Metrics ELB Logs files which are stored in the S3 bucket CloudTrail with API calls which can notify the user as well generate logs for each API calls The health check is internally performed by ELB and does not help the admin get the ELB activity.

NEW QUESTION 8

A sys admin has created the below mentioned policy and applied to an S3 object named aws.jpg. The aws.jpg is inside a bucket named cloudacademy. What does this policy define?
"Statement": [{
"Sid": "Stmt1388811069831",
"Effect": "Allow",
"Principal": { "AWS": "*"},
"Action": [ "s3:GetObjectAcl", "s3:ListBucket", "s3:GetObject"],
"Resource": [ "arn:aws:s3:::cloudacademy/*.jpg"]
}]

• A. It is not possible to define a policy at the object level
• B. It will make all the objects of the bucket cloudacademy as public
• C. It will make the bucket cloudacademy as public
• D. the aws.jpg object as public

Answer: A

Explanation:

A system admin can grant permission to the S3 objects or buckets to any user or make objects public using the bucket policy and user policy. Both use the JSON-based access policy language. Generally if the user is defining the ACL on the bucket, the objects in the bucket do not inherit it and vice a versa. The bucket policy can be defined at the bucket level which allows the objects as well as the bucket to be public with a single policy applied to that bucket. It cannot be applied at the object level.

NEW QUESTION 9

A user has created a subnet in VPC and launched an EC2 instance within it. The user has not selected the option to assign the IP address while launching the instance. Which of the
below mentioned statements is true with respect to this scenario?

• A. The instance will always have a public DNS attached to the instance by default
• B. The user can directly attach an elastic IP to the instance
• C. The instance will never launch if the public IP is not assigned
• D. The user would need to create an internet gateway and then attach an elastic IP to the instance to connect from internet

Answer: D

Explanation:

A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When the user is launching an instance he needs to select an option which attaches a public IP to the instance. If the user has not selected the option to attach the public IP then it will only have a private IP when launched. The user cannot connect to the instance from the internet. If the user wants an elastic IP to connect to the instance from the internet he should create an internet gateway and assign an elastic IP to instance.

NEW QUESTION 10

Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases/ decreases and has been performing well Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175.
What should you do to avoid potential service disruptions during the ramp up in traffic?

• A. Ensure that you have pre-allocated 175 Elastic IP addresses so that each server will be able to obtain one as it launches
• B. Check the service limits in Trusted Advisor and adjust as necessary so the forecasted count remains within limit
• C. Change your Auto Scaling configuration to set a desired capacity of 175 prior to the launch of the marketing campaign
• D. Pre-warm your Elastic Load Balancer to match the requests per second anticipated during peak demand prior to the marketing campaign

Answer: D

NEW QUESTION 11

Which of the following are characteristics of Amazon VPC subnets?
Choose 2 answers

• A. Each subnet maps to a single Availability Zone
• B. A CIDR block mask of /25 is the smallest range supported
• C. Instances in a private subnet can communicate with the internet only if they have an Elastic I
• D. By default, all subnets can route between each other, whether they are private or public
• E. V Each subnet spans at least 2 Availability zones to provide a high-availability environment

Answer: CE

NEW QUESTION 12

A user has enabled session stickiness with ELB. The user does not want ELB to manage the cookie; instead he wants the application to manage the cookie. What will happen when the server instance, which is bound to a cookie, crashes?

• A. The response will have a cookie but stickiness will be deleted
• B. The session will not be sticky until a new cookie is inserted
• C. ELB will throw an error due to cookie unavailability
• D. The session will be sticky and ELB will route requests to another server as ELB keeps replicating the Cookie

Answer: B

Explanation:

With Elastic Load Balancer, if the admin has enabled a sticky session with application controlled stickiness, the load balancer uses a special cookie generated by the application to associate the session with the original server which handles the request. ELB follows the lifetime of the application-generated cookie corresponding to the cookie name specified in the ELB policy configuration. The load balancer only inserts a new stickiness cookie if the application response includes a new application cookie. The load balancer stickiness cookie does not update with each request. If the application cookie is explicitly removed or expires, the session stops being sticky until a new application cookie is issued.

NEW QUESTION 13

A user has launched a Windows based EC2 instance. However, the instance has some issues and the user wants to check the log. When the user checks the Instance console output from the AWS console, what will it display?

• A. All the event logs since instance boot
• B. The last 10 system event log error
• C. The Windows instance does not support the console output
• D. The last three system events’ log errors

Answer: D

Explanation:

The AWS EC2 console provides a useful tool called Console output for problem diagnosis. It is useful to find out any kernel issues, termination reasons or service configuration issues. For a Windows instance it lists the last three system event log errors. For Linux it displays the exact console output.

NEW QUESTION 14

An organization, which has the AWS account ID as 999988887777, has created 50 IAM users. All the users are added to the same group cloudacademy. If the organization has enabled that each IAM user can login with the AWS console, which AWS login URL will the IAM users use?

• A. https:// 999988887777.signin.aws.amazon.com/console/
• B. https:// signin.aws.amazon.com/cloudacademy/
• C. https:// cloudacademy.signin.aws.amazon.com/999988887777/console/
• D. https:// 999988887777.aws.amazon.com/ cloudacademy/

Answer: A

Explanation:

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. Once the organization has created the IAM users, they will have a separate AWS console URL to login to the AWS console. The console login URL for the IAM user will be https:// AWS_Account_ID.signin.aws.amazon.com/console/. It uses only the AWS account ID and does not depend on the group or user ID.

NEW QUESTION 15

When an EC2 instance that is backed by an S3-based AMI Is terminated, what happens to the data on me root volume?

• A. Data is automatically saved as an E8S volum
• B. Data is automatically saved as an ESS snapsho
• C. Data is automatically delete
• D. Data is unavailable until the instance is restarte

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ComponentsAMIs.html

NEW QUESTION 16

An organization has configured the custom metric upload with CloudWatch. The organization has given permission to its employees to upload data using CLI as well SDK. How can the user track the calls made to CloudWatch?

• A. The user can enable logging with CloudWatch which logs all the activities
• B. Use CloudTrail to monitor the API calls
• C. Create an IAM user and allow each user to log the data using the S3 bucket
• D. Enable detailed monitoring with CloudWatch

Answer: B

Explanation:

AWS CloudTrail is a web service which will allow the user to monitor the calls made to the Amazon CloudWatch API for the organization’s account, including calls made by the AWS Management Console, Command Line Interface (CLI., and other services. When CloudTrail logging is turned on, CloudWatch will write log files into the Amazon S3 bucket, which is specified during the CloudTrail configuration.

NEW QUESTION 17

A user has launched an EC2 instance from an instance store backed AMI. If the user restarts the instance, what will happen to the ephermal storage data?

• A. All the data will be erased but the ephermal storage will stay connected
• B. All data will be erased and the ephermal storage is released
• C. It is not possible to restart an instance launched from an instance store backed AMI
• D. The data is preserved

Answer: D

Explanation:

A user can reboot an EC2 instance using the AWS console, the Amazon EC2 CLI or the Amazon EC2 API. Rebooting an instance is equivalent to rebooting an operating system. However, it is recommended that the user use Amazon EC2 to reboot the instance instead of running the operating system reboot command from the instance. When an instance launched from an instance store backed AMI is rebooted all the ephermal storage data is still preserved.

NEW QUESTION 18

A user is trying to delete an Auto Scaling group from CLI. Which of the below mentioned steps are to be performed by the user?

• A. Terminate the instances with the ec2-terminate-instance command
• B. Terminate the Auto Scaling instances with the as-terminate-instance command
• C. Set the minimum size and desired capacity to 0
• D. There is no need to change the capacit
• E. Run the as-delete-group command and it will reset all values to 0

Answer: C

Explanation:

If the user wants to delete the Auto Scaling group, the user should manually set the values of the minimum and desired capacity to 0. Otherwise Auto Scaling will not allow for the deletion of the group from CLI. While trying from the AWS console, the user need not set
the values to 0 as the Auto Scaling console will automatically do so.

NEW QUESTION 19

Which services allow the customer to retain run administrative privileges or the undertying EC2 instances? Choose 2 answers

• A. AWS Elastic Beanstalk
• B. Amazon Elastic Map Reduce
• C. Elastic Load Balancing
• D. Amazon Relational Database Service
• E. Amazon Elasti Cache

Answer: AB

NEW QUESTION 20

A user has launched multiple EC2 instances for the purpose of development and testing in the same region. The user wants to find the separate cost for the production and development instances. How can the user find the cost distribution?

• A. The user should download the activity report of the EC2 services as it has the instance ID wise data
• B. It is not possible to get the AWS cost usage data of single region instances separately
• C. The user should use Cost Distribution Metadata and AWS detailed billing
• D. The user should use Cost Allocation Tags and AWS billing reports

Answer: D

Explanation:

AWS provides cost allocation tags to categorize and track the AWS costs. When the user applies tags to his AWS resources (such as Amazon EC2 instances or Amazon S3 buckets., AWS generates a cost allocation report as a comma-separated value (CSV file. with the usage and costs aggregated by those tags. The user can apply tags which represent business categories (such as cost centres, application names, or instance type – Production/Dev. to organize usage costs across multiple services.

NEW QUESTION 21

A user is planning to schedule a backup for an EBS volume. The user wants security of the snapshot data. How can the user achieve data encryption with a snapshot?

• A. Use encrypted EBS volumes so that the snapshot will be encrypted by AWS
• B. While creating a snapshot select the snapshot with encryption
• C. By default the snapshot is encrypted by AWS
• D. Enable server side encryption for the snapshot using S3

Answer: A

Explanation:

AWS EBS supports encryption of the volume. It also supports creating volumes from existing snapshots provided the snapshots are created from encrypted volumes. The data at rest, the I/O as well as all the snapshots of the encrypted EBS will also be encrypted. EBS encryption is based on the AES-256 cryptographic algorithm, which is the industry standard.

NEW QUESTION 22

A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 by mistake. The user is trying to create another subnet of CIDR 20.0.0.1/24. How can the user create the second subnet?

• A. There is no need to update the subnet as VPC automatically adjusts the CIDR of the first subnet based on the second subnet’s CIDR
• B. The user can modify the first subnet CIDR from the console
• C. It is not possible to create a second subnet as one subnet with the same CIDR as the VPC has been created
• D. The user can modify the first subnet CIDR with AWS CLI

Answer: D

Explanation:

A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. A user can create a subnet with VPC and launch instances inside the subnet. The user can create a subnet with the same size of VPC. However, he cannot create any other subnet since the CIDR of the second subnet will conflict with the first subnet. The user cannot modify the CIDR of a subnet once it is created. Thus, in this case if required, the user has to delete the subnet and create new subnets.

NEW QUESTION 23

You have decided to change the Instance type for instances running In your application tier that are using Auto Scaling.
In which area below would you change the instance type definition?

• A. Auto Scaling launch configuration
• B. Auto Scaling group
• C. Auto Scaling policy
• D. Auto Scaling tags

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/WhatIsAutoScaling.html

NEW QUESTION 24

A user is trying to understand AWS SNS. To which of the below mentioned end points is SNS unable to send a notification?

• A. Email JSON
• B. HTTP
• C. AWS SQS
• D. AWS SES

Answer: D

Explanation:

Amazon Simple Notification Service (Amazon SNS. is a fast, flexible, and fully managed push messaging service. Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue Service (SQS. queues or to any HTTP endpoint. The user can select one the following transports as part of the subscription requests: “HTTP”, “HTTPS”,”Email”, “Email-JSON”, “SQS”, “and SMS”.

NEW QUESTION 25

A user has launched an EC2 instance from an instance store backed AMI. The user has attached an additional instance store volume to the instance. The user wants to create an AMI from the running instance. Will the AMI have the additional instance store volume data?

• A. Yes, the block device mapping will have information about the additional instance store volume
• B. No, since the instance store backed AMI can have only the root volume bundled
• C. It is not possible to attach an additional instance store volume to the existing instance store backed AMI instance
• D. No, since this is ephermal storage it will not be a part of the AMI

Answer: A

Explanation:

When the user has launched an EC2 instance from an instance store backed AMI and added an instance store volume to the instance in addition to the root device volume, the block device mapping for the new AMI contains the information for these volumes as well. In addition, the block device mappings for the instances those are launched from the new AMI will automatically contain information for these volumes.

NEW QUESTION 26

An organization has created 5 IAM users. The organization wants to give them the same login ID but different passwords. How can the organization achieve this?

• A. The organization should create a separate login ID but give the IAM users the same alias so that each one can login with their alias
• B. The organization should create each user in a separate region so that they have their own URL to login
• C. It is not possible to have the same login ID for multiple IAM users of the same account
• D. The organization should create various groups and add each user with the same login ID to different group
• E. The user can login with their own group ID

Answer: C

Explanation:

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. Whenever the organization is creating an IAM user, there should be a unique ID for each user. It is not possible to have the same login ID for multiple users. The names of users,groups, roles, instance profiles must be alphanumeric, including the following common characters: plus (+., equal (=., comma (,., period (.., at (@., and dash (-..

NEW QUESTION 27

When preparing for a compliance assessment of your system built inside of AWS. what are three best-practices for you to prepare for an audit?
Choose 3 answers

• A. Gather evidence of your IT operational controls
• B. Request and obtain applicable third-party audited AWS compliance reports and certifications
• C. Request and obtain a compliance and security tour of an AWS data center for a pre-assessment security review
• D. Request and obtain approval from AWS to perform relevant network scans and in-depth penetration tests of your system's Instances and endpoints
• E. Schedule meetings with AWS's third-party auditors to provide evidence of AWS compliance that maps to your control objectives

Answer: ABD

NEW QUESTION 28

A user has launched an EC2 instance. However, due to some reason the instance was terminated. If the user wants to find out the reason for termination, where can he find the details?

• A. It is not possible to find the details after the instance is terminated
• B. The user can get information from the AWS console, by checking the Instance description under the State transition reason label
• C. The user can get information from the AWS console, by checking the Instance description under the Instance Status Change reason label
• D. The user can get information from the AWS console, by checking the Instance description under the Instance Termination reason label

Answer: D

Explanation:

An EC2 instance, once terminated, may be available in the AWS console for a while after termination. The user can find the details about the termination from the description tab under the label State transition reason. If the instance is still running, there will be no reason listed. If the user has explicitly stopped or terminated the instance, the reason will be “User initiated shutdown”.

NEW QUESTION 29

A user has launched 10 instances from the same AMI ID using Auto Scaling. The user is trying to see the
average CPU utilization across all instances of the last 2 weeks under the CloudWatch console. How can the user achieve this?

• A. View the Auto Scaling CPU metrics
• B. Aggregate the data over the instance AMI ID
• C. The user has to use the CloudWatchanalyser to find the average data across instances
• D. It is not possible to see the average CPU utilization of the same AMI ID since the instance ID is different

Answer: B

Explanation:

Amazon CloudWatch is basically a metrics repository. Either the user can send the custom data or an AWS product can put metrics into the repository, and the user can retrieve the statistics based on those metrics. The statistics are metric data aggregations over specified periods of time. Aggregations are made using the namespace, metric name, dimensions, and the data point unit of measure, within the time period that is specified by the user. To aggregate the data across instances launched with AMI, the user should select the AMI ID under EC2 metrics and select the aggregate average to view the data.

NEW QUESTION 30
......