Breathing AWS-SysOps Exam Questions 2019

Exam Code: AWS-SysOps (aws sysops certification), Exam Name: AWS Certified SysOps Administrator Associate, Certification Provider: Amazon Certifitcation, Free Today! Guaranteed Training- Pass AWS-SysOps Exam.

Online AWS-SysOps free questions and answers of New Version:

A user has configured a VPC with a new subnet. The user has created a security group. The user wants to configure that instances of the same subnet communicate with each other. How can the user configure this with the security group?

  • A. There is no need for a security group modification as all the instances can communicate with each other inside the same subnet
  • B. Configure the subnet as the source in the security group and allow traffic on all the protocols and ports
  • C. Configure the security group itself as the source and allow traffic on all the protocols and ports
  • D. The user has to use VPC peering to configure this

Answer: C

A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. AWS provides two features that the user can use to increase security in VPC: security groups and network ACLs. Security groups work at the instance level. If the user is using the default security group it will have a rule which allows the instances to communicate with other. For a new security group the user has to specify the rule, add it to define the source as the security group itself, and select all the protocols and ports for that source.

A user has configured an ELB to distribute the traffic among multiple instances. The user instances are facing some issues due to the back-end servers. Which of the below mentioned CloudWatch metrics helps the user understand the issue with the instances?

  • A. HTTPCode_Backend_3XX
  • B. HTTPCode_Backend_4XX
  • C. HTTPCode_Backend_2XX
  • D. HTTPCode_Backend_5XX

Answer: D

CloudWatch is used to monitor AWS as well as the custom services. For ELB, CloudWatch provides various metrics including error code by ELB as well as by back-end servers (instances.. It gives data for the count of the number of HTTP response codes generated by the back-end instances. This metric does not include any response codes generated by the load balancer. These metrics are: The 2XX class status codes represents successful actions The 3XX class status code indicates that the user agent requires action The 4XX class status code represents client errors
The 5XX class status code represents back-end server errors

A sys admin has created a shopping cart application and hosted it on EC2. The EC2 instances are running behind ELB. The admin wants to ensure that the end user request will always go to the EC2 instance where the user session has been created. How can the admin configure this?

  • A. Enable ELB cross zone load balancing
  • B. Enable ELB cookie setup
  • C. Enable ELB sticky session
  • D. Enable ELB connection draining

Answer: C

Generally AWS ELB routes each request to a zone with the minimum load. The Elastic Load Balancer provides a feature called sticky session which binds the user’s session with a specific EC2 instance. If the sticky session is enabled the first request from the user will be redirected to any of the EC2 instances. But, henceforth, all requests from the same user will be redirected to the same EC2 instance. This ensures that all requests coming from the user during the session will be sent to the same application instance.

A user is trying to connect to a running EC2 instance using SSH. However, the user gets an Unprotected
Private Key File error. Which of the below mentioned options can be a possible reason for rejection?

  • A. The private key file has the wrong file permission
  • B. The ppk file used for SSH is read only
  • C. The public key file has the wrong permission
  • D. The user has provided the wrong user name for the OS login

Answer: A

While doing SSH to an EC2 instance, if you get an Unprotected Private Key File error it means that the private key file's permissions on your computer are too open. Ideally the private key should have the Unix permission of 0400. To fix that, run the command: chmod 0400 /path/to/private.key

A system admin wants to add more zones to the existing ELB. The system admin wants to perform this activity from CLI. Which of the below mentioned command helps the system admin to add new zones to the existing ELB?

  • A. elb-enable-zones-for-lb
  • B. elb-add-zones-for-lb
  • C. It is not possible to add more zones to the existing ELB
  • D. elb-configure-zones-for-lb

Answer: A

The user has created an Elastic Load Balancer with the availability zone and wants to add more zones to the existing ELB. The user can do so in two ways:
From the console or CLI, add new zones to ELB;

An organization has created a Queue named “modularqueue” with SQS. The organization is not performing any operations such as SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission on the queue. What can happen in this scenario?

  • A. AWS SQS sends notification after 15 days for inactivity on queue
  • B. AWS SQS can delete queue after 30 days without notification
  • C. AWS SQS marks queue inactive after 30 days
  • D. AWS SQS notifies the user after 2 weeks and deletes the queue after 3 week

Answer: B

Amazon SQS can delete a queue without notification if one of the following actions hasn't been performed on it for 30 consecutive days: SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission.

A user is checking the CloudWatch metrics from the AWS console. The user notices that the CloudWatch data is coming in UTC. The user wants to convert the data to a local time zone. How can the user perform this?

  • A. In the CloudWatch dashboard the user should set the local timezone so that CloudWatch shows the data only in the local time zone
  • B. In the CloudWatch console select the local timezone under the Time Range tab to view the data as per the local timezone
  • C. The CloudWatch data is always in UTC; the user has to manually convert the data
  • D. The user should have send the local timezone while uploading the data so that CloudWatch will show the data only in the local timezone

Answer: B

If the user is viewing the data inside the CloudWatch console, the console provides options to filter values either using the relative period, such as days/hours or using the Absolute tab where the user can provide data with a specific date and time. The console also provides the option to search using the local timezone under the time range caption in the console because the time range tab allows the user to change the time zone.

An organization has configured two single availability zones. The Auto Scaling groups are configured in
separate zones. The user wants to merge the groups such that one group spans across multiple zones. How can the user configure this?

  • A. Run the command as-join-auto-scaling-group to join the two groups
  • B. Run the command as-update-auto-scaling-group to configure one group to span across zones and delete the other group
  • C. Run the command as-copy-auto-scaling-group to join the two groups
  • D. Run the command as-merge-auto-scaling-group to merge the groups

Answer: B

If the user has configured two separate single availability zone Auto Scaling groups and wants to merge them then he should update one of the groups and delete the other one. While updating the first group it is recommended that the user should increase the size of the minimum, maximum and desired capacity as a summation of both the groups.

A user has launched an EBS backed instance with EC2-Classic. The user stops and starts the instance. Which of the below mentioned statements is not true with respect to the stop/start action?

  • A. The instance gets new private and public IP addresses
  • B. The volume is preserved
  • C. The Elastic IP remains associated with the instance
  • D. The instance may run on a anew host computer

Answer: C

A user can always stop/start an EBS backed EC2 instance. When the user stops the instance, it first enters the stopping state, and then the stopped state. AWS does not charge the running cost but charges only for the EBS storage cost. If the instance is running in EC2-Classic, it receives a new private IP address; as the Elastic IP address (EIP. associated with the instance is no longer associated with that instance.

A user is trying to setup a security policy for ELB. The user wants ELB to meet the cipher supported by the client by configuring the server order preference in ELB security policy. Which of the below mentioned
preconfigured policies supports this feature?

  • A. ELBSecurity Policy-2014-01
  • B. ELBSecurity Policy-2011-08
  • C. ELBDefault Negotiation Policy
  • D. ELBSample- OpenSSLDefault Cipher Policy

Answer: A

Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. If the load balancer is configured to support the Server Order Preference, then the load balancer gets to select the first cipher in its list that matches any one of the ciphers in the client's list. When the user verifies the preconfigured policies supported by ELB, the policy “ELBSecurity Policy-2014-01” supports server order preference.

A user is planning to evaluate AWS for their internal use. The user does not want to incur any charge on his account during the evaluation. Which of the below mentioned AWS services would incur a charge if used?

  • A. AWS S3 with 1 GB of storage
  • B. AWS micro instance running 24 hours daily
  • C. AWS ELB running 24 hours a day
  • D. AWS PIOPS volume of 10 GB size

Answer: D

AWS is introducing a free usage tier for one year to help the new AWS customers get started in Cloud. The free tier can be used for anything that the user wants to run in the Cloud. AWS offers a handful of AWS services as a part of this which includes 750 hours of free micro instances and 750 hours of ELB. It includes the AWS S3 of 5 GB and AWS EBS general purpose volume upto 30 GB. PIOPS is not part of free usage tier.

A user is measuring the CPU utilization of a private data centre machine every minute. The machine provides the aggregate of data every hour, such as Sum of data”, “Min value”, “Max value, and “Number of Data points”.
The user wants to send these values to CloudWatch. How can the user achieve this?

  • A. Send the data using the put-metric-data command with the aggregate-values parameter
  • B. Send the data using the put-metric-data command with the average-values parameter
  • C. Send the data using the put-metric-data command with the statistic-values parameter
  • D. Send the data using the put-metric-data command with the aggregate –data parameter

Answer: C

AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. The user can publish the data to CloudWatch as single data points or as an aggregated set of data points called a statistic set using the command put-metric-data. When sending the aggregate data, the user needs to send it with the parameter statistic-values: awscloudwatch put-metric-data --metric-name <Name> --namespace <Custom namespace> --timestamp <UTC Format> --statistic-values Sum=XX,Minimum=YY,Maximum=AA,SampleCount=BB --unit Milliseconds

A user has setup an EBS backed instance and attached 2 EBS volumes to it. The user has setup a CloudWatch alarm on each volume for the disk data. The user has stopped the EC2 instance and detached the EBS volumes. What will be the status of the alarms on the EBS volume?

  • A. OK
  • B. Insufficient Data
  • C. Alarm
  • D. The EBS cannot be detached until all the alarms are removed

Answer: B

Amazon CloudWatch alarm watches a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. Alarms invoke actions only for sustained state changes. There are three states of the alarm: OK, Alarm and Insufficient data. In this case since the EBS is detached and inactive the state will be Insufficient.

You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration.
Which two mechanisms will allow the application to failover to new instances without the need for reconfiguration? Choose 2 answers

  • A. Create an ELB to reroute traffic to a failover instance
  • B. Create a secondary ENI that can be moved to a failover instance
  • C. Use Route53 health checks to fail traffic over to a failover instance
  • D. Assign a secondary private IP address to the primary ENIO that can be moved to a failover instance

Answer: AD

Your EC2-Based Multi-tier application includes a monitoring instance that periodically makes application -level read only requests of various application components and if any of those fail more than three times 30 seconds calls CloudWatch lo fire an alarm, and the alarm notifies your operations team by email and SMS of a possible application health problem. However, you also need to watch the watcher -the monitoring instance itself - and be notified if it becomes unhealthy.
Which of the following is a simple way to achieve that goal?

  • A. Run another monitoring instance that pings the monitoring instance and fires a could watch alarm mat notifies your operations teamshould the primary monitoring instance become unhealth
  • B. Set a CloudWatch alarm based on EC2 system and instance status checks and have the alarm notify your operations team of any detected problem with the monitoring instanc
  • C. Set a CloudWatch alarm based on the CPU utilization of the monitoring instance and nave the alarm notify your operations team if C r the CPU usage exceeds 50% few more than one minute: then have your monitoring application go into a CPU-bound loop should it Detect any application problem
  • D. Have the monitoring instances post messages to an SOS queue and then dequeue those messages on another instance should the queue cease to have new messages, the second instance should first terminate the original monitoring instance start anotherbackup monitoring instance and assume (he role of the previous monitoring instance and beginning adding messages to the SQSqueu

Answer: D

A user runs the command “dd if=/dev/xvdf of=/dev/null bs=1M” on an EBS volume created from a snapshot and attached to a Linux instance. Which of the below mentioned activities is the user performing with the step given above?

  • A. Pre warming the EBS volume
  • B. Initiating the device to mount on the EBS volume
  • C. Formatting the volume
  • D. Copying the data from a snapshot to the device

Answer: A

When the user creates an EBS volume and is trying to access it for the first time it will encounter reduced IOPS due to wiping or initiating of the block storage. To avoid this as well as achieve the best performance it is required to pre warm the EBS volume. For a volume created from a snapshot and attached with a Linux OS, the “dd” command pre warms the existing data on EBS and any restored snapshots of volumes that have been previously fully pre warmed. This command maintains incremental snapshots; however, because this operation is read-only, it does not pre warm unused space that has never been written to on the original volume. In the command “dd if=/dev/xvdf of=/dev/null bs=1M” , the parameter “if=input file” should be set to the drive that the user wishes to warm. The “of=output file” parameter should be set to the Linux null virtual device, /dev/null. The “bs” parameter sets the block size of the read operation; for optimal performance, this should be set to 1 MB.

You are using ElastiCache Memcached to store session state and cache database queries in your infrastructure. You notice in CloudWatch that Evictions and GetMisses are Doth very high.
What two actions could you take to rectify this?
Choose 2 answers

  • A. Increase the number of nodes in your cluster
  • B. Tweak the max_item_size parameter
  • C. Shrink the number of nodes in your cluster
  • D. Increase the size of the nodes in the duster

Answer: BD

A user has configured an HTTPS listener on an ELB. The user has not configured any security policy which can help to negotiate SSL between the client and ELB. What will ELB do in this scenario?

  • A. By default ELB will select the first version of the security policy
  • B. By default ELB will select the latest version of the policy
  • C. ELB creation will fail without a security policy
  • D. It is not required to have a security policy since SSL is already installed

Answer: B

Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. If the user has created an HTTPS/SSL listener without associating any security policy, Elastic Load Balancing will, bydefault, associate the latest version of the ELBSecurityPolicy-YYYY-MM with the load balancer.

An organization has configured the custom metric upload with CloudWatch. The organization has given permission to its employees to upload data using CLI as well SDK. How can the user track the calls made to CloudWatch?

  • A. The user can enable logging with CloudWatch which logs all the activities
  • B. Use CloudTrail to monitor the API calls
  • C. Create an IAM user and allow each user to log the data using the S3 bucket
  • D. Enable detailed monitoring with CloudWatch

Answer: B

AWS CloudTrail is a web service which will allow the user to monitor the calls made to the Amazon CloudWatch API for the organization’s account, including calls made by the AWS Management Console, Command Line Interface (CLI., and other services. When CloudTrail logging is turned on, CloudWatch will write log files into the Amazon S3 bucket, which is specified during the CloudTrail configuration.

P.S. Certstest now are offering 100% pass ensure AWS-SysOps dumps! All AWS-SysOps exam questions have been updated with correct answers: (324 New Questions)