Want to know Exambible aws sysops training Exam practice test features? Want to lear more about Amazon AWS Certified SysOps Administrator Associate certification experience? Study 100% Guarantee Amazon aws sysops administrator answers to Renovate aws sysops exam questions questions at Exambible. Gat a success with an absolute guarantee to pass Amazon aws sysops exam (AWS Certified SysOps Administrator Associate) test on your first attempt.
Q65. - (Topic 3)
A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. Which of the below mentioned SSL protocols is not supported by the security policy?
A. TLS 1.3
B. TLS 1.2
C. SSL 2.0
D. SSL 3.0
Answer: A
Explanation:
Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. Elastic Load Balancing supports the following versions of the SSL protocol: TLS 1.2 TLS 1.1 TLS 1.0 SSL 3.0 SSL 2.0
Q66. - (Topic 1)
When assessing an organization s use of AWS API access credentials which of the following three credentials should be evaluated?
Choose 3 answers
A. Key pairs
B. Console passwords
C. Access keys
D. Signing certificates
E. Security Group memberships
Answer: A,C,D
Explanation: Reference:
http://media.amazonwebservices.com/AWS_Operational_Checklists.pdf
Q67. - (Topic 3)
An organization is planning to create a user with IAM. They are trying to understand the limitations of IAM so that they can plan accordingly. Which of the below mentioned statements is not true with respect to the
limitations of IAM?
A. One IAM user can be a part of a maximum of 5 groups
B. The organization can create 100 groups per AWS account
C. One AWS account can have a maximum of 5000 IAM users
D. One AWS account can have 250 roles
Answer: A
Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The default maximums for each of the IAM entities is given below: Groups per AWS account: 100 Users per AWS account: 5000 Roles per AWS account: 250 Number of groups per user: 10 (that is, one user can be part of these many groups.
Q68. - (Topic 3)
A user is planning to scale up an application by 8 AM and scale down by 7 PM daily using Auto Scaling. What should the user do in this case?
A. Setup the scaling policy to scale up and down based on the CloudWatch alarms
B. The user should increase the desired capacity at 8 AM and decrease it by 7 PM manually
C. The user should setup a batch process which launches the EC2 instance at a specific time
D. Setup scheduled actions to scale up or down at a specific time
Answer: A
Explanation:
Auto Scaling based on a schedule allows the user to scale the application in response to predictable load changes. To configure the Auto Scaling group to scale based on a schedule, the user needs to create scheduled actions. A scheduled action tells Auto Scaling to perform a scaling action at a certain time in the future.
Q69. - (Topic 3)
You have private video content in S3 that you want to serve to subscribed users on the Internet. User IDs, credentials, and subscriptions are stored in an Amazon RDS database.
Which configuration will allow you to securely serve private content to your users?
A. Generate pre-signed URLs for each user as they request access to protected S3 content
B. Create an IAM user for each subscribed user and assign the GetObject permission to each IAM user
C. Create an S3 bucket policy that limits access to your private content to only your subscribed users' credentials
D. Create a CloudFront Origin Identity user for your subscribed users and assign the GetObject permission to this user
Answer: C
Explanation: Reference:
https://java.awsblog.com/post/Tx1VE22EWFR4H86/Accessing-Private-Content-in-Amazon-CloudFront
Q70. - (Topic 1)
You have been asked to automate many routine systems administrator backup and recovery activities. Your current plan is to leverage AWS-managed solutions as much as possible and automate the rest with the AWS CLI and scripts.
Which task would be best accomplished with a script?
A. Creating daily EBS snapshots with a monthly rotation of snapshots
B. Creating daily RDS snapshots with a monthly rotation of snapshots
C. Automatically detect and stop unused or underutilized EC2 instances
D. Automatically add Auto Scaled EC2 instances to an Amazon Elastic Load Balancer
Answer: A
Q71. - (Topic 3)
A user has created a VPC with the public subnet. The user has created a security group for that VPC. Which of the below mentioned statements is true when a security group is created?
A. It can connect to the AWS services, such as S3 and RDS by default
B. It will have all the inbound traffic by default
C. It will have all the outbound traffic by default
D. It will by default allow traffic to the internet gateway
Answer: C
Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. AWS provides two features the user can use to increase security in VPC: security groups and network ACLs. Security groups work at the instance level while ACLs work at the subnet level. When a user creates a security group with AWS VPC, by default it will allow all the outbound traffic but block all inbound traffic.
Q72. - (Topic 3)
A root account owner has given full access of his S3 bucket to one of the IAM users using the bucket ACL. When the IAM user logs in to the S3 console, which actions can he perform?
A. He can just view the content of the bucket
B. He can do all the operations on the bucket
C. It is not possible to give access to an IAM user using ACL
D. The IAM user can perform all operations on the bucket using only API/SDK
Answer: C
Explanation:
Each AWS S3 bucket and object has an ACL (Access Control List. associated with it. An ACL is a list of grants identifying the grantee and the permission granted. The user can use ACLs to grant basic read/write permissions to other AWS accounts. ACLs use an Amazon S3–specific XML schema. The user cannot grant permissions to other users (IAM users. in his account.