Amazon AWS-SysOps Exam Dumps 2021

NEW QUESTION 1
A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the
VPN gateway (vgw-12345. to connect to the user’s data centre. The user’s data centre has CIDR 172.28.0.0/12. The user has also setup a NAT instance (i-123456. to allow traffic to the internet from the VPN subnet. Which of the below mentioned options is not a valid entry for the main route table in this scenario?

• A. Destination: 20.0.1.0/24 and Target: i-12345
• B. Destination: 0.0.0.0/0 and Target: i-12345
• C. Destination: 172.28.0.0/12 and Target: vgw-12345
• D. Destination: 20.0.0.0/16 and Target: local

Answer: A

Explanation:
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the user has setup a NAT instance to route all the internet requests then all requests to the internet should be routed to it. All requests to the organization’s DC will be routed to the VPN gateway. Here are the valid entries for the main route table in this scenario: Destination: 0.0.0.0/0 & Target: i-12345 (To route all internet traffic to the NAT Instance. Destination: 172.28.0.0/12 & Target: vgw-12345 (To route all the organization’s data centre traffic to the VPN gateway. Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC.

NEW QUESTION 2
You have started a new job and are reviewing your company's infrastructure on AWS You notice one web application where they have an Elastic Load Balancer (&B) in front of web instances in an Auto Scaling Group When you check the metrics for the ELB in CloudWatch you see four healthy instances In Availability Zone (AZ) A and zero in AZ B There are zero unhealthy instances.
What do you need to fix to balance the instances across AZs?

• A. Set the ELB to only be attached to another AZ
• B. Make sure Auto Scaling is configured to launch in both AZs
• C. Make sure your AMI is available in both AZs
• D. Make sure the maximum size of the Auto Scaling Group is greater than 4

Answer: B

NEW QUESTION 3
A user has a refrigerator plant. The user is measuring the temperature of the plant every 15 minutes. If the user wants to send the data to CloudWatch to view the data visually, which of the below mentioned statements is true with respect to the information given above?

• A. The user needs to use AWS CLI or API to upload the data
• B. The user can use the AWS Import Export facility to import data to CloudWatch
• C. The user will upload data from the AWS console
• D. The user cannot upload data to CloudWatch since it is not an AWS service metric

Answer: A

Explanation:
AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. While sending the data the user has to include the metric name, namespace and timezone as part of the request.

NEW QUESTION 4
A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user’s data centre. Which of the below mentioned options is a valid entry for the main route table in this scenario?

• A. Destination: 20.0.0.0/24 and Target: vgw-12345
• B. Destination: 20.0.0.0/16 and Target: ALL
• C. Destination: 20.0.1.0/16 and Target: vgw-12345
• D. Destination: 0.0.0.0/0 and Target: vgw-12345

Answer: D

Explanation:
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. Here are the valid entries for the main route table in this scenario: Destination: 0.0.0.0/0 & Target: vgw-12345 (To route all internet traffic to the VPN gateway. Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC.

NEW QUESTION 5
A user has setup an RDS DB with Oracle. The user wants to get notifications when someone modifies the
security group of that DB. How can the user configure that?

• A. It is not possible to get the notifications on a change in the security group
• B. Configure SNS to monitor security group changes
• C. Configure event notification on the DB security group
• D. Configure the CloudWatch alarm on the DB for a change in the security group

Answer: C

Explanation:
Amazon RDS uses the Amazon Simple Notification Service to provide a notification when an Amazon RDS event occurs. These events can be configured for source categories, such as DB instance, DB security group, DB snapshot and DB parameter group. If the user is subscribed to a Configuration Change category for a DB security group, he will be notified when the DB security group is changed.

NEW QUESTION 6
A user has launched an EBS backed EC2 instance in the US-East-1a region. The user stopped the instance and started it back after 20 days. AWS throws up an ‘InsufficientInstanceCapacity’ error. What can be the possible reason for this?

• A. AWS does not have sufficient capacity in that availability zone
• B. AWS zone mapping is changed for that user account
• C. There is some issue with the host capacity on which the instance is launched
• D. The user account has reached the maximum EC2 instance limit

Answer: A

Explanation:
When the user gets an ‘InsufficientInstanceCapacity’ error while launching or starting an EC2 instance, it means that AWS does not currently have enough available capacity to service the user request. If the user is requesting a large number of instances, there might not be enough server capacity to host them. The user can either try again later, by specifying a smaller number of instances or changing the availability zone if launching a fresh instance.

NEW QUESTION 7
A user has configured a VPC with a new subnet. The user has created a security group. The user wants to configure that instances of the same subnet communicate with each other. How can the user configure this with the security group?

• A. There is no need for a security group modification as all the instances can communicate with each other inside the same subnet
• B. Configure the subnet as the source in the security group and allow traffic on all the protocols and ports
• C. Configure the security group itself as the source and allow traffic on all the protocols and ports
• D. The user has to use VPC peering to configure this

Answer: C

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. AWS provides two features that the user can use to increase security in VPC: security groups and network ACLs. Security groups work at the instance level. If the user is using the default security group it will have a rule which allows the instances to communicate with other. For a new security group the user has to specify the rule, add it to define the source as the security group itself, and select all the protocols and ports for that source.

NEW QUESTION 8
A user has created a mobile application which makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK and root account access/secret access key to connect to DynamoDB from mobile. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?

• A. The user should create a separate IAM user for each mobile application and provide DynamoDB access with it
• B. The user should create an IAM role with DynamoDB and EC2 acces
• C. Attach the role with EC2 and route all calls from the mobile through EC2
• D. The application should use an IAM role with web identity federation which validates calls to DynamoDB with identity providers, such as Google, Amazon, and Facebook
• E. Create an IAM Role with DynamoDB access and attach it with the mobile application

Answer: C

Explanation:
With AWS IAM a user is creating an application which runs on an EC2 instance and makes requests to AWS, such as DynamoDB or S3 calls. Here it is recommended that the user should not create an IAM user and pass the user's credentials to the application or embed those credentials inside the application. If the user is creating an app that runs on a mobile phone and makes requests to AWS, the user should not create an IAMuser and distribute the user's access key with the app. Instead, he should use an identity provider, such as Login with Amazon, Facebook, or Google to authenticate the users, and then use that identity to get temporary security credentials.

NEW QUESTION 9
A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned services provides detailed monitoring with CloudWatch without charging the user extra?

• A. AWS Auto Scaling
• B. AWS Route 53
• C. AWS EMR
• D. AWS SNS

Answer: B

Explanation:
CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. Services, such as RDS, ELB, OpsWorks, and Route 53 can provide the monitoring data every minute without charging the user.

NEW QUESTION 10
Your team Is excited about the use of AWS because now they have access to programmable Infrastructure" You have been asked to manage your AWS infrastructure In a manner similar to the way you might manage application code You want to be able to deploy exact copies of different versions of your infrastructure, stage changes into different environments, revert back to previous versions, and identify what versions are running at any particular time (development test QA. production).
Which approach addresses this requirement?

• A. Use cost allocation reports and AWS Opsworks to deploy and manage your infrastructur
• B. Use AWS CloudWatch metrics and alerts along with resource tagging to deploy and manage your infrastructur
• C. Use AWS Beanstalk and a version control system like GIT to deploy and manage your infrastructur
• D. Use AWS CloudFormation and a version control system like GIT to deploy and manage your infrastructur

Answer: B

Explanation: Reference:
http://aws.amazon.com/opsworks/faqs/

NEW QUESTION 11
A user is using Cloudformation to launch an EC2 instance and then configure an application after the instance is launched. The user wants the stack creation of ELB and AutoScaling to wait until the EC2 instance is launched and configured properly. How can the user configure this?

• A. It is not possible that the stack creation will wait until one service is created and launched
• B. The user can use the HoldCondition resource to wait for the creation of the other dependent resources
• C. The user can use the DependentCondition resource to hold the creation of the other dependent resources
• D. The user can use the WaitCondition resource to hold the creation of the other dependent resources

Answer: D

Explanation:
AWS Cloudformation is an application management tool which provides application modelling, deployment, configuration, management and related activities. AWS CloudFormation provides a WaitCondition resource which acts as a barrier and blocks the creation of other resources until a completion signal is received from an external source, such as a user application or management system.

NEW QUESTION 12
An organization has created a Queue named “modularqueue” with SQS. The organization is not performing any operations such as SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission on the queue. What can happen in this scenario?

• A. AWS SQS sends notification after 15 days for inactivity on queue
• B. AWS SQS can delete queue after 30 days without notification
• C. AWS SQS marks queue inactive after 30 days
• D. AWS SQS notifies the user after 2 weeks and deletes the queue after 3 week

Answer: B

Explanation:
Amazon SQS can delete a queue without notification if one of the following actions hasn't been performed on it for 30 consecutive days: SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission.

NEW QUESTION 13
A user has created a VPC with public and private subnets. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.1.0/24 and the public subnet uses CIDR 20.0.0.0/24. The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306.. The user is configuring a security group of the NAT instance. Which of the below mentioned entries is not required for the NAT security group?

• A. For Inbound allow Source: 20.0.1.0/24 on port 80
• B. For Outbound allow Destination: 0.0.0.0/0 on port 80
• C. For Inbound allow Source: 20.0.0.0/24 on port 80
• D. For Outbound allow Destination: 0.0.0.0/0 on port 443

Answer: C

Explanation:
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet to host the web server and DB server respectively, the user should configure that the instances in the private subnet can connect to the internet using the NAT instances. The user should first configure that NAT can receive traffic on ports 80 and 443 from the private subnet. Thus, allow ports 80 and 443 in Inbound for the private subnet 20.0.1.0/24. Now to route this traffic to the internet configure ports 80 and Amazon AWS-SysOps : Practice Test
443 in Outbound with destination 0.0.0.0/0. The NAT should not have an entry for the public subnet CIDR.

NEW QUESTION 14
A user has configured ELB with a TCP listener at ELB as well as on the back-end instances. The user wants to enable a proxy protocol to capture the source and destination IP information in the header. Which of the below mentioned statements helps the user understand a proxy protocol with TCP configuration?

• A. If the end user is requesting behind a proxy server then the user should not enable a proxy protocol on ELB
• B. ELB does not support a proxy protocol when it is listening on both the load balancer and the back-end instances
• C. Whether the end user is requesting from a proxy server or directly, it does not make a difference for the proxy protocol
• D. If the end user is requesting behind the proxy then the user should add the “isproxy” flag to the ELB Configuration

Answer: A

Explanation:
When the user has configured Transmission Control Protocol (TCP. or Secure Sockets Layer (SSL. for both front-end and back-end connections of the Elastic Load Balancer, the load balancer forwards the request to the back-end instances without modifying the request headers unless the proxy header is enabled. If the end user is requesting from a Proxy Protocol enabled proxy server, then the ELB admin should not enable the Proxy Protocol on the load balancer. If the Proxy Protocol is enabled on both the proxy server and the load balancer, the load balancer will add another header to the request which already has a header from the proxy server. This duplication may result in errors.

NEW QUESTION 15
The majority of your Infrastructure is on premises and you have a small footprint on AWS Your company has decided to roll out a new application that is heavily dependent on low latency connectivity to LOAP for authentication Your security policy requires minimal changes to the company's existing application user management processes.
What option would you implement to successfully launch this application1?

• A. Create a second, independent LOAP server in AWS for your application to use for authentication
• B. Establish a VPN connection so your applications can authenticate against your existing on-premises LDAP servers
• C. Establish a VPN connection between your data center and AWS create a LDAP replica on AWS and configure your application to use the LDAP replica for authentication
• D. Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between your new and existing domains and use the new domain for authentication

Answer: D

Explanation: Reference:
http://msdn.microsoft.com/en-us/library/azure/jj156090.aspx

NEW QUESTION 16
A user has created an S3 bucket which is not publicly accessible. The bucket is having thirty objects which are also private. If the user wants to make the objects public, how can he configure this with minimal efforts?

• A. The user should select all objects from the console and apply a single policy to mark them public
• B. The user can write a program which programmatically makes all objects public using S3 SDK
• C. Set the AWS bucket policy which marks all objects as public
• D. Make the bucket ACL as public so it will also mark all objects as public

Answer: C

Explanation:
A system admin can grant permission of the S3 objects or buckets to any user or make the objects public using the bucket policy and user policy. Both use the JSON-based access policy language. Generally if the user is defining the ACL on the bucket, the objects in the bucket do not inherit it and vice a versa. The bucket policy can be defined at the bucket level which allows the objects as well as the bucket to be public with a single policy applied to that bucket.

NEW QUESTION 17
A user has created a VPC with public and private subnets using the VPC wizard. The user has not launched any instance manually and is trying to delete the VPC. What will happen in this scenario?

• A. It will not allow to delete the VPC as it has subnets with route tables
• B. It will not allow to delete the VPC since it has a running route instance
• C. It will terminate the VPC along with all the instances launched by the wizard
• D. It will not allow to delete the VPC since it has a running NAT instance

Answer: D

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet, the instances in the public subnet can receive inbound traffic directly from the Internet, whereas the instances in the private subnet cannot. If these subnets are created with Wizard, AWS will create a NAT instance with an elastic IP. If the user is trying to delete the VPC it will not allow as the NAT instance is still running.

NEW QUESTION 18
Your company Is moving towards tracking web page users with a small tracking
Image loaded on each page Currently you are serving this image out of US-East, but are starting to get concerned about the time It takes to load the image for users on the west coast.
What are the two best ways to speed up serving this image?
Choose 2 answers

• A. Use Route 53's Latency Based Routing and serve the image out of US-West-2 as well as US-East-1
• B. Serve the image out through CloudFront
• C. Serve the image out of S3 so that it isn't being served oft of your web application tier
• D. Use EBS PIOPs to serve the image faster out of your EC2 instances

Answer: AD