Amazon AWS-SysOps Exam Questions 2021

NEW QUESTION 1
A user is trying to pre-warm a blank EBS volume attached to a Linux instance. Which of the below mentioned steps should be performed by the user?

• A. There is no need to pre-warm an EBS volume
• B. Contact AWS support to pre-warm
• C. Unmount the volume before pre-warming
• D. Format the device

Answer: C

Explanation:
When the user creates a new EBS volume or restores a volume from the snapshot, the back-end storage blocks are immediately allocated to the user EBS. However, the first time when the user is trying to access a block of the storage, it is recommended to either be wiped from the new volumes or instantiated from the snapshot (for restored volumes. before the user can access the block. This preliminary action takes time and can cause a 5 to 50 percent loss of IOPS for the volume when the block is accessed for the first time. To avoid this it is required to pre warm the volume. Pre-warming an EBS volume on a Linux instance requires that the user should unmount the blank device first and then write all the blocks on the device using a command, such as “dd”.

NEW QUESTION 2
An organization is using cost allocation tags to find the cost distribution of different departments and projects. One of the instances has two separate tags with the key/ value as “InstanceName/HR”, “CostCenter/HR”. What will AWS do in this case?

• A. InstanceName is a reserved tag for AW
• B. Thus, AWS will not allow this tag
• C. AWS will not allow the tags as the value is the same for different keys
• D. AWS will allow tags but will not show correctly in the cost allocation report due to the same value of the two separate keys
• E. AWS will allow both the tags and show properly in the cost distribution report

Answer: D

Explanation:
AWS provides cost allocation tags to categorize and track the AWS costs. When the user applies tags to his AWS resources, AWS generates a cost allocation report as a comma-separated value (CSV file. with the usage and costs aggregated by those tags. Each tag will have a key-value and can be applied to services, such as EC2, S3, RDS, EMR, etc. It is required that the key should be different for each tag. The value can be the same for different keys. In this case since the value is different, AWS will properly show the distribution report with the correct values.

NEW QUESTION 3
An application you maintain consists of multiple EC2 instances in a default tenancy VPC. This application has undergone an internal audit and has been determined to require dedicated hardware for one instance. Your compliance team has given you a week to move this instance to single-tenant hardware.
Which process will have minimal impact on your application while complying with this requirement?

• A. Create a new VPC with tenancy=dedicated and migrate to the new VPC
• B. Use ec2-reboot-instances command line and set the parameter "dedicated=true"
• C. Right click on the instance, select properties and check the box for dedicated tenancy
• D. Stop the instance, create an AMI, launch a new instance with tenancy=dedicated, and terminate the old instance

Answer: A

Explanation: Reference:
http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-CreateVpc.html

NEW QUESTION 4
A sys admin is trying to understand EBS snapshots. Which of the below mentioned statements will not be
useful to the admin to understand the concepts about a snapshot?

• A. The snapshot is synchronous
• B. It is recommended to stop the instance before taking a snapshot for consistent data
• C. The snapshot is incremental
• D. The snapshot captures the data that has been written to the hard disk when the snapshot command was executed

Answer: A

Explanation:
The AWS snapshot is a point in time backup of an EBS volume. When the snapshot command is executed it will capture the current state of the data that is written on the drive and take a backup. For a better and consistent snapshot of the root EBS volume, AWS recommends stopping the instance. For additional volumes it is recommended to unmount the device. The snapshots are asynchronous and incremental.

NEW QUESTION 5
A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at rest. If the user is supplying his own keys for encryption (SSE-C., what is recommended to the user for the purpose of security?

• A. The user should not use his own security key as it is not secure
• B. Configure S3 to rotate the user’s encryption key at regular intervals
• C. Configure S3 to store the user’s keys securely with SSL
• D. Keep rotating the encryption key manually at the client side

Answer: D

Explanation:
AWS S3 supports client side or server side encryption to encrypt all data at Rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key (SSE-C.. Since S3 does not store the encryption keys in SSE-C, it is recommended that the user should manage keys securely and keep rotating them regularly at the client side version.

NEW QUESTION 6
A user has launched an EBS backed EC2 instance. The user has rebooted the instance. Which of the below mentioned statements is not true with respect to the reboot action?

• A. The private and public address remains the same
• B. The Elastic IP remains associated with the instance
• C. The volume is preserved
• D. The instance runs on a new host computer

Answer: D

Explanation:
A user can reboot an EC2 instance using the AWS console, the Amazon EC2 CLI or the Amazon EC2 API. Rebooting an instance is equivalent to rebooting an operating system. However, it is recommended that the user use the Amazon EC2 to reboot the instance instead of running the operating system reboot command from the instance. The instance remains on the same host computer and maintains its public DNS name, private IP address, and any data on its instance store volumes. It typically takes a few minutes for the reboot to complete, but the time it takes to reboot depends on the instance configuration.

NEW QUESTION 7
Which of the following statements about this S3 bucket policy is true?

• A. Denies the server with the IP address 192.166 100.0 full access to the "mybucket" bucket
• B. Denies the server with the IP address 192.166 100.188 full access to the "mybucket bucket
• C. Grants all the servers within the 192 168 100 0/24 subnet full access to the "mybucket" bucket
• D. Grants all the servers within the 192 168 100 188/32 subnet full access to the "mybucket" bucket

Answer: C

NEW QUESTION 8
A user has launched an EC2 instance from an instance store backed AMI. The infrastructure team wants to create an AMI from the running instance. Which of the below mentioned credentials is not required while creating the AMI?

• A. AWS account ID
• B. X.509 certificate and private key
• C. AWS login ID to login to the console
• D. Access key and secret access key

Answer: C

Explanation:
When the user has launched an EC2 instance from an instance store backed AMI and the admin team wants to create an AMI from it, the user needs to setup the AWS AMI or the API tools first. Once the tool is setup the user will need the following credentials:
AWS account ID;
AWS access and secret access key;
X.509 certificate with private key.

NEW QUESTION 9
An organization (Account ID 123412341234. has attached the below mentioned IAM policy to a user. What does this policy statement entitle the user to perform?
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "AllowUsersAllActionsForCredentials",
"Effect": "Allow",
"Action": [
"iam:*LoginProfile",
"iam:*AccessKey*",
"iam:*SigningCertificate*"
],
"Resource": ["arn:aws:iam:: 123412341234:user/${aws:username}"]
}]
}

• A. The policy allows the IAM user to modify all IAM user’s credentials using the console, SDK, CLI or APIs
• B. The policy will give an invalid resource error
• C. The policy allows the IAM user to modify all credentials using only the console
• D. The policy allows the user to modify all IAM user’s password, sign in certificates and access keys using only CLI, SDK or APIs

Answer: D

Explanation:
WS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the organization (Account ID 123412341234. wants some of their users to manage credentials (access keys, password, and sing in certificates. of all IAM users, they should set an applicable policy to that user or group of users. The below mentioned policy allows the IAM user to modify the credentials of all IAM user’s using only CLI, SDK or APIs. The user cannot use the AWS
console for this activity since he does not have list permission for the IAM users.
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "AllowUsersAllActionsForCredentials",
"Effect": "Allow"
"Action": [
"iam:*LoginProfile",
"iam:*AccessKey*",
"iam:*SigningCertificate*"
],
"Resource": ["arn:aws:iam::123412341234:user/${aws:username}"]
Amazon AWS-SysOps : Practice Test
}] }

NEW QUESTION 10
A .NET application that you manage is running in Elastic Beanstalk. Your developers tell you they will need access to application log files to debug issues that arise. The infrastructure will scale up and down.
How can you ensure the developers will be able to access only the log files?

• A. Access the log files directly from Elastic Beanstalk
• B. Enable log file rotation to S3 within the Elastic Beanstalk configuration
• C. Ask your developers to enable log file rotation in the applications web.config file
• D. Connect to each Instance launched by Elastic Beanstalk and create a Windows Scheduled task to rotate the log files to S3.

Answer: D

Explanation: Reference:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.loggingS3.title.html

NEW QUESTION 11
You have a server with a 5O0GB Amazon EBS data volume. The volume is 80% full. You need to back up the volume at regular intervals and be able to re-create the volume in a new Availability Zone in the shortest time possible. All applications using the volume can be paused for a period of a few minutes with no discernible user impact.
Which of the following backup methods will best fulfill your requirements?

• A. Take periodic snapshots of the EBS volume
• B. Use a third party Incremental backup application to back up to Amazon Glacier
• C. Periodically back up all data to a single compressed archive and archive to Amazon S3 using a parallelized multi-part upload
• D. Create another EBS volume in the second Availability Zone attach it to the Amazon EC2 instance, and use a disk manager to mirror me two disks

Answer: D

Explanation: Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html

NEW QUESTION 12
You have two Elastic Compute Cloud (EC2) instances inside a Virtual Private Cloud (VPC) in the same Availability Zone (AZ) but in different subnets. One instance is running a database and the other instance an application that will interface with the database. You want to confirm that they can talk to each other for your application to work properly.
Which two things do we need to confirm in the VPC settings so that these EC2 instances can communicate inside the VPC? Choose 2 answers

• A. A network ACL that allows communication between the two subnet
• B. Both instances are the same instance class and using the same Key-pai
• C. That the default route is set to a NAT instance or internet Gateway (IGW) for them to communicat
• D. Security groups are set to allow the application host to talk to the database on the right port/protoco

Answer: AD

NEW QUESTION 13
If you want to launch Amazon Elastic Compute Cloud (EC2) Instances and assign each Instance a predetermined private IP address you should:

• A. Assign a group or sequential Elastic IP address to the instances
• B. Launch the instances in a Placement Group
• C. Launch the instances in the Amazon virtual Private Cloud (VPC).
• D. Use standard EC2 instances since each instance gets a private Domain Name Service (DNS) already
• E. Launch the Instance from a private Amazon Machine image (Mil)

Answer: C

Explanation: Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-ip-addressing.html

NEW QUESTION 14
A user has launched an EC2 instance and deployed a production application in it. The user wants to prohibit any mistakes from the production team to avoid accidental termination.
How can the user achieve this?

• A. The user can the set DisableApiTermination attribute to avoid accidental termination
• B. It is not possible to avoid accidental termination
• C. The user can set the Deletion termination flag to avoid accidental termination
• D. The user can set the InstanceInitiatedShutdownBehavior flag to avoid accidental termination

Answer: A

Explanation:
It is always possible that someone can terminate an EC2 instance using the Amazon EC2 console, command line interface or API by mistake. If the admin wants to prevent the instance from being accidentally terminated, he can enable termination protection for that instance. The DisableApiTermination attribute controls whether the instance can be terminated using the console, CLI or API. By default, termination protection is disabled for an EC2 instance. When it is set it will not allow the user to terminate the instance from CLI, API or the console.

NEW QUESTION 15
A customer is using AWS for Dev and Test. The customer wants to setup the Dev environment with
Cloudformation. Which of the below mentioned steps are not required while using Cloudformation?

• A. Create a stack
• B. Configure a service
• C. Create and upload the template
• D. Provide the parameters configured as part of the template

Answer: B

Explanation:
AWS Cloudformation is an application management tool which provides application modelling, deployment, configuration, management and related activities. AWS CloudFormation introduces two concepts: the template and the stack. The template is a JSON-format, text-based file that describes all the AWS resources required to deploy and run an application. The stack is a collection of AWS resources which are created and managed as a single unit when AWS CloudFormation instantiates a template. While creating a stack, the user uploads the template and provides the data for the parameters if required.

NEW QUESTION 16
When an EC2 instance that is backed by an S3-based AMI Is terminated, what happens to the data on me root volume?

• A. Data is automatically saved as an E8S volum
• B. Data is automatically saved as an ESS snapsho
• C. Data is automatically delete
• D. Data is unavailable until the instance is restarte

Answer: C

Explanation: Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ComponentsAMIs.html

NEW QUESTION 17
You have a web-style application with a stateless but CPU and memory-intensive web tier running on a cc2 8xlarge EC2 instance inside of a VPC The instance when under load is having problems returning requests within the SLA as defined by your business The application maintains its state in a DynamoDB table, but the data tier is properly provisioned and responses are consistently fast.
How can you best resolve the issue of the application responses not meeting your SLA?

• A. Add another cc2 8xlarge application instance, and put both behind an Elastic Load Balancer
• B. Move the cc2 8xlarge to the same Availability Zone as the DynamoDB table
• C. Cache the database responses in ElastiCache for more rapid access
• D. Move the database from DynamoDB to RDS MySQL in scale-out read-replica configuration

Answer: B

Explanation: Reference:
http://aws.amazon.com/elasticmapreduce/faqs/

NEW QUESTION 18
An organization has configured Auto Scaling with ELB. There is a memory issue in the application which is causing CPU utilization to go above 90%. The higher CPU usage triggers an event for Auto Scaling as per the scaling policy. If the user wants to find the root cause inside the application without triggering a scaling activity, how can he achieve this?

• A. Stop the scaling process until research is completed
• B. It is not possible to find the root cause from that instance without triggering scaling
• C. Delete Auto Scaling until research is completed
• D. Suspend the scaling process until research is completed

Answer: D

Explanation:
Auto Scaling allows the user to suspend and then resume one or more of the Auto Scaling processes in the Auto Scaling group. This is very useful when the user wants to investigate a configuration problem or some other issue, such as a memory leak with the web application and then make changes to the application, without triggering the Auto Scaling process.