AWS Certified SysOps Administrator Associate

AWS Certified SysOps Administrator Associate
Exam Code : AWS-SysOpsExam Name : AWS Certified SysOps Administrator AssociateTopic 1, Volume AQuestion No : 1A media company produces new video files on-premises every day with a total size of around 100GBS after compression All files have a size of 1 -2 GB and need to be uploaded to Amazon S3 every night in a fixed time window between 3am and 5am Current upload takes almost 3 hours, although less than half of the available bandwidth is used.What step(s) would ensure that the file uploads are able to complete in the allotted time window?A. Increase your network bandwidth to provide faster throughput to S3B. Upload the files in parallel to S3C. Pack all files into a single archive, upload it to S3, then extract the files in AWSD. Use AWS Import/Export to transfer the video filesAnswer: BReference: No : 2You are designing a system that has a Bastion host. This component needs to be highly available without human intervention.Which of the following approaches would you select?A. Run the bastion on two instances one in each AZB. Run the bastion on an active Instance in one AZ and have an AMI ready to boot up in the event of failureC. Configure the bastion instance in an Auto Scaling group Specify the Auto Scaling group to include multiple AZs but have a min-size of 1 and max-size of 1D. Configure an ELB in front of the bastion instanceAnswer: CQuestion No : 3You receive a frantic call from a new DBA who accidentally dropped a table containing all your customers.Which Amazon RDS feature will allow you to reliably restore your database to within 5 minutes of when the mistake was made?A. Multi-AZ RDSB. RDS snapshotsC. RDS read replicasD. RDS automated backupAnswer: DReference: ringAmazonRDSInstances.htmlQuestion No : 4 - (Topic 1)You have a web-style application with a stateless but CPU and memory-intensive web tier running on a cc2 8xlarge EC2 instance inside of a VPC The instance when under load is having problems returning requests within the SLA as defined by your business The application maintains its state in a DynamoDB table, but the data tier is properly provisioned and responses are consistently fast.How can you best resolve the issue of the application responses not meeting your SLA?A. Add another cc2 8xlarge application instance, and put both behind an Elastic Load BalancerB. Move the cc2 8xlarge to the same Availability Zone as the DynamoDB tableC. Cache the database responses in ElastiCache for more rapid accessD. Move the database from DynamoDB to RDS MySQL in scale-out read-replica configurationAnswer: BReference: attached to an Amazon VPC which two components provide connectivity with external networks? Choose 2 answersA. Elastic IPS (EIP)B. NAT Gateway (NAT)C. Internet Gateway {IGW)D. Virtual Private Gateway (VGW)Answer: C,DQuestion No : 6 - (Topic 1)When an EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store volumes?A. Data will be deleted and win no longer be accessibleB. Data is automatically saved in an EBS volume.C. Data is automatically saved as an EBS snapshotD. Data is unavailable until the instance is restartedAnswer: AQuestion No : 7 - (Topic 1)You are running a web-application on AWS consisting of the following components an Elastic Load Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and Relational DataBase Service (RDS) MySQL.Which security measures fall into AWS's responsibility?A. Protect the EC2 instances against unsolicited access by enforcing the principle of least-privilege accessB. Protect against IP spoofing or packet sniffingC. Assure all communication between EC2 instances and ELB is encryptedD. Install latest security patches on ELB. RDS and EC2 instancesAnswer: BQuestion No : 8 - (Topic 1)You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers deployed using an Auto Scaling Group Your database is running on Relational Database Service (RDS) The application serves out technical articles and responses to them in general there are more views of an article than there are responses to the article. On occasion, an article on the site becomes extremely popular resulting in significant traffic Increases that causes the site to go down.What could you do to help alleviate the pressure on the infrastructure while maintaining availability during these events?Choose 3 answersA. Leverage CloudFront for the delivery of the articles.B. Add RDS read-replicas for the read traffic going to your relational databaseC. Leverage ElastiCache for caching the most frequently used data.D. Use SOS to queue up the requests for the technical posts and deliver them out of the queue.E. Use Route53 health checks to fail over to an S3 bucket for an error page.Answer: A,B,CQuestion No : 9 - (Topic 1)Which of the following statements about this S3 bucket policy is true?A. Denies the server with the IP address 192 168 100 0 full access to the "mybucket" bucketB. Denies the server with the IP address 192 168 100 188 full access to the "mybucket" bucketC. Grants all the servers within the 192 168 100 0/24 subnet full access to the "mybucket" bucketD. Grants all the servers within the 192 168 100 188/32 subnet full access to the "mybucket" bucketAnswer: BYou need to design a VPC for a web-application consisting of an Elastic Load Balancer(ELB). a fleet of web/application servers, and an RDS database The entire Infrastructuremust be distributed over 2 availability zones.Which VPC configuration works while assuring the database is not available from the Internet?A. One public subnet for ELB one public subnet for the web-servers, and one private subnet for the databaseB. One public subnet for ELB two private subnets for the web-servers, two private subnets for RDSC. Two public subnets for ELB two private subnets for the web-servers and two private subnets for RDSD. Two public subnets for ELB two public subnets for the web-servers, and two public subnets for RDSAnswer: CQuestion No : 11 - (Topic 1)You are running a database on an EC2 instance, with the data stored on Elastic Block Store (EBS) for persistence At times throughout the day, you are seeing large variance in the response times of the database queries Looking into the instance with the isolate command you see a lot of wait time on the disk volume that the database's data is stored on.What two ways can you improve the performance of the database's storage while maintaining the current persistence of the data?Choose 2 answersA. Move to an SSD backed instanceB. Move the database to an EBS-Optimized InstanceC. T Use Provisioned IOPs EBSD. Use the ephemeral storage on an m2 4xiarge Instance InsteadAnswer: B,CQuestion No : 12You are tasked with the migration of a highly trafficked Node JS application to AWS Inorder to comply with organizational standards Chef recipes must be used to configure the application servers that host this application and to support application lifecycle events.Which deployment option meets these requirements while minimizing administrative burden?A. Create a new stack within Opsworks add the appropriate layers to the stack and deploy the applicationB. Create a new application within Elastic Beanstalk and deploy this application to a new environmentC. Launch a Mode JS server from a community AMI and manually deploy the application to the launched EC2 instanceD. Launch and configure Chef Server on an EC2 instance and leverage the AWS CLI to launch application servers and configure those instances using Chef.Answer: AQuestion No : 13Your entire AWS infrastructure lives inside of one Amazon VPC You have an Infrastructure monitoring application running on an Amazon instance in Availability Zone (AZ) A of the region, and another application instance running in AZ B. The monitoring application needs to make use of ICMP ping to confirm network reachability of the instance hosting the application.Can you configure the security groups for these instances to only allow the ICMP ping to pass from the monitoring instance to the application instance and nothing else'' If so how?A. No Two instances in two different AZ's can't talk directly to each other via ICMP ping as that protocol is not allowed across subnet (iebroadcast) boundariesB. Yes Both the monitoring instance and the application instance have to be a part of the same security group, and that security group needs to allow inbound ICMPC. Yes, The security group for the monitoring instance needs to allow outbound ICMP and the application instance's security group needs to allow Inbound ICMPD. Yes, Both the monitoring instance's security group and the application instance's security group need to allow both inbound and outbound ICMP ping packets since ICMP is not a connection-oriented protocolAnswer: CQuestion No : 14 - (Topic 1)You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration.Which two mechanisms will allow the application to failover to new instances without the need for reconfiguration? Choose 2 answersA. Create an ELB to reroute traffic to a failover instanceB. Create a secondary ENI that can be moved to a failover instanceC. Use Route53 health checks to fail traffic over to a failover instanceD. Assign a secondary private IP address to the primary ENIO that can be moved to a failover instanceAnswer: B,DQuestion No : 15 - (Topic 1)You are attempting to connect to an instance in Amazon VPC without success You have already verified that the VPC has an Internet Gateway (IGW) the instance has an associated Elastic IP (EIP) and correct security group rules are in place.Which VPC component should you evaluate next?A. The configuration of a NAT instanceB. The configuration of the Routing TableC. The configuration of the internet Gateway (IGW)D. The configuration of SRC/DST checkingAnswer: BReference: orVPC.htmlQuestion No : 16When creation of an EBS snapshot Is initiated but not completed the EBS volume?A. Cannot De detached or attached to an EC2 instance until me snapshot completesB. Can be used in read-only mode while me snapshot is in progressC. Can be used while me snapshot Is in progressD. Cannot be used until the snapshot completesAnswer: CReference: No : 17What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment of the primary OB instance fails?A. The IP of the primary DB instance is switched to the standby OB instanceB. The RDS (Relational Database Service) DB instance rebootsC. A new DB instance is created in the standby availability zoneD. The canonical name record (CNAME) is changed from primary to standbyAnswer: DQuestion No : 18You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied for the next 24 hours.Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address blockB. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address blockC. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address blockD. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address blockAnswer: BReference: No : 19You have two Elastic Compute Cloud (EC2) instances inside a Virtual Private Cloud (VPC) in the same Availability Zone (AZ) but in different subnets. One instance is running a database and the other instance an application that will interface with the database. You want to confirm that they can talk to each other for your application to work properly.Which two things do we need to confirm in the VPC settings so that these EC2 instances can communicate inside the VPC?Choose 2 answersA. A network ACL that allows communication between the two subnets.B. Both instances are the same instance class and using the same Key-pair.C. That the default route is set to a NAT instance or internet Gateway (IGW) for them to communicate.D. Security groups are set to allow the application host to talk to the database on the right port/protocol.Answer: A,DQuestion No : 20Which of the following requires a custom CloudWatch metric to monitor?A. Data transfer of an EC2 instanceB. Disk usage activity of an EC2 instanceC. Memory Utilization of an EC2 instanceD. CPU Utilization of an EC2 instanceAnswer: CReference:

Write a review

Note: HTML is not translated!
    Bad           Good
  • Vendor: Amazon
  • Exam Code: AWS-SysOps
  • Total Questions: 324
  • Update Time: 2017-08-31
  • Availability: In Stock
  • $69.00

Available Formats

Tags: aws, certified, sysops, administrator, associate, amazon, certifications, aws-sysops