A Complete Guide to aws certified sysops administrator book

Proper study guides for Update Amazon AWS Certified SysOps Administrator Associate certified begins with Amazon aws certified sysops administrator salary preparation products which designed to deliver the Pinpoint aws sysops pdf questions by making you pass the aws sysops pdf test at your first time. Try the free aws sysops training demo right now.

2017 NEW RECOMMEND

Free VCE & PDF File for Amazon AWS-SysOps Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW AWS-SysOps Exam Dumps (PDF & VCE):
Available on:
http://www.certleader.com/AWS-SysOps-dumps.html

Q21. – (Topic 2) 

A user has setup a CloudWatch alarm on an EC2 action when the CPU utilization is above 75%. The alarm sends a notification to SNS on the alarm state. If the user wants to simulate the alarm action how can he achieve this? 

A. Run activities on the CPU such that its utilization reaches above 75% 

B. From the AWS console change the state to ‘Alarm’ 

C. The user can set the alarm state to ‘Alarm’ using CLI 

D. Run the SNS action manually 

Answer:

Explanation: 

Amazon CloudWatch alarms watch a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods.The user can test an alarm by setting it to any state using the SetAlarmState API (mon-set-alarm-state command.. This temporary state change lasts only until the next alarm comparison occurs. 

Q22. – (Topic 3) 

A user is trying to pre-warm a blank EBS volume attached to a Linux instance. Which of the below mentioned steps should be performed by the user? 

A. There is no need to pre-warm an EBS volume 

B. Contact AWS support to pre-warm 

C. Unmount the volume before pre-warming 

D. Format the device 

Answer:

Explanation: 

When the user creates a new EBS volume or restores a volume from the snapshot, the back-end storage blocks are immediately allocated to the user EBS. However, the first time when the user is trying to access a block of the storage, it is recommended to either be wiped from the new volumes or instantiated from the snapshot (for restored volumes. before the user can access the block. This preliminary action takes time and can cause a 5 to 50 percent loss of IOPS for the volume when the block is accessed for the first time. To avoid this it is required to pre warm the volume. Pre-warming an EBS volume on a Linux instance requires that the user should unmount the blank device first and then write all the blocks on the device using a command, such as “dd”. 

Q23. – (Topic 2) 

A user wants to disable connection draining on an existing ELB. Which of the below mentioned statements helps the user disable connection draining on the ELB? 

A. The user can only disable connection draining from CLI 

B. It is not possible to disable the connection draining feature once enabled 

C. The user can disable the connection draining feature from EC2 -> ELB console or from CLI 

D. The user needs to stop all instances before disabling connection draining 

Answer:

Explanation: 

The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the instances are deregistering or become unhealthy, while ensuring that inflight requests continue to be served. The user can enable or disable connection draining from the AWS EC2 console -> ELB or using CLI. 

Q24. – (Topic 3) 

A user is displaying the CPU utilization, and Network in and Network out CloudWatch metrics data of a single instance on the same graph. The graph uses one Y-axis for CPU utilization and Network in and another Y-axis for Network out. Since Network in is too high, the CPU utilization data is not visible clearly on graph to the user. How can the data be viewed better on the same graph? 

A. It is not possible to show multiple metrics with the different units on the same graph 

B. Add a third Y-axis with the console to show all the data in proportion 

C. Change the axis of Network by using the Switch command from the graph 

D. Change the units of CPU utilization so it can be shown in proportion with Network 

Answer:

Explanation: 

Amazon CloudWatch provides the functionality to graph the metric data generated either by the AWS services or the custom metric to make it easier for the user to analyse. It is possible to show the multiple metrics with different units on the same graph. If the graph is not plotted properly due to a difference in the unit data over two metrics, the user can change the Y-axis of one of the graph by selecting that graph and clicking on the Switch option. 

Q25. – (Topic 2) 

An organization has created 50 IAM users. The organization has introduced a new policy which will change the access of an IAM user. How can the organization implement this effectively so that there is no need to apply the policy at the individual user level? 

A. Use the IAM groups and add users as per their role to different groups and apply policy to group 

B. The user can create a policy and apply it to multiple users in a single go with the AWS CLI 

C. Add each user to the IAM role as per their organization role to achieve effective policy setup 

D. Use the IAM role and implement access at the role level 

Answer:

Explanation: 

With AWS IAM, a group is a collection of IAM users. A group allows the user to specify permissions for a collection of users, which can make it easier to manage the permissions for those users. A group helps an organization manage access in a better way; instead of applying at the individual level, the organization can apply at the group level which is applicable to all the users who are a part of that group. 

Q26. – (Topic 3) 

A user has created a VPC with public and private subnets. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.1.0/24 and the public subnet uses CIDR 20.0.0.0/24. The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306.. The user is configuring a security group of the NAT instance. Which of the below mentioned entries is not required for the NAT security group? 

A. For Inbound allow Source: 20.0.1.0/24 on port 80 

B. For Outbound allow Destination: 0.0.0.0/0 on port 80 

C. For Inbound allow Source: 20.0.0.0/24 on port 80 

D. For Outbound allow Destination: 0.0.0.0/0 on port 443 

Answer:

Explanation: 

A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet to host the web server and DB server respectively, the user should configure that the instances in the private subnet can connect to the internet using the NAT instances. The user should first configure that NAT can receive traffic on ports 80 and 443 from the private subnet. Thus, allow ports 80 and 443 in Inbound for the private subnet 20.0.1.0/24. Now to route this traffic to the internet configure ports 80 and Amazon AWS-SysOps : Practice Test 

443 in Outbound with destination 0.0.0.0/0. The NAT should not have an entry for the public subnet CIDR. 

Q27. – (Topic 1) 

Your EC2-Based Multi-tier application includes a monitoring instance that periodically makes application -level read only requests of various application components and if any of those fail more than three times 30 seconds calls CloudWatch lo fire an alarm, and the alarm notifies your operations team by email and SMS of a possible application health problem. However, you also need to watch the watcher -the monitoring instance itself – and be notified if it becomes unhealthy. 

Which of the following is a simple way to achieve that goal? 

A. Run another monitoring instance that pings the monitoring instance and fires a could watch alarm mat notifies your operations teamshould the primary monitoring instance become unhealthy. 

B. Set a CloudWatch alarm based on EC2 system and instance status checks and have the alarm notify your operations team of any detected problem with the monitoring instance. 

C. Set a CloudWatch alarm based on the CPU utilization of the monitoring instance and nave the alarm notify your operations team if C r the CPU usage exceeds 50% few more than one minute: then have your monitoring application go into a CPU-bound loop should it Detect any application problems. 

D. Have the monitoring instances post messages to an SOS queue and then dequeue those messages on another instance should the queue cease to have new messages, the second instance should first terminate the original monitoring instance start anotherbackup monitoring instance and assume (he role of the previous monitoring instance and beginning adding messages to the SQSqueue. 

Answer:

Q28. – (Topic 3) 

A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the 

VPN gateway (vgw-12345. to connect to the user’s data centre. The user’s data centre has CIDR 172.28.0.0/12. The user has also setup a NAT instance (i-123456. to allow traffic to the internet from the VPN subnet. Which of the below mentioned options is not a valid entry for the main route table in this scenario? 

A. Destination: 20.0.1.0/24 and Target: i-12345 

B. Destination: 0.0.0.0/0 and Target: i-12345 

C. Destination: 172.28.0.0/12 and Target: vgw-12345 

D. Destination: 20.0.0.0/16 and Target: local 

Answer:

Explanation: 

The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the user has setup a NAT instance to route all the internet requests then all requests to the internet should be routed to it. All requests to the organization’s DC will be routed to the VPN gateway. Here are the valid entries for the main route table in this scenario: Destination: 0.0.0.0/0 & Target: i-12345 (To route all internet traffic to the NAT Instance. Destination: 172.28.0.0/12 & Target: vgw-12345 (To route all the organization’s data centre traffic to the VPN gateway. Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC. 

Q29. – (Topic 2) 

You are building an online store on AWS that uses SQS to process your customer orders. Your backend system needs those messages in the same sequence the customer orders have been put in. How can you achieve that? 

A. It is not possible to do this with SQS 

B. You can use sequencing information on each message 

C. You can do this with SQS but you also need to use SWF 

D. Messages will arrive in the same order by default 

Answer:

Explanation: 

Amazon SQS is engineered to always be available and deliver messages. One of the resulting tradeoffs is that SQSdoes not guarantee first in, first out delivery of messages. For many distributed applications, each message can stand on its own, and as long as all messages are delivered, the order is not important. If your system requires that order be preserved, you can place sequencing information in each message, so that you can reorder the messages when the queue returns them. 

Q30. – (Topic 1) 

Your organization's security policy requires that all privileged users either use frequently rotated passwords or one-time access credentials in addition to username/password. 

Which two of the following options would allow an organization to enforce this policy for AWS users? 

Choose 2 answers 

A. Configure multi-factor authentication for privileged 1AM users 

B. Create 1AM users for privileged accounts 

C. Implement identity federation between your organization's Identity provider leveraging the 1AM Security Token Service 

D. Enable the 1AM single-use password policy option for privileged users 

Answer: C,D