Ideas to aws certified sysops administrator pdf

Examcollection offers free demo for aws sysops administrator exam. “AWS Certified SysOps Administrator Associate”, also known as aws certified sysops administrator associate level dumps exam, is a Amazon Certification. This set of posts, Passing the Amazon sysops aws exam, will help you answer those questions. The aws sysops certification Questions & Answers covers all the knowledge points of the real exam. 100% real Amazon aws sysops training exams and revised by experts!

2017 NEW RECOMMEND

Free VCE & PDF File for Amazon AWS-SysOps Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW AWS-SysOps Exam Dumps (PDF & VCE):
Available on:
http://www.certleader.com/AWS-SysOps-dumps.html

Q11. – (Topic 2) 

A user is planning to use AWS Cloudformation. Which of the below mentioned functionalities does not help him to correctly understand Cloudfromation? 

A. Cloudformation follows the DevOps model for the creation of Dev & Test 

B. AWS Cloudfromation does not charge the user for its service but only charges for the AWS resources created with it 

C. Cloudformation works with a wide variety of AWS services, such as EC2, EBS, VPC, IAM, S3, RDS, 

ELB, etc 

D. CloudFormation provides a set of application bootstrapping scripts which enables the user to install Software 

Answer:

Explanation: 

AWS Cloudformation is an application management tool which provides application modelling, deployment, configuration, management and related activities. It supports a wide variety of AWS services, such as EC2, EBS, AS, ELB, RDS, VPC, etc. It also provides application bootstrapping scripts which enable the user to install software packages or create folders. It is free of the cost and only charges the user for the services created with it. The only challenge is that it does not follow any model, such as DevOps; instead customers can define templates and use them to provision and manage the AWS resources in an orderly way. 

Q12. – (Topic 2) 

An organization has configured the custom metric upload with CloudWatch. The organization has given permission to its employees to upload data using CLI as well SDK. How can the user track the calls made to CloudWatch? 

A. The user can enable logging with CloudWatch which logs all the activities 

B. Use CloudTrail to monitor the API calls 

C. Create an IAM user and allow each user to log the data using the S3 bucket 

D. Enable detailed monitoring with CloudWatch 

Answer:

Explanation: 

AWS CloudTrail is a web service which will allow the user to monitor the calls made to the Amazon CloudWatch API for the organization’s account, including calls made by the AWS Management Console, Command Line Interface (CLI., and other services. When CloudTrail logging is turned on, CloudWatch will write log files into the Amazon S3 bucket, which is specified during the CloudTrail configuration. 

Q13. – (Topic 3) 

A user has created a launch configuration for Auto Scaling where CloudWatch detailed monitoring is disabled. The user wants to now enable detailed monitoring. How can the user achieve this? 

A. Update the Launch config with CLI to set InstanceMonitoringDisabled = false 

B. The user should change the Auto Scaling group from the AWS console to enable detailed monitoring 

C. Update the Launch config with CLI to set InstanceMonitoring.Enabled = true 

D. Create a new Launch Config with detail monitoring enabled and update the Auto Scaling group 

Answer:

Explanation: 

CloudWatch is used to monitor AWS as well as the custom services. To enable detailed instance monitoring for a new Auto Scaling group, the user does not need to take any extra steps. When the user creates the AutoScaling launch config as the first step for creating an Auto Scaling group, each launch configuration contains a flag named InstanceMonitoring.Enabled. The default value of this flag is true. When the user has created a launch configuration with InstanceMonitoring.Enabled = false it will involve multiple steps to enable detail monitoring. The steps are: Create a new Launch config with detailed monitoring enabled Update the Auto Scaling group with a new launch config Enable detail monitoring on each EC2 instance 

Q14. – (Topic 2) 

A user has launched an EBS backed instance. The user started the instance at 9 AM in the morning. Between 9 AM to 10 AM, the user is testing some script. Thus, he stopped the instance twice and restarted it. In the same hour the user rebooted the instance once. For how many instance hours will AWS charge the user? 

A. 3 hours 

B. 4 hours 

C. 2 hours 

D. 1 hour 

Answer:

Explanation: 

A user can stop/start or reboot an EC2 instance using the AWS console, the Amazon EC2 CLI or the Amazon EC2 API. Rebooting an instance is equivalent to rebooting an operating system. When the instance is rebooted AWS will not charge the user for the extra hours. In case the user stops the instance, AWS does not charge the running cost but charges only the EBS storage cost. If the user starts and stops the instance multiple times in a single hour, AWS will charge the user for every start and stop. In this case, since the instance was rebooted twice, it will cost the user for 3 instance hours. 

Q15. – (Topic 3) 

The compliance department within your multi-national organization requires that all data for your customers that reside in the European Union (EU) must not leave the EU and also 

data for customers that reside in the US must not leave the US without explicit authorization. 

What must you do to comply with this requirement for a web based profile management application running on EC2? 

A. Run EC2 instances in multiple AWS Availability Zones in single Region and leverage an Elastic Load Balancer with session stickiness to route traffic to the appropriate zone to create their profile 

B. Run EC2 instances in multiple Regions and leverage Route 53's Latency Based Routing capabilities to route traffic to the appropriate region to create their profile 

C. Run EC2 instances in multiple Regions and leverage a third party data provider to determine if a user needs to be redirect to the appropriate region to create their profile 

D. Run EC2 instances in multiple AWS Availability Zones in a single Region and leverage a third party data provider to determine if a user needs to be redirect to the appropriate zone to create their profile 

Answer:

Q16. – (Topic 3) 

A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at rest. If the user is supplying his own keys for encryption (SSE-C., what is recommended to the user for the purpose of security? 

A. The user should not use his own security key as it is not secure 

B. Configure S3 to rotate the user’s encryption key at regular intervals 

C. Configure S3 to store the user’s keys securely with SSL 

D. Keep rotating the encryption key manually at the client side 

Answer:

Explanation: 

AWS S3 supports client side or server side encryption to encrypt all data at Rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key (SSE-C.. Since S3 does not store the encryption keys in SSE-C, it is recommended that the user should manage keys securely and keep rotating them regularly at the client side version. 

Q17. – (Topic 3) 

A user has created a mobile application which makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK and root account access/secret access key to connect to DynamoDB from mobile. Which of the below mentioned statements is true with respect to the best practice for security in this scenario? 

A. The user should create a separate IAM user for each mobile application and provide DynamoDB access with it 

B. The user should create an IAM role with DynamoDB and EC2 access. Attach the role with EC2 and route all calls from the mobile through EC2 

C. The application should use an IAM role with web identity federation which validates calls to DynamoDB with identity providers, such as Google, Amazon, and Facebook 

D. Create an IAM Role with DynamoDB access and attach it with the mobile application 

Answer:

Explanation: 

With AWS IAM a user is creating an application which runs on an EC2 instance and makes requests to AWS, such as DynamoDB or S3 calls. Here it is recommended that the user should not create an IAM user and pass the user's credentials to the application or embed those credentials inside the application. If the user is creating an app that runs on a mobile phone and makes requests to AWS, the user should not create an IAMuser and distribute the user's access key with the app. Instead, he should use an identity provider, such as Login with Amazon, Facebook, or Google to authenticate the users, and then use that identity to get temporary security credentials. 

Q18. – (Topic 3) 

An organization has created a Queue named “modularqueue” with SQS. The organization is not performing any operations such as SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission on the queue. What can happen in this scenario? 

A. AWS SQS sends notification after 15 days for inactivity on queue 

B. AWS SQS can delete queue after 30 days without notification 

C. AWS SQS marks queue inactive after 30 days 

D. AWS SQS notifies the user after 2 weeks and deletes the queue after 3 weeks. 

Answer:

Explanation: 

Amazon SQS can delete a queue without notification if one of the following actions hasn't been performed on it for 30 consecutive days: SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission. 

Q19. – (Topic 1) 

You are tasked with the migration of a highly trafficked Node JS application to AWS In order to comply with organizational standards Chef recipes must be used to configure the application servers that host this application and to support application lifecycle events. 

Which deployment option meets these requirements while minimizing administrative burden? 

A. Create a new stack within Opsworks add the appropriate layers to the stack and deploy the application 

B. Create a new application within Elastic Beanstalk and deploy this application to a new environment 

C. Launch a Mode JS server from a community AMI and manually deploy the application to the launched EC2 instance 

D. Launch and configure Chef Server on an EC2 instance and leverage the AWS CLI to launch application servers and configure those instances using Chef. 

Answer:

Explanation: Reference: 

http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.deployment.html 

Q20. – (Topic 3) 

A user has enabled detailed CloudWatch monitoring with the AWS Simple Notification Service. Which of the below mentioned statements helps the user understand detailed monitoring better? 

A. SNS will send data every minute after configuration 

B. There is no need to enable since SNS provides data every minute 

C. AWS CloudWatch does not support monitoring for SNS 

D. SNS cannot provide data every minute 

Answer:

Explanation: 

CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. The AWS SNS service sends data every 5 minutes. Thus, it supports only the basic monitoring. The user cannot enable detailed monitoring with SNS.