getcertified4sure.com

AWS-SysOps Exam

An Expert interview about aws certified sysops administrator associate level dumps



Your success in Amazon aws certified sysops administrator pdf is our sole target and we develop all our aws certified sysops administrator associate level dumps braindumps in a way that facilitates the attainment of this target. Not only is our aws certified sysops administrator book study material the best you can find, it is also the most detailed and the most updated. aws sysops certification Practice Exams for Amazon aws certified sysops administrator associate level dumps are written to the highest standards of technical accuracy.

Q161. - (Topic 3) 

A user is using the AWS EC2. The user wants to make so that when there is an issue in the EC2 server, such as instance status failed, it should start a new instance in the user’s private cloud. Which AWS service helps to achieve this automation? 

A. AWS CloudWatch + Cloudformation 

B. AWS CloudWatch + AWS AutoScaling + AWS ELB 

C. AWS CloudWatch + AWS VPC 

D. AWS CloudWatch + AWS SNS 

Answer:

Explanation: 

Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue Service (SQS. queues or to any HTTP endpoint. The user can configure a web service (HTTP End point. in his data centre which receives data and launches an instance in the private cloud. The user should configure the CloudWatch alarm to send a notification to SNS when the “StatusCheckFailed” metric is true for the EC2 instance. The SNS topic can be configured to send a notification to the user’s HTTP end point which launches an instance in the private cloud. 


Q162. - (Topic 3) 

A user has launched an EC2 instance from an instance store backed AMI. The infrastructure team wants to create an AMI from the running instance. Which of the below mentioned credentials is not required while creating the AMI? 

A. AWS account ID 

B. X.509 certificate and private key 

C. AWS login ID to login to the console 

D. Access key and secret access key 

Answer:

Explanation: 

When the user has launched an EC2 instance from an instance store backed AMI and the admin team wants to create an AMI from it, the user needs to setup the AWS AMI or the API tools first. Once the tool is setup the user will need the following credentials: 

AWS account ID; 

AWS access and secret access key; 

X.509 certificate with private key. 


Q163. - (Topic 2) 

A user has created a VPC with CIDR 20.0.0.0/16 with only a private subnet and VPN connection using the VPC wizard. The user wants to connect to the instance in a private subnet over SSH. How should the user define the security rule for SSH? 

A. Allow Inbound traffic on port 22 from the user’s network B. The user has to create an instance in EC2 Classic with an elastic IP and configure the security group of a private subnet to allow SSH from that elastic IP 

C. The user can connect to a instance in a private subnet using the NAT instance 

D. Allow Inbound traffic on port 80 and 22 to allow the user to connect to a private subnet over the Internet 

Answer:

Explanation: 

The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, the user can setup a case with a VPN only subnet (private. which uses VPN access to connect with his data centre. When the user has configured this setup with Wizard, all network connections to the instances in the subnet will come from his data centre. The user has to configure the security group of the private subnet which allows the inbound traffic on SSH (port 22. from the data centre’s network range. 


Q164. - (Topic 1) 

You run a web application where web servers on EC2 Instances are In an Auto Scaling group Monitoring over the last 6 months shows that 6 web servers are necessary to handle the minimum load During the day up to 12 servers are needed Five to six days per year, the number of web servers required might go up to 15. 

What would you recommend to minimize costs while being able to provide hill availability? 

A. 6 Reserved instances (heavy utilization). 6 Reserved instances {medium utilization), rest covered by On-Demand instances 

B. 6 Reserved instances (heavy utilization). 6 On-Demand instances, rest covered by Spot Instances 

C. 6 Reserved instances (heavy utilization) 6 Spot instances, rest covered by On-Demand instances 

D. 6 Reserved instances (heavy utilization) 6 Reserved instances (medium utilization) rest covered by Spot instances 

Answer:


Q165. - (Topic 1) 

You are running a database on an EC2 instance, with the data stored on Elastic Block Store (EBS) for persistence At times throughout the day, you are seeing large variance in the response times of the database queries Looking into the instance with the isolate command you see a lot of wait time on the disk volume that the database's data is stored on. 

What two ways can you improve the performance of the database's storage while maintaining the current persistence of the data? 

Choose 2 answers 

A. Move to an SSD backed instance 

B. Move the database to an EBS-Optimized Instance 

C. T Use Provisioned IOPs EBS 

D. Use the ephemeral storage on an m2 4xiarge Instance Instead 

Answer: A,B 


Q166. - (Topic 3) 

The compliance department within your multi-national organization requires that all data for your customers that reside in the European Union (EU) must not leave the EU and also 

data for customers that reside in the US must not leave the US without explicit authorization. 

What must you do to comply with this requirement for a web based profile management application running on EC2? 

A. Run EC2 instances in multiple AWS Availability Zones in single Region and leverage an Elastic Load Balancer with session stickiness to route traffic to the appropriate zone to create their profile 

B. Run EC2 instances in multiple Regions and leverage Route 53's Latency Based Routing capabilities to route traffic to the appropriate region to create their profile 

C. Run EC2 instances in multiple Regions and leverage a third party data provider to determine if a user needs to be redirect to the appropriate region to create their profile 

D. Run EC2 instances in multiple AWS Availability Zones in a single Region and leverage a third party data provider to determine if a user needs to be redirect to the appropriate zone to create their profile 

Answer:


Q167. - (Topic 2) 

An organization has created 5 IAM users. The organization wants to give them the same login ID but different passwords. How can the organization achieve this? 

A. The organization should create a separate login ID but give the IAM users the same alias so that each one can login with their alias 

B. The organization should create each user in a separate region so that they have their own URL to login 

C. It is not possible to have the same login ID for multiple IAM users of the same account 

D. The organization should create various groups and add each user with the same login ID to different groups. The user can login with their own group ID 

Answer:

Explanation: 

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. Whenever the organization is creating an IAM user, there should be a unique ID for each user. It is not possible to have the same login ID for multiple users. The names of users,groups, roles, instance profiles must be alphanumeric, including the following common characters: plus (+., equal (=., comma (,., period (.., at (@., and dash (-.. 


Q168. - (Topic 2) 

A user is checking the CloudWatch metrics from the AWS console. The user notices that the CloudWatch data is coming in UTC. The user wants to convert the data to a local time zone. How can the user perform this? 

A. In the CloudWatch dashboard the user should set the local timezone so that CloudWatch shows the data only in the local time zone 

B. In the CloudWatch console select the local timezone under the Time Range tab to view the data as per the local timezone 

C. The CloudWatch data is always in UTC; the user has to manually convert the data 

D. The user should have send the local timezone while uploading the data so that CloudWatch will show the data only in the local timezone 

Answer:

Explanation: 

If the user is viewing the data inside the CloudWatch console, the console provides options to filter values either using the relative period, such as days/hours or using the Absolute tab where the user can provide data with a specific date and time. The console also provides the option to search using the local timezone under the time range caption in the console because the time range tab allows the user to change the time zone. 


Q169. - (Topic 2) 

You are managing the AWS account of a big organization. The organization has more than 1000+ employees and they want to provide access to the various services to most of the employees. Which of the below mentioned options is the best possible solution in this case? 

A. The user should create a separate IAM user for each employee and provide access to them as per the policy 

B. The user should create an IAM role and attach STS with the role. The user should attach that role to the EC2 instance and setup AWS authentication on that server 

C. The user should create IAM groups as per the organization’s departments and add each user to the group for better access control 

D. Attach an IAM role with the organization’s authentication service to authorize each user for various AWS services 

Answer:

Explanation: 

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The user is managing an AWS account for an organization that already has an identity system, such as the login system for the corporate network (SSO.. In this case, instead of creating individual IAM users or groups for each user who need AWS access, it may be more practical to use a proxy server to translate the user identities from the organization network into the temporary AWS security credentials. This proxy server will attach an IAM role to the user after authentication. 


Q170. - (Topic 2) 

A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user’s data centre. Which of the below mentioned options is a valid entry for the main route table in this scenario? 

A. Destination: 20.0.0.0/24 and Target: vgw-12345 

B. Destination: 20.0.0.0/16 and Target: ALL 

C. Destination: 20.0.1.0/16 and Target: vgw-12345 

D. Destination: 0.0.0.0/0 and Target: vgw-12345 

Answer:

Explanation: 

The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. Here are the valid entries for the main route table in this scenario: Destination: 0.0.0.0/0 & Target: vgw-12345 (To route all internet traffic to the VPN gateway. Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC. 


© Copyright Getcertified4sure.com. examcollectionuk.com
All other trademarks and copyrights are the property of their respective owners.
All rights reserved.