Premium

AWS Certified SysOps Administrator - Associate Questions and Answers (Dumps and Practice Questions)



Question : QuickTechie.com sys admin has enabled logging on ELB. Which of the below mentioned fields will not be a part of the log file name?
: QuickTechie.com sys admin has enabled logging on ELB. Which of the below mentioned fields will not be a part of the log file name?
1. Load Balancer IP
2. EC2 instance IP
3. S3 bucket name
4. Random string



Correct Answer : 2
Elastic Load Balancing access logs capture detailed information for all the requests made to the load balancer. Elastic Load Balancing publishes a
log file from each load balancer node at the interval that the user has specified. The load balancer can deliver multiple logs for the same period.
Elastic Load Balancing creates log file names in the following format:
"{Bucket}/{Prefix}/AWSLogs/{AWS
AccountID}/elasticloadbalancing/{Region}/{Year}/{Month}/{Day}/{AWS Account ID}_elasticloadbalancing_{Region}_{Load Balancer Name}_{End
Time}_{Load Balancer IP}_{Random
String}.log"







Question : HadoopExam.com sysadmin has created a queue named "awsmodule" with SQS for getting info on new learner.
One of the consumers of queue is down for 3 days and then becomes available. Will that component receive message from queue?
: HadoopExam.com sysadmin has created a queue named
1. Yes, since SQS by default stores message for 4 days
2. No, since SQS by default stores message for 1 day only
3. No, since SQS sends message to consumers who are available that time
4. Yes, since SQS will not delete message until it is delivered to all consumers


Correct Answer : 1

SQS allows the user to move data between distributed components of applications so they can perform
different tasks without losing messages or requiring each component to be always available. Queues retain messages for a set period of time. By
default, a queue retains messages for four days. However, the user can configure a queue to retain messages for up to 14 days after the message
has been sent.





Question : QuickTechie.com has setup multiple IAM users. The organization wants that each IAM user accesses the IAM console only within the organization
and not from outside. How can it achieve this?

: QuickTechie.com has setup multiple IAM users. The organization wants that each IAM user accesses the IAM console only within the organization
1. Create an IAM policy with the security group and use that security group for AWS console login
2. Create an IAM policy with a condition which denies access when the IP address range is not from the organization
3. Configure the EC2 instance security group which allows traffic only from the organization's IP range
4. Create an IAM policy with VPC and allow a secure gateway between the organization and AWS Console

Correct Answer : 2

Explanation: AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS
services. The user can add conditions as a part of the IAM policies. The condition can be set on AWS Tags, Time, and Client IP as well as on
many other parameters. If the organization wants the user to access only from a specific IP range, they should set an IAM policy condition which
denies access when the IP is not in a certain range. E.g. The sample policy given below denies all traffic when the IP is not in a certain range.
"Statement": [{
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"NotIpAddress": {
"aws:SourceIp": ["10.10.10.0/24", "20.20.30.0/24"]
}
}
}]




Related Questions

Question : A sys admin is using server side encryption with AWS S. Which of the below mentioned statements helps the user understand the S encryption
functionality?
 : A sys admin is using server side encryption with AWS S. Which of the below mentioned statements helps the user understand the S encryption
1. The server side encryption with the user supplied key works when versioning is enabled
2. The user can use the AWS console, SDK and APIs to encrypt or decrypt the content for server side
encryption with the user supplied key
3. Access Mostly Uused Products by 50000+ Subscribers
4. The user can upload his own encryption key to the S3 console



Question : A root account owner is trying to understand the S bucket ACL. Which of the below mentioned options cannot be used to grant ACL on the object
using the authorized predefined group?


 : A root account owner is trying to understand the S bucket ACL. Which of the below mentioned options cannot be used to grant ACL on the object
1. Authenticated user group
2. All users group
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Canonical user group



Question : A user has created a VPC with CIDR .../ using the wizard. The user has created a public subnet CIDR .../. and VPN only
subnets CIDR 20.0.1.0/24. along with the VPN gateway vgw-12345. to connect to the user's data centre. The user's data centre has CIDR
172.28.0.0/12. The user has also setup a NAT instance i-123456. to allow traffic to the internet from the VPN subnet. Which of the below
mentioned options is not a valid entry for the main route table in this scenario?
 : A user has created a VPC with CIDR .../ using the wizard. The user has created a public subnet CIDR .../. and VPN only
1. Destination: 20.0.1.0/24 and Target: i-12345
2. Destination: 0.0.0.0/0 and Target: i-12345
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Destination: 20.0.0.0/16 and Target: local



Question : A user has created a VPC with public and private subnets using the VPC wizard. The VPC has CIDR
20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24 . The NAT instance ID is i-a12345. Which of the below mentioned entries are required in
the main route table attached with the private subnet to allow instances to connect with the internet?
 : A user has created a VPC with public and private subnets using the VPC wizard. The VPC has CIDR
1. Destination: 0.0.0.0/0 and Target: i-a12345
2. Destination: 20.0.0.0/0 and Target: 80
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Destination: 20.0.0.0/24 and Target: i-a12345



Question : A root account owner has given full access of his S bucket to one of the IAM users using the bucket ACL. When the IAM user logs in to the S
console, which actions can he perform?

 : A root account owner has given full access of his S bucket to one of the IAM users using the bucket ACL. When the IAM user logs in to the S
1. As he is not an owner, he can not delete the object from bucket.
2. He can do all the operations on the bucket
 3. Access Mostly Uused Products by 50000+ Subscribers
4. The IAM user can perform all operations on the bucket using only API/SDK



Question : An organization has configured Auto Scaling with ELB. There is a memory issue in the application which is causing CPU utilization to go above
90%. The higher CPU usage triggers an event for Auto Scaling as per the scaling policy. If the user wants to find the root cause inside the
application without triggering a scaling activity, how can he achieve this?
 : An organization has configured Auto Scaling with ELB. There is a memory issue in the application which is causing CPU utilization to go above
1. Stop the scaling process until research is completed
2. It is not possible to find the root cause from that instance without triggering scaling
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Suspend the scaling process until research is completed