AWS Certified SysOps Administrator - Associate Questions and Answers (Dumps and Practice Questions)

Question : A user had aggregated the CloudWatch metric data on the AMI ID. The user observed some abnormal
behaviour of the CPU utilization metric while viewing the last 2 weeks of data. The user wants to share that data with his manager. How can the
user achieve this easily with the AWS console?

1. The user can use the copy URL functionality of CloudWatch to share the exact details
2. The user can use the export data option from the CloudWatch console to export the current data point
3. The user has to find the period and data and provide all the aggregation information to the manager
4. The user can use the CloudWatch data copy functionality to copy the current data points

Correct Answer : Get Lastest Questions and Answer :
Amazon CloudWatch provides the functionality to graph the metric data generated either by the AWS services or the custom metric to make it
easier for the user to analyse. The console provides the option to save the URL or bookmark it so that it can be used in the future by typing the
same URL. The Copy URL functionality is available under the console when the user selects any metric to view.






Question : A user has setup a CloudWatch alarm on the EC instance for CPU utilization. The user has setup to receive a notification on email when the
CPU utilization is higher than 60%. The user is running a virus scan on the same instance at a particular time. The user wants to avoid receiving
an email at this time. What should the user do?


1. Remove the alarm
2. Disable the alarm for a while using CLI
3. Modify the CPU utilization by removing the email alert
4. Disable the alarm for a while using the console

Correct Answer : Get Lastest Questions and Answer :
Amazon CloudWatch alarm watches a single metric over a time period that the user specifies and performs one or more actions based on the
value of the metric relative to a given threshold over a number of time periods. When the user has setup an alarm and it is know that for some
unavoidable event the status may change to Alarm, the user can disable the alarm using the DisableAlarmActions API or from the command line
mon-disable-alarm-actions.






Question : You have configured AWS Windows AMI.
After you launch your Windows instance with its initial configuration, you can use the ___________ service to change the configuration
settings as part of the process of customizing

1. Destination : WindowsConfig
2. Destination : EC2Config
3. Destination : AWSConfig
4. Destination : AWSEC2Config

Correct Answer : Get Lastest Questions and Answer :
Explanation: Configuration Settings and Drivers
The AWS Windows AMIs are generally configured the same way as a Windows Server that you install from Microsoft-issued media. There are, however, a few differences in the installation
defaults.
AWS Windows AMIs come with an additional service installed, the EC2Config service. The EC2Config service runs in the local system account and is primarily used during the initial
setup.
After you launch your Windows instance with its initial configuration, you can use the EC2Config service to change the configuration settings as part of the process of customizing
and creating your own AMIs. Instances launched from your customized AMI are launched with the new configuration.

AWS Windows AMIs contain a set of drivers to permit access to Xen virtualized hardware. These drivers are used by Amazon EC2 to map instance store and Amazon EBS volumes to their
devices.
Overview of EC2Config Tasks
EC2Config runs initial startup tasks when the instance is first started and then disables them. To run these tasks again, you must explicitly enable them prior to shutting down the
instance, or by running Sysprep manually. These tasks are as follows:
>Set a random, encrypted password for the administrator account.
>Generate and install the host certificate used for Remote Desktop Connection.
>Dynamically extend the operating system partition to include any unpartitioned space.
>Execute the specified user data (and Cloud-Init, if it's installed).
EC2Config performs the following tasks every time the instance starts:
>Set the computer host name to match the private DNS name (this task is disabled by default and must be enabled in order to run at instance start).
>Configure the key management server (KMS), check for Windows activation status, and activate Windows as necessary.
>Format and mount any Amazon EBS volumes and instance store volumes, and map volume names to drive letters.
>Write event log entries to the console to help with troubleshooting (this task is disabled by default and must be enabled in order to run at instance start).
>Write to the console that Windows is ready.
>Add a custom route to the primary network adapter to enable the following IP addresses when multiple NICs are attached: 169.254.169.250, 169.254.169.251, and 169.254.169.254. These
addresses are used by Windows Activation and when you access instance metadata.
EC2Config performs the following task every time a user logs in:
>Display wallpaper information to the desktop background.
While the instance is running, you can request that EC2Config perform the following task on demand:
>Run Sysprep and shut down the instance so that you can create an AMI from it. For more information, see Creating an Amazon EBS-Backed Windows AMI.
EC2Config creates a WMI object that you can use to detect when Windows is ready. You can get the value of ConfigurationComplete as follows, and test whether it is true.
(Get-WmiObject -Namespace root\Amazon -Class EC2_ConfigService).ConfigurationComplete

Related Questions

---

Question : A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. The ELB security policy
supports various ciphers. Which of the below mentioned options helps identify the matching cipher at the client side to the ELB cipher list when
client is requesting ELB DNS over SSL?


1. Cipher Protocol
2. Client Configuration Preference
3. Access Mostly Uused Products by 50000+ Subscribers
4. Load Balancer Preference





Question : A user has created a VPC with public and private subnets. The VPC has CIDR .../. The private subnet uses CIDR .../ and the
public subnet uses CIDR 20.0.0.0/24. The user is planning to host a web server in the public subnet port 80. and a DB server in the private
subnet port 3306.. The user is configuring a security group of the NAT instance. Which of the below mentioned entries is not required for the NAT security group?


1. For Inbound allow Source: 20.0.1.0/24 on port 80
2. For Outbound allow Destination: 0.0.0.0/0 on port 80
3. Access Mostly Uused Products by 50000+ Subscribers
4. For Outbound allow Destination: 0.0.0.0/0 on port 443





Question : A user has created an application which will be hosted on EC. The application makes calls to DynamoDB to fetch certain data. The application is
using the DynamoDB SDK to connect with from the EC2 instance. Which of the below mentioned statements is true with respect to the best
practice for security in this scenario?

1. The user should attach an IAM role with DynamoDB access to the EC2 instance
2. The user should create an IAM user with DynamoDB access and use its credentials within the application to connect with DynamoDB
3. Access Mostly Uused Products by 50000+ Subscribers
4. The user should create an IAM user with DynamoDB and EC2 access. Attach the user with the application so that it does not use the root
account credentials




Question : An organization Account ID . has attached the below mentioned IAM policy to a user. What does this policy statement entitle the
user to perform?
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "AllowUsersAllActionsForCredentials",
"Effect": "Allow",
"Action": [
"iam:*LoginProfile",
"iam:*AccessKey*",
"iam:*SigningCertificate*"
],
"Resource": ["arn:aws:iam:: 123412341234:user/${aws:username}"]
}]
}


1. The policy allows the IAM user to modify all IAM user's credentials using the console, SDK, CLI or APIs
2. The policy will give an invalid resource error
3. Access Mostly Uused Products by 50000+ Subscribers
4. The policy allows the user to modify all IAM user's password, sign in certificates and access keys
using only CLI, SDK or APIs



Question : . A sys admin is trying to understand the sticky session algorithm. Please select the correct sequence of steps, both when the cookie is present and
when it is not, to help the admin understand the implementation of the sticky session:

1. ELB inserts the cookie in the response
2. ELB chooses the instance based on the load balancing algorithm
3. Access Mostly Uused Products by 50000+ Subscribers
4. The cookie is found in the request
5. The cookie is not found in the request


1. 3,1,4,2 [Cookie is not Present] & 3,1,5,2 [Cookie is Present]
2. 3,4,1,2 [Cookie is not Present] & 3,5,1,2 [Cookie is Present]
3. Access Mostly Uused Products by 50000+ Subscribers
4. 3,2,5,4 [Cookie is not Present] & 3,2,4,5 [Cookie is Present]



Question :

A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. Which of the below
mentioned SSL protocols is not supported by the security policy?


1. TLS 1.3
2. TLS 1.2
3. Access Mostly Uused Products by 50000+ Subscribers
4. SSL 3.0