Premium

AWS Certified SysOps Administrator - Associate Questions and Answers (Dumps and Practice Questions)



Question : A user is receiving a notification from the RDS DB whenever there is a change in the DB security group. The user does not want to receive these
notifications for only a month. Thus, he does not want to delete the notification. How can the user configure this?

: A user is receiving a notification from the RDS DB whenever there is a change in the DB security group. The user does not want to receive these
1. Change the Disable button for notification to "Yes" in the RDS console
2. Set the send mail flag to false in the DB event notification console
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Change the Enable button for notification to "No" in the RDS console


Correct Answer : Get Lastest Questions and Answer :

Explanation: Amazon RDS uses the Amazon Simple Notification Service to provide a notification when an Amazon RDS event occurs. Event notifications are
sent to the addresses that the user has provided while creating the subscription. The user can easily turn off the notification without deleting a
subscription by setting the Enabled radio button to No in the Amazon RDS console or by setting the Enabled parameter to false using the CLI or
Amazon RDS API.





Question : A user has created a VPC with CIDR .../. The user has created one subnet with CIDR .../ by mistake. The user is trying to create
another subnet of CIDR 20.0.0.1/24. How can the user create the second subnet?
: A user has created a VPC with CIDR .../. The user has created one subnet with CIDR .../ by mistake. The user is trying to create
1. There is no need to update the subnet as VPC automatically adjusts the CIDR of the first subnet based on the second subnet's CIDR
2. The user can modify the first subnet CIDR from the console
 3. Access Mostly Uused Products by 50000+ Subscribers
4. The user can modify the first subnet CIDR with AWS CLI

Correct Answer : Get Lastest Questions and Answer :

Explanation: A Virtual Private Cloud VPC. is a virtual network dedicated to the user's AWS account. A user can create a subnet with VPC and launch instances
inside the subnet. The user can create a subnet with the same size of VPC. However, he cannot create any other subnet since the CIDR of the
second subnet will conflict with the first subnet. The user cannot modify the CIDR of a subnet once it is created. Thus, in this case if required, the
user has to delete the subnet and create new subnets.





Question : A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR
20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is planning to host a web server in the public subnet port 80. and a DB server in
the private subnet port 3306.. The user is configuring a security group for the public subnet WebSecGrp. and the private subnet DBSecGrp..
Which of the below mentioned entries is required in the web server security group WebSecGrp.?
: A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR
1. Configure Destination as DB Security group ID DbSecGrp. for port 3306 Outbound
2. 80 for Destination 0.0.0.0/0 Outbound
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Configure port 80 InBound for source 20.0.0.0/16

Correct Answer : Get Lastest Questions and Answer :

Explanation: A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet to host the web
server and DB server respectively, the user should configure that the instances in the public subnet can receive inbound traffic directly from the
internet. Thus, the user should configure port 80 with source 0.0.0.0/0 in InBound. The user should configure that the instance in the public subnet
can send traffic to the private subnet instances on the DB port. Thus, the user should configure the DB security group of the private subnet
DbSecGrp. as the destination for port 3306 in Outbound.




Related Questions

Question : A user is planning to schedule a backup for an EBS volume. The user wants security of the snapshot data. How can the user achieve data
encryption with a snapshot?
 : A user is planning to schedule a backup for an EBS volume. The user wants security of the snapshot data. How can the user achieve data
1. Use encrypted EBS volumes so that the snapshot will be encrypted by AWS
2. While creating a snapshot select the snapshot with encryption
3. Access Mostly Uused Products by 50000+ Subscribers
4. Enable server side encryption for the snapshot using S3




Question : A user is planning to use AWS services for his web application. If the user is trying to set up his own billing management system for AWS, how
can he configure it?
 : A user is planning to use AWS services for his web application. If the user is trying to set up his own billing management system for AWS, how
1. Set up programmatic billing access. Download and parse the bill as per the requirement
2. It is not possible for the user to create his own billing management service with AWS
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Use AWS billing APIs to download the usage report of each service from the AWS billing console



Question : A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
delete the subnet. What will happen in this scenario?
 : A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. It will delete the subnet and make the EC2 instance as a part of the default subnet
2. It will not allow the user to delete the subnet until the instances are terminated
 3. Access Mostly Uused Products by 50000+ Subscribers
4. The subnet can never be deleted independently, but the user has to delete the VPC first

Ans: 2
Exp : A Virtual Private Cloud (VPC. is a virtual network dedicated to the user's AWS account. A user can create a subnet with VPC and launch instances
inside that subnet. When an instance is launched it will have a network interface attached with it. The user cannot delete the subnet until he
terminates the instance and deletes the network interface.



Question : A user has setup an EBS backed instance and attached EBS volumes to it. The user has setup a
CloudWatch alarm on each volume for the disk data. The user has stopped the EC2 instance and detached the EBS volumes. What will be the
status of the alarms on the EBS volume?
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. OK
2. Insufficient Data
 3. Access Mostly Uused Products by 50000+ Subscribers
4. The EBS cannot be detached until all the alarms are removed
Ans : 2
Exp : Amazon CloudWatch alarm watches a single metric over a time period that the user specifies and performs one or more actions based on the
value of the metric relative to a given threshold over a number of time periods. Alarms invoke actions only for sustained state changes. There are
three states of the alarm: OK, Alarm and Insufficient data. In this case since the EBS is detached and inactive the state will be Insufficient.


Question : A user has launched an EC instance from an instance store backed AMI. The infrastructure team wants to create an AMI from the running
instance. Which of the below mentioned credentials is not required while creating the AMI?
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. AWS account ID
2. X.509 certificate and private key
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Access key and secret access key
Ans : 3
Exp : When the user has launched an EC2 instance from an instance store backed AMI and the admin team wants to create an AMI from it, the user
needs to setup the AWS AMI or the API tools first. Once the tool is setup the user will need the following credentials:
AWS account ID;
AWS access and secret access key;
X.509 certificate with private key.


Question : A user has configured an SSL listener at ELB as well as on the back-end instances. Which of the below
mentioned statements helps the user understand ELB traffic handling with respect to the SSL listener?
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. It is not possible to have the SSL listener both at ELB and back-end instances
2. ELB will modify headers to add requestor details
 3. Access Mostly Uused Products by 50000+ Subscribers
4. ELB will not modify the headers
Ans : 4
Exp : When the user has configured Transmission Control Protocol (TCP. or Secure Sockets Layer (SSL. for both front-end and back-end connections
of the Elastic Load Balancer, the load balancer forwards the request to the back-end instances without modifying the request headers unless the
proxy header is enabled. SSL does not support sticky sessions. If the user has enabled a proxy protocol it adds the source and destination IP to
the header.


Question : A user has created a Cloudformation stack. The stack creates AWS services, such as EC instances, ELB, AutoScaling, and RDS. While creating
the stack it created EC2, ELB and AutoScaling but failed to create RDS. What will Cloudformation do in this scenario?
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. Cloudformation can never throw an error after launching a few services since it verifies all the steps
before launching
2. It will warn the user about the error and ask the user to manually create RDS
 3. Access Mostly Uused Products by 50000+ Subscribers
4. It will wait for the user's input about the error and correct the mistake after the input
Ans : 3
Exp : AWS Cloudformation is an application management tool which provides application modelling, deployment, configuration, management and
related activities. The AWS Cloudformation stack is a collection of AWS resources which are created and managed as a single unit when AWS
CloudFormation instantiates a template. If any of the services fails to launch, Cloudformation will rollback all the changes and terminate or delete
all the created services.



Question : A user is trying to launch an EBS backed EC instance under free usage. The user wants to achieve
encryption of the EBS volume. How can the user encrypt the data at rest?

: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. Use AWS EBS encryption to encrypt the data at rest
2. The user cannot use EBS encryption and has to encrypt the data manually or using a third party tool
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Encryption of volume is not available as a part of the free usage tier
Ans : 2
Exp : AWS EBS supports encryption of the volume while creating new volumes. It supports encryption of the data at rest, the I/O as well as all the
snapshots of the EBS volume. The EBS supports encryption for the selected instance type and the newer generation instances, such as m3, c3,
cr1, r3, g2. It is not supported with a micro instance.


Question : A user has created a VPC with public and private subnets using the VPC wizard. The user has not launched any instance manually and is trying to
delete the VPC. What will happen in this scenario?
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. It will not allow to delete the VPC as it has subnets with route tables
2. It will not allow to delete the VPC since it has a running route instance
 3. Access Mostly Uused Products by 50000+ Subscribers
4. It will not allow to delete the VPC since it has a running NAT instance
Ans : 4
Exp : A Virtual Private Cloud (VPC. is a virtual network dedicated to the user's AWS account. A user can create a subnet with VPC and launch instances
inside that subnet. If the user has created a public private subnet, the instances in the public subnet can receive inbound traffic directly from the
Internet, whereas the instances in the private subnet cannot. If these subnets are created with Wizard, AWS will create a NAT instance with an
elastic IP. If the user is trying to delete the VPC it will not allow as the NAT instance is still running.



Question : An organization is measuring the latency of an application every minute and storing data inside a file in the JSON format. The organization wants
to send all latency data to AWS CloudWatch. How can the organization achieve this?
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. The user has to parse the file before uploading data to CloudWatch
2. It is not possible to upload the custom data to CloudWatch
 3. Access Mostly Uused Products by 50000+ Subscribers
4. The user can use the CloudWatch Import command to import data from the file to CloudWatch
Ans : 3
Exp : AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or
APIs. The user has to always include the namespace as part of the request. If the user wants to upload the custom data from a file, he can supply
file name along with the parameter -- metric-data to command put-metric-data.


Question : A user has setup a billing alarm using CloudWatch for $. The usage of AWS exceeded $ after some days. The user wants to increase the
limit from $200 to $400? What should the user do?
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. Create a new alarm of $400 and link it with the first alarm
2. It is not possible to modify the alarm once it has crossed the usage limit
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Create a new alarm for the additional $200 amount

Ans : 3
Exp : AWS CloudWatch supports enabling the billing alarm on the total AWS charges. The estimated charges are calculated and sent several times
daily to CloudWatch in the form of metric data. This data will be stored for 14 days. This data also includes the estimated charges for every service
in AWS used by the user, as well as the estimated overall AWS charges. If the user wants to increase the limit, the user can modify the alarm and
specify a new threshold.



Question : A sys admin has created the below mentioned policy and applied to an S object named aws.jpg. The aws.jpg is inside a bucket named
hadoopexam. What does this policy define?
"Statement": [{
"Sid": "Stmt1388811069831",
"Effect": "Allow",
"Principal": { "AWS": "*"},
"Action": [ "s3:GetObjectAcl", "s3:ListBucket", "s3:GetObject"],
"Resource": [ "arn:aws:s3:::hadoopexam/*.jpg"]
}]
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. It is not possible to define a policy at the object level
2. It will make all the objects of the bucket hadoopexam as public
 3. Access Mostly Uused Products by 50000+ Subscribers
4. the aws.jpg object as public

Ans : 1
Exp : A system admin can grant permission to the S3 objects or buckets to any user or make objects public using the bucket policy and user policy. Both
use the JSON-based access policy language. Generally if the user is defining the ACL on the bucket, the objects in the bucket do not inherit it and
vice a versa. The bucket policy can be defined at the bucket level which allows the objects as well as the bucket to be public with a single policy
applied to that bucket. It cannot be applied at the object level.


Question : A user is trying to save some cost on the AWS services. Which of the below mentioned options will not help him save cost?
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. Delete the unutilized EBS volumes once the instance is terminated
2. It will make all the objects of the bucket hadoopexam as public
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Delete the AWS ELB after the instances are terminated

Ans : 2
Exp : AWS bills the user on a as pay as you go model. AWS will charge the user once the AWS resource is
allocated. Even though the user is not using the resource, AWS will charge if it is in service or allocated. Thus, it is advised that once the user's
work is completed he should:
Terminate the EC2 instance Delete the EBS volumes Release the unutilized Elastic IPs Delete ELB The AutoScaling launch configuration does
not cost the user. Thus, it will not make any difference to the cost whether it is deleted or not.


Question : A user is trying to aggregate all the CloudWatch metric data of the last week. Which of the below mentioned statistics is not available for the user
as a part of data aggregation?


: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. Aggregate
2. Sum
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Average


Question : An organization is planning to use AWS for their production roll out. The organization wants to implement
automation for deployment such that it will automatically create a LAMP stack, download the latest PHP
installable from S3 and setup the ELB. Which of the below mentioned AWS services meets the quirement for making an orderly deployment of the
software?
 : An organization is planning to use AWS for their production roll out. The organization wants to implement
1. AWS Elastic Beanstalk
2. AWS Cloudfront
 3. Access Mostly Uused Products by 50000+ Subscribers
4. AWS DevOps

Ans : 3
Exp : AWS Cloudformation is an application management tool which provides application modelling, deployment, configuration, management and
related activities. Cloudformation provides an easy way to create and delete the collection of related AWS resources and provision them in an
orderly way. AWS CloudFormation automates and simplifies the task of repeatedly and predictably creating groups of related resources that power
the user's applications. AWS Cloudfront is a CDN; Elastic Beanstalk does quite a few of the required tasks. However, it is a PAAS which uses a
ready AMI. AWS Elastic Beanstalk provides an environment to easily develop and run applications in the cloud.



Question A user has created a subnet with VPC and launched an EC instance in that subnet with only default settings.Which of the below mentioned
options is ready to use on the EC2 instance as soon as it is launched?
: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. Elastic IP
2. Private IP
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Internet gateway

Ans : 2
Exp : A Virtual Private Cloud (VPC. is a virtual network dedicated to a user's AWS account. A subnet is a range of IP addresses in the VPC. The user
can launch the AWS resources into a subnet. There are two supported platforms into which a user can launch instances: EC2-Classic and
EC2-VPC. When the user launches an instance which is not a part of the non-default subnet, it will only have a private IP assigned to it. The
instances part of a subnet can communicate with each other but cannot communicate over the internet or to the AWS services, such as RDS / S3.




Question : An organization is setting up programmatic billing access for their AWS account. Which of the below mentioned services is not required or enabled
when the organization wants to use programmatic access?
: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. Programmatic access
2. AWS bucket to hold the billing report
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Monthly Billing report
Ans : 3
Exp : AWS provides an option to have programmatic access to billing. Programmatic Billing Access leverages the existing Amazon Simple Storage
Service (Amazon S3. APIs. Thus, the user can build applications that reference his billing data from a CSV (comma-separated value. file stored in
an Amazon S3 bucket. To enable programmatic access, the user has to first enable the monthly billing report. Then the user needs to provide an
AWS bucket name where the billing CSV will be uploaded. The user should also enable the Programmatic access option.



Question A user has configured the Auto Scaling group with the minimum capacity as and the maximum capacity as . When the user configures the AS
group, how many instances will Auto Scaling launch?
: An organization is planning to use AWS for their production roll out. The organization wants to implement

1. 3
2. 0
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 2



Ans : 3
Exp : When the user configures the launch configuration and the Auto Scaling group, the Auto Scaling group will start instances by launching the
minimum number (or the desired number, if specified. of EC2 instances. If there are no other scaling conditions attached to the Auto Scaling group,
it will maintain the minimum number of running instances at all times.



Question : An admin is planning to monitor the ELB. Which of the below mentioned services does not help the admin capture the monitoring information
about the ELB activity?

: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. ELB Access logs
2. ELB health check
 3. Access Mostly Uused Products by 50000+ Subscribers
4. ELB API calls with CloudTrail


Ans : 2
Exp : The admin can capture information about Elastic Load Balancer using either:
CloudWatch Metrics ELB Logs files which are stored in the S3 bucket CloudTrail with API calls which can notify the user as well generate logs for
each API calls The health check is internally performed by ELB and does not help the admin get the ELB activity.



Question : A user is planning to use AWS Cloudformation. Which of the below mentioned functionalities does not help him to correctly understand
Cloudfromation?

: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. Cloudformation follows the DevOps model for the creation of Dev & Test
2. AWS Cloudfromation does not charge the user for its service but only charges for the AWS resources
created with it
 3. Access Mostly Uused Products by 50000+ Subscribers
ELB, etc
4. CloudFormation provides a set of application bootstrapping scripts which enables the user to install
Software

Ans : 1
Exp : AWS Cloudformation is an application management tool which provides application modelling, deployment, configuration, management and
related activities. It supports a wide variety of AWS services, such as EC2, EBS, AS, ELB, RDS, VPC, etc. It also provides application
bootstrapping scripts which enable the user to install software packages or create folders. It is free of the cost and only charges the user for the
services created with it. The only challenge is that it does not follow any model, such as DevOps; instead customers can define templates and use
them to provision and manage the AWS resources in an orderly way.



Question : A user has launched instances from the same AMI ID using Auto Scaling. The user is trying to see the
average CPU utilization across all instances of the last 2 weeks under the CloudWatch console.
How can the user achieve this?
: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. View the Auto Scaling CPU metrics
2. Aggregate the data over the instance AMI ID
 3. Access Mostly Uused Products by 50000+ Subscribers
4. It is not possible to see the average CPU utilization of the same AMI ID since the instance ID is different

Ans : 2
Exp : Amazon CloudWatch is basically a metrics repository. Either the user can send the custom data or an AWS product can put metrics into the
repository, and the user can retrieve the statistics based on those metrics. The statistics are metric data aggregations over specified periods of
time. Aggregations are made using the namespace, metric name, dimensions, and the data point unit of measure, within the time period that is
specified by the user. To aggregate the data across instances launched with AMI, the user should select the AMI ID under EC2 metrics and select
the aggregate average to view the data.



Question : A user is trying to understand AWS SNS. To which of the below mentioned end points is SNS unable to send a notification?
: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. Email JSON
2. HTTP
 3. Access Mostly Uused Products by 50000+ Subscribers
4. AWS SES
Ans : 4
Exp : Amazon Simple Notification Service (Amazon SNS. is a fast, flexible, and fully managed push messaging service. Amazon SNS can deliver
notifications by SMS text message or email to the Amazon Simple Queue Service (SQS. queues or to any HTTP endpoint. The user can select
one the following transports as part of the subscription requests: "HTTP", "HTTPS","Email", "Email- JSON", "SQS", "and SMS".



Question : A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring on Auto Scaling. Which of the
below mentioned statements will help the user understand the functionality better?
: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. It is not possible to setup detailed monitoring for Auto Scaling
2. In this case, Auto Scaling will send data every minute and will charge the user extra
 3. Access Mostly Uused Products by 50000+ Subscribers

4. Auto Scaling sends data every minute only and does not charge the user
Ans : 2
Exp : CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed
monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed
monitoring a service sends data points to CloudWatch every minute. Auto Scaling includes 7 metrics and 1 dimension, and sends data to
CloudWatch every 5 minutes by default. The user can enable detailed monitoring for Auto Scaling, which sends data to CloudWatch every minute.
However, this will have some extra-costs.




Question : A system admin is planning to setup event notifications on RDS. Which of the below mentioned services will help the admin setup notifications?
: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. AWS SES
2. AWS Cloudtrail
 3. Access Mostly Uused Products by 50000+ Subscribers
4. AWS SNS

Ans : 4
Exp : Amazon RDS uses the Amazon Simple Notification Service to provide a notification when an Amazon RDS event occurs. These notifications can
be in any notification form supported by Amazon SNS for an AWS region, such as an email, a text message or a call to an HTTP endpoint



Question : You are building an online store on AWS that uses SQS to process your customer orders. Your backend system needs those messages in the
same sequence the customer orders have been put in. How can you achieve that?

: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. It is not possible to do this with SQS
2. You can use sequencing information on each message
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Messages will arrive in the same order by default
Ans : 2
Exp : Amazon SQS is engineered to always be available and deliver messages. One of the resulting tradeoffs is that SQSdoes not guarantee first in,
first out delivery of messages. For many distributed applications, each message can stand on its own, and as long as all messages are delivered,
the order is not important. If your system requires that order be preserved, you can place sequencing information in each message, so that you
can reorder the messages when the queue returns them.








Question : An organization wants to move to Cloud. They are looking for a secure encrypted database storage option. Which of the below mentioned AWS
functionalities helps them to achieve this?

: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. AWS MFA with EBS
2. AWS EBS encryption
 3. Access Mostly Uused Products by 50000+ Subscribers
4. AWS S3 server side storage

Ans : 2
Exp : AWS EBS supports encryption of the volume while creating new volumes. It also supports creating volumes from existing snapshots provided the
snapshots are created from encrypted volumes. The data at rest, the I/O as well as all the snapshots of EBS will be encrypted. The encryption
occurs on the servers that host the EC2 instances, providing encryption of data as it moves between the EC2 instances and EBS storage. EBS
encryption is based on the AES-256 cryptographic algorithm, which is the industry standard




Question : A user wants to disable connection draining on an existing ELB. Which of the below mentioned statements helps the user disable connection
draining on the ELB?

: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. The user can only disable connection draining from CLI
2. It is not possible to disable the connection draining feature once enabled
 3. Access Mostly Uused Products by 50000+ Subscribers
4. The user needs to stop all instances before disabling connection draining

Ans : 3
Exp : The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the
instances are deregistering or become unhealthy, while ensuring that inflight requests continue to be served. The user can enable or disable
connection draining from the AWS EC2 console -> ELB or using CLI.



Question : A user has a refrigerator plant. The user is measuring the temperature of the plant every minutes. If the user wants to send the data to
CloudWatch to view the data visually, which of the below mentioned statements is true with respect to the information given above?

: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. The user needs to use AWS CLI or API to upload the data
2. The user can use the AWS Import Export facility to import data to CloudWatch
 3. Access Mostly Uused Products by 50000+ Subscribers
4. The user cannot upload data to CloudWatch since it is not an AWS service metric
Ans : 1
Exp : AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or
APIs. While sending the data the user has to include the metric name, namespace and timezone as part of the request.



Question A system admin is managing buckets, objects and folders with AWS S. Which of the below mentioned statements is true and should be taken in
consideration by the sysadmin?

: An organization is planning to use AWS for their production roll out. The organization wants to implement

1. The folders support only ACL
2. The user can use the AWS Import Export facility to import data to CloudWatch
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Both the object and bucket can have ACL but folders cannot have ACL
Ans : 1
Exp : A sysadmin can grant permission to the S3 objects or the buckets to any user or make objects public using the bucket policy and user policy. Both
use the JSON-based access policy language. Generally if user is defining the ACL on the bucket, the objects in the bucket do not inherit it and
vice a versa. The bucket policy can be defined at the bucket level which allows the objects as well as the bucket to be public with a single policy
applied to that bucket. It cannot be applied at the object level. The folders are similar to objects with no content. Thus, folders can have only ACL
and cannot have a policy.



Question : A user has created an ELB with three instances. How many security groups will ELB create by default?
: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. 3
2. 5
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 1
Ans : 3
Exp : Elastic Load Balancing provides a special Amazon EC2 source security group that the user can use to ensure that back-end EC2 instances
receive traffic only from Elastic Load Balancing. This feature needs two security groups: the source security group and a security group that
defines the ingress rules for the back-end instances. To ensure that traffic only flows between the load balancer and the back-end instances, the
user can add or modify a rule to the back-end security group which can limit the ingress traffic. Thus, it can come only from the source security
group provided by Elastic load Balancing.



Question : An organization has created IAM users. The organization wants that each user can change their password but cannot change their access
keys. How can the organization achieve this?
: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. The organization has to create a special password policy and attach it to each user
2. The root account owner has to use CLI which forces each IAM user to change their password on first login
 3. Access Mostly Uused Products by 50000+ Subscribers
4. The root account owner can set the policy from the IAM console under the password policy screen

Ans : 4
Exp : With AWS IAM, organizations can use the AWS Management Console to display, create, change or delete a password policy. As a part of
managing the password policy, the user can enable all users to manage their own passwords. If the user has selected the option which allows the
IAM users to modify their password, he does not need to set a separate policy for the users. This option in the AWS console allows changing only
the password.



Question : A user has created a photo editing software and hosted it on EC. The software accepts requests from the user about the photo format and
resolution and sends a message to S3 to enhance the picture accordingly.Which of the below mentioned AWS services will help make a scalable
software with the AWS infrastructure in this scenario?

: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. AWS Glacier
2. AWS Elastic Transcoder
 3. Access Mostly Uused Products by 50000+ Subscribers
4. AWS Simple Queue Service
Ans : 4
Exp : Amazon Simple Queue Service (SQS. is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and
cost-effective way to decouple the components of an application. The user can configure SQS, which will decouple the call between the EC2
application and S3. Thus, the application does not keep waiting for S3 to provide the data.



Question : An application is generating a log file every minutes. The log file is not critical but may be required only for verification in case of some major
issue. The file should be accessible over the internet whenever required. Which of the below mentioned options is a best possible storage solution
for it?

: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. AWS S3
2. AWS Glacier
 3. Access Mostly Uused Products by 50000+ Subscribers
4. AWS RRS
Ans : 4
Exp : Amazon S3 stores objects according to their storage class. There are three major storage classes:
Standard, Reduced Redundancy Storage and Glacier. Standard is for AWS S3 and provides very high durability. However, the costs are a little
higher. Glacier is for archival and the files are not available over the internet. Reduced Redundancy Storage is for less critical files. Reduced
Redundancy is little cheaper as it provides less durability in comparison to S3. In this case since the log files are not mission critical files, RRS will
be a better option.



Question : A user has created a VPC with CIDR .../. The user has created a public subnet with CIDR .../. The user is trying to create the
private subnet with CIDR 20.0.0.128/25. Which of the below mentioned statements is true in this scenario?

: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. It will not allow the user to create the private subnet due to a CIDR overlap
2. It will allow the user to create a private subnet with CIDR as 20.0.0.128/25
 3. Access Mostly Uused Products by 50000+ Subscribers
4. It will not allow the user to create a private subnet due to a wrong CIDR range


Ans : 2
Exp : When the user creates a subnet in VPC, he specifies the CIDR block for the subnet. The CIDR block of a subnet can be the same as the CIDR
block for the VPC for a single subnet in the VPC., or a subset to enable multiple subnets.. If the user creates more than one subnet in a VPC, the
CIDR blocks of the subnets must not overlap. Thus, in this case the user has created a VPC with the CIDR block 20.0.0.0/24, which supports 256
IP addresses 20.0.0.0 to 20.0.0.255.. The user can break this CIDR block into two subnets, each supporting 128 IP addresses. One subnet uses
the CIDR block 20.0.0.0/25 for addresses 20.0.0.0 - 20.0.0.127. and the other uses the CIDR block 20.0.0.128/25 for addresses 20.0.0.128 -
20.0.0.255..



Question : A user has created an S bucket which is not publicly accessible. And in bucket there are thirty objects which are also private. If the user wants to
make the objects public, how can he configure this with minimal efforts?
: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. The user should select all objects from the console and apply a single policy to mark them public
2. The user can write a program which programmatically makes all objects public using S3 SDK
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Make the bucket ACL as public so it will also mark all objects as public


Ans : 3
Exp : A system admin can grant permission of the S3 objects or buckets to any user or make the objects public using the bucket policy and user policy.
Both use the JSON-based access policy language. Generally if the user is defining the ACL on the bucket, the objects in the bucket do not inherit
it and vice a versa. The bucket policy can be defined at the bucket level which allows the objects as well as the bucket to be public with a single
policy applied to that bucket.



Question : A sys admin is maintaining an application on AWS. The application is installed on EC and user has configured ELB and Auto Scaling.
Considering future load increase, the user is planning to launch new servers proactively so that they get registered with ELB. How can the user
add these instances with Auto Scaling?

: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. Increase the desired capacity of the Auto Scaling group
2. Increase the maximum limit of the Auto Scaling group
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Decrease the minimum limit of the Auto Scaling grou
Ans : 1
Exp : A user can increase the desired capacity of the Auto Scaling group and Auto Scaling will launch a new instance as per the new capacity. The
newly launched instances will be registered with ELB if Auto Scaling group is configured with ELB. If the user decreases the minimum size the
instances will be removed from Auto Scaling. Increasing the maximum size will not add instances but only set the maximum instance cap.







Question : An organization, which has the AWS account ID as , has created IAM users. All the users are added to the same group
hadoopexam. If the organization has enabled that each IAM user can login with the AWS console, which AWS login URL will the IAM users use?
: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. https:// 999988887777.signin.aws.amazon.com/console/
2. https:// signin.aws.amazon.com/hadoopexam/
 3. Access Mostly Uused Products by 50000+ Subscribers
4. https:// 999988887777.aws.amazon.com/ hadoopexam/

Ans : 1
Exp : AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS
services. Once the organization has created the IAM users, they will have a separate AWS console URL to login to the AWS console. The console
login URL for the IAM user will be https:// AWS_Account_ID.signin.aws.amazon.com/console/. It uses only the AWS account ID and does not
depend on the group or user ID.



Question : A user has setup connection draining with ELB to allow in-flight requests to continue while the instance is being deregistered through Auto Scaling.
If the user has not specified the draining time, how long will ELB allow inflight requests traffic to continue?
: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. 600 seconds
2. 3600 seconds
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 0 seconds
Ans : 3
Exp : The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the
instances are deregistering or become unhealthy, while ensuring that inflight requests continue to be served. The user can specify a maximum
time 3600 seconds. for the load balancer to keep the connections alive before reporting the instance as deregistered. If the user does not specify
the maximum timeout period, by default, the load balancer will close the connections to the deregistering instance after 300 seconds.



Question : An organization has created IAM users. The organization has introduced a new policy which will change the access of an IAM user. How can
the organization implement this effectively so that there is no need to apply the policy at the individual user level?
: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. Use the IAM groups and add users as per their role to different groups and apply policy to group
2. The user can create a policy and apply it to multiple users in a single go with the AWS CLI
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Use the IAM role and implement access at the role level

Ans : 1
Exp : With AWS IAM, a group is a collection of IAM users. A group allows the user to specify permissions for a
collection of users, which can make it easier to manage the permissions for those users. A group helps an organization manage access in a better
way; instead of applying at the individual level, the organization can apply at the group level which is applicable to all the users who are a part of
that group.



Question : A user is planning to use AWS Cloud formation for his automatic deployment requirements. Which of the below mentioned components are
required as a part of the template?
: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. Parameters
2. Outputs
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Resources

Ans : 4
Exp : AWS Cloud formation is an application management tool which provides application modelling, deployment, configuration, management and
related activities. The template is a JSON-format, text-based file that describes all the AWS resources required to deploy and run an application. It
can have option fields, such as Template Parameters, Output, Data tables, and Template file format version. The only mandatory value is
Resource. The user can define the AWS services which will be used/ created by this template inside the Resource section



Question : A user has recently started using EC. The user launched one EC instance in the default subnet in EC-VPC Which of the below mentioned
options is not attached or available with the EC2 instance when it is launched?

: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. Public IP address
2. Internet gateway
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Private IP address



Ans : 3
Exp : A Virtual Private Cloud VPC. is a virtual network dedicated to a user's AWS account. A subnet is a range of IP addresses in the VPC. The user
can launch the AWS resources into a subnet. There are two supported platforms into which a user can launch instances: EC2-Classic and
EC2-VPC default subnet.. A default VPC has all the benefits of EC2-VPC and the ease of use of EC2- Classic. Each instance that the user
launches into a default subnet has a private IP address and a public IP address. These instances can communicate with the internet through an
internet gateway. An internet gateway enables the EC2 instances to connect to the internet through the Amazon EC2 network edge.

Elastic IP will not be available to this instance by default, you have to explicitely reserve an Elastic IP and then you can attach that
EIP to your EC2 instance. Once EIP is attached to EC2 instance, public IP will be released from that instance.




Question : A user has launched an EC instance. The user is planning to setup the CloudWatch alarm.
Which of the
below mentioned actions is not supported by the CloudWatch alarm?


: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. Notify the Auto Scaling launch config to scale up
2. Send an SMS using SNS
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Stop the EC2 instance
5. None of the above
Ans : 5
Exp : A user can create a CloudWatch alarm that takes various actions when the alarm changes state. An alarm watches a single metric over the time
period that the user has specified, and performs one or more actions based on the value of the metric relative to a given threshold over a number
of time periods. The actions could be sending a notification to an Amazon Simple Notification Service topic (SMS, Email, and HTTP end
point.,notifying the Auto Scaling policy or changing the state of the instance to Stop/Terminate.



Question : A user is trying to delete an Auto Scaling group from CLI. Which of the below mentioned steps are to be performed by the user?
: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. Terminate the instances with the ec2-terminate-instance command
2. Terminate the Auto Scaling instances with the as-terminate-instance command
 3. Access Mostly Uused Products by 50000+ Subscribers
4. There is no need to change the capacity. Run the as-delete-group command and it will reset all values to 0
Ans : 3
Exp : If the user wants to delete the Auto Scaling group, the user should manually set the values of the minimum and desired capacity to 0. Otherwise
Auto Scaling will not allow for the deletion of the group from CLI. While trying from the AWS console, the user need not set the values to 0 as the
Auto Scaling console will automatically do so.



Question : An organization is planning to create different AWS accounts considering various security requirements. Ans also wants to use a single
payee account by using the consolidated billing option. Which of the below mentioned statements is true with respect to the above information?
: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. Master Payee account will get only the total bill and cannot see the cost incurred by each account
2. Master Payee account can view only the AWS billing details of the linked accounts
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Each AWS account needs to create an AWS billing policy to provide permission to the payee account
Ans : 2
Exp : AWS consolidated billing enables the organization to consolidate payments for multiple Amazon Web Services accounts within a single
organization by making a single paying account. Consolidated billing enables the organization to see a combined view of the AWS charges
incurred by each account as well as obtain a detailed cost report for each of the individual AWS accounts associated with the paying account. The
payee account will not have any other access than billing data of linked accounts.



Question : A user has deployed an application on his private cloud. The user is using his own monitoring tool. He wants to configure that whenever there is
an error, the monitoring tool should notify him via SMS. Which of the below mentioned AWS services will help in this scenario?
: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. AWS SMS
2. AWS SNS
 3. Access Mostly Uused Products by 50000+ Subscribers
4. None because the user infrastructure is in the private cloud

Ans : 2
Exp : Amazon Simple Notification Service Amazon SNS. is a fast, flexible, and fully managed push messaging service. Amazon SNS can be used to
make push notifications to mobile devices. Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue
Service SQS queues or to any HTTP endpoint. In this case user can use the SNS apis to send SMS.





Question : A user has created a web application with Auto Scaling. The user is regularly monitoring the application and he observed that the traffic is highest
on Thursday and Friday between 8 AM to 6 PM. What is the best solution to handle scaling in this case?
: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. Add a new instance manually by 8 AM Thursday and terminate the same by 6 PM Friday
2. Schedule Auto Scaling to scale up by 8 AM Thursday and scale down after 6 PM on Friday
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Configure a batch process to add a instance by 8 AM and remove it by Friday 6 PM

Ans : 2
Exp : Auto Scaling based on a schedule allows the user to scale the application in response to predictable load changes. In this case the load increases
by Thursday and decreases by Friday. Thus, the user can setup the scaling activity based on the predictable traffic patterns of the web application
using Auto Scaling scale by Schedule.



Question : A user has setup a CloudWatch alarm on an EC action when the CPU utilization is above %. The alarm sends a notification to SNS on the
alarm state. If the user wants to simulate the alarm action how can he achieve this?

: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. Run activities on the CPU such that its utilization reaches above 75%
2. From the AWS console change the state to 'Alarm'
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Run the SNS action manually
Ans : 3
Exp : Amazon CloudWatch alarms watch a single metric over a time period that the user specifies and performs one or more actions based on the value
of the metric relative to a given threshold over a number of time periods.The user can test an alarm by setting it to any state using the
SetAlarmState API mon-set-alarm-state command. This temporary state change lasts only until the next alarm comparison occurs.



Question : A user is trying to setup a scheduled scaling activity using Auto Scaling. The user wants to setup the recurring schedule. Which of the below
mentioned parameters is not required in this case?

: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. Maximum size
2. Auto Scaling group name
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Recurrence value


Ans : 3
Exp : Auto Scaling based on a schedule allows the user to scale the application in response to predictable load changes. The user can also configure
the recurring schedule action which will follow the Linux cron format. If the user is setting a recurring event, it is required that the user specifies the
Recurrence value in a cron format, end time not compulsory but recurrence will stop after this. and the Auto Scaling group for which the scaling activity is to be scheduled.



Question : Amazon Web Services provides INGRESS or EGRESS filtering on all incoming and outgoing data traffic.

: An organization is planning to use AWS for their production roll out. The organization wants to implement
1. true
2. false



Question : Amazon SQS (Simple Queue Service) guarantees delivery of AT LEAST message but cannot guarantee it will not create duplicates.


 : Amazon SQS (Simple Queue Service) guarantees delivery of AT LEAST message but cannot guarantee it will not create duplicates.
1. True
2. False



Question :

Amazon SQS max message size is ______.


 :
1. 64KB
2. 128KB
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 256KB