Premium

AWS Certified SysOps Administrator - Associate Questions and Answers (Dumps and Practice Questions)



Question : A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR
20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is planning to host a web server in the public subnet with port 80 and a DB server in
the private subnet with port 3306. The user is configuring a security group for the public subnet WebSecGrp and the private subnet DBSecGrp.
Which of the below mentioned entries is required in the private subnet database security group DBSecGrp.?
: A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR
1. Allow Inbound on port 3306 for Source Web Server Security Group WebSecGrp.
2. Allow Inbound on port 3306 from source 20.0.0.0/16
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Allow Outbound on port 80 for Destination NAT Instance IP


Correct Answer : Get Lastest Questions and Answer :

Explanation: A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet to host the web
server and DB server respectively, the user should configure that the instances in the private subnet can receive inbound traffic from the public
subnet on the DB port. Thus, configure port 3306 in Inbound with the source as the Web Server Security Group WebSecGrp. The user should
configure ports 80 and 443 for Destination 0.0.0.0/0 as the route table directs traffic to the NAT instance from the private subnet.







Question : A user has created a VPC with CIDR .../ using the wizard. The user has created public and VPN only subnets along with hardware VPN
access to connect to the user's data centre. The user has not yet launched any instance as well as modified or deleted any setup. He wants to
delete this VPC from the console. Will the console allow the user to delete the VPC?
: A user has created a VPC with CIDR .../ using the wizard. The user has created public and VPN only subnets along with hardware VPN
1. Yes, the console will delete all the setups and also delete the virtual private gateway
2. No, the console will ask the user to manually detach the virtual private gateway first and then allow deleting the VPC
 3. Access Mostly Uused Products by 50000+ Subscribers
4. No, since the NAT instance is running


Correct Answer : Get Lastest Questions and Answer :
Exp: The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a
public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with
Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the virtual private gateway is attached with VPC and the user
deletes the VPC from the console it will first detach the gateway automatically and only then delete the VPC.












Question : What is the below cloudwatch command mean

Prompt>aws cloudwatch put-metric-alarm --alarm-name lb-mon --alarm-description "Alarm when Latency exceeds 100ms" --metric-name Latency
--namespace AWS/ELB --statistic Average --period 60 --threshold 100 --comparison-operator GreaterThanThreshold
--dimensions Name=LoadBalancerName,Value=my-server --evaluation-periods 3 --alarm-actions arn:aws:sns:us-east-1:1234567890:my-topic --unit Milliseconds

: What is the below cloudwatch command mean
1. To send an Amazon Simple Notification Service email message when LoadBalancer Latency Exceeds 100 milliseconds and 100 times
2. To send an Amazon Simple Notification Service email message when LoadBalancer Latency Exceeds 100 milliseconds and 10 times
 3. Access Mostly Uused Products by 50000+ Subscribers

Correct Answer : Get Lastest Questions and Answer :
To send an Amazon Simple Notification Service email message when LoadBalancer Latency Exceeds 100 milliseconds
1. Create an Amazon Simple Notification Service topic.
2. Create the alarm.
Prompt>aws cloudwatch put-metric-alarm --alarm-name lb-mon --alarm-description "Alarm when Latency exceeds 100ms" --metric-name Latency --namespace AWS/ELB --statistic Average
--period 60 --threshold 100 --comparison-operator GreaterThanThreshold --dimensions Name=LoadBalancerName,Value=my-server --evaluation-periods 3 --alarm-actions s
arn:aws:sns:us-east-1:1234567890:my-topic --unit Milliseconds
The AWS CLI returns to the command prompt if the command succeeds.
3. Access Mostly Uused Products by 50000+ Subscribers
" Force an alarm state change to ALARM:
" Prompt>aws cloudwatch set-alarm-state --alarm-name lb-mon --state-reason "initializing" --state OK
Prompt>aws cloudwatch set-alarm-state --alarm-name lb-mon --state-reason "initializing" --state ALARM
The AWS CLI returns to the command prompt if the command succeeds.
" Check that an email has been received.






Related Questions

Question : Your EC-Based Multi-tier application includes a monitoring instance that periodically makes application-level read only requests of various application components and
if any of those fail more than three times in 30 seconds calls. CloudWatch to fire an alarm, and the alarm notifies your operations team by email and SMS of a possible application
health problem. However, you also need to watch the watcher the monitoring instance itself - and be notified if it becomes unhealthy.
Which of the following Is a simple way to achieve that goal?
 : Your EC-Based Multi-tier application includes a monitoring instance that periodically makes application-level read only requests of various application components and
1. Run another monitoring instance that pings the monitoring instance and fires a could watch alarm mat notifies your operations teamshould the primary monitoring
instance become unhealthy.
2. Set a Cloud Watch alarm based on EC2 system and instance status checks and have the alarm notify your operations team of any detected problem with the monitoring
instance.
 3. Access Mostly Uused Products by 50000+ Subscribers
than one minute: then have your monitoring application go into a CPU-bound loop should Detect any application problems.
4. Have the monitoring instances post messages to an SQS queue and then dequeue those messages on another instance should the queue cease to have new messages, the second
instance should first terminate the original monitoring instance start another backup monitoring instance and assume the role of the previous monitoring instance and beginning adding
messages to the SQS queue.



Question : You have decided to change the Instance type for instances running In your application tier that
are using Auto Scaling.
In which area below would you change the instance type definition?
 : You have decided to change the Instance type for instances running In your application tier that
1. Auto Scaling launch configuration
2. Auto Scaling group
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Auto Scaling tags


Question : You are attempting to connect to an instance in Amazon VPC without success You have already
verified that the VPC has an Internet Gateway (IGW) the instance has an associated Elastic IP
(EIP) and correct security group rules are in place.
Which VPC component should you evaluate next?
 : You are attempting to connect to an instance in Amazon VPC without success You have already
1. The configuration of a NAT instance
2. The configuration of the Routing Table
 3. Access Mostly Uused Products by 50000+ Subscribers
4. The configuration of SRC'DST checking



Question : You are tasked with the migration of a highly trafficked Node JS application to AWS. In order to comply with organizational standards. Chef recipes must be used to
configure the application servers that host this application and to support application lifecycle events. Which deployment option meets these requirements while minimizing
administrative burden?
 : You are tasked with the migration of a highly trafficked Node JS application to AWS. In order to comply with organizational standards. Chef recipes must be used to
1. Create a new stack within Opsworks add the appropriate layers to the stack and deploy the application
2. Create a new application within Elastic Beanstalk and deploy this application to a new environment
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Launch and configure Chef Server on an EC2 instance and leverage the AWS CLI to launch
application servers and configure those instances using Chef.


Question : You have been asked to automate many routine systems administrator backup and recovery
activities Your current plan is to leverage AWS-managed solutions as much as possible and
automate the rest with the AWS CU and scripts.
Which task would be best accomplished with a script?
 : You have been asked to automate many routine systems administrator backup and recovery
1. Creating daily EBS snapshots with a monthly rotation of snapshots
2. Creating daily RDS snapshots with a monthly rotation of snapshots
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Automatically add Auto Scaled EC2 instances to an Amazon Elastic Load Balancer



Question : Your organization's security policy requires that all privileged users either use frequently rotated
passwords or one-time access credentials in addition to username/password.
Which two of the following options would allow an organization to enforce this policy for AWS
users?
Choose 2 answers
A. Configure multi-factor authentication for privileged IAM users
B. Create IAM users for privileged accounts
C. Implement identity federation between your organization's Identity provider leveraging the IAM Security Token Service
D. Enable the IAM single-use password policy option for privileged users


 : Your organization's security policy requires that all privileged users either use frequently rotated
1. A,C
2. C,D
 3. Access Mostly Uused Products by 50000+ Subscribers
4. A,D