Premium

AWS Certified SysOps Administrator - Associate Questions and Answers (Dumps and Practice Questions)



Question : A user is planning to schedule a backup for an EBS volume. The user wants security of the snapshot data. How can the user achieve data
encryption with a snapshot?
: A user is planning to schedule a backup for an EBS volume. The user wants security of the snapshot data. How can the user achieve data
1. Use encrypted EBS volumes so that the snapshot will be encrypted by AWS
2. While creating a snapshot select the snapshot with encryption
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Enable server side encryption for the snapshot using S3



Correct Answer : Get Lastest Questions and Answer :

Explanation: AWS EBS supports encryption of the volume. It also supports creating volumes from existing snapshots
provided the snapshots are created from encrypted volumes. The data at rest, the I/O as well as all the
snapshots of the encrypted EBS will also be encrypted. EBS encryption is based on the AES-256 cryptographic algorithm, which is the industry
standard.




Question : A user is planning to use AWS services for his web application. If the user is trying to set up his own billing management system for AWS, how
can he configure it?
: A user is planning to use AWS services for his web application. If the user is trying to set up his own billing management system for AWS, how
1. Set up programmatic billing access. Download and parse the bill as per the requirement
2. It is not possible for the user to create his own billing management service with AWS
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Use AWS billing APIs to download the usage report of each service from the AWS billing console


Correct Answer : Get Lastest Questions and Answer :


Explanation: AWS provides an option to have programmatic access to billing. Programmatic Billing Access leverages the existing Amazon Simple Storage
Service (Amazon S3. APIs. Thus, the user can build applications that reference his billing data from a CSV (comma-separated value. file stored in
an Amazon S3 bucket. AWS will upload the bill to the bucket every few hours and the user can download the bill CSV from the bucket, parse itand
create a billing system as per the requirement.






Question : A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
delete the subnet. What will happen in this scenario?
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. It will delete the subnet and make the EC2 instance as a part of the default subnet
2. It will not allow the user to delete the subnet until the instances are terminated
 3. Access Mostly Uused Products by 50000+ Subscribers
4. The subnet can never be deleted independently, but the user has to delete the VPC first

Ans: 2
Exp : A Virtual Private Cloud (VPC. is a virtual network dedicated to the user's AWS account. A user can create a subnet with VPC and launch instances
inside that subnet. When an instance is launched it will have a network interface attached with it. The user cannot delete the subnet until he
terminates the instance and deletes the network interface.



Question : A user has setup an EBS backed instance and attached EBS volumes to it. The user has setup a
CloudWatch alarm on each volume for the disk data. The user has stopped the EC2 instance and detached the EBS volumes. What will be the
status of the alarms on the EBS volume?
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. OK
2. Insufficient Data
 3. Access Mostly Uused Products by 50000+ Subscribers
4. The EBS cannot be detached until all the alarms are removed
Ans : 2
Exp : Amazon CloudWatch alarm watches a single metric over a time period that the user specifies and performs one or more actions based on the
value of the metric relative to a given threshold over a number of time periods. Alarms invoke actions only for sustained state changes. There are
three states of the alarm: OK, Alarm and Insufficient data. In this case since the EBS is detached and inactive the state will be Insufficient.


Question : A user has launched an EC instance from an instance store backed AMI. The infrastructure team wants to create an AMI from the running
instance. Which of the below mentioned credentials is not required while creating the AMI?
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. AWS account ID
2. X.509 certificate and private key
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Access key and secret access key
Ans : 3
Exp : When the user has launched an EC2 instance from an instance store backed AMI and the admin team wants to create an AMI from it, the user
needs to setup the AWS AMI or the API tools first. Once the tool is setup the user will need the following credentials:
AWS account ID;
AWS access and secret access key;
X.509 certificate with private key.


Question : A user has configured an SSL listener at ELB as well as on the back-end instances. Which of the below
mentioned statements helps the user understand ELB traffic handling with respect to the SSL listener?
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. It is not possible to have the SSL listener both at ELB and back-end instances
2. ELB will modify headers to add requestor details
 3. Access Mostly Uused Products by 50000+ Subscribers
4. ELB will not modify the headers
Ans : 4
Exp : When the user has configured Transmission Control Protocol (TCP. or Secure Sockets Layer (SSL. for both front-end and back-end connections
of the Elastic Load Balancer, the load balancer forwards the request to the back-end instances without modifying the request headers unless the
proxy header is enabled. SSL does not support sticky sessions. If the user has enabled a proxy protocol it adds the source and destination IP to
the header.


Question : A user has created a Cloudformation stack. The stack creates AWS services, such as EC instances, ELB, AutoScaling, and RDS. While creating
the stack it created EC2, ELB and AutoScaling but failed to create RDS. What will Cloudformation do in this scenario?
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. Cloudformation can never throw an error after launching a few services since it verifies all the steps
before launching
2. It will warn the user about the error and ask the user to manually create RDS
 3. Access Mostly Uused Products by 50000+ Subscribers
4. It will wait for the user's input about the error and correct the mistake after the input
Ans : 3
Exp : AWS Cloudformation is an application management tool which provides application modelling, deployment, configuration, management and
related activities. The AWS Cloudformation stack is a collection of AWS resources which are created and managed as a single unit when AWS
CloudFormation instantiates a template. If any of the services fails to launch, Cloudformation will rollback all the changes and terminate or delete
all the created services.



Question : A user is trying to launch an EBS backed EC instance under free usage. The user wants to achieve
encryption of the EBS volume. How can the user encrypt the data at rest?

: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. Use AWS EBS encryption to encrypt the data at rest
2. The user cannot use EBS encryption and has to encrypt the data manually or using a third party tool
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Encryption of volume is not available as a part of the free usage tier
Ans : 2
Exp : AWS EBS supports encryption of the volume while creating new volumes. It supports encryption of the data at rest, the I/O as well as all the
snapshots of the EBS volume. The EBS supports encryption for the selected instance type and the newer generation instances, such as m3, c3,
cr1, r3, g2. It is not supported with a micro instance.


Question : A user has created a VPC with public and private subnets using the VPC wizard. The user has not launched any instance manually and is trying to
delete the VPC. What will happen in this scenario?
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. It will not allow to delete the VPC as it has subnets with route tables
2. It will not allow to delete the VPC since it has a running route instance
 3. Access Mostly Uused Products by 50000+ Subscribers
4. It will not allow to delete the VPC since it has a running NAT instance
Ans : 4
Exp : A Virtual Private Cloud (VPC. is a virtual network dedicated to the user's AWS account. A user can create a subnet with VPC and launch instances
inside that subnet. If the user has created a public private subnet, the instances in the public subnet can receive inbound traffic directly from the
Internet, whereas the instances in the private subnet cannot. If these subnets are created with Wizard, AWS will create a NAT instance with an
elastic IP. If the user is trying to delete the VPC it will not allow as the NAT instance is still running.



Question : An organization is measuring the latency of an application every minute and storing data inside a file in the JSON format. The organization wants
to send all latency data to AWS CloudWatch. How can the organization achieve this?
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. The user has to parse the file before uploading data to CloudWatch
2. It is not possible to upload the custom data to CloudWatch
 3. Access Mostly Uused Products by 50000+ Subscribers
4. The user can use the CloudWatch Import command to import data from the file to CloudWatch
Ans : 3
Exp : AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or
APIs. The user has to always include the namespace as part of the request. If the user wants to upload the custom data from a file, he can supply
file name along with the parameter -- metric-data to command put-metric-data.


Question : A user has setup a billing alarm using CloudWatch for $. The usage of AWS exceeded $ after some days. The user wants to increase the
limit from $200 to $400? What should the user do?
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. Create a new alarm of $400 and link it with the first alarm
2. It is not possible to modify the alarm once it has crossed the usage limit
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Create a new alarm for the additional $200 amount

Ans : 3
Exp : AWS CloudWatch supports enabling the billing alarm on the total AWS charges. The estimated charges are calculated and sent several times
daily to CloudWatch in the form of metric data. This data will be stored for 14 days. This data also includes the estimated charges for every service
in AWS used by the user, as well as the estimated overall AWS charges. If the user wants to increase the limit, the user can modify the alarm and
specify a new threshold.



Question : A sys admin has created the below mentioned policy and applied to an S object named aws.jpg. The aws.jpg is inside a bucket named
hadoopexam. What does this policy define?
"Statement": [{
"Sid": "Stmt1388811069831",
"Effect": "Allow",
"Principal": { "AWS": "*"},
"Action": [ "s3:GetObjectAcl", "s3:ListBucket", "s3:GetObject"],
"Resource": [ "arn:aws:s3:::hadoopexam/*.jpg"]
}]
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. It is not possible to define a policy at the object level
2. It will make all the objects of the bucket hadoopexam as public
 3. Access Mostly Uused Products by 50000+ Subscribers
4. the aws.jpg object as public

Ans : 1
Exp : A system admin can grant permission to the S3 objects or buckets to any user or make objects public using the bucket policy and user policy. Both
use the JSON-based access policy language. Generally if the user is defining the ACL on the bucket, the objects in the bucket do not inherit it and
vice a versa. The bucket policy can be defined at the bucket level which allows the objects as well as the bucket to be public with a single policy
applied to that bucket. It cannot be applied at the object level.


Question : A user is trying to save some cost on the AWS services. Which of the below mentioned options will not help him save cost?
: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. Delete the unutilized EBS volumes once the instance is terminated
2. It will make all the objects of the bucket hadoopexam as public
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Delete the AWS ELB after the instances are terminated

Ans : 2
Exp : AWS bills the user on a as pay as you go model. AWS will charge the user once the AWS resource is
allocated. Even though the user is not using the resource, AWS will charge if it is in service or allocated. Thus, it is advised that once the user's
work is completed he should:
Terminate the EC2 instance Delete the EBS volumes Release the unutilized Elastic IPs Delete ELB The AutoScaling launch configuration does
not cost the user. Thus, it will not make any difference to the cost whether it is deleted or not.


Question : A user is trying to aggregate all the CloudWatch metric data of the last week. Which of the below mentioned statistics is not available for the user
as a part of data aggregation?


: A user has created a public subnet with VPC and launched an EC instance within it. The user is trying to
1. Aggregate
2. Sum
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Average

Correct Answer : Get Lastest Questions and Answer :

Explanation: Amazon CloudWatch is basically a metrics repository. Either the user can send the custom data or an AWS product can put metrics into the
repository, and the user can retrieve the statistics based on those metrics. The statistics are metric data aggregations over specified periods of
time. Aggregations are made using the namespace, metric name, dimensions, and the data point unit of measure, within the time period that is
specified by the user. CloudWatch supports Sum, Min, Max, Sample Data and Average statistics aggregation.



Related Questions

Question : A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned services provides detailed monitoring
with CloudWatch without charging the user extra?
 : A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned services provides detailed monitoring
1. AWS Auto Scaling
2. AWS Route 53
3. Access Mostly Uused Products by 50000+ Subscribers
4. AWS SNS


Question : A user is trying to understand the CloudWatch metrics for the AWS services. It is required that the user should first understand the namespace for
the AWS services. Which of the below mentioned is not a valid namespace for the AWS services?

 : A user is trying to understand the CloudWatch metrics for the AWS services. It is required that the user should first understand the namespace for
1. AWS/StorageGateway
2. AWS/CloudTrail
 3. Access Mostly Uused Products by 50000+ Subscribers
4. AWS/SWF



Question : A system admin is planning to encrypt all objects being uploaded to S from an application. The system admin does not want to implement his
own encryption algorithm; instead he is planning to use server side encryption by supplying his own key SSE-C. Which parameter is not required while making a call for SSE-C?
 : A system admin is planning to encrypt all objects being uploaded to S from an application. The system admin does not want to implement his
1. x-amz-server-side-encryption-customer-key-AES-256
2. x-amz-server-side-encryption-customer-key
 3. Access Mostly Uused Products by 50000+ Subscribers
4. x-amz-server-side-encryption-customer-key-MD5


Question : A user is using the AWS SQS to decouple the services. Which of the below mentioned operations is not
supported by SQS?
 : A user is using the AWS SQS to decouple the services. Which of the below mentioned operations is not
1. SendMessageBatch
2. DeleteMessageBatch
 3. Access Mostly Uused Products by 50000+ Subscribers
4. DeleteMessageQueue


Question : A user has configured Auto Scaling with instances. The user had created a new AMI after updating one of the instance. If the user wants to
terminate two specific instances to ensure that Auto Scaling launches an instances with the new launch configuration, which command should he run?
 : A user has configured Auto Scaling with instances. The user had created a new AMI after updating one of the instance. If the user wants to
1. as-delete-instance-in-auto-scaling-group (Instance ID) --no-decrement-desired-capacity
2. as-terminate-instance-in-auto-scaling-group (Instance ID) --update-desired-capacity
 3. Access Mostly Uused Products by 50000+ Subscribers
4. as-terminate-instance-in-auto-scaling-group (Instance ID) --no-decrement-desired-capacity




Question : A user has launched an EC instance from an instance store backed AMI. If the user restarts the instance, what will happen to the ephermal
storage data?

 : A user has launched an EC instance from an instance store backed AMI. If the user restarts the instance, what will happen to the ephermal
1. All the data will be erased but the ephermal storage will stay connected
2. All data will be erased and the ephermal storage is released
 3. Access Mostly Uused Products by 50000+ Subscribers
4. The data is preserved