Premium

AWS Certified SysOps Administrator - Associate Questions and Answers (Dumps and Practice Questions)



Question : You are running a web-application on AWS consisting of the following components an Elastic
Load Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and
Relational DataBase Service (RDS) MySQL.
Which security measures fall into AWS's responsibility?

: You are running a web-application on AWS consisting of the following components an Elastic
1. Protect the EC2 instances against unsolicited access by enforcing the principle of leastprivilege access
2. Protect against IP spoofing or packet sniffing
 3. Access Mostly Uused Products by 50000+ Subscribers

4. Install latest security patches on ELB. RDS and EC2 instances


Correct Answer : Get Lastest Questions and Answer :

Explanation: Network Security - AWS network provides significant protection against traditional network security issues and the developers can implement further protection. Some of the
network security features which AWS has are Distributed Denial of Service (DDoS) mitigation, IP spoofing prohibited.IP scanning prohibited,Packet sniffing prevented,All API endpoints
are protected by SSL. Please refer "AWS - Overview of Security Processes" for further details.
AWS is responsible for protecting the global infrastructure that runs all of the services offered in the AWS cloud. This infrastructure is comprised of the hardware, software,
networking, and facilities that develop and run AWS services.
For IaaS services like Amazon EC2 and Amazon S3, you have more control and therefore more configuration work to do. For EC2 instances, you're responsible for patching the guest OS on
the instances as well as any software you install on them, configuring the security group (firewall) that allows outside access to your instances, and setting up any VPC subnets that
the instances reside within, etc. For Amazon S3, you must set the access control policies for each of your storage buckets, set up encryption options for the stored data, and specify
backup and archiving preferences.
IP Spoofing. Amazon EC2 instances cannot send spoofed network traffic. The AWS-controlled, host-based
firewall infrastructure will not permit an instance to send traffic with a source IP or MAC address other than its own.





Question : You use S to store critical data for your company Several users within your group currently have
full permissions to your S3 buckets You need to come up with a solution that does not impact your
users and also protect against the accidental deletion of objects.
Which two options will address this issue?
Choose 2 answers
A. Enable versioning on your S3 Buckets
B. Configure your S3 Buckets with MFA delete
C. Create a Bucket policy and only allow read only permissions to all users at the bucket level
D. Enable object life cycle policies and configure the data older than 3 months to be archived in Glacier
: You use S to store critical data for your company Several users within your group currently have
1. A,C
2. C,D
 3. Access Mostly Uused Products by 50000+ Subscribers
4. A,D
5. A,B



Correct Answer : Get Lastest Questions and Answer :
Explanation: Versioning allows you to preserve, retrieve, and restore every version of every object stored in an Amazon S3 bucket. Once you enable Versioning for a
bucket, Amazon S3 preserves existing objects anytime you perform a PUT, POST, COPY, or DELETE operation on them. By default, GET requests will retrieve the most recently written
version. Older versions of an overwritten or deleted object can be retrieved by specifying a version in the request.

Amazon S3 provides customers with a highly durable storage infrastructure. Versioning offers an additional level of protection by providing a means of recovery when customers
accidentally overwrite or delete objects. This allows you to easily recover from unintended user actions and application failures. You can also use Versioning for data retention and
archiving.

Versioning's MFA Delete capability, which uses multi-factor authentication, can be used to provide an additional layer of security. By default, all requests to your Amazon S3 bucket
require your AWS account credentials. If you enable Versioning with MFA Delete on your Amazon S3 bucket, two forms of authentication are required to permanently delete a version of
an object: your AWS account credentials and a valid six-digit code and serial number from an authentication device in your physical possession. To learn more about enabling
Versioning with MFA Delete, including how to purchase and activate an authentication device






Question : An organization's security policy requires multiple copies of all critical data to be replicated across
at least a primary and backup data center. The organization has decided to store some criticaldata on Amazon S3.
Which option should you implement to ensure this requirement is met?
: An organization's security policy requires multiple copies of all critical data to be replicated across
1. Use the S3 copy API to replicate data between two S3 buckets in different regions
2. You do not need to implement anything since S3 data is automatically replicated between regions
 3. Access Mostly Uused Products by 50000+ Subscribers
4. You do not need to implement anything since S3 data is automatically replicated between multiple facilities within an AWS Region

Correct Answer : Get Lastest Questions and Answer :

Explanation: Although, by default, Amazon S3 stores your data across multiple geographically distant Availability Zones, compliance requirements might dictate that you store data at even
further distances. Cross-region replication allows you to replicate data between distant AWS regions to satisfy these compliance requirements.



Related Questions

Question : You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers
deployed using an Auto Scaling Group Your database is running on Relational Database Service
(RDS) The application serves out technical articles and responses to them in general there are
more views of an article than there are responses to the article. On occasion, an article on the site
becomes extremely popular resulting in significant traffic Increases that causes the site to go
down.
What could you do to help alleviate the pressure on the infrastructure while maintaining availability
during these events?
Choose 3 answers

A. Leverage CloudFront for the delivery of the articles.
B. Add RDS read-replicas for the read traffic going to your relational database
C. Leverage ElastiCache for caching the most frequently used data.
D. Use SQS to queue up the requests for the technical posts and deliver them out of the queue.
E. Use Route53 health checks to fail over to an S3 bucket for an error page.

 : You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers
1. A,B,C
2. B,C,D
3. Access Mostly Uused Products by 50000+ Subscribers
4. A,B,D
5. B,C,E


Question : The majority of your Infrastructure is on premises and you have a small footprint on AWS. Your company has decided to roll out a new application that is heavily
dependent on low latency connectivity to LDAP for authentication Your security policy requires minimal changes to the company's existing application user management processes.
What option would you implement to successfully launch this application1?
 : The majority of your Infrastructure is on premises and you have a small footprint on AWS. Your company has decided to roll out a new application that is heavily
1. Create a second, independent LDAP server in AWS for your application to use for authentication
2. Establish a VPN connection so your applications can authenticate against your existing on-premises LDAP servers
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between your new and existing domains and use the new domain for authentication




Question : You need to design a VPC for a web-application consisting of an Elastic Load Balancer (ELB). a fleet of web/application servers, and an RDS database The entire
Infrastructure must be distributed over 2 availability zones. Which VPC configuration works while assuring the database is not available from the Internet?
 : You need to design a VPC for a web-application consisting of an Elastic Load Balancer (ELB). a fleet of web/application servers, and an RDS database The entire
1. One public subnet for ELB one public subnet for the web-servers, and one private subnet for the database
2. One public subnet for ELB two private subnets for the web-servers, two private subnets for RDS
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Two public subnets for ELB two public subnets for the web-servers, and two public subnets for RDS



Question : An application that you are managing has EC instances and Dynamo OB tables deployed to
several AWS Regions In order to monitor the performance of the application globally, you would
like to see two graphs 1) Avg CPU Utilization across all EC2 instances and 2) Number of Throttled
Requests for all DynamoDB tables.
How can you accomplish this?
 : An application that you are managing has EC instances and Dynamo OB tables deployed to
1. Tag your resources with the application name, and select the tag name as the dimension in the Cloudwatch Management console to view the respective graphs
2. Use the Cloud Watch CLI tools to pull the respective metrics from each regional endpoint Aggregate the data offline and store it for graphing in CloudWatch.
 3. Access Mostly Uused Products by 50000+ Subscribers
Cloud Watch for graphing.
4. Add a CloudWatch agent to each instance and attach one to each DynamoDB table. When configuring the agent set the appropriate application name and view the graphs
in CloudWatch.




Question : When assessing an organizations use of AWS API access credentials which of the following three credentials should be evaluated?
Choose 3 answers
A. Key pairs
B. Console passwords
C. Access keys
D. Signing certificates
E. Security Group memberships
 : When assessing an organizations use of AWS API access credentials which of the following three credentials should be evaluated?
1. A,C,D
2. B,C,D
 3. Access Mostly Uused Products by 50000+ Subscribers
4. A,B,D
5. B,C,E



Question : You have a Linux EC web server instance running inside a VPC. The instance is in a public subnet and has an EIP associated with it so you can connect to it over the
internet via HTTP or SSH. The instance was also fully accessible when you last logged in via SSH. and was also serving web requests on port 80.
Now you are not able to SSH into the host nor does it respond to web requests on port 80 that were working fine last time you checked. You have double-checked that all networking
configuration parameters (security groups route tables. IGW , EIP, NACLs etc) are properly configured and you haven't made any changes to those anyway since you were last able to
reach the Instance). You look at the EC2 console and notice that system status check shows "impaired." Which should be your next step in troubleshooting and attempting to get the
instance back to a healthy state so that you can log in again?
 : You have a Linux EC web server instance running inside a VPC. The instance is in a public subnet and has an EIP associated with it so you can connect to it over the
1. Stop and start the instance so that it will be able to be redeployed on a healthy host system that most likely will fix the "impaired" system status
2. Reboot your instance so that the operating system will have a chance to boot in a clean healthy state that most likely will fix the 'impaired" system status
 3. Access Mostly Uused Products by 50000+ Subscribers
"impaired" system status.
4. Add another Elastic Network Interface to the instance and try to connect via that new path since the networking stack of the OS may be locked up causing the
"impaired" system status
5. un-map and then re-map the EIP to the instance, since the IGW/NAT gateway may not be working properly, causing the "impaired" system status