Want to Pass AWS-SysOps Exam In Next HOURS? Get it now →
August 2, 2017

Aug 2017 updated: aws sysops administrator

Your success in Amazon aws certified sysops administrator book is our sole target and we develop all our aws sysops certification braindumps in a way that facilitates the attainment of this target. Not only is our aws sysops exam questions study material the best you can find, it is also the most detailed and the most updated. aws sysops exam Practice Exams for Amazon aws sysops training are written to the highest standards of technical accuracy.

Q141. - (Topic 3) 

A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at Rest. If the user is supplying his own keys for encryption (SSE-C., which of the below mentioned statements is true? 

A. The user should use the same encryption key for all versions of the same object 

B. It is possible to have different encryption keys for different versions of the same object 

C. AWS S3 does not allow the user to upload his own keys for server side encryption 

D. The SSE-C does not work when versioning is enabled 

Answer:

Explanation: 

AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key (SSE-C.. If the bucket is versioning-enabled, each object version uploaded by the user using the SSE-C feature can have its own encryption key. The user is responsible for tracking which encryption key was used for which object's version 


Q142. - (Topic 1) 

You need to design a VPC for a web-application consisting of an Elastic Load Balancer (ELB). a fleet of web/application servers, and an RDS database The entire Infrastructure must be distributed over 2 availability zones. 

Which VPC configuration works while assuring the database is not available from the Internet? 

A. One public subnet for ELB one public subnet for the web-servers, and one private subnet for the database 

B. One public subnet for ELB two private subnets for the web-servers, two private subnets for RDS 

C. Two public subnets for ELB two private subnets for the web-servers and two private subnets for RDS 

D. Two public subnets for ELB two public subnets for the web-servers, and two public subnets for RDS 

Answer:


Q143. - (Topic 3) 

An organization has created one IAM user and applied the below mentioned policy to the user. What entitlements do the IAM users avail with this policy? 

"Version": "2012-10-17", 

"Statement": [ 

"Effect": "Allow", 

"Action": "ec2:Describe*", 

"Resource": "*" 

}, 

"Effect": "Allow" 

"Action": [ 

"cloudwatch:ListMetrics", 

"cloudwatch:GetMetricStatistics", 

"cloudwatch:Describe*" 

], 

"Resource": "*" 

}, 

"Effect": "Allow", 

"Action": "autoscaling:Describe*", 

"Resource": "*" 

A. The policy will allow the user to perform all read only activities on the EC2 services 

B. The policy will allow the user to list all the EC2 resources except EBS 

C. The policy will allow the user to perform all read and write activities on the EC2 services 

D. The policy will allow the user to perform all read only activities on the EC2 services except load Balancing 

Answer:

Explanation: 

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If an organization wants to setup read only access to EC2 for a particular user, they should mention the action in the IAM policy which entitles the user for Describe rights for EC2, CloudWatch, Auto Scaling and ELB. In the policy shown below, the user will have read only access for EC2 and EBS, CloudWatch and Auto Scaling. Since ELB is not mentioned as a part of the list, the user will not have access to ELB. 

"Version": "2012-10-17", 

"Statement": [ 

"Effect": "Allow", 

"Action": "ec2:Describe*", 

"Resource": "*" 

}, 

"Effect": "Allow", 

"Action": [ 

"cloudwatch:ListMetrics", 

"cloudwatch:GetMetricStatistics", 

"cloudwatch:Describe*" 

], 

"Resource": "*" 

}, 

"Effect": "Allow", 

"Action": "autoscaling:Describe*", 

"Resource": "*" 


Q144. - (Topic 2) 

A user has created a VPC with CIDR 20.0.0.0/16 with only a private subnet and VPN connection using the VPC wizard. The user wants to connect to the instance in a private subnet over SSH. How should the user define the security rule for SSH? 

A. Allow Inbound traffic on port 22 from the user’s network B. The user has to create an instance in EC2 Classic with an elastic IP and configure the security group of a private subnet to allow SSH from that elastic IP 

C. The user can connect to a instance in a private subnet using the NAT instance 

D. Allow Inbound traffic on port 80 and 22 to allow the user to connect to a private subnet over the Internet 

Answer:

Explanation: 

The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, the user can setup a case with a VPN only subnet (private. which uses VPN access to connect with his data centre. When the user has configured this setup with Wizard, all network connections to the instances in the subnet will come from his data centre. The user has to configure the security group of the private subnet which allows the inbound traffic on SSH (port 22. from the data centre’s network range. 


Q145. - (Topic 3) 

An organization (Account ID 123412341234. has attached the below mentioned IAM policy to a user. What does this policy statement entitle the user to perform? 

"Version": "2012-10-17", 

"Statement": [{ 

"Sid": "AllowUsersAllActionsForCredentials", 

"Effect": "Allow", 

"Action": [ 

"iam:*LoginProfile", 

"iam:*AccessKey*", 

"iam:*SigningCertificate*" 

], 

"Resource": ["arn:aws:iam:: 123412341234:user/${aws:username}"] 

}] 

A. The policy allows the IAM user to modify all IAM user’s credentials using the console, SDK, CLI or APIs 

B. The policy will give an invalid resource error 

C. The policy allows the IAM user to modify all credentials using only the console 

D. The policy allows the user to modify all IAM user’s password, sign in certificates and access keys using only CLI, SDK or APIs 

Answer:

Explanation: 

WS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the organization (Account ID 123412341234. wants some of their users to manage credentials (access keys, password, and sing in certificates. of all IAM users, they should set an applicable policy to that user or group of users. The below mentioned policy allows the IAM user to modify the credentials of all IAM user’s using only CLI, SDK or APIs. The user cannot use the AWS 

console for this activity since he does not have list permission for the IAM users. 

"Version": "2012-10-17", 

"Statement": [{ 

"Sid": "AllowUsersAllActionsForCredentials", 

"Effect": "Allow" 

"Action": [ 

"iam:*LoginProfile", 

"iam:*AccessKey*", 

"iam:*SigningCertificate*" 

], 

"Resource": ["arn:aws:iam::123412341234:user/${aws:username}"] 

Amazon AWS-SysOps : Practice Test 

}] } 


Q146. - (Topic 3) 

A system admin is planning to encrypt all objects being uploaded to S3 from an application. The system admin does not want to implement his own encryption algorithm; instead he is planning to use server side encryption by supplying his own key (SSE-C.. Which parameter is not required while making a call for SSE-C? 

A. x-amz-server-side-encryption-customer-key-AES-256 

B. x-amz-server-side-encryption-customer-key 

C. x-amz-server-side-encryption-customer-algorithm 

D. x-amz-server-side-encryption-customer-key-MD5 

Answer:

Explanation: 

AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key (SSE-C.. When the user is supplying his own encryption key, the user has to send the below mentioned parameters as a part of the API calls: x-amz-server-side-encryption-customer-algorithm: Specifies the encryption algorithm x-amz-server-side-encryption-customer-key: To provide the base64-encoded encryption key x-amz-server-side-encryption-customer-key-MD5: To provide the base64-encoded 128-bit MD5 digest of the encryption key 


Q147. - (Topic 3) 

A user has launched an EBS backed EC2 instance in the US-East-1a region. The user stopped the instance and started it back after 20 days. AWS throws up an ‘InsufficientInstanceCapacity’ error. What can be the possible reason for this? 

A. AWS does not have sufficient capacity in that availability zone 

B. AWS zone mapping is changed for that user account 

C. There is some issue with the host capacity on which the instance is launched 

D. The user account has reached the maximum EC2 instance limit 

Answer:

Explanation: 

When the user gets an ‘InsufficientInstanceCapacity’ error while launching or starting an EC2 instance, it means that AWS does not currently have enough available capacity to service the user request. If the user is requesting a large number of instances, there might not be enough server capacity to host them. The user can either try again later, by specifying a smaller number of instances or changing the availability zone if launching a fresh instance. 


Q148. - (Topic 2) 

An application is generating a log file every 5 minutes. The log file is not critical but may be required only for verification in case of some major issue. The file should be accessible over the internet whenever required. Which of the below mentioned options is a best possible storage solution for it? 

A. AWS S3 

B. AWS Glacier 

C. AWS RDS 

D. AWS RRS 

Answer:

Explanation: 

Amazon S3 stores objects according to their storage class. There are three major storage classes: Standard, Reduced Redundancy Storage and Glacier. Standard is for AWS S3 and provides very high durability. However, the costs are a little higher. Glacier is for archival and the files are not available over the internet. Reduced Redundancy Storage is for less critical files. Reduced Redundancy is little cheaper as it provides less durability in comparison to S3. In this case since the log files are not mission critical files, RRS will be a better option. 


Q149. - (Topic 3) 

A user is measuring the CPU utilization of a private data centre machine every minute. The machine provides the aggregate of data every hour, such as Sum of data”, “Min value”, “Max value, and “Number of Data points”. 

The user wants to send these values to CloudWatch. How can the user achieve this? 

A. Send the data using the put-metric-data command with the aggregate-values parameter 

B. Send the data using the put-metric-data command with the average-values parameter 

C. Send the data using the put-metric-data command with the statistic-values parameter 

D. Send the data using the put-metric-data command with the aggregate –data parameter 

Answer:

Explanation: 

AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. The user can publish the data to CloudWatch as single data points or as an aggregated set of data points called a statistic set using the command put-metric-data. When sending the aggregate data, the user needs to send it with the parameter statistic-values: awscloudwatch put-metric-data --metric-name <Name> --namespace <Custom namespace> --timestamp <UTC Format> --statistic-values Sum=XX,Minimum=YY,Maximum=AA,SampleCount=BB --unit Milliseconds 


Q150. - (Topic 2) 

A user has launched 10 instances from the same AMI ID using Auto Scaling. The user is trying to see the 

average CPU utilization across all instances of the last 2 weeks under the CloudWatch console. How can the user achieve this? 

A. View the Auto Scaling CPU metrics 

B. Aggregate the data over the instance AMI ID 

C. The user has to use the CloudWatchanalyser to find the average data across instances 

D. It is not possible to see the average CPU utilization of the same AMI ID since the instance ID is different 

Answer:

Explanation: 

Amazon CloudWatch is basically a metrics repository. Either the user can send the custom data or an AWS product can put metrics into the repository, and the user can retrieve the statistics based on those metrics. The statistics are metric data aggregations over specified periods of time. Aggregations are made using the namespace, metric name, dimensions, and the data point unit of measure, within the time period that is specified by the user. To aggregate the data across instances launched with AMI, the user should select the AMI ID under EC2 metrics and select the aggregate average to view the data. 



see more http://www.ubraindumps.com/AWS-SysOps-dumps/