Home Guides Blogs Your Exams

    Exam: AWS Certified SysOps Administrator - Associate

    Total 814 question
    Page of

    You have a Linux EC2 web server instance running inside a VPC The instance is In a public
    subnet and has an EIP associated with it so you can connect to It over the Internet via HTTP or
    SSH The instance was also fully accessible when you last logged in via SSH and was also serving web requests on port 80.
    Now you are not able to SSH into the host nor does it respond to web requests on port 80 that
    were working fine last time you checked You have double-checked that all networking configuration parameters (security groups route tables IGW'EIP. NACLs etc) are properly configured {and you haven't made any changes to those anyway since you were last able to reach the Instance).
    You look at the EC2 console and notice that system status check shows "impaired."

    Which should be your next step in troubleshooting and attempting to get the instance back to a
    healthy state so that you can log in again?

    A. Stop and start the instance so that it will be able to be redeployed on a healthy host system
    that most likely will fix the "impaired" system status
    B. Reboot your instance so that the operating system will have a chance to boot in a clean
    healthy state that most likely will fix the 'impaired" system status
    C. Add another dynamic private IP address to me instance and try to connect via mat new path,
    since the networking stack of the OS may be locked up causing the "impaired" system status.
    D. Add another Elastic Network Interface to the instance and try to connect via that new path
    since the networking stack of the OS may be locked up causing the "impaired" system status
    E. un-map and then re-map the EIP to the instance, since the IGWVNAT gateway may not be
    working properly, causing the "impaired" system status
    Correct: Answer: A

    You are creating an Auto Scaling group whose Instances need to insert a custom metric into
    CloudWatch.

    Which method would be the best way to authenticate your CloudWatch PUT request?

    A. Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch
    configuration to launch instances in that role
    B. Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch
    configuration to inject the userscredentials into the instance User Data
    C. Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission
    to instances from the Auto Scaling group
    D. Create an IAM user with the PutMetricData permission and put the credentials in a private
    repository and have applications on the server pull the credentials as needed
    Correct: Answer: A

    You have set up Individual AWS accounts for each project.
    You have been asked to make sure your AWS Infrastructure costs do not exceed the budget set
    per project for each month.

    Which of the following approaches can help ensure that you do not exceed the budget each
    month?

    A. Consolidate your accounts so you have a single bill for all accounts and projects
    B. Set up auto scaling with CloudWatch alarms using SNS to notify you when you are running too many Instances in a given account
    C. Set up CloudWatch billing alerts for all AWS resources used by each project, with a notification occurring when the amount for each resource tagged to a particular project matches the budget allocated to the project.
    D. Set up CloudWatch billing alerts for all AWS resources used by each account, with email notifications when it hits 50%. 80% and 90% of its budgeted monthly spend
    Correct: Answer: D

    The majority of your Infrastructure is on premises and you have a small footprint on AWS.
    Your company has decided to roll out a new application that is heavily dependent on low latency
    connectivity to LOAP for authentication

    Your security policy requires minimal changes to the company's existing application user
    management processes.

    What option would you implement to successfully launch this application1?

    A. Create a second, independent LOAP server in AWS for your application to use for authentication
    B. Establish a VPN connection so your applications can authenticate against your existing on-premises LDAP servers
    C. Establish a VPN connection between your data center and AWS create a LDAP replica on AWS and configure your application to use the LDAP replica for authentication
    D. Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between your new and existing domains and use the new domain for authentication
    Correct: Answer: C

    When preparing for a compliance assessment of your system built inside of AWS.
    What are three best-practices for you to prepare for an audit? Choose 3 answers

    A. Gather evidence of your IT operational controls
    B. Request and obtain applicable third-party audited AWS compliance reports and certifications
    C. Request and obtain a compliance and security tour of an AWS data center for a
    pre-assessment security review
    D. Request and obtain approval from AWS to perform relevant network scans and in-depth
    penetration tests of your system's Instances and endpoints
    E. Schedule meetings with AWS's third-party auditors to provide evidence of AWS compliance
    that maps to your control objectives
    Correct: Answer: ABD

    You are using ElastiCache Memcached to store session state and cache database queries in
    your infrastructure
    You notice in Cloud Watch that Evictions and GetMisses are Doth very high.
    What two actions could you take to rectify this? Choose 2 answers

    A. Increase the number of nodes in your cluster
    B. Tweak the max-item-size parameter
    C. Shrink the number of nodes in your cluster
    D. Increase the size of the nodes in the duster
    Correct: Answer: AD

    Your EC2-Based Multi-tier application includes a monitoring instance that periodically makes application-level read only requests of various application components and if any of those fail
    more than three times 30 seconds calls CloudWatch lo fire an alarm, and the alarm notifies your
    operations team by email and SMS of a possible application health problem.
    However, you also need to watch the watcher-the monitoring instance itself-and be notified if it
    becomes unhealthy.

    Which of the following Is a simple way to achieve that goal?

    A. Run another monitoring instance that pings the monitoring instance and fires a could watch alarm mat notifies your operations teamshould the primary monitoring instance become unhealthy.
    B. Set a Cloud Watch alarm based on EC2 system and instance status checks and have the alarm notify your operations team of anydetected problem with the monitoring instance.
    C. Set a Cloud Watch alarm based on the CPU utilization of the monitoring instance and nave the alarm notify your operations team if C r the CPU usage exceeds 50% few more than one
    minute: then have your monitoring application go into a CPU-bound loop should itDetect any application problems.
    D. Have the monitoring instances post messages to an SOS queue and then dequeue those
    messages on another instance should D c-the queue cease to have new messages, the
    second instance should first terminate the original monitoring instance start anotherbackup
    monitoring instance and assume (he role of the previous monitoring instance and beginning
    adding messages to the SOSqueue.
    Correct: Answer: B

    Your company Is moving towards tracking web page users with a small tracking Image loaded on
    each page Currently you are serving this image out of US-East, but are starting to get concerned
    about the time It takes to load the image for users on the west coast.

    What are the two best ways to speed up serving this image? Choose 2 answers

    A. Use Route 53's Latency Based Routing and serve the image out of US-West-2 as well as US-East-1
    B. Serve the image out through CloudFront
    C. Serve the image out of S3 so that it isn't being served oft of your web application tier
    D. Use EBS PIOPs to serve the image faster out of your EC2 instances
    Correct: Answer: AB

    An organization's security policy requires multiple copies of all critical data to be replicated across at least a primary and backup data center.

    The organization has decided to store some critical data on Amazon S3.

    Which option should you implement to ensure this requirement is met?

    A. Use the S3 copy API to replicate data between two S3 buckets in different regions
    B. You do not need to implement anything since S3 data is automatically replicated between regions
    C. Use the S3 copy API to replicate data between two S3 buckets in different facilities within an AWS Region
    D. You do not need to implement anything since S3 data is automatically replicated between multiple facilities within an AWS Region
    Correct: Answer: D

    You have been asked to propose a multi-region deployment of a web-facing application where a controlled portion of your traffic is being processed by an alternate region.

    Which configuration would achieve that goal?

    A. Route53 record sets with weighted routing policy
    B. Route53 record sets with latency based routing policy
    C. Auto Scaling with scheduled scaling actions set
    D. Elastic Load Balancing with health checks enabled
    Correct: Answer: A
    Back View All Questions