Pass4sure aws sysops training Questions are updated and all aws sysops pdf answers are verified by experts. Once you have completely prepared with our aws sysops exam questions exam prep kits you will be ready for the real aws sysops certification dumps exam without a problem. We have Updated Amazon aws sysops administrator dumps study guide. PASSED aws sysops exam questions First attempt! Here What I Did.

Q81. - (Topic 2) 

A user has created a VPC with CIDR 20.0.0.0/16. The user has created public and VPN only subnets along with hardware VPN access to connect to the user’s datacenter. The user wants to make so that all traffic coming to the public subnet follows the organization’s proxy policy. How can the user make this happen? 

A. Setting up a NAT with the proxy protocol and configure that the public subnet receives traffic from NAT 

B. Settin up a proxy policy in the internet gateway connected with the public subnet 

C. It is not possible to setup the proxy policy for a public subnet 

D. Setting the route table and security group of the public subnet which receives traffic from a virtual private gateway 

Answer:

Explanation: 

The user can create subnets within a VPC. If the user wants to connect to VPC from his own data centre, he can setup public and VPN only subnets which uses hardware VPN access to connect with his data centre. When the user has configured this setup, it will update the main route table used with the VPN-only subnet, create a custom route table and associate it with the public subnet. It also creates an internet gateway for the public subnet. By default the internet traffic of the VPN subnet is routed to a virtual private gateway while the internet traffic of the public subnet is routed through the internet gateway. The user can set up the route and security group rules. These rules enable the traffic to come from the organization’s network over the virtual private gateway to the public subnet to allow proxy settings on that public subnet. 


Q82. - (Topic 3) 

A user is using a small MySQL RDS DB. The user is experiencing high latency due to the Multi AZ feature.Which of the below mentioned options may not help the user in this situation? 

A. Schedule the automated back up in non-working hours 

B. Use a large or higher size instance 

C. Use PIOPS 

D. Take a snapshot from standby Replica 

Answer:

Explanation: 

An RDS DB instance which has enabled Multi AZ deployments may experience increased write and commit latency compared to a Single AZ deployment, due to synchronous data replication. The user may also face changes in latency if deployment fails over to the standby replica. For production workloads, AWS recommends the user to use provisioned IOPS and DB instance classes (m1.large and larger. as they are optimized for provisioned IOPS to give a fast, and consistent performance. With Multi AZ feature, the user can not have option to take snapshot from replica. 


Q83. - (Topic 3) 

A user has setup a custom application which generates a number in decimals. The user wants to track that number and setup the alarm whenever the number is above a certain limit. The application is sending the data to CloudWatch at regular intervals for this purpose. Which of the below mentioned statements is not true with respect to the above scenario? 

A. The user can get the aggregate data of the numbers generated over a minute and send it to CloudWatch 

B. The user has to supply the timezone with each data point 

C. CloudWatch will not truncate the number until it has an exponent larger than 126 (i.e. (1 x 10^126. 

D. The user can create a file in the JSON format with the metric name and value and supply it to CloudWatch 

Answer:


Q84. - (Topic 2) 

An application is generating a log file every 5 minutes. The log file is not critical but may be required only for verification in case of some major issue. The file should be accessible over the internet whenever required. Which of the below mentioned options is a best possible storage solution for it? 

A. AWS S3 

B. AWS Glacier 

C. AWS RDS 

D. AWS RRS 

Answer:

Explanation: 

Amazon S3 stores objects according to their storage class. There are three major storage classes: Standard, Reduced Redundancy Storage and Glacier. Standard is for AWS S3 and provides very high durability. However, the costs are a little higher. Glacier is for archival and the files are not available over the internet. Reduced Redundancy Storage is for less critical files. Reduced Redundancy is little cheaper as it provides less durability in comparison to S3. In this case since the log files are not mission critical files, RRS will be a better option. 


Q85. - (Topic 1) 

An organization's security policy requires multiple copies of all critical data to be replicated across at least a primary and backup data center. The organization has decided to store some critical data on Amazon S3. 

Which option should you implement to ensure this requirement is met? 

A. Use the S3 copy API to replicate data between two S3 buckets in different regions 

B. You do not need to implement anything since S3 data is automatically replicated between regions C. Use the S3 copy API to replicate data between two S3 buckets in different facilities within an AWS Region 

D. You do not need to implement anything since S3 data is automatically replicated between multiple facilities within an AWS Region 

Answer:


Q86. - (Topic 3) 

An organization is planning to create a user with IAM. They are trying to understand the limitations of IAM so that they can plan accordingly. Which of the below mentioned statements is not true with respect to the 

limitations of IAM? 

A. One IAM user can be a part of a maximum of 5 groups 

B. The organization can create 100 groups per AWS account 

C. One AWS account can have a maximum of 5000 IAM users 

D. One AWS account can have 250 roles 

Answer:

Explanation: 

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The default maximums for each of the IAM entities is given below: Groups per AWS account: 100 Users per AWS account: 5000 Roles per AWS account: 250 Number of groups per user: 10 (that is, one user can be part of these many groups. 


Q87. - (Topic 2) 

An organization has setup consolidated billing with 3 different AWS accounts. Which of the below mentioned advantages will organization receive in terms of the AWS pricing? 

A. The consolidated billing does not bring any cost advantage for the organization 

B. All AWS accounts will be charged for S3 storage by combining the total storage of each account 

C. The EC2 instances of each account will receive a total of 750*3 micro instance hours free 

D. The free usage tier for all the 3 accounts will be 3 years and not a single year 

Answer:

Explanation: 

AWS consolidated billing enables the organization to consolidate payments for multiple Amazon Web Services (AWS. accounts within a single organization by making a single paying account. For billing purposes, AWS treats all the accounts on the consolidated bill as one account. Some services, such as Amazon EC2 and Amazon S3 have volume pricing tiers across certain usage dimensions that give the user lower prices when he uses the service more. 


Q88. - (Topic 1) 

You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied for the next 24 hours. 

Which of the following is the best method to quickly and temporarily deny access from the specified IP address block? 

A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block 

B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block 

C. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block 

D. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block 

Answer:

Explanation: Reference: 

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html 


Q89. - (Topic 3) 

An organization (Account ID 123412341234. has attached the below mentioned IAM policy to a user. What does this policy statement entitle the user to perform? 

"Version": "2012-10-17", 

"Statement": [{ 

"Sid": "AllowUsersAllActionsForCredentials", 

"Effect": "Allow", 

"Action": [ 

"iam:*LoginProfile", 

"iam:*AccessKey*", 

"iam:*SigningCertificate*" 

], 

"Resource": ["arn:aws:iam:: 123412341234:user/${aws:username}"] 

}] 

A. The policy allows the IAM user to modify all IAM user’s credentials using the console, SDK, CLI or APIs 

B. The policy will give an invalid resource error 

C. The policy allows the IAM user to modify all credentials using only the console 

D. The policy allows the user to modify all IAM user’s password, sign in certificates and access keys using only CLI, SDK or APIs 

Answer:

Explanation: 

WS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the organization (Account ID 123412341234. wants some of their users to manage credentials (access keys, password, and sing in certificates. of all IAM users, they should set an applicable policy to that user or group of users. The below mentioned policy allows the IAM user to modify the credentials of all IAM user’s using only CLI, SDK or APIs. The user cannot use the AWS 

console for this activity since he does not have list permission for the IAM users. 

"Version": "2012-10-17", 

"Statement": [{ 

"Sid": "AllowUsersAllActionsForCredentials", 

"Effect": "Allow" 

"Action": [ 

"iam:*LoginProfile", 

"iam:*AccessKey*", 

"iam:*SigningCertificate*" 

], 

"Resource": ["arn:aws:iam::123412341234:user/${aws:username}"] 

Amazon AWS-SysOps : Practice Test 

}] } 


Q90. - (Topic 1) 

You run a web application where web servers on EC2 Instances are In an Auto Scaling group Monitoring over the last 6 months shows that 6 web servers are necessary to handle the minimum load During the day up to 12 servers are needed Five to six days per year, the number of web servers required might go up to 15. 

What would you recommend to minimize costs while being able to provide hill availability? 

A. 6 Reserved instances (heavy utilization). 6 Reserved instances {medium utilization), rest covered by On-Demand instances 

B. 6 Reserved instances (heavy utilization). 6 On-Demand instances, rest covered by Spot Instances 

C. 6 Reserved instances (heavy utilization) 6 Spot instances, rest covered by On-Demand instances 

D. 6 Reserved instances (heavy utilization) 6 Reserved instances (medium utilization) rest covered by Spot instances 

Answer: