We provide real aws certified sysops administrator pdf exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Amazon aws certified sysops administrator pdf Exam quickly & easily. The aws certified sysops administrator pdf PDF type is available for reading and printing. You can print more and practice many times. With the help of our Amazon aws sysops exam dumps pdf and vce product and material, you can easily pass the aws sysops training exam.

Q1. - (Topic 3) 

A sys admin is using server side encryption with AWS S3. Which of the below mentioned statements helps the user understand the S3 encryption functionality? 

A. The server side encryption with the user supplied key works when versioning is enabled 

B. The user can use the AWS console, SDK and APIs to encrypt or decrypt the content for server side encryption with the user supplied key 

C. The user must send an AES-128 encrypted key 

D. The user can upload his own encryption key to the S3 console 

Answer:

Explanation: 

AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key. The encryption with the user supplied key (SSE-C. does not work with the AWS console. The S3 does not store the keys and the user has to send a key with each request. The SSE-C works when the user has enabled versioning. 


Q2. - (Topic 3) 

A user has launched an EC2 instance from an instance store backed AMI. The user has attached an additional instance store volume to the instance. The user wants to create an AMI from the running instance. Will the AMI have the additional instance store volume data? 

A. Yes, the block device mapping will have information about the additional instance store volume 

B. No, since the instance store backed AMI can have only the root volume bundled 

C. It is not possible to attach an additional instance store volume to the existing instance store backed AMI instance 

D. No, since this is ephermal storage it will not be a part of the AMI 

Answer:

Explanation: 

When the user has launched an EC2 instance from an instance store backed AMI and added an instance store volume to the instance in addition to the root device volume, the block device mapping for the new AMI contains the information for these volumes as well. In addition, the block device mappings for the instances those are launched from the new AMI will automatically contain information for these volumes. 


Q3. - (Topic 3) 

A user has launched multiple EC2 instances for the purpose of development and testing in the same region. The user wants to find the separate cost for the production and development instances. How can the user find the cost distribution? 

A. The user should download the activity report of the EC2 services as it has the instance ID wise data 

B. It is not possible to get the AWS cost usage data of single region instances separately 

C. The user should use Cost Distribution Metadata and AWS detailed billing 

D. The user should use Cost Allocation Tags and AWS billing reports 

Answer:

Explanation: 

AWS provides cost allocation tags to categorize and track the AWS costs. When the user applies tags to his AWS resources (such as Amazon EC2 instances or Amazon S3 buckets., AWS generates a cost allocation report as a comma-separated value (CSV file. with the usage and costs aggregated by those tags. The user can apply tags which represent business categories (such as cost centres, application names, or instance type – Production/Dev. to organize usage costs across multiple services. 


Q4. - (Topic 3) 

A user has configured Auto Scaling with the minimum capacity as 2 and the desired capacity as 2. The user is trying to terminate one of the existing instance with the command: 

as-terminate-instance-in-auto-scaling-group<Instance ID> --decrement-desired-capacity 

What will Auto Scaling do in this scenario? 

A. Terminates the instance and does not launch a new instance 

B. Terminates the instance and updates the desired capacity to 1 

C. Terminates the instance and updates the desired capacity and minimum size to 1 

D. Throws an error 

Answer:

Explanation: 

The Auto Scaling command as-terminate-instance-in-auto-scaling-group <Instance ID> will terminate the specific instance ID. The user is required to specify the parameter as --decrement-desired-capacity. Then Auto Scaling will terminate the instance and decrease the desired capacity by 1. In this case since the minimum size is 2, Auto Scaling will not allow the desired capacity to go below 2. Thus, it will throw an error. 


Q5. - (Topic 3) 

A user is displaying the CPU utilization, and Network in and Network out CloudWatch metrics data of a single instance on the same graph. The graph uses one Y-axis for CPU utilization and Network in and another Y-axis for Network out. Since Network in is too high, the CPU utilization data is not visible clearly on graph to the user. How can the data be viewed better on the same graph? 

A. It is not possible to show multiple metrics with the different units on the same graph 

B. Add a third Y-axis with the console to show all the data in proportion 

C. Change the axis of Network by using the Switch command from the graph 

D. Change the units of CPU utilization so it can be shown in proportion with Network 

Answer:

Explanation: 

Amazon CloudWatch provides the functionality to graph the metric data generated either by the AWS services or the custom metric to make it easier for the user to analyse. It is possible to show the multiple metrics with different units on the same graph. If the graph is not plotted properly due to a difference in the unit data over two metrics, the user can change the Y-axis of one of the graph by selecting that graph and clicking on the Switch option. 


Q6. - (Topic 3) 

A user has created an Auto Scaling group using CLI. The user wants to enable CloudWatch detailed monitoring for that group. How can the user configure this? 

A. When the user sets an alarm on the Auto Scaling group, it automatically enables detail monitoring 

B. By default detailed monitoring is enabled for Auto Scaling 

C. Auto Scaling does not support detailed monitoring 

D. Enable detail monitoring from the AWS console 

Answer:

Explanation: 

CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. To enable detailed instance monitoring for a new Auto Scaling group, the user does not need to take any extra steps. When the user creates an Auto Scaling launch config as the first step for creating an Auto Scaling group, each launch configuration contains a flag named InstanceMonitoring.Enabled. The default value of this flag is true. Thus, the user does not need to set this flag if he wants detailed monitoring. 


Q7. - (Topic 2) 

A user is launching an EC2 instance in the US East region. Which of the below mentioned options is 

recommended by AWS with respect to the selection of the availability zone? 

A. Always select the US-East-1-a zone for HA 

B. Do not select the AZ; instead let AWS select the AZ 

C. The user can never select the availability zone while launching an instance 

D. Always select the AZ while launching an instance 

Answer:

Explanation: 

When launching an instance with EC2, AWS recommends not to select the availability zone (AZ.. AWS 

specifies that the default Availability Zone should be accepted. This is because it enables AWS to select the best Availability Zone based on the system health and available capacity. If the user launches additional instances, only then an Availability Zone should be specified. This is to specify the same or different AZ from the running instances. 


Q8. - (Topic 2) 

You are managing the AWS account of a big organization. The organization has more than 1000+ employees and they want to provide access to the various services to most of the employees. Which of the below mentioned options is the best possible solution in this case? 

A. The user should create a separate IAM user for each employee and provide access to them as per the policy 

B. The user should create an IAM role and attach STS with the role. The user should attach that role to the EC2 instance and setup AWS authentication on that server 

C. The user should create IAM groups as per the organization’s departments and add each user to the group for better access control 

D. Attach an IAM role with the organization’s authentication service to authorize each user for various AWS services 

Answer:

Explanation: 

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The user is managing an AWS account for an organization that already has an identity system, such as the login system for the corporate network (SSO.. In this case, instead of creating individual IAM users or groups for each user who need AWS access, it may be more practical to use a proxy server to translate the user identities from the organization network into the temporary AWS security credentials. This proxy server will attach an IAM role to the user after authentication.