We provide real sysops aws exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Amazon aws certified sysops administrator associate level dumps Exam quickly & easily. The aws sysops certification dumps PDF type is available for reading and printing. You can print more and practice many times. With the help of our Amazon aws sysops exam questions dumps pdf and vce product and material, you can easily pass the aws certified sysops administrator pdf exam.

Q161. - (Topic 3) 

A sys admin has enabled a log on ELB. Which of the below mentioned activities are not captured by the log? 

A. Response processing time 

B. Front end processing time 

C. Backend processing time 

D. Request processing time 

Answer:

Explanation: 

Elastic Load Balancing access logs capture detailed information for all the requests made to the load balancer. Each request will have details, such as client IP, request path, ELB IP, time, and latencies. The time will have information, such as Request Processing time, Backend Processing time and Response Processing time. 


Q162. - (Topic 3) 

A sys admin is trying to understand the sticky session algorithm. Please select the correct sequence of steps, both when the cookie is present and when it is not, to help the admin understand the implementation of the sticky session: 

ELB inserts the cookie in the response ELB chooses the instance based on the load balancing algorithm Check the cookie in the service request The cookie is found in the request The cookie is not found in the request 

A. 3,1,4,2 [Cookie is not Present] & 3,1,5,2 [Cookie is Present] 

B. 3,4,1,2 [Cookie is not Present] & 3,5,1,2 [Cookie is Present] 

C. 3,5,2,1 [Cookie is not Present] & 3,4,2,1 [Cookie is Present] 

D. 3,2,5,4 [Cookie is not Present] & 3,2,4,5 [Cookie is Present] 

Answer:

Explanation: 

Generally AWS ELB routes each request to a zone with the minimum load. The Elastic Load Balancer provides a feature called sticky session which binds the user’s session with a specific EC2 instance. The load balancer uses a special load-balancer-generated cookie to track the application instance for each request. When the load balancer receives a request, it first checks to see if this cookie is present in the request. If so, the request is sent to the application instance specified in the cookie. If there is no cookie, the load balancer chooses an application instance based on the existing load balancing algorithm. A cookie is inserted into the response for binding subsequent requests from the same user to that application instance. 


Q163. - (Topic 2) 

A user has launched an EBS backed EC2 instance. What will be the difference while performing the restart or stop/start options on that instance? 

A. For restart it does not charge for an extra hour, while every stop/start it will be charged as a separate hour 

B. Every restart is charged by AWS as a separate hour, while multiple start/stop actions during a single hour will be counted as a single hour 

C. For every restart or start/stop it will be charged as a separate hour 

D. For restart it charges extra only once, while for every stop/start it will be charged as a separate hour 

Answer:

Explanation: 

For an EC2 instance launched with an EBS backed AMI, each time the instance state is changed from stop to start/ running, AWS charges a full instance hour, even if these transitions happen multiple times within a single hour. Anyway, rebooting an instance AWS does not charge a new instance billing hour. 

Topic 3, Volume C 

154. - (Topic 3) 

A user has created a VPC with a public subnet. The user has terminated all the instances which are part of the subnet. Which of the below mentioned statements is true with respect to this scenario? 

A. The user cannot delete the VPC since the subnet is not deleted 

B. All network interface attached with the instances will be deleted 

C. When the user launches a new instance it cannot use the same subnet 

D. The subnet to which the instances were launched with will be deleted 

Answer:

Explanation: 

A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When an instance is launched it will have a network interface attached with it. The user cannot delete the subnet until he terminates the instance and deletes the network interface. When the user terminates the instance all the network interfaces attached with it are also deleted. 


Q164. - (Topic 3) 

A user has created a VPC with public and private subnets using the VPC wizard. Which of the below mentioned statements is not true in this scenario? 

A. The VPC will create a routing instance and attach it with a public subnet 

B. The VPC will create two subnets 

C. The VPC will create one internet gateway and attach it to VPC 

D. The VPC will launch one NAT instance with an elastic IP 

Answer:

Explanation: 

A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet, the instances in the public subnet can receive inbound traffic directly from the internet, whereas the instances in the private subnet cannot. If these subnets are created with Wizard, AWS will create a NAT instance with an elastic IP. Wizard will also create two subnets with route tables. It will also create an internet gateway and attach it to the VPC. 


Q165. - (Topic 3) 

An organization (Account ID 123412341234. has attached the below mentioned IAM policy to a user. What does this policy statement entitle the user to perform? 

"Version": "2012-10-17", 

"Statement": [{ 

"Sid": "AllowUsersAllActionsForCredentials", 

"Effect": "Allow", 

"Action": [ 

"iam:*LoginProfile", 

"iam:*AccessKey*", 

"iam:*SigningCertificate*" 

], 

"Resource": ["arn:aws:iam:: 123412341234:user/${aws:username}"] 

}] 

A. The policy allows the IAM user to modify all IAM user’s credentials using the console, SDK, CLI or APIs 

B. The policy will give an invalid resource error 

C. The policy allows the IAM user to modify all credentials using only the console 

D. The policy allows the user to modify all IAM user’s password, sign in certificates and access keys using only CLI, SDK or APIs 

Answer:

Explanation: 

WS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the organization (Account ID 123412341234. wants some of their users to manage credentials (access keys, password, and sing in certificates. of all IAM users, they should set an applicable policy to that user or group of users. The below mentioned policy allows the IAM user to modify the credentials of all IAM user’s using only CLI, SDK or APIs. The user cannot use the AWS 

console for this activity since he does not have list permission for the IAM users. 

"Version": "2012-10-17", 

"Statement": [{ 

"Sid": "AllowUsersAllActionsForCredentials", 

"Effect": "Allow" 

"Action": [ 

"iam:*LoginProfile", 

"iam:*AccessKey*", 

"iam:*SigningCertificate*" 

], 

"Resource": ["arn:aws:iam::123412341234:user/${aws:username}"] 

Amazon AWS-SysOps : Practice Test 

}] } 


Q166. - (Topic 3) 

A user has created a subnet in VPC and launched an EC2 instance within it. The user has not selected the option to assign the IP address while launching the instance. Which of the 

below mentioned statements is true with respect to this scenario? 

A. The instance will always have a public DNS attached to the instance by default 

B. The user can directly attach an elastic IP to the instance 

C. The instance will never launch if the public IP is not assigned 

D. The user would need to create an internet gateway and then attach an elastic IP to the instance to connect from internet 

Answer:

Explanation: 

A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When the user is launching an instance he needs to select an option which attaches a public IP to the instance. If the user has not selected the option to attach the public IP then it will only have a private IP when launched. The user cannot connect to the instance from the internet. If the user wants an elastic IP to connect to the instance from the internet he should create an internet gateway and assign an elastic IP to instance. 


Q167. - (Topic 3) 

A user had aggregated the CloudWatch metric data on the AMI ID. The user observed some abnormal 

behaviour of the CPU utilization metric while viewing the last 2 weeks of data. The user wants to share that data with his manager. How can the user achieve this easily with the AWS console? 

A. The user can use the copy URL functionality of CloudWatch to share the exact details 

B. The user can use the export data option from the CloudWatch console to export the current data point 

C. The user has to find the period and data and provide all the aggregation information to the manager 

D. The user can use the CloudWatch data copy functionality to copy the current data points 

Answer:

Explanation: 

Amazon CloudWatch provides the functionality to graph the metric data generated either by the AWS services or the custom metric to make it easier for the user to analyse. The console provides the option to save the URL or bookmark it so that it can be used in the future by typing the same URL. The Copy URL functionality is available under the console when the user selects any metric to view. 


Q168. - (Topic 2) 

An organization wants to move to Cloud. They are looking for a secure encrypted database storage option. Which of the below mentioned AWS functionalities helps them to achieve this? 

A. AWS MFA with EBS 

B. AWS EBS encryption 

C. Multi-tier encryption with Redshift 

D. AWS S3 server side storage 

Answer:

Explanation: 

AWS EBS supports encryption of the volume while creating new volumes. It also supports creating volumes from existing snapshots provided the snapshots are created from encrypted volumes. The data at rest, the I/O as well as all the snapshots of EBS will be encrypted. The encryption occurs on the servers that host the EC2 instances, providing encryption of data as it moves between the EC2 instances and EBS storage. EBS encryption is based on the AES-256 cryptographic algorithm, which is the industry standard