• Home
  • Blogs
  • Practice on 2024 LATEST AWS-SysOps Exam Updated 991 Questions [Q361-Q385]

Practice on 2024 LATEST AWS-SysOps Exam Updated 991 Questions [Q361-Q385]

Share

Practice on 2024 LATEST AWS-SysOps Exam Updated 991 Questions

Download Latest AWS-SysOps Dumps with Authentic Real Exam QA's


The AWS-SysOps certification is a great way to demonstrate your expertise in managing and deploying AWS systems. It offers numerous benefits to professionals, including recognition of their skills, higher salaries, and better job opportunities. AWS Certified SysOps Administrator - Associate certification also helps in building confidence and credibility among peers and employers.

 

NEW QUESTION # 361
A user has created a VPC with the public subnet. The user has created a security group for that VPC. Which of the below mentioned statements is true when a security group is created?

  • A. It will have all the inbound traffic by default
  • B. It will by default allow traffic to the internet gateway
  • C. It will have all the outbound traffic by default
  • D. It can connect to the AWS services, such as S3 and RDS by default

Answer: C

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user's AWS account. AWS provides two features the user can use to increase security in VPC: security groups and network ACLs. Security groups work at the instance level while ACLs work at the subnet level. When a user creates a security group with AWS VPC, by default it will allow all the outbound traffic but block all inbound traffic.


NEW QUESTION # 362
A user has created an ELB with Auto Scaling. Which of the below mentioned offerings from ELB helps the user to stop sending new requests traffic from the load balancer to the EC2 instance when the instance is being deregistered while continuing in-flight requests?

  • A. ELB auto registration Off
  • B. ELB sticky session
  • C. ELB deregistration check
  • D. ELB connection draining

Answer: D

Explanation:
The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the instances are deregistering or become unhealthy, while ensuring that inflight requests continue to be served.


NEW QUESTION # 363
A company is deploying a legacy web application on Amazon EC2 instances behind an ELB Application Load Balancer. The application worked well in the test environment. However, in production, users report that they are prompted to log in to the system several times an hour.
Which troubleshooting step should be taken to help resolve the problem reported by users?

  • A. Ensure that port 80 is configured on the security group.
  • B. Confirm that the Application Load Balancer is in a multi-AZ configuration.
  • C. Enable sticky sessions on the Application Load Balancer.
  • D. Enable health checks on the Application Load Balancer.

Answer: C

Explanation:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environments-cfg-alb.html


NEW QUESTION # 364
A user has launched an RDS MySQL DB with the Multi AZ feature. The user has scheduled the scaling of
instance storage during maintenance window. What is the correct order of events during maintenance
window?
1 . Perform maintenance on standby
2 . Promote standby to primary
3 . Perform maintenance on original primary
4 . Promote original master back as primary

  • A. 1, 2, 3, 4
  • B. 1, 2, 3
  • C. 2, 3, 1
  • D. 2, 3, 1, 4

Answer: B

Explanation:
Running MySQL on the RDS DB instance as a Multi-AZ deployment can help the user reduce the impact
of a maintenance event, as the Amazon will conduct maintenance by following the steps in the below
mentioned order:
Perform maintenance on standby
Promote standby to primary
Perform maintenance on original primary, which becomes the new standby.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBMaintenance.html


NEW QUESTION # 365
A user has configured Auto Scaling with 3 instances. The user had created a new AMI after updating one of
the instances. If the user wants to terminate two specific instances to ensure that Auto Scaling launches an
instances with the new launch configuration, which command should he run?

  • A. as-terminate-instance-in-auto-scaling-group <Instance ID> --decrement-desired-capacity
  • B. as-terminate-instance-in-auto-scaling-group <Instance ID> --update-desired-capacity
  • C. as-terminate-instance-in-auto-scaling-group <Instance ID> --no-decrement-desired-capacity
  • D. as-delete-instance-in-auto-scaling-group <Instance ID> --no-decrement-desired-capacity

Answer: C

Explanation:
The Auto Scaling command as-terminate-instance-in-auto-scaling-group <Instance ID> will terminate the
specific instance ID. The user is required to specify the parameter as -no-decrement-desired-capacity to
ensure that it launches a new instance from the launch config after terminating the instance. If the user
specifies the parameter --decrement-desired-capacity then Auto Scaling will terminate the instance and
decrease the desired capacity by 1.


NEW QUESTION # 366
A user is trying to connect to a running EC2 instance using SSH.
However, the user gets a Host key not found error.
Which of the below mentioned options is a possible reason for rejection?

  • A. The user has provided the wrong user name for the OS login
  • B. The security group is not configured properly
  • C. The instance CPU is heavily loaded
  • D. The access key to connect to the instance is wrong

Answer: A

Explanation:
If the user is trying to connect to a Linux EC2 instance and receives the Host Key not found error the probable reasons are:
The private key pair is not right
The user name to login is wrong


NEW QUESTION # 367
You are using ElastiCache Memcached to store session state and cache database queries in your infrastructure. You notice in CloudWatch that Evictions and GetMisses are Doth very high.
What two actions could you take to rectify this?
Choose 2 answers

  • A. Increase the number of nodes in your cluster
  • B. Increase the size of the nodes in the duster
  • C. Shrink the number of nodes in your cluster
  • D. Tweak the max_item_size parameter

Answer: B,D


NEW QUESTION # 368
A user has created a subnet with VPC and launched an EC2 instance in that subnet with only default settings. Which of the below mentioned options is ready to use on the EC2 instance as soon as it is launched?

  • A. Internet gateway
  • B. Elastic IP
  • C. Public IP
  • D. Private IP

Answer: D

Explanation:
Explanation/Reference:
Explanation:
A Virtual Private Cloud (VPC is a virtual network dedicated to a user's AWS account. A subnet is a range of IP addresses in the VPC. The user can launch the AWS resources into a subnet. There are two supported platforms into which a user can launch instances: EC2-Classic and EC2-VPC. When the user launches an instance which is not a part of the non-default subnet, it will only have a private IP assigned to it. The instances part of a subnet can communicate with each other but cannot communicate over the internet or to the AWS services, such as RDS / S3.


NEW QUESTION # 369
A root account owner has created an S3 bucket testmycloud. The account owner wants to allow everyone to upload the objects as well as enforce that the person who uploaded the object should manage the permission of those objects. Which is the easiest way to achieve this?

  • A. The root account owner should create a bucket policy which allows the IAM users to upload the object
  • B. The root account should use ACL with the bucket to allow everyone to upload the object
  • C. The root account owner should create the bucket policy which allows the other account owners to set the object policy of that bucket
  • D. The root account should create the IAM users and provide them the permission to upload content to the bucket

Answer: B

Explanation:
Each AWS S3 bucket and object has an ACL (Access Control List. associated with it. An ACL is a list of grants identifying the grantee and the permission granted. The user can use ACLs to grant basic read/write permissions to other AWS accounts. ACLs use an Amazon S3-specific XML schema. The user cannot grant permissions to other users in his account. ACLs are suitable for specific scenarios. For example, if a bucket owner allows other AWS accounts to upload objects, permissions to these objects can only be managed using the object ACL by the AWS account that owns the object.


NEW QUESTION # 370
A user has created a public subnet with VPC and launched an EC2 instance within it. The user is trying to
delete the subnet. What will happen in this scenario?

  • A. It will not allow the user to delete the subnet until the instances are terminated
  • B. It will delete the subnet as well as terminate the instances
  • C. It will delete the subnet and make the EC2 instance as a part of the default subnet
  • D. The subnet can never be deleted independently, but the user has to delete the VPC first

Answer: A

Explanation:
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. A user can create
a subnet with VPC and launch instances inside that subnet. When an instance is launched it will have a
network interface attached with it. The user cannot delete the subnet until he terminates the instance and
deletes the network interface.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html


NEW QUESTION # 371
Your EC2-Based Multi-tier application includes a monitoring instance that periodically makes application - level read only requests of various application components and if any of those fail more than three times
30 seconds calls CloudWatch lo fire an alarm, and the alarm notifies your operations team by email and SMS of a possible application health problem. However, you also need to watch the watcher -the monitoring instance itself - and be notified if it becomes unhealthy.
Which of the following is a simple way to achieve that goal?

  • A. Set a CloudWatch alarm based on EC2 system and instance status checks and have the alarm notify your operations team of any detected problem with the monitoring instance.
  • B. Set a CloudWatch alarm based on the CPU utilization of the monitoring instance and have the alarm notify your operations team if C r the CPU usage exceeds 50% few more than one minute: then have your monitoring application go into a CPU-bound loop should it Detect any application problems.
  • C. Run another monitoring instance that pings the monitoring instance and fires a could watch alarm mat notifies your operations team should the primary monitoring instance become unhealthy.
  • D. Have the monitoring instances post messages to an SOS queue and then dequeue those messages on another instance should the queue cease to have new messages, the second instance should first terminate the original monitoring instance start another backup monitoring instance and assume (he role of the previous monitoring instance and beginning adding messages to the SQSqueue.

Answer: A


NEW QUESTION # 372
You need to determine what encryption operations were taken with which key in AWS KMS to ei-ther encrypt or decrypt data in the AWS CodeCommit repository. Which of the following actions will best help you accomplish this?

  • A. Searching for the encryption key ID in AWS CloudWatch
  • B. Searching for the encryption key ID in AWS CloudTrail logs
  • C. Searching for the AWS CodeCommit repository ID in AWS CloudWatch
  • D. Searching for the AWS CodeCommit repository ID in AWS CloudTrail logs

Answer: D

Explanation:
Explanation/Reference:
Explanation:
The encryption context is additional authenticated information AWS KMS uses to check for data integrity.
When specified for the encryption operation, it must also be specified in the decryption operation or decryption will fail. AWS CodeCommit uses the AWS CodeCommit repository ID for the encryption context.
You can find the repository ID by using the get-repository command or by viewing repository details in the AWS CodeCommit console. Search for the AWS CodeCommit repository ID in AWS CloudTrail logs to understand which encryption operations were taken on which key in AWS KMS to encrypt or decrypt data in the AWS CodeCommit repository.
Reference: http://docs.aws.amazon.com/codecommit/latest/userguide/encryption.html


NEW QUESTION # 373
An organization has applied the below mentioned policy on an IAM group which has selected the IAM users. What entitlements do the IAM users avail with this policy?

  • A. It allows full access to all AWS services for the IAM users who are a part of this group
  • B. The policy is for the group. Thus, the IAM user cannot have any entitlement to this
  • C. If this policy is applied to theEC2 resource, the users of the group will have full access to the EC2 Resources
  • D. The policy is not created correctly. It willthrow an error for wrong resource name

Answer: A

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The IAMgroup allows the organization to specify permissions for a collection of users. With the below mentioned policy, it will allow the group full access (Admin. to all AWS services.


NEW QUESTION # 374
The billing process for Amazon EC2 instances was updated as of October 2, 2017. Which of the following statements is true regarding how you pay for Amazon EC2 instances? (Choose two.)

  • A. You can pay per hour or per second, depending on the instance type.
  • B. Payment does not vary based on the instance AMI's operating system.
  • C. You can pay per hour or per second, depending on the instance AMI's operating system.
  • D. You pay for compute capacity by the day; hours are billed in proportion.

Answer: A,C

Explanation:
Explanation
Previously, if you launched an instance for 5 minutes, you would pay for 1 hour. If you launched an instance for 45 minutes, you would also pay for 1 hour. This means that partial hours cost as much as one full hour.
Pricing is per instance-hour consumed for each instance, from the time an instance is launched until it is terminated or stopped. Each partial instance-hour consumed will be billed as a full hour.
With EC2 services now billed per-second in some cases, as well as per-hour in others as of October 2, 2017, there is more to consider. Amazon AWS is still based on the concept of pay-as-you-go. You pay Amazon EC2 instances by the second for all instance types except Dedicated Host, which is still billed per instance-hour.
You are billed per second when using Linux operating systems with no separate hourly charge, and billed per hour when using Windows operating systems.


NEW QUESTION # 375
A user has created a Cloudformation stack.
The stack creates AWS services, such as EC2 instances, ELB, AutoScaling, and RDS.
While creating the stack it created EC2, ELB and AutoScaling but failed to create RDS.
What will Cloudformation do in this scenario?

  • A. Rollback all the changes and terminate all the created services
  • B. It will warn the user about the error and ask the user to manually create RDS
  • C. It will wait for the user's input about the error and correct the mistake after the input
  • D. Cloudformation can never throw an error after launching a few services since it verifies all the steps before launching

Answer: A

Explanation:
AWS Cloudformation is an application management tool which provides application modelling, deployment, configuration, management and related activities. The AWS Cloudformation stack is a collection of AWS resources which are created and managed as a single unit when AWS CloudFormation instantiates a template. If any of the services fails to launch, Cloudformation will rollback all the changes and terminate or delete all the created services.


NEW QUESTION # 376
A SysOps Administrator noticed that the cache hit ratio for an Amazon CloudFront distribution is less than 10%
.
Which collection of configuration changes will increase the cache hit ratio for the distribution? (Choose two.)

  • A. Configure the distribution to use presigned cookies and URLs to restrict access to the distribution
  • B. Change the Viewer Protocol Policy to use HTTPS only
  • C. Increase the CloudFront time to live (TTL) settings in the Cache Behavior Settings
  • D. Ensure that only required cookies, query strings, and headers are forwarded in the Cache Behavior Settings
  • E. Enable automatic compression of objects in the Cache Behavior Settings

Answer: C,D


NEW QUESTION # 377
A customer enquires about whether all his data is secure on AWS, and is especially concerned about Elastic Map Reduce (EMR). You need to inform him of some of the security features in place for AWS. Which of the below statements is incorrect regarding EMR or S3?

  • A. Amazon S3 provides authentication mechanisms to ensure that stored data is secured against unauthorized access.
  • B. Amazon EMR customers can choose to send data to Amazon S3 using the HTTPS protocol for secure transmission.
  • C. Every packet sent in the AWS network uses Internet Protocol Security (IPsec).
  • D. Customers may encrypt the input data before they upload it to Amazon S3.

Answer: C

Explanation:
Explanation
Amazon S3 provides authentication mechanisms to ensure that stored data is secured against unauthorized access. Unless the customer who is uploading the data specifies otherwise, only that customer can access the data. Amazon EMR customers can also choose to send data to Amazon S3 using the HTTPS protocol for secure transmission. In addition, Amazon EMR always uses HTTPS to send data between Amazon S3 and Amazon EC2. For added security, customers may encrypt the input data before they upload it to Amazon S3 (using any common data compression tool); they then need to add a decryption step to the beginning of their cluster when Amazon EMR fetches the data from Amazon S3. IPsec is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. Amazon supports Internet Protocol security (IPsec) VPN connections, but does not protect all data packets at this level.


NEW QUESTION # 378
A new application runs on Amazon EC2 instances and accesses data in an Amazon RDS database instance. When fully deployed in production, the application fails. The database can be queried from a console on a bastion host. When looking at the web server logs, the following error is repeated multiple times:
*** Error Establishing a Database Connection.
Which of the following may be causes of the connectivity problems? (Choose two.)

  • A. The certificate used by the web server is not trusted by the RDS instance.
  • B. The database is still being created and is not available for connectivity.
  • C. The security group for the database does not have the appropriate egress rule from the database to the web server.
  • D. The security group for the database does not have the appropriate ingress rule from the web server to the database.

Answer: A,D

Explanation:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html B is true. Because You can use SSL certificate for RDS connections.
C is true. RDS security group needs ingress rule for accepting connections.


NEW QUESTION # 379
A user runs the command "dd if=/dev/xvdf of=/dev/null bs=1M" on an EBS volume created from a snapshot and attached to a Linux instance. Which of the below mentioned activities is the user performing with the step given above?

  • A. Copying the data from a snapshot to the device
  • B. Pre warming the EBS volume
  • C. Initiating the device to mount on the EBS volume
  • D. Formatting the volume

Answer: B

Explanation:
Explanation
When the user creates an EBS volume and is trying to access it for the first time it will encounter reduced IOPS due to wiping or initiating of the block storage. To avoid this as well as achieve the best performance it is required to pre warm the EBS volume. For a volume created from a snapshot and attached with a Linux OS, the "dd" command pre warms the existing data on EBS and any restored snapshots of volumes that have been previously fully pre warmed. This command maintains incremental snapshots; however, because this operation is read-only, it does not pre warm unused space that has never been written to on the original volume. In the command "dd if=/dev/xvdf of=/dev/null bs=1M" , the parameter "if=input file" should be set to the drive that the user wishes to warm. The "of=output file" parameter should be set to the Linux null virtual device,
/dev/null. The "bs" parameter sets the block size of the read operation; for optimal performance, this should be set to 1 MB.


NEW QUESTION # 380
A company is running a new promotion that will result in a massive spike in traffic for a single application.
The SysOps Administrator must prepare the application and ensure that the customers have a great experience.
The application is heavy on memory and is running behind an AWS Application Load Balancer (ALB). The ALB has been pre-warmed, and the application is in an Auto Scaling group.
What built-in metric should be used to control the Auto Scaling group's scaling policy?

  • A. Request CountPerTarget
  • B. MemoryUtilization
  • C. CPUUtilization
  • D. RejectedConnection Count

Answer: C


NEW QUESTION # 381
An organization has setup Auto Scaling with ELB. Due to some manual error, one of the instances got
rebooted. Thus, it failed the Auto Scaling health check. Auto Scaling has marked it for replacement. How can the system admin ensure that the instance does not get terminated?

  • A. Change the health of the instance to healthy using the Auto Scaling commands
  • B. Manually add that instance to the Auto Scaling group after reboot to avoid replacement
  • C. It is not possible to change the status once it is marked for replacement
  • D. Update the Auto Scaling group to ignore the instance reboot event

Answer: A

Explanation:
After an instance has been marked unhealthy by Auto Scaling, as a result of an Amazon EC2 or ELB health check, it is almost immediately scheduled for replacement as it will never automatically recover its health. If the user knows that the instance is healthy then he can manually call the SetInstanceHealth action (or the as-setinstance- health command from CLI. to set the instance's health status back to healthy. Auto Scaling will throw an error if the instance is already terminating or else it will mark it healthy.


NEW QUESTION # 382
Your customers are concerned about the security of their sensitive data and their inquiry asks about what happens to old storage devices on AWS. What would be the best answer to this question?

  • A. AWS reformats the disks and uses them again.
  • B. AWS uses their own proprietary software to destroy data as part of the decommissioning process.
  • C. AWS uses a 3rd party security organisation to destroy data as part of the decommissioning process.
  • D. AWS uses the techniques detailed in DoD 5220.22-M to destroy data as part of the decommissioning process.

Answer: D

Explanation:
When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals.
AWS uses the techniques detailed in DoD 5220.22-M ("National Industrial Security Program Operating Manual ") or NIST 800-88 ("Guidelines for Media Sanitization") to destroy data as part of the decommissioning process.
All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.
Reference: https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf


NEW QUESTION # 383
Your VPC automatically comes with a modifiable default network ACL, which by default _____.

  • A. allows all inbound and outbound traffic
  • B. blocks outbound traffic
  • C. allows only inbound traffic
  • D. blocks all inbound and outbound traffic

Answer: A

Explanation:
Your VPC automatically comes with a modifiable default network ACL. By default, it allows all inbound and outbound traffic.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html


NEW QUESTION # 384
A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring on Auto Scaling. Which of the below mentioned statements will help the user understand the functionality better?

  • A. Auto Scaling sends data every minute only and does not charge the user
  • B. It is not possible to setup detailed monitoring for Auto Scaling
  • C. In this case, Auto Scaling will send data every minute and will charge the user extra
  • D. Detailed monitoring will send data every minute without additional charges

Answer: C

Explanation:
Explanation
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/supported_services.html CloudWatch monitors the following services. As soon as you begin using a service, it automatically sends metrics to CloudWatch for you.
CloudWatch offers either basic or detailed monitoring for supported AWS products. Basic monitoring means that a service sends data points to CloudWatch every five minutes. Detailed monitoring means that a service sends data points to CloudWatch every minute.
Note
If you are using a service that supports both basic and detailed data collection (for example, Amazon EC2 and Auto Scaling), and you want to access detailed statistics, you must enable detailed metric collection for that service.
* Auto Scaling
Auto Scaling sends data to CloudWatch every 5 minutes by default. For an additional charge, you can enable detailed monitoring for Auto Scaling, which sends data to CloudWatch every minute. You can create alarms using Auto Scaling Dimensions and Metrics. For more information, see Monitor Your Auto Scaling Instances in the Auto Scaling User Guide.


NEW QUESTION # 385
......

Authentic AWS-SysOps Exam Dumps PDF - Jan-2024 Updated: https://interfacett.braindumpquiz.com/AWS-SysOps-exam-material.html

Related Blogs

more
Amazon AWS-SysOps Certification Practice Exam

Copyright © 2026 BRAINDUMPQUIZ.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.