Updated AWS-SysOps Dump 2021

NEW QUESTION 1

A user has launched a Windows based EC2 instance. However, the instance has some issues and the user wants to check the log. When the user checks the Instance console output from the AWS console, what will it display?

• A. All the event logs since instance boot
• B. The last 10 system event log error
• C. The Windows instance does not support the console output
• D. The last three system events’ log errors

Answer: D

Explanation:

The AWS EC2 console provides a useful tool called Console output for problem diagnosis. It is useful to find out any kernel issues, termination reasons or service configuration issues. For a Windows instance it lists the last three system event log errors. For Linux it displays the exact console output.

NEW QUESTION 2

A user has created a VPC with CIDR 20.0.0.0/16. The user has created public and VPN only subnets along with hardware VPN access to connect to the user’s datacenter. The user wants to make so that all traffic coming to the public subnet follows the organization’s proxy policy. How can the user make this happen?

• A. Setting up a NAT with the proxy protocol and configure that the public subnet receives traffic from NAT
• B. Settin up a proxy policy in the internet gateway connected with the public subnet
• C. It is not possible to setup the proxy policy for a public subnet
• D. Setting the route table and security group of the public subnet which receives traffic from a virtual private gateway

Answer: D

Explanation:

The user can create subnets within a VPC. If the user wants to connect to VPC from his own data centre, he can setup public and VPN only subnets which uses hardware VPN access to connect with his data centre. When the user has configured this setup, it will update the main route table used with the VPN-only subnet, create a custom route table and associate it with the public subnet. It also creates an internet gateway for the public subnet. By default the internet traffic of the VPN subnet is routed to a virtual private gateway while the internet traffic of the public subnet is routed through the internet gateway. The user can set up the route and security group rules. These rules enable the traffic to come from the organization’s network over the virtual private gateway to the public subnet to allow proxy settings on that public subnet.

NEW QUESTION 3

George has shared an EC2 AMI created in the US East region from his AWS account with Stefano. George copies the same AMI to the US West region. Can Stefano access the copied AMI of George’s account from the US West region?

• A. No, copy AMI does not copy the permission
• B. It is not possible to share the AMI with a specific account
• C. Yes, since copy AMI copies all private account sharing permissions
• D. Yes, since copy AMI copies all the permissions attached with the AMI

Answer: A

Explanation:

Within EC2, when the user copies an AMI, the new AMI is fully independent of the source AMI; there is no link to the original (source. AMI. AWS does not copy launch the permissions, user-defined tags or the Amazon S3 bucket permissions from the source AMI to the new AMI. Thus, in this case by default Stefano will not have access to the AMI in the US West region.

NEW QUESTION 4

A user has created a photo editing software and hosted it on EC2. The software accepts requests from the user about the photo format and resolution and sends a message to S3 to enhance the picture accordingly.Which of the below mentioned AWS services will help make a scalable software with the AWS infrastructure in this scenario?

• A. AWS Glacier
• B. AWS Elastic Transcoder
• C. AWS Simple Notification Service
• D. AWS Simple Queue Service

Answer: D

Explanation:

Amazon Simple Queue Service (SQS. is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. The user can configure SQS, which will decouple the call between the EC2 application and S3. Thus, the application does not keep waiting for S3 to provide the data.

NEW QUESTION 5

You have a web-style application with a stateless but CPU and memory-intensive web tier running on a cc2 8xlarge EC2 instance inside of a VPC The instance when under load is having problems returning requests within the SLA as defined by your business The application maintains its state in a DynamoDB table, but the data tier is properly provisioned and responses are consistently fast.
How can you best resolve the issue of the application responses not meeting your SLA?

• A. Add another cc2 8xlarge application instance, and put both behind an Elastic Load Balancer
• B. Move the cc2 8xlarge to the same Availability Zone as the DynamoDB table
• C. Cache the database responses in ElastiCache for more rapid access
• D. Move the database from DynamoDB to RDS MySQL in scale-out read-replica configuration

Answer: B

Explanation:
Reference:
http://aws.amazon.com/elasticmapreduce/faqs/

NEW QUESTION 6

When an EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store volumes?

• A. Data will be deleted and win no longer be accessible
• B. Data is automatically saved in an EBS volum
• C. Data is automatically saved as an EBS snapshot
• D. Data is unavailable until the instance is restarted

Answer: D

NEW QUESTION 7

A user is using the AWS EC2. The user wants to make so that when there is an issue in the EC2 server, such as instance status failed, it should start a new instance in the user’s private cloud. Which AWS service helps to achieve this automation?

• A. AWS CloudWatch + Cloudformation
• B. AWS CloudWatch + AWS AutoScaling + AWS ELB
• C. AWS CloudWatch + AWS VPC
• D. AWS CloudWatch + AWS SNS

Answer: D

Explanation:

Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue Service (SQS. queues or to any HTTP endpoint. The user can configure a web service (HTTP End point. in his data centre which receives data and launches an instance in the private cloud. The user should configure the CloudWatch alarm to send a notification to SNS when the “StatusCheckFailed” metric is true for the EC2 instance. The SNS topic can be configured to send a notification to the user’s HTTP end point which launches an instance in the private cloud.

NEW QUESTION 8

A user has setup an EBS backed instance and attached 2 EBS volumes to it. The user has setup a CloudWatch alarm on each volume for the disk data. The user has stopped the EC2 instance and detached the EBS volumes. What will be the status of the alarms on the EBS volume?

• A. OK
• B. Insufficient Data
• C. Alarm
• D. The EBS cannot be detached until all the alarms are removed

Answer: B

Explanation:

Amazon CloudWatch alarm watches a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. Alarms invoke actions only for sustained state changes. There are three states of the alarm: OK, Alarm and Insufficient data. In this case since the EBS is detached and inactive the state will be Insufficient.

NEW QUESTION 9

An organization is planning to use AWS for their production roll out. The organization wants to implement
automation for deployment such that it will automatically create a LAMP stack, download the latest PHP
installable from S3 and setup the ELB. Which of the below mentioned AWS services meets the quirement for making an orderly deployment of the software?

• A. AWS Elastic Beanstalk
• B. AWS Cloudfront
• C. AWS Cloudformation
• D. AWS DevOps

Answer: C

Explanation:

AWS Cloudformation is an application management tool which provides application modelling, deployment, configuration, management and related activities. Cloudformation provides an easy way to create and delete the collection of related AWS resources and provision them in an orderly way. AWS CloudFormation automates and simplifies the task of repeatedly and predictably creating groups of related resources that power the user’s applications. AWS Cloudfront is a CDN; Elastic Beanstalk does quite a few of the required tasks. However, it is a PAAS which uses a ready AMI. AWS Elastic Beanstalk provides an environment to easily develop and run applications in the cloud.

NEW QUESTION 10

Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases/ decreases and has been performing well Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175.
What should you do to avoid potential service disruptions during the ramp up in traffic?

• A. Ensure that you have pre-allocated 175 Elastic IP addresses so that each server will be able to obtain one as it launches
• B. Check the service limits in Trusted Advisor and adjust as necessary so the forecasted count remains within limit
• C. Change your Auto Scaling configuration to set a desired capacity of 175 prior to the launch of the marketing campaign
• D. Pre-warm your Elastic Load Balancer to match the requests per second anticipated during peak demand prior to the marketing campaign

Answer: D

NEW QUESTION 11

A user wants to disable connection draining on an existing ELB. Which of the below mentioned statements helps the user disable connection draining on the ELB?

• A. The user can only disable connection draining from CLI
• B. It is not possible to disable the connection draining feature once enabled
• C. The user can disable the connection draining feature from EC2 -> ELB console or from CLI
• D. The user needs to stop all instances before disabling connection draining

Answer: C

Explanation:

The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the instances are deregistering or become unhealthy, while ensuring that inflight requests continue to be served. The user can enable or disable connection draining from the AWS EC2 console -> ELB or using CLI.

NEW QUESTION 12

How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?

• A. Query the local instance metadat
• B. Query the appropriate Amazon CloudWatch metri
• C. Query the local instance userdat
• D. Use ipconfig or ifconfig comman

Answer: B

NEW QUESTION 13

An organization has applied the below mentioned policy on an IAM group which has selected the IAM users. What entitlements do the IAM users avail with this policy?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}

• A. The policy is not created correctl
• B. It will throw an error for wrong resource name
• C. The policy is for the grou
• D. Thus, the IAM user cannot have any entitlement to this
• E. It allows full access to all AWS services for the IAM users who are a part of this group
• F. If this policy is applied to the EC2 resource, the users of the group will have full access to the EC2 Resources

Answer: C

Explanation:

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The IAM group allows the organization to specify permissions for a collection of users. With the below mentioned policy, it will allow the group full access (Admin. to all AWS services.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}

NEW QUESTION 14

A user has granted read/write permission of his S3 bucket using ACL. Which of the below mentioned options is a valid ID to grant permission to other AWS accounts (grantee. using ACL?

• A. IAM User ID
• B. S3 Secure ID
• C. Access ID
• D. Canonical user ID

Answer: D

Explanation:

An S3 bucket ACL grantee can be an AWS account or one of the predefined Amazon S3 groups. The user can grant permission to an AWS account by the email address of that account or by the canonical user ID. If the user provides an email in the grant request, Amazon S3 finds the canonical user ID for that account and adds it to the ACL. The resulting ACL will always contain the canonical user ID for the AWS account, and not the AWS account's email address.

NEW QUESTION 15

Which of the following statements about this S3 bucket policy is true?

• A. Denies the server with the IP address 192 168 100 0 full access to the "mybucket" bucket
• B. Denies the server with the IP address 192 168 100 188 full access to the "mybucket" bucket
• C. Grants all the servers within the 192 168 100 0/24 subnet full access to the "mybucket" bucket
• D. Grants all the servers within the 192 168 100 188/32 subnet full access to the "mybucket" bucket

Answer: B

NEW QUESTION 16

The compliance department within your multi-national organization requires that all data for your customers that reside in the European Union (EU) must not leave the EU and also
data for customers that reside in the US must not leave the US without explicit authorization.
What must you do to comply with this requirement for a web based profile management application running on EC2?

• A. Run EC2 instances in multiple AWS Availability Zones in single Region and leverage an Elastic Load Balancer with session stickiness to route traffic to the appropriate zone to create their profile
• B. Run EC2 instances in multiple Regions and leverage Route 53's Latency Based Routing capabilities to route traffic to the appropriate region to create their profile
• C. Run EC2 instances in multiple Regions and leverage a third party data provider to determine if a user needs to be redirect to the appropriate region to create their profile
• D. Run EC2 instances in multiple AWS Availability Zones in a single Region and leverage a third party data provider to determine if a user needs to be redirect to the appropriate zone to create their profile

Answer: C

NEW QUESTION 17

An organization has added 3 of his AWS accounts to consolidated billing. One of the AWS accounts has
purchased a Reserved Instance (RI. of a small instance size in the US-East-1a zone. All other AWS accounts are running instances of a small size in the same zone. What will happen in this case for the RI pricing?

• A. Only the account that has purchased the RI will get the advantage of RI pricing
• B. One instance of a small size and running in the US-East-1a zone of each AWS account will get the benefit of RI pricing
• C. Any single instance from all the three accounts can get the benefit of AWS RI pricing if they are running in the same zone and are of the same size
• D. If there are more than one instances of a small size running across multiple accounts in the same zone no one will get the benefit of RI

Answer: C

Explanation:

AWS consolidated billing enables the organization to consolidate payments for multiple Amazon Web Services (AWS. accounts within a single organization by making a single paying account. For billing purposes, consolidated billing treats all the accounts on the consolidated bill as one account. This means that all accounts on a consolidated bill can receive the hourly cost benefit of the Amazon EC2 Reserved Instances purchased by any other account. In this case only one Reserved Instance has been purchased by one account. Thus, only a single instance from any of the accounts will get the advantage of RI. AWS will implement the blended rate for each instance if more than one instance is running concurrently.

NEW QUESTION 18

A user is trying to send custom metrics to CloudWatch using the PutMetricData APIs. Which of the below
mentioned points should the user needs to take care while sending the data to CloudWatch?

• A. The size of a request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests
• B. The size of a request is limited to 128KB for HTTP GET requests and 64KB for HTTP POST requests
• C. The size of a request is limited to 40KB for HTTP GET requests and 8KB for HTTP POST requests
• D. The size of a request is limited to 16KB for HTTP GET requests and 80KB for HTTP POST requests

Answer: A

Explanation:

With AWS CloudWatch, the user can publish data points for a metric that share not only the same time stamp, but also the same namespace and dimensions. CloudWatch can accept multiple data points in the same PutMetricData call with the same time stamp. The only thing that the user needs to take care of is that the size of a PutMetricData request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests.

NEW QUESTION 19

A user has enabled detailed CloudWatch metric monitoring on an Auto Scaling group. Which of the below
mentioned metrics will help the user identify the total number of instances in an Auto Scaling group cluding pending, terminating and running instances?

• A. GroupTotalInstances
• B. GroupSumInstances
• C. It is not possible to get a count of all the three metrics togethe
• D. The user has to find the individual number of running, terminating and pending instances and sum it
• E. GroupInstancesCount

Answer: A

Explanation:

CloudWatch is used to monitor AWS as well as the custom services. For Auto Scaling, CloudWatch provides various metrics to get the group information, such as the Number of Pending, Running or Terminating instances at any moment. If the user wants to get the total number of Running, Pending and Terminating instances at any moment, he can use the GroupTotalInstances metric.

NEW QUESTION 20

A user has created a VPC with public and private subnets using the VPC wizard. The user has not launched any instance manually and is trying to delete the VPC. What will happen in this scenario?

• A. It will not allow to delete the VPC as it has subnets with route tables
• B. It will not allow to delete the VPC since it has a running route instance
• C. It will terminate the VPC along with all the instances launched by the wizard
• D. It will not allow to delete the VPC since it has a running NAT instance

Answer: D

Explanation:

A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet, the instances in the public subnet can receive inbound traffic directly from the Internet, whereas the instances in the private subnet cannot. If these subnets are created with Wizard, AWS will create a NAT instance with an elastic IP. If the user is trying to delete the VPC it will not allow as the NAT instance is still running.

NEW QUESTION 21

A user runs the command “dd if=/dev/xvdf of=/dev/null bs=1M” on an EBS volume created from a snapshot and attached to a Linux instance. Which of the below mentioned activities is the user performing with the step given above?

• A. Pre warming the EBS volume
• B. Initiating the device to mount on the EBS volume
• C. Formatting the volume
• D. Copying the data from a snapshot to the device

Answer: A

Explanation:

When the user creates an EBS volume and is trying to access it for the first time it will encounter reduced IOPS due to wiping or initiating of the block storage. To avoid this as well as achieve the best performance it is required to pre warm the EBS volume. For a volume created from a snapshot and attached with a Linux OS, the “dd” command pre warms the existing data on EBS and any restored snapshots of volumes that have been previously fully pre warmed. This command maintains incremental snapshots; however, because this operation is read-only, it does not pre warm unused space that has never been written to on the original volume. In the command “dd if=/dev/xvdf of=/dev/null bs=1M” , the parameter “if=input file” should be set to the drive that the user wishes to warm. The “of=output file” parameter should be set to the Linux null virtual device, /dev/null. The “bs” parameter sets the block size of the read operation; for optimal performance, this should be set to 1 MB.

NEW QUESTION 22

An organization has configured Auto Scaling with ELB. There is a memory issue in the application which is causing CPU utilization to go above 90%. The higher CPU usage triggers an event for Auto Scaling as per the scaling policy. If the user wants to find the root cause inside the application without triggering a scaling activity, how can he achieve this?

• A. Stop the scaling process until research is completed
• B. It is not possible to find the root cause from that instance without triggering scaling
• C. Delete Auto Scaling until research is completed
• D. Suspend the scaling process until research is completed

Answer: D

Explanation:

Auto Scaling allows the user to suspend and then resume one or more of the Auto Scaling processes in the Auto Scaling group. This is very useful when the user wants to investigate a configuration problem or some other issue, such as a memory leak with the web application and then make changes to the application, without triggering the Auto Scaling process.

NEW QUESTION 23

When an EC2 instance that is backed by an S3-based AMI Is terminated, what happens to the data on me root volume?

• A. Data is automatically saved as an E8S volum
• B. Data is automatically saved as an ESS snapsho
• C. Data is automatically delete
• D. Data is unavailable until the instance is restarte

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ComponentsAMIs.html

NEW QUESTION 24

A user had aggregated the CloudWatch metric data on the AMI ID. The user observed some abnormal
behaviour of the CPU utilization metric while viewing the last 2 weeks of data. The user wants to share that data with his manager. How can the user achieve this easily with the AWS console?

• A. The user can use the copy URL functionality of CloudWatch to share the exact details
• B. The user can use the export data option from the CloudWatch console to export the current data point
• C. The user has to find the period and data and provide all the aggregation information to the manager
• D. The user can use the CloudWatch data copy functionality to copy the current data points

Answer: A

Explanation:

Amazon CloudWatch provides the functionality to graph the metric data generated either by the AWS services or the custom metric to make it easier for the user to analyse. The console provides the option to save the URL or bookmark it so that it can be used in the future by typing the same URL. The Copy URL functionality is available under the console when the user selects any metric to view.

NEW QUESTION 25

A user has configured the Auto Scaling group with the minimum capacity as 3 and the maximum capacity as 5. When the user configures the AS group, how many instances will Auto Scaling launch?

• A. 3
• B. 0
• C. 5
• D. 2

Answer: C

NEW QUESTION 26

You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration.
Which two mechanisms will allow the application to failover to new instances without the need for reconfiguration? Choose 2 answers

• A. Create an ELB to reroute traffic to a failover instance
• B. Create a secondary ENI that can be moved to a failover instance
• C. Use Route53 health checks to fail traffic over to a failover instance
• D. Assign a secondary private IP address to the primary ENIO that can be moved to a failover instance

Answer: AD

NEW QUESTION 27

A user has provisioned 2000 IOPS to the EBS volume. The application hosted on that EBS is experiencing less IOPS than provisioned. Which of the below mentioned options does not affect the IOPS of the volume?

• A. The application does not have enough IO for the volume
• B. The instance is EBS optimized
• C. The EC2 instance has 10 Gigabit Network connectivity
• D. The volume size is too large

Answer: D

Explanation:

When the application does not experience the expected IOPS or throughput of the PIOPS EBS volume that was provisioned, the possible root cause could be that the EC2 bandwidth is the limiting factor and the instance might not be either EBS-optimized or might not have 10 Gigabit network connectivity. Another possible cause for not experiencing the expected IOPS could also be that the user is not driving enough I/O to the EBS volumes. The size of the volume may not affect IOPS.

NEW QUESTION 28

A user has created a queue named “myqueue” in US-East region with AWS SQS. The user’s AWS account ID is 123456789012. If the user wants to perform some action on this queue, which of the below Queue URL should he use?

• A. http://sqs.us-east-1.amazonaws.com/123456789012/myqueue
• B. http://sqs.amazonaws.com/123456789012/myqueue
• C. http://sq
• D. 123456789012.us-east-1.amazonaws.com/myqueue
• E. http:// 123456789012.sq
• F. us-east-1.amazonaws.com/myqueue

Answer: A

Explanation:

When creating a new queue in SQS, the user must provide a queue name that is unique within the scope of all queues of user’s account. If the user creates queues using both the latest WSDL and a previous version, he will have a single namespace for all his queues. Amazon SQS assigns each queue created by user an identifier called a queue URL, which includes the queue name and other components that Amazon SQS determines. Whenever the user wants to perform an action on a queue, he must provide its queue URL. The queue URL for the account id 123456789012 & queue name “myqueue” in US-East-1 region will be http:// sqs.us-east-1.amazonaws.com/123456789012/myqueue.

NEW QUESTION 29

A user has configured an SSL listener at ELB as well as on the back-end instances. Which of the below
mentioned statements helps the user understand ELB traffic handling with respect to the SSL listener?

• A. It is not possible to have the SSL listener both at ELB and back-end instances
• B. ELB will modify headers to add requestor details
• C. ELB will intercept the request to add the cookie details if sticky session is enabled
• D. ELB will not modify the headers

Answer: D

Explanation:

When the user has configured Transmission Control Protocol (TCP. or Secure Sockets Layer (SSL. for both front-end and back-end connections of the Elastic Load Balancer, the load balancer forwards the request to the back-end instances without modifying the request headers unless the proxy header is enabled. SSL does not support sticky sessions. If the user has enabled a proxy protocol it adds the source and destination IP to the header.

NEW QUESTION 30

A user has created a subnet in VPC and launched an EC2 instance within it. The user has not selected the option to assign the IP address while launching the instance. Which of the
below mentioned statements is true with respect to this scenario?

• A. The instance will always have a public DNS attached to the instance by default
• B. The user can directly attach an elastic IP to the instance
• C. The instance will never launch if the public IP is not assigned
• D. The user would need to create an internet gateway and then attach an elastic IP to the instance to connect from internet

Answer: D

Explanation:

A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When the user is launching an instance he needs to select an option which attaches a public IP to the instance. If the user has not selected the option to attach the public IP then it will only have a private IP when launched. The user cannot connect to the instance from the internet. If the user wants an elastic IP to connect to the instance from the internet he should create an internet gateway and assign an elastic IP to instance.

NEW QUESTION 31
......