AWS Certified SysOps Administrator - Associate

QUESTION NO: 41

A user has setup connection draining with ELB to allow in-flight requests to continue while the instance is being deregistered through Auto Scaling. If the user has not specified the draining time, how long will ELB allow inflight requests traffic to continue?

A. 600 seconds

B. 3600 seconds

C. 300 seconds

D. 0 seconds

Answer: C

Explanation:

The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the instances are deregistering or become unhealthy, while ensuring that inflight requests continue to be served. The user can specify a maximum time (3600 seconds. for the load balancer to keep the connections alive before reporting the instance as deregistered. If the user does not specify the maximum timeout period, by default, the load balancer will close the connections to the deregistering instance after 300 seconds.

QUESTION NO: 42

A root AWS account owner is trying to understand various options to set the permission to AWS S3. Which of the below mentioned options is not the right option to grant permission for S3?

A. User Access Policy

B. S3 Object Access Policy

C. S3 Bucket Access Policy

D. S3 ACL

Answer: B

Explanation:

Amazon S3 provides a set of operations to work with the Amazon S3 resources. Managing S3 resource access refers to granting others permissions to work with S3. There are three ways the root account owner can define access with S3:

S3 ACL: The user can use ACLs to grant basic read/write permissions to other AWS accounts.

S3 Bucket Policy: The policy is used to grant other AWS accounts or IAM users permissions for the bucket and the objects in it.

User Access Policy: Define an IAM user and assign him the IAM policy which grants him access to S3.

QUESTION NO: 43

A sys admin has created a shopping cart application and hosted it on EC2. The EC2 instances are running behind ELB. The admin wants to ensure that the end user request will always go to the EC2 instance where the user session has been created. How can the admin configure this?

A. Enable ELB cross zone load balancing

B. Enable ELB cookie setup

C. Enable ELB sticky session

D. Enable ELB connection draining

Answer: C

Explanation:

Generally AWS ELB routes each request to a zone with the minimum load. The Elastic Load Balancer provides a feature called sticky session which binds the user’s session with a specific EC2 instance. If the sticky session is enabled the first request from the user will be redirected to any of the EC2 instances. But, henceforth, all requests from the same user will be redirected to the same EC2 instance. This ensures that all requests coming from the user during the session will be sent to the same application instance.

QUESTION NO: 44

A user has configured ELB with three instances. The user wants to achieve High Availability as well as

redundancy with ELB. Which of the below mentioned AWS services helps the user achieve this for ELB?

A. Route 53

B. AWS Mechanical Turk

C. Auto Scaling

D. AWS EMR

Answer: A

Explanation:

The user can provide high availability and redundancy for applications running behind Elastic Load Balancer by enabling the Amazon Route 53 Domain Name System (DNS. failover for the load balancers. Amazon Route 53 is a DNS service that provides reliable routing to the user’s infrastructure.

QUESTION NO: 45

An organization is using AWS since a few months. The finance team wants to visualize the pattern of AWS spending. Which of the below AWS tool will help for this requirement?

A. AWS Cost Manager

B. AWS Cost Explorer

C. AWS CloudWatch

D. AWS Consolidated Billing

Answer: B

Explanation:

The AWS Billing and Cost Management console includes the Cost Explorer tool for viewing AWS cost data as a graph. It does not charge extra to user for this service. With Cost Explorer the user can filter graphs using resource tags or with services in AWS. If the organization is using Consolidated Billing it helps generate report based on linked accounts. This will help organization to identify areas that require further inquiry. The organization can view trends and use that to understand spend and to predict future costs.

QUESTION NO: 46

A user has launched an ELB which has 5 instances registered with it. The user deletes the ELB by mistake. What will happen to the instances?

A. ELB will ask the user whether to delete the instances or not

B. Instances will be terminated

C. ELB cannot be deleted if it has running instances registered with it

D. Instances will keep running

Answer: D

Explanation:

When the user deletes the Elastic Load Balancer, all the registered instances will be deregistered. However, they will continue to run. The user will incur charges if he does not take any action on those instances.

QUESTION NO: 47

A user is planning to setup notifications on the RDS DB for a snapshot. Which of the below mentioned event categories is not supported by RDS for this snapshot source type?

A. Backup

B. Creation

C. Deletion

D. Restoration

Answer: A

Explanation:

Amazon RDS uses the Amazon Simple Notification Service to provide a notification when an Amazon RDS event occurs. Event categories for a snapshot source type include: Creation, Deletion, and Restoration. The Backup is a part of DB instance source type.

QUESTION NO: 48

A customer is using AWS for Dev and Test. The customer wants to setup the Dev environment with

Cloudformation. Which of the below mentioned steps are not required while using Cloudformation?

A. Create a stack

B. Configure a service

C. Create and upload the template

D. Provide the parameters configured as part of the template

Answer: B

Explanation:

AWS Cloudformation is an application management tool which provides application modelling, deployment, configuration, management and related activities. AWS CloudFormation introduces two concepts: the template and the stack. The template is a JSON-format, text-based file that describes all the AWS resources required to deploy and run an application. The stack is a collection of AWS resources which are created and managed as a single unit when AWS CloudFormation instantiates a template. While creating a stack, the user uploads the template and provides the data for the parameters if required.

QUESTION NO: 49

A user has configured the AWS CloudWatch alarm for estimated usage charges in the US East region. Which of the below mentioned statements is not true with respect to the estimated charges?

Exhibit:

A. It will store the estimated charges data of the last 14 days

B. It will include the estimated charges of every AWS service

C. The metric data will represent the data of all the regions

D. The metric data will show data specific to that region

Answer: D

Explanation:

When the user has enabled the monitoring of estimated charges for the AWS account with AWS CloudWatch, the estimated charges are calculated and sent several times daily to CloudWatch in the form of metric data. This data will be stored for 14 days. The billing metric data is stored in the US East (Northern Virginia. Region and represents worldwide charges. This data also includes the estimated charges for every service in AWS used by the user, as well as the estimated overall AWS charges.

QUESTION NO: 50

A user is accessing RDS from an application. The user has enabled the Multi AZ feature with the MS SQL RDS DB. During a planned outage how will AWS ensure that a switch from DB to a standby replica will not affect access to the application?

A. RDS will have an internal IP which will redirect all requests to the new DB

B. RDS uses DNS to switch over to stand by replica for seamless transition

C. The switch over changes Hardware so RDS does not need to worry about access

D. RDS will have both the DBs running independently and the user has to manually switch over

Answer: B

Explanation:

In the event of a planned or unplanned outage of a DB instance, Amazon RDS automatically switches to a standby replica in another Availability Zone if the user has enabled Multi AZ. The automatic failover mechanism simply changes the DNS record of the DB instance to point to the standby DB instance. As a result, the user will need to re-establish any existing connections to the DB instance. However, as the DNS is the same, the application can access DB seamlessly.

QUESTION NO: 51

An organization is generating digital policy files which are required by the admins for verification. Once the files are verified they may not be required in the future unless there is some compliance issue. If the organization wants to save them in a cost effective way, which is the best possible solution?

A. AWS RRS

B. AWS S3

C. AWS RDS

D. AWS Glacier

Answer: D

Explanation:

Amazon S3 stores objects according to their storage class. There are three major storage classes: Standard, Reduced Redundancy and Glacier. Standard is for AWS S3 and provides very high durability. However, the costs are a little higher. Reduced redundancy is for less critical files. Glacier is for archival and the files which are accessed infrequently. It is an extremely low-cost storage service that provides secure and durable storage for data archiving and backup.

QUESTION NO: 52

A user has launched an EBS backed instance. The user started the instance at 9 AM in the morning. Between 9 AM to 10 AM, the user is testing some script. Thus, he stopped the instance twice and restarted it. In the same hour the user rebooted the instance once. For how many instance hours will AWS charge the user?

A. 3 hours

B. 4 hours

C. 2 hours

D. 1 hour

Answer: A

Explanation:

A user can stop/start or reboot an EC2 instance using the AWS console, the Amazon EC2 CLI or the Amazon EC2 API. Rebooting an instance is equivalent to rebooting an operating system. When the instance is rebooted AWS will not charge the user for the extra hours. In case the user stops the instance, AWS does not charge the running cost but charges only the EBS storage cost. If the user starts and stops the instance multiple times in a single hour, AWS will charge the user for every start and stop. In this case, since the instance was rebooted twice, it will cost the user for 3 instance hours.

QUESTION NO: 53

An organization has configured the custom metric upload with CloudWatch. The organization has given permission to its employees to upload data using CLI as well SDK. How can the user track the calls made to CloudWatch?

A. The user can enable logging with CloudWatch which logs all the activities

B. Use CloudTrail to monitor the API calls

C. Create an IAM user and allow each user to log the data using the S3 bucket

D. Enable detailed monitoring with CloudWatch

Answer: B

Explanation:

AWS CloudTrail is a web service which will allow the user to monitor the calls made to the Amazon CloudWatch API for the organization’s account, including calls made by the AWS Management Console, Command Line Interface (CLI., and other services. When CloudTrail logging is turned on, CloudWatch will write log files into the Amazon S3 bucket, which is specified during the CloudTrail configuration.

QUESTION NO: 54

A user has created a queue named “myqueue” with SQS. There are four messages published to queue which are not received by the consumer yet. If the user tries to delete the queue, what will happen?

A. A user can never delete a queue manually. AWS deletes it after 30 days of inactivity on queue

B. It will delete the queue

C. It will initiate the delete but wait for four days before deleting until all messages are deleted automatically.

D. I t will ask user to delete the messages first

Answer: B

Explanation:

SQS allows the user to move data between distributed components of applications so they can perform different tasks without losing messages or requiring each component to be always available. The user can delete a queue at any time, whether it is empty or not. It is important to note that queues retain messages for a set period of time. By default, a queue retains messages for four days.

QUESTION NO: 55

A user has launched a large EBS backed EC2 instance in the US-East-1a region. The user wants to achieve Disaster Recovery (DR. for that instance by creating another small instance in Europe. How can the user achieve DR?

A. Copy the running instance using the “Instance Copy” command to the EU region

B. Create an AMI of the instance and copy the AMI to the EU region. Then launch the instance from the

EU AMI

C. Copy the instance from the US East region to the EU region

D. Use the “Launch more like this” option to copy the instance from one region to another

Answer: B

Explanation:

To launch an EC2 instance it is required to have an AMI in that region. If the AMI is not available in that region, then create a new AMI or use the copy command to copy the AMI from one region to the other region.

QUESTION NO: 57

A user has created numerous EBS volumes. What is the general limit for each AWS account for the maximum number of EBS volumes that can be created?

A. 10000

B. 5000

C. 100

D. 1000

Answer: B

Explanation:

A user can attach multiple EBS volumes to the same instance within the limits specified by his AWS account. Each AWS account has a limit on the number of Amazon EBS volumes that the user can create, and the total storage available. The default limit for the maximum number of volumes that can be created is 5000.

QUESTION NO: 57

A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user’s data centre. Which of the below mentioned options is a valid entry for the main route table in this scenario?

A. Destination: 20.0.0.0/24 and Target: vgw-12345

B. Destination: 20.0.0.0/16 and Target: ALL

C. Destination: 20.0.1.0/16 and Target: vgw-12345

D. Destination: 0.0.0.0/0 and Target: vgw-12345

Answer: D

Explanation:

The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. Here are the valid entries for the main route table in this scenario: Destination: 0.0.0.0/0 & Target: vgw-12345 (To route all internet traffic to the VPN gateway.

Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC.

QUESTION NO: 58

A user has stored data on an encrypted EBS volume. The user wants to share the data with his friend’s AWS account. How can user achieve this?

A. Create an AMI from the volume and share the AMI

B. Copy the data to an unencrypted volume and then share

C. Take a snapshot and share the snapshot with a friend

D. If both the accounts are using the same encryption key then the user can share the volume directly

Answer: B

Explanation:

AWS EBS supports encryption of the volume. It also supports creating volumes from existing snapshots

provided the snapshots are created from encrypted volumes. If the user is having data on an encrypted volume and is trying to share it with others, he has to copy the data from the encrypted volume to a new unencrypted volume. Only then can the user share it as an encrypted volume data. Otherwise the snapshot cannot be shared.

QUESTION NO: 59

A user has enabled the Multi AZ feature with the MS SQL RDS database server. Which of the below

mentioned statements will help the user understand the Multi AZ feature better?

A. In a Multi AZ, AWS runs two DBs in parallel and copies the data asynchronously to the replica copy

B. In a Multi AZ, AWS runs two DBs in parallel and copies the data synchronously to the replica copy

C. In a Multi AZ, AWS runs just one DB but copies the data synchronously to the standby replica

D. AWS MS SQL does not support the Multi AZ feature

Answer: C

Explanation:

Amazon RDS provides high availability and failover support for DB instances using Multi-AZ deployments. In a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to a standby replica to provide data redundancy, eliminate I/O freezes, and minimize latency spikes during system backups. Running a DB instance with high availability can enhance availability during planned system maintenance, and help protect your databases against DB instance failure and Availability Zone disruption.Note that the high-availability feature is not a scaling solution for read-only scenarios; you cannot use a standby replica to serve read traffic. To service read-only traffic, you should use a read replica.

QUESTION NO: 60

An organization is using cost allocation tags to find the cost distribution of different departments and projects. One of the instances has two separate tags with the key/ value as “InstanceName/HR”, “CostCenter/HR”. What will AWS do in this case?

A. InstanceName is a reserved tag for AWS. Thus, AWS will not allow this tag

B. AWS will not allow the tags as the value is the same for different keys

C. AWS will allow tags but will not show correctly in the cost allocation report due to the same value of

the two separate keys

D. AWS will allow both the tags and show properly in the cost distribution report

Answer: D

Explanation:

AWS provides cost allocation tags to categorize and track the AWS costs. When the user applies tags to his AWS resources, AWS generates a cost allocation report as a comma-separated value (CSV file. with the usage and costs aggregated by those tags. Each tag will have a key-value and can be applied to services, such as EC2, S3, RDS, EMR, etc. It is required that the key should be different for each tag. The value can be the same for different keys. In this case since the value is different, AWS will properly show the distribution report with the correct values.

QUESTION NO: 61

A user is publishing custom metrics to CloudWatch. Which of the below mentioned statements will help the user understand the functionality better?

A. The user can use the CloudWatch Import tool

B. The user should be able to see the data in the console after around 15 minutes

C. If the user is uploading the custom data, the user must supply the namespace, timezone, and metric

name as part of the command

D. The user can view as well as upload data using the console, CLI and APIs

Answer: B

Explanation:

AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. The user has to always include the namespace as a part of the request. However, the other parameters are optional. If the user has uploaded data using CLI, he can view it as a graph inside the console. The data will take around 2 minutes to upload but can be viewed only after around 15 minutes.

QUESTION NO: 62

A user is launching an EC2 instance in the US East region. Which of the below mentioned options is

recommended by AWS with respect to the selection of the availability zone?

A. Always select the US-East-1-a zone for HA

B. Do not select the AZ; instead let AWS select the AZ

C. The user can never select the availability zone while launching an instance

D. Always select the AZ while launching an instance

Answer: B

Explanation:

When launching an instance with EC2, AWS recommends not to select the availability zone (AZ.. AWS

specifies that the default Availability Zone should be accepted. This is because it enables AWS to select the best Availability Zone based on the system health and available capacity. If the user launches additional instances, only then an Availability Zone should be specified. This is to specify the same or different AZ from the running instances.

QUESTION NO: 63

A user has created a VPC with CIDR 20.0.0.0/16 with only a private subnet and VPN connection using the VPC wizard. The user wants to connect to the instance in a private subnet over SSH. How should the user define the security rule for SSH?

A. Allow Inbound traffic on port 22 from the user’s network

B. The user has to create an instance in EC2 Classic with an elastic IP and configure the security group

of a private subnet to allow SSH from that elastic IP

C. The user can connect to a instance in a private subnet using the NAT instance

D. Allow Inbound traffic on port 80 and 22 to allow the user to connect to a private subnet over the

Internet

Answer: A

Explanation:

The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, the user can setup a case with a VPN only subnet (private. which uses VPN access to connect with his data centre. When the user has configured this setup with Wizard, all network connections to the instances in the subnet will come from his data centre. The user has to configure the security group of the private subnet which allows the inbound traffic on SSH (port 22. from the data centre’s network range.

QUESTION NO: 64

A user has created an ELB with the availability zone US-East-1A. The user wants to add more zones to ELB to achieve High Availability. How can the user add more zones to the existing ELB?

A. It is not possible to add more zones to the existing ELB

B. The only option is to launch instances in different zones and add to ELB

C. The user should stop the ELB and add zones and instances as required

D. The user can add zones on the fly from the AWS console

Answer: D

Explanation:

The user has created an Elastic Load Balancer with the availability zone and wants to add more zones to the existing ELB. The user can do so in two ways:

From the console or CLI, add new zones to ELB;

Launch instances in a separate AZ and add instances to the existing ELB.

QUESTION NO: 65

A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring on Elastic Load balancing. Which of the below mentioned statements will help the user understand this functionality better?

A. ELB sends data to CloudWatch every minute only and does not charge the user

B. ELB will send data every minute and will charge the user extra

C. ELB is not supported by CloudWatch

D. It is not possible to setup detailed monitoring for ELB

Answer: A

Explanation:

CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed

monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. Elastic Load Balancing includes 10 metrics and 2 dimensions, and sends data to CloudWatch every minute. This does not cost extra.

QUESTION NO: 66

A user has configured ELB with two EBS backed EC2 instances. The user is trying to understand the DNS access and IP support for ELB. Which of the below mentioned statements may not help the user understand the IP mechanism supported by ELB?

A. The client can connect over IPV4 or IPV6 using Dualstack

B. ELB DNS supports both IPV4 and IPV6

C. Communication between the load balancer and back-end instances is always through IPV4

D. The ELB supports either IPV4 or IPV6 but not both

Answer: D

Explanation:

Elastic Load Balancing supports both Internet Protocol version 6 (IPv6. and Internet Protocol version 4 (IPv4.. Clients can connect to the user’s load balancer using either IPv4 or IPv6 (in EC2-Classic. DNS. However, communication between the load balancer and its back-end instances uses only IPv4. The user can use the Dualstack-prefixed DNS name to enable IPv6 support for communications between the client and the load balancers. Thus, the clients are able to access the load balancer using either IPv4 or IPv6 as their individual connectivity needs dictate.

QUESTION NO:67

A user has received a message from the support team that an issue occurred 1 week back between 3 AM to 4 AM and the EC2 server was not reachable. The user is checking the CloudWatch metrics of that instance. How can the user find the data easily using the CloudWatch console?

A. The user can find the data by giving the exact values in the time Tab under CloudWatch metrics

B. The user can find the data by filtering values of the last 1 week for a 1 hour period in the Relative tab

under CloudWatch metrics

C. It is not possible to find the exact time from the console. The user has to use CLI to provide the

specific time

D. The user can find the data by giving the exact values in the Absolute tab under CloudWatch metrics

Answer: D

Explanation:

If the user is viewing the data inside the CloudWatch console, the console provides options to filter values

either using the relative period, such as days /hours or using the Absolute tab where the user can provide data with a specific date and time. The console also provides the option to search using the local timezone under the time range caption in the console.

QUESTION NO: 68

A user has setup Auto Scaling with ELB on the EC2 instances. The user wants to configure that whenever the CPU utilization is below 10%, Auto Scaling should remove one instance. How can the user configure this?

A. The user can get an email using SNS when the CPU utilization is less than 10%. The user can use

the desired capacity of Auto Scaling to remove the instance

B. Use CloudWatch to monitor the data and Auto Scaling to remove the instances using scheduled

actions

C. Configure CloudWatch to send a notification to Auto Scaling Launch configuration when the CPU

utilization is less than 10% and configure the Auto Scaling policy to remove the instance

D. Configure CloudWatch to send a notification to the Auto Scaling group when the CPU Utilization is

less than 10% and configure the Auto Scaling policy to remove the instance

Answer: D

Explanation:

Amazon CloudWatch alarms watch a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The user can setup to receive a notification on the Auto Scaling group with the CloudWatch alarm when the CPU utilization is below a certain threshold. The user can configure the Auto Scaling policy to take action for removing the instance. When the CPU utilization is below 10% CloudWatch will send an alarm to the Auto Scaling group to execute the policy.

QUESTION NO: 69

A user has enabled detailed CloudWatch metric monitoring on an Auto Scaling group. Which of the below

mentioned metrics will help the user identify the total number of instances in an Auto Scaling group cluding pending, terminating and running instances?

A. GroupTotalInstances

B. GroupSumInstances

C. It is not possible to get a count of all the three metrics together. The user has to find the individual

number of running, terminating and pending instances and sum it

D. GroupInstancesCount

Answer: A

Explanation:

CloudWatch is used to monitor AWS as well as the custom services. For Auto Scaling, CloudWatch provides various metrics to get the group information, such as the Number of Pending, Running or Terminating instances at any moment. If the user wants to get the total number of Running, Pending and Terminating instances at any moment, he can use the GroupTotalInstances metric.

QUESTION NO: 70

A user is trying to configure the CloudWatch billing alarm. Which of the below mentioned steps should be

performed by the user for the first time alarm creation in the AWS Account Management section?

A. Enable Receiving Billing Reports

B. Enable Receiving Billing Alerts

C. Enable AWS billing utility

D. Enable CloudWatch Billing Threshold

Answer: B

Explanation:

AWS CloudWatch supports enabling the billing alarm on the total AWS charges. Before the user can create an alarm on the estimated charges, he must enable monitoring of the estimated AWS charges, by selecting the option “Enable receiving billing alerts”. It takes about 15 minutes before the user can view the billing data. The user can then create the alarms.

QUESTION NO: 71

A user is checking the CloudWatch metrics from the AWS console. The user notices that the CloudWatch data is coming in UTC. The user wants to convert the data to a local time zone. How can the user perform this?

A. In the CloudWatch dashboard the user should set the local timezone so that CloudWatch shows the

data only in the local time zone

B. In the CloudWatch console select the local timezone under the Time Range tab to view the data as

per the local timezone

C. The CloudWatch data is always in UTC; the user has to manually convert the data

D. The user should have send the local timezone while uploading the data so that CloudWatch will show

the data only in the local timezone

Answer: B

Explanation:

If the user is viewing the data inside the CloudWatch console, the console provides options to filter values

either using the relative period, such as days/hours or using the Absolute tab where the user can provide data with a specific date and time. The console also provides the option to search using the local timezone under the time range caption in the console because the time range tab allows the user to change the time zone.

QUESTION NO: 72

An organization (Account ID 123412341234. has attached the below mentioned IAM policy to a user. What does this policy statement entitle the user to perform?

"Statement": [

{

"Sid": "AllowUsersAllActionsForCredentials",

"Effect": "Allow",

"Action": [

"iam:*AccessKey*",

],

"Resource": ["arn:aws:iam:: 123412341234:user/${aws:username}"]

}

]

A. 0

B. 0

C. 0

D. 0

Answer: A

Explanation:

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the organization (Account ID 123412341234. wants some of their users to manage keys (access and secret access keys. of all IAM users, the organization should set the below mentioned policy which entitles the IAM user to modify keys of all IAM users with CLI, SDK or API.

"Statement": [

{

"Sid": "AllowUsersAllActionsForCredentials",

"Effect": "Allow",

"Action": [

"iam:*AccessKey*",

],

"Resource": ["arn:aws:iam:: 123412341234:user/${aws:username}"]

}

]

QUESTION NO: 73

A user is trying to connect to a running EC2 instance using SSH. However, the user gets a connection time out error. Which of the below mentioned options is not a possible reason for rejection?

A. The access key to connect to the instance is wrong

B. The security group is not configured properly

C. The private key used to launch the instance is not correct

D. The instance CPU is heavily loaded

Answer: A

Explanation:

If the user is trying to connect to a Linux EC2 instance and receives the connection time out error the probable reasons are:

Security group is not configured with the SSH port

The private key pair is not right

The user name to login is wrong

The instance CPU is heavily loaded, so it does not allow more connections

QUESTION NO: 74

A user has configured Elastic Load Balancing by enabling a Secure Socket Layer (SSL. negotiation

configuration known as a Security Policy. Which of the below mentioned options is not part of this secure policy while negotiating the SSL connection between the user and the client?

A. SSL Protocols

B. Client Order Preference

C. SSL Ciphers

D. Server Order Preference

Answer: B

Explanation:

Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a

Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. A security policy is a combination of SSL Protocols, SSL Ciphers, and the Server Order Preference option.

QUESTION NO: 75

A user has configured CloudWatch monitoring on an EBS backed EC2 instance. If the user has not attached any additional device, which of the below mentioned metrics will always show a 0 value?

A. DiskReadBytes

B. NetworkIn

C. NetworkOut

D. CPUUtilization

Answer: A

Explanation:

CloudWatch is used to monitor AWS as the well custom services. For EC2 when the user is monitoring the EC2 instances, it will capture the 7 Instance level and 3 system check parameters for the EC2 instance. Since this is an EBS backed instance, it will not have ephermal storage attached to it. Out of the 7 EC2 metrics, the 4 metrics DiskReadOps, DiskWriteOps, DiskReadBytes and DiskWriteBytes are disk related data and available only when there is ephermal storage attached to an instance. For an EBS backed instance without any additional device, this data will be 0.

QUESTION NO: 76

A user has launched an EBS backed EC2 instance. What will be the difference while performing the restart or stop/start options on that instance?

A. For restart it does not charge for an extra hour, while every stop/start it will be charged as a separate

hour

B. Every restart is charged by AWS as a separate hour, while multiple start/stop actions during a single

hour will be counted as a single hour

C. For every restart or start/stop it will be charged as a separate hour

D. For restart it charges extra only once, while for every stop/start it will be charged as a separate hour

Answer: A

Explanation:

For an EC2 instance launched with an EBS backed AMI, each time the instance state is changed from stop to start/ running, AWS charges a full instance hour, even if these transitions happen multiple times within a single hour. Anyway, rebooting an instance AWS does not charge a new instance billing hour.

QUESTION NO: 77

A user has created a queue named “myqueue” in US-East region with AWS SQS. The user’s AWS account ID is 123456789012. If the user wants to perform some action on this queue, which of the below Queue URL should he use?

A. http://sqs.us-east-1.amazonaws.com/123456789012/myqueue

B. http://sqs.amazonaws.com/123456789012/myqueue

C. http://sqs. 123456789012.us-east-1.amazonaws.com/myqueue

D. http:// 123456789012.sqs. us-east-1.amazonaws.com/myqueue

Answer: A

Explanation:

When creating a new queue in SQS, the user must provide a queue name that is unique within the scope of all queues of user’s account. If the user creates queues using both the latest WSDL and a previous version, he will have a single namespace for all his queues. Amazon SQS assigns each queue created by user an identifier called a queue URL, which includes the queue name and other components that Amazon SQS determines. Whenever the user wants to perform an action on a queue, he must provide its queue URL. The queue URL for the account id 123456789012 & queue name “myqueue” in US-East-1 region will be http:// sqs.us-east-1.amazonaws.com/123456789012/myqueue.

QUESTION NO: 78

A sys admin is trying to understand the Auto Scaling activities. Which of the below mentioned processes is not performed by Auto Scaling?

A. Reboot Instance

B. Schedule Actions

C. Replace Unhealthy

D. Availability Zone Balancing

Answer: A

Explanation:

There are two primary types of Auto Scaling processes: Launch and Terminate, which launch or terminat

instances, respectively. Some other actions performed by Auto Scaling are: AddToLoadbalancer,

AlarmNotification, HealthCheck, AZRebalance, ReplaceUnHealthy, and ScheduledActions.

QUESTION NO: 79

A sys admin is trying to understand EBS snapshots. Which of the below mentioned statements will not be

useful to the admin to understand the concepts about a snapshot?

A. The snapshot is synchronous

B. It is recommended to stop the instance before taking a snapshot for consistent data

C. The snapshot is incremental

D. The snapshot captures the data that has been written to the hard disk when the snapshot command

was executed

Answer: A

Explanation:

The AWS snapshot is a point in time backup of an EBS volume. When the snapshot command is executed it will capture the current state of the data that is written on the drive and take a backup. For a better and consistent snapshot of the root EBS volume, AWS recommends stopping the instance. For additional volumes it is recommended to unmount the device. The snapshots are asynchronous and incremental.

QUESTION NO: 80

A root account owner has created an S3 bucket testmycloud. The account owner wants to allow everyone to upload the objects as well as enforce that the person who uploaded the object should manage the permission of those objects. Which is the easiest way to achieve this?

A. The root account owner should create a bucket policy which allows the IAM users to upload the

object

B. The root account owner should create the bucket policy which allows the other account owners to set

the object policy of that bucket

C. The root account should use ACL with the bucket to allow everyone to upload the object

D. The root account should create the IAM users and provide them the permission to upload content to

the bucket

Answer: C

Explanation:

Each AWS S3 bucket and object has an ACL (Access Control List. associated with it. An ACL is a list of grants identifying the grantee and the permission granted. The user can use ACLs to grant basic read/write permissions to other AWS accounts. ACLs use an Amazon S3–specific XML schema. The user cannot grant permissions to other users in his account. ACLs are suitable for specific scenarios. For example, if a bucket owner allows other AWS accounts to upload objects, permissions to these objects can only be managed using the object ACL by the AWS account that owns the object.

QUESTION NO: 81

An organization has setup consolidated billing with 3 different AWS accounts. Which of the below mentioned advantages will organization receive in terms of the AWS pricing?

A. The consolidated billing does not bring any cost advantage for the organization

B. All AWS accounts will be charged for S3 storage by combining the total storage of each account

C. The EC2 instances of each account will receive a total of 750*3 micro instance hours free

D. The free usage tier for all the 3 accounts will be 3 years and not a single year

Answer: B

Explanation:

AWS consolidated billing enables the organization to consolidate payments for multiple Amazon Web Services (AWS. accounts within a single organization by making a single paying account. For billing purposes, AWS treats all the accounts on the consolidated bill as one account. Some services, such as Amazon EC2 and Amazon S3 have volume pricing tiers across certain usage dimensions that give the user lower prices when he uses the service more.

Site Search:

Close

Close
Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.


Simply submit your e-mail address below to get started with our interactive software demo of your free trial.


Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.