[2021-New] Amazon AWS-SysOps Dumps With Update Exam Questions (51-60)

AWS-SysOps Dumps

AWS-SysOps Exam Questions - Online Test

AWS-SysOps Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. - (Topic 2)

A user has configured Elastic Load Balancing by enabling a Secure Socket Layer (SSL. negotiation

configuration known as a Security Policy. Which of the below mentioned options is not part of this secure policy while negotiating the SSL connection between the user and the client?

A. SSL Protocols

B. Client Order Preference

C. SSL Ciphers

D. Server Order Preference

Answer: B

Explanation:

Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. A security policy is a combination of SSL Protocols, SSL Ciphers, and the Server Order Preference option.

Q2. - (Topic 3)

A user is trying to launch an EBS backed EC2 instance under free usage. The user wants to achieve

encryption of the EBS volume. How can the user encrypt the data at rest?

A. Use AWS EBS encryption to encrypt the data at rest

B. The user cannot use EBS encryption and has to encrypt the data manually or using a third party tool

C. The user has to select the encryption enabled flag while launching the EC2 instance

D. Encryption of volume is not available as a part of the free usage tier

Answer: B

Explanation:

AWS EBS supports encryption of the volume while creating new volumes. It supports encryption of the data at rest, the I/O as well as all the snapshots of the EBS volume. The EBS supports encryption for the selected instance type and the newer generation instances, such as m3, c3, cr1, r3, g2. It is not supported with a micro instance.

Q3. - (Topic 3)

A user has launched an EC2 Windows instance from an instance store backed AMI. The user wants to convert the AMI to an EBS backed AMI. How can the user convert it?

A. Attach an EBS volume to the instance and unbundle all the AMI bundled data inside the EBS

B. A Windows based instance store backed AMI cannot be converted to an EBS backed AMI

C. It is not possible to convert an instance store backed AMI to an EBS backed AMI

D. Attach an EBS volume and use the copy command to copy all the ephermal content to the EBS Volume

Answer: B

Explanation:

Generally when a user has launched an EC2 instance from an instance store backed AMI, it can be converted to an EBS backed AMI provided the user has attached the EBS volume to the instance and unbundles the AMI data to it. However, if the instance is a Windows instance, AWS does not allow this. In this case, since the instance is a Windows instance, the user cannot convert it to an EBS backed AMI.

Q4. - (Topic 3)

A user has launched a Windows based EC2 instance. However, the instance has some issues and the user wants to check the log. When the user checks the Instance console output from the AWS console, what will it display?

A. All the event logs since instance boot

B. The last 10 system event log error

C. The Windows instance does not support the console output

D. The last three system events’ log errors

Answer: D

Explanation:

The AWS EC2 console provides a useful tool called Console output for problem diagnosis. It is useful to find out any kernel issues, termination reasons or service configuration issues. For a Windows instance it lists the last three system event log errors. For Linux it displays the exact console output.

Q5. - (Topic 1)

You are attempting to connect to an instance in Amazon VPC without success You have already verified that the VPC has an Internet Gateway (IGW) the instance has an associated Elastic IP (EIP) and correct security group rules are in place.

Which VPC component should you evaluate next?

A. The configuration of a NAT instance

B. The configuration of the Routing Table

C. The configuration of the internet Gateway (IGW)

D. The configuration of SRC/DST checking

Answer: B

Explanation: Reference:

http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/UserScenariosF orVPC.html

Q6. - (Topic 3)

An organization is trying to create various IAM users. Which of the below mentioned options is not a valid IAM username?

A. John.cloud

B. john@cloud

C. John=cloud

D. john#cloud

Answer: D

Explanation:

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. Whenever the organization is creating an IAM user, there should be a unique ID for each user. The names of users, groups, roles, instance profiles must be alphanumeric, including the following common characters: plus (+., equal (=., comma (,., period (.., at (@., and dash (-..

Q7. - (Topic 3)

A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned services provides detailed monitoring with CloudWatch without charging the user extra?

A. AWS Auto Scaling

B. AWS Route 53

C. AWS EMR

D. AWS SNS

Answer: B

Explanation:

CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. Services, such as RDS, ELB, OpsWorks, and Route 53 can provide the monitoring data every minute without charging the user.

Q8. - (Topic 3)

Your organization is preparing for a security assessment of your use of AWS.

In preparation for this assessment, which two IAM best practices should you consider implementing? Choose 2 answers

A. Create individual IAM users for everyone in your organization

B. Configure MFA on the root account and for privileged IAM users

C. Assign IAM users and groups configured with policies granting least privilege access

D. Ensure all users have been assigned and are frequently rotating a password, access ID/secret key, and X.509 certificate

Answer: B,C

Explanation: Reference:

http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

Q9. - (Topic 3)

Which of the following statements about this S3 bucket policy is true?

A. Denies the server with the IP address 192.166 100.0 full access to the "mybucket" bucket

B. Denies the server with the IP address 192.166 100.188 full access to the "mybucket bucket

C. Grants all the servers within the 192 168 100 0/24 subnet full access to the "mybucket" bucket

D. Grants all the servers within the 192 168 100 188/32 subnet full access to the "mybucket" bucket

Answer: C

Q10. - (Topic 3)

A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling terminate process only for a while. What will happen to the availability zone rebalancing process (AZRebalance. during this period?

A. Auto Scaling will not launch or terminate any instances

B. Auto Scaling will allow the instances to grow more than the maximum size

C. Auto Scaling will keep launching instances till the maximum instance size

D. It is not possible to suspend the terminate process while keeping the launch active

Answer: B

Explanation:

Auto Scaling performs various processes, such as Launch, Terminate, Availability Zone Rebalance (AZRebalance. etc. The AZRebalance process type seeks to maintain a balanced number of instances across Availability Zones within a region. If the user suspends the Terminate process, the AZRebalance process can cause the Auto Scaling group to grow up to ten percent larger than the maximum size. This is because Auto Scaling allows groups to temporarily grow larger than the maximum size during rebalancing activities. If Auto Scaling cannot terminate instances, the Auto Scaling group could remain up to ten percent larger than the maximum size until the user resumes the Terminate process type.