Want to Pass AWS-SysOps Exam In Next HOURS? Get it now →
June 16, 2017

Key benefits of aws sysops exam

Testking offers free demo for aws sysops exam questions exam. "AWS Certified SysOps Administrator Associate", also known as aws sysops exam exam, is a Amazon Certification. This set of posts, Passing the Amazon sysops aws exam, will help you answer those questions. The aws sysops pdf Questions & Answers covers all the knowledge points of the real exam. 100% real Amazon aws sysops exam exams and revised by experts!

Q181. - (Topic 3) 

A sys admin is using server side encryption with AWS S3. Which of the below mentioned statements helps the user understand the S3 encryption functionality? 

A. The server side encryption with the user supplied key works when versioning is enabled 

B. The user can use the AWS console, SDK and APIs to encrypt or decrypt the content for server side encryption with the user supplied key 

C. The user must send an AES-128 encrypted key 

D. The user can upload his own encryption key to the S3 console 

Answer:

Explanation: 

AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key. The encryption with the user supplied key (SSE-C. does not work with the AWS console. The S3 does not store the keys and the user has to send a key with each request. The SSE-C works when the user has enabled versioning. 


Q182. - (Topic 3) 

A user is trying to send custom metrics to CloudWatch using the PutMetricData APIs. Which of the below 

mentioned points should the user needs to take care while sending the data to CloudWatch? 

A. The size of a request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests 

B. The size of a request is limited to 128KB for HTTP GET requests and 64KB for HTTP POST requests 

C. The size of a request is limited to 40KB for HTTP GET requests and 8KB for HTTP POST requests 

D. The size of a request is limited to 16KB for HTTP GET requests and 80KB for HTTP POST requests 

Answer:

Explanation: 

With AWS CloudWatch, the user can publish data points for a metric that share not only the same time stamp, but also the same namespace and dimensions. CloudWatch can accept multiple data points in the same PutMetricData call with the same time stamp. The only thing that the user needs to take care of is that the size of a PutMetricData request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests. 


Q183. - (Topic 3) 

A user has created an Auto Scaling group using CLI. The user wants to enable CloudWatch detailed monitoring for that group. How can the user configure this? 

A. When the user sets an alarm on the Auto Scaling group, it automatically enables detail monitoring 

B. By default detailed monitoring is enabled for Auto Scaling 

C. Auto Scaling does not support detailed monitoring 

D. Enable detail monitoring from the AWS console 

Answer:

Explanation: 

CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. To enable detailed instance monitoring for a new Auto Scaling group, the user does not need to take any extra steps. When the user creates an Auto Scaling launch config as the first step for creating an Auto Scaling group, each launch configuration contains a flag named InstanceMonitoring.Enabled. The default value of this flag is true. Thus, the user does not need to set this flag if he wants detailed monitoring. 


Q184. - (Topic 3) 

A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 by mistake. The user is trying to create another subnet of CIDR 20.0.0.1/24. How can the user create the second subnet? 

A. There is no need to update the subnet as VPC automatically adjusts the CIDR of the first subnet based on the second subnet’s CIDR 

B. The user can modify the first subnet CIDR from the console 

C. It is not possible to create a second subnet as one subnet with the same CIDR as the VPC has been created 

D. The user can modify the first subnet CIDR with AWS CLI 

Answer:

Explanation: 

A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. A user can create a subnet with VPC and launch instances inside the subnet. The user can create a subnet with the same size of VPC. However, he cannot create any other subnet since the CIDR of the second subnet will conflict with the first subnet. The user cannot modify the CIDR of a subnet once it is created. Thus, in this case if required, the user has to delete the subnet and create new subnets. 


Q185. - (Topic 3) 

A user runs the command “dd if=/dev/xvdf of=/dev/null bs=1M” on an EBS volume created from a snapshot and attached to a Linux instance. Which of the below mentioned activities is the user performing with the step given above? 

A. Pre warming the EBS volume 

B. Initiating the device to mount on the EBS volume 

C. Formatting the volume 

D. Copying the data from a snapshot to the device 

Answer:

Explanation: 

When the user creates an EBS volume and is trying to access it for the first time it will encounter reduced IOPS due to wiping or initiating of the block storage. To avoid this as well as achieve the best performance it is required to pre warm the EBS volume. For a volume created from a snapshot and attached with a Linux OS, the “dd” command pre warms the existing data on EBS and any restored snapshots of volumes that have been previously fully pre warmed. This command maintains incremental snapshots; however, because this operation is read-only, it does not pre warm unused space that has never been written to on the original volume. In the command “dd if=/dev/xvdf of=/dev/null bs=1M” , the parameter “if=input file” should be set to the drive that the user wishes to warm. The “of=output file” parameter should be set to the Linux null virtual device, /dev/null. The “bs” parameter sets the block size of the read operation; for optimal performance, this should be set to 1 MB. 


Q186. - (Topic 2) 

A user is planning to use AWS Cloudformation. Which of the below mentioned functionalities does not help him to correctly understand Cloudfromation? 

A. Cloudformation follows the DevOps model for the creation of Dev & Test 

B. AWS Cloudfromation does not charge the user for its service but only charges for the AWS resources created with it 

C. Cloudformation works with a wide variety of AWS services, such as EC2, EBS, VPC, IAM, S3, RDS, 

ELB, etc 

D. CloudFormation provides a set of application bootstrapping scripts which enables the user to install Software 

Answer:

Explanation: 

AWS Cloudformation is an application management tool which provides application modelling, deployment, configuration, management and related activities. It supports a wide variety of AWS services, such as EC2, EBS, AS, ELB, RDS, VPC, etc. It also provides application bootstrapping scripts which enable the user to install software packages or create folders. It is free of the cost and only charges the user for the services created with it. The only challenge is that it does not follow any model, such as DevOps; instead customers can define templates and use them to provision and manage the AWS resources in an orderly way. 


Q187. - (Topic 3) 

Which of the following statements about this S3 bucket policy is true? 

A. Denies the server with the IP address 192.166 100.0 full access to the "mybucket" bucket 

B. Denies the server with the IP address 192.166 100.188 full access to the "mybucket bucket 

C. Grants all the servers within the 192 168 100 0/24 subnet full access to the "mybucket" bucket 

D. Grants all the servers within the 192 168 100 188/32 subnet full access to the "mybucket" bucket 

Answer:


Q188. - (Topic 2) 

An organization has created 50 IAM users. The organization wants that each user can change their password but cannot change their access keys. How can the organization achieve this? 

A. The organization has to create a special password policy and attach it to each user 

B. The root account owner has to use CLI which forces each IAM user to change their password on first login 

C. By default each IAM user can modify their passwords 

D. The root account owner can set the policy from the IAM console under the password policy screen 

Answer:

Explanation: 

With AWS IAM, organizations can use the AWS Management Console to display, create, change or delete a password policy. As a part of managing the password policy, the user can enable all users to manage their own passwords. If the user has selected the option which allows the IAM users to modify their password, he does not need to set a separate policy for the users. This option in the AWS console allows changing only the password. 


Q189. - (Topic 3) 

A user is displaying the CPU utilization, and Network in and Network out CloudWatch metrics data of a single instance on the same graph. The graph uses one Y-axis for CPU utilization and Network in and another Y-axis for Network out. Since Network in is too high, the CPU utilization data is not visible clearly on graph to the user. How can the data be viewed better on the same graph? 

A. It is not possible to show multiple metrics with the different units on the same graph 

B. Add a third Y-axis with the console to show all the data in proportion 

C. Change the axis of Network by using the Switch command from the graph 

D. Change the units of CPU utilization so it can be shown in proportion with Network 

Answer:

Explanation: 

Amazon CloudWatch provides the functionality to graph the metric data generated either by the AWS services or the custom metric to make it easier for the user to analyse. It is possible to show the multiple metrics with different units on the same graph. If the graph is not plotted properly due to a difference in the unit data over two metrics, the user can change the Y-axis of one of the graph by selecting that graph and clicking on the Switch option. 


Q190. - (Topic 3) 

A sysadmin has created the below mentioned policy on an S3 bucket named cloudacademy. What does this policy define? 

"Statement": [{ 

"Sid": "Stmt1388811069831", 

"Effect": "Allow", 

"Principal": { "AWS": "*"}, 

"Action": [ "s3:GetObjectAcl", "s3:ListBucket"], 

"Resource": [ "arn:aws:s3:::cloudacademy] 

}] 

A. It will make the cloudacademy bucket as well as all its objects as public 

B. It will allow everyone to view the ACL of the bucket 

C. It will give an error as no object is defined as part of the policy while the action defines the rule about the object 

D. It will make the cloudacademy bucket as public 

Answer:

Explanation: 

A sysadmin can grant permission to the S3 objects or the buckets to any user or make objects public using the bucket policy and user policy. Both use the JSON-based access policy language. Generally if the user is defining the ACL on the bucket, the objects in the bucket do not inherit it and vice a versa. The bucket policy can be defined at the bucket level which allows the objects as well as the bucket to be public with a single policy applied to that bucket. In the sample policy the action says “S3:ListBucket” for effect Allow on 

Resource arn:aws:s3:::cloudacademy. This will make the cloudacademy bucket public. 

"Statement": [{ 

"Sid": "Stmt1388811069831", 

"Effect": "Allow", 

"Principal": { "AWS": "*" }, 

"Action": [ "s3:GetObjectAcl", "s3:ListBucket"], 

"Resource": [ "arn:aws:s3:::cloudacademy] 

}] 



To know more about the AWS Certified SysOps Administrator Associate, click here.