Want to Pass AWS-SysOps Exam In Next HOURS? Get it now →
August 4, 2017

[Up to date] aws certified sysops administrator

Act now and download your Amazon aws certified sysops administrator associate level dumps test today! Do not waste time for the worthless Amazon sysops aws tutorials. Download Most recent Amazon AWS Certified SysOps Administrator Associate exam with real questions and answers and begin to learn Amazon aws sysops exam questions with a classic professional.

Q11. - (Topic 3) 

A sysadmin has created the below mentioned policy on an S3 bucket named cloudacademy. What does this policy define? 

"Statement": [{ 

"Sid": "Stmt1388811069831", 

"Effect": "Allow", 

"Principal": { "AWS": "*"}, 

"Action": [ "s3:GetObjectAcl", "s3:ListBucket"], 

"Resource": [ "arn:aws:s3:::cloudacademy] 

}] 

A. It will make the cloudacademy bucket as well as all its objects as public 

B. It will allow everyone to view the ACL of the bucket 

C. It will give an error as no object is defined as part of the policy while the action defines the rule about the object 

D. It will make the cloudacademy bucket as public 

Answer:

Explanation: 

A sysadmin can grant permission to the S3 objects or the buckets to any user or make objects public using the bucket policy and user policy. Both use the JSON-based access policy language. Generally if the user is defining the ACL on the bucket, the objects in the bucket do not inherit it and vice a versa. The bucket policy can be defined at the bucket level which allows the objects as well as the bucket to be public with a single policy applied to that bucket. In the sample policy the action says “S3:ListBucket” for effect Allow on 

Resource arn:aws:s3:::cloudacademy. This will make the cloudacademy bucket public. 

"Statement": [{ 

"Sid": "Stmt1388811069831", 

"Effect": "Allow", 

"Principal": { "AWS": "*" }, 

"Action": [ "s3:GetObjectAcl", "s3:ListBucket"], 

"Resource": [ "arn:aws:s3:::cloudacademy] 

}] 


Q12. - (Topic 3) 

A user has configured an HTTPS listener on an ELB. The user has not configured any security policy which can help to negotiate SSL between the client and ELB. What will ELB do in this scenario? 

A. By default ELB will select the first version of the security policy 

B. By default ELB will select the latest version of the policy 

C. ELB creation will fail without a security policy 

D. It is not required to have a security policy since SSL is already installed 

Answer:

Explanation: 

Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. If the user has created an HTTPS/SSL listener without associating any security policy, Elastic Load Balancing will, bydefault, associate the latest version of the ELBSecurityPolicy-YYYY-MM with the load balancer. 


Q13. - (Topic 1) 

Which of the following statements about this S3 bucket policy is true? 

A. Denies the server with the IP address 192 168 100 0 full access to the "mybucket" bucket 

B. Denies the server with the IP address 192 168 100 188 full access to the "mybucket" bucket 

C. Grants all the servers within the 192 168 100 0/24 subnet full access to the "mybucket" bucket 

D. Grants all the servers within the 192 168 100 188/32 subnet full access to the "mybucket" bucket 

Answer:


Q14. - (Topic 2) 

A user has setup a CloudWatch alarm on an EC2 action when the CPU utilization is above 75%. The alarm sends a notification to SNS on the alarm state. If the user wants to simulate the alarm action how can he achieve this? 

A. Run activities on the CPU such that its utilization reaches above 75% 

B. From the AWS console change the state to ‘Alarm’ 

C. The user can set the alarm state to ‘Alarm’ using CLI 

D. Run the SNS action manually 

Answer:

Explanation: 

Amazon CloudWatch alarms watch a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods.The user can test an alarm by setting it to any state using the SetAlarmState API (mon-set-alarm-state command.. This temporary state change lasts only until the next alarm comparison occurs. 


Q15. - (Topic 3) 

A user is using Cloudformation to launch an EC2 instance and then configure an application after the instance is launched. The user wants the stack creation of ELB and AutoScaling to wait until the EC2 instance is launched and configured properly. How can the user configure this? 

A. It is not possible that the stack creation will wait until one service is created and launched 

B. The user can use the HoldCondition resource to wait for the creation of the other dependent resources 

C. The user can use the DependentCondition resource to hold the creation of the other dependent resources 

D. The user can use the WaitCondition resource to hold the creation of the other dependent resources 

Answer:

Explanation: 

AWS Cloudformation is an application management tool which provides application modelling, deployment, configuration, management and related activities. AWS CloudFormation provides a WaitCondition resource which acts as a barrier and blocks the creation of other resources until a completion signal is received from an external source, such as a user application or management system. 


Q16. - (Topic 2) 

A user is publishing custom metrics to CloudWatch. Which of the below mentioned statements will help the user understand the functionality better? 

A. The user can use the CloudWatch Import tool 

B. The user should be able to see the data in the console after around 15 minutes 

C. If the user is uploading the custom data, the user must supply the namespace, timezone, and metric name as part of the command 

D. The user can view as well as upload data using the console, CLI and APIs 

Answer:

Explanation: 

AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. The user has to always include the namespace as a part of the request. However, the other parameters are optional. If the user has uploaded data using CLI, he can view it as a graph inside the console. The data will take around 2 minutes to upload but can be viewed only after around 15 minutes. 


Q17. - (Topic 3) 

A user has created a VPC with public and private subnets using the VPC wizard. The user has not launched any instance manually and is trying to delete the VPC. What will happen in this scenario? 

A. It will not allow to delete the VPC as it has subnets with route tables 

B. It will not allow to delete the VPC since it has a running route instance 

C. It will terminate the VPC along with all the instances launched by the wizard 

D. It will not allow to delete the VPC since it has a running NAT instance 

Answer:

Explanation: 

A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet, the instances in the public subnet can receive inbound traffic directly from the Internet, whereas the instances in the private subnet cannot. If these subnets are created with Wizard, AWS will create a NAT instance with an elastic IP. If the user is trying to delete the VPC it will not allow as the NAT instance is still running. 


Q18. - (Topic 2) 

A user has launched an EBS backed EC2 instance. What will be the difference while performing the restart or stop/start options on that instance? 

A. For restart it does not charge for an extra hour, while every stop/start it will be charged as a separate hour 

B. Every restart is charged by AWS as a separate hour, while multiple start/stop actions during a single hour will be counted as a single hour 

C. For every restart or start/stop it will be charged as a separate hour 

D. For restart it charges extra only once, while for every stop/start it will be charged as a separate hour 

Answer:

Explanation: 

For an EC2 instance launched with an EBS backed AMI, each time the instance state is changed from stop to start/ running, AWS charges a full instance hour, even if these transitions happen multiple times within a single hour. Anyway, rebooting an instance AWS does not charge a new instance billing hour. 

Topic 3, Volume C 

154. - (Topic 3) 

A user has created a VPC with a public subnet. The user has terminated all the instances which are part of the subnet. Which of the below mentioned statements is true with respect to this scenario? 

A. The user cannot delete the VPC since the subnet is not deleted 

B. All network interface attached with the instances will be deleted 

C. When the user launches a new instance it cannot use the same subnet 

D. The subnet to which the instances were launched with will be deleted 

Answer:

Explanation: 

A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When an instance is launched it will have a network interface attached with it. The user cannot delete the subnet until he terminates the instance and deletes the network interface. When the user terminates the instance all the network interfaces attached with it are also deleted. 


Q19. - (Topic 2) 

A user has created a queue named “myqueue” in US-East region with AWS SQS. The user’s AWS account ID is 123456789012. If the user wants to perform some action on this queue, which of the below Queue URL should he use? 

A. http://sqs.us-east-1.amazonaws.com/123456789012/myqueue 

B. http://sqs.amazonaws.com/123456789012/myqueue 

C. http://sqs. 123456789012.us-east-1.amazonaws.com/myqueue 

D. http:// 123456789012.sqs. us-east-1.amazonaws.com/myqueue 

Answer:

Explanation: 

When creating a new queue in SQS, the user must provide a queue name that is unique within the scope of all queues of user’s account. If the user creates queues using both the latest WSDL and a previous version, he will have a single namespace for all his queues. Amazon SQS assigns each queue created by user an identifier called a queue URL, which includes the queue name and other components that Amazon SQS determines. Whenever the user wants to perform an action on a queue, he must provide its queue URL. The queue URL for the account id 123456789012 & queue name “myqueue” in US-East-1 region will be http:// sqs.us-east-1.amazonaws.com/123456789012/myqueue. 


Q20. - (Topic 3) 

A root account owner is trying to understand the S3 bucket ACL. Which of the below mentioned options cannot be used to grant ACL on the object using the authorized predefined group? 

A. Authenticated user group 

B. All users group 

C. Log Delivery Group 

D. Canonical user group 

Answer:

Explanation: 

An S3 bucket ACL grantee can be an AWS account or one of the predefined Amazon S3 groups. Amazon S3 has a set of predefined groups. When granting account access to a group, the user can specify one of the URLs of that group instead of a canonical user ID. AWS S3 has the following predefined groups: Authenticated Users group: It represents all AWS accounts. All Users group: Access permission to this group allows anyone to access the resource. Log Delivery group: WRITE permission on a bucket enables this group to write server access logs to the bucket. 



see more free AWS-SysOps exam dumps