[2024] Practice with these AWS-SysOps dumps Certification Sample Questions [Q369-Q386]

[2024] Practice with these AWS-SysOps dumps Certification Sample Questions

Get Instant Access of 100% REAL AWS-SysOps DUMP Pass Your Exam Easily

NEW QUESTION # 369
A company's security policy states that connecting to Amazon EC2 instances is not permitted through SSH and RDP. If access is required, authorized staff can connect to instances by using AWS Systems Manager Session Manager.
Users report that they are unable to connect to one specific Amazon EC2 instance that is running Ubuntu and has AWS Systems Manager Agent (SSM Agent) pre-installed. These users are able to use Session Manager to connect to other instances in the same subnet, and they are in an IAM group that has Session Manager permission for all instances.
What should a SysOps administrator do to resolve this issue?

• A. Generate a new key pair, configure Session Manager to use this new key pair, and provide the private key to the users.
• B. Assign the AmazonSSMManagedInstanceCore managed policy to the EC2 instance profile for the Ubuntu instance.
• C. Configure the SSM Agent to log in with a user name of "ubuntu".
• D. Add an inbound rule for port 22 in the security group associated with the Ubuntu instance.

Answer: B

NEW QUESTION # 370
A root AWS account owner is trying to understand various options to set the permission to AWS S3. Which of the below mentioned options is not the right option to grant permission for S3?

• A. S3 Object Access Policy
• B. S3 ACL
• C. User Access Policy
• D. S3 Bucket Access Policy

Answer: A

Explanation:
Amazon S3 provides a set of operations to workwith the Amazon S3 resources. Managing S3 resource access refers to granting others permissions to work with S3. There are three ways the root account owner can define access with S3:
S3 ACL: The user can use ACLs to grant basic read/write permissions toother AWS accounts.
S3 Bucket Policy: The policy is used to grant other AWS accounts or IAM users permissions for the bucket and the objects in it.
User Access Policy: Define an IAM user and assign him the IAM policy which grants him access to S3.

NEW QUESTION # 371
A user has launched an EC2 instance. The user is planning to setup the CloudWatch alarm. Which of the
below mentioned actions is not supported by the CloudWatch alarm?

• A. Notify the Auto Scaling group to scale down
• B. Notify the Auto Scaling launch config to scale up
• C. Send an SMS using SNS
• D. Stop the EC2 instance

Answer: C

Explanation:
A user can create a CloudWatch alarm that takes various actions when the alarm changes state. An alarm watches a single metric over the time period that the user has specified, and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The actions could be sending a notification to an Amazon Simple Notification Service topic (SMS, Email, and HTTP end point.,notifying the Auto Scaling policy or changing the state of the instance to Stop/Terminate.

NEW QUESTION # 372
After installing and configuring the Amazon CloudWatch agent on an EC2 instance, the anticipated system logs are not being received by CloudWatch Logs.
Which of the following are likely to be the cause of this problem? (Select TWO.)

• A. A billing constraint is limiting the number of CloudWatch Logs within this account.
• B. A custom of third-party solution for logs is being used.
• C. The IAM role attached to the EC2 instance does not have the proper permissions.
• D. The CloudWatch agent does not support the operating system used.
• E. The EC2 instance is in a private subnet, and the VPC does not have a NAT gateway.

Answer: A,C

NEW QUESTION # 373
A user is trying to understand AWS SNS.
To which of the below mentioned end points is SNS unable to send a notification?

• A. Email JSON
• B. HTTP
• C. AWS SES
• D. AWS SQS

Answer: C

Explanation:
Amazon Simple Notification Service (Amazon SNS. is a fast, flexible, and fully managed push messaging service. Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue Service (SQS. queues or to any HTTP endpoint. The user can select one the following transports as part of the subscription requests: "HTTP", "HTTPS","Email", "Email JSON", "SQS", "and SMS".

NEW QUESTION # 374
A company is using an AWS KMS customer master key (CMK) with imported key material. The company references the CMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months.
What is the process to rotate the key?

• A. Enable automatic key rotation for the CMK, and specify a period of 6 months.
• B. Create a new CMK with new imported material, and update the key alias to point to the new CMK.
• C. Delete the current key material, and import new material into the existing CMK.
• D. Import a copy of the existing key material into a new CMK as a backup, and set the rotation schedule for 6 months.

Answer: A

Explanation:
Cryptographic best practices discourage extensive reuse of encryption keys. To create new cryptographic material for your AWS Key Management Service (AWS KMS) customer master keys (CMKs), you can create new CMKs, and then change your applications or aliases to use the new CMKs. Or, you can enable automatic key rotation for an existing CMK.
When you enable automatic key rotation for a customer managed CMK, AWS KMS generates new cryptographic material for the CMK every year. AWS KMS also saves the CMK's older cryptographic material in perpetuity so it can be used to decrypt data that it encrypted. AWS KMS does not delete any rotated key material until you delete the CMK.
Reference: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html

NEW QUESTION # 375
A user has setup a CloudWatch alarm on an EC2 action when the CPU utilization is above 75%. The alarm
sends a notification to SNS on the alarm state. If the user wants to simulate the alarm action how can he
achieve this?

• A. Run the SNS action manually
• B. From the AWS console change the state to 'Alarm'
• C. Run activities on the CPU such that its utilization reaches above 75%
• D. The user can set the alarm state to 'Alarm' using CLI

Answer: D

Explanation:
Explanation
Explanation:
Amazon CloudWatch alarms watch a single metric over a time period that the user specifies and performs one
or more actions based on the value of the metric relative to a given threshold over a number of time periods.
The user can test an alarm by setting it to any state using the SetAlarmState API (mon-set-alarm-state
command.. This temporary state change lasts only until the next alarm comparison occurs.

NEW QUESTION # 376
A user is trying to send custom metrics to CloudWatch using the PutMetricData APIs.
Which of the below mentioned points should the user needs to take care while sending the data to CloudWatch?

• A. The size of a request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests
• B. The size of a request is limited to 16KB for HTTP GET requests and 80KB for HTTP POST requests
• C. The size of a request is limited to 40KB for HTTP GET requests and 8KB for HTTP POST requests
• D. The size of a request is limited to 128KB for HTTP GET requests and 64KB for HTTP POST requests

Answer: A

Explanation:
With AWS CloudWatch, the user can publish data points for a metric that share not only the same time stamp, but also the same namespace and dimensions. CloudWatch can accept multiple data points in the same PutMetricData call with the same time stamp. The only thing that the user needs to take care of is that the size of a PutMetricData request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests.

NEW QUESTION # 377
In AWS Identity and Access Management, roles can be used by an external user authenticated by an external identity provider (IdP) service that is compatible with _____.

• A. BNML (Business Narrative Markup Language)
• B. CFML (ColdFusion Markup Language)
• C. SAML 2.0 (Security Assertion Markup Language 2.0)
• D. BPML (Business Process Modeling Language)

Answer: C

Explanation:
In AWS Identity and Access Management, roles can be used by an external user authenticated by an external identity provider (IdP) service that is compatible with SAML 2.0 (Security Assertion Markup Language 2.0).
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html

NEW QUESTION # 378
Which of the following requires a custom CloudWatch metric to monitor?

• A. Disk usage activity of an EC2 instance
• B. Memory Utilization of an EC2 instance
• C. Data transfer of an EC2 instance
• D. CPU Utilization of an EC2 instance

Answer: B

Explanation:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/ec2-metricscollected.html CPU, Disk I/O, Data Transfer are default metrics. Memory is not mentioned.

NEW QUESTION # 379
A user wants to make so that whenever the CPU utilization of the AWS EC2 instance is above 90%, the redlight of his bedroom turns on. Which of the below mentioned AWS services is helpful for this purpose?

• A. AWS CloudWatch and a dedicated software turning on the light
• B. None. It is not possible to configure the light with the AWS infrastructure services
• C. AWS CloudWatch + AWS SNS
• D. AWS CloudWatch + AWS SES

Answer: C

Explanation:
Amazon Simple Notification Service (Amazon SNS. is a fast, flexible, and fully managed push messaging service. Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue Service (SQS. queues or to any HTTP endpoint. The user can configure some sensor devices at his home which receives data on the HTTP end point (REST calls. and turn on the red light. The user can configure the CloudWatch alarm to send a notification to the AWS SNS HTTP end point (the sensor device. and it will turn the light red when there is an alarm condition.

NEW QUESTION # 380
A route table in VPC can be associated with multiple subnets. However, a subnet can be associated with only
______ route table(s) at a time.

• A. one
• B. three
• C. two
• D. four

Answer: A

Explanation:
Every subnet in your VPC must be associated with exactly one route table at a time. However, the same route table can be associated with multiple subnets.
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html

NEW QUESTION # 381
A company is setting up a VPC peering connection between its VPC and a customer's VPC The company VPC is an IPv4 CIDR block of 172 16 0 0 16 and the customer's is an IPv4 CIDR block of 10 0 0.0/16 The SysOps Administrator wants to be able to ping the customer's database private IP address from one of the company's Amazon EC2 instances What action should be taken to meet the requirements?

• A. Ensure that both accounts are linked and are part of consolidated billing to create a file sharing network and then enable VPC peering
• B. Instruct the customer to create a virtual private gateway to link the two VPCs
• C. Instruct the customer to set up a VPC with the same IPv4 CIDR block as that of the source VPC 172 16
  0 0V16
• D. Ensure that both VPC owners manually add a route to the VPC route tables that points to the IP address range of the other VPC

Answer: D

NEW QUESTION # 382
A company needs to deploy a web application on two Amazon EC2 instances behind an Application Load Balancer (ALB). Two EC2 instances will also be deployed to host the database.
The infrastructure needs to be designed across Availability Zones (AZs) for high availability and must limit public access to the instances as much as possible.
How should this be achieved within a VPC?

• A. Use two AZs and create a public subnet in each AZ for the Application Load Balancer, a private subnet in each AZ for the web servers, and a private subnet in each AZ for the database servers.
• B. Use two AZs and create one public subnet for the Application Load Balancer, a public subnet in each AZ for the web servers, and a private subnet in each AZ for the database servers.
• C. Use two AZs and create a public subnet in each AZ for the Application Load Balancer, a public subnet in each AZ for the web servers, and a public subnet in each AZ for the database servers.
• D. Use two AZs and create one public subnet for the Application Load Balancer, a private subnet in each AZ for the web servers, and a public subnet in each AZ for the database servers.

Answer: A

NEW QUESTION # 383
An organization is measuring the latency of an application every minute and storing data inside a file in the JSON format. The organization wants to send all latency data to AWS CloudWatch. How can the organization achieve this?

• A. The user can supply the file as an input to the CloudWatch command
• B. The user has to parse the file before uploading data to CloudWatch
• C. It is not possible to upload the custom data to CloudWatch
• D. The user can use the CloudWatch Import command to import data from the file to CloudWatch

Answer: A

Explanation:
Explanation
AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. The user has to always include the namespace as part of the request. If the user wants to upload the custom data from a file, he can supply file name along with the parameter -- metric-data to command put-metric-data.

NEW QUESTION # 384
A user runs the command "dd if=/dev/xvdf of=/dev/null bs=1M" on an EBS volume created from a
snapshot and attached to a Linux instance. Which of the below mentioned activities is the user performing
with the step given above?

• A. Copying the data from a snapshot to the device
• B. Initiating the device to mount on the EBS volume
• C. Formatting the volume
• D. Pre warming the EBS volume

Answer: D

Explanation:
When the user creates an EBS volume and is trying to access it for the first time it will encounter reduced
IOPS due to wiping or initiating of the block storage. To avoid this as well as achieve the best
performance it is required to pre warm the EBS volume. For a volume created from a snapshot and
attached with a Linux OS, the "dd" command pre warms the existing data on EBS and any restored
snapshots of volumes that have been previously fully pre warmed. This command maintains incremental
snapshots; however, because this operation is read-only, it does not pre warm unused space that has
never been written to on the original volume. In the command "dd if=/dev/xvdf of=/dev/null bs=1M" , the
parameter "if=input file" should be set to the drive that the user wishes to warm. The "of=output file"
parameter should be set to the Linux null virtual device, /dev/null. The "bs" parameter sets the block size
of the read operation; for optimal performance, this should be set to 1 MB.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-prewarm.html

NEW QUESTION # 385
A user has launched an RDS postgreSQL DB with AWS. The user did not specify the maintenance window during creation. The user has configured RDS to update the DB instance type from micro to large. If the user wants to have it during the maintenance window, what will AWS do?

• A. AWS will select the default maintenance window if the user has not provided it
• B. It is not possible to change the DB size from micro to large with RDS
• C. AWS will not allow to update the DB until the maintenance window is configured
• D. AWS will ask the user to specify the maintenance window during the update

Answer: A

Explanation:
Explanation/Reference:
Explanation:
AWS RDS has a compulsory maintenance window which by default is 30 minutes. If the user does not specify the maintenance window during the creation of RDS then AWS will select a 30-minute maintenance window randomly from an 8-hour block of time per region. In this case, Amazon RDS assigns a 30-minute maintenance window on a randomly selected day of the week.

NEW QUESTION # 386
......

Free Exam Files Downloaded Instantly: https://examsboost.validbraindumps.com/AWS-SysOps-exam-prep.html