Exams > Amazon > AWS-SysOps: AWS Certified SysOps Administrator
AWS-SysOps: AWS Certified SysOps Administrator
Page 2 out of 91 pages Questions 11-20 out of 910 questions
Question#11

A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR
(20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user's data center. Which of the below mentioned options is a valid entry for the main route table in this scenario?

  • A. Destination: 20.0.0.0/24 and Target: vgw-12345
  • B. Destination: 20.0.0.0/16 and Target: ALL
  • C. Destination: 20.0.1.0/16 and Target: vgw-12345
  • D. Destination: 0.0.0.0/0 and Target: vgw-12345
Discover Answer Hide Answer

D
The main route table came with the VPC, and it also has a route for the VPN-only subnet. A custom route table is associated with the public subnet. The custom route table has a route over the Internet gateway (the destination is 0.0.0.0/0, and the target is the Internet gateway).
If you create a new subnet in this VPC, it's automatically associated with the main route table, which routes its traffic to the virtual private gateway. If you were to set up the reverse configuration (the main route table with the route to the Internet gateway, and the custom route table with the route to the virtual private gateway), then a new subnet automatically has a route to the Internet gateway.
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html

Question#12

A user has stored data on an encrypted EBS volume. The user wants to share the data with his friend's AWS account. How can user achieve this?

  • A. Create an AMI from the volume and share the AMI
  • B. Copy the data to an unencrypted volume and then share
  • C. Take a snapshot and share the snapshot with a friend
  • D. If both the accounts are using the same encryption key then the user can share the volume directly
Discover Answer Hide Answer

B
AWS EBS supports encryption of the volume. It also supports creating volumes from existing snapshots provided the snapshots are created from encrypted volumes. If the user is having data on an encrypted volume and is trying to share it with others, he has to copy the data from the encrypted volume to a new unencrypted volume. Only then can the user share it as an encrypted volume data. Otherwise the snapshot cannot be shared.

Question#13

A user has enabled the Multi AZ feature with the MS SQL RDS database server. Which of the below mentioned statements will help the user understand the Multi
AZ feature better?

  • A. In a Multi AZ, AWS runs two DBs in parallel and copies the data asynchronously to the replica copy
  • B. In a Multi AZ, AWS runs two DBs in parallel and copies the data synchronously to the replica copy
  • C. In a Multi AZ, AWS runs just one DB but copies the data synchronously to the standby replica
  • D. AWS MS SQL does not support the Multi AZ feature
Discover Answer Hide Answer

C
Amazon RDS provides high availability and failover support for DB instances using Multi-AZ deployments. In a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability
Zones to a standby replica to provide data redundancy, eliminate I/O freezes, and minimize latency spikes during system backups. Running a DB instance with high availability can enhance availability during planned system maintenance, and help protect your databases against DB instance failure and Availability Zone disruption. Note that the high-availability feature is not a scaling solution for read-only scenarios; you cannot use a standby replica to serve read traffic. To service read-only traffic, you should use a read replica.

Question#14

An organization is using cost allocation tags to find the cost distribution of different departments and projects. One of the instances has two separate tags with the key/ value as `InstanceName/HR`, `CostCenter/HR`. What will AWS do in this case?

  • A. InstanceName is a reserved tag for AWS. Thus, AWS will not allow this tag
  • B. AWS will not allow the tags as the value is the same for different keys
  • C. AWS will allow tags but will not show correctly in the cost allocation report due to the same value of the two separate keys
  • D. AWS will allow both the tags and show properly in the cost distribution report
Discover Answer Hide Answer

D
AWS provides cost allocation tags to categorize and track the AWS costs. When the user applies tags to his AWS resources, AWS generates a cost allocation report as a comma-separated value (CSV file. with the usage and costs aggregated by those tags. Each tag will have a key-value and can be applied to services, such as EC2, S3, RDS, EMR, etc. It is required that the key should be different for each tag. The value can be the same for different keys. In this case since the value is different, AWS will properly show the distribution report with the correct values.

Question#15

A user is publishing custom metrics to CloudWatch. Which of the below mentioned statements will help the user understand the functionality better?

  • A. The user can use the CloudWatch Import tool
  • B. The user should be able to see the data in the console after around 15 minutes
  • C. If the user is uploading the custom data, the user must supply the namespace, timezone, and metric name as part of the command
  • D. The user can view as well as upload data using the console, CLI and APIs
Discover Answer Hide Answer

B
AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. The user has always to include the namespace as a part of the request. However, the other parameters are optional. If the user has uploaded data using CLI, he can view it as a graph inside the console. The data will take around 2 minutes to upload but can be viewed only after around 15 minutes.

Question#16

A user is launching an EC2 instance in the US East region. Which of the below mentioned options is recommended by AWS with respect to the selection of the availability zone?

  • A. Always select the US-East-1-a zone for HA
  • B. Do not select the AZ; instead let AWS select the AZ
  • C. The user can never select the availability zone while launching an instance
  • D. Always select the AZ while launching an instance
Discover Answer Hide Answer

B
When launching an instance with EC2, AWS recommends not to select the availability zone (AZ). AWS specifies that the default Availability Zone should be accepted. This is because it enables AWS to select the best Availability Zone based on the system health and available capacity. If the user launches additional instances, only then an Availability Zone should be specified. This is to specify the same or different AZ from the running instances.

Question#17

A user has created a VPC with CIDR 20.0.0.0/16 with only a private subnet and VPN connection using the VPC wizard. The user wants to connect to the instance in a private subnet over SSH. How should the user define the security rule for SSH?

  • A. Allow Inbound traffic on port 22 from the user's network
  • B. The user has to create an instance in EC2 Classic with an elastic IP and configure the security group of a private subnet to allow SSH from that elastic IP
  • C. The user can connect to a instance in a private subnet using the NAT instance
  • D. Allow Inbound traffic on port 80 and 22 to allow the user to connect to a private subnet over the Internet
Discover Answer Hide Answer

A
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data center, the user can setup a case with a
VPN only subnet (private. which uses VPN access to connect with his data center. When the user has configured this setup with Wizard, all network connections to the instances in the subnet will come from his data center. The user has to configure the security group of the private subnet which allows the inbound traffic on
SSH (port 22. from the data center's network range.

Question#18

A user has created an ELB with the availability zone US-East-1.
The user wants to add more zones to ELB to achieve High Availability. How can the user add more zones to the existing ELB?

  • A. It is not possible to add more zones to the existing ELB
  • B. The only option is to launch instances in different zones and add to ELB
  • C. The user should stop the ELB and add zones and instances as required
  • D. The user can add zones on the fly from the AWS console
Discover Answer Hide Answer

B

Question#19

A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring on Elastic Load balancing. Which of the below mentioned statements will help the user understand this functionality better?

  • A. ELB sends data to CloudWatch every minute only and does not charge the user
  • B. ELB will send data every minute and will charge the user extra
  • C. ELB is not supported by CloudWatch
  • D. It is not possible to setup detailed monitoring for ELB
Discover Answer Hide Answer

A
CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. Elastic Load Balancing includes 10 metrics and 2 dimensions, and sends data to CloudWatch every minute. This does not cost extra.

Question#20

A user has configured ELB with two EBS backed EC2 instances. The user is trying to understand the DNS access and IP support for ELB. Which of the below mentioned statements may not help the user understand the IP mechanism supported by ELB?

  • A. The client can connect over IPV4 or IPV6 using Dualstack
  • B. ELB DNS supports both IPV4 and IPV6
  • C. Communication between the load balancer and back-end instances is always through IPV4
  • D. The ELB supports either IPV4 or IPV6 but not both
Discover Answer Hide Answer

D
Elastic Load Balancing supports both Internet Protocol version 6 (IPv6. and Internet Protocol version 4 (IPv4.) Clients can connect to the user's load balancer using either IPv4 or IPv6 (in EC2-Classic. DNS. However, communication between the load balancer and its back-end instances uses only IPv4. The user can use the Dualstack-prefixed DNS name to enable IPv6 support for communications between the client and the load balancers. Thus, the clients are able to access the load balancer using either IPv4 or IPv6 as their individual connectivity needs dictate.

chevron rightPrevious Nextchevron right