|
AWS Certified SysOps Administrator Exam Practice Questions Page8(Dump)
Question No:-71
|
A system admin is planning to setup event notifications on RDS. Which of the below mentioned services will help the admin setup notifications?
1. AWS SES
2. AWS Cloudtrail
3. AWS Cloudwatch
4. AWS SNS
|
Answer:-4. AWS SNS
Note:-
Amazon RDS uses the Amazon Simple Notification Service to provide a notification when an Amazon RDS event occurs. These notifications can be in any notification form supported by Amazon SNS for an AWS region, such as an email, a text message or a call to an HTTP endpoint
|
|
Question No:-72
|
You are building an online store on AWS that uses SQS to process your customer orders. Your backend system needs those messages in the same sequence the customer orders have been put in. How can you achieve that?
1. It is not possible to do this with SQS
2. You can use sequencing information on each message
3. You can do this with SQS but you also need to use SWF
4. Messages will arrive in the same order by default
|
Answer:-2. You can use sequencing information on each message
Note:-
Amazon SQS is engineered to always be available and deliver messages. One of the resulting tradeoffs is that SQSdoes not guarantee first in, first out delivery of messages. For many distributed applications, each message can stand on its own, and as long as all messages are delivered, the order is not important. If your system requires that order be preserved, you can place sequencing information in each message, so that you can reorder the messages when the queue returns them.
|
|
Question No:-73
|
An organization wants to move to Cloud. They are looking for a secure encrypted database storage option. Which of the below mentioned AWS functionalities helps them to achieve this?
1. AWS MFA with EBS
2. AWS EBS encryption
3. Multi-tier encryption with Redshift
4. AWS S3 server side storage
|
Answer:-2. AWS EBS encryption
Note:-
AWS EBS supports encryption of the volume while creating new volumes. It also supports creating volumes from existing snapshots provided the snapshots are created from encrypted volumes. The data at rest, the I/O as well as all the snapshots of EBS will be encrypted. The encryption occurs on the servers that host the
EC2 instances, providing encryption of data as it moves between the EC2 instances and EBS storage. EBS encryption is based on the AES-256 cryptographic algorithm, which is the industry standard
|
|
Question No:-74
|
A user wants to disable connection draining on an existing ELB. Which of the below mentioned statements helps the user disable connection draining on the ELB?
1. The user can only disable connection draining from CLI
2. It is not possible to disable the connection draining feature once enabled
3. The user can disable the connection draining feature from EC2 -> ELB console or from CLI
4. The user needs to stop all instances before disabling connection draining
|
Answer:-3. The user can disable the connection draining feature from EC2 -> ELB console or from CLI
Note:-
The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the instances are deregistering or become unhealthy, while ensuring that inflight requests continue to be served. The user can enable or disable connection draining from the AWS EC2 console -> ELB or using CLI.
|
|
Question No:-75
|
A user has a refrigerator plant. The user is measuring the temperature of the plant every 15 minutes. If the user wants to send the data to CloudWatch to view the data visually, which of the below mentioned statements is true with respect to the information given above?
1. The user needs to use AWS CLI or API to upload the data
2. The user can use the AWS Import Export facility to import data to CloudWatch
3. The user will upload data from the AWS console
4. The user cannot upload data to CloudWatch since it is not an AWS service metric
|
Answer:-1. The user needs to use AWS CLI or API to upload the data
Note:-
AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. While sending the data the user has to include the metric name, namespace and timezone as part of the request.
|
|
Question No:-76
|
A system admin is managing buckets, objects and folders with AWS S3. Which of the below mentioned statements is true and should be taken in consideration by the sysadmin?
1. The folders support only ACL
2. Both the object and bucket can have an Access Policy but folder cannot have policy
3. Folders can have a policy
4. Both the object and bucket can have ACL but folders cannot have ACL
Answer:-4. Both the object and bucket can have ACL but folders cannot have ACL
Note:-
Amazon S3 Access Control Lists (ACLs) enable you to manage access to buckets and objects. Each bucket and object has an ACL attached to it as a subresource. It defines which AWS accounts or groups are granted access and the type of access. When a request is received against a resource, Amazon S3 checks the corresponding ACL to verify the requester has the necessary access permissions.
Reference:-
http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
|
|
Question No:-77
|
A user has created an ELB with three instances. How many security groups will ELB create by default?
1. 3
2. 5
3. 2
4. 1
|
Answer:-3. 2
Note:-
When you update a stack with anduled.
Note:-
Elastic Load Balancing provides a special Amazon EC2 source security group that the user can use to ensure that back-end EC2 instances receive traffic only from Elastic Load Balancing. This feature needs two security groups: the source security group and a security group that defines the ingress rules for the back-end instances. To ensure that traffic only flows between the load balancer and the back-end instances, the user can add or modify a rule to the back-end security group which can limit the ingress traffic. Thus, it can come only from the source security group provided by Elastic Load Balancing.
|
|
Question No:-78
|
An organization has created 50 IAM users. The organization wants that each user can change their password but cannot change their access keys. How can the organization achieve this?
1. The organization has to create a special password policy and attach it to each user
2. The root account owner has to use CLI which forces each IAM user to change their password on first login
3. By default each IAM user can modify their passwords
4. The root account owner can set the policy from the IAM console under the password policy screen
|
Answer:-4. The root account owner can set the policy from the IAM console under the password policy screen
Note:-
With AWS IAM, organizations can use the AWS Management Console to display, create, change or delete a password policy. As a part of managing the password policy, the user can enable all users to manage their own passwords. If the user has selected the option which allows the IAM users to modify their password, he does not need to set a separate policy for the users. This option in the AWS console allows changing only the password.
|
|
Question No:-79
|
A user has created a photo editing software and hosted it on EC2. The software accepts requests from the user about the photo format and resolution and sends a message to S3 to enhance the picture accordingly. Which of the below mentioned AWS services will help make a scalable software with the AWS infrastructure in this scenario?
1. AWS Glacier
2. AWS Elastic Transcoder
3. AWS Simple Notification Service
4. AWS Simple Queue Service
|
Answer:-4. AWS Simple Queue Service
Note:-
Amazon Simple Queue Service (SQS. is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. The user can configure SQS, which will decouple the call between the EC2 application and S3. Thus, the application does not keep waiting for S3 to provide the data.
|
|
Question No:-80
|
An application is generating a log file every 5 minutes. The log file is not critical but may be required only for verification in case of some major issue. The file should be accessible over the internet whenever required. Which of the below mentioned options is a best possible storage solution for it?
1. AWS S3
2. AWS Glacier
3. AWS RDS
4. AWS RRS
|
Answer:-4. AWS RRS
Note:-
Amazon S3 stores objects according to their storage class. There are three major storage classes: Standard, Reduced Redundancy Storage and Glacier.
Standard is for AWS S3 and provides very high durability. However, the costs are a little higher. Glacier is for archival and the files are not available over the internet. Reduced Redundancy Storage is for less critical files. Reduced Redundancy is little cheaper as it provides less durability in comparison to S3. In this case since the log files are not mission critical files, RRS will be a better option.
|
|
|