Amazon Web Services (AWS) - Set #19

Powered by Techhyme.com

You have a total of 130 minutes to finish the practice test of AWS Certified SysOps Administrator to test your knowledge.

1. You need to log every GET request against an S3 bucket in the us-west-1 region. What’s the most cost-effective way to do this?
  • A. Create a CloudTrail to log global service events.
  • B. Create a CloudTrail to log S3 data events.
  • C. Create a CloudTrail to log S3 management events.
  • D. Enable S3 server logging.
Answer - B
Explanation - Logging S3 data events using CloudTrail will do the trick. Enabling S3 server logging may not log every request. S3 GET requests are data events, not management events. S3 is not a global service.
2. Which of the following is a factor in the cost of AWS resources?
  • A. Availability zone
  • B. Region
  • C. Internet connection speed
  • D. Linux distribution
Answer - B
Explanation - AWS costs vary by region.
3. You’ve registered the domain name example.com with a non-AWS registrar. Your lease on the domain is 10 years. Which of the following is the most cost-effective option for using this domain name to host a web application hosted behind an AWS application load balancer?
  • A. Create a Route 53 public hosted zone.
  • B. Transfer the domain name to Route 53.
  • C. Create a non-alias resource record.
  • D. Create a Route 53 private hosted zone.
Answer - A
Explanation - Since you’ve already registered the domain name, the most cost-effective option would be to keep it with the current registrar and create a public hosted zone for the domain in Route 53.
4. How much data transfer out does CloudFront offer in the free tier?
  • A. 1 GB
  • B. 5 GB
  • C. 10 GB
  • D. 50 GB
Answer - D
Explanation - CloudFront offers 50 GB data transfer out for the first year in the free tier.
5. What is the cost of using a dedicated IP address per SSL/TLS certificate at a CloudFront edge location?
  • A. Free
  • B. $60 per month
  • C. $600 per month
  • D. $600 per year
Answer - C
Explanation - If you need to serve content to browsers that don’t support server name identification (SNI), you can use CloudFront’s Dedicated IP Custom SSL. This will give you a dedicated IP address per SSL/TLS certificate at one Edge location. The monthly cost of this is $600.
6. Which of the following is true regarding the costeffectiveness of using CloudFormation?
  • A. CloudFormation costs extra to use versus creating resources manually.
  • B. Resources can be provisioned as needed and deleted quickly.
  • C. CloudFormation uses Lambda, and you must pay these execution costs.
  • D. Resources created with CloudFormation cost less.
Answer - B
Explanation - CloudFormation lets you provision resources as needed and delete them quickly when you’re done, potentially saving you money. Resources created with CloudFormation cost the same as if you created them manually, and there’s no extra cost to use CloudFormation. CloudFormation doesn’t entail using Lambda.
7. EC2 Auto Scaling dynamic scaling policies are an example of which of the following approaches?
  • A. Prediction-based
  • B. Time-based
  • C. Demand-based
  • D. Buffer-based
Answer - C
Explanation - EC2 Auto Scaling Dynamic scaling policies add or remove instances based on a metric related to demand, such as the number of web requests or CPU utilization.
8. Which of the following is free?
  • A. A public IP address attached to a stopped instance
  • B. An elastic IP address attached to a stopped instance
  • C. A public IP address attached to a running instance
  • D. A Route 53 public hosted zone attached to a running instance
Answer - C
Explanation - A public IP address attached to a running EC2 instance is free. If the instance is stopped, it loses its public IP address. An elastic IP address attached to a stopped instance incurs a small charge. Route 53 public hosted zones are never free.
9. On a regular basis, you manually update an application running on a fleet of EC2 instances. You’re considering automating the update process so that developers can trigger automatic updates by simply pushing application updates to an S3 bucket. Which of the following services is most cost-effective for this task? (Choose two.)
  • A. CodeCommit
  • B. CodeBuild
  • C. CodePipeline
  • D. CodeDeploy
Answer - C, D
Explanation - It’s free to use CodeDeploy to deploy to EC2 instances. You can automate the process with CodePipeline, which lets you have one free active pipeline per month. CodeBuild isn’t free. CodeCommit is a Git repository with options under the free tier but isn’t necessary in this case since the developers will be pushing updates to an S3 bucket.
10. Which of the following is the most cost-effective and automated option for performing a rolling application upgrade on EC2 instances in an Auto Scaling group?
  • A. CodeStar
  • B. CloudFormation
  • C. CodeDeploy
  • D. AWS Systems Manager
Answer - C
Explanation - CodeDeploy can perform a rolling application upgrade on one or more instances at a time. Using CloudFormation to do the upgrade would require doing an all-at-once switchover. AWS Systems Manager could also be used but would require more manual effort. CodeStar doesn’t do application deployments.
11. Which of the following can you use to dynamically populate a CloudFormation parameter with a specific AMI ID?
  • A. Systems Manager
  • B. Simple Notification Service
  • C. Lambda
  • D. S3
Answer - A
Explanation - You can define the AMI ID as a Systems Manager parameter and reference it in your CloudFormation template.
12. You have thousands of EC2 instances spread across multiple regions. These instances do not persistently store data on their EBS volumes. No less than every three months, you have to ensure these instances have the latest operating system patches and application updates. Which of the following is the most costeffective approach to handling these regular updates?
  • A. Use CodeDeploy to update the instances.
  • B. Use AWS Systems Manager to update the instances.
  • C. Create a new AMI with the changes baked in, and use it in all regions.
  • D. For each region, create a new AMI with the changes baked in.
Answer - C
Explanation - The most cost-effective solution is to create an AMI with the changes and then deploy it to all regions. This will require copying the AMI from one region to another, but there are no data transfer costs associated with doing this.
13. Which of the following is the cheapest option for sending 90,000 notification emails per month?
  • A. Simple Email Service
  • B. Simple Notification Service
  • C. Simple Queue Service
  • D. CloudWatch Alarms
Answer - B
Explanation - SNS is the cheapest option. SES is designed for sending and receiving bulk emails but isn’t specifically designed for sending notifications. SQS and CloudWatch Alarms can’t send emails. They use SNS.
14. You have an EC2 instance running Amazon Linux in a private subnet. What’s the most cost-effective way to temporarily connect it to the Internet to download operating system updates? (Choose two.)
  • A. Create a NAT gateway.
  • B. Create an Internet gateway and default route.
  • C. Assign the instance an elastic IP address.
  • D. Use AWS Patch Manager.
Answer - B, C
Explanation - Creating an Internet gateway and default route and assigning an elastic IP address is the most costeffective option. A NAT gateway will incur charges. Using AWS Patch Manager to download the updates will still require the instance to have Internet access.
15. Your company needs to host a static website for employees to use. The website will consist of images, videos, and JavaScript. Which of the following is the most cost-effective way to host this application on AWS?
  • A. CloudFront
  • B. EC2
  • C. S3
  • D. DynamoDB
Answer - C
Explanation - The cheapest option for hosting a static website on AWS is to use S3.
16. Which of the following elastic services allows multiple consumers to read the same message from a single producer?
  • A. Simple Queue Service
  • B. Amazon MQ
  • C. Kinesis
  • D. SNS
Answer - C
Explanation - Kinesis allows multiple consumers to read the same message from a single producer. SQS allows only a single consumer to read a message. Amazon MQ is not elastic. SNS is not a messaging service.
17. Which of the following is true regarding Amazon Certificate Manager (ACM)?
  • A. Certificates are never copied across regions.
  • B. It can automatically install certificates on EC2instances.
  • C. You can export public certificates generated byACM.
  • D. It renews certificates automatically.
Answer - D
Explanation - ACM can renew certificates automatically if they’re associated with an AWS service such as elastic load balancing.
18. You run a video hosting website that stores videos in S3. All resources are in the us-west-1 region. What’s the most cost-effective way to minimize buffering time for mobile users in Japan?
  • A. Use CloudFront.
  • B. Replicate the videos to buckets in the Tokyo region.
  • C. Use Route 53 latency records.
  • D. Use AWS Mobile Hub.
Answer - A
Explanation - CloudFront can replicate the videos to the Asia Pacific edge locations, resulting in fast delivery to users in Japan.
19. You’re running a web service on EC2 instances behind an elastic load balancer. These instances are part of an EC2 Auto Scaling group that monitors the ELB status. Users access the web service elastic load balancer listener using the domain name example.com, for which you have a public Route 53 hosted zone. If the web service on an instance fails, you want the instance taken out of load balancing in under 10 seconds. How can you accomplish this?
  • A. Configure the Auto Scaling group to use instance health checks.
  • B. Configure the example.com resource record to evaluate the target’s health less than every 10 seconds.
  • C. Create a Route 53 health check that checks the ELB health less than every 10 seconds.
  • D. Configure the target group’s health check and set the interval to less than 10 seconds.
Answer - D
Explanation - Configuring the target group’s health check to check the status of the web service on each EC2 instance less than every 10 seconds will remove the problem instance from load balancing.
20. You own a block of public IP addresses. Which of the following services can you assign them to using Bring Your Own IP (BYOIP)?
  • A. Network load balancer
  • B. Lambda
  • C. S3
  • D. RDS
Answer - A
Explanation - You can use BYOIP with network load balancers, EC2 instances, and NAT gateways. When you bring your own IP addresses to AWS, you can assign them to these resources as elastic IP addresses.
21. You’re developing a custom monitoring application that will access the AWS Health API. Which of the following is required to achieve this at the lowest cost?
  • A. Root API credentials
  • B. API gateway
  • C. A Business support plan
  • D. A Developer support plan
Answer - C
Explanation - You need a Business or Enterprise support plan to access the Health API.
22. Which of the following is the cheapest S3 encryption option?
  • A. SSE-KMS customer-managed CMK
  • B. SSE-KMS AWS-managed CMK
  • C. Client-side encryption using KMS
  • D. SSE-ACL
Answer - B
Explanation - SSE-KMS with AWS-managed CMK is the cheapest option. There is no such thing as SSE-ACL.
23. Your development team uses a set of EC2 instances. Each developer has their own instance that they have customized. The instances don’t need to be available after 6:00 p.m. or on the weekends. How can you maximally reduce the cost of these instances without ongoing manual intervention?
  • A. Use CloudWatch Events to stop and start the instances on a schedule.
  • B. Purchase instance reservations for the instances.
  • C. Use Scheduled Auto Scaling actions to set the group size to 0 at 6:00 p.m.
  • D. Use CloudWatch Events to terminate and recreate the instances on a schedule.
Answer - A
Explanation - Using CloudWatch Events to stop and start the instances on a schedule is the most cost-effective approach. Terminating the instances and re-creating them will lose each developer’s customizations. Using instance reservations is a good idea, but they’re timelimited and would need to be manually renewed.
24. Which of the following services is the most costeffective for querying 1 TB of data stored in a PostgreSQL database?
  • A. Redshift
  • B. Redshift Spectrum
  • C. RDS
  • D. DynamoDB
Answer - C
Explanation - RDS is the most cost-effective solution. Redshift is designed for data warehouses, and Redshift Spectrum is for data stored in S3.
25. What’s the most cost-effective option for synchronous database replication with RDS?
  • A. Multi-AZ
  • B. Read replica
  • C. Automated snapshots
  • D. S3 replication
Answer - A
Explanation - Multi-AZ is the only option for synchronous database replication.
26. What’s the most cost-effective option for asynchronous database replication with RDS?
  • A. Multi-AZ
  • B. Read replica
  • C. Automated snapshots
  • D. S3 replication
Answer - B
Explanation - Read replicas give you asynchronous replication to another instance. Automated snapshots back up the entire instance but don’t offer asynchronous replication of just a single database.
27. What’s the most cost-effective solution for backing up an on-premises application running on a Windows Server 2016 VM?
  • A. Use AWS VM import/export.
  • B. Perform a block copy of the server to a Snowball appliance.
  • C. Perform a block copy of the server to a Snowball Edge appliance.
  • D. Use Storage Gateway.
Answer - A
Explanation - AWS VM import/export is designed to export onpremises virtual machines to EC2 instances.
28. What happens if your maximum Spot price for an instance consistently exceeds the on-demand price?
  • A. Your maximum Spot price will be automatically reduced to the on-demand price.
  • B. The instance will run indefinitely.
  • C. The instance will terminate or hibernate.
  • D. This isn’t allowed; Your Spot price can’t exceed the on-demand price.
Answer - B
Explanation - If the maximum Spot price you’ve set consistently meets or exceeds the on-demand price, the instance will run indefinitely.
29. How can you use Spot Instances in an Auto Scaling group?
  • A. You can’t.
  • B. Request Spot Instances in the launch template.
  • C. Request Spot Instances in the Auto Scaling group configuration.
  • D. Create the Spot Instances first and add them to the group.
Answer - B
Explanation - You can request Spot Instances in the launch template or launch configuration.
30. You’re running a fleet of Amazon Linux EC2 instances in an Auto Scaling group. A new Amazon Linux AMI has been released with the latest security updates. What’s the most cost-effective and easiest way to update your instances?
  • A. Create a new launch configuration that uses the new AMI.
  • B. Update the launch configuration with a script that installs any available security updates.
  • C. Use AWS Systems Manager Patch Manager.
  • D. Update the launch template to use the new AMI.
Answer - C
Explanation - Using AWS Systems Manager Patch Manager to patch the instances—both the current ones and any instances launched in the future—is the most costeffective and easiest approach. Just flipping to the new AMI may not work; You don’t know unless you first test your workload with it. You can’t update a launch configuration.
31. What’s the most cost-effective and secure way of granting an application on an EC2 instance access to a DynamoDB table? (Choose two.)
  • A. Grant a role access to the table.
  • B. Hardcode AWS credentials into the application.
  • C. Use AWS Secrets Manager.
  • D. Associate an instance profile role with the instance.
Answer - A, D
Explanation - Creating a role with access to the DynamoDB table and using an instance profile role to grant the instance the ability to assume the role is free. AWS Secrets Manager isn’t free. Hardcoding credentials into the application isn’t secure.
32. You’re running an RDS instance that is running low on memory, resulting in slow read queries for your application. What’s the most cost-effective and quickest way to resolve this?
  • A. Reboot the instance.
  • B. Use multi-AZ.
  • C. Upgrade the instance type.
  • D. Create a read replica.
Answer - C
Explanation - Upgrading the instance type and creating a read replica are comparable options pricewise but upgrading is much quicker in part because it doesn’t require reconfiguring the application to use a read replica.
33. You plan to migrate an on-premises MySQL database to AWS. You expect this database to double in size every six months. Which of the following is the most costeffective option that requires the least ongoing effort?
  • A. RDS using the MySQL engine
  • B. Amazon Aurora
  • C. RDS using the MariaDB engine
  • D. An EC2 instance running MySQL
Answer - B
Explanation - Amazon Aurora will dynamically expand its storage cluster to grow with your database.
34. You need to identify any traffic that’s allowed by a VPC security group. How can you accomplish this in the most cost-effective way?
  • A. Enable VPC flow logging to log only allowed traffic to CloudWatch Logs.
  • B. Enable VPC flow logging to log all traffic to an S3 bucket and search the logs for the word NODATA.
  • C. Enable VPC flow logging to log all traffic to an S3 bucket, and search the logs for the word ACCEPT.
  • D. Enable VPC flow logging to log all allowed traffic to an S3 bucket.
Answer - D
Explanation - The most cost-effective option is to enable VPC flow logging for allowed traffic and save the logs in an S3 bucket.
35. You have an EC2 instance running a web server in a private subnet, an S3 bucket, and a CloudFront distribution. You need to make a 2 GB file available for download. Which of the following is the cheapest and quickest option?
  • A. Store the file on an EFS volume.
  • B. Upload the file to an S3 bucket and make the file public.
  • C. Upload the file to the instance and make it available for download.
  • D. Make the file available via the CloudFront distribution.
Answer - B
Explanation - Uploading the file to an S3 bucket and making it public is the cheapest and quickest option.
36. Which of the following is the least expensive option for migrating files on an on-premises NFS file server to AWS S3?
  • A. Snowball
  • B. Snowball Edge
  • C. Storage Gateway—Volume Gateway
  • D. Storage Gateway—File Gateway
Answer - D
Explanation - AWS Storage Gateway—File Gateway offers an SMB or NFS interface to store files on S3.
37. You have an on-premises server that connects to an iSCSI LUN for storage. You want to continuously back up this data to AWS. Which of the following should you use?
  • A. Snowball
  • B. Snowball Edge
  • C. Storage Gateway—Volume Gateway
  • D. Storage Gateway—File Gateway
Answer - C
Explanation - AWS Storage Gateway—Volume Gateway can function as an iSCSI target and back up the data to S3.
38. What’s the costliest Glacier retrieval type?
  • A. Bulk
  • B. Standard
  • C. Expedited
  • D. Provisioned
Answer - C
Explanation - Expedited retrievals are the most expensive.
39. Which of the following does not include a capacity reservation?
  • A. Dedicated instances
  • B. Dedicated hosts
  • C. Standard reserved instances
  • D. Convertible reserved instances
Answer - D
Explanation - Convertible reserved instances do not include a capacity reservation.
40. What’s the minimum yearly required utilization for a scheduled instance?
  • A. 416 hours
  • B. 600 hours
  • C. 1200 hours
  • D. 2400 hours
Answer - C
Explanation - The minimum required utilization for a scheduled instance is 1200 hours per year.
41. Which of the following is not a valid ECS metric?
  • A. MemoryUtilization
  • B. GPUReservation
  • C. ClusterService
  • D. CPUReservation
Answer - C
Explanation - ClusterService is a dimension, not a metric.
42. Which of the following may cause an EC2 instance to fail its status check? (Choose two.)
  • A. Boot sector corruption
  • B. Overloaded network interface
  • C. Application memory leak
  • D. Disk full
Answer - A, C
Explanation - Filesystem corruption or running out of memory can cause an instance to fail its status check.
43. Which AWS CLI command can show you the system status of an EC2 instance?
  • A. aws cloudwatch describe-instance-status
  • B. aws ec2 describe-instance-status
  • C. aws ec2 describe-system-status
  • D. aws cloudwatch get-instance-status
Answer - B
Explanation - The command aws ec2 describe-instance-status will show instance and system status for an instance as well as its running status.
44. A junior administrator uses the AWS CLI for routine tasks. He’s trying to use the AWS CLI to view the status of EC2 instances. Every time he tries, he receives an error indicating he doesn’t have access. How can you resolve this?
  • A. Grant the admin permissions in the CloudWatchReadOnlyAccess AWS managed IAM policy.
  • B. Grant the admin permissions in the AmazonEC2ReadOnly AWS managed IAM policy.
  • C. Create a new API key for the admin.
  • D. Tell the admin to use the AWS management Console.
Answer - B
Explanation - The AmazonEC2ReadOnly has the permissions the admin needs to view EC2 instance status.
45. Which of the following operating systems can the CloudWatch agent not run on?
  • A. BSD
  • B. Windows Server 2008
  • C. RHEL
  • D. SUSE Linux
Answer - A
Explanation - The agent runs on various flavors of Linux and Windows Server. Sadly, it doesn’t run on Unix variants like BSD or Solaris.
46. You want to find out which users are authenticating to a Windows server running on-premises. Which of the following can help you gather this information?
  • A. CloudWatch Logs agent
  • B. EC2
  • C. CloudWatch Events
  • D. AWS Directory Service
Answer - A
Explanation - You can use the CloudWatch Logs agent to send Windows event logs to CloudWatch Logs.
47. What does the CloudWatch Logs agent use to encrypt log data in transit?
  • A. PGP
  • B. KMS
  • C. HTTPS
  • D. SSL
Answer - C
Explanation - CloudWatch Logs uses HTTPS to secure data in transit. HTTPS doesn’t use SSL, only TLS.
48. What does the CloudWatch Logs use to encrypt log data at rest?
  • A. KMS
  • B. PGP
  • C. Client encryption
  • D. CloudHSM
Answer - A
Explanation - CloudWatch Logs uses KMS to secure data at-rest.
49. Which of the following shows you all AWS service issues?
  • A. Simple Notification Service
  • B. Service Health Dashboard
  • C. CloudWatch
  • D. Personal Health Dashboard
Answer - B
Explanation - The Service Health Dashboard shows the status of all AWS services, not just the ones you use.
50. Which of the following AWS services analyzes VPC traffic for security threats?
  • A. Inspector
  • B. GuardDuty
  • C. CloudTrail
  • D. VPC Flow Logs
Answer - B
Explanation - GuardDuty analyzes VPC traffic for security threats. It doesn’t require configuring VPC flow logs, and VPC flow logging doesn’t perform any security analysis. Inspector performs security assessments against EC2 instances.