AWS Certified SysOps Administrator

JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

AWS Certified SysOps Administrator – Associate

Write your full Name ? *

Whats your Mobile Number ? *

QUESTION NO: 701 A company has created an online retail application that is hosted on a fleet of Amazon EC2instances behind an ELB Application Load Balancer. User authentication is handled at theindividual EC2 instance level. Once a user is authenticated; all requests from that user must go tothe same EC2 instance. What should the SysOps Administrator enable to meet these requirements? *

1 point

A. ELB TCP listeners

B. ELB sticky sessions

C. ELB connection draining

D. ELB cross-zone load balancing

QUESTION NO: 702 A SysOpsAdministrator is managing a large organization with multiple accounts on the BusinessSupport plan all linked to a single payer account. The Administrator wants to be notifiedautomatically of AWS Personal Health Dashboard events.In the main payer account, the Administrator configures Amazon CloudWatch Events triggered byAWS Health events triggered by AWS Health triggered by AWS Health events to issuenotifications using Amazon SNS, but alerts in the linked accounts failed to trigger.Why did the alerts fail? *

1 point

A. Amazon SNS cannot be triggered from the AWS Personal Health Dashboard

B. The AWS Personal Health Dashboard only reports events from one account, not linked accounts.

C. The AWS Personal Health Dashboard must be configured from the payer account only; all events will then roll up into the payer account.

D. AWS Organizations must be used to monitor linked accounts.

QUESTION NO: 703 A company is planning to expand into an additional AWS Region for disaster recovery purposes.The company uses AWS CloudFormation, and its infrastructure is well-defined as code. Thecompany would like to reuse as much of its existing code as possible when deploying resources toadditional Regions.A SysOps Administrator is reviewing how Amazon Machine Images (AMIs) are selected in AWSCloudFormation, but is having trouble making the same stack work in the new Region.Which action would make it easier to manage multiple Regions? *

1 point

A. Name each AMI in the new Region exactly the same as the equivalent AMI in the first Region.

B. Duplicate the stack so unique AMI names can be coded into the appropriate stack.

C. Create an alias for each AMI so that an AMI can be referenced by a common name across Regions

D. Create a Mappings section in the stack, and define the Region to AMI associations.

QUESTION NO: 704 An organization with a large IT department has decided to migrate to AWS. With different jobfunctions in the IT department, it is not desirable to give all users access to all AWS resources.Currently the organization handles access via LDAP group membership.What is the BEST method to allow access using current LDAP credentials? *

1 point

A. Create an AWS Directly Service Simple AD. Replicate the on-premises LDAP directory to Simple AD.

B. Create a Lambda function to read LDAP groups and automate the creation of IAM users.

C. Use AWS CloudFormation to create IAM roles. Deploy Direct Connect to allow access to the onpremises LDAP server.

D. Federate the LDAP directory with IAM using SAML. Create different IAM roles to correspond to different LDAP groups to limit permissions.

QUESTION NO: 705 An organization stores sensitive customer in S3 buckets protected by bucket policies. Recently,there have been reports that unauthorized entities within the company have been trying to accessthe data on those S3 buckets. The Chief Information Security Officer (CISO) would like to knowwhich buckets are being targeted and determine who is responsible for trying to access thatinformation.Which steps should a SysOps Administrator take to meet the CISO’s requirement? (Choose two.) *

1 point

A. Enable Amazon S3 Analytics on all affected S3 buckets to obtain a report of which buckets are being accessed without authorization.

B. Enable Amazon S3 Server Access Logging on all affected S3 buckets and have the logs stored in a bucket dedicated for logs.

C. Use Amazon Athena to query S3 Analytics report for HTTP 403 errors, and determine the IAM user or role making the requests.

D. Use Amazon Athena to query the S3 Server Access Logs for HTTP 403 errors, and determine the IAM user or role making the requests.

E. Use Amazon Athena to query the S3 Server Access Logs for HTTP 503 errors, and determine the IAM user or role making the requests.

Required

QUESTION NO: 706 A SysOps Administrator responsible for an e-commerce web application observes the applicationdoes not launch new Amazon EC2 instances at peak times, even though the maximum capacity ofthe Auto Scaling group has not been reached.What should the Administrator do to identify the underlying problem? (Choose two.) *

1 point

A. Monitor service limits in AWS Trusted Advisor.

B. Analyze VPC Flow Logs.

C. Monitor limits in AWS Systems Manager.

D. Use Amazon Inspector to gather performance information.

E. Check the response for RunInstances requests in AWS CloudTrail logs.

Required

QUESTION NO: 707 A SysOps Administrator must generate a report that provides a breakdown of all API activity by aspecific user over the course of a year.Given that AWS Cloud Trail was enabled, how can this report be generated? *

1 point

A. Using the AWS management Console, search for the user name in the CloudTrail history. Then filter by API and download the report in CSV format.

B. Use the CloudTrail digest files stored in the company’s Amazon S3 bucket. Then send the logs to Amazon QuickSight to create the report.

C. Locate the monthly reports that CloudTrail sends that are emailed to the account’s root user. Then forward the reports to the auditor using a secure channel.

D. Access the CloudTrail logs stored in the Amazon S3 bucket tied to Cloud Trail. Use Amazon Athena to extract the information needed to generate the report.

QUESTION NO: 708 A company received its latest bill with a large increase in the number of requests against AmazonSQS as compared to the month prior. The company is not aware of any changes in its SQSusage. The company is concerned about the cost increase and who or what was making thesecalls.What should the SysOps Administrator use to validate the calls made to SQS? *

1 point

A. AWS CloudTrail

B. Amazon CloudWatch

C. AWS Cost Explorer

D. Amazon S3 server access logs

QUESTION NO: 709 An Amazon S3 bucket in a SysOps Administrator’s account can be accesses by users in otherSWS accounts.How can the Administrator ensure that the bucket is only accessible to members of theAdministrator’s AWS account? *

1 point

A. Move the S3 bucket from a public subnet to a private subnet in the Amazon VPC.

B. Change the bucket access control list (ACL) to restrict access to the bucket owner.

C. Enable server-side encryption for all objects in the bucket.

D. Use only Amazon S3 presigned URLs for accessing objects in the bucket.

QUESTION NO: 710 A company hosts its website on Amazon ECF2 instances behind an ELB Application LoadBalancer. The company manages its DNS with Amazon Route 53, and wants to point its domain’szone apex to the website. Which type of record should be used to meet these requirements? *

1 point

A. An AAA record for the domain’s zone apex

B. An A record for the domain’s zone apex

C. A CNAME record for the domain’s zone apex

D. An alias record for the domain’s zone apex

Clear form

Never submit passwords through Google Forms.

This content is neither created nor endorsed by Google. - Terms of Service - Privacy Policy

Does this form look suspicious? Report

Forms