AWS-SysOps Amazon Exam Questions and Free Practice Test

Question 79

- (Topic 3)
A user is planning to scale up an application by 8 AM and scale down by 7 PM daily using Auto Scaling. What should the user do in this case?

A. Setup the scaling policy to scale up and down based on the CloudWatch alarms

B. The user should increase the desired capacity at 8 AM and decrease it by 7 PM manually

C. The user should setup a batch process which launches the EC2 instance at a specific time

D. Setup scheduled actions to scale up or down at a specific time

Correct Answer:A

Auto Scaling based on a schedule allows the user to scale the application in response to predictable load changes. To configure the Auto Scaling group to scale based on a schedule, the user needs to create scheduled actions. A scheduled action tells Auto Scaling to perform a scaling action at a certain time in the future.

Question 80

- (Topic 1)
You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied for the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?

A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block

B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block

C. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block

D. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block

Correct Answer:B
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html

Question 81

- (Topic 3)
You have a proprietary data store on-premises that must be backed up daily by dumping the data store contents to a single compressed 50GB file and sending the file to AWS. Your SLAs state that any dump file backed up within the past 7 days can be retrieved within 2 hours. Your compliance department has stated that all data must be held indefinitely. The time required to restore the data store from a backup is approximately 1 hour. Your on-premise network connection is capable of sustaining 1gbps to AWS.
Which backup methods to AWS would be most cost-effective while still meeting all of your requirements?

A. Send the daily backup files to Glacier immediately after being generated

B. Transfer the daily backup files to an EBS volume in AWS and take daily snapshots of the volume

C. Transfer the daily backup files to S3 and use appropriate bucket lifecycle policies to send to Glacier

D. Host the backup files on a Storage Gateway with Gateway-Cached Volumes and take daily snapshots

Correct Answer:D
Reference:
http://aws.amazon.com/storagegateway/faqs/

Question 82

- (Topic 3)
A user is planning to use AWS services for his web application. If the user is trying to set up his own billing management system for AWS, how can he configure it?

A. Set up programmatic billing acces

B. Download and parse the bill as per the requirement

C. It is not possible for the user to create his own billing management service with AWS

D. Enable the AWS CloudWatch alarm which will provide APIs to download the alarm data

E. Use AWS billing APIs to download the usage report of each service from the AWS billing console

Correct Answer:A

AWS provides an option to have programmatic access to billing. Programmatic Billing Access leverages the existing Amazon Simple Storage Service (Amazon S3. APIs. Thus, the user can build applications that reference his billing data from a CSV (comma-separated value. file stored in an Amazon S3 bucket. AWS will upload the bill to the bucket every few hours and the user can download the bill CSV from the bucket, parse itand create a billing system as per the requirement.

Question 83

- (Topic 2)
An organization has created 50 IAM users. The organization has introduced a new policy which will change the access of an IAM user. How can the organization implement this effectively so that there is no need to apply the policy at the individual user level?

A. Use the IAM groups and add users as per their role to different groups and apply policy to group

B. The user can create a policy and apply it to multiple users in a single go with the AWS CLI

C. Add each user to the IAM role as per their organization role to achieve effective policy setup

D. Use the IAM role and implement access at the role level

Correct Answer:A

With AWS IAM, a group is a collection of IAM users. A group allows the user to specify permissions for a collection of users, which can make it easier to manage the permissions for those users. A group helps an organization manage access in a better way; instead of applying at the individual level, the organization can apply at the group level which is applicable to all the users who are a part of that group.

Question 84

- (Topic 3)
A sys admin is trying to understand the sticky session algorithm. Please select the correct sequence of steps, both when the cookie is present and when it is not, to help the admin understand the implementation of the sticky session:
ELB inserts the cookie in the response ELB chooses the instance based on the load balancing algorithm Check the cookie in the service request The cookie is found in the request The cookie is not found in the request

A. 3,1,4,2 [Cookie is not Present] & 3,1,5,2 [Cookie is Present]

B. 3,4,1,2 [Cookie is not Present] & 3,5,1,2 [Cookie is Present]

C. 3,5,2,1 [Cookie is not Present] & 3,4,2,1 [Cookie is Present]

D. 3,2,5,4 [Cookie is not Present] & 3,2,4,5 [Cookie is Present]

Correct Answer:C

Generally AWS ELB routes each request to a zone with the minimum load. The Elastic Load Balancer provides a feature called sticky session which binds the user’s session with a specific EC2 instance. The load balancer uses a special load-balancer-generated cookie to track the application instance for each request. When the load balancer receives a request, it first checks to see if this cookie is present in the request. If so, the request is sent to the application instance specified in the cookie. If there is no cookie, the load balancer chooses an application instance based on the existing load balancing algorithm. A cookie is inserted into the response for binding subsequent requests from the same user to that application instance.

START AWS-SysOps EXAM