AWS-SysOps Amazon Exam Questions and Free Practice Test

Question 31

- (Topic 2)
A user is running one instance for only 3 hours every day. The user wants to save some cost with the instance. Which of the below mentioned Reserved Instance categories is advised in this case?

A. The user should not use RI; instead only go with the on-demand pricing

B. The user should use the AWS high utilized RI

C. The user should use the AWS medium utilized RI

D. The user should use the AWS low utilized RI

Correct Answer:A

The AWS Reserved Instance provides the user with an option to save some money by paying a one-time fixed amount and then save on the hourly rate. It is advisable that if the user is having 30% or more usage of an instance per day, he should go for a RI. If the user is going to use an EC2 instance for more than 2200-2500 hours per year, RI will help the user save some cost. Here, the instance is not going to run for less than 1500 hours. Thus, it is advisable that the user should use the on-demand pricing.

Question 32

- (Topic 3)
Your business is building a new application that will store its entire customer database on a RDS MySQL database, and will have various applications and users that will query that data for different purposes.
Large analytics jobs on the database are likely to cause other applications to not be able to get the query results they need to, before time out. Also, as your data grows, these analytics jobs will start to take more time, increasing the negative effect on the other applications.
How do you solve the contention issues between these different workloads on the same data?

A. Enable Multi-AZ mode on the RDS instance

B. Use ElastiCache to offload the analytics job data

C. Create RDS Read-Replicas for the analytics work

D. Run the RDS instance on the largest size possible

Correct Answer:B

Question 33

- (Topic 3)
A user is trying to understand the CloudWatch metrics for the AWS services. It is required that the user should first understand the namespace for the AWS services. Which of the below mentioned is not a valid namespace for the AWS services?

A. AWS/StorageGateway

B. AWS/CloudTrail

C. AWS/ElastiCache

D. AWS/SWF

Correct Answer:B

Amazon CloudWatch is basically a metrics repository. The AWS product puts metrics into this repository, and the user can retrieve the data or statistics based on those metrics. To distinguish the data for each service, the CloudWatch metric has a namespace. Namespaces are containers for metrics. All AWS services that provide the Amazon CloudWatch data use a namespace string, beginning with "AWS/". All the services which are supported by CloudWatch will have some namespace. CloudWatch does not monitor CloudTrail. Thus, the namespace “AWS/CloudTrail” is incorrect.

Question 34

- (Topic 1)
When preparing for a compliance assessment of your system built inside of AWS. what are three best-practices for you to prepare for an audit?
Choose 3 answers

A. Gather evidence of your IT operational controls

B. Request and obtain applicable third-party audited AWS compliance reports and certifications

C. Request and obtain a compliance and security tour of an AWS data center for a pre-assessment security review

D. Request and obtain approval from AWS to perform relevant network scans and in-depth penetration tests of your system's Instances and endpoints

E. Schedule meetings with AWS's third-party auditors to provide evidence of AWS compliance that maps to your control objectives

Correct Answer:ABD

Question 35

- (Topic 2)
A system admin is managing buckets, objects and folders with AWS S3. Which of the below mentioned statements is true and should be taken in consideration by the sysadmin?

A. The folders support only ACL

B. Both the object and bucket can have an Access Policy but folder cannot have policy

C. Folders can have a policy

D. Both the object and bucket can have ACL but folders cannot have ACL

Correct Answer:A

A sysadmin can grant permission to the S3 objects or the buckets to any user or make objects public using the bucket policy and user policy. Both use the JSON-based access policy language. Generally if user is defining the ACL on the bucket, the objects in the bucket do not inherit it and vice a versa. The bucket policy can be defined at the bucket level which allows the objects as well as the bucket to be public with a single policy applied to that bucket. It cannot be applied at the object level. The folders are similar to objects with no content. Thus, folders can have only ACL and cannot have a policy.

Question 36

- (Topic 2)
A user has created a VPC with CIDR 20.0.0.0/24. The user has created a public subnet with CIDR 20.0.0.0/25. The user is trying to create the private subnet with CIDR 20.0.0.128/25. Which of the below mentioned statements is true in this scenario?

A. It will not allow the user to create the private subnet due to a CIDR overlap

B. It will allow the user to create a private subnet with CIDR as 20.0.0.128/25

C. This statement is wrong as AWS does not allow CIDR 20.0.0.0/25

D. It will not allow the user to create a private subnet due to a wrong CIDR range

Correct Answer:B

When the user creates a subnet in VPC, he specifies the CIDR block for the subnet. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC., or a subset (to enable multiple subnets.. If the user creates more than one subnet in a VPC, the CIDR blocks of the subnets must not overlap. Thus, in this case the user has created a VPC with the CIDR block 20.0.0.0/24, which supports 256 IP addresses (20.0.0.0 to 20.0.0.255.. The user can break this CIDR block into two subnets, each supporting 128 IP addresses. One subnet uses the CIDR block 20.0.0.0/25 (for addresses 20.0.0.0 - 20.0.0.127. and the other uses the CIDR block 20.0.0.128/25 (for addresses 20.0.0.128 - 20.0.0.255..

START AWS-SysOps EXAM