2017 February Amazon Official New Released AWS-SysOps Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
2017 latest released Amazon official AWS-SysOps exam question free download from Lead2pass! All new updated questions and answers are real questions from Amazon Exam Center!
Following questions and answers are all new published by Amazon Official Exam Center: http://www.lead2pass.com/aws-sysops.html
A user has created a VPC with public and private subnets using the VPC wizard.
Which of the below mentioned statements is not true in this scenario?
A. The VPC will create a routing instance and attach it with a public subnet
B. The VPC will create two subnets
C. The VPC will create one internet gateway and attach it to VPC
D. The VPC will launch one NAT instance with an elastic IP
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet, the instances in the public subnet can receive inbound traffic directly from the internet, whereas the instances in the private subnet cannot. If these subnets are created with Wizard, AWS will create a NAT instance with an elastic IP. Wizard will also create two subnets with route tables. It will also create an internet gateway and attach it to the VPC.
A user has created a VPC with CIDR 220.127.116.11/16 using the wizard.
The user has created public and VPN only subnets along with hardware VPN access to connect to the user’s data centre.
The user has not yet launched any instance as well as modified or deleted any setup.
He wants to delete this VPC from the console.
Will the console allow the user to delete the VPC?
A. Yes, the console will delete all the setups and also delete the virtual private gateway
B. No, the console will ask the user to manually detach the virtual private gateway first and
then allow deleting the VPC
C. Yes, the console will delete all the setups and detach the virtual private gateway
D. No, since the NAT instance is running
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the virtual private gateway is attached with VPC and the user deletes the VPC from the console it will first detach the gateway automatically and only then delete the VPC.
A user has launched an EC2 Windows instance from an instance store backed AMI.
The user wants to convert the AMI to an EBS backed AMI.
How can the user convert it?
A. Attach an EBS volume to the instance and unbundle all the AMI bundled data inside the
B. A Windows based instance store backed AMI cannot be converted to an EBS backed AMI
C. It is not possible to convert an instance store backed AMI to an EBS backed AMI
D. Attach an EBS volume and use the copy command to copy all the ephermal content to the
Generally when a user has launched an EC2 instance from an instance store backed AMI, it can be converted to an EBS backed AMI provided the user has attached the EBS volume to the instance and unbundles the AMI data to it. However, if the instance is a Windows instance, AWS does not allow this. In this case, since the instance is a Windows instance, the user cannot convert it to an EBS backed AMI.
A user has created an Auto Scaling group using CLI.
The user wants to enable CloudWatch detailed monitoring for that group.
How can the user configure this?
A. When the user sets an alarm on the Auto Scaling group, it automatically enables detail
B. By default detailed monitoring is enabled for Auto Scaling
C. Auto Scaling does not support detailed monitoring
D. Enable detail monitoring from the AWS console
CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. To enable detailed instance monitoring for a new Auto Scaling group, the user does not need to take any extra steps. When the user creates an Auto Scaling launch config as the first step for creating an Auto Scaling group, each launch configuration contains a flag named InstanceMonitoring.Enabled. The default value of this flag is true. Thus, the user does not need to set this flag if he wants detailed monitoring.
A user has created a VPC with the public subnet.
The user has created a security group for that VPC.
Which of the below mentioned statements is true when a security group is created?
A. It can connect to the AWS services, such as S3 and RDS by default
B. It will have all the inbound traffic by default
C. It will have all the outbound traffic by default
D. It will by default allow traffic to the internet gateway
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. AWS provides two features the user can use to increase security in VPC: security groups and network ACLs. Security groups work at the instance level while ACLs work at the subnet level. When a user creates a security group with AWS VPC, by default it will allow all the outbound traffic but block all inbound traffic.
A user is collecting 1000 records per second.
The user wants to send the data to CloudWatch using the custom namespace.
Which of the below mentioned options is recommended for this activity?
A. Aggregate the data with statistics, such as Min, max, Average, Sum and Sample data and
send the data to CloudWatch
B. Send all the data values to CloudWatch in a single command by separating them with a
CloudWatch will parse automatically
C. Create one csv file of all the data and send a single file to CloudWatch
D. It is not possible to send all the data in one call.
Thus, it should be sent one by one.
CloudWatch will aggregate the data automatically
AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. The user can publish data to CloudWatch as single data points or as an aggregated set of data points called a statistic set using the command put-metric-data. It is recommended that when the user is having multiple data points per minute, he should aggregate the data so that it will minimize the number of calls to put-metric-data. In this case it will be single call to CloudWatch instead of 1000 calls if the data is aggregated.
An organization has setup multiple IAM users.
The organization wants that each IAM user accesses the IAM console only within the organization and not from outside.
How can it achieve this?
A. Create an IAM policy with the security group and use that security group for AWS console
B. Create an IAM policy with a condition which denies access when the IP address range is
not from the organization
C. Configure the EC2 instance security group which allows traffic only from the organization’s
D. Create an IAM policy with VPC and allow a secure gateway between the organization and
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The user can add conditions as a part of the IAM policies. The condition can be set on AWS Tags, Time, and Client IP as well as on many other parameters. If the organization wants the user to access only from a specific IP range, they should set an IAM policy condition which denies access when the IP is not in a certain range. E.g. The sample policy given below denies all traffic when the IP is not in a certain range.
“aws:SourceIp”: [“10.10.10.0/24”, “18.104.22.168/24”] }
A user has created a VPC with public and private subnets using the VPC Wizard.
The VPC has CIDR 22.214.171.124/16.
The private subnet uses CIDR 126.96.36.199/24.
Which of the below mentioned entries are required in the main route table to allow the instances in VPC to communicate with each other?
A. Destination : 188.8.131.52/24 and Target : VPC
B. Destination : 184.108.40.206/16 and Target : ALL
C. Destination : 220.127.116.11/0 and Target : ALL
D. Destination : 18.104.22.168/16 and Target : Local
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet, the instances in the public subnet can receive inbound traffic directly from the Internet, whereas the instances in the private subnet cannot. If these subnets are created with Wizard, AWS will create two route tables and attach to the subnets.
The main route table will have the entry “Destination: 22.214.171.124/24 and Target:
Local”, which allows all instances in the VPC to communicate with each other.
A user is configuring the Multi AZ feature of an RDS DB.
The user came to know that this RDS DB does not use the AWS technology, but uses server mirroring to achieve HA.
Which DB is the user using right now?
A. My SQL
C. MS SQL
Amazon RDS provides high availability and failover support for DB instances using Multi AZ deployments. In a Multi AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. Multi AZ deployments for Oracle, PostgreSQL, and MySQL DB instances use Amazon technology, while SQL Server (MS SQL. DB instances use SQL Server Mirroring.
A user has hosted an application on EC2 instances.
The EC2 instances are configured with ELB and Auto Scaling.
The application server session time out is 2 hours.
The user wants to configure connection draining to ensure that all in-flight requests are supported by ELB even though the instance is being deregistered.
What time out period should the user specify for connection draining?
A. 5 minutes
B. 1 hour
C. 30 minutes
D. 2 hours
When you enable connection draining, you can specify a maximum time for the load balancer to keep connections alive before reporting the instance as de-registered. The maximum timeout value can be set between 1 and 3,600 seconds (the default is 300 seconds). When the maximum time limit is reached, the load balancer forcibly closes connections to the de-registering instance.
A user has created a VPC with CIDR 126.96.36.199/24.
The user has used all the IPs of CIDR and wants to increase the size of the VPC.
The user has two subnets: public (188.8.131.52/28. and private (184.108.40.206/28..
How can the user change the size of the VPC?
A. The user can delete all the instances of the subnet.
Change the size of the subnets to 220.127.116.11/32 and 18.104.22.168/32, respectively.
Then the user can increase the size of the VPC using CLI
B. It is not possible to change the size of the VPC once it has been created
C. The user can add a subnet with a higher range so that it will automatically increase the size
of the VPC
D. The user can delete the subnets first and then modify the size of the VPC
Once the user has created a VPC, he cannot change the CIDR of that VPC. The user has to terminate all the instances, delete the subnets and then delete the VPC. Create a new VPC with a higher size and launch instances with the newly created VPC and subnets.
A user is configuring a CloudWatch alarm on RDS to receive a notification when the CPU utilization of RDS is higher than 50%.
The user has setup an alarm when there is some inactivity on RDS, such as RDS unavailability. How can the user configure this?
A. Setup the notification when the CPU is more than 75% on RDS
B. Setup the notification when the state is Insufficient Data
C. Setup the notification when the CPU utilization is less than 10%
D. It is not possible to setup the alarm on RDS
Amazon CloudWatch alarms watch a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The alarm has three states: Alarm, OK and Insufficient data. The Alarm will change to Insufficient Data when any of the three situations arise: when the alarm has just started, when the metric is not available or when enough data is not available for the metric to determine the alarm state. If the user wants to find that RDS is not available, he can setup to receive the notification when the state is in Insufficient data.
An organization has created a Queue named “modularqueue” with SQS.
The organization is not performing any operations such as SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission on the queue.
What can happen in this scenario?
A. AWS SQS sends notification after 15 days for inactivity on queue
B. AWS SQS can delete queue after 30 days without notification
C. AWS SQS marks queue inactive after 30 days
D. AWS SQS notifies the user after 2 weeks and deletes the queue after 3 weeks.
Amazon SQS can delete a queue without notification if one of the following actions hasn’t been performed on it for 30 consecutive days: SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission.
A user has launched an RDS MySQL DB with the Multi AZ feature.
The user has scheduled the scaling of instance storage during maintenance window.
What is the correct order of events during maintenance window?
1. Perform maintenance on standby
2. Promote standby to primary
3. Perform maintenance on original primary
4. Promote original master back as primary
A. 1, 2, 3, 4
B. 1, 2, 3
C. 2, 3, 1, 4
Running MySQL on the RDS DB instance as a Multi-AZ deployment can help the user reduce the impact of a maintenance event, as the Amazon will conduct maintenance by following the steps in the below mentioned order:
– Perform maintenance on standby
– Promote standby to primary
– Perform maintenance on original primary, which becomes the new standby.
A user has enabled detailed CloudWatch monitoring with the AWS Simple Notification Service. Which of the below mentioned statements helps the user understand detailed monitoring better?
A. SNS will send data every minute after configuration
B. There is no need to enable since SNS provides data every minute
C. AWS CloudWatch does not support monitoring for SNS
D. SNS cannot provide data every minute
CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. The AWS SNS service sends data every 5 minutes. Thus, it supports only the basic monitoring. The user cannot enable detailed monitoring with SNS.
A user has scheduled the maintenance window of an RDS DB on Monday at 3 AM.
Which of the below mentioned events may force to take the DB instance offline during the maintenance window?
A. Enabling Read Replica
B. Making the DB Multi AZ
C. DB password change
D. Security patching
Amazon RDS performs maintenance on the DB instance during a user-definable maintenance window. The system may be offline or experience lower performance during that window.
The only maintenance events that may require RDS to make the DB instance offline are:
Scaling compute operations Software patching.
Required software patching is automatically scheduled only for patches that are security and durability related.
Such patching occurs infrequently (typically once every few months. and seldom requires more than a fraction of the maintenance window.
A user has setup a VPC with CIDR 22.214.171.124/16.
The VPC has a private subnet (126.96.36.199/24. and a public subnet (188.8.131.52/24..
The user’s data centre has CIDR of 184.108.40.206/24 and 220.127.116.11/24.
If the private subnet wants to communicate with the data centre, what will happen?
A. It will allow traffic communication on both the CIDRs of the data centre
B. It will not allow traffic with data centre on CIDR 18.104.22.168/24 but allows traffic communication
C. It will not allow traffic communication on any of the data centre CIDRs
D. It will allow traffic with data centre on CIDR 22.214.171.124/24 but does not allow on 126.96.36.199/24
VPC allows the user to set up a connection between his VPC and corporate or home network data centre. If the user has an IP address prefix in the VPC that overlaps with one of the networks’ prefixes, any traffic to the network’s prefix is dropped. In this case CIDR 188.8.131.52/24 falls in the VPC’s CIDR range of 184.108.40.206/16. Thus, it will not allow traffic on that IP. In the case of 220.127.116.11/24, it does not fall in the VPC’s CIDR range. Thus, traffic will be allowed on it.
A sys admin is using server side encryption with AWS S3.
Which of the below mentioned statements helps the user understand the S3 encryption functionality?
A. The server side encryption with the user supplied key works when versioning is enabled
B. The user can use the AWS console, SDK and APIs to encrypt or decrypt the content for
server side encryption with the user supplied key
C. The user must send an AES-128 encrypted key
D. The user can upload his own encryption key to the S3 console
AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key. The encryption with the user supplied key (SSE-C. does not work with the AWS console. The S3 does not store the keys and the user has to send a key with each request. The SSE-C works when the user has enabled versioning.
A user is creating a Cloudformation stack.
Which of the below mentioned limitations does not hold true for Cloudformation?
A. One account by default is limited to 100 templates
B. The user can use 60 parameters and 60 outputs in a single template
C. The template, parameter, output, and resource description fields are limited to 4096
D. One account by default is limited to 20 stacks
AWS Cloudformation is an application management tool which provides application modelling, deployment, configuration, management and related activities. The limitations given below apply to the Cloudformation template and stack. There are no limits to the number of templates but each AWS CloudFormation account is limited to a maximum of 20 stacks by default.
The Template, Parameter, Output, and Resource description fields are limited to 4096 characters.
The user can include up to 60 parameters and 60 outputs in a template.
A user is trying to understand the detailed CloudWatch monitoring concept.
Which of the below mentioned services provides detailed monitoring with CloudWatch without charging the user extra?
A. AWS Auto Scaling
B. AWS Route 53
C. AWS EMR
D. AWS SNS
CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. Services, such as RDS, ELB, OpsWorks, and Route 53 can provide the monitoring data every minute without charging the user.
Lead2pass offers the latest Amazon AWS-SysOps exam questions and answers in PDF & VCE. We promise 100% AWS-SysOps exam pass or full money back (Have a try- If success, you will get a high pay job! Failed, nothing, money back!)! We provide instant download of our AWS-SysOps dumps after payment so you can study earlier than others!
AWS-SysOps new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDekE1aUpSVGNHbWM
2017 Amazon AWS-SysOps exam dumps (All 332 Q&As) from Lead2pass:
http://www.lead2pass.com/aws-sysops.html [100% Exam Pass Guaranteed]