Sie sind auf Seite 1von 22

25/04/2017 Quiz SysOps Free – The-Cert-School



Quiz SysOps Free


Udemy Courses:
13 of 30 questions answered correctly
Up to 95% O
Your time: 00:29:49 and $10 Sitewide
You have reached 13 of 30 points, (43.33%)

Average score   52.83%

Your score   43.33% O er Expires: 29 April


Promo Code: 10APR303

Analysis 20% Click the below course

Data Management 40% link and apply the promo

Deployment and Provisioning 100% code for 10 $ o er

High Availability 33.33%
Want to pass the AWS
Monitoring and Metrics 66.67%
Solutions Architect -
Networking 50%
Security 0% Associate Exam? Do this

course! 1/23
25/04/2017 Quiz SysOps Free – The-Cert-School

Thank you for taking this mock exam. Unfortunately, you

were unsuccessful in this attempt.

Do you want to be an AWS

View questions
Certi ed Developer
Associate? This AWS online
1 2 3 4 5 6 7 8 9 10
course is for you.

11 12 13 14 15 16 17 18 19 20

Answered Review

1. Question
A user has con gured ELB with SSL using a security policy for Want to pass the AWS

secure negotiation between the client and load balancer. The Certi ed SysOps
Administrator Exam? Do
ELB security policy supports various ciphers. Which of the below
mentioned options helps identify the matching cipher at the this course!.

client side to the ELB cipher list when client is requesting ELB
DNS over SSL?

Cipher Protocol

Client Con guration Preference

Load Balancer Preference Learn Automated

Continuous Deployment
Server Order Preference
using AWS CodePipleine,

Elastic Beanstalk & Lambda

(includes example PHP

Refer: project).
DevOps: CI/CD using AWS
CodePipeline & Elastic

2. Question
A user has created an application which will be hosted on EC2.
Master AWS CodeDeploy,
The application makes calls to DynamoDB to fetch certain data.
from basic code 2/23
25/04/2017 Quiz SysOps Free – The-Cert-School

The application is using the DynamoDB SDK to connect with deployment use cases to

from the EC2 instance. Which of the below mentioned advanced zero-downtime

statements is true with respect to the best practice for security patching of your app.
in this scenario? Master AWS CodeDeploy

The user should create an IAM role, which has EC2 access
A Very Simple Introduction
so that it will allow deploying the application
to the Amazing World of
The user should create an IAM user with DynamoDB and
Amazon Web Services
EC2 access. Attach the user with the application so that it
does not use the root account credentials
Learn AWS The Hard Way

The user should attach an IAM role with DynamoDB

access to the EC2 instance

Learn how to build and
The user should create an IAM user with DynamoDB deploy a fault tolerant,
access and use its credentials within the application to scalable and load balanced
connect with DynamoDB Ruby on Rails application
on AWS.
Scaling Docker on AWS
Learn how to do ethical
hacking, penetration

testing, web testing, and

3. Question
wi hacking using kali
Your company is moving towards tracking web page users with linux!

a small tracking image loaded on each page. Currently you are The Complete Ethical
serving this image out of us-east, but are starting to get Hacking Course: Beginner
concerned about the time it takes to load the image for users on to Advanced
the west coast. What are the two best ways to speed up serving

this image? Choose 2 answers

Become an ethical hacker
that can hack computer
Use Route 53’s Latency Based Routing and serve the
systems like black hat
image out of us-west-2 as well as us-east-1
hackers and secure them
Serve the image out of S3 so that it isn’t being served of
like security experts.
your web application tier
Learn Ethical Hacking From

Serve the image out through CloudFront 3/23
25/04/2017 Quiz SysOps Free – The-Cert-School

Use AWS Storage Gateway to improve the network Scratch


Use EBS PIOPs to serve the image faster out of your EC2 The complete course to
instances excel in the AWS certi ed
Solutions Architect -
Incorrect Professional exam

AWS Certi ed Solutions

Latency Routing Policy
Architect Professional
Use the latency routing policy when you have resources in Exam Guide
multiple Amazon EC2 data centers that perform the same
function and you want Amazon Route 53 to respond to

DNS queries with the resources that provide the best

latency. For example, you might have web servers for in the Amazon EC2 data centers in Ireland

and in Tokyo. When a user browses to,

Amazon Route 53 chooses to respond to the DNS query
based on which data center gives your user the lowest




Amazon CloudFront is a global content delivery network
(CDN) service that accelerates delivery of your websites, AWS Lessons

APIs, video content or other web assets. It integrates with

other Amazon Web Services products to give developers
and businesses an easy way to accelerate content to end
users with no minimum usage commitments.


4. Question
If you want to launch Amazon Elastic Compute Cloud (EC2)
Instances and assign each Instance a predetermined private IP
address you should: 4/23
25/04/2017 Quiz SysOps Free – The-Cert-School

Assign a group or sequential Elastic IP address to the


Launch the Instance from a private Amazon Machine

image (AMI)

Launch the instances in the Amazon virtual Private

Cloud (VPC)

Launch the instances in a Placement Group


When you launch an Amazon EC2 instance within a VPC,

you may optionally specify the primary private IP address

for the instance. If you do not specify the primary private

IP address, AWS automatically addresses it from the IP
address range you assign to that subnet. You can assign

secondary private IP addresses when you launch an

instance, when you create an Elastic Network Interface,
or any time after the instance has been launched or the
interface has been created.


5. Question
What would happen to an RDS (Relational Database Service)
multi-Availability Zone deployment if the primary DB instance

IP of the primary DB Instance is switched to the standby

DB Instance

The RDS (Relational Database Service) DB instance reboots

A new DB instance is created in the standby availability


The canonical name record (CNAME) is changed from

primary to standby 5/23
25/04/2017 Quiz SysOps Free – The-Cert-School


Failover is automatically handled by Amazon RDS so that

you can resume database operations as quickly as
possible without administrative intervention. When
failing over, Amazon RDS simply ips the canonical name

record (CNAME) for your DB instance to point at the

standby, which is in turn promoted to become the new
primary. We encourage you to follow best practices and
implement database connection retry at the application


6. Question
How can the domain’s zone apex for example
“myzoneapexdomain com” be pointed towards an Elastic Load

By using an Amazon Route 53 CNAME record

By using an AAAA record

By using an A record

By using an Amazon Route 53 Alias record


Alias records are used to map resource record sets in your

hosted zone to Amazon Elastic Load Balancing load
balancers, Amazon CloudFront distributions, AWS Elastic
Beanstalk environments, or Amazon S3 buckets that are
con gured as websites. Alias records work like a CNAME
record in that you can map one DNS name (
to another ‘target’ DNS name

( They di er from a CNAME

record in that they are not visible to resolvers. Resolvers 6/23
25/04/2017 Quiz SysOps Free – The-Cert-School

only see the A record and the resulting IP address of the

target record.


7. Question
An organization has created 10 IAM users. The organization
wants to give them the same login ID but di erent passwords.
How can the organization achieve this?

The organization should create a separate login ID but give

the IAM users the same alias so that each one can login with
their alias

The organization should create each user in a separate

region so that they have their own URL to login

It is not possible to have the same login ID for multiple

IAM users of the same account

The organization should create various groups and add

each user with the same login ID to di erent groups. The
user can login with their own group ID


AWS Identity and Access Management is a web service

which allows organizations to manage users and user

permissions for various AWS services. Whenever the
organization is creating an IAM user, there should be a
unique ID for each user. It is not possible to have the
same login ID for multiple users.


8. Question
A user is planning to evaluate AWS for their internal use. The

user does not want to incur any charge on his account during 7/23
25/04/2017 Quiz SysOps Free – The-Cert-School

the evaluation. Which of the below mentioned AWS services

would incur a charge if used?

AWS micro instance running 24 hours daily

AWS S3 with 1 GB of storage

AWS ELB running 24 hours a day

AWS PIOPS volume of 10 GB size



9. Question
A user has launched an ELB which has 6 instances registered
with it. The user deletes the ELB by mistake. What will happen
to the instances?

ELB cannot be deleted if it has running instances

registered with it

ELB will ask the user whether to delete the instances or not

Instances will keep running

Instances will be terminated



10. Question
A user is planning to setup noti cations on the RDS DB for a
snapshot. Which of the below mentioned event categories is not
supported by RDS for this snapshot source type?


Backup 8/23
25/04/2017 Quiz SysOps Free – The-Cert-School




Categories and Events for the DB Snapshot Source Type

Noti cation


11. Question
A user is accessing RDS from an application. The user has
enabled the Multi-AZ feature with the MS SQL RDS DB. During a
planned outage how will AWS ensure that a switch from DB to a
standby replica will not a ect access to the application?

RDS will have an internal IP which will redirect all requests

to the new DB

The switch over changes Hardware so RDS does not need

to worry about access

RDS will have both the DBs running independently and the
user has to manually switch over

RDS uses DNS to switch over to standby replica for

seamless transition


In the event of a planned or unplanned outage of your DB

instance, Amazon RDS automatically switches to a
standby replica in another Availability Zone if you have

enabled Multi-AZ. The time it takes for the failover to

complete depends on the database activity and other 9/23
25/04/2017 Quiz SysOps Free – The-Cert-School

conditions at the time the primary DB instance became

unavailable. Failover times are typically 60-120 seconds.

However, large transactions or a lengthy recovery process

can increase failover time. When the failover is complete,
it can take additional time for the RDS console UI to
re ect the new Availability Zone. The failover mechanism
automatically changes the DNS record of the DB instance
to point to the standby DB instance


12. Question
An organization is generating digital policy les which are
required by the admins for veri cation. Once the les are
veri ed they may not be required in the future unless there is
some compliance issue. If the organization wants to save them
in a cost e ective way, which is the best possible solution?




AWS Glacier


Reduced Redundancy Storage (RRS) is an Amazon S3

storage option that enables customers to reduce their
costs by storing noncritical, reproducible data at lower
levels of redundancy than Amazon S3’s standard storage.
It provides a cost-e ective, highly available solution for

distributing or sharing content that is durably stored

elsewhere, or for storing thumbnails, transcoded media,
or other processed data that can be easily reproduced.
The RRS option stores objects on multiple devices across
multiple facilities, providing 400 times the durability of a 10/23
25/04/2017 Quiz SysOps Free – The-Cert-School

typical disk drive, but does not replicate objects as many

times as standard Amazon S3 storage

13. Question
A user has launched an EBS backed instance. The user started
the instance at 5 AM in the morning. Between 5 AM to 6 AM, the
user is testing some script. Thus, he stopped the instance twice

and restarted it. In the same hour the user rebooted the
instance once. For how many instance hours will AWS charge
the user?

2 hours

3 hours

1 hour

4 hours


When you stop an instance, we shut it down. We don’t

charge hourly usage for a stopped instance, or data

transfer fees, but we do charge for the storage for any

Amazon EBS volumes. Each time you start a stopped

instance we charge a full instance hour, even if you make

this transition multiple times within a single hour.

Rebooting an instance doesn’t start a new instance billing

hour, unlike stopping and restarting your instance.


14. Question
You have identi ed network throughput as a bottleneck on your

m1.small EC2 instance when uploading data Into Amazon S3 In

the same region. How do you remedy this situation? 11/23
25/04/2017 Quiz SysOps Free – The-Cert-School

Use EBS PIOPS on the local volume

Add an additional ENI

Change to a larger Instance

Use DirectConnect between EC2 and S3



15. Question
Which two components provide connectivity with external

networks? When attached to an Amazon VPC which two

components provide connectivity with external networks

Elastic IPs

Internet Gateway

NAT Gateway

Virtual Private Gateway


Internet Gateway: The Amazon VPC side of a connection

to the public Internet.

NAT Gateway: A highly available, managed Network

Address Translation (NAT) service for your resources in a

private subnet to access the Internet.


16. Question
When an EC2 instance that is backed by an S3-based AMI is
terminated, what happens to the data on the root volume?

Data is automatically saved as an EBS snapshot. 12/23
25/04/2017 Quiz SysOps Free – The-Cert-School

Data is automatically saved as an EBS volume.

Data is unavailable until the instance is restarted.

Data is automatically deleted.


By default, the root volume is deleted when the instance

terminates.* Data on any other Amazon EBS volumes

persists after instance termination by default. Data on

any instance store volumes persists only during the life of

the instance.


17. Question
When assessing an organization AWS use of AWS API access
credentials which of the following three credentials should be

evaluated? Choose 3 answers

Signing certi cates

Key pairs

Console passwords

Security Group memberships

Access keys



18. Question
From what services I can block incoming/outgoing IPs?

VPC Subnet 13/23
25/04/2017 Quiz SysOps Free – The-Cert-School


Security Groups




A Network Access Control List (ACL) is an optional layer of

security for your VPC that acts as a rewall for controlling

tra c in and out of one or more subnets.


19. Question
You are attempting to connect to an instance in Amazon VPC

without success You have already veri ed that the VPC has an
Internet Gateway (IGW) the instance has an associated Elastic IP

(EIP) and correct security group rules are in place. Which VPC

component should you evaluate next?

The con guration of SRC/DST checking

The con guration of the Routing Table

The con guration of a NAT instance

The con guration of the internet Gateway (IGW)


A route table contains a set of rules, called routes, that

are used to determine where network tra c is directed.

Each subnet in your VPC must be associated with a route

table; the table controls the routing for the subnet. A

subnet can only be associated with one route table at a

time, but you can associate multiple subnets with the

same route table. 14/23
25/04/2017 Quiz SysOps Free – The-Cert-School


20. Question
An organization’s security policy requires multiple copies of all

critical data to be replicated across at least a primary and

backup data center. The organization has decided to store some

critical data on Amazon S3. Which option should you implement

to ensure this requirement is met?

You do not need to implement anything since S3 data

is automatically replicated between multiple facilities

within an AWS Region

You do not need to implement anything since S3 data is

automatically replicated between regions

Use the S3 copy API to replicate data between two S3

buckets in di erent regions

Use the S3 copy API to replicate data between two S3

buckets in di erent facilities within an AWS Region


You specify a region when you create your Amazon S3

bucket. Within that region, your objects are redundantly

stored on multiple devices across multiple facilities.


21. Question
Which of the below mentioned end point is SNS unable to send

a noti cation?


Email JSON

HTTP 15/23
25/04/2017 Quiz SysOps Free – The-Cert-School



“HTTP”, “HTTPS” – Subscribers specify a URL as part of the

subscription registration; noti cations will be delivered

through an HTTP POST to the speci ed URL.

 ”Email”, “Email-JSON” – Messages are sent to registered

addresses as email. Email-JSON sends noti cations as a

JSON object, while Email sends text-based email.

 “SQS” – Users can specify an SQS standard queue as the

endpoint; Amazon SNS will enqueue a noti cation

message to the speci ed queue (which subscribers can

then process using SQS APIs such as ReceiveMessage,

DeleteMessage, etc.). Note that FIFO queues are not

currently supported.
 “SMS” – Messages are sent to registered phone numbers

as SMS text messages.


22. Question
A user has created a photo editing software and hosted it on
EC2. The software accepts requests from the user about the

photo format and resolution and sends a message to S3 to

enhance the picture accordingly. Which of the below mentioned

AWS services will help make a scalable software with the AWS

infrastructure in this scenario?

AWS Elastic Transcoder

AWS Glacier

AWS Simple Queue Service

AWS Simple Noti cation Service

Incorrect 16/23
25/04/2017 Quiz SysOps Free – The-Cert-School

Amazon Simple Queue Service (SQS) is a fast, reliable,

scalable, fully managed message queuing service. Amazon

SQS makes it simple and cost-e ective to decouple the

components of a cloud application. You can use Amazon

SQS to transmit any volume of data, without losing

messages or requiring other services to be always



23. Question
A sys admin is maintaining an application on AWS. The
application is installed on EC2 and user has con gured ELB and

Auto Scaling. Considering future load increase, the user is

planning to launch new servers proactively so that they get

registered with ELB. How can the user add these instances with

Auto Scaling?

Increase the maximum limit of the Auto Scaling group

Increase the desired capacity of the Auto Scaling group

Decrease the minimum limit of the Auto Scaling group

Launch an instance manually and register it with ELB on

the y


At any time, you can change the size of an existing Auto

Scaling group by updating the desired capacity of the

Auto Scaling group, or by updating the instances that are

attached to the Auto Scaling group



24. Question 17/23
25/04/2017 Quiz SysOps Free – The-Cert-School

A Sys-admin has created a shopping cart application and hosted

it on EC2. The EC2 instances are running behind ELB. The admin

wants to ensure that the end user request will always go to the
EC2 instance where the user session has been created. How can

the admin con gure this?

Enable ELB cross zone load balancing

Enable ELB sticky session

Enable ELB connection draining

Enable ELB cookie setup




25. Question
An organization has con gured the custom metric upload with
CloudWatch. The organization has given permission to its

employees to upload data using CLI as well SDK. How can the

user track the calls made to CloudWatch?

Create an IAM user and allow each user to log the data

using the S3 bucket

The user can enable logging with CloudWatch which logs

all the activities

Use CloudTrail to monitor the API calls

Enable detailed monitoring with CloudWatch


If CloudTrail logging is turned on, calls made to API

actions are captured in log les. Every log le entry

contains information about who generated the request.

For example, if a request is made to create or update a 18/23
25/04/2017 Quiz SysOps Free – The-Cert-School

CloudWatch alarm (PutMetricAlarm), CloudTrail logs the

user identity of the person or service that made the



26. Question
A user has con gured CloudWatch monitoring on an EBS
backed EC2 instance. If the user has not attached any additional

device, which of the below mentioned metrics will always show

a 0 value?






Bytes read from all instance store volumes available to

the instance.

This metric is used to determine the volume of the data

the application reads from the hard disk of the instance.

This can be used to determine the speed of the


Units: Bytes

27. Question
What are characteristics of Amazon S3? Choose 2 answers

S3 o ers Provisioned IOPS.

Objects are directly accessible via a URL.

S3 should be used to host a relational database. 19/23
25/04/2017 Quiz SysOps Free – The-Cert-School

S3 allows you to store objects of virtually unlimited size.

S3 allows you to store unlimited amounts of data.


Store data in Buckets – Store an in nite amount of data in

a bucket. Upload as many objects as you like into an

Amazon S3 bucket. Each object can contain up to 5 TB of

data. Each object is stored and retrieved using a unique

developer-assigned key.

Amazon S3 supports both virtual-hosted–style and path-

style URLs to access a bucket.

28. Question
Which of the following requires a custom CloudWatch metric to


Memory Utilization of an EC2 instance

CPU Utilization of an EC2 instance

Disk usage activity of an EC2 instance

Data transfer of an EC2 instance


Cannot monitor the Memory of an EC2 instance because it

runs on a hypervisor. Memory is shared by all EC2

instances running on a piece of hardware.Need to create

custom scripts that run on the EC2 instance and send

metrics to CloudWatch periodically via cron job

29. Question
A user has stored data on an encrypted EBS volume. The user

wants to share the data with his customer’s AWS account. How

can user achieve this? 20/23
25/04/2017 Quiz SysOps Free – The-Cert-School

Copy the data to an unencrypted volume and then share

Create an AMI from the volume and share the AMI

Take a snapshot and share the snapshot with a


If both the accounts are using the same encryption key

then the user can share the volume directly


You can share an encrypted snapshot with speci c AWS

accounts, though you cannot make it public. For others to

use the snapshot, you must also share the custom CMK

key used to encrypt it. Cross-account permissions may be

applied to a custom key either when it is created or at a

later time. Users with access can copy your snapshot and
create their own EBS volumes based on your snapshot

while your original snapshot remains una ected.

30. Question
Amazon EBS snapshots have which of the following two

characteristics? choose 2 answers

EBS snapshots can only be restored to an EBS volume of

the same size or smaller

EBS snapshots can only be restored and mounted to an

instance in the same Availability Zone as the original EBS


EBS snapshots can be created in real-time without

stopping an EC2 instance

EBS snapshots only save incremental changes from

snapshot to snapshot

Correct 21/23
25/04/2017 Quiz SysOps Free – The-Cert-School

You can back up the data on your EBS volumes to Amazon

S3 by taking point-in-time snapshots. Snapshots are

incremental backups, which means that only the blocks

on the device that have changed after your most recent

snapshot are saved. Snapshots occur asynchronously; the

point-in-time snapshot is created immediately, but the

status of the snapshot is pending until the snapshot is

complete (when all of the modi ed blocks have been

transferred to Amazon S3), which can take several hours

for large initial snapshots or subsequent snapshots where

many blocks have changed. While it is completing, an in-

progress snapshot is not a ected by ongoing reads and

writes to the volume.

Passed my AWS- Quiz CDA Free Passed AWS CSA

CSA-Associate Associate with 85%
Exam with 90%

In: AWS / Tagged: AWS, AWS SysOps / With: 1 Comment






Your email address will not be published. Required elds are

marked * 22/23