Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • [Nov 11, 2024] AWS-SysOps Exam Dumps, AWS-SysOps Practice Test Questions [Q491-Q509]

[Nov 11, 2024] AWS-SysOps Exam Dumps, AWS-SysOps Practice Test Questions [Q491-Q509]

Share

[Nov 11, 2024] AWS-SysOps Exam Dumps, AWS-SysOps Practice Test Questions

Free AWS-SysOps Study Guides Exam Questions and Answer

NEW QUESTION # 491
Fill in the blanks: One of the basic characteristics of security groups for your VPC is that you
______ .

  • A. can specify deny rules, but not allow rules
  • B. can specify allow rules as well as deny rules
  • C. can neither specify allow rules nor deny rules
  • D. can specify allow rules, but not deny rules

Answer: D

Explanation:
Security Groups in VPC allow you to specify rules with reference to the protocols and ports through which
communications with your instances can be established. One such rule is that you can specify allow rules, but
not deny rules.
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html


NEW QUESTION # 492
An application is being developed that will be served across a fleet of Amazon EC2 instances, which require a consistent view of persistent data. Items stored vary in size from 1KB to 300MB; the items are read frequently, created occasionally, and often require partial changes without conflict. The data store is not expected to grow beyond 2TB, and items will be expired according to age and content type.
Which AWS service solution meets these requirements?

  • A. Amazon EFS and a scheduled process to delete files based on age and extension.
  • B. Amazon S3 buckets with lifecycle policies to delete old objects.
  • C. An EC2 instance store synced on boot from a central Amazon EBS-backed instance.
  • D. Amazon RDS PostgreSQL and a job that deletes rows based on age and file type columns.

Answer: A

Explanation:
https://dzone.com/articles/confused-by-aws-storage-options-s3-ebs-amp-efs-explained You can mount EFS onto several EC2 instances at the same time.


NEW QUESTION # 493
Which of the following statements is true of tags and resource identifiers for EC2 instances?

  • A. You can't select instances by their tags for stoppage, termination, or deletion
  • B. You can select instances by their tags for stoppage, termination, or deletion
  • C. You don't need to specify the resource identifier while stopping a resource.
  • D. You don't need to specify the resource identifier while terminating a resource.

Answer: A

Explanation:
Explanation
You can assign tags only to resources that already exist. You can't terminate, stop, or delete a resource based solely on its tags; you must specify the resource identifier. For example, to delete snapshots that you tagged with a tag key called DeleteMe, you must use the DeleteSnapshots action with the resource identifiers of the snapshots, such as snap-1234567890abcdef0. To identify resources by their tags, you can use the DescribeTags action to list all of your tags and their associated resources.


NEW QUESTION # 494
A user has configured two security groups which allow traffic as given below:
1: SecGrp1:
Inbound on port 80 for 0.0.0.0/0
Inbound on port 22 for 0.0.0.0/0
2: SecGrp2:
Inbound on port 22 for 10.10.10.1/32
If both the security groups are associated with the same instance, which of the below mentioned statements is true?

  • A. It is not possible to have more than one security group assigned to a single instance
  • B. It allows inbound traffic for everyone on both ports 22 and 80
  • C. It allows inbound traffic on port 22 for IP 10.10.10.1 and for everyone else on port 80
  • D. It is not possible to create the security group with conflicting rules. AWS will reject the request

Answer: B

Explanation:
Explanation
A user can attach more than one security group to a single EC2 instance. In this case, the rules from each security group are effectively aggregated to create one set of rules. AWS uses this set of rules to determine whether to allow access or not. Thus, here the rule for port 22 with IP 10.10.10.1/32 will merge with IP
0.0.0.0/0 and open ports 22 and 80 for all.
References:


NEW QUESTION # 495
A user has launched an EBS backed EC2 instance in the US-East-1a region.
The user stopped the instance and started it back after 20 days.
AWS throws up an `InsufficientInstanceCapacity' error.
What can be the possible reason for this?

  • A. The user account has reached the maximum EC2 instance limit
  • B. There is some issue with the host capacity on which the instance is launched
  • C. AWS zone mapping is changed for that user account
  • D. AWS does not have sufficient capacity in that availability zone

Answer: D

Explanation:
When the user gets an `InsufficientInstanceCapacity' error while launching or starting an EC2 instance, it means that AWS does not currently have enough available capacity to service the user request. If the user is requesting a large number of instances, there might not be enough server capacity to host them. The user can either try again later, by specifying a smaller number of instances or changing the availability zone if launching a fresh instance.


NEW QUESTION # 496
A user is using the AWS EC2. The user wants to make so that when there is an issue in the EC2 server, such as instance status failed, it should start a new instance in the user's private cloud. Which AWS service helps to achieve this automation?

  • A. AWS CloudWatch + AWS SNS
  • B. AWS CloudWatch + AWS AutoScaling + AWS ELB
  • C. AWS CloudWatch + AWS VPC
  • D. AWS CloudWatch + Cloudformation

Answer: A

Explanation:
Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue Service (SQS. queues or to any HTTP endpoint. The user can configure a web service (HTTP End point. in his data centre which receives data and launches an instance in the private cloud. The user should configure the CloudWatch alarm to send a notification to SNS when the "StatusCheckFailed" metric is true for the EC2 instance. The SNS topic can be configured to send a notification to the user's HTTP end point which launches an instance in the private cloud.


NEW QUESTION # 497
What is a "vault" in Amazon Glacier?

  • A. A free tier available for 12 months following your AWS sign-up date
  • B. A unique ID that maps an AWS Region, plus a specific Amazon S3 bucket
  • C. A way to group archives together in Amazon Glacier
  • D. A container for storing S3 buckets

Answer: C

Explanation:
An Amazon Glacier vault is a container in which you can organize and manage your archives.
You store data in Amazon Glacier as an archive. Each archive is assigned a unique archive ID that can later be used to retrieve the data. An archive can represent a single file or you may choose to combine several files to be uploaded as a single archive. You upload archives into vaults. Vaults are collections of archives that you use to organize your data.
Reference: http://aws.amazon.com/glacier/faqs/#How_do_vaults_work


NEW QUESTION # 498
A user has created an S3 bucket which is not publicly accessible. The bucket is having thirty objects which are also private. If the user wants to make the objects public, how can he configure this with minimal efforts?

  • A. Make the bucket ACL as public so it will also mark all objects as public
  • B. The user can write a program which programmatically makes all objects public using S3 SDK
  • C. The user should select all objects from the console and apply a single policy to mark them public
  • D. Set the AWS bucket policy which marks all objects as public

Answer: D

Explanation:
Explanation
A system admin can grant permission of the S3 objects or buckets to any user or make the objects public using the bucket policy and user policy. Both use the JSON-based access policy language. Generally, if the user is defining the ACL on the bucket, the objects in the bucket do not inherit it and vice a versa. The bucket policy can be defined at the bucket level which allows the objects as well as the bucket to be public with a single policy applied to that bucket.


NEW QUESTION # 499
A sys admin is maintaining an application on AWS. The application is installed on EC2 and user has
configured ELB and Auto Scaling. Considering future load increase, the user is planning to launch new
servers proactively so that they get registered with ELB. How can the user add these instances with Auto
Scaling?

  • A. Decrease the minimum limit of the Auto Scaling group
  • B. Increase the maximum limit of the Auto Scaling group
  • C. Increase the desired capacity of the Auto Scaling group
  • D. Launch an instance manually and register it with ELB on the fly

Answer: C

Explanation:
A user can increase the desired capacity of the Auto Scaling group and Auto Scaling will launch a new
instance as per the new capacity. The newly launched instances will be registered with ELB if Auto
Scaling group is configured with ELB. If the user decreases the minimum size the instances will be
removed from Auto Scaling. Increasing the maximum size will not add instances but only set the
maximum instance cap.
Reference: http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/as-manual-scaling.html


NEW QUESTION # 500
What are characteristics of Amazon S3? (Choose two.)

  • A. S3 offers Provisioned IOPS
  • B. Objects are directly accessible via a URL
  • C. S3 should be used to host a relational database
  • D. S3 allows you to store virtually unlimited amounts of data
  • E. S3 allows you to store objects or virtually unlimited size

Answer: B,D

Explanation:
Explanation
The total volume of data and number of objects you can store are unlimited. Individual Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5 terabytes. The largest object that can be uploaded in a single PUT is 5 gigabytes. For objects larger than 100 megabytes, customers should consider using the Multipart Upload capability.
References:


NEW QUESTION # 501
A user has created a VPC with public and private subnets using the VPC Wizard.
The VPC has CIDR 20.0.0.0/16.
The private subnet uses CIDR 20.0.0.0/24.
Which of the below mentioned entries are required in the main route table to allow the instances in VPC to communicate with each other?

  • A. Destination : 20.0.0.0/0 and Target : ALL
  • B. Destination : 20.0.0.0/16 and Target : ALL
  • C. Destination : 20.0.0.0/24 and Target : VPC
  • D. Destination : 20.0.0.0/16 and Target : Local

Answer: D

Explanation:
Option A doesn't use standard AWS terminology (you don't route to "VPC"), and because the mask is /24, it would only allow the instances in the private subnet to communicate with each other, not all the instances in the VPC as the question asked. Here's an example VPC route table for a public subnet (i.e. it routes to the IGW). Option D is the correct one.


NEW QUESTION # 502
You are running a database on an EC2 instance, with the data stored on Elastic Block Store (EBS) for persistence. At times throughout the day, you are seeing large variance in the response times of the database queries Looking into the instance with the isolate command you see a lot of wait time on the disk volume that the database's data is stored on.
What two ways can you improve the performance of the database's storage while maintaining the current persistence of the data?
Choose 2 answers

  • A. Use the ephemeral storage on an m2.4xlarge Instance Instead
  • B. Use Provisioned IOPs EBS
  • C. Move the database to an EBS-Optimized Instance
  • D. Move to an SSD backed instance

Answer: B,C


NEW QUESTION # 503
You have set up an IAM policy for your users to access Elastic Load Balancers and you know that an IAM policy is a JSON document that consists of one or more statements. Which of the following elements is not a part of the statement in an IAM policy document?

  • A. Key
  • B. Resource
  • C. Effect
  • D. Action

Answer: A

Explanation:
Explanation
When you attach a policy to a user or group of users to control access to your load balancer, it allows or denies the users permission to perform the specified tasks on the specified resources.
An IAM policy is a JSON document that consists of one or more statements. Each statement is structured as follows:
Effect: The effect can be Allow or Deny. By default, IAM users don't have permission to use resources and API actions, so all requests are denied. An explicit allow overrides the default. An explicit deny overrides any allows.
Action: The action is the specific API action for which you are granting or denying permission.
Resource: The resource that's affected by the action. With many Elastic Load Balancing API actions, you can restrict the permissions granted or denied to a specific load balancer by specifying its Amazon Resource Name (ARN) in this statement. Otherwise, you can use the * wildcard to specify all of your load balancers.
Condition: You can optionally use conditions to control when your policies in effect.
References:


NEW QUESTION # 504
A user has two EC2 instances running in two separate regions.
The user is running an internal memory management tool, which captures the data and sends it to CloudWatch in US East, using a CLI with the same namespace and metric.
Which of the below mentioned options is true with respect to the above statement?

  • A. CloudWatch will give an error since the data will conflict due to two sources
  • B. CloudWatch will receive and aggregate the data based on the namespace and metric
  • C. The setup will not work as CloudWatch cannot receive data across regions
  • D. CloudWatch will take the data of the server, which sends the data first

Answer: B

Explanation:
Amazon CloudWatch does not differentiate the source of a metric when receiving custom data.
If the user is publishing a metric with the same namespace and dimensions from different sources, CloudWatch will treat them as a single metric. If the data is coming with the same timezone within a minute, CloudWatch will aggregate the data. It treats these as a single metric, allowing the user to get the statistics, such as minimum, maximum, average, and the sum of all across all servers.


NEW QUESTION # 505
An application running by a SysOps Administrator is under repeated, large-scale distributed denial of service (DDoS) attacks. Each time an attack occurs, multiple customers reach out to the Support team to report outages. The Administrator wants to minimize potential downtime from the DDoS attacks. The company requires 24/7 support.
Which AWS service should be set up to protect the application?

  • A. AWS Shield Advanced
  • B. Amazon Inspector
  • C. Amazon Cognito
  • D. AWS Trusted Advisor

Answer: A


NEW QUESTION # 506
A user is measuring the CPU utilization of a private data center machine every minute. The machine provides the aggregate of data every hour, such as Sum of data", "Min value", "Max value, and "Number of Data points".
The user wants to send these values to CloudWatch. How can the user achieve this?

  • A. Send the data using the put-metric-data command with the statistic-values parameter
  • B. Send the data using the put-metric-data command with the average-values parameter
  • C. Send the data using the put-metric-data command with the aggregate -data parameter
  • D. Send the data using the put-metric-data command with the aggregate-values parameter

Answer: A

Explanation:
AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. The user can publish the data to CloudWatch as single data points or as an aggregated set of data points called a statistic set using the command put-metric-data. When sending the aggregate data, the user needs to send it with the parameter statistic-values:


NEW QUESTION # 507
A database running on Amazon EC2 requires sustained IOPS performance.
Which kind of Amazon EBS volume should an Administrator choose for this solution?

  • A. Cloud HDD
  • B. General Purpose SSD
  • C. Provisioned IOPS SSD
  • D. Throughput Optimized HDD

Answer: C


NEW QUESTION # 508
You have been asked to propose a multi-region deployment of a web-facing application where a
controlled portion of your traffic is being processed by an alternate region.
Which configuration would achieve that goal?

  • A. Route53 record sets with weighted routing policy
  • B. Auto Scaling with scheduled scaling actions set
  • C. Elastic Load Balancing with health checks enabled
  • D. Route53 record sets with latency based routing policy

Answer: C


NEW QUESTION # 509
......


The Amazon AWS-SysOps exam covers a wide range of topics related to AWS administration, including deployment and management of AWS services, security and compliance, networking, and automation. Candidates should have a strong understanding of the AWS platform and be able to navigate the AWS Management Console, AWS CLI, and other AWS tools. Additionally, candidates should be familiar with common AWS services such as EC2, S3, RDS, and VPC. Overall, the AWS-SysOps certification is a valuable credential for IT professionals who want to demonstrate their expertise in managing cloud-based applications on the AWS platform.

 

AWS-SysOps Exam Dumps, AWS-SysOps Practice Test Questions: https://www.testsimulate.com/AWS-SysOps-study-materials.html

Attested AWS-SysOps Dumps PDF Resource [2024]: https://drive.google.com/open?id=14BiibXJYgtsMJZ6tAol5WdkKXebNYjV_

Related Blogs

more
Go To AWS-SysOps Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.