[Full Version] Free Download Of Lead2pass AWS-SysOps Real Exam Questions (261-280)

23 Feb

2017 February Amazon Official New Released AWS-SysOps Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

There are many companies that provide AWS-SysOps braindumps but those are not accurate and latest ones. Preparation with Lead2pass AWS-SysOps new questions is a best way to pass this certification exam in easy way.

Following questions and answers are all new published by Amazon Official Exam Center: http://www.lead2pass.com/aws-sysops.html

Which services allow the customer to retain full administrative privileges of the underlying EC2 instances? Choose 2 answers

A.    Amazon Elastic Map Reduce
B.    Elastic Load Balancing
C.    AWS Elastic Beanstalk
D.    Amazon Elasti cache
E.    Amazon Relational Database service

Answer: AC
Only the below services provide Root level access
* EC2
* Elastic Beanstalk
* Elastic MapReduce – Master Node
* Opswork

If you want to launch Amazon Elastic Compute Cloud (EC2) Instances and assign each Instance a predetermined private IP address you should:

A.    Assign a group or sequential Elastic IP address to the instances
B.    Launch the instances in a Placement Group
C.    Launch the instances in the Amazon virtual Private Cloud (VPC).
D.    Use standard EC2 instances since each instance gets a private Domain Name Service
(DNS) already
E.    Launch the Instance from a private Amazon Machine image (Mil)

Answer: C

Your entire AWS infrastructure lives inside of one Amazon VPC.
You have an Infrastructure monitoring application running on an Amazon instance in Availability Zone (AZ) A of the region, and another application instance running in AZ B.
The monitoring application needs to make use of ICMP ping to confirm network reachability of the instance hosting the application.
Can you configure the security groups for these instances to only allow the ICMP ping to pass from the monitoring instance to the application instance and nothing else” If so how?

A.    No Two instances in two different AZ’s can’t talk directly to each other via ICMP ping as that protocol is not allowed across subnet (iebroadcast) boundaries
B.    Yes Both the monitoring instance and the application instance have to be a part of the same security group, and that security group needs to allow inbound ICMP
C.    Yes, The security group for the monitoring instance needs to allow outbound ICMP and the application instance’s security group needs to allow Inbound ICMP
D.    Yes, Both the monitoring instance’s security group and the application instance’s security
group need to allow both inbound and outbound ICMP ping packets since ICMP is not a connection-oriented protocol

Answer: C
Even though ICMP is not a connection-oriented protocol, Security Groups are stateful.
“Security groups are stateful — responses to allowed inbound traffic are allowed to flow outbound regardless of outbound rules, and vice versa.”

You run a web application where web servers on EC2 Instances are In an Auto Scaling group Monitoring over the last 6 months shows that 6 web servers are necessary to handle the minimum load During the day up to 12 servers are needed Five to six days per year, the number of web servers required might go up to 15.
What would you recommend to minimize costs while being able to provide hill availability?

A.    6 Reserved instances (heavy utilization).
6 Reserved instances {medium utilization), rest covered by On-Demand instances
B.    6 Reserved instances (heavy utilization).
6 On-Demand instances, rest covered by Spot Instances
C.    6 Reserved instances (heavy utilization)
6 Spot instances, rest covered by On-Demand instances
D.    6 Reserved instances (heavy utilization)
6 Reserved instances (medium utilization) rest covered by Spot instances

Answer: B

When attached to an Amazon VPC which two components provide connectivity with external networks? (Choose two.)

A.    Elastic IPS (EIP)
B.    NAT Gateway (NAT)
C.    Internet Gateway {IGW)
D.    Virtual Private Gateway (VGW)

Answer: CD

You have a server with a 5O0GB Amazon EBS data volume.
The volume is 80% full.
You need to back up the volume at regular intervals and be able to re-create the volume in a new Availability Zone in the shortest time possible.
All applications using the volume can be paused for a period of a few minutes with no discernible user impact.
Which of the following backup methods will best fulfill your requirements?

A.    Take periodic snapshots of the EBS volume
B.    Use a third party Incremental backup application to back up to Amazon Glacier
C.    Periodically back up all data to a single compressed archive and archive to Amazon S3
using a parallelized multi-part upload
D.    Create another EBS volume in the second Availability Zone attach it to the Amazon EC2
instance, and use a disk manager to mirror me two disks

Answer: A
EBS volumes can only be attached to EC2 instances within the same Availability Zone.

Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases’ decreases and has been performing well
Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks
Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175.
What should you do to avoid potential service disruptions during the ramp up in traffic?

A.    Ensure that you have pre-allocated 175 Elastic IP addresses so that each server will be able
to obtain one as it launches
B.    Check the service limits in Trusted Advisor and adjust as necessary so the forecasted count remains within limits.
C.    Change your Auto Scaling configuration to set a desired capacity of 175 prior to the launch
of the marketing campaign
D.    Pre-warm your Elastic Load Balancer to match the requests per second anticipated during
peak demand prior to the marketing campaign

Answer: D
Amazon ELB is able to handle the vast majority of use cases for our customers without requiring “pre-warming” (configuring the load balancer to have the appropriate level of capacity based on expected traffic).

You have started a new job and are reviewing your company’s infrastructure on AWS.
You notice one web application where they have an Elastic Load Balancer (&B) in front of web instances in an Auto Scaling Group.
When you check the metrics for the ELB in CloudWatch you see four healthy instances.
In Availability Zone (AZ) A and zero in AZ B There are zero unhealthy instances.
What do you need to fix to balance the instances across AZs?

A.    Set the ELB to only be attached to another AZ
B.    Make sure Auto Scaling is configured to launch in both AZs
C.    Make sure your AMI is available in both AZs
D.    Make sure the maximum size of the Auto Scaling Group is greater than 4

Answer: B

You are designing a system that has a Bastion host.
This component needs to be highly available without human intervention.
Which of the following approaches would you select?

A.    Run the bastion on two instances one in each AZ
B.    Run the bastion on an active Instance in one AZ and have an AMI ready to boot up in the
event of failure
C.    Configure the bastion instance in an Auto Scaling group Specify the Auto Scaling group to
include multiple AZs but have a min-size of 1 and max-size of 1
D.    Configure an ELB in front of the bastion instance

Answer: C

A user is launching an EC2 instance in the US East region.
Which of the below mentioned options is recommended by AWS with respect to the selection of the availability zone?

A.    Always select the US-East-1-a zone for HA
B.    Do not select the AZ; instead let AWS select the AZ
C.    The user can never select the availability zone while launching an instance
D.    Always select the AZ while launching an instance

Answer: B
When launching an instance with EC2, AWS recommends not to select the availability zone (AZ.. AWS specifies that the default Availability Zone should be accepted. This is because it enables AWS to select the best Availability Zone based on the system health and available capacity. If the user launches additional instances, only then an Availability Zone should be specified. This is to specify the same or different AZ from the running instances.

A user has created numerous EBS volumes.
What is the general limit for each AWS account for the maximum number of EBS volumes that can be created?

A.    10000
B.    5000
C.    100
D.    1000

Answer: B
A user can attach multiple EBS volumes to the same instance within the limits specified by his AWS account. Each AWS account has a limit on the number of Amazon EBS volumes that the user can create, and the total storage available. The default limit for the maximum number of volumes that can be created is 5000.

An organization has configured the custom metric upload with CloudWatch.
The organization has given permission to its employees to upload data using CLI as well SDK. How can the user track the calls made to CloudWatch?

A.    The user can enable logging with CloudWatch which logs all the activities
B.    Use CloudTrail to monitor the API calls
C.    Create an IAM user and allow each user to log the data using the S3 bucket
D.    Enable detailed monitoring with CloudWatch

Answer: B
AWS CloudTrail is a web service which will allow the user to monitor the calls made to the Amazon CloudWatch API for the organization’s account, including calls made by the AWS Management Console, Command Line Interface (CLI., and other services. When CloudTrail logging is turned on, CloudWatch will write log files into the Amazon S3 bucket, which is specified during the CloudTrail configuration.

A user is trying to understand AWS SNS.
To which of the below mentioned end points is SNS unable to send a notification?

A.    Email JSON
B.    HTTP

Answer: D
Amazon Simple Notification Service (Amazon SNS. is a fast, flexible, and fully managed push messaging service. Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue Service (SQS. queues or to any HTTP endpoint. The user can select one the following transports as part of the subscription requests: “HTTP”, “HTTPS”,”Email”, “Email JSON”, “SQS”, “and SMS”.

A user has created a queue named “myqueue” with SQS.
There are four messages published to queue which are not received by the consumer yet.
If the user tries to delete the queue, what will happen?

A.    A user can never delete a queue manually.
AWS deletes it after 30 days of inactivity on queue
B.    It will delete the queue
C.    It will initiate the delete but wait for four days before deleting until all messages are deleted automatically.
D.    I t will ask user to delete the messages first

Answer: B
SQS allows the user to move data between distributed components of applications so they can perform different tasks without losing messages or requiring each component to be always available. The user can delete a queue at any time, whether it is empty or not. It is important to note that queues retain messages for a set period of time. By default, a queue retains messages for four days.

An organization, which has the AWS account ID as 999988887777, has created 50 IAM users.
All the users are added to the same group cloudacademy.
If the organization has enabled that each IAM user can login with the AWS console, which AWS login URL will the IAM users use?

A.    https://999988887777.signin.aws.amazon.com/console/
B.    https://signin.aws.amazon.com/cloudacademy/
C.    https://cloudacademy.signin.aws.amazon.com/999988887777/console/
D.    https://999988887777.aws.amazon.com/cloudacademy/

Answer: A
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. Once the organization has created the IAM users, they will have a separate AWS console URL to login to the AWS console.
The console login URL for the IAM user will be
It uses only the AWS account ID and does not depend on the group or user ID.

An organization has created 50 IAM users.
The organization wants that each user can change their password but cannot change their access keys.
How can the organization achieve this?

A.    The organization has to create a special password policy and attach it to each user
B.    The root account owner has to use CLI which forces each IAM user to change their
password on first login
C.    By default each IAM user can modify their passwords
D.    The root account owner can set the policy from the IAM console under the password policy screen

Answer: D
With AWS IAM, organizations can use the AWS Management Console to display, create, change or delete a password policy. As a part of managing the password policy, the user can enable all users to manage their own passwords. If the user has selected the option which allows the IAM users to modify their password, he does not need to set a separate policy for the users. This option in the AWS console allows changing only the password.

A user wants to make so that whenever the CPU utilization of the AWS EC2 instance is above 90%, the redlight of his bedroom turns on.
Which of the below mentioned AWS services is helpful for this purpose?

A.    AWS CloudWatch + AWS SES
B.    AWS CloudWatch + AWS SNS
C.    None. It is not possible to configure the light with the AWS infrastructure services
D.    AWS CloudWatch and a dedicated software turning on the light

Answer: B
Amazon Simple Notification Service (Amazon SNS. is a fast, flexible, and fully managed push messaging service. Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue Service (SQS. queues or to any HTTP endpoint. The user can configure some sensor devices at his home which receives data on the HTTP end point (REST calls. and turn on the red light. The user can configure the CloudWatch alarm to send a notification to the AWS SNS HTTP end point (the sensor device. and it will turn the light red when there is an alarm condition.

A user has created a VPC with CIDR
The user has created a public subnet with CIDR
The user is trying to create the private subnet with CIDR
Which of the below mentioned statements is true in this scenario?

A.    It will not allow the user to create the private subnet due to a CIDR overlap
B.    It will allow the user to create a private subnet with CIDR as
C.    This statement is wrong as AWS does not allow CIDR
D.    It will not allow the user to create a private subnet due to a wrong CIDR range

Answer: B
When the user creates a subnet in VPC, he specifies the CIDR block for the subnet.
The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC., or a subset (to enable multiple subnets.. If the user creates more than one subnet in a VPC, the CIDR blocks of the subnets must not overlap. Thus, in this case the user has created a VPC with the CIDR block, which supports 256 IP addresses ( to The user can break this CIDR block into two subnets, each supporting 128 IP addresses.
One subnet uses the CIDR block (for addresses and the other uses the CIDR block (for addresses

An organization is using cost allocation tags to find the cost distribution of different departments and projects.
One of the instances has two separate tags with the key/value as “InstanceName/HR”, “CostCenter/HR”.
What will AWS do in this case?

A.    InstanceName is a reserved tag for AWS.
Thus, AWS will not allow this tag
B.    AWS will not allow the tags as the value is the same for different keys
C.    AWS will allow tags but will not show correctly in the cost allocation report due to the same
value of the two separate keys
D.    AWS will allow both the tags and show properly in the cost distribution report

Answer: D
AWS provides cost allocation tags to categorize and track the AWS costs. When the user applies tags to his AWS resources, AWS generates a cost allocation report as a comma-separated value (CSV file. with the usage and costs aggregated by those tags. Each tag will have a key-value and can be applied to services, such as EC2, S3, RDS, EMR, etc. It is required that the key should be different for each tag. The value can be the same for different keys. In this case since the value is different, AWS will properly show the distribution report with the correct values.

A user has setup a web application on EC2.
The user is generating a log of the application performance at every second.
There are multiple entries for each second.
If the user wants to send that data to CloudWatch every minute, what should he do?

A.    The user should send only the data of the 60th second as CloudWatch will map the receive
data timezone with the sent data timezone
B.    It is not possible to send the custom metric to CloudWatch every minute
C.    Give CloudWatch the Min, Max, Sum, and SampleCount of a number of every minute
D.    Calculate the average of one minute and send the data to CloudWatch

Answer: C
Amazon CloudWatch aggregates statistics according to the period length that the user has specified while getting data from CloudWatch. The user can publish as many data points as he wants with the same or similartime stamps. CloudWatch aggregates them by the period length when the user calls get statistics about those data points. CloudWatch records the average (sum of all items divided by the number of items. of the values received for every 1-minute period, as well as the number of samples, maximum value, and minimum value for the same time period. CloudWatch will aggregate all the data which have time stamps within a one-minute period.

We give you the proper and complete training with free AWS-SysOps Lead2pass updates. Our braindumps will defiantly make you perfect to that level you can easily pass the exam in first attempt.

AWS-SysOps new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDekE1aUpSVGNHbWM

2017 Amazon AWS-SysOps exam dumps (All 332 Q&As) from Lead2pass:

http://www.lead2pass.com/aws-sysops.html [100% Exam Pass Guaranteed]