[Full Version] Free Download Of Lead2pass AWS-SysOps Real Exam Questions (61-80)

21 Feb

2017 February Amazon Official New Released AWS-SysOps Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

After purchasing the dumps for the AWS-SysOps Exam from Lead2pass, I had no doubt that I’d easily pass the exam. Bundle of thanks to Lead2pass for helping me pass the exam without any troubles.

Following questions and answers are all new published by Amazon Official Exam Center: http://www.lead2pass.com/aws-sysops.html

A user has configured a VPC with a new subnet.
The user has created a security group.
The user wants to configure that instances of the same subnet communicate with each other. How can the user configure this with the security group?

A.    There is no need for a security group modification as all the instances can communicate with each other inside the same subnet
B.    Configure the subnet as the source in the security group and allow traffic on all the protocols
and ports
C.    Configure the security group itself as the source and allow traffic on all the protocols and ports
D.    The user has to use VPC peering to configure this

Answer: C
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. AWS provides two features that the user can use to increase security in VPC: security groups and network ACLs. Security groups work at the instance level. If the user is using the default security group it will have a rule which allows the instances to communicate with other. For a new security group the user has to specify the rule, add it to define the source as the security group itself, and select all the protocols and ports for that source.

A user has launched an EC2 instance.
The user is planning to setup the CloudWatch alarm.
Which of the below mentioned actions is not supported by the CloudWatch alarm?

A.    Notify the Auto Scaling launch config to scale up
B.    Send an SMS using SNS
C.    Notify the Auto Scaling group to scale down
D.    Stop the EC2 instance

Answer: A
Q: What actions can I take from a CloudWatch Alarm?
When you create an alarm, you can configure it to perform one or more automated actions when the metric you chose to monitor exceeds a threshold you define. For example, you can set an alarm that sends you an email, publishes to an SQS queue, stops or terminates an Amazon EC2 instance, or executes an Auto Scaling policy.
Since Amazon CloudWatch alarms are integrated with answer is A.
Amazon Simple Notification Service, you can also use any notification type supported by SNS

A user is planning to setup notifications on the RDS DB for a snapshot.
Which of the below mentioned event categories is not supported by RDS for this snapshot source type?

A.    Backup
B.    Creation
C.    Deletion
D.    Restoration

Answer: A
Amazon RDS uses the Amazon Simple Notification Service to provide a notification when an Amazon RDS event occurs. Event categories for a snapshot source type include: Creation, Deletion, and Restoration. The Backup is a part of DB instance source type.

You are managing the AWS account of a big organization.
The organization has more than 1000+ employees and they want to provide access to the various services to most of the employees.
Which of the below mentioned options is the best possible solution in this case?

A.    The user should create a separate IAM user for each employee and provide access to them
as per the policy
B.    The user should create an IAM role and attach STS with the role.
The user should attach that role to the EC2 instance and setup AWS authentication on that
C.    The user should create IAM groups as per the organization’s departments and add each user
to the group for better access control
D.    Attach an IAM role with the organization’s authentication service to authorize each user for various AWS services

Answer: D
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The user is managing an AWS account for an organization that already has an identity system, such as the login system for the corporate network (SSO.. In this case, instead of creating individual IAM users or groups for each user who need AWS access, it may be more practical to use a proxy server to translate the user identities from the organization network into the temporary AWS security credentials. This proxy server will attach an IAM role to the user after authentication.

An organization is using AWS since a few months.
The finance team wants to visualize the pattern of AWS spending.
Which of the below AWS tool will help for this requirement?

A.    AWS Cost Manager
B.    AWS Cost Explorer
C.    AWS CloudWatch
D.    AWS Consolidated Billing

Answer: B
The AWS Billing and Cost Management console includes the Cost Explorer tool for viewing AWS cost data as a graph. It does not charge extra to user for this service. With Cost Explorer the user can filter graphs using resource tags or with services in AWS. If the organization is using Consolidated Billing it helps generate report based on linked accounts. This will help organization to identify areas that require further inquiry. The organization can view trends and use that to understand spend and to predict future costs.

A system admin is planning to setup event notifications on RDS.
Which of the below mentioned services will help the admin setup notifications?

B.    AWS Cloudtrail
C.    AWS Cloudwatch

Answer: D
Amazon RDS uses the Amazon Simple Notification Service to provide a notification when an Amazon RDS event occurs. These notifications can be in any notification form supported by Amazon SNS for an AWS region, such as an email, a text message or a call to an HTTP endpoint

An organization is planning to create 5 different AWS accounts considering various security requirements.
The organization wants to use a single payee account by using the consolidated billing option. Which of the below mentioned statements is true with respect to the above information?

A.    Master (Payee. account will get only the total bill and cannot see the cost incurred by each account
B.    Master (Payee. account can view only the AWS billing details of the linked accounts
C.    It is not recommended to use consolidated billing since the payee account will have access
to the linked accounts
D.    Each AWS account needs to create an AWS billing policy to provide permission to the payee account

Answer: B
AWS consolidated billing enables the organization to consolidate payments for multiple Amazon Web Services (AWS. accounts within a single organization by making a single paying account. Consolidated billing enables the organization to see a combined view of the AWS charges incurred by each account as well as obtain a detailed cost report for each of the individual AWS accounts associated with the paying account. The payee account will not have any other access than billing data of linked accounts.

A user has launched a large EBS backed EC2 instance in the US-East-1a region.
The user wants to achieve Disaster Recovery (DR. for that instance by creating another small instance in Europe.
How can the user achieve DR?

A.    Copy the running instance using the “Instance Copy” command to the EU region
B.    Create an AMI of the instance and copy the AMI to the EU region.
Then launch the instance from the EU AMI
C.    Copy the instance from the US East region to the EU region
D.    Use the “Launch more like this” option to copy the instance from one region to another

Answer: B
To launch an EC2 instance it is required to have an AMI in that region. If the AMI is not available in that region, then create a new AMI or use the copy command to copy the AMI from one region to the other region.

An organization has created 5 IAM users.
The organization wants to give them the same login ID but different passwords.
How can the organization achieve this?

A.    The organization should create a separate login ID but give the IAM users the same alias
so that each one can login with their alias
B.    The organization should create each user in a separate region so that they have their own
URL to login
C.    It is not possible to have the same login ID for multiple IAM users of the same account
D.    The organization should create various groups and add each user with the same login ID
to different groups. The user can login with their own group ID

Answer: C
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. Whenever the organization is creating an IAM user, there should be a unique ID for each user. It is not possible to have the same login ID for multiple users. The names of users,groups, roles, instance profiles must be alphanumeric, including the following common characters: plus (+., equal (=., comma (,., period (.., at (@., and dash (-..

A user has setup an RDS DB with Oracle.
The user wants to get notifications when someone modifies the security group of that DB.
How can the user configure that?

A.    It is not possible to get the notifications on a change in the security group
B.    Configure SNS to monitor security group changes
C.    Configure event notification on the DB security group
D.    Configure the CloudWatch alarm on the DB for a change in the security group

Answer: C
Amazon RDS uses the Amazon Simple Notification Service to provide a notification when an Amazon RDS event occurs. These events can be configured for source categories, such as DB instance, DB security group, DB snapshot and DB parameter group. If the user is subscribed to a Configuration Change category for a DB security group, he will be notified when the DB security group is changed.

A user has created an ELB with three instances.
How many security groups will ELB create by default?

A.    3
B.    5
C.    2
D.    1

Answer: C
Elastic Load Balancing provides a special Amazon EC2 source security group that the user can use to ensure that back-end EC2 instances receive traffic only from Elastic Load Balancing. This feature needs two security groups: the source security group and a security group that defines the ingress rules for the back-end instances. To ensure that traffic only flows between the load balancer and the back-end instances, the user can add or modify a rule to the back-end security group which can limit the ingress traffic. Thus, it can come only from the source security group provided by Elastic load Balancing.

An organization wants to move to Cloud.
They are looking for a secure encrypted database storage option.
Which of the below mentioned AWS functionalities helps them to achieve this?

A.    AWS MFA with EBS
B.    AWS EBS encryption
C.    Multi-tier encryption with Redshift
D.    AWS S3 server side storage

Answer: B
AWS EBS supports encryption of the volume while creating new volumes. It also supports creating volumes from existing snapshots provided the snapshots are created from encrypted volumes. The data at rest, the I/O as well as all the snapshots of EBS will be encrypted. The encryption occurs on the servers that host the EC2 instances, providing encryption of data as it moves between the EC2 instances and EBS storage. EBS encryption is based on the AES-256 cryptographic algorithm, which is the industry standard

A user is trying to setup a recurring Auto Scaling process.
The user has setup one process to scale up every day at 8 am and scale down at 7 PM.
The user is trying to setup another recurring process which scales up on the 1st of every month at 8 AM and scales down the same day at 7 PM.
What will Auto Scaling do in this scenario?

A.    Auto Scaling will execute both processes but will add just one instance on the 1st
B.    Auto Scaling will add two instances on the 1st of the month
C.    Auto Scaling will schedule both the processes but execute only one process randomly
D.    Auto Scaling will throw an error since there is a conflict in the schedule of two separate Auto Scaling Processes

Answer: D
Auto Scaling based on a schedule allows the user to scale the application in response to predictable load changes. The user can also configure the recurring schedule action which will follow the Linux cron format. As per Auto Scaling, a scheduled action must have a unique time value. If the user attempts to schedule an activity at a time when another existing activity is already scheduled, the call will be rejected with an error message noting the conflict.

A user has configured an Auto Scaling group with ELB.
The user has enabled detailed CloudWatch monitoring on Auto Scaling.
Which of the below mentioned statements will help the user understand the functionality better?

A.    It is not possible to setup detailed monitoring for Auto Scaling
B.    In this case, Auto Scaling will send data every minute and will charge the user extra
C.    Detailed monitoring will send data every minute without additional charges
D.    Auto Scaling sends data every minute only and does not charge the user

Answer: B
CloudWatch is used to monitor AWS as well as the custom services.
It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. Auto Scaling includes 7 metrics and 1 dimension, and sends data to CloudWatch every 5 minutes by default. The user can enable detailed monitoring for Auto Scaling, which sends data to CloudWatch every minute. However, this will have some extra-costs.

A sys admin is trying to understand EBS snapshots.
Which of the below mentioned statements will not be useful to the admin to understand the concepts about a snapshot?

A.    The snapshot is synchronous
B.    It is recommended to stop the instance before taking a snapshot for consistent data
C.    The snapshot is incremental
D.    The snapshot captures the data that has been written to the hard disk when the snapshot command was executed

Answer: A
The AWS snapshot is a point in time backup of an EBS volume. When the snapshot command is executed it will capture the current state of the data that is written on the drive and take a backup. For a better and consistent snapshot of the root EBS volume, AWS recommends stopping the instance. For additional volumes it is recommended to unmount the device. The snapshots are asynchronous and incremental.

George has shared an EC2 AMI created in the US East region from his AWS account with Stefano.
George copies the same AMI to the US West region.
Can Stefano access the copied AMI of George’s account from the US West region?

A.    No, copy AMI does not copy the permission
B.    It is not possible to share the AMI with a specific account
C.    Yes, since copy AMI copies all private account sharing permissions
D.    Yes, since copy AMI copies all the permissions attached with the AMI

Answer: A
Within EC2, when the user copies an AMI, the new AMI is fully independent of the source AMI; there is no link to the original (source. AMI. AWS does not copy launch the permissions, user-defined tags or the Amazon S3 bucket permissions from the source AMI to the new AMI.
Thus, in this case by default Stefano will not have access to the AMI in the US West region.

A user has received a message from the support team that an issue occurred 1 week back between 3 AM to 4 AM and the EC2 server was not reachable.
The user is checking the CloudWatch metrics of that instance.
How can the user find the data easily using the CloudWatch console?

A.    The user can find the data by giving the exact values in the time Tab under CloudWatch
B.    The user can find the data by filtering values of the last 1 week for a 1 hour period in the
Relative tab under CloudWatch metrics
C.    It is not possible to find the exact time from the console.
The user has to use CLI to provide the specific time
D.    The user can find the data by giving the exact values in the Absolute tab under CloudWatch metrics

Answer: D
If the user is viewing the data inside the CloudWatch console, the console provides options to filter values either using the relative period, such as days/hours or using the Absolute tab where the user can provide data with a specific date and time. The console also provides the option to search using the local timezone under the time range caption in the console.

You are using ElastiCache Memcached to store session state and cache database queries in your infrastructure
You notice in Cloud Watch that Evictions and GetMisses are Doth very high.
What two actions could you take to rectify this? Choose 2 answers

A.    Increase the number of nodes in your cluster
B.    Tweak the max-item-size parameter
C.    Shrink the number of nodes in your cluster
D.    Increase the size of the nodes in the duster

Answer: AD

A user has enabled detailed CloudWatch metric monitoring on an Auto Scaling group.
Which of the below mentioned metrics will help the user identify the total number of instances in an Auto Scaling group cluding pending, terminating and running instances?

A.    GroupTotalInstances
B.    GroupSumInstances
C.    It is not possible to get a count of all the three metrics together.
The user has to find the individual number of running, terminating and pending instances
and sum it
D.    GroupInstancesCount

Answer: A
CloudWatch is used to monitor AWS as well as the custom services. For Auto Scaling, CloudWatch provides various metrics to get the group information, such as the Number of Pending, Running or Terminating instances at any moment. If the user wants to get the total number of Running, Pending and Terminating instances at any moment, he can use the GroupTotalInstances metric.

A user has created a VPC with CIDR with only a private subnet and VPN connection using the VPC wizard.
The user wants to connect to the instance in a private subnet over SSH.
How should the user define the security rule for SSH?

A.    Allow Inbound traffic on port 22 from the user’s network
B.    The user has to create an instance in EC2 Classic with an elastic IP and configure the
security group of a private subnet to allow SSH from that elastic IP
C.    The user can connect to a instance in a private subnet using the NAT instance
D.    Allow Inbound traffic on port 80 and 22 to allow the user to connect to a private subnet over
the Internet

Answer: A
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, the user can setup a case with a VPN only subnet (private. which uses VPN access to connect with his data centre. When the user has configured this setup with Wizard, all network connections to the instances in the subnet will come from his data centre. The user has to configure the security group of the private subnet which allows the inbound traffic on SSH (port 22. from the data centre’s network range.

I understood all of the questions very easily. I scored 96% on my first try. I am definitely going to spread the word amongst friends and colleagues. Keep up the great work.

AWS-SysOps new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDekE1aUpSVGNHbWM

2017 Amazon AWS-SysOps exam dumps (All 332 Q&As) from Lead2pass:

http://www.lead2pass.com/aws-sysops.html [100% Exam Pass Guaranteed]