Free AWS-SysOps Sample Questions — AWS Certified SysOps Administrator

A Content Processing team has notified a SysOps Administrator that their content is sometimes taking a long time to process, whereas other times it processes quickly. The Content Processing submits messages to an Amazon Simple Queue Service (Amazon SQS) queue, which details the files that need to be processed. An Amazon EC2 instance polls the queue to determine which file to process next. How could the Administrator maintain a fast but cost-effective processing time?

• A. Attach an Auto Scaling policy to the Amazon SQS queue to increase the number of EC2 instances based on the depth of the SQS queue
• B. Create an Auto Scaling policy to increase the number of EC2 instances polling the queue and a CloudWatch alarm to scale based on MaxVisibility Timeout
• C. Attach an Auto Scaling policy to the SQS queue to scale instances based on the depth of the dead-letter queue
• D. Create an Auto Scaling policy to increase the number of EC2 instances polling the queue and a CloudWatch alarm to scale based on ApproximateNumberOfMessagesVisible

Which of the following comes before Auto Scaling group creation?

• A. Creating the Auto Scaling launch config
• B. Creating the Auto Scaling policy
• C. Creating the Auto Scaling tags
• D. Creating the Auto Scaling instance

What is a security group in Amazon AWS?

• A. UNIX Group that gives permission to edit security settings
• B. An authorized group of instances that control access to other resources
• C. virtual firewall that controls the traffic for one or more instances
• D. An Access Control List (ACL) for AWS resources

A mobile application must allow users to securely access their own content stored in a shared Amazon S3 bucket. Which AWS services should be used to enable this access? (Choose two.)

• A. AWS Directory Service
• B. AWS Shield
• C. IAM roles
• D. Amazon Cognito
• E. AWS Organizations

What are the benefits of CloudTrail integration with CloudWatch Logs?

• A. It delivers API activity captured by CloudTrail to an S3 bucket
• B. It doesn't exist
• C. It delivers SDK activity captured by CloudTrail to a CloudWatch Logs log stream
• D. It delivers API activity captured by CloudTrail to a CloudWatch Logs log stream

A user has configured ELB with Auto Scaling. The user temporarily suspended the Auto Scaling terminate process. What might the Availability Zone Rebalancing process (AZRebalance) conse-quently cause during this period?

• A. Auto Scaling will keep launching instances in all AZs until the maximum instance number is reached
• B. AZ Rebalancing might now allow Auto Scaling to launch or terminate any instances
• C. AZ Rebalancing might allow the number instances in an Availability Zone to remain higher than the maximum size
• D. It is not possible to suspend the terminate process while keeping the launch active

After a particularly high AWS bill, an organization wants to review the use of AWS services. What AWS service will allow the SysOps Administrator to quickly view this information to share it, and will also forecast expenses for the current billing period?

• A. AWS Trusted Advisor
• B. Amazon QuickSight
• C. AWS Cost and Usage Report
• D. AWS Cost Explorer

A user has created a VPC with a public subnet. The user has terminated all the instances which are part of the subnet. Which of the below mentioned statements is true with respect to this scenario?

• A. The user cannot delete the VPC since the subnet is not deleted
• B. All network interface attached with the instances will be deleted
• C. When the user launches a new instance it cannot use the same subnet
• D. The subnet to which the instances were launched with will be deleted

ABC (with AWS account ID 111122223333) has created 50 IAM users for its organization's employees. What will be the AWS console URL for these associates?

• A. https://signin.aws.amazon.com/console/111122223333/
• B. https://111122223333.signin.aws.amazon.com/console/
• C. https://signin.aws.amazon.com/111122223333/console/
• D. https://signin.aws.amazon.com/console/

A SysOps Administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically. Currently, the application is deployed on a single t2.large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency after a few minutes. What change should be made to alleviate the performance problem?

• A. Change the Amazon EBS volume to Provisioned IOPs
• B. Upgrade to a compute-optimized instance
• C. Add additional t2.large instances to the application
• D. Purchase Reserved Instances

A user has created a VPC with CIDR 20.0.0.0/24. The user has created a public subnet with CIDR 20.0.0.0/25 and a private subnet with CIDR 20.0.0.128/25. The user has launched one instance each in the private and public subnets. Which of the below mentioned options cannot be the correct IP address (private IP. assigned to an instance in the public or private subnet?

• A. 20.0.0.255
• B. 20.0.0.132
• C. 20.0.0.122
• D. 20.0.0.55

The majority of your Infrastructure is on premises and you have a small footprint on AWS Your company has decided to roll out a new application that is heavily dependent on low latency connectivity to LOAP for authentication Your security policy requires minimal changes to the company's existing application user management processes. What option would you implement to successfully launch this application1?

• A. Create a second, independent LOAP server in AWS for your application to use for authentication
• B. Establish a VPN connection so your applications can authenticate against your existing on-premises LDAP servers
• C. Establish a VPN connection between your data center and AWS create a LDAP replica on AWS and configure your application to use the LDAP replica for authentication
• D. Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between your new and existing domains and use the new domain for authentication

A company recently implemented an Amazon S3 lifecycle rule that accidentally deleted objects from one of its S3 buckets. The bucket has S3 versioning enabled. Which actions will restore the objects? (Choose two.)

• A. Use the AWS Management Console to delete the object delete markers
• B. Create a new lifecycle rule to delete the object delete markers that were created
• C. Use the AWS CLI to delete the object delete markers while specifying the version IDs of the delete markers
• D. Modify the existing lifecycle rule to delete the object delete markers that were created
• E. Use the AWS CLI to delete the object delete markers while specifying the name of the objects only

A company's audit shows that users have been changing cost-related tags on Amazon EC2 instances after deployment. The company has an organization in AWS Organizations with many AWS accounts. The company needs a solution to detect the EC2 instances automatically. The solution must require the least possible operational overhead. Which solution meets these requirements?

• A. Use service control policies (SCPs) to track EC2 instances that do not have the required tags
• B. Use Amazon Inspector to run a report to identify EC2 instances that do not have the required tags
• C. Use an AWS Config rule to track EC2 instances that do not have the required tags
• D. Use AWS Well-Architected Tool (AWS WA Tool) to run a report to identify EC2 instances that do not have the required tags

A company's finance department wants to receive a monthly report showing AWS resource usage by department. Which solution should be used to meet the requirements?

• A. Configure AWS Cost and Usage reports for each department. Run the reports monthly
• B. Schedule a monthly report for each department using AWS Budgets
• C. Run a monthly AWS CloudTrail report of resource usage by tag using department codes
• D. Tag all resources with department codes. Generate a monthly cost allocation report

A user has launched an EC2 Windows instance from an instance store backed AMI. The user has also set the Instance initiated shutdown behavior to stop. What will happen when the user shuts down the OS?

• A. It will not allow the user to shutdown the OS when the shutdown behavior is set to Stop
• B. It is not possible to set the termination behavior to Stop for an Instance store backed AMI instance
• C. The instance will stay running but the OS will be shutdown
• D. The instance will be terminated

A user has launched an EBS backed EC2 instance. The user has rebooted the instance. Which of the below mentioned statements is not true with respect to the reboot action?

• A. The private and public address remains the same
• B. The Elastic IP remains associated with the instance
• C. The volume is preserved
• D. The instance runs on a new host computer

A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network. What actions should the SysOps Administrator take to meet these requirements?

• A. Create a VPC endpoint for the S3 bucket, and create an IAM policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source
• B. Create a VPC endpoint for the S3 bucket, and create a S3 bucket policy that conditionally limits all S3 actions on the bucket to the VPC endpoint as the source
• C. Create a service-linked role for Amazon EC2 that allows the EC2 instances to interact directly with Amazon S3, and attach an IAM policy to the role that allows the EC2 instances full access to the S3 bucket
• D. Create a NAT gateway in the VPC, and modify the VPC route table to route all traffic destined for Amazon S3 through the NAT gateway

AMIs can be ______________.

• A. only private unless created by Amazon
• B. created only by Amazon
• C. created only for Linux instances
• D. public or private

A company runs an Amazon RDS MySQL DB instance. Corporate policy requires that a daily backup of the database must be copied to a separate security account. What is the MOST cost-effective way to meet this requirement?

• A. Copy an automated RDS snapshot to the security account using the copy-db-snapshot command with the AWS CLI
• B. Create an RDS MySQL Read Replica for the critical database in the security account, then enable automatic backups for the Read Replica
• C. Create an RDS snapshot with the AWS CLI create-db-snapshot command, share it with the security account, then create a copy of the shared snapshot in the security account
• D. Use AWS DMS to replicate data from the critical database to another RDS MySQL instance in the security account, then use an automated backup for the RDS instance