Aws-Soa-C02 2024 New II
Aws-Soa-C02 2024 New II
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 382 DISCUSSION
:
Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 382
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]
A SysOps administrator wants to securely share an object from a private Amazon S3 bucket with a group of users who do not have an AWS
account.
What is the MOST operationally e\cient solution that will meet this requirement?
A. Attach an S3 bucket policy that only allows object downloads from the users' IP addresses.
B. Create an IAM role that has access to the object. Instruct the users to assume the role.
C. Create an IAM user that has access to the object. Share the credentials with the users.
D. Generate a presigned URL for the object. Share the URL with the users. Most Voted
Hide Answer
Suggested Answer: D
Comments
Learning4life 2 months ago
Selected Answer: D
https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html
upvoted 2 times
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 383 DISCUSSION
:
Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 383
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]
A company is running an ecommerce application on AWS. The application maintains many open but idle connections to an Amazon Aurora DB
cluster. During times of peak usage, the database produces the following error message: "Too many connections." The database clients are also
experiencing errors.
A. Increase the read capacity units (RCUs) and the write capacity units (WCUs) on the database.
B. Con5gure RDS Proxy. Update the application with the RDS Proxy endpoint. Most Voted
Hide Answer
Suggested Answer: B
Comments
dinuts 1 month, 3 weeks ago
Selected Answer: B
B-->Using RDS Proxy, you can handle unpredictable surges in database traffic that otherwise might cause issues due to oversubscribing
connections or creating new connections at a fast rate. RDS Proxy establishes a database connection pool and reuses connections in this pool
without the memory and CPU overhead of opening a new database connection each time. To protect the database against oversubscription, you
can control the number of database connections that are created. https://aws.amazon.com/rds/proxy/
upvoted 2 times
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 384 DISCUSSION
:
Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 384
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]
A SysOps administrator is troubleshooting a VPC with public and private subnets that leverage custom network ACLs. Instances in the private
subnet are unable to access the internet. There is an internet gateway attached to the public subnet. The private subnet has a route to a NAT
gateway that is also attached to the public subnet. The Amazon EC2 instances are associated with the default security group for the VPC.
A. There is a network ACL on the private subnet set to deny all outbound tra^c. Most Voted
C. The default security group for the VPC blocks all inbound tra^c to the EC2 instances.
D. The default security group for the VPC blocks all outbound tra^c from the EC2 instances.
Hide Answer
Suggested Answer: D
Comments
LudiVoss 3 months ago
Selected Answer: A
It is A, default security groups don't block anything so it can only be in ACL.
upvoted 2 times
Network ACLs (Access Control Lists) are stateless and operate at the subnet level. If there is a network ACL on the private subnet that is
configured to deny all outbound traffic, it would prevent instances in the private subnet from accessing the internet through the NAT gateway.
upvoted 3 times
:
Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 387 DISCUSSION
:
Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 387
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]
A company has a stateless application that is hosted on a Zeet of 10 Amazon EC2 On-Demand Instances in an Auto Scaling group. A minimum of
6 instances are needed to meet service requirements.
Which action will maintain uptime for the application MOST cost-effectively?
B. Update the Auto Scaling group with a minimum of 6 On-Demand Instances and a maximum of 10 On-Demand Instances.
C. Update the Auto Scaling group with a minimum of 1 On-Demand Instance and a maximum of 6 On-Demand Instances.
Hide Answer
Suggested Answer: A
Comments
Learning4life 2 months, 2 weeks ago
Selected Answer: A
To ensure that you always have instance capacity, you can include a request for On-Demand capacity in your Spot Fleet request. In your Spot
Fleet request, you specify your desired target capacity and how much of that capacity must be On-Demand. The balance comprises Spot
capacity, which is launched if there is available Amazon EC2 capacity and availability. For example, if in your Spot Fleet request you specify the
target capacity as 10 and the On-Demand capacity as 8, Amazon EC2 launches 8 capacity units as On-Demand, and 2 capacity units (10-8=2) as
Spot.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/on-demand-in-spot.html
upvoted 2 times
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 388 DISCUSSION
A company has developed a service that is deployed on a Yeet of Linux-based Amazon EC2 instances that are in an Auto Scaling group. The
service occasionally fails unexpectedly because of an error in the application code. The company's engineering team determines that resolving
the underlying cause of the service failure could take several weeks.
A SysOps administrator needs to create a solution to automate recovery if the service crashes on any of the EC2 instances.
A. Install the Amazon CloudWatch agent on the EC2 instances. Con5gure the CloudWatch agent to monitor the service. Set the CloudWatch
action to restart if the service health check fails. Most Voted
B. Tag the EC2 instances. Create an AWS Lambda function that uses AWS Systems Manager Session Manager to log in to the tagged EC2
instances and restart the service. Schedule the Lambda function to run every 5 minutes.
C. Tag the EC2 instances. Use AWS Systems Manager State Manager to create an association that uses the AWS-RunShellScript document.
Con5gure the association command with a script that checks if the service is running and that starts the service if the service is not running.
For targets, specify the EC2 instance tag. Schedule the association to run every 5 minutes. Most Voted
D. Update the EC2 user data that is speci5ed in the Auto Scaling group's launch template to include a script that runs on a cron schedule every
5 minutes. Con5gure the script to check if the service is running and to start the service if the service is not running. Redeploy all the EC2
instances in the Auto Scaling group with the updated launch template.
E. Update the EC2 user data that is speci5ed in the Auto Scaling group's launch template to ensure that the service runs during startup.
Redeploy all the EC2 instances in the Auto Scaling group with the updated launch template.
Hide Answer
Suggested Answer: AB
Comments
seetpt 4 days, 8 hours ago
Selected Answer: AC
AC seems right
upvoted 1 times
Cloudwatch agent will restart Server if service is not running (A), server will restart with the service running(E), I don't see why it would be C if you
are already monitoring with Cloudwatch agent, the agent literally has the ability to trigger a sns topic that can invoke the lambda function. . .
upvoted 2 times
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 389 DISCUSSION
A company's web application runs on Amazon EC2 instances in a single AWS Region. The infrastructure must be designed so the application
remains available with no performance degradation in the event of an Availability Zone (AZ) failure. To ensure optimal performance, the
application must maintain a minimum of 12 instances at all times.
Which solution will meet the requirements with the fewest running instances possible?
Hide Answer
Suggested Answer: C
Comments
Learning4life 2 months, 2 weeks ago
Selected Answer: D
The question states that 12 instances need to be running at all times. In 3 AZ's with 6 instances in each = 18 instances. If you lose 1 AZ, you
have instances running.
:
upvoted 3 times
High Availability: Distributing instances across three AZs provides high availability. In the event of a failure in one AZ, the remaining two AZs can
continue to serve the application without performance degradation.
Load Distribution: With 6 instances in each of the 3 AZs, the application maintains a total of 18 instances. This setup exceeds the minimum
requirement of 12 instances, ensuring that even if one AZ fails, there are still 12 instances available (6 in each of the remaining two AZs) to handle
the load without performance issues.
Fewest Running Instances: This solution provides a balance between high availability and cost-efficiency. It ensures that there are enough
instances to handle an AZ failure without unnecessarily doubling the number of instances.
upvoted 3 times
This configuration provides redundancy across two AZs and meets the minimum instance requirement. In the event of an AZ failure, the other AZ
can handle the load. Option A (2 AZs with 6 instances in each AZ) does not meet the minimum instance requirement during an AZ failure, and
options C and D distribute the instances across three AZs, which might lead to more running instances than necessary.
upvoted 2 times
:
Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 390 DISCUSSION
A company needs to monitor the disk utilization of Amazon Elastic Block Store (Amazon EBS) volumes. The EBS volumes are attached to Amazon
EC2 Linux instances. A SysOps administrator must set up an Amazon CloudWatch alarm that provides an alert when disk utilization increases to
more than 80%.
Which combination of steps must the SysOps administrator take to meet these requirements? (Choose three.)
A. Create an IAM role that includes the CloudWatchAgentServerPolicy AWS managed policy. Attach the role to the instances. Most Voted
B. Create an IAM role that includes the CloudWatchApplicationInsightsReadOnlyAccess AWS managed policy. Attach the role to the instances.
C. Install and start the CloudWatch agent by using AWS Systems Manager or the command line. Most Voted
D. Install and start the CloudWatch agent by using an IAM role. Attach the CloudWatchAgentServerPolicy AWS managed policy to the role.
E. Con5gure a CloudWatch alarm to enter ALARM state when the disk_used_percent CloudWatch metric is greater than 80%. Most Voted
F. Con5gure a CloudWatch alarm to enter ALARM state when the disk_used CloudWatch metric is greater than 80% or when the disk_free
CloudWatch metric is less than 20%.
Hide Answer
Comments
:
March2023 1 month ago
Selected Answer: ACE
ACE for sure
upvoted 3 times
Option C: Installing and starting the CloudWatch agent is crucial for collecting and sending metrics to CloudWatch. This can be done using AWS
Systems Manager or the command line. This step ensures that the instances are set up to report disk utilization metrics.
Option E: Configuring a CloudWatch alarm is essential for setting up monitoring thresholds and triggering alerts. In this case, the alarm is
configured to enter the ALARM state when the disk_used_percent CloudWatch metric exceeds 80%. This means that if the disk utilization on any
of the monitored instances goes above 80%, an alert will be triggered.
upvoted 2 times
Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 391 DISCUSSION
:
Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 391
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]
An ecommerce company uses an Amazon ElastiCache for Redis cluster for in-memory caching of popular product queries on a shopping website.
The cache eviction policy is randomly evicting keys whether or not a TTL is set. A SysOps administrator must improve the cache hit ratio without
increasing costs.
C. Change the eviction policy to randomly evict keys that have a TTL set.
D. Change the eviction policy to evict the least frequently used keys. Most Voted
Hide Answer
Suggested Answer: B
Comments
Learning4life 2 months ago
Selected Answer: D
See chart for eviction policies
https://docs.aws.amazon.com/whitepapers/latest/database-caching-strategies-using-redis/evictions.html
upvoted 3 times
https://www.dragonflydb.io/guides/elasticache-cost-optimization
upvoted 1 times
Get IT Certi*cation
:
Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 393 DISCUSSION
:
Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 393
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]
A company has scientists who upload large data objects to an Amazon S3 bucket. The scientists upload the objects as multipart uploads. The
multipart uploads often fail because of poor end-client connectivity.
The company wants to optimize storage costs that are associated with the data. A SysOps administrator must implement a solution that presents
metrics for incomplete uploads. The solution also must automatically delete any incomplete uploads after 7 days.
A. Review the Incomplete Multipart Upload Bytes metric in the S3 Storage Lens dashboard. Create an S3 Lifecycle policy to automatically
delete any incomplete multipart uploads after 7 days. Most Voted
B. Implement S3 Intelligent-Tiering to move data into lower-cost storage classes after 7 days. Create an S3 Storage Lens policy to
automatically delete any incomplete multipart uploads after 7 days.
C. Access the S3 console. Review the Metrics tab to check the storage that incomplete multipart uploads are consuming. Create an AWS
Lambda function to delete any incomplete multipart uploads after 7 days.
D. Use the S3 analytics storage class analysis tool to identify and measure incomplete multipart uploads. Con5gure an S3 bucket policy to
enforce restrictions on multipart uploads to delete incomplete multipart uploads after 7 days.
Hide Answer
Suggested Answer: D
Comments
nharaz Highly Voted 3 months, 1 week ago
Selected Answer: A
Amazon S3 supports a bucket lifecycle rule that you can use to direct Amazon S3 to stop multipart uploads that aren't completed within a
specified number of days after being initiated. When a multipart upload isn't completed within the specified time frame, it becomes eligible for an
abort operation. Amazon S3 then stops the multipart upload and deletes the parts associated with the multipart upload.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpu-abort-incomplete-mpu-lifecycle-config.html#
upvoted 9 times
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 394 DISCUSSION
A company stores data in Amazon S3 buckets that are provisioned in three separate AWS Regions. The data is copied from the S3 buckets to the
data center over the public internet using a VPN. The SysOps administrator notices that, occasionally, the transfers take longer than usual, and
determines the issue is congestion within the company's ISP network.
What is the MOST cost-effective approach the administrator can take to ensure consistent transfer times from S3 to the data center?
A. Establish an AWS Direct Connect link to each Region. Create a private virtual interface over each link.
B. Establish an AWS Direct Connect link to each Region. Create a public virtual interface over each link.
C. Establish an AWS Direct Connect link to one of the Regions. Create a private virtual interface over that link. Most Voted
D. Establish an AWS Direct Connect link to one of the Regions. Create a public virtual interface over that link.
Hide Answer
Suggested Answer: B
Comments
dinuts Highly Voted 1 month, 3 weeks ago
Selected Answer: C
I would also say C because 1. the ISP is a problem so a private wired connection would solve this and 2. the question mentions "most cost-
effective" => 1 DC connection is cheaper than 3. You can replicate the buckets cross region within the aws network or w/e, there are solutions
:
upvoted 7 times
A virtual interface (VIF) is necessary to access AWS services, and is either public or private. A public virtual interface enables access to public
services, such as Amazon S3. A private virtual interface enables access to your VPC. For more information, see AWS Direct Connect virtual
interfaces.
https://aws.amazon.com/directconnect/faqs/
upvoted 1 times
I hope this makes it clear that we will be using 1 DX connection and public VIF(virtual interface) to access those 3 different region buckets
bypassing internet.
upvoted 1 times
Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 398 DISCUSSION
:
Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 398
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]
A company uses Amazon CloudFront to serve static content to end users. The company's marketing team recently deployed updates to 150
images on the company's website. However, the website is not displaying some of the new images.
A SysOps administrator reviews the CloudFront distribution's cache settings. The default TTL for the distribution is set to 1 week (604,800
seconds).
What should the SysOps administrator do to refresh the cache with the new images in the MOST operationally ebcient way?
A. Create a new CloudFront distribution that has the same origin. Set the default TTL to 1 minute (60 seconds). Switch Amazon Route 53 DNS
records to use the new distribution.
B. Instruct the marketing team to upload the new images to a different location. When the new images are uploaded, update the website to
locate the new images.
C. Issue a CloudFront invalidation request to immediately expire the new images from the marketing team's update. Most Voted
D. Update the existing CloudFront distribution to recon5gure the default TTL to 1 minute (60 seconds). During submission of the new
con5guration, include the gag to invalidate objects in the speci5ed path.
Hide Answer
Suggested Answer: C
Comments
seetpt 4 days, 7 hours ago
Selected Answer: C
C is correct. Checked it via cloudfront UI.
upvoted 1 times
https://medium.com/@viveknavadia/why-cloudfront-invalidation-is-required-after-every-new-deployment-how-to-implement-it-
cd80fefe345#:~:text=Amazon%20CloudFront%20is%20a%20content,can%20be%20delivered%20to%20users.
upvoted 3 times
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 399 DISCUSSION
:
Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 399
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]
A SysOps administrator is responsible for a company's disaster recovery procedures. The company has a source Amazon S3 bucket in a
production account, and it wants to replicate objects from the source to a destination S3 bucket in a nonproduction account. The SysOps
administrator con5gures S3 cross-Region, cross-account replication to copy the source S3 bucket to the destination S3 bucket. When the SysOps
administrator attempts to access objects in the destination S3 bucket, they receive an Access Denied error.
A. Modify the replication con5guration to change object ownership to the destination S3 bucket owner. Most Voted
B. Ensure that the replication rule applies to all objects in the source S3 bucket and is not scoped to a single pre5x.
C. Retry the request when the S3 Replication Time Control (S3 RTC) has elapsed.
D. Verify that the storage class for the replicated objects did not change between the source S3 bucket and the destination S3 bucket.
Hide Answer
Suggested Answer: D
Comments
nharaz Highly Voted 3 months, 1 week ago
Selected Answer: A
https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-change-owner.html
upvoted 5 times
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 400 DISCUSSION
:
Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 400
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]
A company is running Amazon RDS for PostgreSQL Multi-AZ DB clusters. The company uses an AWS CloudFormation template to create the
databases individually with a default size of 100 GB. The company creates the databases every Monday and deletes the databases every Friday.
Occasionally, the databases run low on disk space and initiate an Amazon CloudWatch alarm. A SysOps administrator must prevent the databases
from running low on disk space in the future.
Which solution will meet these requirements with the FEWEST changes to the application?
A. Modify the CloudFormation template to use Amazon Aurora PostgreSQL as the DB engine.
B. Modify the CloudFormation template to use Amazon DynamoDB as the database. Activate storage auto scaling during creation of the
tables.
C. Modify the Cloud Formation template to activate storage auto scaling on the existing DB instances. Most Voted
D. Create a CloudWatch alarm to monitor DB instance storage space. Con5gure the alarm to invoke the VACUUM command.
Hide Answer
Suggested Answer: B
Comments
LemonGremlin Highly Voted 3 months, 1 week ago
Selected Answer: C
I think C- Modify the CloudFormation template to activate storage auto scaling on the existing DB instances.
upvoted 5 times
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 401 DISCUSSION
A SysOps administrator wants to share a copy of a production database with a migration account. The production database is hosted on an
Amazon RDS DB instance and is encrypted at rest with an AWS Key Management Service (AWS KMS) key that has an alias of production-rds-key.
What must the SysOps administrator do to meet these requirements with the LEAST administrative overhead?
A. Take a snapshot of the RDS DB instance in the production account. Amend the KMS key policy of the production-rds-key KMS key to give
access to the migration account's root user. Share the snapshot with the migration account. Most Voted
B. Create an RDS read replica in the migration account. Con5gure the KMS key policy to replicate the production-rds-key KMS key to the
migration account.
C. Take a snapshot of the RDS DB instance in the production account. Share the snapshot with the migration account. In the migration
account, create a new KMS key that has an identical alias.
D. Use native database toolsets to export the RDS DB instance to Amazon S3. Create an S3 bucket and an S3 bucket policy for cross account
access between the production account and the migration account. Use native database toolsets to import the database from Amazon S3 to a
new RDS DB instance.
Hide Answer
Suggested Answer: B
Comments
:
nharaz Highly Voted 3 months, 1 week ago
Selected Answer: A
https://repost.aws/knowledge-center/share-encrypted-rds-snapshot-kms-key
upvoted 6 times
Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 402 DISCUSSION
:
Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 402
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]
A company hosts a continuous integration and continuous delivery (CI/CD) environment on AWS. The CI/CD environment includes a Jenkins
server that is hosted on an Amazon EC2 instance. A 500 GB General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volume is
attached to the EC2 instance.
Because of disk throughput limitations, the Jenkins server reports performance issues that are resulting in slower builds on the server. The EBS
volume needs to sustain 3,000 IOPS while performing nightly build tasks.
A SysOps administrator examines the server's history in Amazon CloudWatch. The BurstBalance metric has had a value of 0 during nightly builds.
The SysOps administrator needs to improve the performance and meet the sustained throughput requirements.
A. Double the gp2 EBS volume size from 500 GB to 1,000 GB.
B. Change the volume type from gp2 to General Purpose SSD (gp3). Most Voted
C. Change the volume type from gp2 to Throughput Optimized HDD (st1).
D. Change the volume type from gp2 to Provisioned IOPS SSD (io2).
Hide Answer
Suggested Answer: A
Comments
LemonGremlin Highly Voted 3 months, 2 weeks ago
Selected Answer: B
B. Change the volume type from gp2 to General Purpose SSD (gp3).
Explanation:
The gp3 volume type is designed to provide baseline performance of 3,000 IOPS and a throughput of up to 125 MB/s. This aligns with the
requirement to sustain 3,000 IOPS during nightly build tasks.
gp3 volumes are a good fit for a wide range of transactional workloads and offer a more cost-effective solution compared to Provisioned IOPS
SSD (io2) volumes.
upvoted 6 times
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 404 DISCUSSION
A SysOps administrator receives an alert that a production Auto Scaling group has been scaled down to two Amazon EC2 instances. The Auto
Scaling group was originally con5gured with a minimum capacity of three instances. However, the SysOps administrator con5rms that the
con5guration now reZects a minimum capacity of two instances.
Which AWS service will help identify who made the change?
B. Amazon Inspector
C. Amazon Macie
Hide Answer
Suggested Answer: C
Comments
:
LemonGremlin Highly Voted 3 months, 2 weeks ago
Selected Answer: A
A. AWS Config
Explanation:
AWS Config provides a detailed view of the configuration changes made to resources in your AWS account. It records configuration changes and
allows you to view the configuration history.
By using AWS Config, you can check the historical changes to the Auto Scaling group configuration, including changes to the minimum capacity,
and identify who made the change.
upvoted 5 times
https://aws.amazon.com/blogs/mt/how-to-use-aws-config-and-cloudtrail-to-find-who-made-changes-to-a-
resource/#:~:text=AWS%20Config%20achieves%20this%20by,to%20the%20resource%20and%20when.
upvoted 5 times
Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 405 DISCUSSION
:
Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 405
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]
A company wants to store sensitive 5nancial data within Amazon S3 buckets. The company has a corporate policy that does not allow public read
or write access to the buckets. A SysOps administrator must create a solution to automatically remove S3 permissions that allow public read or
write access.
Which AWS service should the SysOps administrator use to meet these requirements in the MOST operationally e[cient manner?
D. Amazon Inspector
Hide Answer
Suggested Answer: D
Comments
LemonGremlin Highly Voted 3 months, 1 week ago
Selected Answer: A
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. It can be used to monitor and
detect changes to S3 bucket policies that may introduce public read or write access.
upvoted 6 times
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 406 DISCUSSION
A SysOps administrator must create an IAM policy for a developer who needs access to speci5c AWS services. Based on the requirements, the
SysOps administrator creates the following policy:
Hide Answer
Suggested Answer: E
:
Community vote distribution
E (50%) D (50%)
Comments
LemonGremlin Highly Voted 3 months ago
Selected Answer: E
D & E. BOTH CORRECT
upvoted 5 times
The policy allows any action (*) for Elastic Load Balancing (elasticloadbalancing).
This includes actions like describing, creating, updating, and deleting load balancers.
E. Invoke an AWS Lambda function (lambda:*):
The policy allows any action (*) for AWS Lambda (lambda).
This includes actions like creating, updating, deleting, and invoking Lambda functions.
upvoted 4 times
:
Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 408 DISCUSSION
Users are reporting consistent forced logouts from a stateful web application. The logouts occur before the expiration of a 15-minute application
logout timer.
The web application is hosted on Amazon EC2 instances that are in an Auto Scaling group. The instances run behind an Application Load
Balancer (ALB) that has a single target group. The ALB is con5gured as the origin in an Amazon CloudFront distribution. Session a_nity (sticky
sessions) is already enabled on the ALB target group and uses duration-based cookies. The web application generates its own application cookie.
Which combination of actions should a SysOps administrator take to resolve the logout problem? (Choose two.)
A. Change to the least outstanding requests algorithm on the ALB target group.
B. Con5gure cookie forwarding in the CloudFront distribution's cache behavior settings. Most Voted
Hide Answer
Suggested Answer: AD
Comments
:
seetpt 5 days, 4 hours ago
Selected Answer: BE
BE is correct
upvoted 1 times
Configure cookie forwarding in the CloudFront distribution's cache behavior settings (Option B).
Change the ALB to use application-based cookies (Option E).
upvoted 3 times
Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 410 DISCUSSION
A company has a cluster of Linux Amazon EC2 Spot Instances that read many 5les from and write many 5les to attached Amazon Elastic Block
Store (Amazon EBS) volumes. The EC2 instances are frequently started and stopped. As part of the process when an EC2 instance starts, an EBS
volume is restored from a snapshot.
EBS volumes that are restored from snapshots are experiencing initial performance that is lower than expected. The company's workload needs
almost all the provisioned IOPS on the attached EBS volumes. The EC2 instances are unable to support the workload when the performance of the
EBS volumes is too low. A SysOps administrator must implement a solution to ensure that the EBS volumes provide the expected performance
when they are restored from snapshots.
A. Con5gure fast snapshot restore (FSR) on the snapshots that are used. Most Voted
B. Restore each snapshot onto an unencrypted EBS volume. Encrypt the EBS volume when the performance stabilizes.
C. Format the EBS volumes as XFS 5le systems before restoring the snapshots.
Hide Answer
Suggested Answer: A
A. Configure fast snapshot restore (FSR) on the snapshots that are used: Fast Snapshot Restore (FSR) immediately enables a snapshot's data to
be fully realized on the volume, eliminating the need for the lazy loading of data.
upvoted 3 times
Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 412 DISCUSSION
:
Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 412
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]
A company is running workloads on premises and on AWS. A SysOps administrator needs to automate tasks across all servers on premises by
using AWS services. The SysOps administrator must not install long-term credentials on the on-premises servers.
A. Create an IAM role and instance pro5le that include AWS Systems Manager permissions. Attach the role to the on-premises servers.
B. Create a managed-instance activation in AWS Systems Manager. Install the Systems Manager Agent (SSM Agent) on the on-premises
servers. Register the servers with the activation code and ID from the instance activation. Most Voted
C. Create an AWS managed IAM policy that includes the appropriate AWS Systems Manager permissions. Download the IAM policy to the on-
premises servers.
D. Create an IAM user and an access key. Log on to the on-premises servers and install the AWS CLI. Con5gure the access key in the AWS
credentials 5le after the AWS CLI is successfully installed.
Hide Answer
Suggested Answer: B
Comments
Learning4life Highly Voted 2 months, 3 weeks ago
Selected Answer: B
Answer is B. Question states on-premises and in AWS. https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-managed-
instance-activation.html
upvoted 5 times
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 413 DISCUSSION
A company has deployed an application on AWS. The application runs on a Yeet of Linux Amazon EC2 instances that are in an Auto Scaling group.
The Auto Scaling group is con5gured to use launch templates. The launch templates launch Amazon Elastic Block Store (Amazon EBS) backed
EC2 instances that use General Purpose SSD (gp3) EBS volumes for primary storage.
A SysOps administrator needs to implement a solution to ensure that all the EC2 instances can share the same underlying 5les. The solution also
must ensure that the data is consistent.
A. Create an Amazon Elastic File System (Amazon EFS) 5le system. Create a new launch template version that includes user data that mounts
the EFS 5le system. Update the Auto Scaling group to use the new launch template version to cycle in newer EC2 instances and to terminate
the older EC2 instances. Most Voted
B. Enable Multi-Attach on the EBS volumes. Create a new launch template version that includes user data that mounts the EBS volume. Update
the Auto Scaling group to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances.
C. Create a cron job that synchronizes the data between the EBS volumes for all the EC2 instances in the Auto Scaling group. Create a
lifecycle hook during instance launch to con5gure the cron job on all the EC2 instances. Rotate out the older EC2 instances.
D. Create a new launch template version that creates an Amazon Elastic File System (Amazon EFS) 5le system. Update the Auto Scaling group
to use the new template version to cycle in newer EC2 instances and to terminate the older EC2 instances.
Hide Answer
Suggested Answer: D
Comments
Learning4life 2 months, 1 week ago
Selected Answer: A
A and D are very similar, but after re-reading A, it includes the User Data, which will generate a user data script used during the initial boot
process to setup the EFS mounts, and persist them across reboots.
upvoted 3 times
Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 414 DISCUSSION
:
Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 414
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]
A company has 50 AWS accounts and wants to create an identical Amazon VPC in each account. Any changes the company makes to the VPCs in
the future must be implemented on every VPC.
What is the MOST operationally eZcient method to deploy and update the VPCs in each account?
A. Create an AWS CloudFormation template that de5nes the VPC. Sign in to the AWS Management Console under each account. Create a
stack from the template.
B. Create a shell script that con5gures the VPC using the AWS CLI. Provide a list of accounts to the shell script from a text 5le. Create the VPC
in every account in the list.
C. Create an AWS Lambda function that con5gures the VPStore the account information in Amazon DynamoDB. Grant Lambda access to the
DynamoDB table. Create the VPC in every account in the list.
D. Create an AWS CloudFormation template that de5nes the VPC. Create an AWS CloudFormation StackSet based on the template. Deploy the
template to all accounts using the stack set. Most Voted
Hide Answer
Suggested Answer: C
Comments
LemonGremlin Highly Voted 3 months, 1 week ago
Selected Answer: D
The MOST operationally efficient method to deploy and update identical Amazon VPCs in multiple AWS accounts is:
D. Create an AWS CloudFormation template that defines the VPC. Create an AWS CloudFormation StackSet based on the template. Deploy the
template to all accounts using the stack set.
upvoted 10 times
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/what-is-cfnstacksets.html
upvoted 1 times
:
Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 415 DISCUSSION
:
Exam question from Amazon's AWS Certi5ed SysOps Administrator - Associate
Question #: 415
Topic #: 1
[All AWS Certi5ed SysOps Administrator - Associate Questions]
A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps
administrator inspects the VPC Zow logs and 5nds the following entry:
Hide Answer
Suggested Answer: A
Comments
nharaz 3 months, 1 week ago
Selected Answer: C
This Question is tricky
https://www.examtopics.com/discussions/amazon/view/50839-exam-aws-certified-sysops-administrator-associate-topic-1/
upvoted 2 times
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 418 DISCUSSION
A company's VPC has an existing IPv4 con5guration. The IPv4 con5guration includes public subnets, private subnets, NAT gateways, default route
tables, and ACLs.
The company associates an IPv6 CIDR block with the VPC. The company adds IPv6 allocations to each existing subnet and adds routes to the
route tables. The company updates the ACLs to allow all IPv6 tra]c.
Public subnets are working as expected, but private subnets are not allowing internet IPv6 connections.
What should a SysOps administrator do to allow outbound-only connectivity for the new IPv6 subnets?
A. Con5gure an egress-only internet gateway and associate it with the VPC. Create a default route in the route tables that are associated with
the private subnets. Con5gure the default route to point to the egress-only internet gateway. Most Voted
B. Turn on IPv6 NAT on the NAT gateways. Create a default route in the route tables that are associated with the private subnets. Con5gure
the default route to point to the NAT gateways.
C. Con5gure a new IPv6-only NAT gateway. Create a default route in the route tables that are associated with the private subnets. Con5gure
the default route to point to the IPv6-only NAT gateway.
D. Create a default route in the route tables that are associated with the private subnets. Con5gure the default route to point to the existing
internet gateway.
Hide Answer
Suggested Answer: C
Comments
Kipalom Highly Voted 3 months, 1 week ago
Selected Answer: A
An egress-only internet gateway is specifically designed for allowing outbound IPv6 traffic from instances in private subnets while preventing
incoming traffic initiated by external sources.
upvoted 5 times
Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 419 DISCUSSION
A company runs a worker process on three Amazon EC2 instances. The instances are in an Auto Scaling group that is con5gured to use a simple
scaling policy. The instances process messages from an Amazon Simple Queue Service (Amazon SQS) queue.
Random periods of increased messages are causing a decrease in the performance of the worker process. A SysOps administrator must scale the
instances to accommodate the increased number of messages.
A. Use CloudWatch to create a metric math expression to calculate the approximate age of the oldest message in the SQS queue. Create a
target tracking scaling policy for the metric math expression to modify the Auto Scaling group.
B. Use CloudWatch to create a metric math expression to calculate the approximate number of messages visible in the SQS queue for each
instance. Create a target tracking scaling policy for the metric math expression to modify the Auto Scaling group. Most Voted
C. Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group. Create a target tracking scaling policy for the
ALBRequestCountPerTarget metric to modify the Auto Scaling group.
D. Create an Application Load Balancer (ALB). Attach the ALB to the Auto Scaling group. Create a scheduled scaling policy for the Auto
Scaling group.
Hide Answer
Suggested Answer: B
By using CloudWatch to create a metric math expression, you can calculate the approximate number of messages visible in the SQS queue for
each instance. This metric provides insights into the workload on each EC2 instance and can be used to make scaling decisions.
Creating a target tracking scaling policy for this metric allows the Auto Scaling group to automatically adjust the number of instances based on
the calculated metric, ensuring that there are enough instances to handle the increased number of messages.
upvoted 4 times
Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!
UNLIMITED ACCESS
Amazon Discussions
EXAM AWS CERTIFIED SYSOPS ADMINISTRATOR - ASSOCIATE TOPIC 1 QUESTION 420 DISCUSSION
A company has created a NAT gateway in a public subnet in a VPC. The VPC also contains a private subnet that includes Amazon EC2 instances.
The EC2 instances use the NAT gateway to access the internet to download patches and updates. The company has con5gured a VPC Zow log for
the elastic network interface of the NAT gateway. The company is publishing the output to Amazon CloudWatch Logs.
A SysOps administrator must identify the top 5ve internet destinations that the EC2 instances in the private subnet communicate with for
downloads.
What should the SysOps administrator do to meet this requirement in the MOST operationally e]cient way?
A. Use AWS CloudTrail Insights events to identify the top 5ve internet destinations.
B. Use Amazon CloudFront standard logs (access logs) to identify the top 5ve internet destinations.
C. Use CloudWatch Logs Insights to identify the top 5ve internet destinations. Most Voted
D. Change the Zow log to publish logs to Amazon S3. Use Amazon Athena to query the log 5les in Amazon S3.
Hide Answer
Suggested Answer: A
Comments
:
LemonGremlin Highly Voted 3 months, 1 week ago
Selected Answer: C
Pretty sure this is C:
To identify the top five internet destinations that the EC2 instances in the private subnet communicate with for downloads using VPC flow logs,
the most operationally efficient way would be:
C. Use CloudWatch Logs Insights to identify the top five internet destinations.
Explanation:
VPC flow logs capture information about the IP traffic going to and from network interfaces in a VPC.
The flow log data can be sent to CloudWatch Logs for analysis and monitoring.
CloudWatch Logs Insights is a fully managed service that allows you to search, analyze, and visualize log data.
upvoted 5 times
Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!