[Full Version] Free Lead2pass Amazon AWS-SysOps PDF Dumps With New Update Exam Questions (181-200)
2017 February Amazon Official New Released AWS-SysOps Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
2017 timesaving comprehensive guides for Amazon AWS-SysOps exam: Using latest released Lead2pass AWS-SysOps exam questions, quickly pass AWS-SysOps exam 100%! Following questions and answers are all new published by Amazon Official Exam Center!
Following questions and answers are all new published by Amazon Official Exam Center: http://www.lead2pass.com/aws-sysops.html
QUESTION 181
An organization has setup Auto Scaling with ELB.
Due to some manual error, one of the instances got rebooted.
Thus, it failed the Auto Scaling health check.
Auto Scaling has marked it for replacement.
How can the system admin ensure that the instance does not get terminated?
A. Update the Auto Scaling group to ignore the instance reboot event
B. It is not possible to change the status once it is marked for replacement
C. Manually add that instance to the Auto Scaling group after reboot to avoid replacement
D. Change the health of the instance to healthy using the Auto Scaling commands
Answer: D
Explanation:
After an instance has been marked unhealthy by Auto Scaling, as a result of an Amazon EC2 or ELB health check, it is almost immediately scheduled for replacement as it will never automatically recover its health. If the user knows that the instance is healthy then he can manually call the SetInstanceHealth action (or the as-setinstance-health command from CLI. to set the instance’s health status back to healthy. Auto Scaling will throw an error if the instance is already terminating or else it will mark it healthy.
QUESTION 182
A user has launched two EBS backed EC2 instances in the US-East-1a region.
The user wants to change the zone of one of the instances.
How can the user change it?
A. The zone can only be modified using the AWS CLI
B. It is not possible to change the zone of an instance after it is launched
C. Stop one of the instances and change the availability zone
D. From the AWS EC2 console, select the Actions – > Change zones and specify the new zone
Answer: B
Explanation:
With AWS EC2, when a user is launching an instance he can select the availability zone (AZ. at the time of launch. If the zone is not selected, AWS selects it on behalf of the user. Once the instance is launched, the user cannot change the zone of that instance unless he creates an AMI of that instance and launches a new instance from it.
QUESTION 183
A user is trying to send custom metrics to CloudWatch using the PutMetricData APIs.
Which of the below mentioned points should the user needs to take care while sending the data to CloudWatch?
A. The size of a request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests
B. The size of a request is limited to 128KB for HTTP GET requests and 64KB for HTTP POST requests
C. The size of a request is limited to 40KB for HTTP GET requests and 8KB for HTTP POST requests
D. The size of a request is limited to 16KB for HTTP GET requests and 80KB for HTTP POST requests
Answer: A
Explanation:
With AWS CloudWatch, the user can publish data points for a metric that share not only the same time stamp, but also the same namespace and dimensions. CloudWatch can accept multiple data points in the same PutMetricData call with the same time stamp. The only thing that the user needs to take care of is that the size of a PutMetricData request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests.
QUESTION 184
A user is using a small MySQL RDS DB.
The user is experiencing high latency due to the Multi AZ feature.
Which of the below mentioned options may not help the user in this situation?
A. Schedule the automated back up in non-working hours
B. Use a large or higher size instance
C. Use PIOPS
D. Take a snapshot from standby Replica
Answer: D
Explanation:
An RDS DB instance which has enabled Multi AZ deployments may experience increased write and commit latency compared to a Single AZ deployment, due to synchronous data replication. The user may also face changes in latency if deployment fails over to the standby replica. For production workloads, AWS recommends the user to use provisioned IOPS and DB instance classes (m1.large and larger. as they are optimized for provisioned IOPS to give a fast, and consistent performance. With Multi AZ feature, the user can not have option to take snapshot from replica.
QUESTION 185
A user has setup an EBS backed instance and attached 2 EBS volumes to it.
The user has setup a CloudWatch alarm on each volume for the disk data.
The user has stopped the EC2 instance and detached the EBS volumes.
What will be the status of the alarms on the EBS volume?
A. OK
B. Insufficient Data
C. Alarm
D. The EBS cannot be detached until all the alarms are removed
Answer: B
Explanation:
Amazon CloudWatch alarm watches a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. Alarms invoke actions only for sustained state changes. There are three states of the alarm: OK, Alarm and Insufficient data. In this case since the EBS is detached and inactive the state will be Insufficient.
QUESTION 186
A user has created a VPC with CIDR 20.0.0.0/16 using the wizard.
The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user’s data centre.
The user’s data centre has CIDR 172.28.0.0/12.
The user has also setup a NAT instance (i-123456. to allow traffic to the internet from the VPN subnet.
Which of the below mentioned options is not a valid entry for the main route table in this scenario?
A. Destination: 20.0.1.0/24 and Target: i-12345
B. Destination: 0.0.0.0/0 and Target: i-12345
C. Destination: 172.28.0.0/12 and Target: vgw-12345
D. Destination: 20.0.0.0/16 and Target: local
Answer: A
Explanation:
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the user has setup a NAT instance to route all the internet requests then all requests to the internet should be routed to it. All requests to the organization’s DC will be routed to the VPN gateway.
Here are the valid entries for the main route table in this scenario:
Destination: 0.0.0.0/0 & Target: i-12345 (To route all internet traffic to the NAT Instance. Destination: 172.28.0.0/12 & Target: vgw-12345 (To route all the organization’s data centre traffic to the VPN gateway.
Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC.
QUESTION 187
A user is trying to pre-warm a blank EBS volume attached to a Linux instance.
Which of the below mentioned steps should be performed by the user?
A. There is no need to pre-warm an EBS volume
B. Contact AWS support to pre-warm
C. Unmount the volume before pre-warming
D. Format the device
Answer: A
QUESTION 188
A user has enabled termination protection on an EC2 instance.
The user has also set Instance initiated shutdown behaviour to terminate.
When the user shuts down the instance from the OS, what will happen?
A. The OS will shutdown but the instance will not be terminated due to protection
B. It will terminate the instance
C. It will not allow the user to shutdown the instance from the OS
D. It is not possible to set the termination protection when an Instance initiated shutdown is set
to Terminate
Answer: B
Explanation:
It is always possible that someone can terminate an EC2 instance using the Amazon EC2 console, command line interface or API by mistake. If the admin wants to prevent the instance from being accidentally terminated, he can enable termination protection for that instance. The user can also setup shutdown behaviour for an EBS backed instance to guide the instance on what should be done when he initiates shutdown from the OS using Instance initiated shutdown behaviour. If the instance initiated behaviour is set to terminate and the user shuts off the OS even though termination protection is enabled, it will still terminate the instance.
QUESTION 189
An organization has applied the below mentioned policy on an IAM group which has selected the IAM users.
What entitlements do the IAM users avail with this policy?
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “*”,
“Resource”: “*”
}
]
}
A. The policy is not created correctly.
It will throw an error for wrong resource name
B. The policy is for the group.
Thus, the IAM user cannot have any entitlement to this
C. It allows full access to all AWS services for the IAM users who are a part of this group
D. If this policy is applied to the EC2 resource, the users of the group will have full access to the
EC2 Resources
Answer: C
Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The IAM group allows the organization to specify permissions for a collection of users. With the below mentioned policy, it will allow the group full access (Admin. to all AWS services.
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “*”,
“Resource”: “*”
}
]
}
QUESTION 190
A user has granted read/write permission of his S3 bucket using ACL.
Which of the below mentioned options is a valid ID to grant permission to other AWS accounts (grantee. using ACL?
A. IAM User ID
B. S3 Secure ID
C. Access ID
D. Canonical user ID
Answer: D
Explanation:
An S3 bucket ACL grantee can be an AWS account or one of the predefined Amazon S3 groups. The user can grant permission to an AWS account by the email address of that account or by the canonical user ID. If the user provides an email in the grant request, Amazon S3 finds the canonical user ID for that account and adds it to the ACL. The resulting ACL will always contain the canonical user ID for the AWS account, and not the AWS account’s email address.
QUESTION 191
A root account owner is trying to understand the S3 bucket ACL.
Which of the below mentioned options cannot be used to grant ACL on the object using the authorized predefined group?
A. Authenticated user group
B. All users group
C. Log Delivery Group
D. Canonical user group
Answer: D
Explanation:
An S3 bucket ACL grantee can be an AWS account or one of the predefined Amazon S3 groups. Amazon S3 has a set of predefined groups. When granting account access to a group, the user can specify one of the URLs of that group instead of a canonical user ID.
AWS S3 has the following predefined groups:
Authenticated Users group: It represents all AWS accounts.
All Users group: Access permission to this group allows anyone to access the resource.
Log Delivery group: WRITE permission on a bucket enables this group to write server access logs to the bucket.
QUESTION 192
An organization has configured Auto Scaling for hosting their application.
The system admin wants to understand the Auto Scaling health check process.
If the instance is unhealthy, Auto Scaling launches an instance and terminates the unhealthy instance.
What is the order execution?
A. Auto Scaling launches a new instance first and then terminates the unhealthy instance
B. Auto Scaling performs the launch and terminate processes in a random order
C. Auto Scaling launches and terminates the instances simultaneously
D. Auto Scaling terminates the instance first and then launches a new instance
Answer: D
Explanation:
Auto Scaling keeps checking the health of the instances at regular intervals and marks the instance for replacement when it is unhealthy. The ReplaceUnhealthy process terminates instances which are marked as unhealthy and subsequently creates new instances to replace them. This process first terminates the instance and then launches a new instance.
QUESTION 193
A user has created an EBS volume of 10 GB and attached it to a running instance.
The user is trying to access EBS for first time.
Which of the below mentioned options is the correct statement with respect to a first time EBS access?
A. The volume will show a size of 8 GB
B. The volume will show a loss of the IOPS performance the first time
C. The volume will be blank
D. If the EBS is mounted it will ask the user to create a file system
Answer: C
QUESTION 194
A user has enabled versioning on an S3 bucket.
The user is using server side encryption for data at rest.
If the user is supplying his own keys for encryption (SSE-C., what is recommended to the user for the purpose of security?
A. The user should not use his own security key as it is not secure
B. Configure S3 to rotate the user’s encryption key at regular intervals
C. Configure S3 to store the user’s keys securely with SSL
D. Keep rotating the encryption key manually at the client side
Answer: D
Explanation:
AWS S3 supports client side or server side encryption to encrypt all data at Rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key (SSE-C.. Since S3 does not store the encryption keys in SSE-C, it is recommended that the user should manage keys securely and keep rotating them regularly at the client side version.
QUESTION 195
An AWS root account owner is trying to create a policy to access RDS.
Which of the below mentioned statements is true with respect to the above information?
A. Create a policy which allows the users to access RDS and apply it to the RDS instances
B. The user cannot access the RDS database if he is not assigned the correct IAM policy
C. The root account owner should create a policy for the IAM user and give him access to the
RDS services
D. The policy should be created for the user and provide access for RDS
Answer: C
Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the account owner wants to create a policy for RDS, the owner has to create an IAM user and define the policy which entitles the IAM user with various RDS services such as Launch Instance, Manage security group, Manage parameter group etc.
QUESTION 196
A user has a weighing plant.
The user measures the weight of some goods every 5 minutes and sends data to AWS CloudWatch for monitoring and tracking.
Which of the below mentioned parameters is mandatory for the user to include in the request list?
A. Value
B. Namespace
C. Metric Name
D. Timezone
Answer: B
Explanation:
AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. The user can publish the data to CloudWatch as single data points or as an aggregated set of data points called a statistic set.
The user has to always include the namespace as part of the request. The user can supply a file instead of the metric name. If the user does not supply the timezone, it accepts the current time.
If the user is sending the data as a single data point it will have parameters, such as value. However, if the user is sending as an aggregate it will have parameters, such as statistic-values.
QUESTION 197
A user has created a Cloudformation stack.
The stack creates AWS services, such as EC2 instances, ELB, AutoScaling, and RDS.
While creating the stack it created EC2, ELB and AutoScaling but failed to create RDS.
What will Cloudformation do in this scenario?
A. Cloudformation can never throw an error after launching a few services since it verifies all
the steps before launching
B. It will warn the user about the error and ask the user to manually create RDS
C. Rollback all the changes and terminate all the created services
D. It will wait for the user’s input about the error and correct the mistake after the input
Answer: C
Explanation:
AWS Cloudformation is an application management tool which provides application modelling, deployment, configuration, management and related activities. The AWS Cloudformation stack is a collection of AWS resources which are created and managed as a single unit when AWS CloudFormation instantiates a template. If any of the services fails to launch, Cloudformation will rollback all the changes and terminate or delete all the created services.
QUESTION 198
A user has configured ELB with Auto Scaling.
The user suspended the Auto Scaling terminate process only for a while.
What will happen to the availability zone rebalancing process (AZRebalance. during this period?
A. Auto Scaling will not launch or terminate any instances
B. Auto Scaling will allow the instances to grow more than the maximum size
C. Auto Scaling will keep launching instances till the maximum instance size
D. It is not possible to suspend the terminate process while keeping the launch active
Answer: B
Explanation:
Auto Scaling performs various processes, such as Launch, Terminate, Availability Zone Rebalance (AZRebalance. etc. The AZRebalance process type seeks to maintain a balanced number of instances across Availability Zones within a region. If the user suspends the Terminate process, the AZRebalance process can cause the Auto Scaling group to grow up to ten percent larger than the maximum size. This is because Auto Scaling allows groups to temporarily grow larger than the maximum size during rebalancing activities. If Auto Scaling cannot terminate instances, the Auto Scaling group could remain up to ten percent larger than the maximum size until the user resumes the Terminate process type.
QUESTION 199
A user is trying to create a PIOPS EBS volume with 8 GB size and 200 IOPS.
Will AWS create the volume?
A. Yes, since the ratio between EBS and IOPS is less than 30
B. No, since the PIOPS and EBS size ratio is less than 30
C. No, the EBS size is less than 10 GB
D. Yes, since PIOPS is higher than 100
Answer: A
Explanation:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html
An io1 volume can range in size from 4 GiB to 16 TiB and you can provision up to 20,000 IOPS per volume. The ratio of IOPS provisioned to the volume size requested can be a maximum of 30; for example, a volume with 3,000 IOPS must be at least 100 GiB. You can stripe multiple volumes together in a RAID configuration for larger size and greater performance.
QUESTION 200
A sysadmin has created the below mentioned policy on an S3 bucket named cloudacademy.
The bucket has both AWS.jpg and index.html objects.
What does this policy define?
“Statement”: [{
“Sid”: “Stmt1388811069831”,
“Effect”: “Allow”,
“Principal”: { “AWS”: “*”},
“Action”: [ “s3:GetObjectAcl”, “s3:ListBucket”, “s3:GetObject”],
“Resource”: [ “arn:aws:s3:::cloudacademy/*.jpg]
}]
A. It will make all the objects as well as the bucket public
B. It will throw an error for the wrong action and does not allow to save the policy
C. It will make the AWS.jpg object as public
D. It will make the AWS.jpg as well as the cloudacademy bucket as public
Answer: B
Explanation:
A sysadmin can grant permission to the S3 objects or the buckets to any user or make objects public using the bucket policy and user policy. Both use the JSON-based access policy language. Generally if user is defining the ACL on the bucket, the objects in the bucket do not inherit it and vice a versa. The bucket policy can be defined at the bucket level which allows the objects as well as the bucket to be public with a single policy applied to that bucket. In the below policy the action says “S3:ListBucket” for effect Allow and when there is no bucket name mentioned as a part of the resource, it will throw an error and not save the policy.
“Statement”: [{
“Sid”: “Stmt1388811069831”,
“Effect”: “Allow”,
“Principal”: { “AWS”: “*”},
“Action”: [ “s3:GetObjectAcl”, “s3:ListBucket”, “s3:GetObject”], “Resource”: [ “arn:aws:s3:::cloudacademy/*.jpg]
}]
Lead2pass is confident that our NEW UPDATED AWS-SysOps exam questions and answers are changed with Amazon Official Exam Center. If you cannot pass AWS-SysOps exam, never mind, we will return your full money back! Visit Lead2pass exam dumps collection website now and download AWS-SysOps exam dumps instantly today!
AWS-SysOps new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDekE1aUpSVGNHbWM
2017 Amazon AWS-SysOps exam dumps (All 332 Q&As) from Lead2pass:
http://www.lead2pass.com/aws-sysops.html [100% Exam Pass Guaranteed]