2017 February Amazon Official New Released AWS-SysOps Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
I was recommended by one of my friend, he used the Lead2pass AWS-SysOps dumps and said they are helpful. He was right! I passed my Amazon AWS-SysOps exam yesterday. I was lucky, all my questions in the exams were from Lead2pass dumps.
Following questions and answers are all new published by Amazon Official Exam Center: http://www.lead2pass.com/aws-sysops.html
QUESTION 1
You have a Linux EC2 web server instance running inside a VPC The instance is In a public subnet and has an EIP associated with it so you can connect to It over the Internet via HTTP or SSH The instance was also fully accessible when you last logged in via SSH.
and was also serving web requests on port 80.
Now you are not able to SSH into the host nor does it respond to web requests on port 80 that were working fine last time you checked
You have double-checked that all networking configuration parameters (security groups route tables.
IGW’EIP. NACLs etc) are properly configured {and you haven’t made any changes to those anyway since you were last able to reach the Instance).
You look at the EC2 console and notice that system status check shows "impaired."
Which should be your next step in troubleshooting and attempting to get the instance back to a healthy state so that you can log in again?
A. Stop and start the instance so that it will be able to be redeployed on a healthy host system
that most likely will fix the "impaired" system status
B. Reboot your instance so that the operating system will have a chance to boot in a clean
healthy state that most likely will fix the ‘impaired" system status
C. Add another dynamic private IP address to me instance and try to connect via mat new path, since the networking stack of the OS may be locked up causing the "impaired" system status.
D. Add another Elastic Network Interface to the instance and try to connect via that new path
since the networking stack of the OS may be locked up causing the "impaired" system status
E. un-map and then re-map the EIP to the instance, since the IGWVNAT gateway may not be working properly, causing the "impaired" system status
Answer: A
QUESTION 2
Your organization’s security policy requires that all privileged users either use frequently rotated passwords or one-time access credentials in addition to username/password.
Which two of the following options would allow an organization to enforce this policy for AWS users? Choose 2 answers
A. Configure multi-factor authentication for privileged 1AM users
B. Create 1AM users for privileged accounts
C. Implement identity federation between your organization’s Identity provider leveraging the
1AM Security Token Service
D. Enable the 1AM single-use password policy option for privileged users
Answer: AB
QUESTION 3
You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch.
Which method would be the best way to authenticate your CloudWatch PUT request?
A. Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to launch instances in that role
B. Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch configuration to inject the userscredentials into the instance User Data
C. Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission
to instances from the Auto Scaling group
D. Create an IAM user with the PutMetricData permission and put the credentials in a private repository and have applications on the server pull the credentials as needed
Answer: A
Explanation:
Creates an IAM role is always the best practice to give permissions to EC2 instances in order to interact with other AWS services.
QUESTION 4
You have set up Individual AWS accounts for each project.
You have been asked to make sure your AWS Infrastructure costs do not exceed the budget set per project for each month.
Which of the following approaches can help ensure that you do not exceed the budget each month?
A. Consolidate your accounts so you have a single bill for all accounts and projects
B. Set up auto scaling with CloudWatch alarms using SNS to notify you when you are running
too many Instances in a given account
C. Set up CloudWatch billing alerts for all AWS resources used by each project, with a
notification occurring when the amount for each resource tagged to a particular project
matches the budget allocated to the project.
D. Set up CloudWatch billing alerts for all AWS resources used by each account, with email notifications when it hits 50%. 80% and 90% of its budgeted monthly spend
Answer: D
Explanation:
Consolidate your accounts so you have a single bill for all accounts and projects (Consolidation will not help limit per account)
Set up auto scaling with CloudWatch alarms using SNS to notify you when you are running too many Instances in a given account (many instances do not directly map to cost and would not give exact cost)
Set up CloudWatch billing alerts for all AWS resources used by each project, with a notification occurring when the amount for each resource tagged to a particular project matches the budget allocated to the project. (as each project already has a account, no need for resource tagging)
QUESTION 5
The majority of your Infrastructure is on premises and you have a small footprint on AWS.
Your company has decided to roll out a new application that is heavily dependent on low latency connectivity to LOAP for authentication
Your security policy requires minimal changes to the company’s existing application user management processes.
What option would you implement to successfully launch this application1?
A. Create a second, independent LOAP server in AWS for your application to use for
authentication
B. Establish a VPN connection so your applications can authenticate against your existing
on-premises LDAP servers
C. Establish a VPN connection between your data center and AWS create a LDAP replica on
AWS and configure your application to use the LDAP replica for authentication
D. Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between your new and existing domains and use the new domain for
authentication
Answer: C
Explanation:
Create read replica(RODC) of main LDAP server so that LDAP read replica or RODC can authenticate with application locally.
Creating new domain and trust relationship would require lot of work and changes in exiting ldap configuration so D cannot be answer here.
QUESTION 6
When preparing for a compliance assessment of your system built inside of AWS.
What are three best-practices for you to prepare for an audit? Choose 3 answers
A. Gather evidence of your IT operational controls
B. Request and obtain applicable third-party audited AWS compliance reports and certifications
C. Request and obtain a compliance and security tour of an AWS data center for a
pre-assessment security review
D. Request and obtain approval from AWS to perform relevant network scans and in-depth penetration tests of your system’s Instances and endpoints
E. Schedule meetings with AWS’s third-party auditors to provide evidence of AWS compliance
that maps to your control objectives
Answer: ABD
QUESTION 7
You are using ElastiCache Memcached to store session state and cache database queries in your infrastructure
You notice in Cloud Watch that Evictions and GetMisses are Doth very high.
What two actions could you take to rectify this? Choose 2 answers
A. Increase the number of nodes in your cluster
B. Tweak the max-item-size parameter
C. Shrink the number of nodes in your cluster
D. Increase the size of the nodes in the duster
Answer: AD
Explanation:
http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/CacheMetrics.WhichShouldIMonitor.html
QUESTION 8
Your EC2-Based Multi-tier application includes a monitoring instance that periodically makes application-level read only requests of various application components and if any of those fail more than three times 30 seconds calls CloudWatch lo fire an alarm, and the alarm notifies your operations team by email and SMS of a possible application health problem.
However, you also need to watch the watcher-the monitoring instance itself-and be notified if it becomes unhealthy.
Which of the following Is a simple way to achieve that goal?
A. Run another monitoring instance that pings the monitoring instance and fires a could watch
alarm mat notifies your operations teamshould the primary monitoring instance become unhealthy.
B. Set a Cloud Watch alarm based on EC2 system and instance status checks and have the
alarm notify your operations team of anydetected problem with the monitoring instance.
C. Set a Cloud Watch alarm based on the CPU utilization of the monitoring instance and nave
the alarm notify your operations team if C r the CPU usage exceeds 50% few more than one minute: then have your monitoring application go into a CPU-bound loop should itDetect any application problems.
D. Have the monitoring instances post messages to an SOS queue and then dequeue those messages on another instance should D c-the queue cease to have new messages, the
second instance should first terminate the original monitoring instance start anotherbackup monitoring instance and assume (he role of the previous monitoring instance and beginning adding messages to the SOSqueue.
Answer: B
QUESTION 9
Your company Is moving towards tracking web page users with a small tracking Image loaded on each page Currently you are serving this image out of US-East, but are starting to get concerned about the time It takes to load the image for users on the west coast.
What are the two best ways to speed up serving this image? Choose 2 answers
A. Use Route 53’s Latency Based Routing and serve the image out of US-West-2 as well as
US-East-1
B. Serve the image out through CloudFront
C. Serve the image out of S3 so that it isn’t being served oft of your web application tier
D. Use EBS PIOPs to serve the image faster out of your EC2 instances
Answer: AB
Explanation:
Cloudfront gets the image closer to the user and Route53 ensures the best connection based on network latency.
QUESTION 10
An organization’s security policy requires multiple copies of all critical data to be replicated across at least a primary and backup data center.
The organization has decided to store some critical data on Amazon S3.
Which option should you implement to ensure this requirement is met?
A. Use the S3 copy API to replicate data between two S3 buckets in different regions
B. You do not need to implement anything since S3 data is automatically replicated between
regions
C. Use the S3 copy API to replicate data between two S3 buckets in different facilities within
an AWS Region
D. You do not need to implement anything since S3 data is automatically replicated between
multiple facilities within an AWS Region
Answer: D
Explanation:
You specify a region when you create your Amazon S3 bucket. Within that region, your objects are redundantly stored on multiple devices across multiple facilities. Please refer to Regional Products and Services for details of Amazon S3 service availability by region.
https://aws.amazon.com/s3/faqs/
QUESTION 11
You have been asked to propose a multi-region deployment of a web-facing application where a controlled portion of your traffic is being processed by an alternate region.
Which configuration would achieve that goal?
A. Route53 record sets with weighted routing policy
B. Route53 record sets with latency based routing policy
C. Auto Scaling with scheduled scaling actions set
D. Elastic Load Balancing with health checks enabled
Answer: A
Explanation:
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html
QUESTION 12
When creation of an EBS snapshot Is initiated but not completed the EBS volume?
A. Cannot De detached or attached to an EC2 instance until me snapshot completes
B. Can be used in read-only mode while me snapshot is in progress
C. Can be used while me snapshot Is in progress
D. Cannot be used until the snapshot completes
Answer: C
Explanation:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-copy-snapshot.html
QUESTION 13
You have been asked to leverage Amazon VPC BC2 and SOS to implement an application that submits and receives millions of messages per second to a message queue.
You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS
Which option will provide the most scalable solution for communicating between the application and SOS?
A. Ensure the application instances are properly configured with an Elastic Load Balancer
B. Ensure the application instances are launched in private subnets with the EBS-optimized
option enabled
C. Ensure the application instances are launched in public subnets with the associate-public-IP-address=true option enabled
D. Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SOS queue size
Answer: D
Explanation:
Bandwidth literally means network not IO Bandwidth. Having alerts to scale the Autoscaling is most sophisticated option.
QUESTION 14
What is a placement group?
A. A collection of Auto Scaling groups in the same Region
B. Feature that enables EC2 instances to interact with each other via nigh bandwidth, low
latency connections
C. A collection of Elastic Load Balancers in the same Region or Availability Zone
D. A collection of authorized Cloud Front edge locations for a distribution
Answer: B
Explanation:
A placement group is a logical grouping of instances within a single Availability Zone. Using placement groups enables applications to participate in a low-latency, 10 Gigabits per second (Gbps) network. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html
QUESTION 15
When an EC2 instance that is backed by an S3-based AMI Is terminated, what happens to the data on me root volume?
A. Data is automatically saved as an E8S volume.
B. Data is automatically saved as an ESS snapshot.
C. Data is automatically deleted.
D. Data is unavailable until the instance is restarted.
Answer: C
Explanation:
We recommend that you use AMIs backed by Amazon EBS, because they launch faster and use persistent storage.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html#choose-an-ami-by-root-device
QUESTION 16
You are attempting to connect to an instance in Amazon VPC without success.
You have already verified that the VPC has an Internet Gateway (IGW) the instance has an associated Elastic IP (EIP) and correct security group rules are in place.
Which VPC component should you evaluate next?
A. The configuration of a MAT instance
B. The configuration of the Routing Table
C. The configuration of the internet Gateway (IGW)
D. The configuration of SRC’DST checking
Answer: B
Explanation:
If the VPC has an IGW attached and the instance has an EIP.
You need to check the Route Tables of the subnet to verify if the default route is going through the IGW.
QUESTION 17
An application that you are managing has EC2 instances & Dynamo OB tables deployed to several AWS Regions.
In order to monitor the performance of the application globally, you would like to see two graphs 1) Avg CPU Utilization across all EC2 instances and 2) Number of Throttled Requests for all DynamoDB tables.
How can you accomplish this?
A. Tag your resources with the application name, and select the tag name as the dimension in
the Cloudwatch Management console to view the respective graphs
B. Use the Cloud Watch CLI tools to pull the respective metrics from each regional endpoint Aggregate the data offline & store it for graphing in CloudWatch.
C. Add SNMP traps to each instance and DynamoDB table Leverage a central monitoring
server to capture data from each instance and table Put the aggregate data into Cloud
Watch for graphing.
D. Add a CloudWatch agent to each instance and attach one to each DynamoDB table.
When configuring the agent set the appropriate application name & view the graphs in CloudWatch.
Answer: B
Explanation:
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Tools.CLI.html
QUESTION 18
You use S3 to store critical data for your company Several users within your group currently have lull permissions to your S3 buckets
You need to come up with a solution mat does not impact your users and also protect against the accidental deletion of objects.
Which two options will address this issue? Choose 2 answers
A. Enable versioning on your S3 Buckets
B. Configure your S3 Buckets with MFA delete
C. Create a Bucket policy and only allow read only permissions to all users at the bucket level
D. Enable object life cycle policies and configure the data older than 3 months to be archived
in Glacier
Answer: AB
Explanation:
Versioning allows easy recovery of previous file version.
MFA delete requires additional MFA authentication to delete files.
Won’t impact the users current access.
http://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html
http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html
QUESTION 19
A customer has a web application that uses cookie Based sessions to track logged in users It Is deployed on AWS using ELB and Auto Scaling
The customer observes that when load increases.
Auto Scaling launches new Instances but the load on the easting Instances does not decrease, causing all existing users to have a sluggish experience.
Which two answer choices independently describe a behavior that could be the cause of the sluggish user experience? Choose 2 answers
A. ELB’s normal behavior sends requests from the same user to the same backend instance
B. ELB’s behavior when sticky sessions are enabled causes ELB to send requests in the same session to the same backend instance
C. A faulty browser is not honoring the TTL of the ELB DNS name.
D. The web application uses long polling such as comet or websockets.
Thereby keeping a connection open to a web server tor a long time
E. The web application uses long polling such as comet or websockets.
Thereby keeping a connection open to a web server for a long time.
Answer: BD
QUESTION 20
What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment of the primary OB instance fails?
A. The IP of the primary DB instance is switched to the standby OB instance
B. The RDS (Relational Database Service) DB instance reboots
C. A new DB instance is created in the standby availability zone
D. The canonical name record (CNAME) is changed from primary to standby
Answer: D
Explanation:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html
Failover Process for Amazon RDS:
In the event of a planned or unplanned outage of your DB instance, Amazon RDS automatically switches to a standby replica in another Availability Zone if you have enabled Multi-AZ. The time it takes for the failover to complete depends on the database activity and other conditions at the time the primary DB instance became unavailable.
The failover mechanism automatically changes the DNS record of the DB instance to point to the standby DB instance. As a result, you will need to re-establish any existing connections to your DB instance.
I think Lead2pass dumps are very good for the people who do not have much time for their Amazon AWS-SysOps exam preparation. You can easily pass the exam only by memorize Lead2pass exam questions. Believe or not, I did so and I passed my AWS-SysOps exam.
AWS-SysOps new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDekE1aUpSVGNHbWM
2017 Amazon AWS-SysOps exam dumps (All 332 Q&As) from Lead2pass:
http://www.lead2pass.com/aws-sysops.html [100% Exam Pass Guaranteed]