AWS Sysops Administrator Associate Practice Questions Part 2

If you configured an HTTPS listener on an ELB but you have not configured any
security policy which help to negotiate SSL between the ELB and Client. What will ELB
do in this scenario?

Chef turns infrastructure into code.

Which of the following is NOT one of the four areas of the performance efficiency
pillar?

Select the feature in S3 that helps replicates data across AWS regions. Choose an answer
from the options below

In five regions around the globe your website is hosted in 10 EC2 instances How could
you configure your site to maintain availability with minimum downtime if one of the five
regions was to lose network connectivity for an extended period?

The user requests to restore the archive after 6 months and has moved an object to
Glacier using the life cycle rules. When the restore request is completed the user accesses
that archive. Which of the below mentioned statements is not true in this condition?

A storage admin wants to encrypt all the objects stored in S3 using server side
encryption. The user does not want to use the AES 256 encryption key provided by S3.
How can the user achieve this?

. You are planning to deploy a production database to EC2 and need to choose the best
storage type. You anticipate that you will need 20,000 IOPS, and an average of 8,000 –
10,000 IOPS. What storage medium should you choose?

Which AWS-specific storage option would you set up for low cost, reliability, and
security? If a company is setting up an application that is used to share files. Because
these files are important to the sales team, the application must be highly available.

The user requests to restore the archive after 6 months and has moved an object
to Glacier using the life cycle rules. When the restore request is completed the user
accesses that archive. Which of the below mentioned statements is not true in this
condition?

If you want to optimize performance for a compute cluster that requires low internode
latency, which feature in the following list should you use?

The term pilot light is often used to describe a DR scenario in which a minimal version
of an environment is always running in the cloud

Which of the below mentioned AWS RDS logs cannot be viewed from the console for
MySQL?

Select the feature in S3 that helps replicates data across AWS regions. Choose an
answer from the options below

Which AWS-specific storage option would you set up for low cost, reliability, and
security? If a company is setting up an application that is used to share files. Because these
files are important to the sales team, the application must be highly available

to restrict access to data in S3 Which features can be used? Choose the 3 correct
answers from the options below

Which of the following are steps you should take in securing your Root AWS account?
(Choose 3)

IAM policies are written using ________.

Which of the following is AWS’ managed DDoS protection service?

You need to use an AWS service to assess the security and compliance of your EC2
instances. Which of the following services should you use?

Under the Shared Responsibility model, for which of the following does AWS not
assume responsibility?

The AWS Risk and Compliance Program is made up of which of the following
components? (Choose 3)

How would a system administrator add an additional layer of login security to a user’s
AWS Management Console?

True or False: The Standard version of AWS Shield offers automated application (layer
7) traffic monitoring.

Which of the below mentioned statements is not true with respect to the limitations
of IAM if an organization is planning to create a user with IAM. They are trying to
understand the limitations of IAM so that they can plan accordingly

If you configured an HTTPS listener on an ELB but you have not configured any
security policy which help to negotiate SSL between the ELB and Client. What will ELB
do in this scenario?

A user has configured ELB with SSL using a security policy for secure negotiation
between the client and load balancer. Which of the below mentioned security policies is
supported by ELB?

A storage admin wants to encrypt all the objects stored in S3 using server side
encryption. The user does not want to use the AES 256 encryption key provided by S3.
How can the user achieve this?

An organization is trying to create various IAM users. Which of the below mentioned
options is not a valid IAM username?

The user is using server side encryption for data at rest and has enabled versioning
on an S3 bucket If the user is supplying his own keys for encryption (SSE-C), what is
recommended to the user for the purpose of security?

To restrict access to data in S3 Which features can be used? Choose the 3 correct
answers from the options below.

Which of the following is true about security groups? (Choose 2)

You need to implement an automated service that will scan your AWS environment
with the goal of both improving security and reducing costs. Which service should you use?

Which of the following cloud security controls ensures that only authorized and
authenticated users are able to access your resources?

Which of the following cloud security controls ensures that only authorized and
authenticated users are able to access your resources?

Which of the following is NOT considered a fault tolerant tool?

True or False: Identity Access Management (IAM) is a Regional service

A user has launched an instance in that subnet and has created a VPC with a public
subnet and a security group. The user is still unable to connect to the instance. The internet
gateway has also been created and attached to the route table. What can be the reason for
the error?

A user has created a VPC with public and private subnets using the VPC wizard. The
user has not launched any instance manually and is trying to delete the VPC. What will
happen in this scenario?

To send traffic to a secondary host in the event that the primary host went down
What would we need to attach to a Bastion host or NAT host for high availability? Chose
the correct answer

Which AWS-specific storage option would you set up for low cost, reliability, and
security? If a company is setting up an application that is used to share files. Because
these files are important to the sales team, the application must be highly available.

A VPC has created with two subnets: one public and one private. The user is planning
to run the patch update for the instances in the private subnet. How can the instances in
the private subnet connect to the internet?

If you want to optimize performance for a compute cluster that requires low internode
latency, which feature in the following list should you use?

To prevent an IP address block from accessing public objects in an S3 bucket Which
method can be used?

How can software determine the public and private IP addresses of the Amazon EC2
instance that it is running on?

If a user wants to understand AWS SNS. Which of the given endpoint is SNS unable
to send a notification?

If you configured an HTTPS listener on an ELB but you have not configured any
security policy which help to negotiate SSL between the ELB and Client. What will ELB
do in this scenario?

A user has created a VCP with the public and private subnets using the VCP wizard.
The VCP has CID 20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is
planning to host a web server in the public subnet with port 80 and database server in the
private subnet with port 3306.The user is configuring a security group for the public
subnet (WebSecGrp) and the private subnet (DBSecGrp). Which of the below mentioned
entries is the private subnet database security group DBSecGrp?

A user has given full access of his S3 bucket to one of the IAM users using the bucket
ACL. When the IAM user logs in to the S3 console, which actions can he perform?

A user is trying to connect to a running EC2 instance using SSH. However, the user
gets an Unprotected Private Key File error. Which of the below mentioned options can be
a possible reason for rejection?