AWS Certified SysOps Administrator Associate - Practice Exam 1

The AWS Certified SysOps Administrator - Associate Certification exam is intended for system administrators working with Amazon Web Services (AWS). This certification validates your ability to efficiently deploy, manage, and operate AWS workloads, as well as implement security controls and compliance requirements.

PDF Exam Questions

Cheat Sheet

A company is expanding its use of AWS services across its portfolios and wants to provision AWS accounts for each team to ensure a separation of business processes for security, compliance, and billing. The provisioning of accounts and their setup should be executed in a scalable and efficient manner to ensure that new accounts are established with predefined baselines and governance policies. A SysOps administrator needs to design a provisioning process that saves time and resources. Which action should be taken to meet these requirements?

A company plans to use AWS CloudFormation to deploy multiple environments across multiple AWS Regions using a single template that can be reused for each environment deployment. What is the recommended approach to fulfill this requirement?

How can a SysOps Administrator easily identify potential cost savings by downsizing underutilized Amazon EC2 instances with MINIMAL effort?

The security team in a company is concerned about the security of AWS CloudTrail logs, and they are required to maintain a log of any changes or deletions to the log files. Which steps should a SysOps Administrator take to meet these requirements? (Select TWO.)

Each week, data needs to be loaded into an application for analysis. Multiple offices worldwide upload this data to an Amazon S3 bucket. Unfortunately, latency issues are impeding the upload process, causing delays in the analytics job. What is the SIMPLEST way to improve upload times?

The changes in a company's infrastructure must be carefully reviewed before deploying updates to their AWS CloudFormation stacks. Which action will enable an Administrator to comprehend the implications of all production changes before implementation?

Which actions does the following policy allow? (Select TWO.)

{
	"Version": "2012-10-17",
	"Statement": [
 		{
			"Action": [
				"rds:CreateDBInstance",
				"elasticloadbalancing:*",
				"lambda:*",
				"sns:ListTopics*"
     			],
			"Effect": "Allow",
			"Resource": "*"
 		}
 	]
}

The Amazon S3 buckets of a company are secured with bucket policies. There have been reports of unauthorized access attempts, and the security team has requested information about which buckets are being targeted and by whom. How should a Sysops Administrator gather the requested information? (Select TWO.)

A company is planning to securely manage one-time fixed license keys in AWS. The company's development team needs to access the license keys in automaton scripts running in Amazon EC2 instances and AWS CloudFormation stacks. Which solution will meet these requirements MOST cost-effectively?

Q10

A SysOps administrator has noticed unacceptable latency for inter-node communications in an application deployed on several Amazon EC2 instances in a VPC. The administrator must find a solution to reduce latency. Which approach should the administrator take?

Q11

A company runs an Amazon Aurora database instance. According to the AWS Shared Responsibility Model, which of the following actions are the responsibility of the customer?

Q12

An application that requires sub-millisecond latency for processing trading requests uses Amazon DynamoDB to store the trading data. During load testing, the Development team found that the latency is too high in periods of high utilization, and read capacity must be significantly over-provisioned to avoid throttling. How can the Developers meet the latency requirements of the application?

Q13

How can a SysOps Administrator restrict access to a bucket that is currently being accessed by users in different AWS accounts, ensuring that it is only accessible to users within the same account?

Q14

A company launched a static website using Amazon S3. The website is being used by hundreds of thousands of users from around the world, but they are reporting 503 service unavailable errors. What is the most likely cause of these errors?

Q15

A company runs an application on-premises that generates many gigabytes of data files each day. Which AWS service is best suited to meet the company's requirements of storing data files on the cloud while ensuring that the most recent files are available locally for low latency access?

Q16

A SysOps administrator has set up an Amazon CloudFront distribution with an Amazon S3 bucket serving as the origin. The administrator configured the CloudFront distribution to use the S3 static website endpoint as the origin domain name. During testing, the administrator encounters a 403 Access Denied error message. What action should the administrator take to resolve this issue?

Q17

A SysOps administrator must deploy an Amazon OpenSearch (formerly known as ElastiSearch) cluster in a highly available production-grade deployment. Which Amazon OpenSearch configuration should the SysOps administrator use to meet this requirement?

Q18

An application uses Lambda functions to extract metadata from files uploaded to an S3 bucket; the metadata is stored in Amazon DynamoDB. The application starts behaving unexpectedly, and the developer wants to examine the logs of the Lambda function code for errors. Based on this system configuration, where would the developer find the logs?

Q19

What is the MOST efficient way to transfer over 80 TB of data to Amazon S3, considering the company has a 50-Mbps internet connection that is heavily utilized?

Q20

A SysOps administrator is provisioning an Amazon Elastic File System (Amazon EFS) file system to provide shared storage across multiple Amazon EC2 instances. The instances all exist in the same VPC across multiple Availability Zones. There are two instances in each Availability Zone. The SysOps administrator must make the file system accessible to each instance with the lowest possible latency. Which solution will meet these requirements?

Q21

Users of a web application served using Amazon CloudFront receive 4XX and 5XX errors. Which metric should a SysOps administrator monitor for the elevated error rates in Amazon CloudFront?

Q22

A company manager is concerned about an increase in monthly costs associated with an AWS developer account used by a team of over 60 developers. The SysOps Administrator needs to determine the costs incurred per developer. What should the administrator do to collect this information? (Select TWO.)

Q23

An application that is hosted on Amazon EC2 instances behind an Application Load Balancer (ALB) handles the user authentication at the EC2 instance level. Once a user is authenticated, all requests from that user must go to the same EC2 instance. Which feature of the Elastic Load Balancer must a SysOps Administrator use to control the behavior?

Q24

A SysOps Administrator has created a new Amazon VPC in the eu-central-1 Region. A development site will be deployed running on Amazon EC2 instances. What steps must be taken to enable internet connectivity for the EC2 instances, considering that the application requires both inbound and outbound connectivity to the internet? (Select TWO.)

Q25

One of the company’s on-premise applications stores files on a Windows file server farm that uses Distributed File System Replication (DFSR) to keep data in sync. We need to replace the file server farm with a cloud solution. Which service should we use?

Q26

A SysOps Administrator needs to create a system that will conduct financial data analysis for several hours a night, 5 days a week. The analysis is expected to run for the same duration, cannot be interrupted once it is started, and will be required for a minimum period of 1 year. To guarantee the availability of EC2 instances at the required time, what configuration should the sysops administrator implement?

Q27

A manager in a company needs to see a breakdown of costs in an AWS account on a project-by-project basis. The manager would like to view this information in AWS Cost Explorer. Which combination of configuration updates should be applied? (Select TWO.)

Q28

A SysOps Administrator has stored the login credentials for a database as secure string parameters in AWS Systems Manager Parameter Store. What is the MOST secure way to grant an application running on an Amazon EC2 instance access to these credentials to access the database?

Q29

A SysOps Administrator manages a fleet of Amazon EC2 instances that use a custom Linux Amazon Machine Image (AMI). The Administrator is attempting to use AWS Systems Manager Session Manager to initiate an SSH session with one of the instances, however, the administrator is not able to locate the target instance in the Session Manager console. Which steps should the SysOps Administrator take to solve this issue? (Select TWO.)

Q30

A network administrator made a change to the networking configuration of an Amazon VPC, causing an application server running on Amazon EC2 to not be able to connect to an Amazon RDS MySQL database. What type of logs should the SysOps Administrator analyze to identify the root cause?

Q31

A SysOps administrator attempted to add more instances to a stateless web application that runs on a fleet of Amazon EC2 instances in response to an expected increase in demand. The administrator received an InstanceLimitExceeded error. What should the SysOps administrator do to resolve this error?

Q32

A SysOps Administrator launched an Amazon EC2 instance and noticed it went from the pending state to the terminated state immediately after starting it. What is a possible cause of this issue?

Q33

The performance of an Amazon RDS MySQL database has been suffering during a recent busy period, making the queries running slower than acceptable. Amazon CloudWatch metrics show a high CPU utilization for the database, reaching close to 100%. Which action should the Administrator take to resolve this issue?

Q34

A company uploaded its website files to an Amazon S3 bucket that has S3 Versioning enabled. The company uses an Amazon CloudFront distribution with the S3 bucket as the origin. The company recently modified the files, but the object names remained the same. Users report that old content still appears on the website. How should a SysOps administrator remediate this issue?

Q35

An application runs across two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones. The application uses an Amazon DynamoDB table. Amazon Route 53 record sets route requests for dynamic content to the ALB and requests for static content to an Amazon S3 bucket. Users of the application have reported poor performance with long loading times. Which actions should be taken to improve the performance of the website? (Select TWO.)

Q36

How can we move an AWS account to another AWS Organization?

Q37

How can a SysOps administrator ensure successful uploading of a 1 TB file from on-premises to an Amazon S3 bucket using multipart uploads?

Q38

What actions should be taken by a SysOps Administrator to create a CloudWatch dashboard to display custom EC2 metrics sent by the CloudWatch agent on various Amazon EC2 instances that the Administrator has previously configured?

Q39

A company has a stateful web application that is hosted on Amazon EC2 instances in an Auto Scaling group. The instances run behind an Application Load Balancer (ALB) that has a single target group and serves as the origin for an Amazon CloudFront distribution. Users are reporting random logouts from the web application. What steps should the SysOps administrator take to address the issue? (Choose two.)

Q40

A SysOps Administrator has been tasked with setting up a record set in Amazon Route 53 to point to an Application Load Balancer (ALB). What is the MOST cost-effective and efficient solution to this requirement, considering that the hosted zone and the ALB are in different accounts?

Q41

To increase application performance and redundancy, a company has decided to run multiple implementations in different AWS Regions behind network load balancers. The company currently advertises the application using two public IP addresses from separate /24 address ranges and would prefer not to change these. We should direct users to the closest available application endpoint. Which actions should a solutions architect take? (Select TWO)

Q42

An on-premises application uses Network File System shares and must access critical data frequently without code changes. Which storage solution should a Solutions Architect recommend to maximize availability and durability?

Q43

A company runs an application across two public and two private subnets in two availability zones (AZs). They use a single internet gateway and a single NAT gateway. Amazon CloudFront is used to cache static and dynamic content. What would potentially cause applications in the VPC to fail during a brief AZ outage?

Q44

During periods of heavy utilization, an EFS file system that is shared by several Amazon EC2 instances in an Auto Scaling Group experiences increased file retrieval latency. The volume of data does not change much. What should a SysOps administrator do to improve the performance of the file system?

Q45

A company uses Amazon ElastiCache Redis as the database for a web application. The database currently uses a single shard running on a large node with 20% free memory. Which actions should a SysOps Administrator perform to resize the cluster and add high availability for the database? (Select TWO.)

Q46

An Amazon RDS for MariaDB DB instance is experiencing performance issues. The SysOps administrator wants to monitor the database load by examining detailed wait events. How can the SysOps administrator achieve this objective?

Q47

Which actions can be performed to comply with the company's security policy that requires encryption for all objects uploaded to Amazon S3 buckets? (Select TWO.)

Q48

How should a SysOps administrator configure a VPC to ensure that the company's Amazon EC2 instances use only IPv6, are not accessible from the internet, but can still access the internet? The company has created a dual-stack VPC and IPv6-only subnets.

Q49

A SysOps Administrator has created an AWS Service Catalog portfolio from one account and has shared the portfolio with a second AWS account in the same company, which a different Administrator controls. Which action will the Administrator of the second account be able to perform?

Q50

An automated failover occurred in an Amazon RDS multi-AZ deployment for an eCommerce website. Which of the following conditions could potentially cause the database to failover? (Select TWO.)

Q51

A company is developing a new application running in a hybrid environment. The application processes data that must be secured, and the developers require in-transit encryption across shared networks and encryption at rest. Which actions must a SysOps Administrator perform to fulfill these requirements? (Choose TWO.)

Q52

We need to backup some application log files to Amazon S3. It is unknown how often the logs will be accessed or which logs will be accessed the most, but we must keep costs as low as possible by using the appropriate S3 storage class. Which S3 storage class meets these requirements?

Q53

An application running on Amazon EC2 was moved from a public subnet to a private subnet to increase security. This process has made the instance unable to update automatically. What needs to be done to allow the automatic updates to be completed successfully?

Q54

Due to new security compliance requirements, a SysOps Administrator needs to encrypt an Amazon RDS Multi-AZ DB instance. Which approach can the Administrator take to encrypt the database?

Q55

When creating an AWS account, a default security group is also created within the default VPN. What settings are configured within this security group by default? (Select TWO)

Q56

A SysOps Administrator notices that the Auto Scaling group of a web application does not launch new instances during busy periods, even though the maximum capacity has not been reached. What should the Administrator do to identify the cause of the issue? (Select TWO.)

Q57

A company stores sensitive data in a private Amazon S3 bucket. The data must be accessible to Amazon EC2 instances in an Amazon VPC, and all traffic must traverse the AWS private network. What actions should a SysOps administrator take to meet these requirements and ensure the traffic does not traverse the internet?

Q58

A high-performance computing (HPC) application will be migrated to the AWS Cloud. The company uses high-performance parallel storage to support the application and more economical cold storage to hold the data when the application is not actively running. Which combination of services should we use to support the application's storage needs? (Select TWO)

Q59

A SysOps administrator has deployed an application using an AWS CloudFormation stack set across multiple AWS accounts and Regions. The administrator plans to deploy an updated template and wants to test the update in a subset of the accounts and Regions before rolling it out to the entire stack set. How can the administrator implement the test update?

Q60

A company has several AWS accounts in a single organization in AWS Organizations, and a new requirement requires no Amazon S3 buckets to be deleted from its production account. What is the SIMPLEST approach to prevent the deletion of Amazon S3 buckets in the company's production account?

Q61

A company has a hybrid environment. The company has set up an AWS Direct Connect connection between the company's on-premises data center and a workload that runs in a VPC. The company uses Amazon Route 53 for DNS on AWS. The company uses a private hosted zone to manage DNS names for a set of services that are hosted on AWS. The company wants the on-premises servers to use Route 53 for DNS resolution of the private hosted zone. Which solution will meet these requirements?

Q62

For legal reasons, a financial company must store original customer records (containing personally identifiable information (PII)) for ten years. According to local regulations, PII is available to only certain people in the company and must not be shared with third parties. The company needs to make the records available to third-party organizations for statistical analysis without sharing the PII. A developer wants to store the original immutable record in Amazon S3. Depending on who accesses the S3 document, the document should be returned as is or with all the PII removed. The developer has written an AWS Lambda function (removePii) to remove the PII from the document. What should the developer do so that the company can meet the PII requirements while maintaining only one copy of the document?

Q63

A company wants to log the access to some financial reports currently stored in Amazon S3. Also, they want to detect any modifications to these log files. Which actions should they take?

Q64

An Amazon EC2 instance was launched from a Microsoft Windows 2012 AMI and is inaccessible using Remote Desktop Protocol (RDP), or over the network. Another instance was deployed using a different AMI but the same configuration options and is functioning normally. Which next step should a SysOps Administrator take to troubleshoot the problem?

Q65

A web application running on HTTP has been launched in an Amazon VPC. The application runs on Amazon EC2 instances across multiple Availability Zones behind an Application Load Balancer. A security group and network ACL have been created for the load balancer, allowing inbound traffic on port 80. During testing, the web application was found to be inaccessible from the internet. What additional action must be taken to make the web application accessible from the internet?