AWS Certified SysOps Administrator Associate - Practice Exam 2
The AWS Certified SysOps Administrator - Associate Certification exam is intended for system administrators working with Amazon Web Services (AWS). This certification validates your ability to efficiently deploy, manage, and operate AWS workloads, as well as implement security controls and compliance requirements.
PDF Exam Questions
Cheat Sheet
Q1
A SysOps Administrator manages a web application that is deployed in an on-premises data center and on Amazon EC2 instances. Crashes have been reported across on-premises servers and EC2 instances, and the Administrator suspects a memory leak. What is the SIMPLEST way of monitoring the memory usage of both the EC2 instances and on-premises servers over time?
Q2
A company security and compliance policy mandates that specific AMIs are approved for usage in the company's AWS accounts. What should a SysOps Administrator do to ensure Amazon EC2 instances comply with this policy?
Q3
How can a SysOps Administrator prevent accidentally terminating several critical Amazon EC2 instances?
Q4
A company uses AWS CloudFormation templates to deploy cloud infrastructure. An analysis shows that redundant components have been declared in multiple AWS CloudFormation templates. A SysOps administrator must create dedicated templates with unique parameters and conditions for these common components. Which solution will meet this requirement?
Q5
How can a company ensure each department operates within its own isolated environment while only allowing pre-approved AWS services?
Q6
A company stores critical data in Amazon S3 buckets. A SysOps administrator must build a solution to record all S3 API activity. Which action will meet this requirement?
Q7
Which actions are allowed for the IAM user based on the policy that has been attached to this user?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "rds:Describe*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ec2:*",
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:Region": "us-east-1"
}
},
},
{
"Effect": "Deny",
"NotAction": [
"ec2:*",
"s3:GetObject"
],
"Resource": "*"
}
]
}
Q8
A company uses Amazon S3 to store media content that global users will consume. The media is served through an Amazon CloudFront distribution. Due to agreements in place, the content should not be viewable in certain countries. What is the MOST cost-effective solution to block access in specific countries?
Q9
A company runs a serverless application on AWS Lambda, which utilizes an Amazon RDS for MySQL DB instance to store data. Recently, the application has encountered frequent "too many connections" errors when the Lambda function tries to connect to the database. The company has already maximized the max_connections value within the database configuration. What action should a SysOps administrator take to address these errors?
Q10
Amazon Glacier will be used to archive the data to comply with a company's policy requirement to retain data for a minimum of 7 years. Which configuration option should be used to meet the compliance requirement?
Q11
An Amazon EFS file system that is being used by several Amazon EC2 instances stores sensitive data. The manager has requested the data to be encrypted at rest. How can a SysOps Administrator enable encryption for the EFS file system?
Q12
A company with an AWS Lambda function in Account A needs to read the objects in an Amazon S3 bucket in Account B. A SysOps administrator must create corresponding IAM roles in both accounts. Which solution will meet these requirements?
Q13
A company uses AWS Organizations to manage several AWS accounts. A SysOps Administrator must create a new account for a department and configure user-defined cost allocation tags. What steps should the SysOps Administrator take to enable user-defined cost allocation tags?
Q14
The Development team is responsible for a hybrid cloud environment composed of EC2 instances and an on-premise server. The application hosted on the EC2 instances depends on the on-premises application for proper functioning. In case of any application errors, the developer wants to be able to use Amazon CloudWatch to monitor and troubleshoot all applications from one place. How can the Development team collect this information MOST efficiently?
Q15
A company wants to securely share an object from an Amazon S3 bucket that does NOT have public access enabled to users without AWS accounts. What is the MOST operationally efficient solution for meeting this requirement?
Q16
A consulting company deploys applications for many customers in a single AWS account and AWS Region. The consultants use a base AWS CloudFormation template to configure a new VPC for each application. When a consultant attempted to deploy an application for a new customer, it failed. A SysOps Administrator has been asked to determine the cause of the failure. What is most likely to be the problem?
Q17
A SysOps Administrator successfully launched an Amazon EC2 instance in the eu-north-1 Region using an AWS CloudFormation template. What is the MOST likely cause for the failure of the stack creation when a SysOps Administrator tries to launch an EC2 instance in the eu-central-1 Region using the same AWS CloudFormation template?
Q18
A company has several AWS accounts and has set up consolidated billing through AWS Organizations. The costs have increased over the last few months. What is the MOST comprehensive tool a SysOps Administrator can use to identify the cause of the increased costs?
Q19
A company has requested that only t3.micro instance type must be used by Developers using a dedicated testing account. A SysOps Administrator has created an AWS Organizations SCP and applied it to the correct OU. However, Developers are still able to launch other instance types. What needs to be corrected in the SCP policy statement?
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "RequireT3MicroInstance",
"Action": "ec2:RunInstances",
"Effect": "Deny",
"Resource": "arn:aws:ec2:*:*:instance/*",
"Condition": {
"StringEquals": {
"ec2:InstanceType": "t3.micro"
}
},
}
]
}
Q20
A company plans to use Amazon Route 53 to enable high availability for a website running on-premises. The website consists of an active and passive server. Route 53 must be configured to route traffic to the primary active server if the associated health returns a 2xx status code. All other traffic should be directed to the secondary passive server. A SysOps Administrator needs to configure the record type and health check. Which options should the Administrator choose?
Q21
A SysOps Administrator must choose an EBS volume type that will be attached to an Amazon EC2 instance. A big data application will utilize the desired volume, and the application data will be accessed infrequently and stored sequentially. Which EBS volume type will be the MOST cost-effective solution?
Q22
A SysOps Administrator has been tasked with monitoring all object upload and download activity relating to an Amazon S3 bucket. The monitoring must include tracking the AWS account of the caller, the IAM user role of the caller, the time of the API call, and the IP address of the API. What should the SysOps Administrator do to meet the requirements?
Q23
A developer has an application that stores data in an Amazon S3 bucket. The application uses an HTTP API to store and retrieve objects. When the PutObject API operation adds objects to the S3 bucket, the developer must encrypt these objects at rest by using server-side encryption with Amazon S3 managed keys (SSE-S3). Which solution will meet this requirement?
Q24
A company migrates a write-once, ready-many (WORM) drive to an Amazon S3 bucket that has S3 Object Lock configured in governance mode. During the migration, the company copies unneeded data to the S3 bucket. A SysOps administrator attempts to delete the unneeded data from the S3 bucket using the AWS CLI. However, the SysOps administrator receives an error. Which steps should the SysOps administrator take to delete the unneeded data successfully? (Choose two.)
Q25
A SysOps administrator is trying to connect to an Amazon EC2 instance, which keeps returning a “request timed out” error message. The instance's private IP address is 172.31.16.24, and the administrator connects from the public IP address 200.10.10.15. What could cause the problem if the VPC flow log has captured the following information?
2 <accountId> <eniId> 200.10.10.15 172.31.16.24 0 0 1 4 232 1357101112 1357101182 ACCEPT OK
2 <accountId> <eniId> 172.31.16.24 200.10.10.15 0 0 1 4 232 1357101112 1357101182 REJECT OK
Q26
A SysOps Administrator typically manages an Amazon EC2 instance using SSH from the corporate network. What could be the most likely cause of a connection timeout when the Administrator, who works from home, tries to connect to an Amazon EC2 instance?
Q27
A highly available environment includes Amazon EC2 instances and an Amazon RDS Multi-AZ database. The EC2 instances are in an Auto Scaling group behind an Application Load Balancer. A SysOps administrator needs to decrease the failover time of the RDS database by at least 10%. Which solution will meet this requirement?
Q28
A group of developers have been given access to a separate AWS account to work on a new project. The developers require full administrative access to create IAM policies and roles in the account, but corporate policies require that a few specific AWS services be blocked for them. What is the BEST way to grant the Developers privileges in the new account while still ensuring compliance with corporate policies?
Q29
A company has requested that all Amazon S3 buckets must have logging enabled. A SysOps Administrator needs to ensure that the compliance requirements are met while still allowing teams to create buckets. How can this be achieved for both existing and new S3 buckets?
Q30
Which AWS tool can a company use to track the allocation of Reserved instance discounts in its consolidated bill?
Q31
A Developer needs to capture information about the IP traffic that enters and leaves the network interfaces in a VPC. The application is hosted on an Auto Scaling group of EC2 instances with an Elastic Load Balancer. How can the Developer achieve this task?
Q32
A SysOps Administrator using Amazon Inspector to assess Amazon EC2 instances has noticed that some security findings are missing for some instances. Which action should the Administrator take to attempt to resolve this issue?
Q33
A large (2GB) file needs to be uploaded to an S3 bucket. What is the recommended way to upload a single large file to an S3 bucket?
Q34
A website runs on Amazon EC2 instances and uses an Amazon RDS database with the MySQL engine. A caching layer based on Amazon ElastiCache for Redis (cluster mode enabled) is used to improve read performance. A significant traffic increase is expected, potentially doubling the load on the website. What can a SysOps Administrator do to ensure improved read times for users during the event?
Q35
Which placement group strategy should a SysOps administrator choose to migrate high-performance computing (HPC) virtual machines (VMs) to Amazon EC2 instances on AWS to minimize network latency and maximize network throughput between the HPC VMs?
Q36
In the process of enabling cross-account access between a production account and a development account, there is a need to establish an IAM role and associate it with a permissions policy. According to the AWS shared responsibility model, who is responsible for creating the IAM role and attaching the policy?
Q37
An application uploads periodic logs to an Amazon S3 bucket. The logs must be immediately available but are not frequently accessed. To ensure cost-efficiency, which lifecycle rule should be created?
Q38
Which solution can help a company track the number of Amazon EC2 instances running and automatically increase service quotas when a particular threshold is reached?
Q39
A SysOps Administrator must ensure that the EC2 instances from a business-critical application are automatically recovered if they become impaired due to an underlying hardware failure. Which service can the Administrator use to monitor and recover the EC2 instances?
Q40
An application server running on an Amazon EC2 instance recently failed due to an Amazon EBS volume running out of space, causing a critical application outage. Which steps should a SysOps Administrator take to prevent this from happening again?
Q41
A finance application running on Amazon EC2 instances requires both incoming and outgoing connectivity to the internet. Which actions must a SysOps administrator take to provide the necessary connectivity? (Select TWO.)
Q42
A popular web application uses an Amazon DynamoDB table for storing customer transaction data. A SysOps administrator needs to add disaster recovery protection for the DynamoDB table. The table should be replicated in another AWS Region. What should the SysOps administrator do to meet this requirement?
Q43
An application consists of AWS Lambda as the backend and Amazon RDS Aurora MySQL as the database. The Lambda function must use database credentials to authenticate to MySQL, but the lambda function must not store these credentials by itself. How can we securely store the database credentials and make them available to the function?
Q44
A company has two AWS accounts and has configured a VPC peering connection between them with non-overlapping CIDR blocks. The company requires that instances in the private subnets of each VPC can ping instances in the private subnets of the other VPC. What action should be taken to meet this requirement?
Q45
A SysOps Administrator created a script that generates custom Amazon CloudWatch metrics. A misconfigured clock on the EC2 instance is causing log timestamps to be set 30 minutes in the past. What will be the result of this situation?
Q46
What is the SIMPLEST way to secure the database connection string and enable automatic rotation every 30 days for an application that utilizes AWS Lambda and an Amazon RDS database?
Q47
An Amazon EBS volume is attached to an Amazon EC2 instance running a database and is encrypted using AWS KMS customer-managed customer master keys (CMKs). A SysOps Administrator wants to rotate the AWS KMS keys using automatic key rotation and needs to ensure that the EBS volume encrypted with the current key remains readable. What should be done to accomplish this?
Q48
A critical Amazon EC2 instance has stopped responding, and the EC2 management console indicates that the system status checks are impaired. What should the SysOps Administrator do as the first step to resolve this issue?
Q49
A company runs a custom application on a set of on-premises Linux servers accessed using Amazon API Gateway. AWS X-Ray tracing has been enabled on the API test stage. How can a developer enable X-Ray tracing on the on-premises servers with the LEAST amount of configuration?
Q50
An e-commerce site uses Amazon ElastiCache with Memcached to store a web application's session state and to cache frequently used data. Lately, the users have been complaining about performance. The metric data for the Amazon EC2 instances and the Amazon RDS instance appear normal, but the eviction count metrics are high. What should be done to address this issue and improve performance?
Q51
A company has separate AWS accounts for its development and production teams and uses federated login with single sign-on (SSO). Both accounts are under one organization in AWS Organizations. How can the SysOps Administrator restrict users in the development team's account to only launch T2 instances in the us-east-1 Region? (Select TWO.)
Q52
A company uses AWS Organizations to manage its multi-account environment. The organization contains a dedicated account for security and a dedicated account for logging. How can a SysOps administrator implement a centralized solution to receive alerts when resource metrics in any account exceed a specified threshold?
Q53
An AWS Organization has an organizational unit (OU) with multiple member accounts. The company needs to restrict the ability to launch only specific Amazon EC2 instance types. How can this policy be applied across the accounts with the least effort?
Q54
A SysOps Administrator has been tasked with deploying a web application on two Amazon EC2 instances behind an Application Load Balancer (ALB). The database layer will also run on two EC2 instances. The deployment should incorporate high availability across Availability Zones (AZs) and minimize public access. How should this be achieved within an Amazon VPC?
Q55
A company runs an application on Amazon EC2 instances in a VPC private subnet. The instances must upload objects to an Amazon S3 bucket. The company requires access to the bucket to be restricted to the EC2 instances in the private network, and data must not traverse the public network. What actions should the SysOps Administrator take to meet these requirements?
Q56
What is the MOST operationally efficient solution for a SysOps administrator to automatically shut down any Amazon EC2 instances with less than 10% average CPU utilization after monitoring for 60 minutes or more?
Q57
A website with dynamic and static content runs on Amazon EC2 instances behind an Application Load Balancer (ALB). Customers around the world are reporting performance issues with the website. How can we improve the website performance for users worldwide?
Q58
How can a developer efficiently retrieve various types of variables, such as authentication information for a remote API, the URL for the API, and credentials, if they need to be securely stored and accessible to all current and future versions of the application across different environments (development, testing, and production) while minimizing the number of changes made to the application?
Q59
An Amazon EBS volume has an error status. What can a SysOps Administrator do to bring the volume back online?
Q60
A company delivers content to subscribers distributed globally from an application that uses a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). We need to block access to the application for specific countries. What is the EASIEST method to meet this requirement?
Q61
A company is expanding globally and needs to back up data on Amazon Elastic Block Store (Amazon EBS) volumes to a different AWS Region. Most of the EBS volumes that store the data are encrypted, but some of the EBS volumes are unencrypted. The company needs the backup data from all the EBS volumes to be encrypted. Which solution will meet these requirements with the LEAST management overhead?
Q62
A company runs a highly elastic application across hundreds of Amazon EC2 instances in private subnets. The application uses EC2 Auto Scaling, which launches and terminates instances across three Availability Zones (AZs). The application connects to a third-party API over the public internet, and the SysOps administrator must provide a list of static IP addresses for the third party to whitelist in their firewalls. Which solution will meet these requirements?
Q63
In order to comply with security and compliance requirements, a company needs to ensure that an application deployed on Amazon EC2 instances within a private subnet is not accessible from the internet. However, the SysOps team still needs to be able to manage these instances using the SSH protocol from the corporate office. Which two actions should be taken to allow SSH access to the EC2 instances while maintaining security and compliance?
Q64
A custom application runs on a fleet of Amazon EC2 instances behind a Network Load Balancer and runs in a single AWS region in the United States. The application provides an SFTP endpoint to users. However, European users have complained about experiencing significant high latency and connection instability since the application's expansion into Europe. A SysOps administrator must improve the performance and stability of the application. What steps should the SysOps administrator take to enhance the performance and stability of the custom application?
Q65
A company needs to test its applications in 3 separate VPCs. A peering topology is configured with VPC-A peered with VPC-B and VPC-B with VPC-C. The development team wants to modify the process to release code directly from VPC-A to VPC-C. How can this be accomplished?