AWS Certified SysOps Administrator Associate - Practice Exam 3
The AWS Certified SysOps Administrator - Associate Certification exam is intended for system administrators working with Amazon Web Services (AWS). This certification validates your ability to efficiently deploy, manage, and operate AWS workloads, as well as implement security controls and compliance requirements.
PDF Exam Questions
Cheat Sheet
Q1
The security team has notified a SysOps Administrator that there may be a vulnerable version of software installed on some Amazon EC2 instances. How can the SysOps Administrator verify if there is a vulnerable software version on certain Amazon EC2 instances with the LEAST operational overhead?
Q2
A SysOps Administrator runs an application that uses an Amazon API Gateway REST API. The developer needs to implement a proactive monitoring solution to track the health of API responses and latencies, especially in the event of deployments that cause a service disruption despite passing deployment pipeline tests. Additionally, the solution must monitor for endpoint vulnerabilities and unauthorized modifications to APIs, URLs, and website content. Which solution will meet these requirements?
Q3
A serverless application uses an AWS Lambda function that is expected to receive a large increase in traffic during its first anniversary. How can the SysOps Administrator configure the AWS Lambda function to handle and scale with the anticipated surge in traffic effectively?
Q4
An application uses an Amazon RDS database in a single AWS Region. The company wants to add disaster recovery (DR) capability to the database across geographic locations. Which solution offers the lowest recovery time objective (RTO) and recovery point objective (RPO)?
Q5
A SysOps Administrator must configure cost-effective protection for an Amazon RDS database. It must protect against table corruption and retain backups for 30 days. How can these requirements be achieved?
Q6
A SysOps Administrator is responsible for a large fleet of Amazon EC2 instances. An important event is planned, and the Administrator needs to understand if any instances will be affected by upcoming hardware maintenance. Which option would provide this information with the LEAST administrative overhead?
Q7
What is the SIMPLEST approach the SysOps Administrator can take to ensure Amazon S3 buckets in the company's production accounts can never be deleted?
Q8
A SysOps administrator has enabled AWS CloudTrail in an AWS account. If AWS CloudTrail is disabled, what steps should the SysOps administrator take to re-enable it immediately WITHOUT writing custom code?
Q9
In order to meet the compliance standards for accreditation, a company needs to undergo an audit. As part of this process, encryption keys must be rotated a minimum of once every 365 days. What are the two most efficient approaches to fulfill this requirement with the LEAST amount of operational overhead?
Q10
An application deployed on multiple AWS regions and accessed from around the world exposes static public IP addresses, but some users are experiencing poor performance. What should a solutions architect recommend to reduce internet latency?
Q11
A company runs a fleet of Amazon EC2 instances in a private subnet. The instances must send data to peers over the internet. How can a SysOps Administrator determine which instances are generating the highest amount of network traffic, considering the recent increase in NAT gateway charges?
Q12
Which AWS tool should a security team use to obtain information on the PCI compliance status of the AWS infrastructure?
Q13
A SysOps Administrator has deployed an infrastructure stack for a company using AWS CloudFormation. The company made some manual changes to the infrastructure. How can the Administrator identify the modifications made by the company in order to update the CloudFormation template?
Q14
How can the SysOps Administrator ensure that the AWS account root user is adhering to security best practices?
Q15
A distributed application runs across many Amazon EC2 instances and processes large quantities of data. The application is designed to handle processing interruptions without causing issues. Which EC2 pricing model is the MOST cost-effective for this use case?
Q16
A company is deploying a new website that hosts dynamic content, which must not be accessible by users in specific countries or regions. How can a SysOps Administrator enforce the content restrictions? (Choose TWO.)
Q17
A company has created a static website using an Amazon S3 bucket. The static website configuration was enabled, and content has been uploaded. However, upon testing access to the site, the following error message was received: “HTTP 403 Forbidden”. What steps should be taken to resolve the error?
Q18
What solution can a SysOps administrator implement to ensure that a company's memory-intensive application, which runs on multiple Amazon EC2 instances behind an Elastic Load Balancer (ELB) and Auto Scaling Group (ASG), can scale based on the number of users accessing the application?
Q19
Which AWS CloudFormation feature will assist the SysOps Administrator in utilizing a single AWS CloudFormation template to conveniently create and manage stacks across multiple AWS accounts and regions with a single operation?
Q20
A web application uses Amazon ElastiCache with Memcached for frequently used data. Performance has been poor for a few weeks, and complaints have been raised. The metric data for the Amazon EC2 instances and the Amazon RDS instance seem normal. Nonetheless, the eviction count metrics are indicating high values. What steps can a SysOps Administrator take to resolve the performance issues?
Q21
A SysOps Administrator created an AWS CloudFormation template for the first time. The stack creation failed with a status of ROLLBACK_COMPLETE. How can the SysOps Administrator continue with the stack deployment after resolving the issues that caused the initial failure?
Q22
Employees in an IT department have been using individual AWS accounts that are not under the control of the company. What should a SysOps Administrator do to link the individual AWS accounts used by employees in the IT department to a central organization in AWS Organizations?
Q23
A SysOps Administrator must perform all system patching at 10 pm on a Wednesday. Which of the following resources require a maintenance window to be configured? (Select TWO.)
Q24
A company uses AWS Service Catalog to manage approved services. What is the MOST efficient approach for a SysOps Administrator to replicate a company's existing AWS infrastructure in a new AWS account, considering that the company utilizes an AWS Service Catalog portfolio for resource creation and management?
Q25
We must install some custom software on a fleet of Amazon EC2 instances. The installation will be initiated using some scripts. What feature lets us specify the software’s scripts during the EC2 instance launch?
Q26
A company has a web application that uses the domain name www.fullcertified.com, which is managed using Amazon Route 53. A SysOps Administrator has been asked to configure the application to be accessed using www.fullcertified.com through a CloudFront distribution in front of the application. What is the MOST cost-effective way to achieve this?
Q27
A SysOps administrator is deploying an application that must be highly available on 10 Amazon EC2 instances. The instances must be placed on distinct underlying hardware. What should the SysOps administrator do to meet these requirements?
Q28
A critical application running on Amazon EC2 instances occasionally suffers from increased read and write latency to attached Amazon EBS volumes. A SysOps administrator is attempting to configure Amazon CloudWatch alarms for the DiskReadBytes and the DiskWriteBytes metrics. However, alarms have failed to switch to the ALARM state during busy periods when users have reported performance degradation. Which action will ensure that the CloudWatch alarms function correctly?
Q29
An application is running on Amazon EC2 instances in a private subnet, and its purpose is to process images stored within an Amazon S3 bucket. The EC2 instances have an attached IAM role that provides the required permissions to access the bucket. However, the application is unable to establish connections to the S3 bucket. Which action will solve this problem MOST securely?
Q30
A group of systems administrators use IAM access keys to manage Amazon EC2 instances using the AWS CLI. The company policy mandates that access keys are automatically disabled after 60 days. Which solution can be used to automate this process?
Q31
Which service can be used to move exabytes of data into AWS cost-effectively?
Q32
An application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). One of the EC2 instances in the target group has exceeded the UnhealthyThresholdCount for consecutive health check failures. What actions will be taken next? (Select TWO.)
Q33
What steps can a SysOps Administrator take to minimize the impact of a security vulnerability found in a specific version of Linux running on select Amazon EC2 instances within a VPC while causing the LEAST disruption?
Q34
A SysOps Administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have logging enabled. Which two log sources should the SysOps Administrator check to investigate HTTP Layer 7 status codes? (Choose two.)
Q35
A developer has developed an application using an AWS Lambda function, an Amazon DynamoDB table, and Amazon SNS. However, the application is not performing as expected, and the developer needs to analyze what is happening across all application components. Which AWS Service can we use to investigate the issue?
Q36
Some users are reporting slow application response time at the start of each business day. The application consists of Amazon EC2 instances in an Auto Scaling group that scales based on CPU utilization. What action can be taken to solve this issue?
Q37
A company plans to run a public web application on Amazon EC2 instances behind an Elastic Load Balancer (ELB). The company's security team wants to protect the website by using AWS Certificate Manager (ACM) certificates. The ELB must automatically redirect any HTTP requests to HTTPS. Which solution will meet these requirements?
Q38
A SysOps Administrator made some changes to a production AWS CloudFormation stack, and the update failed and then returned the error UPDATE_ROLLBACK_FAILED. The Administrator needs to return the CloudFormation stack to its previous working state without losing existing resources. How can this be accomplished?
Q39
A company uses a NAT instance to enable Amazon EC2 instances in private subnets to download software and updates from the internet. During the last weeks, the latency on the NAT instance has increased as more EC2 instances have been deployed into the private subnets. What action should a SysOps Administrator take to reduce latency cost-efficiently and ensure scalability?
Q40
A company has deployed an application on Amazon EC2 instances behind an Application Load Balancer (ALB). The SysOps Administrator noticed an increase in the HTTPCode_ELB_5XX_Count Amazon CloudWatch metric for the load balancer. What could be a potential reason for the rise of this error?
Q41
What configuration adjustments should a SysOps Administrator make to increase the cache hit ratio for an Amazon CloudFront distribution, as it currently stands below 10%? (Choose two.)
Q42
Which solution can fulfill the needs of a company seeking to cache content worldwide and exclusively provide access to authorized users?
Q43
A legacy application that can only be scaled vertically is deployed on an Amazon EC2 m1.large instance. The SysOps Administrator realizes that the CPU utilization is over 90%, resulting in high latency. How can the Administrator address the performance issues?
Q44
A company has two VPC networks named VPC A and VPC B. The VPC A CIDR block is 10.0.0.0/16, and the VPC B CIDR block is 172.44.0.0/16. The company wants to establish a VPC peering connection named pcx-54321 between both VPCs. Which rules should appear in the route table of VPC A after configuration? (Choose two.)
Q45
A company uses an Amazon ElastiCache Memcached cluster for a popular website, and checking the CloudWatch metrics, the SysOps Administrator noticed high CPU utilization. What should the SysOps Administrator do to address these performance issues? (Select TWO.)
Q46
What is the optimal approach for securely granting temporary access to a developer who has a user account in the Development AWS account, allowing them to make modifications to resources within the Production AWS account?
Q47
A security team requires that AWS CloudTrail is always enabled in an AWS account. If CloudTrail is disabled, it must be re-enabled immediately and automatically. How can the SysOps administrator accomplish this requirement without writing any custom code?
Q48
A SysOps administrator has many Windows Amazon EC2 instances that need to share a file system between nodes. The SysOps administrator creates an Amazon Elastic File System (Amazon EFS) file share. Which action should the SysOps administrator take to mount the file share to the instances so that the EC2 instances can share the files?
Q49
A company runs a critical production application that uses an Amazon RDS MySQL database. The SysOps Administrator needs to ensure that downtime is kept to a minimum in case of a database failure. Any required changes must not impact the customer experience during business hours. What measures can the SysOps Administrator take to improve the availability of the Amazon RDS MySQL database while minimizing downtime and avoiding any negative impact on the customer experience during business hours?
Q50
A company runs an application on a single Amazon EC2 instance in a single Availability Zone (AZ). The company requires the application to be highly available. How should the Auto Scaling group be configured in order to achieve high availability? The SysOps Administrator has already set up an Application Load Balancer (ALB) and a launch configuration for the instance.
Q51
How can the SysOps Administrator access the memory utilization and OS-level metrics for a database running on Amazon Aurora, which is currently facing performance issues?
Q52
A SysOps Administrator has created an Amazon VPC with an IPv6 CIDR block. The Administrator wants to allow Amazon EC2 instances within the VPC to connect to IPv6 domains on the internet while limiting connectivity from the internet. What configuration is necessary for enabling the required connectivity?
Q53
What is the appropriate procedure for a company to reboot a virtual machine running an AWS Storage Gateway volume gateway?
Q54
A SysOps Administrator needs to add SSL/TLS encryption for a website that uses an internet-facing Application Load Balancer (ALB). What steps should the Administrator take to resolve the issue when attempting to create a certificate for the ALB fully qualified domain name (FQDN) using AWS Certificate Manager (ACM), resulting in the error message "Domain Not Allowed"?
Q55
An Amazon RDS database is encrypted using a customer-managed AWS KMS key. Snapshots of the database need to be shared with another AWS account owned by the same company, ensuring that the database remains encrypted at rest in the destination accounts. How can a SysOps administrator share the encrypted database snapshots?
Q56
A company's Virtual Private Cloud (VPC) is linked to an on-premises data center via an AWS Site-to-Site VPN connection. The company requires Amazon EC2 instances within the VPC to send DNS queries for the domain example.com to the DNS servers located in the on-premises data center. Which solution will meet these requirements?
Q57
An application requires a minimum of four instances to be constantly running to support the demand. A SysOps administrator must design a highly available, fault-tolerant architecture that meets these requirements even if one Availability Zone becomes unavailable. Which configuration would meet the minimum requirement?
Q58
A company mandates that the connectivity to an Amazon S3 bucket must remain within the AWS network using private IP addresses. A VPC endpoint has been created for this purpose, and an endpoint policy with the correct permissions has been set up, however, the Amazon EC2 instances in the VPC are still unable to access the bucket endpoint. What is the MOST likely cause of this issue?
Q59
A company's security policy states that connecting to Amazon EC2 instances is not permitted through SSH; it's only permitted by authorized staff using AWS Systems Manager Session Manager. Users report that they cannot connect to one specific Amazon EC2 instance that is running Ubuntu and has AWS Systems Manager Agent (SSM Agent) pre-installed. These users are able to use Session Manager to connect to other instances in the same subnet, and they are in an IAM group that has Session Manager permission for all instances. What action should the SysOps administrator take to resolve this issue?
Q60
An AWS Lambda function has been connected to an Amazon VPC and is no longer able to connect to an external service on the internet. How can this issue be resolved?