Uncategorised

AWS Certified SysOps Administrator – Chapter – 2

May 3, 2021 comments off

Review Questions

Which of the following is a dependency of the AWS CLI for Mac and Linux?

  • C++
  • Python
  • Java
  • .NET SDK

Which of the following AWS CLI output formats is best geared toward human viewing?

  • Table
  • JSON
  • Text

How can one split apart a long AWS CLI command line to make it more easily readable by the operator?

  • Use the semi-colon (;) between statements, with a newline after each backslash.
  • Press Enter after every three words, followed by the Enter key twice at the end of the statement.
  • Use backslashes () every few word, with a newline after each backslash.
  • Use the tab key between each word.

For which languages are AWS SDKs available? (Choose all that apply.)

  • Ruby
  • Basic
  • Perl
  • Python
  • Pascal

Which command can you run to find more information about the proper syntax and options for AWS IoT commands from the CLI?

  • aws help
  • aws – iot list- commands
  • aws iot help
  • aws –help

What does the waiter allow you to do in Boto?

  • Order a pool of Amazon EC2 instances to be delivered to Auto Scaling group.
  • Delete all unused Security Group in Your Amazon Virtual Private Cloud (Amazon VPC).
  • Wait for ordered infrastructure to become available before continuing.
  • Automatically distribute Amazon S3 data across regions.

In which situation would you use the AWS IoT Device SDK?

  • To order AWS IoT Buttons
  • To create a new AWS account to use for IoT
  • As a dashboard for performing analytics upon your IoT messages
  • To simplify the process of connecting things to the AWS IoT

For the CLI command that accept formatted files as input, the input file must be in which of the following formats?

  • Text format
  • JSON
  • Comma Separated Values (CSV)
  • XMl
  • HTML

Which option allows you to filter output?

  • –filter
  • –find
  • –sort
  • –query

In what file are you Access Key and Secret Key stored after executing the aws configure command?

  • config
  • credentials
  • profile
  • awskeys

Whose responsibility is it to secure the AWS Cloud?

  • Only Amazon Web Services
  • Only you
  • The World Wide Web Consortium (W3C)
  • You and AWS share the responsibility.

For which aspects of physical and environmental security is Amazon Web Service responsible?

  • Fire detection and suppression
  • Power redundancy
  • Climate and temperature control in AWS datacenters
  • All of the above

True or False: The AWS network provides protection against traditional network security issues.

  • True
  • False

Which AWS service provides centralized management of access and authentication of user administering the services in an AWS account?

  • AWS Directory Service
  • AWS Identity and Access Management Service
  • Amazon Cognito
  • AWS Config

Which credentials can an IAM user have in order to access AWS service via the AWS Management Console and the AWS Command Line Interface (AWS CLI)? (Choose two.)

  • Key pair
  • User name and password
  • Email address and password
  • Access keys

True or False: A password policy can be set in IAM that requires at least two lowercase letters and at least two non-alphanumeric charaters.

  • True
  • False

The IAM access keys used to access AWS services via the AWS Command Line Interface (AWS CLI) and/or AWS Software Development Kits (SDK) consist of which two parts?

  • Access Key ID and password
  • Public Access Key and Secret Access Key
  • Access Key ID and Secret Access Key
  • User name and Public Access Key

Which Multi-Factor Authentication devices does the IAM service support?

  • Hardware devices (Gemalto)
  • Virtual MFA applications (for example, Google Authenticator)
  • Simple Message Service (SMS) (via mobile devices)
  • All of above

Which of the following is true when using AWS Identity and Access Management groups?

  • IAM user are members of a default user group.
  • Group can be nested.
  • An IAM user can be a member of multiple groups.
  • IAM roles can be members of a group.

Which of the following is not a best practice for securing an AWS account?

  • Requiring Multi-Factor Authentication for root-level access
  • Creating individual IAM users
  • Monitoring activity on your AWS account
  • Sharing credentials to provide cross-account access

Which of the following is true when using AWS Key Management Service (AWS KMS)?

  • All API requests to AWS must be made over HTTP.
  • Use of keys is protected by access control policies defined and managed by you.
  • An individual AWS employee can access a Customer Master Key (CMK) and export the CMK in plaintext.
  • An AWS KMS key can be used globally in any AWS Region.

The AWS CloudTrail service provides which of the following?

  • Logs of the API requests for AWS resources within your account
  • Information about the IP traffic going to and from network interfaces
  • Monitoring of the utilization of AWS resource within your account
  • Information on configuration changes to AWS resource within your AWS account

Amazon CloudWatch Logs enable Amazon CloudWatch to monitor log files. Pattern filtering can be used to analyze the logs and trigger Amazon CloudWatch alarms based on customer specified thresholds. Which types of log files can sent to Amazon CloudWatch Logs?

  • Operating system Logs
  • AWS CloudTrail Logs
  • Access Flow Logs
  • All of the above

AWS CloudTrail logs the API requests to AWS resources within your account. Which other AWS service can be used in conjunction with CloudTrail to capture information about changes made to AWS resources in your AWS account?

  • Auto Scaling
  • AWS Config
  • Amazon VPC Flow Logs
  • AWS Artifact

True or false: Amazon Inspector continuously monitors your AWS account’s configuration against the Well Architected Framework’s best practice recommendations for security.

  • True
  • False

A workload consisting of Amazon EC2 instances is placed in an Amazon VPC. What feature of VPC can be used to deny network traffic based on IP source address and port number?

  • Subnets
  • Security groups
  • Route table
  • Network Access Control Lists

You want to pass traffic securely from your on-premises network to resource in your Amazon VPC, Which type of gateway can be used on the VPC?

  • Internet Gateway (IGW)
  • Amazon Virtual Private Cloud endpoint
  • Virtual Private Gateway
  • Amazon Virtual Private Cloud peer

To protect data at rest within Amazon DynamoDB, customers can use which of the following?

  • Client-side encryption
  • TLS connections
  • Server-side encryption provided by the Amazon DynamoDB service
  • Fine-grained access controls

When an Amazon Relational Database Service database instance is run within an Amazon Virtual Private Cloud, which Amazon VPC security features can be used to protect the database instance?

  • Security groups
  • Network ACLs
  • Private subnets
  • All of the above

Which of the following is correct?

  • Amazon SQS and Amazon SNS encrypt data at rest.
  • Amazon SQS and Amazon SNS do not encrypt data at rest.
  • Amazon SQS encrypts data at rest and Amazon SNS does not encrypt data at rest.
  • Amazon SQS does not encrypt data at rest and Amazon SNS encrypts data at rest.

Review Questions
Because of a change in you web traffic, you realize that you need a larger instance size for you web server. What is the best way to make this change?

  • Take a snapshot of your current instance, and use that as the basis for creating a new web server in the correct size.
  • Create a new Amazon Machine Image (AMI), and use that to spin up a new web server with the correct size instance type.
  • Stop the instance, and then restart it with the correct instance type.
  • Assign an Elastic IP to the instance interface. Create a new instance with the right instance size. Reassign the Elastic IP from the old instance to the new instance.

You have configured a batch job on AWS Batch and you it to complete. What should you do in order to make sure that the batch job completes?

  • Configure the pricing to be Stop pricing, but set the bid price at two times the On Demand price for those instances.
  • Configure the pricing to be on Demand.
  • Configure the pricing to be Stot pricing, but set the bid price for one-tenth of the On- Demand price for those instances.
  • Configure the number of instance needed for the job as two times what is actually needed.

With AWS Batch, what values are you allowed to specify when configure your instances?

  • Minimum number of Virtual CPUs (vCPUs), maximum number of vCPUs, and desired number of vCPUs
  • Minimum and maximum number of vCPUs
  • Desired number of vCPUs
  • You are not able to specify the number of vCPUs. AWS will assign the number based on current demand and availabity.

You attempt to use Secure Shell (SSH) to access an Amazon Elastic Compute Cloud (Amazon EC2) instance but are unable to do so. What would NOT be a reason why you are unable to do so successfully?

  • You have an incorrect key.
  • The security group attached to the interface does not allow SSH.
  • You have an incorrect role assigned to your Amazon EC2 instance.
  • The Amazon EC2 instance does not have a public IP address attached to it.

You need to create an Amazon Elastic Compute Cloud (Amazon EC2) instance with the fastest possible boot time. What combination will give you an Amazon EC2 instance with the fastest boot time?

  • An instance store- backed Amazon Machine Image (AMI) with user data
  • An instance Elastic Block Store (Amazon EBS)-backed AMI with user data
  • An Amazon store-backed AMI with no user data
  • An Amazon ESB-backed AMI with no User data

Your boss has asked you to provide a report that shows your current monthly spending with AWS and an estimate of how much you will be spending this entire month. Which of these methods would be the best way to get those amounts?

  • Use the AWS Total cost of Ownership (TCO) Calculator to build a model of your current infrastructure, and use that to create an estimate.
  • Use the My Billing Dashboard to see what your current spending is also what your estimated total monthly spending would be.
  • Depending on the level of support you have with AWS, open a trouble ticket, and ask to be provided with this information.
  • Use the AWS Simple Monthly Calculator to build a model of your current infrastructure and use that to create estimate.

What would be a good reason NOT to use Amazon Lightsail?

  • You need to run a Windows instance.
  • You want to spin up a compute instance quickly for some basic code configuration work .
  • You want a high level of control over the cost of your computer instance .
  • You have a website that does not need to be highly available.

You have an application that needs to be available at all times. This application, once stated, need to run for about 35 minutes. You must minimize the application’s cost. What would be a good strategy for achieving all of these objectives?

  • Create an AWS Lambda function and have an Amazon Simple Notification Service (Amazon SNS) notification kick it off.
  • Set up a dedicated host for this application.
  • Set up a dedicated host for this application.
  • Create an Amazon Elastic Computer Cloud (Amazon EC2) Reserved instance.

Which of the following would NOT be an appropriate event to trigger an AWS Lambda function?

  • Performing a GET operation in an Amazon Simple Storage Service (Amazon S3) bucket
  • Publishing a message to the Amazon Simple Notification Service (Amazon S3) Bucket
  • An entry in an Amazon DynamoDB table
  • A message in an Amazon Simple Queue Service (Amazon SQS)
    Queue

Which of the following would be a good use case for AWS Elastic Beanstalk?

  • You need to make your current Amazon Relation Database Service (Amazon RDS) setup highly available.
  • You want to spin up a website to server internal customers, but you don’t want to have to think about making it highly available and highly scalable.
  • You need a computer instance to spin up in response to specific network event.
  • You are building a minimal website for test purposes.
  • You have relational database that is running on a windows Amazon Elastic Compute cloud (Amazon EC2) Instance.
    What would be the best choice for instance type?
  • An instance type that use instance storage
  • An instance type that is Amazon Elastic Block Store (Amazon EBS)-optimized.
  • An instance type with a general-purpose CPU
  • An instance type that allows you to use Amazon Elastic File System (Amazon EFS)

You have a relation database that is running on a Windows Amazon Elastic Computer Cloud (Amazon EC2) instance. What would be the best choice for storage?

  • Instance store volumes
  • Magnetic-based Amazon Elastic Block Store (Amazon EBS)
  • Solid State Drive (SSD)-based Amazon EBS
  • Amazon Elastic File System (Amazon EFS)
  • Provisioned IOPS

You have an instance store-backed Amazon Elastic Compute Cloud (Amazon EC2) Instance with an interface that has a private IP address and public IP address attached to it.
You stop the instance. What happens to the IP address?

  • Both the public and private IP addresses are removed from the interface.
  • The public IP address is removed, but the private IP address remains associated with the interface.
  • Both the public IP address remains associated with the interface, but the private IP address is removed.
  • Both the public IP address and the private IP address remain associated with the interface.
  • None of the above. You cannot stop instance store-backed Amazon EC2 instances.

You have an Amazon Elastic Block Store (Amazon EBS) Storage-backed Amazon Elastic Compute Cloud (Amazon EC2) instance with an interface that has a private IP address and a public IP address attached to them. You stop the instance. What happens to the IP addresses?

  • Both the public and private IP addresses are removed from the interface.
  • The public IP address is removed, but the private IP address remains associated with the interface.
  • The Public IP address remains associated with the interface, but the private IP address is removed.
  • Both the public IP address and the private IP address remain associated with the interface.
  • None of the above. You cannot stop instance storage- backed Amazon EC2 instances.

You have an Amazon Elastic Computer Cloud (Amazon EC2) instance running in one AWS Region that you want to be able to run in another AWS Region. What do you need to do in order to accomplish that?

  • You have to build the new Amazon EC2 instance from scratch because Amazon Machine Image (AMIs) are unique to an AWS Region,
  • You can copy an AMI from one AWS region to another but only if they are under the same AWS account.
  • You cannot copy an AMI across AWS Region because then you would have two AMIs with the same AMI ID:
  • You can copy AMIs across AWS Regions Using the CopyImage Application programming Interface(API).,
  • You can copy AMIs across AWS Regions using the CopyImage API, but you need fist to remove launch permissions and user defined tags.

You need to spin up an Apache Web Server on an Amazon Elastic Computer Cloud (Amazon EC2) instance. What is the best way to do so?

  • Spin up an Amazon EC2 instance, use Server Shell (SSH) to access it after it has booted up, and configure it to be an Apache Web server.
  • In the metadata field, load the necessary software to spin up an Apache Web Server.
  • In the user data field, load the necessary to spin up an Apache Web Server.
  • Go to AWS Marketplace and find an Apache Web Server Amazon Machine Image (AMI).

You need an Amazon Elastic Compute Cloud (Amazon EC2) Instance to be able to access an object in an Amazon Simple Storage Service (Amazon S3) bucket. What is the most secure way to do this?

  • Make sure that the Amazon EC2 instance has the necessary user permission to be able to access the Amazon S3 bucket.
  • Create an AWS Identity and Access Management (IAM) role. Make sure that role to the Amazon EC2 instance.
  • Create an IAM role. Make sure that role has the necessary level of permission to access the Amazon S3 bucket. Assign that role to the Amazon S3 bucket.
  • Make sure that route table assigned to the Amazon EC2 instance has a route to the Amazon S3 bucket.

Why would you use AWS Elastic Beanstalk to deploy a web application that user multiple Availability Zones?

  • You might run out of compute instance if you ran everything in a single Availability Zone.
  • Using multiple Availability Zone Improves the response time of your web application.
  • Using multiple Availability Zone makes your application highly Available.
  • You can’t AWS Elastic Beanstalk in a single Availability Zone.

What are some of the aspects of Amazon Elastic Compute Cloud (Amazon EC2) that are controlled by choice of instance type?

  • Operating system
  • User data
  • Amazon Machine Image (AMI)
  • CPU family availability

You have just spun up an M4.2xlarge Amazon Elastic Computer Cloud (Amazon EC2) instance. What does the “4” stand for?

  • Indicates the amount of RAM associated with the instance
  • Indicates the generation of M class family instance
  • Has no meaning at all is only an AWS naming convention
Rajesh Kumar
Follow me
Latest posts by Rajesh Kumar (see all)