2017-02-22

2017 February Amazon Official New Released AWS-SysOps Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

I have already passed Amazon AWS-SysOps certification exam today! Scored 989/1000 in Australia. SO MANY new added exam questions which made me headache….. Anyway, I finally passed AWS-SysOps exam with the help of Lead2pass!

Following questions and answers are all new published by Amazon Official Exam Center: http://www.lead2pass.com/aws-sysops.html

QUESTION 241
You have been asked to automate many routine systems administrator backup and recovery activities.
Your current plan is to leverage AWS-managed solutions as much as possible and automate the rest with the AWS CU and scripts.
Which task would be best accomplished with a script?

A.    Creating daily EBS snapshots with a monthly rotation of snapshots
B.    Creating daily ROS snapshots with a monthly rotation of snapshots
C.    Automatically detect and stop unused or underutilized EC2 instances
D.    Automatically add Auto Scaled EC2 instances to an Amazon Elastic Load Balancer

Answer: A

QUESTION 242
You have a web-style application with a stateless but CPU and memory-intensive web tier running on a cc2 8xlarge EC2 instance inside of a VPC.
The instance when under load is having problems returning requests within the SLA as defined by your business
The application maintains its state in a DynamoDB table, but the data tier is properly provisioned and responses are consistently fast.
How can you best resolve the issue of the application responses not meeting your SLA?

A.    Add another cc2 8xlarge application instance, and put both behind an Elastic Load Balancer
B.    Move the cc2 8xlarge to the same Availability Zone as the DynamoDB table
C.    Cache the database responses in ElastiCache for more rapid access
D.    Move the database from DynamoDB to RDS MySQL in scale-out read-replica configuration

Answer: A
Explanation:
DynamoDB is automatically available across three facilities in an AWS Region. So moving in to a same AZ is not possible / necessary.
In this case the DB layer is not the issue, the EC2 8xlarge is the issue; so add an other one with a ELB in-frond of it.
See also: https://aws.amazon.com/dynamodb/faqs/

QUESTION 243
When an EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store volumes?

A.    Data will be deleted and win no longer be accessible
B.    Data Is automatically saved in an EBS volume.
C.    Data Is automatically saved as an E8S snapshot
D.    Data is unavailable until the instance is restarted

Answer: A
Explanation:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-lifetime
However, data in the instance store is lost under the following circumstances:
The underlying disk drive fails
The instance stops
The instance terminates

QUESTION 244
When assessing an organization s use of AWS API access credentials which of the following three credentials should be evaluated? Choose 3 answers

A.    Key pairs
B.    Console passwords
C.    Access keys
D.    Signing certificates
E.    Security Group memberships

Answer: BCD
Explanation:
AWS provides a number of authentication mechanisms including a console, account IDs and secret keys, X.509 certificates, and MFA devices to control access to AWS APIs. Console authentication is the most appropriate for administrative or manual activities, account IDs and secret keys for accessing REST-based interfaces or tools, and X.509 certificates for SOAP-based interfaces and tools.
Your organization should consider the circumstances under which it will leverage access keys, x.509certificates, console passwords, or MFA devices.

QUESTION 245
You need to design a VPC for a web-application consisting of an Elastic Load Balancer (ELB).
A fleet of web/application servers, and an RDS database.
The entire Infrastructure must be distributed over 2 availability zones.
Which VPC configuration works while assuring the database is not available from the Internet?

A.    One public subnet for ELB one public subnet for the web-servers, and one private subnet for
the database
B.    One public subnet for ELB two private subnets for the web-servers, two private subnets for
RDS
C.    Two public subnets for ELB two private subnets for the web-servers and two private subnets
for RDS
D.    Two public subnets for ELB two public subnets for the web-servers, and two public subnets
for RDS

Answer: C
Explanation:
Public subnet ELB talking to private subnet EC2 is confirmed below as well.
https://forums.aws.amazon.com/message.jspa?messageID=528818

QUESTION 246
Your team Is excited about theuse of AWS because now they have access to programmable Infrastructure.
You have been asked to manage your AWS infrastructure In a manner similar to the way you might manage application code.
You want to be able to deploy exact copies of different versions of your infrastructure, stage changes into different environments, revert back to previous versions, and identify what versions are running at any particular time (development test QA. production).
Which approach addresses this requirement?

A.    Use cost allocation reports and AWS Opsworks to deploy and manage your infrastructure.
B.    Use AWS CloudWatch metrics and alerts along with resource tagging to deploy and manage
your infrastructure.
C.    Use AWS Beanstalk and a version control system like GIT to deploy and manage your infrastructure.
D.    Use AWS CloudFormation and a version control system like GIT to deploy and manage your infrastructure.

Answer: D
Explanation:
https://aws.amazon.com/opsworks/chefautomate/faqs/
OpsWorks for Chef Automate automatically performs updates for new Chef minor versions. OpsWorks for Chef Automate does not perform major platform version updates automatically (for example, a major new platform version such as Chef Automate 13) because these updates might include backward-incompatible changes and require additional testing. In these cases, you must manually initiate the update.

QUESTION 247
You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block.
Your security team has requested that all access from the offending IP address block be denied tor the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?

A.    Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny
access from the IP address block
B.    Modify the Network ACLs associated with all public subnets in the VPC to deny access from
the IP address block
C.    Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block
D.    Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block

Answer: B
Explanation:
B – ACLs support both allow rules and deny rules. And setting at ACLs level is better best practice than setting at Security Group level.
C – Security Group supports allow rules only
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html
A,D – Modifying Windows Firewall settings on all hosts/AMIs is not best VPC security best practice.

QUESTION 248
You have identified network throughput as a bottleneck on your m1.small EC2 instance when uploading data Into Amazon S3 In the same region.
How do you remedy this situation?

A.    Add an additional ENI
B.    Change to a larger Instance
C.    Use DirectConnect between EC2 and S3
D.    Use EBS PIOPS on the local volume

Answer: B
Explanation:
https://media.amazonwebservices.com/AWS_Amazon_EMR_Best_Practices.pdf

QUESTION 249
You are running a web-application on AWS consisting of the following components an Elastic Load Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and Relational DataBase Service (RDS) MySQL.
Which security measures fall into AWS’s responsibility?

A.    Protect the EC2 instances against unsolicited access by enforcing the principle of
least-privilege access
B.    Protect against IP spoofing or packet sniffing
C.    Assure all communication between EC2 instances and ELB is encrypted
D.    Install latest security patches on ELB. RDS and EC2 instances

Answer: B
Explanation:
https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf

QUESTION 250
You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration.
Which two mechanisms will allow the application to failover to new instances without the need for reconfiguration? Choose 2 answers

A.    Create an ELB to reroute traffic to a failover instance
B.    Create a secondary ENI that can be moved to a failover instance
C.    Use Route53 health checks to fail traffic over to a failover instance
D.    Assign a secondary private IP address to the primary ENIO that can De moved to a failover instance

Answer: BD
Explanation:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MultipleIP.html#MultipleIPReqs

QUESTION 251
A user has launched an EC2 instance.
However, due to some reason the instance was terminated.
If the user wants to find out the reason for termination, where can he find the details?

A.    It is not possible to find the details after the instance is terminated
B.    The user can get information from the AWS console, by checking the Instance description
under the State transition reason label
C.    The user can get information from the AWS console, by checking the Instance description
under the Instance Status Change reason label
D.    The user can get information from the AWS console, by checking the Instance description
under the Instance Termination reason label

Answer: B
Explanation:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_InstanceStraightToTerminated.html

QUESTION 252
A user is observing the EC2 CPU utilization metric on CloudWatch.
The user has observed some interesting patterns while filtering over the 1 week period for a particular hour.
The user wants to zoom that data point to a more granular period.
How can the user do that easily with CloudWatch?

A.    The user can zoom a particular period by selecting that period with the mouse and then
releasing the mouse
B.    The user can zoom a particular period by double clicking on that period with the mouse
C.    The user can zoom a particular period by specifying the aggregation data for that period
D.    The user can zoom a particular period by specifying the period in the Time Range

Answer: A

QUESTION 253
A user runs the command “dd if=/dev/zero of=/dev/xvdfbs=1M” on a fresh blank EBS volume attached to a Linux instance.
Which of the below mentioned activities is the user performing with the command given above?

A.    Creating a file system on the EBS volume
B.    Mounting the device to the instance
C.    Pre warming the EBS volume
D.    Formatting the EBS volume

Answer: C
Explanation:
When the user creates a new EBS volume and is trying to access it for the first time it will encounter reduced IOPS due to wiping or initiating of the block storage. To avoid this as well as achieve the best performance it is required to pre warm the EBS volume. For a blank volume attached with a Linux OS, the “dd” command is used to write to all the blocks on the device.
In the command “dd if=/dev/zero of=/dev/xvdfbs=1M” the parameter “if =import file” should be set to one of the Linux virtual devices, such as/dev/zero. The “of=output file” parameter should be set to the drive that the user wishes to warm. The “bs” parameter sets the block size of the write operation; for optimal performance, this should be set to 1 MB.

QUESTION 254
A user has configured an EC2 instance in the US-East-1a zone.
The user has enabled detailed monitoring of the instance.
The user is trying to get the data from CloudWatch using a CLI.
Which of the below mentioned CloudWatch endpoint URLs should the user use?

A.    monitoring.us-east-1.amazonaws.com
B.    monitoring.us-east-1-a.amazonaws.com
C.    monitoring.us-east-1a.amazonaws.com
D.    cloudwatch.us-east-1a.amazonaws.com

Answer: A
Explanation:
The CloudWatch resources are always region specific and they will have the end point as region specific. If the user is trying to access the metric in the US-East-1 region, the endpoint URL will be: monitoring.us-east-1.amazonaws.com

QUESTION 255
A sysadmin has created the below mentioned policy on an S3 bucket named cloudacademy. What does this policy define?

“Statement”: [{
“Sid”: “Stmt1388811069831”,
“Effect”: “Allow”,
“Principal”: { “AWS”: “*”},
“Action”: [ “s3:GetObjectAcl”, “s3:ListBucket”],
“Resource”: [ “arn:aws:s3:::cloudacademy]
}]

A.    It will make the cloudacademy bucket as well as all its objects as public
B.    It will allow everyone to view the ACL of the bucket
C.    It will give an error as no object is defined as part of the policy while the action defines the
rule about the object
D.    It will make the cloudacademy bucket as public

Answer: C

QUESTION 256
A user has created a VPC with the public and private subnets using the VPC wizard.
The VPC has CIDR 20.0.0.0/16.
The public subnet uses CIDR 20.0.1.0/24.
The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306..
The user is configuring a security group for the public subnet (WebSecGrp. and the private subnet (DBSecGrp..
Which of the below mentioned entries is required in the web server security group (WebSecGrp.?

A.    Configure Destination as DB Security group ID (DbSecGrp. for port 3306 Outbound
B.    80 for Destination 0.0.0.0/0 Outbound
C.    Configure port 3306 for source 20.0.0.0/24 InBound
D.    Configure port 80 InBound for source 20.0.0.0/16

Answer: A
Explanation:
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet to host the web server and DB server respectively, the user should configure that the instances in the public subnet can receive inbound traffic directly from the internet. Thus, the user should configure port 80 with source 0.0.0.0/0 in InBound. The user should configure that the instance in the public subnet can send traffic to the private subnet instances on the DB port. Thus, the user should configure the DB security group of the private subnet (DbSecGrp. as the destination for port 3306 in Outbound.

QUESTION 257
A user has created a VPC with CIDR 20.0.0.0/16.
The user has created one subnet with CIDR 20.0.0.0/16 in this VPC.
The user is trying to create another subnet with the same VPC for CIDR 20.0.0.1/24.
What will happen in this scenario?

A.    The VPC will modify the first subnet CIDR automatically to allow the second subnet IP range
B.    It is not possible to create a subnet with the same CIDR as VPC
C.    The second subnet will be created
D.    It will throw a CIDR overlaps error

Answer: D
Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user’s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. The user can create a subnet with the same size of VPC. However, he cannot create any other subnet since the CIDR of the second subnet will conflict with the first subnet.

QUESTION 258
A user has two EC2 instances running in two separate regions.
The user is running an internal memory management tool, which captures the data and sends it to CloudWatch in US East, using a CLI with the same namespace and metric.
Which of the below mentioned options is true with respect to the above statement?

A.    The setup will not work as CloudWatch cannot receive data across regions
B.    CloudWatch will receive and aggregate the data based on the namespace and metric
C.    CloudWatch will give an error since the data will conflict due to two sources
D.    CloudWatch will take the data of the server, which sends the data first

Answer: B
Explanation:
Amazon CloudWatch does not differentiate the source of a metric when receiving custom data.
If the user is publishing a metric with the same namespace and dimensions from different sources, CloudWatch will treat them as a single metric. If the data is coming with the same timezone within a minute, CloudWatch will aggregate the data. It treats these as a single metric, allowing the user to get the statistics, such as minimum, maximum, average, and the sum of all across all servers.

QUESTION 259
A user has created an application which will be hosted on EC2.
The application makes calls to DynamoDB to fetch certain data.
The application is using the DynamoDB SDK to connect with from the EC2 instance.
Which of the below mentioned statements is true with respect to the best practice for security in this scenario?

A.    The user should attach an IAM role with DynamoDB access to the EC2 instance
B.    The user should create an IAM user with DynamoDB access and use its credentials within
the application to connect with DynamoDB
C.    The user should create an IAM role, which has EC2 access so that it will allow deploying
the application
D.    The user should create an IAM user with DynamoDB and EC2 access.
Attach the user with the application so that it does not use the root account credentials

Answer: A
Explanation:
With AWS IAM a user is creating an application which runs on an EC2 instance and makes requests to AWS, such as DynamoDB or S3 calls. Here it is recommended that the user should not create an IAM user and pass the user’s credentials to the application or embed those credentials inside the application. Instead, the user should use roles for EC2 and give that role access to DynamoDB/S3. When the roles are attached to EC2, it will give temporary security credentials to the application hosted on that EC2, to connect with DynamoDB/S3.

QUESTION 260
What are characteristics of Amazon S3? Choose 2 answers

A.    Objects are directly accessible via a URL
B.    S3 should be used to host a relational database
C.    S3 allows you to store objects or virtually unlimited size
D.    S3 allows you to store virtually unlimited amounts of data
E.    S3 offers Provisioned IOPS

Answer: AD
Explanation:
The total volume of data and number of objects you can store are unlimited. Individual Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5 terabytes. The largest object that can be uploaded in a single PUT is 5 gigabytes. For objects larger than 100 megabytes, customers should consider using the Multipart Upload capability.
https://aws.amazon.com/s3/faqs/

Lead2pass AWS-SysOps PDF dumps is perfect! Totally! Thanks so much!

AWS-SysOps new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDekE1aUpSVGNHbWM

2017 Amazon AWS-SysOps exam dumps (All 332 Q&As) from Lead2pass:

http://www.lead2pass.com/aws-sysops.html [100% Exam Pass Guaranteed]

Show more