Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

AWS Certified SysOps Administrator - AssociateFree trial

By amazon

Verified

25Q per page

Question 51

A SysOps administrator recently configured Amazon S3 Cross-Region Replication on an S3 bucket.

Which of the following does this feature replicate to the destination S3 bucket by default?

A: Objects in the source S3 bucket for which the bucket owner does not have permissions
B: Objects that are stored in S3 Glacier
C: Objects that existed before replication was configured
D: Object metadata

—

Question 52

A company has a workload that is sending log data to Amazon CloudWatch Logs. One of the fields includes a measure of application latency. A SysOps administrator needs to monitor the p90 statistic of this field over time.

What should the SysOps administrator do to meet this requirement?

A: Create an Amazon CloudWatch Contributor Insights rule on the log data.
B: Create a metric filter on the log data.
C: Create a subscription filter on the log data.
D: Create an Amazon CloudWatch Application Insights rule for the workload.

—

Question 53

A company wants to archive sensitive data on Amazon S3 Glacier. The company’s regulatory and compliance requirements do not allow any modifications to the data by any account.

Which solution meets these requirements?

A: Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy after 24 hours.
B: Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy within 24 hours.
C: Configure S3 Object Lock in governance mode. Upload all files after 24 hours.
D: Configure S3 Object Lock in governance mode. Upload all files within 24 hours.

—

Question 54

A company manages an application that uses Amazon ElastiCache for Redis with two extra-large nodes spread across two different Availability Zones. The company’s IT team discovers that the ElastiCache for Redis cluster has 75% freeable memory. The application must maintain high availability.

What is the MOST cost-effective way to resize the cluster?

A: Decrease the number of nodes in the ElastiCache for Redis cluster from 2 to 1.
B: Deploy a new ElastiCache for Redis cluster that uses large node types. Migrate the data from the original cluster to the new cluster. After the process is complete, shut down the original cluster.
C: Deploy a new ElastiCache for Redis cluster that uses large node types. Take a backup from the original cluster, and restore the backup in the new cluster. After the process is complete, shut down the original cluster.
D: Perform an online resizing for the ElastiCache for Redis cluster. Change the node types from extra-large nodes to large nodes.

—

Question 55

A company must migrate its applications to AWS. The company is using Chef recipes for configuration management. The company wants to continue to use the existing Chef recipes after the applications are migrated to AWS.

What is the MOST operationally efficient solution that meets these requirements?

A: Use AWS CloudFormation to create an Amazon EC2 instance, install a Chef server, and add Chef recipes.
B: Use AWS CloudFormation to create a stack and add layers for Chef recipes.
C: Use AWS Elastic Beanstalk with the Docker platform to upload Chef recipes.
D: Use AWS OpsWorks to create a stack and add layers with Chef recipes.

—

Question 56

A company uses AWS Organizations to manage its AWS accounts. A SysOps administrator must create a backup strategy for all Amazon EC2 instances across all the company’s AWS accounts.

Which solution will meet these requirements in the MOST operationally efficient way?

A: Deploy an AWS Lambda function to each account to run EC2 instance snapshots on a scheduled basis.
B: Create an AWS CloudFormation stack set in the management account to add an AutoBackup=True tag to every EC2 instance.
C: Use AWS Backup in the management account to deploy policies for all accounts and resources.
D: Use a service control policy (SCP) to run EC2 instance snapshots on a scheduled basis in each account.

—

Question 57

A company recently acquired another corporation and all of that corporation's AWS accounts. A financial analyst needs the cost data from these accounts. A
SysOps administrator uses Cost Explorer to generate cost and usage reports. The SysOps administrator notices that "No Tagkey" represents 20% of the monthly cost.
What should the SysOps administrator do to tag the "No Tagkey" resources?

A: Add the accounts to AWS Organizations. Use a service control policy (SCP) to tag all the untagged resources.
B: Use an AWS Config rule to find the untagged resources. Set the remediation action to terminate the resources.
C: Use Cost Explorer to find and tag all the untagged resources.
D: Use Tag Editor to find and tag all the untagged resources.

—

Question 58

A SysOps administrator is reviewing VPC Flow Logs to troubleshoot connectivity issues in a VPC. While reviewing the logs, the SysOps administrator notices that rejected traffic is not listed.

What should the SysOps administrator do to ensure that all traffic is logged?

A: Create a new flow log that has a filter setting to capture all traffic.
B: Create a new flow log. Set the log record format to a custom format. Select the proper fields to include in the log.
C: Edit the existing flow log. Change the filter setting to capture all traffic.
D: Edit the existing flow log. Set the log record format to a custom format. Select the proper fields to include in the log.

—

Question 59

A company is expanding its use of AWS services across its portfolios. The company wants to provision AWS accounts for each team to ensure a separation of business processes for security, compliance, and billing. Account creation and bootstrapping should be completed in a scalable and efficient way so new accounts are created with a defined baseline and governance guardrails in place. A SysOps administrator needs to design a provisioning process that saves time and resources.

Which action should be taken to meet these requirements?

A: Automate using AWS Elastic Beanstalk to provision the AWS accounts, set up infrastructure, and integrate with AWS Organizations.
B: Create bootstrapping scripts in AWS OpsWorks and combine them with AWS CloudFormation templates to provision accounts and infrastructure.
C: Use AWS Config to provision accounts and deploy instances using AWS Service Catalog.
D: Use AWS Control Tower to create a template in Account Factory and use the template to provision new accounts.

—

Question 60

A SysOps administrator noticed that the cache hit ratio for an Amazon CloudFront distribution is less than 10%.

Which collection of configuration changes will increase the cache hit ratio for the distribution? (Choose two.)

A: Ensure that only required cookies, query strings, and headers are forwarded in the Cache Behavior Settings.
B: Change the Viewer Protocol Policy to use HTTPS only.
C: Configure the distribution to use presigned cookies and URLs to restrict access to the distribution.
D: Enable automatic compression of objects in the Cache Behavior Settings.
E: Increase the CloudFront time to live (TTL) settings in the Cache Behavior Settings.

—

Question 61

A SysOps administrator is attempting to download patches from the internet into an instance in a private subnet. An internet gateway exists for the VPC, and a NAT gateway has been deployed on the public subnet; however, the instance has no internet connectivity. The resources deployed into the private subnet must be inaccessible directly from the public internet.

Public Subnet (10.0.1.0/24) Route Table

Destination Target -
10.0.0.0/16 local
0.0.0.0/0 IGW

Private Subnet (10.0.2.0/24) Route Table

Destination Target -
10.0.0.0/16 local

What should be added to the private subnet’s route table in order to address this issue, given the information provided?

A: 0.0.0.0/0 IGW
B: 0.0.0.0/0 NAT
C: 10.0.1.0/24 IGW
D: 10.0.1.0/24 NAT

—

Question 62

A company is undergoing an external audit of its systems, which run wholly on AWS. A SysOps administrator must supply documentation of Payment Card Industry Data Security Standard (PCI DSS) compliance for the infrastructure managed by AWS.

Which set of actions should the SysOps administrator take to meet this requirement?

A: Download the applicable reports from the AWS Artifact portal and supply these to the auditors.
B: Download complete copies of the AWS CloudTrail log files and supply these to the auditors.
C: Download complete copies of the AWS CloudWatch logs and supply these to the auditors.
D: Provide the auditors with administrative access to the production AWS account so that the auditors can determine compliance.

—

Question 63

A company has an initiative to reduce costs associated with Amazon EC2 and AWS Lambda.

Which action should a SysOps administrator take to meet these requirements?

A: Analyze the AWS Cost and Usage Report by using Amazon Athena to identify cost savings.
B: Create an AWS Budgets alert to alarm when account spend reaches 80% of the budget.
C: Purchase Reserved Instances through the Amazon EC2 console.
D: Use AWS Compute Optimizer and take action on the provided recommendations.

—

Question 64

A company wants to use only IPv6 for all its Amazon EC2 instances. The EC2 instances must not be accessible from the internet, but the EC2 instances must be able to access the internet. The company creates a dual-stack VPC and IPv6-only subnets.

How should a SysOps administrator configure the VPC to meet these requirements?

A: Create and attach a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.
B: Create and attach an internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway. Attach the custom route table to the IPv6-only subnets.
C: Create and attach an egress-only internet gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the egress-only internet gateway. Attach the custom route table to the IPv6-only subnets.
D: Create and attach an internet gateway and a NAT gateway. Create a custom route table that includes an entry to point all IPv6 traffic to the internet gateway and all IPv4 traffic to the NAT gateway. Attach the custom route table to the IPv6-only subnets.

—

Question 65

A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones. The application uses an Amazon RDS Multi-AZ DB Instance. Amazon Route 53 record sets route requests for dynamic content to the load balancer and requests for static content to an Amazon S3 bucket. Site visitors are reporting extremely long loading times.

Which actions should be taken to improve the performance of the website? (Choose two.)

A: Add Amazon CloudFront caching for static content.
B: Change the load balancer listener from HTTPS to TCP.
C: Enable Amazon Route 53 latency-based routing.
D: Implement Amazon EC2 Auto Scaling for the web servers.
E: Move the static content from Amazon S3 to the web servers.

—

Question 66

A company is running an application on premises and wants to use AWS for data backup. All of the data must be available locally. The backup application can write only to block-based storage that is compatible with the Portable Operating System Interface (POSIX).

Which backup solution will meet these requirements?

A: Configure the backup software to use Amazon S3 as the target for the data backups.
B: Configure the backup software to use Amazon S3 Glacier as the target for the data backups.
C: Use AWS Storage Gateway, and configure it to use gateway-cached volumes.
D: Use AWS Storage Gateway, and configure it to use gateway-stored volumes.

—

Question 67

A global company handles a large amount of personally identifiable information (PII) through an internal web portal. The company’s application runs in a corporate data center that is connected to AWS through an AWS Direct Connect connection. The application stores the PII in Amazon S3. According to a compliance requirement, traffic from the web portal to Amazon S3 must not travel across the internet.

What should a SysOps administrator do to meet the compliance requirement?

A: Provision an interface VPC endpoint for Amazon S3. Modify the application to use the interface endpoint.
B: Configure AWS Network Firewall to redirect traffic to the internal S3 address.
C: Modify the application to use the S3 path-style endpoint.
D: Set up a range of VPC network ACLs to redirect traffic to the internal S3 address.

—

Question 68

While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS. The customer gateway device resides in a data center with a NAT gateway in front of it.
What address should be used to create the customer gateway resource?

A: The private IP address of the customer gateway device
B: The MAC address of the NAT device in front of the customer gateway device
C: The public IP address of the customer gateway device
D: The public IP address of the NAT device in front of the customer gateway device

—

Question 69

A SysOps administrator notices a scale-up event for an Amazon EC2 Auto Scaling group. Amazon CloudWatch shows a spike in the RequestCount metric for the associated Application Load Balancer. The administrator would like to know the IP addresses for the source of the requests.

Where can the administrator find this information?

A: Auto Scaling logs
B: AWS CloudTrail logs
C: EC2 instance logs
D: Elastic Load Balancer access logs

—

Question 70

A company’s SysOps administrator deploys a public Network Load Balancer (NLB) in front of the company’s web application. The web application does not use any Elastic IP addresses. Users must access the web application by using the company’s domain name. The SysOps administrator needs to configure Amazon Route 53 to route traffic to the NLB.

Which solution will meet these requirements MOST cost-effectively?

A: Create a Route 53 AAAA record for the NLB.
B: Create a Route 53 alias record for the NLB.
C: Create a Route 53 CAA record for the NLB.
D: Create a Route 53 CNAME record for the NLB.

—

Question 71

A company runs an encrypted Amazon RDS for Oracle DB instance. The company wants to make regular backups available in another AWS Region.

What is the MOST operationally efficient solution that meets these requirements?

A: Modify the DB instance. Enable cross-Region automated backups.
B: Create an RDS read replica in another Region. Create a snapshot of the read replica.
C: Use AWS Database Migration Service (AWS DMS) to copy the data to a DB instance in another Region.
D: Temporarily turn off encryption on the DB instance. Take a snapshot. Copy the snapshot to another Region.

—

Question 72

A company is rolling out a new version of its website. Management wants to deploy the new website in a limited rollout to 20% of the company’s customers. The company uses Amazon Route 53 for its website’s DNS solution.

Which configuration will meet these requirements?

A: Create a failover routing policy. Within the policy, configure 80% of the website traffic to be sent to the original resource. Configure the remaining 20% of traffic as the failover record that points to the new resource.
B: Create a multivalue answer routing policy. Within the policy, create 4 records with the name and IP address of the original resource. Configure 1 record with the name and IP address of the new resource.
C: Create a latency-based routing policy. Within the policy, configure a record pointing to the original resource with a weight of 80. Configure a record pointing to the new resource with a weight of 20.
D: Create a weighted routing policy. Within the policy, configure a weight of 80 for the record pointing to the original resource. Configure a weight of 20 for the record pointing to the new resource.

—

Question 73

A SysOps administrator created an AWS CloudFormation template that provisions Amazon EC2 instances, an Elastic Load Balancer (ELB), and an Amazon RDS DB instance. During stack creation, the creation of the EC2 instances and the creation of the ELB are successful. However, the creation of the DB instance fails.

What is the default behavior of CloudFormation in this scenario?

A: CloudFormation will roll back the stack and delete the stack.
B: CloudFormation will roll back the stack but will not delete the stack.
C: CloudFormation will prompt the user to roll back the stack or continue.
D: CloudFormation will successfully complete the stack but will report a failed status for the DB instance.

—

Question 74

A SysOps administrator needs to automate the invocation of an AWS Lambda function. The Lambda function must run at the end of each day to generate a report on data that is stored in an Amazon S3 bucket.

What is the MOST operationally efficient solution that meets these requirements?

A: Create an Amazon EventBridge (Amazon CloudWatch Events) rule that has an event pattern for Amazon S3 and the Lambda function as a target.
B: Create an Amazon EventBridge (Amazon CloudWatch Events) rule that has a schedule and the Lambda function as a target.
C: Create an S3 event notification to invoke the Lambda function whenever objects change in the S3 bucket.
D: Deploy an Amazon EC2 instance with a cron job to invoke the Lambda function.

—

Question 75

A company is releasing a new static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded; however, upon navigating to the site, the following error message is received:

403 Forbidden - Access Denied

What change should be made to fix this error?

A: Add a bucket policy that grants everyone read access to the bucket.
B: Add a bucket policy that grants everyone read access to the bucket objects.
C: Remove the default bucket policy that denies read access to the bucket.
D: Configure cross-origin resource sharing (CORS) on the bucket.

—

Page 3 of 20 • Questions 51-75 of 477

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!