AWS-SysOpsFree trialFree trial

By amazon
Aug, 2025

Verified

25Q per page

Question 1

You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied for the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?

  • A: Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block
  • B: Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block
  • C: Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block
  • D: Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block

Question 2

An organization has configured a VPC with an Internet Gateway (IGW). pairs of public and private subnets (each with one subnet per Availability Zone), and an
Elastic Load Balancer (ELB) configured to use the public subnets. The application s web tier leverages the ELB. Auto Scaling and a mum-AZ RDS database instance The organization would like to eliminate any potential single points ft failure in this design.
What step should you take to achieve this organization's objective?

  • A: Nothing, there are no single points of failure in this architecture.
  • B: Create and attach a second IGW to provide redundant internet connectivity.
  • C: Create and configure a second Elastic Load Balancer to provide a redundant load balancer.
  • D: Create a second multi-AZ RDS instance in another Availability Zone and configure replication to provide a redundant database.

Question 3

A user has launched an ELB which has 5 instances registered with it. The user deletes the ELB by mistake. What will happen to the instances?

  • A: ELB will ask the user whether to delete the instances or not
  • B: Instances will be terminated
  • C: ELB cannot be deleted if it has running instances registered with it
  • D: Instances will keep running

Question 4

A user is planning to setup notifications on the RDS DB for a snapshot. Which of the below mentioned event categories is not supported by RDS for this snapshot source type?

  • A: Backup
  • B: Creation
  • C: Deletion
  • D: Restoration

Question 5

A customer is using AWS for Dev and Test. The customer wants to setup the Dev environment with Cloudformation. Which of the below mentioned steps are not required while using Cloudformation?

  • A: Create a stack
  • B: Configure a service
  • C: Create and upload the template
  • D: Provide the parameters configured as part of the template

Question 6

A user has configured the AWS CloudWatch alarm for estimated usage charges in the US East region. Which of the below mentioned statements is not true with respect to the estimated charges?

  • A: It will store the estimated charges data of the last 14 days
  • B: It will include the estimated charges of every AWS service
  • C: The metric data will represent the data of all the regions
  • D: The metric data will show data specific to that region

Question 7

A user is accessing RDS from an application. The user has enabled the Multi AZ feature with the MS SQL RDS DB. During a planned outage how will AWS ensure that a switch from DB to a standby replica will not affect access to the application?

  • A: RDS will have an internal IP which will redirect all requests to the new DB
  • B: RDS uses DNS to switch over to stand by replica for seamless transition
  • C: The switch over changes Hardware so RDS does not need to worry about access
  • D: RDS will have both the DBs running independently and the user has to manually switch over

Question 8

An organization is generating digital policy files which are required by the admins for verification. Once the files are verified they may not be required in the future unless there is some compliance issue. If the organization wants to save them in a cost effective way, which is the best possible solution?

  • A: AWS RRS
  • B: AWS S3
  • C: AWS RDS
  • D: AWS Glacier

Question 9

A user has launched an EBS backed instance. The user started the instance at 9 AM in the morning. Between 9 AM to 10 AM, the user is testing some script.
Thus, he stopped the instance twice and restarted it. In the same hour the user rebooted the instance once. For how many instance hours will AWS charge the user?

  • A: 3 hours
  • B: 4 hours
  • C: 2 hours
  • D: 1 hour

Question 10

An organization has configured the custom metric upload with CloudWatch. The organization has given permission to its employees to upload data using CLI as well SDK. How can the user track the calls made to CloudWatch?

  • A: The user can enable logging with CloudWatch which logs all the activities
  • B: Use CloudTrail to monitor the API calls
  • C: Create an IAM user and allow each user to log the data using the S3 bucket
  • D: Enable detailed monitoring with CloudWatch

Question 11

A user has created a queue named myqueue with SQS. There are four messages published to queue which are not received by the consumer yet. If the user tries to delete the queue, what will happen?

  • A: A user can never delete a queue manually. AWS deletes it after 30 days of inactivity on queue
  • B: It will delete the queue
  • C: It will initiate the delete but wait for four days before deleting until all messages are deleted automatically.
  • D: It will ask user to delete the messages first

Question 12

A user has launched a large EBS backed EC2 instance in the US-East-1a region. The user wants to achieve Disaster Recovery (DR. for that instance by creating another small instance in Europe. How can the user achieve DR?

  • A: Copy the running instance using the ג€Instance Copyג€ command to the EU region
  • B: Create an AMI of the instance and copy the AMI to the EU region. Then launch the instance from the EU AMI
  • C: Copy the instance from the US East region to the EU region
  • D: Use the ג€Launch more like thisג€ option to copy the instance from one region to another

Question 13

Which of the following are characteristics of Amazon VPC subnets? (Choose two.)

  • A: Each subnet maps to a single Availability Zone
  • B: A CIDR block mask of /25 is the smallest range supported
  • C: Instances in a private subnet can communicate with the internet only if they have an Elastic IP.
  • D: By default, all subnets can route between each other, whether they are private or public
  • E: V Each subnet spans at least 2 Availability zones to provide a high-availability environment

Question 14

A user has created numerous EBS volumes. What is the general limit for each AWS account for the maximum number of EBS volumes that can be created?

  • A: 10000
  • B: 5000
  • C: 100
  • D: 1000

Question 15

A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR
(20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user's data center. Which of the below mentioned options is a valid entry for the main route table in this scenario?

  • A: Destination: 20.0.0.0/24 and Target: vgw-12345
  • B: Destination: 20.0.0.0/16 and Target: ALL
  • C: Destination: 20.0.1.0/16 and Target: vgw-12345
  • D: Destination: 0.0.0.0/0 and Target: vgw-12345

Question 16

A user has stored data on an encrypted EBS volume. The user wants to share the data with his friend's AWS account. How can user achieve this?

  • A: Create an AMI from the volume and share the AMI
  • B: Copy the data to an unencrypted volume and then share
  • C: Take a snapshot and share the snapshot with a friend
  • D: If both the accounts are using the same encryption key then the user can share the volume directly

Question 17

A user has enabled the Multi AZ feature with the MS SQL RDS database server. Which of the below mentioned statements will help the user understand the Multi
AZ feature better?

  • A: In a Multi AZ, AWS runs two DBs in parallel and copies the data asynchronously to the replica copy
  • B: In a Multi AZ, AWS runs two DBs in parallel and copies the data synchronously to the replica copy
  • C: In a Multi AZ, AWS runs just one DB but copies the data synchronously to the standby replica
  • D: AWS MS SQL does not support the Multi AZ feature

Question 18

An organization is using cost allocation tags to find the cost distribution of different departments and projects. One of the instances has two separate tags with the key/ value as InstanceName/HR, CostCenter/HR. What will AWS do in this case?

  • A: InstanceName is a reserved tag for AWS. Thus, AWS will not allow this tag
  • B: AWS will not allow the tags as the value is the same for different keys
  • C: AWS will allow tags but will not show correctly in the cost allocation report due to the same value of the two separate keys
  • D: AWS will allow both the tags and show properly in the cost distribution report

Question 19

A user is publishing custom metrics to CloudWatch. Which of the below mentioned statements will help the user understand the functionality better?

  • A: The user can use the CloudWatch Import tool
  • B: The user should be able to see the data in the console after around 15 minutes
  • C: If the user is uploading the custom data, the user must supply the namespace, timezone, and metric name as part of the command
  • D: The user can view as well as upload data using the console, CLI and APIs

Question 20

A user is launching an EC2 instance in the US East region. Which of the below mentioned options is recommended by AWS with respect to the selection of the availability zone?

  • A: Always select the US-East-1-a zone for HA
  • B: Do not select the AZ; instead let AWS select the AZ
  • C: The user can never select the availability zone while launching an instance
  • D: Always select the AZ while launching an instance

Question 21

A user has created a VPC with CIDR 20.0.0.0/16 with only a private subnet and VPN connection using the VPC wizard. The user wants to connect to the instance in a private subnet over SSH. How should the user define the security rule for SSH?

  • A: Allow Inbound traffic on port 22 from the user's network
  • B: The user has to create an instance in EC2 Classic with an elastic IP and configure the security group of a private subnet to allow SSH from that elastic IP
  • C: The user can connect to a instance in a private subnet using the NAT instance
  • D: Allow Inbound traffic on port 80 and 22 to allow the user to connect to a private subnet over the Internet

Question 22

A user has created an ELB with the availability zone US-East-1.
The user wants to add more zones to ELB to achieve High Availability. How can the user add more zones to the existing ELB?

  • A: It is not possible to add more zones to the existing ELB
  • B: The only option is to launch instances in different zones and add to ELB
  • C: The user should stop the ELB and add zones and instances as required
  • D: The user can add zones on the fly from the AWS console

Question 23

A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring on Elastic Load balancing. Which of the below mentioned statements will help the user understand this functionality better?

  • A: ELB sends data to CloudWatch every minute only and does not charge the user
  • B: ELB will send data every minute and will charge the user extra
  • C: ELB is not supported by CloudWatch
  • D: It is not possible to setup detailed monitoring for ELB

Question 24

You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch.
Which method would be the best way to authenticate your CloudWatch PUT request?

  • A: Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to launch instances in that role
  • B: Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch configuration to inject the userscredentials into the instance User Data
  • C: Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission to instances from the Auto Scaling group
  • D: Create an IAM user with the PutMetricData permission and put the credentials in a private repository and have applications on the server pull the credentials as needed

Question 25

A user has configured ELB with two EBS backed EC2 instances. The user is trying to understand the DNS access and IP support for ELB. Which of the below mentioned statements may not help the user understand the IP mechanism supported by ELB?

  • A: The client can connect over IPV4 or IPV6 using Dualstack
  • B: ELB DNS supports both IPV4 and IPV6
  • C: Communication between the load balancer and back-end instances is always through IPV4
  • D: The ELB supports either IPV4 or IPV6 but not both
Page 1 of 38 • Questions 1-25 of 928
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!