SOA-C01 Exam - AWS Certified SysOps Administrator - Associate

NEW QUESTION 1
A user has deployed an application on an EBS backed EC2 instance. For a better performance of application, it requires dedicated EC2 to EBS traffic. How can the user achieve this?

• A. Launch the EC2 instance as EBS dedicated with PIOPS EBS
• B. Launch the EC2 instance as EBS enhanced with PIOPS EBS
• C. Launch the EC2 instance as EBS dedicated with PIOPS EBS
• D. Launch the EC2 instance as EBS optimized with PIOPS EBS

Answer: D

Explanation:
Any application which has performance sensitive workloads and requires minimal variability with dedicated EC2 to EBS traffic should use provisioned IOPS EBS volumes, which are attached to an EBS- optimized EC2 instance or it should use an instance with 10 Gigabit network connectivity. Launching an instance that is EBSoptimized provides the user with a dedicated connection between the EC2 instance and the EBS volume.

NEW QUESTION 2
A customer needs to capture all client connection information from their load balancer every five minutes. The company wants to use this data for analyzing traffic patterns and troubleshooting their applications. Which of the following options meets the customer requirements?

• A. Enable AWS CloudTrail for the load balancer.
• B. Enable access logs on the load balancer.
• C. Install the Amazon CloudWatch Logs agent on the load balancer.
• D. Enable Amazon CloudWatch metrics on the load balancer.

Answer: A

NEW QUESTION 3
An Auto-Scaling group spans 3 AZs and currently has 4 running EC2 instances. When Auto Scaling needs to terminate an EC2 instance by default, AutoScaling will:
Choose 2 answers

• A. Allow at least five minutes for Windows/Linux shutdown scripts to complete, before terminating the instance.
• B. Terminate the instance with the least active network connection
• C. If multiple instances meet this criterion, one will be randomly selected.
• D. Send an SNS notification, if configured to do so.
• E. Terminate an instance in the AZ which currently has 2 running EC2 instances.
• F. Randomly select one of the 3 AZs, and then terminate an instance in that AZ.

Answer: CD

Explanation:
http://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-termination.html

NEW QUESTION 4
A user has created a VPC with public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24 . The NAT instance ID is i-a12345. Which of the below mentioned entries are required in the main route table attached with the private subnet to allow instances to connect with the internet?

• A. Destination: 0.0.0.0/0 and Target: i-a12345
• B. Destination: 20.0.0.0/0 and Target: 80
• C. Destination: 20.0.0.0/0 and Target: i-a12345
• D. Destination: 20.0.0.0/24 and Target: i-a12345

Answer: A

Explanation:
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet, the instances in the public subnet can receive inbound traffic directly from the Internet, whereas the instances in the private subnet cannot. If these subnets are created with Wizard, AWS will create two route tables and attach to the subnets. The main route table will have
the entry ??Destination: 0.0.0.0/0 and Target: ia12345??, which allows all the instances in the private subnet to connect to the internet using NAT.

NEW QUESTION 5
A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned services does not provide detailed monitoring with CloudWatch?

• A. AWS EMR
• B. AWS RDS
• C. AWS ELB
• D. AWS Route53

Answer: A

Explanation:
CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. Services, such as RDS, EC2, Auto Scaling, ELB, and Route 53 can provide the monitoring data every minute.

NEW QUESTION 6
A user has hosted an application on EC2 instances. The EC2 instances are configured with ELB and Auto Scaling. The application server session time out is 2 hours. The user wants to configure connection draining to ensure that all in-flight requests are supported by ELB even though the instance is being deregistered. What time out period should the user specify for connection draining?

• A. 5 minutes
• B. 1 hour
• C. 30 minutes
• D. 2 hours

Answer: B

NEW QUESTION 7
A root account owner is trying to understand the S3 bucket ACL. Which of the below mentioned options cannot be used to grant ACL on the object using the authorized predefined group?

• A. Authenticated user group
• B. All users group
• C. Log Delivery Group
• D. Canonical user group

Answer: D

Explanation:
An S3 bucket ACL grantee can be an AWS account or one of the predefined Amazon S3 groups. Amazon S3 has a set of predefined groups. When granting account access to a group, the user can specify one of the URLs of that group instead of a canonical user ID. AWS S3 has the following predefined groups:
Authenticated Users group: It represents all AWS accounts. All Users group: Access permission to this group allows anyone to access the resource. Log Delivery group: WRITE permission on a bucket enables this group to write server access logs to the bucket.

NEW QUESTION 8
A customer is leveraging Amazon Simple Storage Service in eu-west-1 to store static content for a web-based property. The customer is storing objects using the Standard Storage class. Where are the customer??s objects replicated?

• A. A single facility in eu-west-1 and a single facility in eu-central-1
• B. A single facility in eu-west-1 and a single facility in us-east-1
• C. Multiple facilities in eu-west-1
• D. A single facility in eu-west-1

Answer: C

NEW QUESTION 9
A user has created a launch configuration for Auto Scaling where CloudWatch detailed monitoring is disabled. The user wants to now enable detailed monitoring. How can the user achieve this?

• A. Update the Launch config with CLI to set InstanceMonitoringDisabled = false
• B. The user should change the Auto Scaling group from the AWS console to enable detailed monitoring
• C. Update the Launch config with CLI to set InstanceMonitoring.Enabled = true
• D. Create a new Launch Config with detail monitoring enabled and update the Auto Scaling group

Answer: D

Explanation:
CloudWatch is used to monitor AWS as well as the custom services. To enable detailed instance monitoring for a new Auto Scaling group, the user does not need to take any extra steps. When the user creates the AutoScaling launch config as the first step for creating an Auto Scaling group, each launch configuration contains a flag named InstanceMonitoring.Enabled. The default value of this flag is true. When the user has created a launch configuration with InstanceMonitoring.Enabled = false it will involve multiple steps to enable detail monitoring. The steps are:
Create a new Launch config with detailed monitoring enabled Update the Auto Scaling group with a new launch config Enable detail monitoring on each EC2 instance

NEW QUESTION 10
A user has developed an application which is required to send the data to a NoSQL database. The user wants to decouple the data sending such that the application keeps processing and sending data but does not wait for an acknowledgement of DB. Which of the below mentioned applications helps in this scenario?

• A. AWS Simple Notification Service
• B. AWS Simple Workflow
• C. AWS Simple Queue Service
• D. AWS Simple Query Service

Answer: C

Explanation:
Amazon Simple Queue Service (SQS. is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. In this case, the user can use AWS SQS to send messages which are received from an application and sent to DB. The application can continue processing data without waiting for any acknowledgement from DB. The user can use SQS to transmit any volume of data without losing messages or requiring other services to always be available.

NEW QUESTION 11
A user is running one instance for only 3 hours every day. The user wants to save some cost with the instance. Which of the below mentioned Reserved Instance categories is advised in this case?

• A. The user should not use RI; instead only go with the on-demand pricing
• B. The user should use the AWS high utilized RI
• C. The user should use the AWS medium utilized RI
• D. The user should use the AWS low utilized RI

Answer: A

Explanation:
The AWS Reserved Instance provides the user with an option to save some money by paying a one- time fixed amount and then save on the hourly rate. It is advisable that if the user is having 30% or more usage of an instance per day, he should go for a RI. If the user is going to use an EC2 instance for more than 2200-2500 hours per year, RI will help the user save some cost. Here, the instance is not going to run for less than 1500 hours. Thus, it is advisable that the user should use the on- demand pricing.

NEW QUESTION 12
Which services allow the customer to retain full administrative privileges of the underlying EC2 instances?
Choose 2 answers

• A. Amazon Elastic Map Reduce
• B. Elastic Load Balancing
• C. AWS Elastic Beanstalk
• D. Amazon ElastiCache
• E. Amazon Relational Database service

Answer: AC

Explanation:
The below services provide Root level access:
* EC2
* Elastic Beanstalk
* Elastic MapReduce ?V Master Node
* Opswork

NEW QUESTION 13
A user has created an ELB with three instances. How many security groups will ELB create by default?

• A. 3
• B. 5
• C. 2
• D. 1

Answer: C

Explanation:
Elastic Load Balancing provides a special Amazon EC2 source security group that the user can use to ensure that back-end EC2 instances receive traffic only from Elastic Load Balancing. This feature needs two security groups: the source security group and a security group that defines the ingress rules for the back-end instances. To ensure that traffic only flows between the load balancer and the back-end instances, the user can add or modify a rule to the back-end security group which can limit the ingress traffic. Thus, it can come only from the source security group provided by Elastic Load Balancing.

NEW QUESTION 14
A user has launched an EC2 instance from an instance store backed AMI. The infrastructure team wants to create an AMI from the running instance. Which of the below mentioned steps will not be performed while creating the AMI?

• A. Define the AMI launch permissions
• B. Upload the bundled volume
• C. Register the AMI
• D. Bundle the volume

Answer: A

Explanation:
When the user has launched an EC2 instance from an instance store backed AMI, it will need to follow certain steps, such as ??Bundling the root volume??, ??Uploading the bundled volume?? and ??Register the AMI??. Once the AMI is created the user can setup the launch permission. However, it is not required to setup during the launch.

NEW QUESTION 15
An organization has configured Auto Scaling with ELB. One of the instance health check returns the status as Impaired to Auto Scaling. What will Auto Scaling do in this scenario?

• A. Perform a health check until cool down before declaring that the instance has failed
• B. Terminate the instance and launch a new instance
• C. Notify the user using SNS for the failed state
• D. Notify ELB to stop sending traffic to the impaired instance

Answer: B

Explanation:
The Auto Scaling group determines the health state of each instance periodically by checking the results of the Amazon EC2 instance status checks. If the instance status description shows any other state other than ??running?? or the system status description shows impaired, Auto Scaling considers the instance to be
unhealthy. Thus, it terminates the instance and launches a replacement.

NEW QUESTION 16
A user has launched an ELB which has 5 instances registered with it. The user deletes the ELB by mistake. What will happen to the instances?

• A. ELB will ask the user whether to delete the instances or not
• B. Instances will be terminated
• C. ELB cannot be deleted if it has running instances registered with it
• D. Instances will keep running

Answer: D

Explanation:
When the user deletes the Elastic Load Balancer, all the registered instances will be deregistered. However, they will continue to run. The user will incur charges if he does not take any action on those instances.

NEW QUESTION 17
A .NET application that you manage is running in Elastic Beanstalk. Your developers tell you they will need access to application log files to debug issues that arise. The infrastructure will scale up and down.
How can you ensure the developers will be able to access only the log files?

• A. Access the log files directly from Elastic Beanstalk
• B. Enable log file rotation to S3 within the Elastic Beanstalk configuration
• C. Ask your developers to enable log file rotation in the applications web.config file
• D. Connect to each Instance launched by Elastic Beanstalk and create a Windows Scheduled task to rotate the log files to S3.

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.loggingS3.title.html

NEW QUESTION 18
A SysOps Administrator management a fleet of instance store-backed Amazon Linux EC2 instances. The SSH key used to access these instances has been lost. How can SSH access be restored?

• A. Contact AWS Support lo retrieve a backup of the SSH key after authentication
• B. Create a new SSH key slop the EC2 instances apply the new key, and restart the EC2 instances
• C. Create a new SSH key and apply the new key to the running EC2 instances
• D. Launch a new fleet of EC2 instances wilt a newly created SSH key

Answer: A

Explanation:
Resolution
Warning: Do not perform this procedure if your EC2 instance is an instance store-backed instance. This recovery procedure requires a stop and start of your instance, which means that data on instance store volumes will be lost. For more information, see Determining the Root Device Type of Your Instance.
To recover access to your Linux instance using AWS Systems Manager (SSM) automation, run the AWSSupport-ResetAccess Automation automation document. For more information, see Reset Passwords and SSH Keys on Amazon EC2 Instances.
Or, to manually recover access to your Linux instance, create a new key pair to replace the lost key pair. For more information, see Connecting to Your Linux Instance If You Lose Your Private Key.

NEW QUESTION 19
A company has an AWS account that contains three VPCs (Dev, Test, and Prod) in the same region.
Test is peered to both Prod and Dev. All VPCs have non-overlapping CIDR blocks. The company wants to push minor code releases from Dev to Prod to speed up time to market. Which of the following options helps the company accomplish this?

• A. Create a new peering connection Between Prod and Dev along with appropriate routes.
• B. Create a new entry to Prod in the Dev route table using the peering connection as the target.
• C. Attach a second gateway to De
• D. Add a new entry in the Prod route table identifying the gateway as the target.
• E. The VPCs have non-overlapping CIDR blocks in the same accoun
• F. The route tables contain local routes for all VPCs.

Answer: A

Explanation:
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/vpc-pg.pdf

NEW QUESTION 20
A system admin is planning to encrypt all objects being uploaded to S3 from an application. The system admin does not want to implement his own encryption algorithm; instead he is planning to use server side encryption by supplying his own key (SSE-C.. Which parameter is not required while making a call for SSE-C?

• A. x-amz-server-side-encryption-customer-key-AES-256
• B. x-amz-server-side-encryption-customer-key
• C. x-amz-server-side-encryption-customer-algorithm
• D. x-amz-server-side-encryption-customer-key-MD5

Answer: A

Explanation:
AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key (SSE-C.. When the user is supplying his own encryption key, the user has to send the below mentioned parameters as a part of the API calls:
x-amz-server-side-encryption-customer-algorithm: Specifies the encryption algorithm
x-amz-server-side-encryption-customer-key: To provide the base64-encoded encryption key
x-amz-server-side-encryption-customer-key-MD5: To provide the base64-encoded 128-bit MD5 digest of the encryption key

NEW QUESTION 21
A user has created a VPC with CIDR 20.0.0.0/24. The user has used all the IPs of CIDR and wants to increase the size of the VPC. The user has two subnets: public (20.0.0.0/28. and private (20.0.1.0/28.. How can the user change the size of the VPC?

• A. The user can delete all the instances of the subne
• B. Change the size of the subnets to 20.0.0.0/32 and 20.0.1.0/32, respectivel
• C. Then the user can increase the size of the VPC using CLI
• D. It is not possible to change the size of the VPC once it has been created
• E. The user can add a subnet with a higher range so that it will automatically increase the size of the VPC
• F. The user can delete the subnets first and then modify the size of the VPC

Answer: B

Explanation:
Once the user has created a VPC, he cannot change the CIDR of that VPC. The user has to terminate all the instances, delete the subnets and then delete the VPC. Create a new VPC with a higher size and launch instances with the newly created VPC and subnets.

NEW QUESTION 22
A user has setup a custom application which generates a number in decimals. The user wants to track that number and setup the alarm whenever the number is above a certain limit. The application is sending the data to CloudWatch at regular intervals for this purpose. Which of the below mentioned statements is not true with respect to the above scenario?

• A. The user can get the aggregate data of the numbers generated over a minute and send it to CloudWatch
• B. The user has to supply the timezone with each data point
• C. CloudWatch will not truncate the number until it has an exponent larger than 126 (i.
• D. (1 x 10^126.
• E. The user can create a file in the JSON format with the metric name and value and supply it to CloudWatch

Answer: B

NEW QUESTION 23
A user has launched 5 instances in EC2-CLASSIC and attached 5 elastic IPs to the five different
instances in the US East region. The user is creating a VPC in the same region. The user wants to assign an elastic IP to the VPC instance. How can the user achieve this?

• A. The user has to request AWS to increase the number of elastic IPs associated with the account
• B. AWS allows 10 EC2 Classic IPs per region; so it will allow to allocate new Elastic IPs to the same region
• C. The AWS will not allow to create a new elastic IP in VPC; it will throw an error
• D. The user can allocate a new IP address in VPC as it has a different limit than EC2

Answer: D

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user??s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. A user can have 5 IP addresses per region with EC2 Classic. The user can have 5 separate IPs with VPC in the same region as it has a separate limit than EC2 Classic.

NEW QUESTION 24
A user is using the AWS SQS to decouple the services. Which of the below mentioned operations is not supported by SQS?

• A. SendMessageBatch
• B. DeleteMessageBatch
• C. CreateQueue
• D. DeleteMessageQueue

Answer: D

Explanation:
Amazon Simple Queue Service (SQS. is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. The user can perform the following set of operations using the Amazon SQS: CreateQueue, ListQueues, DeleteQueue, SendMessage, SendMessageBatch, ReceiveMessage, DeleteMessage, DeleteMessageBatch, ChangeMessageVisibility, ChangeMessageVisibilityBatch, SetQueueAttributes, GetQueueAttributes, GetQueueUrl, AddPermission and RemovePermission. Operations can be performed only by the AWS account owner or an AWS account that the account owner has delegated to.

NEW QUESTION 25
A user is trying to pre-warm a blank EBS volume attached to a Linux instance. Which of the below mentioned steps should be performed by the user?

• A. There is no need to pre-warm an EBS volume
• B. Contact AWS support to pre-warm
• C. Unmount the volume before pre-warming
• D. Format the device

Answer: C

Explanation:
When the user creates a new EBS volume or restores a volume from the snapshot, the back-end storage blocks are immediately allocated to the user EBS. However, the first time when the user is trying to access a block of the storage, it is recommended to either be wiped from the new volumes or instantiated from the snapshot (for restored volumes. before the user can access the block. This preliminary action takes time and can cause a 5 to 50 percent loss of IOPS for the volume when the block is accessed for the first time. To avoid this it is required to pre warm the volume. Pre-warming an EBS volume on a Linux instance requires that the user should unmount the blank device first and then write all the blocks on the device using a command, such as ??dd??.

NEW QUESTION 26
......