AWS-CERTIFIED-ADVANCED-NETWORKING-SPECIALTY, AWS-CERTIFIED-CLOUD-PRACTITIONER, AWS-CERTIFIED-DEVELOPER-ASSOCIATE, AWS-DEVOPS-ENGINEER-PROFESSIONAL, AWS-SOLUTION-ARCHITECT-ASSOCIATE, AWS-SOLUTION-ARCHITECT-PROFESSIONAL, AWS-SYSOPS Dumps (Real Exam Questions)

Posted by on

To pass the Amazon Certifications exam, you need to do the following: First, practice exam questions frequently. Second, you need the help of a pass4itsure Amazon expert to provide the latest AWS dumps 2020 https://www.pass4itsure.com/amazon.html Here are the real AWS-CERTIFIED-ADVANCED-NETWORKING-SPECIALTY, AWS-CERTIFIED-CLOUD-PRACTITIONER, AWS-CERTIFIED-DEVELOPER-ASSOCIATE, AWS-DEVOPS-ENGINEER-PROFESSIONAL, AWS-SOLUTION-ARCHITECT-ASSOCIATE, AWS-SOLUTION- ARCHITECT-PROFESSIONAL, AWS-SYSOPS exam questions, and provide accurate answers.

AWS Certified Advanced Networking – Specialty

The AWS Certified Advanced Networking – Specialty is intended for individuals who perform complex networking tasks.

Prepare for Your Exam – No better preparation than hands-on experience.

QUESTION 1
Your organization needs to resolve DNS entries stored in an Amazon Route 53 private zone “awscloud:internal” from
the corporate network. An AWS Direct Connect connection with a private virtual interface is configured to provide
access to a VPC with the CIDR block 192.168.0.0/16. A DNS Resolver (BIND) is configured on an Amazon Elastic
Compute Cloud (EC2) instance with the IP address 192.168.10.5 within the VPC. The DNS Resolver has standard root
server hints configured and conditional forwarding for “awscloud.internal” to the IP address 192.168.0.2.
From your PC on the corporate network, you query the DNS server at 192.168.10.5 for www.amazon.com. The query is
successful and returns the appropriate response. When you query for “server.awscloud.internal”, the query times out.
You receive no response.
How should you enable successful queries for “server.awscloud.internal”?
A. Attach an internet gateway to the VPC and create a default route.
B. Configure the VPC settings for enableDnsHostnames and enableDnsSupport as True
C. Relocate the BIND DNS Resolver to the corporate network.
D. Update the security group for the EC2 instance at 192.168.10.5 to allow UDP Port 53 outbound.
Correct Answer: B

QUESTION 2
A multinational organization has applications deployed in three different AWS regions. These applications must securely
communicate with each other by VPN. According to the organization\\’s security team, the VPN must meet the following
requirements:
AES 128-bit encryption SHA-1 hashing User access via SSL VPN PFS using DH Group 2 Ability to maintain/rotate keys
and passwords Certificate-based authentication
Which solution should you recommend so that the organization meets the requirements?
A. AWS hardware VPN between the virtual private gateway and customer gateway
B. A third-party VPN solution deployed from AWS Marketplace
C. A private MPLS solution from an international carrier
D. AWS hardware VPN between the virtual private gateways in each region
Correct Answer: D

QUESTION 3
Your hybrid networking environment consists of two application VPCs, a shared services VPC, and your corporate
network. The corporate network is connected to the shared services VPC via an IPsec VPN with dynamic (BGP) routing enabled.
The applications require access to a common authentication service in the shared services VPC. You need to enable
native network access from the corporate network to both application VPCs.
Which step should you take to meet the requirements?
A. Use VPC peering to peer the application VPCs with the shared services VPC, and enable associated routing in the
shared services VPC via the corporate VPN.
B. Configure an IPsec VPN between the virtual private gateway in each application VPC to the virtual private gateway in
the shared services VPC.
C. Configure additional IPsec VPNs for each application VPC back to the corporate network, and enable VPC peering to
the shared services VPC.
D. Enable CloudHub functionality to route traffic between the three VPCs and the corporate network using dynamic BGP
routing.
Correct Answer: C

QUESTION 4
You currently use a single security group assigned to all nodes in a clustered NoSQL database. Only your cluster
members in one region must be able to connect to each other. This security group uses a self-referencing rule using the
cluster security group\\’s group-id to make it easier to add or remove nodes from the cluster. You need to make this
database comply with out-of-region disaster recovery requirements and ensure that the network traffic between the
nodes is encrypted when travelling between regions. How should you enable secure cluster communication while
deploying additional cluster members in another AWS region?
A. Create an IPsec VPN between AWS regions, use private IP addresses to route traffic, and create cluster security
group rules that reference each other\\’s security group-id in each region.
B. Create an IPsec VPN between AWS regions, use private IP addresses to route traffic, and create cluster security
group CIDR-based rules that correspond with the VPC CIDR in the other region.
C. Use public IP addresses and TLS to securely communicate between cluster nodes in each AWS region, and create
cluster security group CIDR-based rules that correspond with the VPC CIDR in the other region.
D. Use public IP addresses and TLS to securely communicate between cluster nodes in each AWS region, and create
cluster security group rules that reference each other\\’s security group-id in each region.
Correct Answer: D

QUESTION 5
Your company decides to use Amazon S3 to augment its on-premises data store. Instead of using the company\\’s
highly controlled, on-premises Internet gateway, a Direct Connect connection is ordered to provide high bandwidth, low
latency access to S3. Since the company does not own a publically routable IPv4 address block, a request was made to
AWS for an AWS-owned address for a Public Virtual Interface (VIF).
The security team is calling this new connection a “backdoor”, and you have been asked to clarify the risk to the
company.
Which concern from the security team is valid and should be addressed?
A. AWS advertises its aggregate routes to the Internet allowing anyone on the Internet to reach the router.
B. Direct Connect customers with a Public VIF in the same region could directly reach the router.
C. EC2 instances in the same region with access to the Internet could directly reach the router.
D. The S3 service could reach the router through a pre-configured VPC Endpoint.
Correct Answer: A

https://www.pass4itsure.com/aws-certified-advanced-networking-specialty.html

AWS Certified Cloud Practitioner

AWS Certified Cloud Practitioner is a recommended, optional step toward achieving an Associate-level or Specialty certification.

Latest Exam Practice Questions – AWS Certified Cloud Practitioner

QUESTION 1
When is it beneficial for a company to use a Spot Instance?
A. When there is flexibility in when an application needs to run.
B. When there are mission-critical workloads.
C. When dedicated capacity is needed.
D. When an instance should not be stopped.
Correct Answer: A
The key to understanding spot instances is to look at the way that cloud service providers such as Amazon Web
Services (AWS) operate. Cloud service providers invest in hardware resources and then release those resources (often
on a per-hour basis) to subscribers. One of the problems with this business model, however, is that at any given time,
there are likely to be compute resources that are not being utilized. These resources represent hardware capacity that
AWS has paid for but are sitting idle, and not making AWS any money at the moment.
Rather than allowing these computing resources to go to waste, AWS offers them at a substantially discounted rate,
with the understanding that if someone needs those resources for running a normal EC2 instance, that instance will take
priority over spot instances that are using the hardware resources at a discounted rate. In fact, spot instances will be
stopped if the resources are needed elsewhere.
Reference: https://awsinsider.net/articles/2017/09/25/aws-spot-instances-primer.aspx

QUESTION 2
What is an example of agility in the AWS Cloud?
A. Access to multiple instance types
B. Access to managed services
C. Using Consolidated Billing to produce one bill
D. Decreased acquisition time for new compute resources
Correct Answer: D
Reference: https://aws.amazon.com/blogs/enterprise-strategy/risk-is-lack-of-agility/

QUESTION 3
What is a benefit of loose coupling as a principle of cloud architecture design?
A. It facilitates low-latency request handling.
B. It allows applications to have dependent workflows.
C. It prevents cascading failures between different components.
D. It allows companies to focus on their physical data center operations.
Correct Answer: C
IT systems should ideally be designed in a way that reduces inter-dependencies. Your components need to be loosely
coupled to avoid changes or failure in one of the components from affecting others.
Your infrastructure also needs to have well defined interfaces that allow the various components to interact with each
other only through specific, technology-agnostic interfaces. Modifying any underlying operations without affecting other
components should be made possible.
Reference: https://www.botmetric.com/blog/aws-cloud-architecture-design-principles/

QUESTION 4
How does AWS MOST effectively reduce computing costs for a growing start-up company?
A. It provides on-demand resources for peak usage.
B. It automates the provisioning of individual developer environments.
C. It automates customer relationship management.
D. It implements a fixed monthly computing budget.
Correct Answer: A
You can continue to optimize your spend and keep your development costs low by making sure you revisit your
architecture often, to adjust to your startup growth. Manage your cost further by leveraging different options such as S3
CloudFront for caching and offloading to reduce cost of EC2 computing, as well as Elastic Load Balancing which
prepares you for massive scale, high reliability and uninterrupted growth. Another way to keep costs down is to use
AWS Identity and Access Management solutions (IAM) to manage governance of your cost drivers effectively and by
the right teams.
Reference: https://aws.amazon.com/startups/lean/

QUESTION 5
A company is considering migrating its applications to AWS. The company wants to compare the cost of running the
workload on-premises to running the equivalent workload on the AWS platform. Which tool can be used to perform this
comparison?
A. AWS Simple Monthly Calculator
B. AWS Total Cost of Ownership (TCO) Calculator
C. AWS Billing and Cost Management console
D. Cost Explorer
Correct Answer: B
TCO calculator compare the cost of running your applications in an on-premises or colocation environment to AWS.
Reference: https://awstcocalculator.com

https://www.pass4itsure.com/aws-certified-cloud-practitioner.html

AWS-CERTIFIED-DEVELOPER-ASSOCIATE

The AWS Certified Developer – Associate examination is intended for individuals who perform a development role and have one or more years of hands-on experience developing and maintaining an AWS-based application.

AWS-CERTIFIED-DEVELOPER-ASSOCIATE Exam Practice Questions

QUESTION 1
An application deployed on AWS Elastic Beanstalk experiences increased error rates during deployments of new
application versions, resulting in service degradation for users. The Development team believes that this is because of
the reduction in capacity during the deployment steps. The team would like to change the deployment policy
configuration of the environment to an option that maintains full capacity during deployment while using the existing
instances.
Which deployment policy will meet these requirements while using the existing instances?
A. All at once
B. Rolling
C. Rolling with additional batch
D. Immutable
Correct Answer: D
Reference: https://aws.amazon.com/blogs/developer/version-2-of-the-aws-elastic-beanstalk-windows-server-platform/

QUESTION 2
An application that runs on an Amazon EC2 instance needs to access and make API calls to multiple AWS services.
What is the MOST secure way to provide access to the AWS services with MINIMAL management overhead?
A. Use AWS KMS to store and retrieve credentials.
B. Use EC2 instance profiles.
C. Use AWS root user to make requests to the application.
D. Store and retrieve credentials from AWS CodeCommit.
Correct Answer: C

QUESTION 3
A web application is designed to allow new users to create accounts using their email addresses. The application will
store attributes for each user, and is expecting millions of user to sign up. What should the Developer implement to
achieve the design goals?
A. Amazon Cognito user pools
B. AWS Mobile Hub user data storage
C. Amazon Cognito Sync
D. AWS Mobile Hub cloud logic
Correct Answer: A
Reference: https://aws.amazon.com/cognito/

QUESTION 4
According to best practice, how should access keys be managed in AWS? (Choose two.)
A. Use the same access key in all applications for consistency.
B. Delete all access keys for the account root user.
C. Leave unused access keys in the account for tracking purposes.
D. Embed and encrypt access keys in code for continuous deployment.
E. Use Amazon IAM roles instead of access keys where possible.
Correct Answer: BE
Reference: https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html#iam-user-access-keys

QUESTION 5
The development team is working on an API that will be served from Amazon API gateway. The API will be served from
three environments: development, test, and production. The API Gateway is configured to use 237 GB of cache in all
three stages.
Which is the MOST cost-efficient deployment strategy?
A. Create a single API Gateway with all three stages.
B. Create three API Gateways, one for each stage in a single AWS account.
C. Create an API Gateway in three separate AWS accounts.
D. Enable the cache for development and test environments only when needed.
Correct Answer: D

https://www.pass4itsure.com/aws-certified-developer-associate.html

AWS Certified DevOps Engineer – Professional

The AWS Certified DevOps Engineer – Professional exam is intended for individuals who perform a DevOps engineer role with two or more years of experience provisioning, operating, and managing AWS environments.

AWS Certified DevOps Engineer – Professional Exam Questions Answers

QUESTION 1
You need to create a Route53 record automatically in CloudFormation when not running in production during all
launches of a Template. How should you implement this?
A. Use a Parameter for environment, and add a Condition on the Route53 Resource in the template to create the record
only when environment is not production.
B. Create two templates, one with the Route53 record value and one with a null value for the record. Use the one
without it when deploying to production.
C. Use a Parameter for environment, and add a Condition on the Route53 Resource in the template to create the record
with a null string when environment is production.
D. Create two templates, one with the Route53 record and one without it. Use the one without it when deploying to
production.
Correct Answer: A
The best way to do this is with one template, and a Condition on the resource. Route53 does not allow null strings for
records.
Reference:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/conditions-section-structure.html

QUESTION 2
A company is using several AWS CloudFormation templates for deploying infrastructure as code. In most of the
deployments, the company uses Amazon EC2 Auto Scaling groups. A DevOps Engineer needs to update the AMIs for
the Auto
Scaling group in the template if newer AMIs are available.
How can these requirements be met?
A. Manage the AMI mappings in the CloudFormation template. Use Amazon CloudWatch Events for detecting new
AMIs and updating the mapping in the template. Reference the map in the launch configuration resource block.
B. Use conditions in the AWS CloudFormation template to check if new AMIs are available and return the AMI ID.
Reference the returned AMI ID in the launch configuration resource block.
C. Use an AWS Lambda-backed custom resource in the template to fetch the AMI IDs. Reference the returned AMI ID
in the launch configuration resource block.
D. Launch an Amazon EC2 m4 small instance and run a script on it to check for new AMIs. If new AMIs are available,
the script should update the launch configuration resource block with the new AMI ID.
Correct Answer: D

QUESTION 3
Which deployment method, when using AWS Auto Scaling Groups and Auto Scaling Launch Configurations, enables
the shortest time to live for individual servers?
A. Pre-baking AMIs with all code and configuration on deploys.
B. Using a Dockerfile bootstrap on instance launch.
C. Using UserData bootstrapping scripts.
D. Using AWS EC2 Run Commands to dynamically SSH into fleets.
Correct Answer: A
Note that the bootstrapping process can be slower if you have a complex application or multiple applications to install.
Managing a fleet of applications with several build tools and dependencies can be a challenging task during rollouts.
Furthermore, your deployment service should be designed to do faster rollouts to take advantage of Auto Scaling.
Prebaking is a process of embedding a significant portion of your application artifacts within your base AMI. During the
deployment process you can customize application installations by using EC2 instance artifacts such as instance tags,
instance metadata, and Auto Scaling groups.
Reference: https://d0.awsstatic.com/whitepapers/overview-of-deployment-options-on-aws.pdf

QUESTION 4
A retail company has adopted AWS OpsWorks for managing its deployments. In the last three months: the company
has discovered that some production instances have been restarting without reason. Upon inspection of the AWS
CloudTrail
logs, a DevOps Engineer determined that those instances were restarted by OpsWorks. The Engineer now wants
automated email notifications whenever OpsWorks restarts an instance when the instance is deemed unhealthy or
unable to
communicate with the service endpoint.
How can the Engineer meet this requirement?
A. Create a Chef recipe to place a cron to run a custom script within the Amazon EC2 instances that sends an email to
the team by using Amazon SES if the OpsWorks agent detects an instance failure.
B. Create an Amazon SNS topic and create a subscription for this topic that contains the destination email address.
Create an Amazon CloudWatch rule: specify aws . opsworks as a source and specify auto-healing in the initiated_by
details. Use the SNS topic as a target.
C. Create an Amazon SNS topic and create a subscription for this topic that contains the destination email address.
Create an Amazon CloudWatch rule specify aws. opsworks as a source and specify instance-replacement in the
initiated_by details. Use the SNS topic as a target.
D. Create a subscription for this topic that contains the email address. Enable instance restart notifications within the
OpsWorks layer and indicate the destination email address for the notification.
Correct Answer: C

QUESTION 5
Which major database needs a BYO license?
A. PostgreSQL
B. MariaDB
C. MySQL
D. Oracle
Correct Answer: D
Oracle is not open source, and requires a bring your own license model. Reference:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Oracle.html

https://www.pass4itsure.com/aws-devops-engineer-professional.html

AWS-SOLUTION-ARCHITECT-ASSOCIATE

The AWS Certified Solutions Architect – Associate examination is intended for individuals who perform a solutions architect role and have one or more years of hands-on experience designing available.

The AWS-SOLUTION-ARCHITECT-ASSOCIATE Exam Questions, Practice Test

QUESTION 1
A company has asked a Solutions Architect to ensure that data is protected during data transfer to and from Amazon
S3. Use of which service will protect the data in transit?
A. AWS KMS
B. HTTPS
C. SFTP
D. FTPS
Correct Answer: B
Reference: https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/

QUESTION 2
Which of the following cannot be used in Amazon EC2 to control who has access to specific Amazon EC2 instances?
A. Security Groups
B. IAM System
C. SSH keys
D. Windows passwords
Correct Answer: B
http://blogs.aws.amazon.com/security/post/Tx29HCT3ABL7LP3/Resource-level-Permissions-for- EC2-ControllingManagement-Access-on-Specific-Ins

QUESTION 3
A Solutions Architect is designing a new architecture that will use an Amazon EC2 Auto Scaling group. Which of the
following factors determine the health check grace period? (Select TWO.)
A. How frequently the Auto Scaling group scales up or down.
B. How many Amazon CloudWatch alarms are configured for status checks.
C. How much of the application code is embedded in the AMI.
D. How long it takes for the Auto Scaling group to detect a failure.
E. How long the bootstrap script takes to run.
Correct Answer: AD

QUESTION 4
A customer has established an AWS Direct Connect connection to AWS. The link is up and routes are being advertised
from the customer\\’s end, however the customer is unable to connect from EC2 instances inside its VPC to servers
residing in its datacenter.
Which of the following options provide a viable solution to remedy this situation? (Choose two.)
A. Add a route to the route table with an iPsec VPN connection as the target.
B. Enable route propagation to the virtual pinnate gateway (VGW).
C. Enable route propagation to the customer gateway (CGW).
D. Modify the route table of all Instances using the \\’route\\’ command.
E. Modify the Instances VPC subnet route table by adding a route back to the customer\\’s on-premises environment.
Correct Answer: BE

QUESTION 5
A website keeps a record of user actions using a globally unique identifier (GIUD) retrieved from Amazon Aurora in
place of the user name within the audit record. Security protocols state that the GUID content must not leave the
company\\’s
Amazon VPC.
As the web traffic has increased, the number of web servers and Aurora read replicas has also increased to keep up
with the user record reads for the GUID.
What should be done to reduce the number of read replicas required while improving performance?
A. Keep the user name and GUID in memory on the web server instance so that the association can be remade on
demand. Remove the record after 30 minutes.
B. Deploy a Amazon ElastiCache for Redis server into the infrastructure and store the user name and GUID there.
Retrieve GUID from ElastiCache when required.
C. Encrypt the GUID using Base64 and store it in the user\\’s session cookie. Decrypt the GUID when an audit record is
needed.
D. Change the GUID to an MD5 hash of the user name, so that the value can be calculated on demand without referring
to the database.
Correct Answer: B
Reference: https://aws.amazon.com/elasticache/redis/faqs/

https://www.pass4itsure.com/aws-solution-architect-associate.html

AWS-SOLUTION- ARCHITECT-PROFESSIONAL

The AWS Certified Solutions Architect – Professional exam is intended for individuals who perform a solutions architect role with two or more years of hands-on experience managing and operating systems on AWS.

Practice Questions: AWS-SOLUTION- ARCHITECT-PROFESSIONAL Exam

QUESTION 1
You want to establish redundant VPN connections and customer gateways on your network by setting up a second VPN
connection.
Which of the following will ensure that this functions correctly?
A. The customer gateway IP address for the second VPN connection must be publicly accessible.
B. The virtual gateway IP address for the second VPN connection must be publicly accessible.
C. The customer gateway IP address for the second VPN connection must use dynamic routes.
D. The customer gateway IP address for the second VPN connection must be privately accessible and be the same
public IP address that you are using for the first VPN connection.
Correct Answer: A
To establish redundant VPN connections and customer gateways on your network, you would need to set up a second
VPN connection. However, you must ensure that the customer gateway IP address for the second VPN connection is
publicly accessible. http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html

QUESTION 2
A company is creating an account strategy so that they can begin using AWS. The Security team will provide each team
with the permissions they need to follow the principle or least privileged access. Teams would like to keep their
resources isolated from other groups, and the Finance team would like each team\\’s resource usage separated for
billing purposes.
Which account creation process meets these requirements and allows for changes?
A. Create a new AWS Organizations account. Create groups in Active Directory and assign them to roles in AWS to
grant federated access. Require each team to tag their resources, and separate bills based on tags. Control access to
resources through IAM granting the minimally required privilege.
B. Create individual accounts for each team. Assign the security account as the master account, and enable
consolidated billing for all other accounts. Create a cross-account role for security to manage accounts, and send logs
to a bucket in the security account.
C. Create a new AWS account, and use AWS Service Catalog to provide teams with the required resources. Implement
a third-party billing solution to provide the Finance team with the resource use for each team based on tagging. Isolate
resources using IAM to avoid account sprawl. Security will control and monitor logs and permissions.
D. Create a master account for billing using Organizations, and create each team\\’s account from that master account.
Create a security account for logs and cross-account access. Apply service control policies on each account, and grant
the Security team cross-account access to all accounts. Security will create IAM policies for each account to maintain
least privilege access.
Correct Answer: B
By creating individual IAM users for people accessing your account, you can give each IAM user a unique set of security
credentials. You can also grant different permissions to each IAM user. If necessary, you can change or revoke an IAM
user\\’s permissions anytime. (If you give out your root user credentials, it can be difficult to revoke them, and it is impossible to restrict their permissions.)
Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

QUESTION 3
You are responsible for a web application that consists of an Elastic Load Balancing (ELB) load balancer in front of an
Auto Scaling group of Amazon Elastic Compute Cloud (EC2) instances. For a recent deployment of a new version of the
application, a new Amazon Machine Image (AMI) was created, and the Auto Scaling group was updated with a new
launch configuration that refers to this new AMI. During the deployment, you received complaints from users that the
website was responding with errors. All instances passed the ELB health checks.
What should you do in order to avoid errors for future deployments? (Choose 2)
A. Add an Elastic Load Balancing health check to the Auto Scaling group. Set a short period for the health checks to
operate as soon as possible in order to prevent premature registration of the instance to the load balancer.
B. Enable EC2 instance CloudWatch alerts to change the launch configuration\\’s AMI to the previous one. Gradually
terminate instances that are using the new AMI.
C. Set the Elastic Load Balancing health check configuration to target a part of the application that fully tests application
health and returns an error if the tests fail.
D. Create a new launch configuration that refers to the new AMI, and associate it with the group. Double the size of the
group, wait for the new instances to become healthy, and reduce back to the original size. If new instances do not
become healthy, associate the previous launch configuration.
E. Increase the Elastic Load Balancing Unhealthy Threshold to a higher value to prevent an unhealthy instance from
going into service behind the load balancer.
Correct Answer: CD

QUESTION 4
If no explicit deny is found while applying IAM\\’s Policy Evaluation Logic, the enforcement code looks for any ______
instructions that would apply to the request.
A. “cancel”
B. “suspend”
C. “allow”
D. “valid”
Correct Answer: C
If an explicit deny is not found among the applicable policies for a specific request, IAM\\’s Policy Evaluation Logic
checks for any “allow” instructions to check if the request can be successfully completed.
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_EvaluationLogic.html

QUESTION 5
The Solutions Architect manages a serverless application that consists of multiple API gateways, AWS Lambda
functions, Amazon S3 buckets, and Amazon DynamoDB tables. Customers say that a few application components slow
while loading dynamic images, and some are timing out with the “504 Gateway Timeout” error. While troubleshooting
the scenario, the Solutions Architect confirms that DynamoDB monitoring metrics are at acceptable levels.
Which of the following steps would be optimal for debugging these application issues? (Choose two.)
A. Parse HTTP logs in Amazon API Gateway for HTTP errors to determine the root cause of the errors.
B. Parse Amazon CloudWatch Logs to determine processing times for requested images at specified intervals.
C. Parse VPC Flow Logs to determine if there is packet loss between the Lambda function and S3.
D. Parse AWS X-Ray traces and analyze HTTP methods to determine the root cause of the HTTP errors.
E. Parse S3 access logs to determine if objects being accessed are from specific IP addresses to narrow the scope to
geographic latency issues.
Correct Answer: AE

https://www.pass4itsure.com/aws-solution-architect-professional.html

AWS-SYSOPS

Earn your AWS Certified SysOps Administrator – Associate Certification.

AWS-SYSOPS Exam Latest practice questions

QUESTION 1
A user has launched an EBS backed EC2 instance. What will be the difference while performing the restart or stop/start
options on that instance?
A. For restart it does not charge for an extra hour, while every stop/start it will be charged as a separate hour
B. Every restart is charged by AWS as a separate hour, while multiple start/stop actions during a single hour will be
counted as a single hour
C. For every restart or start/stop it will be charged as a separate hour
D. For restart it charges extra only once, while for every stop/start it will be charged as a separate hour
Correct Answer: A
For an EC2 instance launched with an EBS backed AMI, each time the instance state is changed from stop to start/
running, AWS charges a full instance hour, even if these transitions happen multiple times within a single hour. Anyway,
rebooting an instance AWS does not charge a new instance billing hour.

QUESTION 2
Which services allow the customer to retain run administrative privileges or the underlying EC2 instances? (Choose
two.)
A. AWS Elastic Beanstalk
B. Amazon Elastic Map Reduce
C. Elastic Load Balancing
D. Amazon Relational Database Service
E. Amazon Elastic Cache
Correct Answer: AB

QUESTION 3
The SysOps Administrator must integrate an existing on-premises asymmetrical key management system into an AWS
services platform. How can the Administrator meet this requirement?
A. Implement AWS KMS and integrate with the existing on-premises asymmetrical key management system
B. Implement AWS CloudHSM and integrate it with the existing key management infrastructure
C. Deploy an Amazon EC2 instance and choose an AMI from an AWS partner in the AWS Marketplace
D. Create a master key in AWS KMS, and export that key to the existing on-premises asymmetrical key management
system
Correct Answer: C

QUESTION 4
A user has created a queue named “myqueue” with SQS. There are four messages published to queue which are not
received by the consumer yet. If the user tries to delete the queue, what will happen?
A. A user can never delete a queue manually. AWS deletes it after 30 days of inactivity on queue
B. It will delete the queue
C. It will initiate the delete but wait for four days before deleting until all messages are deleted automatically.
D. It will ask user to delete the messages first
Correct Answer: B
SQS allows the user to move data between distributed components of applications so they can perform different tasks
without losing messages or requiring each component to be always available. The user can delete a queue at any time,
whether it is empty or not. It is important to note that queues retain messages for a set period of time. By default, a
queue retains messages for four days.

QUESTION 5
A user is displaying the CPU utilization, and Network in and Network out CloudWatch metrics data of a single instance
on the same graph. The graph uses one Y-axis for CPU utilization and Network in and another Y-axis for Network out.
Since Network in is too high, the CPU utilization data is not visible clearly on graph to the user. How can the data be
viewed better on the same graph?
A. It is not possible to show multiple metrics with the different units on the same graph
B. Add a third Y-axis with the console to show all the data in proportion
C. Change the axis of Network by using the Switch command from the graph
D. Change the units of CPU utilization so it can be shown in proportion with Network
Correct Answer: C
Amazon CloudWatch provides the functionality to graph the metric data generated either by the AWS services or the
custom metric to make it easier for the user to analyze. It is possible to show the multiple metrics with different units on
the same graph. If the graph is not plotted properly due to a difference in the unit data over two metrics, the user can
change the Y-axis of one of the graph by selecting that graph and clicking on the Switch option.

https://www.pass4itsure.com/aws-sysops.html

Pass4itsure discount code 2020

Pass4itsure discount code 2020

AWS-CERTIFIED-ADVANCED-NETWORKING-SPECIALTY DUMPS PDF 2020 https://drive.google.com/open?id=1HeWyM2wEWMSaWGAcHI43B-JyqAvlStCj

AWS-CERTIFIED-CLOUD-PRACTITIONER DUMPS PDF 2020 https://drive.google.com/open?id=1liqHur0Cs4z5LoiuNmwgBlvC5In-D0MN

AWS-CERTIFIED-DEVELOPER-ASSOCIATE DUMPS PDF 2020 https://drive.google.com/open?id=1vfZFpFaiN7dwWmLJP-U0WOFBhuX7ATHS

AWS-DevOps-ENGINEER-PROFESSIONAL DUMPS PDF 2020 https://drive.google.com/open?id=1BFRvpmTCQ8tHmOP8NM_-onjoUG7PMHzT

AWS-SOLUTION-ARCHITECT-ASSOCIATE DUMPS PDF 2020 https://drive.google.com/open?id=143j9Ei2Vhu0sSF0iu3_7DZgkZAa8qbot

AWS-SOLUTION- ARCHITECT-PROFESSIONAL DUMPS PDF 2020 https://drive.google.com/open?id=1PmtdzpV0R6ssYJUghMPv_ldtxYx0no-8

AWS-SYSOPS DUMPS PDF 2020 https://drive.google.com/open?id=1e4HaJ1Qk-Lg_6IhkLSCEGNDT1YCcpIEf

Where can you find AWS dumps?You can see some useful AWS-CERTIFIED-ADVANCED-NETWORKING-SPECIALTY, AWS-CERTIFIED-CLOUD-PRACTITIONER, AWS-CERTIFIED-DEVELOPER-ASSOCIATE, AWS-DEVOPS-ENGINEER-PROFESSIONAL, AWS-SOLUTION-ARCHITECT-ASSOCIATE, AWS-SOLUTION-ARCHITECT-PROFESSIONAL, AWS-SYSOPS Questions for practice here https://www.pass4itsure.com/amazon.html Practice well to help you succeed!