Deck 13: AWS Certified SysOps Administrator (SOA-C01)

A) A collection of Auto Scaling groups in the same Region
B) Feature that enables EC2 instances to interact with each other via nigh bandwidth, low latency connections
C) A collection of Elastic Load Balancers in the same Region or Availability Zone
D) A collection of authorized Cloud Front edge locations for a distribution

A) Cannot De detached or attached to an EC2 instance until me snapshot completes
B) Can be used in read-only mode while me snapshot is in progress
C) Can be used while me snapshot Is in progress
D) Cannot be used until the snapshot completes

A) Add another cc2 8xlarge application instance, and put both behind an Elastic Load Balancer
B) Move the cc2 8xlarge to the same Availability Zone as the DynamoDB table
C) Cache the database responses in ElastiCache for more rapid access
D) Move the database from DynamoDB to RDS MySQL in scale-out read-replica configuration

A) No, two instances in two different AZ's can't talk directly to each other via ICMP ping as that protocol is not allowed across subnet (iebroadcast) boundaries
B) Yes, both the monitoring instance and the application instance have to be a part of the same security group, and that security group needs to allow inbound ICMP
C) Yes, the security group for the monitoring instance needs to allow outbound ICMP and the application instance's security group needs to allow Inbound ICMP
D) Yes, both the monitoring instance's security group and the application instance's security group need to allow both inbound and outbound ICMP ping packets since ICMP is not a connection-oriented protocol

A) Leverage CloudFront for the delivery of the articles.
B) Add RDS read-replicas for the read traffic going to your relational database
C) Leverage ElastiCache for caching the most frequently used data.
D) Use SOS to queue up the requests for the technical posts and deliver them out of the queue.
E) Use Route53 health checks to fail over to an S3 bucket for an error page.

A) Data is automatically saved as an E8S volume.
B) Data is automatically saved as an ESS snapshot.
C) Data is automatically deleted.
D) Data is unavailable until the instance is restarted.

A) Run another monitoring instance that pings the monitoring instance and fires a could watch alarm mat notifies your operations team should the primary monitoring instance become unhealthy.
B) Set a CloudWatch alarm based on EC2 system and instance status checks and have the alarm notify your operations team of any detected problem with the monitoring instance.
C) Set a CloudWatch alarm based on the CPU utilization of the monitoring instance and have the alarm notify your operations team if C r the CPU usage exceeds 50% few more than one minute: then have your monitoring application go into a CPU-bound loop should it Detect any application problems.
D) Have the monitoring instances post messages to an SOS queue and then dequeue those messages on another instance should the queue cease to have new messages, the second instance should first terminate the original monitoring instance start another backup monitoring instance and assume (he role of the previous monitoring instance and beginning adding messages to the SQSqueue.

A) Consolidate your accounts so you have a single bill for all accounts and projects
B) Set up auto scaling with CloudWatch alarms using SNS to notify you when you are running too many Instances in a given account
C) Set up CloudWatch billing alerts for all AWS resources used by each project, with a notification occurring when the amount for each resource tagged to a particular project matches the budget allocated to the project.
D) Set up CloudWatch billing alerts for all AWS resources used by each account, with email notifications when it hits 50%. 80% and 90% of its budgeted monthly spend

A) Denies the server with the IP address 192 168 100 0 full access to the "mybucket" bucket
B) Denies the server with the IP address 192 168 100 188 full access to the "mybucket" bucket
C) Grants all the servers within the 192 168 100 0/24 subnet full access to the "mybucket" bucket
D) Grants all the servers within the 192 168 100 188/32 subnet full access to the "mybucket" bucket

A) Amazon Elastic Map Reduce
B) Elastic Load Balancing
C) AWS Elastic Beanstalk
D) Amazon Elasticache
E) Amazon Relational Database service

A) Increase the number of nodes in your cluster
B) Tweak the max_item_size parameter
C) Shrink the number of nodes in your cluster
D) Increase the size of the nodes in the duster

A) Auto Scaling launch configuration
B) Auto Scaling group
C) Auto Scaling policy
D) Auto Scaling tags

A) Gather evidence of your IT operational controls
B) Request and obtain applicable third-party audited AWS compliance reports and certifications
C) Request and obtain a compliance and security tour of an AWS data center for a pre-assessment security review
D) Request and obtain approval from AWS to perform relevant network scans and in-depth penetration tests of your system's Instances and endpoints
E) Schedule meetings with AWS's third-party auditors to provide evidence of AWS compliance that maps to your control objectives

A) Data transfer of an EC2 instance
B) Disk usage activity of an EC2 instance
C) Memory Utilization of an EC2 instance
D) CPU Utilization of an EC2 instance

A) Key pairs
B) Console passwords
C) Access keys
D) Signing certificates
E) Security Group memberships

A) Ensure the application instances are properly configured with an Elastic Load Balancer
B) Ensure the application instances are launched in private subnets with the EBS-optimized option enabled
C) Ensure the application instances are launched in public subnets with the associate-public-IP-address=true option enabled
D) Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SQS queue size

A) Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to launch instances in that role
B) Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch configuration to inject the userscredentials into the instance User Data
C) Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission to instances from the Auto Scaling group
D) Create an IAM user with the PutMetricData permission and put the credentials in a private repository and have applications on the server pull the credentials as needed

A) Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block
B) Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block
C) Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block
D) Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block

A) Create an ELB to reroute traffic to a failover instance
B) Create a secondary ENI that can be moved to a failover instance
C) Use Route53 health checks to fail traffic over to a failover instance
D) Assign a secondary private IP address to the primary ENIO that can be moved to a failover instance

A) Add a new instance manually by 8 AM Thursday and terminate the same by 6 PM Friday
B) Schedule Auto Scaling to scale up by 8 AM Thursday and scale down after 6 PM on Friday
C) Schedule a policy which may scale up every day at 8 AM and scales down by 6 PM
D) Configure a batch process to add an instance by 8 AM and remove it by Friday 6 PM

A) Data will be deleted and win no longer be accessible
B) Data is automatically saved in an EBS volume.
C) Data is automatically saved as an EBS snapshot
D) Data is unavailable until the instance is restarted

A) Aggregate
B) Sum
C) Sample data
D) Average

A) Increase your network bandwidth to provide faster throughput to S3
B) Upload the files in parallel to S3
C) Pack all files into a single archive, upload it to S3, then extract the files in AWS
D) Use AWS Import/Export to transfer the video files

A) ELB's normal behavior sends requests from the same user to the same backend instance
B) ELB's behavior when sticky sessions are enabled causes ELB to send requests in the same session to the same backend instance
C) A faulty browser is not honoring the TTL of the ELB DNS name
D) The web application uses long polling such as comet or websockets. Thereby keeping a connection open to a web server tor a long time

A) Objects are directly accessible via a URL
B) S3 should be used to host a relational database
C) S3 allows you to store objects or virtually unlimited size
D) S3 allows you to store virtually unlimited amounts of data
E) S3 offers Provisioned IOPS

A) Run activities on the CPU such that its utilization reaches above 75%
B) From the AWS console change the state to 'Alarm'
C) The user can set the alarm state to 'Alarm' using CLI
D) Run the SNS action manually

A) Parameters
B) Outputs
C) Template version
D) Resources

A) Use the S3 copy API to replicate data between two S3 buckets in different regions
B) You do not need to implement anything since S3 data is automatically replicated between regions
C) Use the S3 copy API to replicate data between two S3 buckets in different facilities within an AWS Region
D) You do not need to implement anything since S3 data is automatically replicated between multiple facilities within an AWS Region

A) Delete the unutilized EBS volumes once the instance is terminated
B) Delete the AutoScaling launch configuration after the instances are terminated
C) Release the elastic IP if not required once the instance is terminated
D) Delete the AWS ELB after the instances are terminated

A) The organization should create a separate login ID but give the IAM users the same alias so that each one can login with their alias
B) The organization should create each user in a separate region so that they have their own URL to login
C) It is not possible to have the same login ID for multiple IAM users of the same account
D) The organization should create various groups and add each user with the same login ID to different groups. The user can login with their own group ID

A) Enable versioning on your S3 Buckets
B) Configure your S3 Buckets with MFA delete
C) Create a Bucket policy and only allow read only permissions to all users at the bucket level
D) Enable object life cycle policies and configure the data older than 3 months to be archived in Glacier

A) None because the user infrastructure is in the private cloud/
B) AWS SNS
C) AWS SES
D) AWS SMS

A) Use Route 53's Latency Based Routing and serve the image out of US-West-2 as well as US-East-1
B) Serve the image out through CloudFront
C) Serve the image out of S3 so that it isn't being served oft of your web application tier
D) Use EBS PIOPs to serve the image faster out of your EC2 instances

A) It is not possible to define a policy at the object level
B) It will make all the objects of the bucket cloudacademy as public
C) It will make the bucket cloudacademy as public
D) the aws. j p g object as public

A) Maximum size
B) Auto Scaling group name
C) End time
D) Recurrence value

A) Protect the EC2 instances against unsolicited access by enforcing the principle of least-privilege access
B) Protect against IP spoofing or packet sniffing
C) Assure all communication between EC2 instances and ELB is encrypted
D) Install latest security patches on ELB. RDS and EC2 instances

A) Use the IAM groups and add users as per their role to different groups and apply policy to group
B) The user can create a policy and apply it to multiple users in a single go with the AWS CLI
C) Add each user to the IAM role as per their organization role to achieve effective policy setup
D) Use the IAM role and implement access at the role level

A) Elastic IP
B) Private IP
C) Public IP
D) Internet gateway

A) Notify the Auto Scaling launch config to scale up
B) Send an SMS using SNS
C) Notify the Auto Scaling group to scale down
D) Stop the EC2 instance

A) AWS Cost Manager
B) AWS Cost Explorer
C) AWS CloudWatch
D) AWS Consolidated Billing

A) It will not allow the user to create the private subnet due to a CIDR overlap
B) It will allow the user to create a private subnet with CIDR as 20.0.0.128/25
C) This statement is wrong as AWS does not allow CIDR 20.0.0.0/25
D) It will not allow the user to create a private subnet due to a wrong CIDR range

A) The user can use the CloudWatch Import tool
B) The user should be able to see the data in the console after around 15 minutes
C) If the user is uploading the custom data, the user must supply the namespace, timezone, and metric name as part of the command
D) The user can view as well as upload data using the console, CLI and APIs

A) AWS MFA with EBS
B) AWS EBS encryption
C) Multi-tier encryption with Redshift
D) AWS S3 server side storage

A) Backup
B) Creation
C) Deletion
D) Restoration

A) RDS will have an internal IP which will redirect all requests to the new DB
B) RDS uses DNS to switch over to stand by replica for seamless transition
C) The switch over changes Hardware so RDS does not need to worry about access
D) RDS will have both the DBs running independently and the user has to manually switch over

A) ELB will ask the user whether to delete the instances or not
B) Instances will be terminated
C) ELB cannot be deleted if it has running instances registered with it
D) Instances will keep running

A) The user can only disable connection draining from CLI
B) It is not possible to disable the connection draining feature once enabled
C) The user can disable the connection draining feature from EC2 -> ELB console or from CLI
D) The user needs to stop all instances before disabling connection draining

A) 10000
B) 5000
C) 100
D) 1000

A) 3
B) 5
C) 2
D) 1

A) View the Auto Scaling CPU metrics
B) Aggregate the data over the instance AMI ID
C) The user has to use the CloudWatchanalyser to find the average data across instances
D) It is not possible to see the average CPU utilization of the same AMI ID since the instance ID is different

A) Enable ELB cross zone load balancing
B) Enable ELB cookie setup
C) Enable ELB sticky session
D) Enable ELB connection draining

A) Allow Inbound traffic on port 22 from the user's network
B) The user has to create an instance in EC2 Classic with an elastic IP and configure the security group of a private subnet to allow SSH from that elastic IP
C) The user can connect to a instance in a private subnet using the NAT instance
D) Allow Inbound traffic on port 80 and 22 to allow the user to connect to a private subnet over the Internet

A) The user can enable logging with CloudWatch which logs all the activities
B) Use CloudTrail to monitor the API calls
C) Create an IAM user and allow each user to log the data using the S3 bucket
D) Enable detailed monitoring with CloudWatch

A) Increase the desired capacity of the Auto Scaling group
B) Increase the maximum limit of the Auto Scaling group
C) Launch an instance manually and register it with ELB on the fly
D) Decrease the minimum limit of the Auto Scaling group

A) AWS SES
B) AWS Cloudtrail
C) AWS Cloudwatch
D) AWS SNS

A) ELB Access logs
B) ELB health check
C) CloudWatch metrics
D) ELB API calls with CloudTrail

A) It will store the estimated charges data of the last 14 days
B) It will include the estimated charges of every AWS service
C) The metric data will represent the data of all the regions
D) The metric data will show data specific to that region

A) The user needs to use AWS CLI or API to upload the data
B) The user can use the AWS Import Export facility to import data to CloudWatch
C) The user will upload data from the AWS console
D) The user cannot upload data to CloudWatch since it is not an AWS service metric

A) Create an AMI from the volume and share the AMI
B) Copy the data to an unencrypted volume and then share
C) Take a snapshot and share the snapshot with a friend
D) If both the accounts are using the same encryption key then the user can share the volume directly

A) AWS CloudWatch + AWS SES
B) AWS CloudWatch + AWS SNS
C) None. It is not possible to configure the light with the AWS infrastructure services
D) AWS CloudWatch and a dedicated software turning on the light

A) Setting up a NAT with the proxy protocol and configure that the public subnet receives traffic from NAT
B) Setting up a proxy policy in the internet gateway connected with the public subnet
C) It is not possible to setup the proxy policy for a public subnet
D) Setting the route table and security group of the public subnet which receives traffic from a virtual private gateway

A) The policy allows the IAM user to modify all IAM users' access keys using the console, SDK, CLI or APIs
B) The policy allows the IAM user to modify all IAM users' credentials using the console, SDK, CLI or APIs
C) The policy allows the IAM user to modify all credentials using only the console
D) The policy allows the IAM user to modify the IAM user's own credentials using the console, SDK, CLI or APIs

A) SSL Protocols
B) Client Order Preference
C) SSL Ciphers
D) Server Order Preference

A) ELB sticky session
B) ELB deregistration check
C) ELB connection draining
D) ELB auto registration Off

A) Enable Receiving Billing Reports
B) Enable Receiving Billing Alerts
C) Enable AWS billing utility
D) Enable CloudWatch Billing Threshold

A) The user can find the data by giving the exact values in the time Tab under CloudWatch metrics
B) The user can find the data by filtering values of the last 1 week for a 1 hour period in the Relative tab under CloudWatch metrics
C) It is not possible to find the exact time from the console. The user has to use CLI to provide the specific time
D) The user can find the data by giving the exact values in the Absolute tab under CloudWatch metrics

A) Stop one of the instances and change the availability zone
B) The zone can only be modified using the AWS CLI
C) From the AWS EC2 console, select the Actions - > Change zones and specify new zone
D) Create an AMI of the running instance and launch the instance in a separate AZ

A) http://sqs.us-east-1.amazonaws.com/123456789012/myqueue
B) http://sqs.amazonaws.com/123456789012/myqueue
C) http://sqs. 123456789012.us-east-1.amazonaws.com/myqueue
D) http:// 123456789012.sqs. us-east-1.amazonaws.com/myqueue

A) Create 5 separate accounts and make them a part of one consolidate billing
B) Create 5 separate accounts and use the IAM cross account access with the roles for better management
C) Create 5 separate IAM users and set a different policy for their access
D) Create 5 separate IAM groups and add users as per the department's employees

A) The client can connect over IPV4 or IPV6 using Dualstack
B) ELB DNS supports both IPV4 and IPV6
C) Communication between the load balancer and back-end instances is always through IPV4
D) The ELB supports either IPV4 or IPV6 but not both

A) For restart it does not charge for an extra hour, while every stop/start it will be charged as a separate hour
B) Every restart is charged by AWS as a separate hour, while multiple start/stop actions during a single hour will be counted as a single hour
C) For every restart or start/stop it will be charged as a separate hour
D) For restart it charges extra only once, while for every stop/start it will be charged as a separate hour

A) The user should create a separate IAM user for each employee and provide access to them as per the policy
B) The user should create an IAM role and attach STS with the role. The user should attach that role to the EC2 instance and setup AWS authentication on that server
C) The user should create IAM groups as per the organization's departments and add each user to the group for better access control
D) Attach an IAM role with the organization's authentication service to authorize each user for various AWS services

A) Each tag will have a key and value
B) The user can apply tags to the S3 bucket
C) The maximum value of the tag key length is 64 unicode characters
D) AWS tags are used to find the cost distribution of various resources

A) DiskReadBytes
B) NetworkIn
C) NetworkOut
D) CPUUtilization

A) Alarm
B) OK
C) Insufficient Data
D) Error

A) The snapshot is synchronous
B) It is recommended to stop the instance before taking a snapshot for consistent data
C) The snapshot is incremental
D) The snapshot captures the data that has been written to the hard disk when the snapshot command was executed

A) In the CloudWatch dashboard the user should set the local time zone so that CloudWatch shows the data only in the local time zone
B) In the CloudWatch console select the local time zone under the Time Range tab to view the data as per the local timezone
C) The CloudWatch data is always in UTC; the user has to manually convert the data
D) The user should have send the local time zone while uploading the data so that CloudWatch will show the data only in the local time zone

A) Define the AMI launch permissions
B) Upload the bundled volume
C) Register the AMI
D) Bundle the volume

A) The consolidated billing does not bring any cost advantage for the organization
B) All AWS accounts will be charged for S3 storage by combining the total storage of each account
C) The EC2 instances of each account will receive a total of 750*3 micro instance hours free
D) The free usage tier for all the 3 accounts will be 3 years and not a single year