2023年最新のAWS-SysOpsプレミアム資料テストPDFの無料問題集お試しセット [Q465-Q487]

2023年最新のAWS-SysOpsプレミアム資料テストPDFの無料問題集お試しセット

試験合格を向けてAWS-SysOps今すぐ弊社のSysOps Administrator試験パッケージを使おう

AWS-SysOps 認定は、AWS システムの管理と展開の専門知識を証明する素晴らしい方法です。それは、プロフェッショナルに多くの利益を提供しており、彼らのスキルの認知、高い給与、そしてより良い仕事の機会を提供しています。認定は、同僚や雇用者に対する自信と信頼を構築するのにも役立ちます。

Amazon AWS-SysOps試験は、Amazon Web Services（AWS）プラットフォーム上でアプリケーションを操作および管理する能力と知識を評価する認定試験です。この認定は、AWS上でアプリケーションを展開、管理、および操作する責任を持つプロフェッショナル向けに設計されています。これは、クラウドコンピューティング業界で最も求められる認定の1つです。

 

質問 # 465
A user has created an application which will be hosted on EC2. The application makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK to connect with from the EC2 instance. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?

• A. The user should create an IAM user with DynamoDB access and use its credentials within the application to connect with DynamoDB
• B. The user should attach an IAM role with DynamoDB access to the EC2 instance
• C. The user should create an IAM role, which has EC2 access so that it will allow deploying the application
• D. The user should create an IAM user with DynamoDB and EC2 access. Attach the user with the application so that it does not use the root account credentials

正解：B

解説：
With AWS IAM a user is creating an application which runs on an EC2 instance and makes requests to AWS, such as DynamoDB or S3 calls. Here it is recommended that the user should not create an IAM user and pass the user's credentials to the application or embed those credentials inside the application. Instead, the user should use roles for EC2 and give that role access to DynamoDB /S3. When the roles are attached to EC2, it will give temporary security credentials to the application hosted on that EC2, to connect with DynamoDB / S3.

質問 # 466
The Security team has decided that there will be no public internet access to HTTP (TCP port 80) because if it is moving to HTTPS for all incoming web traffic. The team has asked a SysOps Administrator to provide a report on any security groups that are not compliant.
What should the SysOps Administrator do to provide near real-time compliance reporting?

• A. Enable AWS Trusted Advisor and show the Security team that the Security Groups unrestricted access check will alarm.
• B. Use AWS Config to enable the restricted-common-ports rule, and add port 80 to the parameters.
• C. Schedule an AWS Lambda function to run hourly to scan and evaluate all security groups, and send a report to the Security team.
• D. Use Amazon Inspector to evaluate the security groups during scans, and send the completed reports to the Security team.

正解：B

解説：
AWS Config provides near real-time monitoring, and it also has a built-in rule "restricted-common- ports" to ensure that SGs do not allow unrestricted/public access on specific ports.

質問 # 467
A user has created a VPC with CIDR 20.0.0.0/24.
The user has used all the IPs of CIDR and wants to increase the size of the VPC.
The user has two subnets: public (20.0.0.0/28. and private (20.0.1.0/28..
How can the user change the size of the VPC?

• A. It is not possible to change the size of the VPC once it has been created
• B. The user can delete the subnets first and then modify the size of the VPC
• C. The user can add a subnet with a higher range so that it will automatically increase the size of the VPC
• D. The user can delete all the instances of the subnet.
  Change the size of the subnets to 20.0.0.0/32 and 20.0.1.0/32, respectively.
  Then the user can increase the size of the VPC using CLI

正解：A

解説：
Once the user has created a VPC, he cannot change the CIDR of that VPC. The user has to terminate all the instances, delete the subnets and then delete the VPC. Create a new VPC with a higher size and launch instances with the newly created VPC and subnets.

質問 # 468
A user is trying to create a PIOPS EBS volume with 8 GB size and 200 IOPS.
Will AWS create the volume?

• A. Yes, since PIOPS is higher than 100
• B. Yes, since the ratio between EBS and IOPS is less than 30
• C. No, the EBS size is less than 10 GB
• D. No, since the PIOPS and EBS size ratio is less than 30

正解：B

解説：
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html
An io1 volume can range in size from 4 GiB to 16 TiB and you can provision up to 20,000 IOPS per volume. The ratio of IOPS provisioned to the volume size requested can be a maximum of 30; for example, a volume with 3,000 IOPS must be at least 100 GiB. You can stripe multiple volumes together in a RAID configuration for larger size and greater performance.

質問 # 469
A user has launched an EC2 instance from an instance store backed AMI. If the user restarts the instance, what will happen to the ephemeral storage data?

• A. All data will be erased and the ephemeral storage is released
• B. The data is preserved
• C. All the data will be erased but the ephemeral storage will stay connected
• D. It is not possible to restart an instance launched from an instance store backed AMI

正解：B

解説：
A user can reboot an EC2 instance using the AWS console, the Amazon EC2 CLI or the Amazon EC2 API.
Rebooting an instance is equivalent to rebooting an operating system. However, it is recommended that the user use Amazon EC2 to reboot the instance instead of running the operating system reboot command from the instance. When an instance launched from an instance store backed AMI is rebooted all the ephemeral storage data is still preserved.

質問 # 470
George has launched three EC2 instances inside the US-East-1a zone with his AWS account. Ray has launched two EC2 instances in the US-East-1a zone with his AWS account. Which of the below entioned statements will help George and Ray understand the availability zone (AZ. concept better?

• A. All the instances of George and Ray can communicate over a private IP without any cost
• B. The instances of George and Ray will be running in the same data centre
• C. The US-East-1a region of George and Ray can be different availability zones
• D. All the instances of George and Ray can communicate over a private IP with a minimal cost

正解：C

解説：
Explanation
Each AWS region has multiple, isolated locations known as Availability Zones. To ensure that the AWS resources are distributed across the Availability Zones for a region, AWS independently maps the Availability Zones to identifiers for each account. In this case the Availability Zone US-East-1a where George's EC2 instances are running might not be the same location as the US-East-1a zone of Ray's EC2 instances. There is no way for the user to coordinate the Availability Zones between accounts.

質問 # 471
What is the default maximum number of VPCs allowed per region?

• A. 0
• B. 1
• C. 2
• D. 3

正解：D

解説：
Explanation
Explanation:
The maximum number of VPCs allowed per region is 5. The limit for Internet gateways per region is directly correlated to this one. Increasing this limit will increase the limit on Internet gateways per region by the same amount.
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Appendix_Limits.html

質問 # 472
What does Amazon RDS perform?

• A. It provides sensory feedback.
• B. It manages the work involved in setting up a relational database.
• C. It tests the functionalities in websites.
• D. It blocks users from creating DB instances.

正解：B

解説：
Explanation
Amazon RDS manages the work involved in setting up a relational database: from provisioning the infrastructure capacity you request to installing the database software.
References:

質問 # 473
Which of the following programming languages is not supported by Amazon's Elastic Beanstalk?

• A. Java
• B. Ruby
• C. Perl
• D. Node.js

正解：C

解説：
AWS Elastic Beanstalk web server environment tiers support applications developed in Java, PHP, .NET, Node.js, Python, and Ruby as well as different container types for each language.
Worker environments are supported for all platforms except .NET.
Reference: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.platforms.html

質問 # 474
A SysOps administrator is deploying a fleet of over 100 Amazon EC2 instances in an Amazon VPC. After the instances are set up and serving clients, a new DNS server needs to be added to the instances for DNS resolution.
What is the MOST efficient way to make this change?

• A. Write a script to update the DNS server configuration for each instance.
• B. Use AWS OpsWorks to update the DNS server configuration for each instance.
• C. Update the DHCP options set for the Amazon VPC.
• D. Use AWS Systems Manager to update the DMS server configuration for each instance.

正解：C

質問 # 475
Which service is offered by Auto Scaling?

• A. Automatic scale EC2 capacity
• B. Automatic scale ECS capacity
• C. Automatic scaling storage
• D. Automatic scale elastic IP

正解：A

解説：
Explanation
Auto Scaling is a service that allows users to scale the EC2 resources up or down automatically according to the conditions or by manual intervention. It is a seamless process to scale the EC2 compute units up and down.
References:

質問 # 476
A user has created an ELB with three instances. How many security groups will ELB create by default?

• A. 0
• B. 1
• C. 2
• D. 3

正解：A

解説：
Elastic Load Balancing provides a special Amazon EC2 source security group that the user can use to ensure that back-end EC2 instances receive traffic only from Elastic Load Balancing. This feature needs two security groups: the source security group and a security group that defines the ingress rules for the back-end instances. To ensure that traffic only flows between the load balancer and the back-end instances, the user can add or modify a rule to the back-end security group which can limit the ingress traffic. Thus, it can come only from the source security group provided by Elastic load Balancing.

質問 # 477
A root AWS account owner is trying to understand various options to set the permission to AWS S3.
Which of the below mentioned options is not the right option to grant permission for S3?

• A. S3 Bucket Access Policy
• B. User Access Policy
• C. S3 Object Access Policy
• D. S3 ACL

正解：C

質問 # 478
A user has created an ELB with three instances. How many security groups will ELB create by default?

• A. 0
• B. 1
• C. 2
• D. 3

正解：A

解説：
Explanation/Reference:
Explanation:
Elastic Load Balancing provides a special Amazon EC2 source security group that the user can use to ensure that back-end EC2 instances receive traffic only from Elastic Load Balancing. This feature needs two security groups: the source security group and a security group that defines the ingress rules for the back-end instances. To ensure that traffic only flows between the load balancer and the back-end instances, the user can add or modify a rule to the back-end security group which can limit the ingress traffic. Thus, it can come only from the source security group provided by Elastic Load Balancing.

質問 # 479
If an IAM policy has multiple conditions, or if a condition has multiple keys, its boolean outcome will be calculated using a logical ______ operation.

• A. None of these
• B. AND
• C. NAND
• D. OR

正解：B

解説：
Explanation
If there are multiple condition operators, or if there are multiple keys attached to a single condition operator, the conditions are evaluated using a logical AND.

質問 # 480
A user has configured Auto Scaling with the minimum capacity as 2 and the desired capacity as 2. The
user is trying to terminate one of the existing instance with the command:
as-terminate-instance-in-auto-scaling-group<Instance ID> --decrement-desired-capacity
What will Auto Scaling do in this scenario?

• A. Throws an error
• B. Terminates the instance and updates the desired capacity and minimum size to 1
• C. Terminates the instance and updates the desired capacity to 1
• D. Terminates the instance and does not launch a new instance

正解：A

質問 # 481
What is Amazon CloudFront?

• A. A development front-end to Amazon Web Services
• B. An encrypted endpoint to upload files to the Cloud
• C. A web service to schedule regular data movement
• D. A global Content Delivery Network

正解：D

解説：
Amazon CloudFront is a global content delivery network (CDN) service that accelerates delivery of your
websites, APIs, video content or other web assets through CDN caching. It integrates with other Amazon Web
Services products to give developers and businesses an easy way to accelerate content to end users with no
minimum usage commitments.
Reference: https://aws.amazon.com/cloudfront/

質問 # 482
A sys admin has enabled logging on ELB. Which of the below mentioned fields will not be a part of the log file name?

• A. S3 bucket name
• B. Load Balancer IP
• C. EC2 instance IP
• D. Random string

正解：C

解説：
Elastic Load Balancing access logs capture detailed information for all the requests made to the load balancer. Elastic Load Balancing publishes a log file from each load balancer node at the interval that the user has specified. The load balancer can deliver multiple logs for the same period. Elastic Load Balancing creates log file names in the following format:
"{Bucket}/{Prefix}/AWSLogs/{AWS AccountID}/elasticloadbalancing/{Region}/2023/{Month}/{Day}/{AWS
Account ID}_elasticloadbalancing_{Region}_{Load Balancer Name}_{End Time}_{Load Balancer IP}_{Random
String}.log"

質問 # 483
A root account owner has given full access of his S3 bucket to one of the IAM users using the bucket ACL.
When the IAM user logs in to the S3 console, which actions can he perform?

• A. The IAM user can perform all operations on the bucket using only API/SDK
• B. It is not possible to give access to an IAM user using ACL
• C. He can do all the operations on the bucket
• D. He can just view the content of the bucket

正解：B

解説：
Each AWS S3 bucket and object has an ACL (Access Control List) associated with it. An ACL is a list of
grants identifying the grantee and the permission granted. The user can use ACLs to grant basic
read/write permissions to other AWS accounts. ACLs use an Amazon S3-specific XML schema. The user
cannot grant permissions to other users (IAM users) in his account.
Reference: http://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html

質問 # 484
A sysops administrator has an AWS Lambda function that performs maintenance on various AWS resources.
This function must be run nightly. Which is the MOST cost-effective solution?

• A. Implement a Chef recipe in AWS OpsWorks stack to invoke the Lambda function at the same time every night.
• B. Set up an Amazon CloudWatch metrics alarm to invoke the Lambda function at the same time every night.
• C. Launch a single t2.nano Amazon EC2 instance and create a Linux cron job to invoke the Lambda function at the same time every night.
• D. Schedule a CloudWatch event to invoke the Lambda function at the same time every night.

正解：D

質問 # 485
A user has created an ELB with the availability zone US-East-1A. The user wants to add more zones to ELB to achieve High Availability. How can the user add more zones to the existing ELB?

• A. The user should stop the ELB and add zones and instances as required
• B. The user can add zones on the fly from the AWS console
• C. It is not possible to add more zones to the existing ELB
• D. The only option is to launch instances in different zones and add to ELB

正解：B

解説：
Explanation
The user has created an Elastic Load Balancer with the availability zone and wants to add more zones to the existing ELB. The user can do so in two ways:
From the console or CLI, add new zones to ELB;
Launch instances in a separate AZ and add instances to the existing ELB.

質問 # 486
A user is displaying the CPU utilization, and Network in and Network out CloudWatch metrics data of a single instance on the same graph.
The graph uses one Y-axis for CPU utilization and Network in and another Y-axis for Network out.
Since Network in is too high, the CPU utilization data is not visible clearly on graph to the user.
How can the data be viewed better on the same graph?

• A. Add a third Y-axis with the console to show all the data in proportion
• B. Change the units of CPU utilization so it can be shown in proportion with Network
• C. It is not possible to show multiple metrics with the different units on the same graph
• D. Change the axis of Network by using the Switch command from the graph

正解：D

解説：
Amazon CloudWatch provides the functionality to graph the metric data generated either by the AWS services or the custom metric to make it easier for the user to analyse. It is possible to show the multiple metrics with different units on the same graph. If the graph is not plotted properly due to a difference in the unit data over two metrics, the user can change the Y-axis of one of the graph by selecting that graph and clicking on the Switch option.

質問 # 487
......

AWS-SysOps 認定試験は、AWS システムを扱うプロフェッショナルにとって重要な資格です。キャリアアップを目指すか、単にスキルを証明したい場合にも、この認定試験により、専門知識を証明し、競争力のある求人市場で目立つことができます。

 

2023年最新の問題をマスターSysOps Administrator合格目指してAWS-SysOpsリアル試験！：https://www.jpntest.com/shiken/AWS-SysOps-mondaishu

完全版は2023年最新のAWS-SysOps試験問題集ガイドはトレーニング専門JPNTest：https://drive.google.com/open?id=1v48lO3gu-mwArAygeJZIc3E5hVzArc15