Amazon AWS-SysOps問題集で100%カバー率リアル試験問題（更新された991問あります) [Q377-Q394]

Amazon AWS-SysOps問題集で100%カバー率リアル試験問題（更新された991問あります)

リアルAWS-SysOps問題集でリアルAmazon問題集PDF

Amazon AWS-SysOps（AWS Certified SysOps Administrator - Associate）認定試験は、Amazon Web Services（AWS）プラットフォーム上でシステム管理者の役割を果たす能力を認定する、業界で認められた資格です。この認定試験は、AWSのサービス、アプリケーション、およびインフラストラクチャを管理・展開し、可用性、信頼性、スケーラビリティを確保する責任があるプロフェッショナルを対象に設計されています。

AWS-SysOps試験に受験資格を得るには、少なくとも1年間のAWS環境の運用・管理での実務経験が必要です。さらに、EC2、S3、RDS、VPCなどの様々なAWSサービスの理解が必要であり、AWS CLI、SDK、APIにも精通している必要があります。加えて、AWSリソースの監視とログ取得、AWSセキュリティ機能の実装経験が求められます。

AWS-SysOps試験は、EC2、RDS、Elastic Beanstalk、CloudFormation、CloudWatchなどのAWSサービスをはじめ、セキュリティ、ネットワーキング、自動化などのトピックをカバーしています。候補者は、これらの各トピックについて深い理解を持っている必要があります。この認定を取得することで、IT専門家は、AWS上のアプリケーションの管理や展開における専門知識を証明し、クラウドコンピューティング分野でのキャリアの可能性を向上させることができます。

質問 # 377
Could you use IAM to grant access to Amazon DynamoDB resources and API actions?

A. No
B. In DynamoDB there is no need to grant access
C. Yes
D. Depended to the type of access

正解：C

解説：
Explanation/Reference:
Explanation:
Amazon DynamoDB integrates with AWS Identity and Access Management (IAM). You can use AWS IAM to grant access to Amazon DynamoDB resources and API actions. To do this, you first write an AWS IAM policy, which is a document that explicitly lists the permissions you want to grant. You then attach that policy to an AWS IAM user or role.
Reference:
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/UsingIAMWithDDB.html

質問 # 378
The CFO of a company wants to allow one of his employees to view only the AWS usage report page.
Which of the below mentioned IAM policy statements allows the user to have access to the AWS usage
report page?

A. "Effect": "Allow", "Action": ["aws-portal:ViewUsage"], "Resource": "*"
B. "Effect": "Allow", "Action": ["Describe"], "Resource": "Billing"
C. "Effect": "Allow", "Action": ["aws-portal: ViewBilling"], "Resource": "*"
D. "Effect": "Allow", "Action": ["AccountUsage], "Resource": "*"

正解：A

解説：
AWS Identity and Access Management is a web service which allows organizations to manage users and
user permissions for various AWS services. If the CFO wants to allow only AWS usage report page
access, the policy for that IAM user will be as given below:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"aws-portal:ViewUsage"
],
"Resource": "*"
}
]
}
Reference: http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html

質問 # 379
A user is trying to create an EBS volume with the highest PIOPS supported by EBS. What is the minimum size of EBS required to have the maximum IOPS?

A. 0
B. 1
C. 2
D. 3

正解：C

解説：
Explanation
A provisioned IOPS EBS volume can range in size from 10 GB to 1 TB and the user can provision up to 4000 IOPS per volume. The ratio of IOPS provisioned to the volume size requested should be a maximum of 30.

質問 # 380
Your mission is to create a lights-out datacenter environment, and you plan to use AWS OpsWorks to accomplish this. First you created a stack and added an App Server layer with an instance running in it. Next you added an application to the instance, and now you need to deploy a MySQL RDS database instance.
Which of the following answers accurately describe how to add a backend database server to an OpsWorks stack? Choose 3 answers

A. The variables that characterize the RDS database connection-host, user, and so on-are set using the corresponding values from the deploy JSON's [:depioy][:app_name][:database] attributes.
B. Add a new database layer and then add recipes to the deploy actions of the database and App Server layers.
C. Set up the connection between the app server and the RDS layer by using a custom recipe. The recipe configures the app server as required, typically by creating a configuration file. The recipe gets the connection data such as the host and database name from a set of attributes in the stack configuration and deployment JSON that AWS OpsWorks installs on every instance.
D. Use OpsWorks' "Clone Stack" feature to create a second RDS stack in another Availability Zone for redundancy in the event of a failure in the Primary AZ. To switch to the secondary RDS instance, set the [:database] attributes to values that are appropriate for your server which you can do by using custom JSON.
E. Cookbook attributes are stored in a repository, so OpsWorks requires that the "password": "your_password" attribute for the RDS instance must be encrypted using at least a 256-bit key.

正解：A、C、D

質問 # 381
A user is using the AWS SQS to decouple the services. Which of the below mentioned operations is not
supported by SQS?

A. DeleteMessageQueue
B. CreateQueue
C. DeleteMessageBatch
D. SendMessageBatch

正解：A

解説：
Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, and fully managed message queuing
service. SQS provides a simple and cost-effective way to decouple the components of an application. The
user can perform the following set of operations using the Amazon SQS: CreateQueue, ListQueues,
DeleteQueue, SendMessage, SendMessageBatch, ReceiveMessage, DeleteMessage,
DeleteMessageBatch, ChangeMessageVisibility, ChangeMessageVisibilityBatch, SetQueueAttributes,
GetQueueAttributes, GetQueueUrl, AddPermission and RemovePermission. Operations can be
performed only by the AWS account owner or an AWS account that the account owner has delegated to.
Reference: http://aws.amazon.com/sqs/faqs/

質問 # 382
A system admin is managing buckets, objects and folders with AWS S3. Which of the below mentioned statements is true and should be taken in consideration by the sysadmin?

A. The folders support only ACL
B. Folders can have a policy
C. Both the object and bucket can have ACL but folders cannot have ACL
D. Both the object and bucket can have an Access Policy but folder cannot have policy

正解：C

解説：
Explanation
Amazon S3 Access Control Lists (ACLs) enable you to manage access to buckets and objects. Each bucket and object has an ACL attached to it as a subresource. It defines which AWS accounts or groups are granted access and the type of access. When a request is received against a resource, Amazon S3 checks the corresponding ACL to verify the requester has the necessary access permissions.
References:

質問 # 383
You need to set up security for your VPC and you know that Amazon VPC provides two features that you can use to increase security for your VPC: Security groups and network access control lists (ACLs). You start to look into security groups first. Which statement below is incorrect in relation to security groups?

A. Are stateful: Return traffic is automatically allowed, regardless of any rules.
B. Security Groups can be added or removed from EC2 instances in a VPC at any time.
C. Support addition of individual allow and deny rules in both inbound and outbound.
D. Evaluate all rules before deciding whether to allow traffic.

正解：C

解説：
Explanation
Amazon VPC provides two features that you can use to increase security for your VPC:
Security groups--Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level and supports allow rules only.
Network access control lists (ACLs)--Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level and supports allow rules and deny rules.

質問 # 384
A user has created an S3 bucket which is not publicly accessible. The bucket is having thirty objects which are also private. If the user wants to make the objects public, how can he configure this with minimal efforts?

A. Make the bucket ACL as public so it will also mark all objects as public
B. Set the AWS bucket policy which marks all objects as public
C. The user can write a program which programmatically makes all objects public using S3 SDK
D. The user should select all objects from the console and apply a single policy to mark them public

正解：B

解説：
Explanation
A system admin can grant permission of the S3 objects or buckets to any user or make the objects public using the bucket policy and user policy. Both use the JSON-based access policy language. Generally, if the user is defining the ACL on the bucket, the objects in the bucket do not inherit it and vice a versa. The bucket policy can be defined at the bucket level which allows the objects as well as the bucket to be public with a single policy applied to that bucket.

質問 # 385
The billing process for Amazon EC2 instances was updated as of October 2, 2017. Which of the following statements is true regarding how you pay for Amazon EC2 instances? (Choose two.)

A. You pay for compute capacity by the day; hours are billed in proportion.
B. Payment does not vary based on the instance AMI's operating system.
C. You can pay per hour or per second, depending on the instance type.
D. You can pay per hour or per second, depending on the instance AMI's operating system.

正解：C、D

解説：
Explanation
Previously, if you launched an instance for 5 minutes, you would pay for 1 hour. If you launched an instance for 45 minutes, you would also pay for 1 hour. This means that partial hours cost as much as one full hour.
Pricing is per instance-hour consumed for each instance, from the time an instance is launched until it is terminated or stopped. Each partial instance-hour consumed will be billed as a full hour.
With EC2 services now billed per-second in some cases, as well as per-hour in others as of October 2, 2017, there is more to consider. Amazon AWS is still based on the concept of pay-as-you-go. You pay Amazon EC2 instances by the second for all instance types except Dedicated Host, which is still billed per instance-hour.
You are billed per second when using Linux operating systems with no separate hourly charge, and billed per hour when using Windows operating systems.

質問 # 386
A company's IT Security team is performing an audit of the AWS environment to determine which servers need to be patched and where additional security controls need to be added.
The company is responsible for which of the following? (Choose two.)

A. Patching the database engine on RDS instances
B. Patching PHP in an AWS Elastic Beanstalk managed EC2 application
C. Patching the OS on Amazon RDS instances
D. Enabling server-side encryption with Amazon S3-Managed Keys (SSE-S3) on S3 objects
E. Patching the OS on Amazon EC2 instances

正解：C、E

質問 # 387
A user has launched an EC2 instance from an instance store backed AMI. If the user restarts the instance,
what will happen to the ephermal storage data?

A. All data will be erased and the ephermal storage is released
B. All the data will be erased but the ephermal storage will stay connected
C. It is not possible to restart an instance launched from an instance store backed AMI
D. The data is preserved

正解：D

解説：
A user can reboot an EC2 instance using the AWS console, the Amazon EC2 CLI or the Amazon EC2 API.
Rebooting an instance is equivalent to rebooting an operating system. However, it is recommended that
the user use Amazon EC2 to reboot the instance instead of running the operating system reboot
command from the instance. When an instance launched from an instance store backed AMI is rebooted
all the ephermal storage data is still preserved.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html#lifecycle-differences

質問 # 388
A SysOps Administrator needs to monitor all the object upload and download activity of a single Amazon S3 bucket. Monitoring must include tracking the AWS account of the caller, the IAM user role of the caller, the time of the API call, and the IP address of the API.
Where can the Administrator find this information?

A. Amazon Inspector bucket event logging
B. Amazon Inspector user event logging
C. AWS CloudTrail management event logging
D. AWS CloudTrail data event logging

正解：D

質問 # 389
A user has created a VPC with public and private subnets using the VPC wizard. The VPC has CIDR
2 0.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24. The NAT instance ID is i-a12345. Which of the
below mentioned entries are required in the main route table attached with the private subnet to allow
instances to connect with the internet?

A. Destination: 20.0.0.0/24 and Target: i-a12345
B. Destination: 20.0.0.0/0 and Target: i-a12345
C. Destination: 20.0.0.0/0 and Target: 80
D. Destination: 0.0.0.0/0 and Target: i-a12345

正解：D

解説：
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a
public private subnet, the instances in the public subnet can receive inbound traffic directly from the
Internet, whereas the instances in the private subnet cannot. If these subnets are created with Wizard,
AWS will create two route tables and attach to the subnets. The main route table will have the entry
"Destination: 0.0.0.0/0 and Target: i-a12345", which allows all the instances in the private subnet to
connect to the internet using NAT.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html

質問 # 390
A user is trying to save some cost on the AWS services. Which of the below mentioned options will not
help him save cost?

A. Delete the unutilized EBS volumes once the instance is terminated
B. Delete the AWS ELB after the instances are terminated
C. Delete the AutoScaling launch configuration after the instances are terminated
D. Release the elastic IP if not required once the instance is terminated

正解：C

解説：
AWS bills the user on a as pay as you go model. AWS will charge the user once the AWS resource is
allocated. Even though the user is not using the resource, AWS will charge if it is in service or allocated.
Thus, it is advised that once the user's work is completed he should:
Terminate the EC2 instance
Delete the EBS volumes
Release the unutilized Elastic IPs
Delete ELB
The AutoScaling launch configuration does not cost the user. Thus, it will not make any difference to the
cost whether it is deleted or not.
Reference:
http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/checklistforunwantedcharges.html

質問 # 391
Which of the following statements is true of Elastic Load Balancing?

A. It distributes the outgoing traffic across multiple EC2 instances.
B. It distributes incoming traffic across multiple EC2 instances.
C. It distributes traffic only to instances across a single Availability Zone.
D. It distributes traffic only to instances across different Availability Zones.

正解：B

解説：
Explanation
Elastic Load Balancing automatically distributes incoming traffic across multiple EC2 instances.
You create a load balancer and register instances with the load balancer in one or more Availability Zones.
The load balancer serves as a single point of contact for clients.

質問 # 392
Could you use IAM to grant access to Amazon DynamoDB resources and API actions?

A. No
B. In DynamoDB there is no need to grant access
C. Yes
D. Depended to the type of access

正解：C

解説：
Amazon DynamoDB integrates with AWS Identity and Access Management (IAM). You can use AWS IAM to grant access to Amazon DynamoDB resources and API actions. To do this, you first write an AWS IAM policy, which is a document that explicitly lists the permissions you want to grant. You then attach that policy to an AWS IAM user or role.
Reference:
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/UsingIAMWithDDB.html

質問 # 393
An organization is trying to create various IAM users. Which of the below mentioned options is not a valid IAM username?

A. john@cloud
B. John=cloud
C. John.cloud
D. john#cloud

正解：D

解説：
Explanation/Reference:
Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. Whenever the organization is creating an IAM user, there should be a unique ID for each user. The names of users, groups, roles, instance profiles must be alphanumeric, including the following common characters:
plus (+., equal (=., comma (,., period (.., at (@., and dash (-..

質問 # 394
......

実際にあるJPNTest AWS-SysOps問題集PDFで100%合格率保証付き：https://www.jpntest.com/shiken/AWS-SysOps-mondaishu

無料Amazon AWS-SysOps試験問題と解答：https://drive.google.com/open?id=1wJysfJZQ30iZItodilQZS0DQ1T45gjkY