Microsoft
Amazon
CompTIA
Salesforce
Cisco®
SAP
PMI
ISC
ISACA
VMware
HP
Palo Alto Networks
EC-Council
LPI
Google
Fortinet
All Vendors
  2. Home
  3. Exam List
  4. Amazon
  5. AWS-SysOps

AWS Certified SysOps Administrator (SOA-C01)
AWS-SysOps Exam

You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied for the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?

  1. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block
  2. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block
  3. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block
  4. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block

Answer(s): B


Reference:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html



When preparing for a compliance assessment of your system built inside of AWS. What are three best- practices for you to prepare for an audit? (Choose three.)

  1. Gather evidence of your IT operational controls
  2. Request and obtain applicable third-party audited AWS compliance reports and certifications
  3. Request and obtain a compliance and security tour of an AWS data center for a pre-assessment security review
  4. Request and obtain approval from AWS to perform relevant network scans and in-depth penetration tests of your system's Instances and endpoints
  5. Schedule meetings with AWS's third-party auditors to provide evidence of AWS compliance that maps to your control objectives

Answer(s): A,B,D



You have started a new job and are reviewing your company's infrastructure on AWS You notice one web application where they have an Elastic Load Balancer (&B) in front of web instances in an Auto Scaling Group When you check the metrics for the ELB in CloudWatch you see four healthy instances in Availability Zone (AZ) A and zero in AZ B There are zero unhealthy instances.
What do you need to fix to balance the instances across AZs?

  1. Set the ELB to only be attached to another AZ
  2. Make sure Auto Scaling is configured to launch in both AZs
  3. Make sure your AMI is available in both AZs
  4. Make sure the maximum size of the Auto Scaling Group is greater than 4

Answer(s): B



You have been asked to leverage Amazon VPC BC2 and SOS to implement an application that submits and receives millions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS
Which option will provide the most scalable solution for communicating between the application and SQS?

  1. Ensure the application instances are properly configured with an Elastic Load Balancer
  2. Ensure the application instances are launched in private subnets with the EBS-optimized option enabled
  3. Ensure the application instances are launched in public subnets with the associate-public-IP-address=true option enabled
  4. Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SQS queue size

Answer(s): D

Explanation:

Bandwidth literally means network not IO Bandwidth. Having alerts to scale the Autoscaling is most sophisticated option.




Lin Tzu
QUESTION: 154 - answer (D) - Transit gateway is wrong, should be C & E. Below are the components of the site to site VPN: Customer Gateway: A customer gateway is a physical device or software application on your side of the Site-to-Site VPN connection. Virtual Private Gateway: A virtual private gateway is the VPN concentrator on the AWS side of the Site-to-Site VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the Site-to-Site VPN connection.
- Anonymous
Upvote


saritha
I have passed the exam thankyou
- UNITED STATES
Upvote


Tzu Lin
What are the benefits of consolidated billing for AWS Cloud services? (Choose two.) Answer(s): C,E C) One bill for multiple accounts E) Custom cost and usage budget creation E seems incorrect, should be A = Volume discounts (Combined usage – You can combine the usage across all accounts in the organization to share the volume pricing discounts)
- UNITED STATES
Upvote


Niraj
Questions are valid. I just passed.
- India
Upvote


Sarah
Fantastic effort on the practice exam!
- UNITED STATES
Upvote


Marcus
Impressive work on this exam dumps. Love the free version.
- CANADA
Upvote


Emily
Great job on these practice exam questions! You guys are the best.
- CANADA
Upvote


seagal
I just passed (310-025) SCJP test yesterday. Your guide is right on the money and almost covers every question word for word. Great work !
- Edmonton
Upvote


Illya
I passed my exam today with a score of 964. This was a difficult test but the preparation guide was very good. I would not have passed without the materials. Thank you very much for giving me the opportunity to better my life.
- Alberta
Upvote


Jackson
Exam syo-101 Exam I passed my exam today with no problem whatsoever. I just wanted to say a sincere thank you for the outstanding study guide. You guys are a phenomenal help when it comes to study assistance. Thanks and definitely expect to see me again.
- MJ
Upvote

Read more ...