AWS Interactive Knowledge Tool
Get ready for AWS Certified SysOps Administrator – Associate
You’re on a journey toward AWS Certification. Validating your experience with an industry-recognized credential is a great way to embrace new skills, solidify knowledge, prove your worth and plan your career trajectory. To help you get there, we’ve created this Interactive set of sample questions to help you get familiar with the structure and topics covered on the official AWS Certified SysOps Administrator – Associate exam.
Questions will immediately be followed with answers, explanations and additional resources designed to support your continued understanding of the principles needed to pass. Once comfortable with the principles and types of questions, you’ll be ready to evaluate your knowledge with our official practice examination.
Ready to go beyond cloud skilled?
Let's get started.
Get ready for AWS Certified SysOps Administrator – Associate
Your knowledge in review
Below you will find a summary of your learning experience. Take a deeper look at all the questions, review your answers, and find links to learning resources specific to that topic. Or, if you’re ready, sign up to take the official practice exam.
-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
A company is migrating a legacy web application from a single server to Multiple Amazon EC2 instances behind an Application Load Balancer (ALB). After the migration, users report that they are frequently losing their sessions and are being prompted to log in again.
Which action should be taken to resolve the issue reported by users?
Details
Legacy applications designed to run on a single server frequently store session data locally. When these applications are deployed on multiple instances behind a load balancer, user requests are routed to instances using the round robin routing algorithm. Session data stored on one instance would not be present on the others. By enabling sticky sessions, cookies are used to track user requests and keep subsequent requests going to the same instance.
A sysops team checks their AWS Personal Health Dashboard every week for upcoming AWS hardware maintenance events. Recently, a team member was on vacation and the team missed an event, which resulted in an outage. The team wants a simple method to ensure that everyone is aware of upcoming events without depending on an individual team member checking the dashboard.
What should be done to address this?
Details
The AWS Health service publishes Amazon CloudWatch Events. CloudWatch Events can trigger Amazon SNS notifications. This method requires neither additional coding nor infrastructure. It automatically notifies the team of upcoming events, and does not depend upon brittle solutions like web scraping.
An application running in a VPC needs to access instances owned by a different account and running in a VPC in a different AWS Region. For compliance purposes, the traffic must not traverse the public internet.
How should an administrator configure network routing to meet these requirements?
Details
A VPC peering connection enables routing using each VPC’s private IP addresses as if they were in the same network. Traffic using inter-Region VPC peering always stays on the global AWS backbone and never traverses the public internet.
An application running on Amazon EC2 instances needs to access data stored in an Amazon DynamoDB table.
Which solution will grant the application access to the table in the MOST secure manner?
Details
An IAM role can be used to provide permissions for applications that are running on Amazon EC2 instances to make AWS API requests using temporary credentials.
A third-party service uploads objects to Amazon S3 every night. Occasionally, the service uploads an incorrectly formatted version of an object. In these cases, the sysops administrator needs to recover an older version of the object.
What is the MOST efficient way to recover the object without having to retrieve it from the remote service?
Details
Enabling versioning is a simple solution. (A) involves writing custom code, (C) has no versioning, so the replication will overwrite the old version with the bad version if the error is not discovered quickly, and (B) will involve expensive storage that is not well suited for objects.
According to the AWS shared responsibility model, for which of the following Amazon EC2 activities is AWS responsible? (Select TWO.)
Details
AWS provides security of the cloud, including maintenance of the hardware and hypervisor software supporting Amazon EC2. Customers are responsible for any maintenance or monitoring within an EC2 instance, and for configuring their VPC infrastructure.
A security and compliance team requires that all Amazon EC2 workloads use approved Amazon Machine Images (AMIs). A sysops administrator must implement a process to find EC2 instances launched from unapproved AMIs.
Which solution will meet these requirements?
Details
AWS Config has a managed rule that handles this scenario.
A sysops administrator observes a large number of rogue HTTP requests on an Application Load Balancer. The requests originate from various IP addresses. These requests cause increased server load and costs.
What should the sysops administrator do to block this traffic?
Details
AWS WAF has rules that can protect web applications from HTTP flood attacks.
A sysops administrator is implementing security group policies for a web application running on AWS. An Elastic Load Balancer connects to a fleet of Amazon EC2 instances that connect to an Amazon RDS database over port 1521. The security groups are named elbSG, ec2SG, and rdsSG, respectively.
How should these security groups be implemented?
Details
elbSG must allow all web traffic (HTTP and HTTPS) from the internet. ec2SG must allow traffic only from the load balancer only, in this case identified as traffic from elbSG. The database must allow traffic from the EC2 instances only, in this case identified as traffic from ec2SG.
An ecommerce company wants to lower costs on its nightly jobs that aggregate the current day's sales and store the results in Amazon S3. The jobs run on multiple On-Demand instances, and the jobs take just under 2 hours to complete. The jobs can run at any time during the night. If the job fails for any reason, it needs to be started from the beginning.
Which solution is the MOST cost-effective based on these requirements?
Details
The solution will take advantage of Spot pricing, but by using a Spot block instead of Spot Instances, the company can be assured the job will not be interrupted.
Question 1
A company is migrating a legacy web application from a single server to Multiple Amazon EC2 instances behind an Application Load Balancer (ALB). After the migration, users report that they are frequently losing their sessions and are being prompted to log in again.
Which action should be taken to resolve the issue reported by users?
Answer
D) Enable sticky sessions for the target group of EC2 instances.
Legacy applications designed to run on a single server frequently store session data locally. When these applications are deployed on multiple instances behind a load balancer, user requests are routed to instances using the round robin routing algorithm. Session data stored on one instance would not be present on the others. By enabling Sticky Sessions, cookies are used to track user requests and keep subsequent requests going to the same instance.
Helpful Links
Question 2
A sysops team checks their AWS Personal Health Dashboard every week for upcoming AWS hardware maintenance events. Recently, a team member was on vacation and the team missed an event, which resulted in an outage. The team wants a simple method to ensure that everyone is aware of upcoming events without depending on an individual team member checking the dashboard.
What should be done to address this?
Answer
B) Create an Amazon CloudWatch Events event based off the AWS Health service and send a notification to an Amazon SNS topic monitored by the entire team.
The AWS Health service publishes Amazon CloudWatch Events. CloudWatch Events can trigger Amazon SNS notifications. This method requires neither additional coding nor infrastructure. It automatically notifies the team of upcoming events, and does not depend upon brittle solutions like web scraping.
Helpful Links
Question 3
An application running in a VPC needs to access instances owned by a different account and running in a VPC in a different AWS Region. For compliance purposes, the traffic must not traverse the public internet.
How should an administrator configure network routing to meet these requirements?
Answer
D) From one account, create a VPC peering request. After an administrator from the other account accepts the request, add routes in the route tables for each VPC that point to the CIDR block of the peered VPC.
AVPC Peering Connection enables routing using each VPC’s private IP addresses as if they were in the same network. Traffic using inter-Region VPC peering always stays on the global AWS backbone and never traverses the public internet.
Helpful Links
Question 4
An application running on Amazon EC2 instances needs to access data stored in an Amazon DynamoDB table.
Which solution will grant the application access to the table in the MOST secure manner?
Answer
C) Create an IAM role with the necessary privileges to access the DynamoDB table. Associate the role with the EC2 instances.
An IAM role can be used to provide permissions for applications that are running on Amazon EC2 instances to make AWS API requests using temporary credentials.
Helpful Links
Question 5
A third-party service uploads objects to Amazon S3 every night. Occasionally, the service uploads an incorrectly formatted version of an object. In these cases, the sysops administrator needs to recover an older version of the object.
What is the MOST efficient way to recover the object without having to retrieve it from the remote service?
Answer
D) Enable versioning on the S3 bucket. When bad objects are discovered, access previous versions with the CLI or AWS Management Console.
Enabling versioning is a simple solution. (A) involves writing custom code, (C) has no versioning, so the replication will overwrite the old version with the bad version if the error is not discovered quickly, and (B) will involve expensive storage that is not well suited for objects.
Helpful Links
Question 6
According to the AWS shared responsibility model, for which of the following Amazon EC2 activities is AWS responsible? (Select TWO.)
Answer
B) Maintaining network infrastructure
D) Patching the hypervisor
AWS provides security of the cloud, including maintenance of the hardware and hypervisor software supporting Amazon EC2. Customers are responsible for any maintenance or monitoring within an EC2 instance, and for configuring their VPC infrastructure.
Helpful Links
Question 7
A security and compliance team requires that all Amazon EC2 workloads use approved Amazon Machine Images (AMIs). A sysops administrator must implement a process to find EC2 instances launched from unapproved AMIs.
Which solution will meet these requirements?
Answer
C) Use an AWS Config rule to identify unapproved AMIs.
AWS Config has a managed rule that handles this scenario.
Helpful Links
Question 8
A sysops administrator observes a large number of rogue HTTP requests on an Application Load Balancer. The requests originate from various IP addresses. These requests cause increased server load and costs.
What should the sysops administrator do to block this traffic?
Answer
D) Use an AWS WAF rate-based rule to block the traffic when it exceeds a threshold.
AWS WAF has rules that can protect web applications from HTTP flood attacks.
Helpful Links
Question 9
A sysops administrator is implementing security group policies for a web application running on AWS. An Elastic Load Balancer connects to a fleet of Amazon EC2 instances that connect to an Amazon RDS database over port 1521. The security groups are named elbSG, ec2SG, and rdsSG, respectively.
How should these security groups be implemented?
Answer
A) elbSG: allow port 80 and 443 from 0.0.0.0/0;
ec2SG: allow port 443 from elbSG;
rdsSG: allow port 1521 from ec2SG.
elbSG must allow all web traffic (HTTP and HTTPS) from the internet. ec2SG must allow traffic only from the load balancer only, in this case identified as traffic from elbSG. The database must allow traffic from the EC2 instances only, in this case identified as traffic from ec2SG.
Question 10
An ecommerce company wants to lower costs on its nightly jobs that aggregate the current day's sales and store the results in Amazon S3. The jobs run on multiple On-Demand instances, and the jobs take just under 2 hours to complete. The jobs can run at any time during the night. If the job fails for any reason, it needs to be started from the beginning.
Which solution is the MOST cost-effective based on these requirements?
Answer
B) Submit a request for a Spot block.
The solution will take advantage of Spot pricing, but by using a Spot Block instead of Spot Instances, the company can be assured the job will not be interrupted.