AWS-SysOps Free Practice Test

- (Exam Topic 1)
With the threat of ransomware viruses encrypting and holding company data hostage, which action should be taken to protect an Amazon S3 bucket?

1. A. Deny Pos
2. B. Pu
3. C. and Delete on the bucket.
4. D. Enable server-side encryption on the bucket.
5. E. Enable Amazon S3 versioning on the bucket.
6. F. Enable snapshots on the bucket.

Correct Answer: B

- (Exam Topic 1)
A company has two VPC networks named VPC A and VPC B. The VPC A CIDR block is 10.0.0.0/16 and the VPC B CIDR block is 172.31.0.0/16. The company wants to establish a VPC peering connection named
pcx-12345 between both VPCs.
Which rules should appear in the route table of VPC A after configuration? (Select TWO.)

1. A. Destination: 10.0.0.0/16, Target: Local
2. B. Destination: 172.31.0.0/16, Target: Local
3. C. Destination: 10.0.0.0/16, Target: pcx-12345
4. D. Destination: 172.31.0.0/16, Target: pcx-12345
5. E. Destination: 10.0.0.0/16. Target: 172.31.0.0/16

Correct Answer: AD
https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html

- (Exam Topic 1)
A company has a new requirement stating that all resources in AWS must be tagged according to a set policy. Which AWS service should be used to enforce and continually identify all resources that are not in compliance with the policy?

1. A. AWS CloudTrail
2. B. Amazon Inspector
3. C. AWSConfig
4. D. AWS Systems Manager

Correct Answer: C

- (Exam Topic 1)
A company uses an Amazon CloudFront distribution to deliver its website Traffic togs for the website must be centrally stored and all data must be encrypted at rest
Which solution will meet these requirements?

1. A. Create an Amazon OpenSearch Service (Amazon Elasttcsearch Service) domain with internet access and server-side encryption that uses the default AWS managed key Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elasticsearch Service) domain as a log destination
2. B. Create an Amazon OpenSearch Service (Amazon Elasticsearch Service) domain with VPC access and server-side encryption that uses AES-256 Configure CloudFront to use the Amazon OpenSearch Service (Amazon Elastcsearch Service) domain as a log destination
3. C. Create an Amazon S3 bucket that is configured with default server side encryption that uses AES-256 Configure CloudFront to use the S3 bucket as a log destination
4. D. Create an Amazon S3 bucket that is configured with no default encryption Enable encryption in the CloudFront dtstnbubon and use the S3 bucket as a log destination

Correct Answer: C

- (Exam Topic 1)
A company is storing backups in an Amazon S3 bucket. The backups must not be deleted for at least 3 months after the backups are created.
What should a SysOps administrator do to meet this requirement?

1. A. Configure an IAM policy that denies the s3:DeleteObject action for all user
2. B. Three months after an object is written, remove the policy.
3. C. Enable S3 Object Lock on a new S3 bucket in compliance mod
4. D. Place all backups in the new S3 bucket with a retention period of 3 months.
5. E. Enable S3 Versioning on the existing S3 bucke
6. F. Configure S3 Lifecycle rules to protect the backups.
7. G. Enable S3 Object Lock on a new S3 bucket in governance mod
8. H. Place all backups in the new S3 bucket with a retention period of 3 months.

Correct Answer: D
To meet the requirements of the workload, a SysOps administrator should enable S3 Object Lock on a new S3 bucket in governance mode and place all backups in the new S3 bucket with a retention period of 3 months.
This will ensure that the backups are not deleted for at least 3 months after they are created. The other solutions (configuring an IAM policy that denies the s3:DeleteObject action for all users, enabling S3 Object Lock on a new S3 bucket in compliance mode, or enabling S3 Versioning on the existing S3 bucket and configuring S3 Lifecycle rules to protect the backups) will not meet the requirements, as they do not provide a way to ensure that the backups are not deleted for at least 3 months after they are created.