AWS-SysOps Free Practice Test

- (Exam Topic 1)
A company is running an application on premises and wants to use AWS for data backup All of the data must be available locally The backup application can write only to block-based storage that is compatible with the Portable Operating System Interface (POSIX)
Which backup solution will meet these requirements?

1. A. Configure the backup software to use Amazon S3 as the target for the data backups
2. B. Configure the backup software to use Amazon S3 Glacier as the target for the data backups
3. C. Use AWS Storage Gateway, and configure it to use gateway-cached volumes
4. D. Use AWS Storage Gateway, and configure it to use gateway-stored volumes

Correct Answer: D
https://docs.aws.amazon.com/storagegateway/latest/userguide/StorageGatewayConcepts.html

- (Exam Topic 1)
A company is partnering with an external vendor to provide data processing services. For this integration, the vendor must host the company's data in an Amazon S3 bucket in the vendor's AWS account. The vendor is allowing the company to provide an AWS Key Management Service (AWS KMS) key to encrypt the company's data. The vendor has provided an IAM role Amazon Resource Name (ARN) to the company for this integration.
What should a SysOps administrator do to configure this integration?

1. A. Create a new KMS ke
2. B. Add the vendor's IAM role ARN to the KMS key polic
3. C. Provide the new KMS key ARN to the vendor.
4. D. Create a new KMS ke
5. E. Create a new IAM use
6. F. Add the vendor's IAM role ARN to an inline policy that is attached to the IAM use
7. G. Provide the new IAM user ARN to the vendor.
8. H. Configure encryption using the KMS managed S3 ke
9. I. Add the vendor's IAM role ARN to the KMS managed S3 key polic
10. J. Provide the KMS managed S3 key ARN to the vendor.
11. K. Configure encryption using the KMS managed S3 ke
12. L. Create an S3 bucke
13. M. Add the vendor's IAM role ARN to the S3 bucket polic
14. N. Provide the S3 bucket ARN to the vendor.

Correct Answer: C

- (Exam Topic 1)
A company must ensure that any objects uploaded to an S3 bucket are encrypted. Which of the following actions will meet this requirement? (Choose two.)

1. A. Implement AWS Shield to protect against unencrypted objects stored in S3 buckets.
2. B. Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket.
3. C. Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.
4. D. Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.
5. E. Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.

Correct Answer: CE
https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-bucket-encryption.html
You can set the default encryption behavior on an Amazon S3 bucket so that all objects are encrypted when they are stored in the bucket. The objects are encrypted using server-side encryption with either Amazon S3-managed keys (SSE-S3) or AWS Key Management Service (AWS KMS) customer master keys (CMKs).
https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/ How to Prevent Uploads of Unencrypted Objects to Amazon S3#
By using an S3 bucket policy, you can enforce the encryption requirement when users upload objects, instead of assigning a restrictive IAM policy to all users.

- (Exam Topic 1)
A company is using an Amazon Aurora MySQL DB cluster that has point-in-time recovery, backtracking, and automatic backup enabled. A SysOps administrator needs to be able to roll back the DB cluster to a specific recovery point within the previous 72 hours. Restores must be completed in the same production DB cluster.
Which solution will meet these requirements?

1. A. Create an Aurora Replic
2. B. Promote the replica to replace the primary DB instance.
3. C. Create an AWS Lambda function to restore an automatic backup to the existing DB cluster.
4. D. Use backtracking to rewind the existing DB cluster to the desired recovery point.
5. E. Use point-in-time recovery to restore the existing DB cluster to the desired recovery point.

Correct Answer: C
"The limit for a backtrack window is 72 hours.....Backtracking is only available for DB clusters that were created with the Backtrack feature enabled....Backtracking "rewinds" the DB cluster to the time you specify. Backtracking is not a replacement for backing up your DB cluster so that you can restore it to a point in time....You can backtrack a DB cluster quickly. Restoring a DB cluster to a point in time launches a new DB cluster and restores it from backup data or a DB cluster snapshot, which can take hours."
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.Backtrack.html

- (Exam Topic 1)
A SysOps administrator is helping a development team deploy an application to AWS Trie AWS CloudFormat on temp ate includes an Amazon Linux EC2 Instance an Amazon Aurora DB cluster and a hard coded database password that must be rotated every 90 days
What is the MOST secure way to manage the database password?

1. A. Use the AWS SecretsManager Secret resource with the GenerateSecretString property to automatically generate a password Use the AWS SecretsManager RotationSchedule resource lo define a rotation schedule lor the password Configure the application to retrieve the secret from AWS Secrets Manager access the database
2. B. Use me AWS SecretsManager Secret resource with the SecretStrmg property Accept a password as a CloudFormation parameter Use the AllowedPatteen property of the CloudFormaton parameter to require e minimum length, uppercase and lowercase letters and special characters Configure me application to retrieve the secret from AWS Secrets Manager to access the database
3. C. Use the AWS SSM Parameter resource Accept input as a Qoudformatton parameter to store the parameter as a secure sting Configure the application to retrieve the parameter from AWS Systems Manager Parameter Store to access the database
4. D. Use the AWS SSM Parameter resource Accept input as a Cloudf ormetton parameter to store the parameter as a string Configure the application to retrieve the parameter from AWS Systems ManagerParameter Store to access the database

Correct Answer: A