AWS-SysOps Free Practice Test

- (Exam Topic 1)
A company with multiple AWS accounts needs to obtain recommendations for AWS Lambda functions and identify optimal resource configurations for each Lambda function. How should a SysOps administrator provide these recommendations?

1. A. Create an AWS Serverless Application Repository and export the Lambda function recommendations.
2. B. Enable AWS Compute Optimizer and export the Lambda function recommendations
3. C. Enable all features of AWS Organization and export the recommendations from AWS CloudTrailInsights.
4. D. Run AWS Trusted Advisor and export the Lambda function recommendations

Correct Answer: B

- (Exam Topic 1)
A SysOps administrator wants to upload a file that is 1 TB in size from on-premises to an Amazon S3 bucket using multipart uploads. What should the SysOps administrator do to meet this requirement?

1. A. Upload the file using the S3 console.
2. B. Use the s3api copy-object command.
3. C. Use the s3api put-object command.
4. D. Use the s3 cp command.

Correct Answer: D
It's a best practice to use aws s3 commands (such as aws s3 cp) for multipart uploads and downloads, because these aws s3 commands automatically perform multipart uploading and downloading based on the file size. By comparison, aws s3api commands, such as aws s3api create-multipart-upload, should be used only when aws s3 commands don't support a specific upload need, such as when the multipart upload involves multiple servers, a multipart upload is manually stopped and resumed later, or when the aws s3 command doesn't support a required request parameter.
https://aws.amazon.com/premiumsupport/knowledge-center/s3-multipart-upload-cli/

- (Exam Topic 1)
A company monitors its account activity using AWS CloudTrail. and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket.
Moving forward, how can the SysOps administrator confirm that the log files have not been modified after being delivered to the S3 bucket?

1. A. Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
2. B. Enable log file integrity validation and use digest files to verify the hash value of the log file.
3. C. Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.
4. D. Enable S3 server access logging to track requests made to the log bucket for security audits.

Correct Answer: B
When you enable log file integrity validation, CloudTrail creates a hash for every log file that it delivers. Every hour, CloudTrail also creates and delivers a file that references the log files for the last hour and contains a hash of each. This file is called a digest file. CloudTrail signs each digest file using the private key of a public and private key pair. After delivery, you can use the public key to validate the digest file. CloudTrail uses different key pairs for each AWS region
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html

- (Exam Topic 1)
A company must migrate its applications to AWS The company is using Chef recipes for configuration management The company wants to continue to use the existing Chef recipes after the applications are migrated to AWS.
What is the MOST operationally efficient solution that meets these requirements?

1. A. Use AWS Cloud Format ion to create an Amazon EC2 instance, install a Chef server, and add Chefrecipes.
2. B. Use AWS CloudFormation to create a stack and add layers for Chef recipes.
3. C. Use AWS Elastic Beanstalk with the Docker platform to upload Chef recipes.
4. D. Use AWS OpsWorks to create a stack and add layers with Chef recipes.

Correct Answer: D

- (Exam Topic 1)
A SysOps administrator must create an IAM policy for a developer who needs access to specific AWS services. Based on the requirements, the SysOps administrator creates the following policy:

Which actions does this policy allow? (Select TWO.)

1. A. Create an AWS Storage Gateway.
2. B. Create an IAM role for an AWS Lambda function.
3. C. Delete an Amazon Simple Queue Service (Amazon SQS) queue.
4. D. Describe AWS load balancers.
5. E. Invoke an AWS Lambda function.

Correct Answer: DE