Verified of AWS-SysOps practice exam materials and testing engine for Amazon certification for {examinee}, Real Success Guaranteed with Updated AWS-SysOps pdf dumps vce Materials. 100% PASS Amazon AWS Certified SysOps Administrator - Associate exam Today!

NEW QUESTION 1

You have been asked to leverage Amazon VPC BC2 and SOS to implement an application that submits and receives millions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS Which option will provide the most scalable solution for communicating between the application and SQS?

  • A. Ensure the application instances are properly configured with an Elastic Load Balancer
  • B. Ensure the application instances are launched in private subnets with the EBS-optimized option enabled
  • C. Ensure the application instances are launched in public subnets with the associate-public-IP-address=true option enabled
  • D. Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SQS queue size

Answer: B

Explanation:
Reference:
http://www.cardinalpath.com/autoscaling-your-website-with-amazon-web-services-part-2/

NEW QUESTION 2

A user has created an ELB with Auto Scaling. Which of the below mentioned offerings from ELB helps the user to stop sending new requests traffic from the load balancer to the EC2 instance when the instance is being deregistered while continuing in-flight requests?

  • A. ELB sticky session
  • B. ELB deregistration check
  • C. ELB connection draining
  • D. ELB auto registration Off

Answer: C

Explanation:

The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the instances are deregistering or become unhealthy, while ensuring that inflight requests continue to be served.

NEW QUESTION 3

A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user’s data centre. Which of the below mentioned options is a valid entry for the main route table in this scenario?

  • A. Destination: 20.0.0.0/24 and Target: vgw-12345
  • B. Destination: 20.0.0.0/16 and Target: ALL
  • C. Destination: 20.0.1.0/16 and Target: vgw-12345
  • D. Destination: 0.0.0.0/0 and Target: vgw-12345

Answer: D

Explanation:

The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. Here are the valid entries for the main route table in this scenario: Destination: 0.0.0.0/0 & Target: vgw-12345 (To route all internet traffic to the VPN gateway. Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC.

NEW QUESTION 4

You are managing the AWS account of a big organization. The organization has more than 1000+ employees and they want to provide access to the various services to most of the employees. Which of the below mentioned options is the best possible solution in this case?

  • A. The user should create a separate IAM user for each employee and provide access to them as per the policy
  • B. The user should create an IAM role and attach STS with the rol
  • C. The user should attach that role to the EC2 instance and setup AWS authentication on that server
  • D. The user should create IAM groups as per the organization’s departments and add each user to the group for better access control
  • E. Attach an IAM role with the organization’s authentication service to authorize each user for various AWS services

Answer: D

Explanation:

AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The user is managing an AWS account for an organization that already has an identity system, such as the login system for the corporate network (SSO.. In this case, instead of creating individual IAM users or groups for each user who need AWS access, it may be more practical to use a proxy server to translate the user identities from the organization network into the temporary AWS security credentials. This proxy server will attach an IAM role to the user after authentication.

NEW QUESTION 5

A user has created a mobile application which makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK and root account access/secret access key to connect to DynamoDB from mobile. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?

  • A. The user should create a separate IAM user for each mobile application and provide DynamoDB access with it
  • B. The user should create an IAM role with DynamoDB and EC2 acces
  • C. Attach the role with EC2 and route all calls from the mobile through EC2
  • D. The application should use an IAM role with web identity federation which validates calls to DynamoDB with identity providers, such as Google, Amazon, and Facebook
  • E. Create an IAM Role with DynamoDB access and attach it with the mobile application

Answer: C

Explanation:

With AWS IAM a user is creating an application which runs on an EC2 instance and makes requests to AWS, such as DynamoDB or S3 calls. Here it is recommended that the user should not create an IAM user and pass the user's credentials to the application or embed those credentials inside the application. If the user is creating an app that runs on a mobile phone and makes requests to AWS, the user should not create an IAMuser and distribute the user's access key with the app. Instead, he should use an identity provider, such as Login with Amazon, Facebook, or Google to authenticate the users, and then use that identity to get temporary security credentials.

NEW QUESTION 6

You have a server with a 5O0GB Amazon EBS data volume. The volume is 80% full. You need to back up the volume at regular intervals and be able to re-create the volume in a new Availability Zone in the shortest time possible. All applications using the volume can be paused for a period of a few minutes with no discernible user impact.
Which of the following backup methods will best fulfill your requirements?

  • A. Take periodic snapshots of the EBS volume
  • B. Use a third party Incremental backup application to back up to Amazon Glacier
  • C. Periodically back up all data to a single compressed archive and archive to Amazon S3 using a parallelized multi-part upload
  • D. Create another EBS volume in the second Availability Zone attach it to the Amazon EC2 instance, and use a disk manager to mirror me two disks

Answer: D

Explanation:
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html

NEW QUESTION 7

An AWS account wants to be part of the consolidated billing of his organization’s payee account. How can the owner of that account achieve this?

  • A. The payee account has to request AWS support to link the other accounts with his account
  • B. The owner of the linked account should add the payee account to his master account list from the billing console
  • C. The payee account will send a request to the linked account to be a part of consolidated billing
  • D. The owner of the linked account requests the payee account to add his account to consolidated billing

Answer: C

Explanation:

AWS consolidated billing enables the organization to consolidate payments for multiple Amazon Web Services (AWS. accounts within a single organization by making a single paying account. To add a particular account (linked. to the master (payee. account, the payee account has to request the linked account to join consolidated billing. Once the linked account accepts the request henceforth all charges incurred by the linked account will be paid by the payee account.

NEW QUESTION 8

A user runs the command “dd if=/dev/xvdf of=/dev/null bs=1M” on an EBS volume created from a snapshot and attached to a Linux instance. Which of the below mentioned activities is the user performing with the step given above?

  • A. Pre warming the EBS volume
  • B. Initiating the device to mount on the EBS volume
  • C. Formatting the volume
  • D. Copying the data from a snapshot to the device

Answer: A

Explanation:

When the user creates an EBS volume and is trying to access it for the first time it will encounter reduced IOPS due to wiping or initiating of the block storage. To avoid this as well as achieve the best performance it is required to pre warm the EBS volume. For a volume created from a snapshot and attached with a Linux OS, the “dd” command pre warms the existing data on EBS and any restored snapshots of volumes that have been previously fully pre warmed. This command maintains incremental snapshots; however, because this operation is read-only, it does not pre warm unused space that has never been written to on the original volume. In the command “dd if=/dev/xvdf of=/dev/null bs=1M” , the parameter “if=input file” should be set to the drive that the user wishes to warm. The “of=output file” parameter should be set to the Linux null virtual device, /dev/null. The “bs” parameter sets the block size of the read operation; for optimal performance, this should be set to 1 MB.

NEW QUESTION 9

A user has setup connection draining with ELB to allow in-flight requests to continue while the instance is being deregistered through Auto Scaling. If the user has not specified the draining time, how long will ELB allow inflight requests traffic to continue?

  • A. 600 seconds
  • B. 3600 seconds
  • C. 300 seconds
  • D. 0 seconds

Answer: C

Explanation:

The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the instances are deregistering or become unhealthy, while ensuring that inflight requests continue to be served. The user can specify a maximum time (3600 seconds. for the load balancer to keep the connections alive before reporting the instance as deregistered. If the user does not specify the maximum timeout period, by default, the load balancer will close the connections to the deregistering instance after 300 seconds.

NEW QUESTION 10

A user is planning to scale up an application by 8 AM and scale down by 7 PM daily using Auto Scaling. What should the user do in this case?

  • A. Setup the scaling policy to scale up and down based on the CloudWatch alarms
  • B. The user should increase the desired capacity at 8 AM and decrease it by 7 PM manually
  • C. The user should setup a batch process which launches the EC2 instance at a specific time
  • D. Setup scheduled actions to scale up or down at a specific time

Answer: A

Explanation:

Auto Scaling based on a schedule allows the user to scale the application in response to predictable load changes. To configure the Auto Scaling group to scale based on a schedule, the user needs to create scheduled actions. A scheduled action tells Auto Scaling to perform a scaling action at a certain time in the future.

NEW QUESTION 11

A user has launched multiple EC2 instances for the purpose of development and testing in the same region. The user wants to find the separate cost for the production and development instances. How can the user find the cost distribution?

  • A. The user should download the activity report of the EC2 services as it has the instance ID wise data
  • B. It is not possible to get the AWS cost usage data of single region instances separately
  • C. The user should use Cost Distribution Metadata and AWS detailed billing
  • D. The user should use Cost Allocation Tags and AWS billing reports

Answer: D

Explanation:

AWS provides cost allocation tags to categorize and track the AWS costs. When the user applies tags to his AWS resources (such as Amazon EC2 instances or Amazon S3 buckets., AWS generates a cost allocation report as a comma-separated value (CSV file. with the usage and costs aggregated by those tags. The user can apply tags which represent business categories (such as cost centres, application names, or instance type – Production/Dev. to organize usage costs across multiple services.

NEW QUESTION 12

A user has launched an EC2 instance from an instance store backed AMI. If the user restarts the instance, what will happen to the ephermal storage data?

  • A. All the data will be erased but the ephermal storage will stay connected
  • B. All data will be erased and the ephermal storage is released
  • C. It is not possible to restart an instance launched from an instance store backed AMI
  • D. The data is preserved

Answer: D

Explanation:

A user can reboot an EC2 instance using the AWS console, the Amazon EC2 CLI or the Amazon EC2 API. Rebooting an instance is equivalent to rebooting an operating system. However, it is recommended that the user use Amazon EC2 to reboot the instance instead of running the operating system reboot command from the instance. When an instance launched from an instance store backed AMI is rebooted all the ephermal storage data is still preserved.

NEW QUESTION 13

A user has created a VPC with public and private subnets using the VPC wizard. The VPC has CIDR
20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24 . The NAT instance ID is i-a12345. Which of the below mentioned entries are required in the main route table attached with the private subnet to allow instances to connect with the internet?

  • A. Destination: 0.0.0.0/0 and Target: i-a12345
  • B. Destination: 20.0.0.0/0 and Target: 80
  • C. Destination: 20.0.0.0/0 and Target: i-a12345
  • D. Destination: 20.0.0.0/24 and Target: i-a12345

Answer: A

Explanation:

A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet, the instances in the public subnet can receive inbound traffic directly from the Internet, whereas the instances in the private subnet cannot. If these subnets are created with Wizard, AWS will create two route tables and attach to the subnets. The main route table will have the entry “Destination: 0.0.0.0/0 and Target: ia12345”, which allows all the instances in the private subnet to connect to the internet using NAT.

NEW QUESTION 14

A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. Which of the below mentioned security policies is supported by ELB?

  • A. Dynamic Security Policy
  • B. All the other options
  • C. Predefined Security Policy
  • D. Default Security Policy

Answer: C

Explanation:

Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. ELB supports two policies: Predefined Security Policy, which comes with predefined cipher and SSL protocols; Custom Security Policy, which allows the user to configure a policy.

NEW QUESTION 15

When an EC2 instance that is backed by an S3-based AMI Is terminated, what happens to the data on me root volume?

  • A. Data is automatically saved as an E8S volum
  • B. Data is automatically saved as an ESS snapsho
  • C. Data is automatically delete
  • D. Data is unavailable until the instance is restarte

Answer: C

Explanation:
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ComponentsAMIs.html

NEW QUESTION 16

A user wants to find the particular error that occurred on a certain date in the AWS MySQL RDS DB. Which of the below mentioned activities may help the user to get the data easily?

  • A. It is not possible to get the log files for MySQL RDS
  • B. Find all the transaction logs and query on those records
  • C. Direct the logs to the DB table and then query that table
  • D. Download the log file to DynamoDB and search for the record

Answer: C

Explanation:

The user can view, download, and watch the database logs using the Amazon RDS console, the Command Line Interface (CLI. or the Amazon RDS API. For the MySQL RDS, the user can view the error log, slow query log, and general logs. The user can also view the MySQL logs easily by directing the logs to a database table in the main database and querying that table.

NEW QUESTION 17

A user is trying to connect to a running EC2 instance using SSH. However, the user gets a Host key not found error. Which of the below mentioned options is a possible reason for rejection?

  • A. The user has provided the wrong user name for the OS login
  • B. The instance CPU is heavily loaded
  • C. The security group is not configured properly
  • D. The access key to connect to the instance is wrong

Answer: A

Explanation:

If the user is trying to connect to a Linux EC2 instance and receives the Host Key not found error the probable reasons are: The private key pair is not right The user name to login is wrong

NEW QUESTION 18

A system admin is planning to encrypt all objects being uploaded to S3 from an application. The system admin does not want to implement his own encryption algorithm; instead he is planning to use server side encryption by supplying his own key (SSE-C.. Which parameter is not required while making a call for SSE-C?

  • A. x-amz-server-side-encryption-customer-key-AES-256
  • B. x-amz-server-side-encryption-customer-key
  • C. x-amz-server-side-encryption-customer-algorithm
  • D. x-amz-server-side-encryption-customer-key-MD5

Answer: A

Explanation:

AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key (SSE-C.. When the user is supplying his own encryption key, the user has to send the below mentioned parameters as a part of the API calls: x-amz-server-side-encryption-customer-algorithm: Specifies the encryption algorithm x-amz-server-side-encryption-customer-key: To provide the base64-encoded encryption key x-amz-server-side-encryption-customer-key-MD5: To provide the base64-encoded 128-bit MD5 digest of the encryption key

NEW QUESTION 19

A user has setup an EBS backed instance and attached 2 EBS volumes to it. The user has setup a CloudWatch alarm on each volume for the disk data. The user has stopped the EC2 instance and detached the EBS volumes. What will be the status of the alarms on the EBS volume?

  • A. OK
  • B. Insufficient Data
  • C. Alarm
  • D. The EBS cannot be detached until all the alarms are removed

Answer: B

Explanation:

Amazon CloudWatch alarm watches a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. Alarms invoke actions only for sustained state changes. There are three states of the alarm: OK, Alarm and Insufficient data. In this case since the EBS is detached and inactive the state will be Insufficient.

NEW QUESTION 20

Which method can be used to prevent an IP address block from accessing public objects in an S3 bucket?

  • A. Create a bucket policy and apply it to the bucket
  • B. Create a NACL and attach it to the VPC of the bucket
  • C. Create an ACL and apply it to all objects in the bucket
  • D. Modify the IAM policies of any users that would access the bucket

Answer: A

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

NEW QUESTION 21

A user has enabled the Multi AZ feature with the MS SQL RDS database server. Which of the below
mentioned statements will help the user understand the Multi AZ feature better?

  • A. In a Multi AZ, AWS runs two DBs in parallel and copies the data asynchronously to the replica copy
  • B. In a Multi AZ, AWS runs two DBs in parallel and copies the data synchronously to the replica copy
  • C. In a Multi AZ, AWS runs just one DB but copies the data synchronously to the standby replica
  • D. AWS MS SQL does not support the Multi AZ feature

Answer: C

Explanation:

Amazon RDS provides high availability and failover support for DB instances using Multi-AZ deployments. In a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to a standby replica to provide data redundancy, eliminate I/O freezes, and minimize latency spikes during system backups. Running a DB instance with high availability can enhance availability during planned system maintenance, and help protect your databases against DB instance failure and Availability Zone disruption.Note that the high-availability feature is not a scaling solution for read-only scenarios; you cannot use a standby replica to serve read traffic. To service read-only traffic, you should use a read replica.

NEW QUESTION 22

A user has created a VPC with CIDR 20.0.0.0/16 with only a private subnet and VPN connection using the VPC wizard. The user wants to connect to the instance in a private subnet over SSH. How should the user define the security rule for SSH?

  • A. Allow Inbound traffic on port 22 from the user’s network
  • B. The user has to create an instance in EC2 Classic with an elastic IP and configure the security group of a private subnet to allow SSH from that elastic IP
  • C. The user can connect to a instance in a private subnet using the NAT instance
  • D. Allow Inbound traffic on port 80 and 22 to allow the user to connect to a private subnet over the Internet

Answer: A

Explanation:

The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, the user can setup a case with a VPN only subnet (private. which uses VPN access to connect with his data centre. When the user has configured this setup with Wizard, all network connections to the instances in the subnet will come from his data centre. The user has to configure the security group of the private subnet which allows the inbound traffic on SSH (port 22. from the data centre’s network range.

NEW QUESTION 23

A user is trying to send custom metrics to CloudWatch using the PutMetricData APIs. Which of the below
mentioned points should the user needs to take care while sending the data to CloudWatch?

  • A. The size of a request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests
  • B. The size of a request is limited to 128KB for HTTP GET requests and 64KB for HTTP POST requests
  • C. The size of a request is limited to 40KB for HTTP GET requests and 8KB for HTTP POST requests
  • D. The size of a request is limited to 16KB for HTTP GET requests and 80KB for HTTP POST requests

Answer: A

Explanation:

With AWS CloudWatch, the user can publish data points for a metric that share not only the same time stamp, but also the same namespace and dimensions. CloudWatch can accept multiple data points in the same PutMetricData call with the same time stamp. The only thing that the user needs to take care of is that the size of a PutMetricData request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests.

NEW QUESTION 24

A user has a weighing plant. The user measures the weight of some goods every 5 minutes and sends data to AWS CloudWatch for monitoring and tracking. Which of the below mentioned parameters is mandatory for the user to include in the request list?

  • A. Value
  • B. Namespace
  • C. Metric Name
  • D. Timezone

Answer: B

Explanation:

AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. The user can publish the data to CloudWatch as single data points or as an aggregated set of data points called a statistic set. The user has to always include the namespace as part of the request. The user can supply a file instead of the metric name. If the user does not supply the timezone, it accepts the current time. If the user is sending the data as a single data point it will have parameters, such as value. However, if the user is sending as an aggregate it will have parameters, such as statistic-values.

NEW QUESTION 25

A sysadmin has created the below mentioned policy on an S3 bucket named cloudacademy. The bucket has both AWS.jpg and index.html objects. What does this policy define?
"Statement": [{
"Sid": "Stmt1388811069831",
"Effect": "Allow",
"Principal": { "AWS": "*"},
"Action": [ "s3:GetObjectAcl", "s3:ListBucket", "s3:GetObject"],
"Resource": [ "arn:aws:s3:::cloudacademy/*.jpg]
}]

  • A. It will make all the objects as well as the bucket public
  • B. It will throw an error for the wrong action and does not allow to save the policy
  • C. It will make the AWS.jpg object as public
  • D. It will make the AWS.jpg as well as the cloudacademy bucket as public

Answer: B

NEW QUESTION 26

A user is planning to set up the Multi AZ feature of RDS. Which of the below mentioned conditions won't take advantage of the Multi AZ feature?

  • A. Availability zone outage
  • B. A manual failover of the DB instance using Reboot with failover option
  • C. Region outage
  • D. When the user changes the DB instance’s server type

Answer: C

Explanation:

Amazon RDS when enabled with Multi AZ will handle failovers automatically. Thus, the user can resume database operations as quickly as possible without administrative intervention. The primary DB instance switches over automatically to the standby replica if any of the following conditions occur: An Availability Zone outage The primary DB instance fails The DB instance's server type is changed The DB instance is undergoing software patching A manual failover of the DB instance was initiated using Reboot with failover

NEW QUESTION 27

A user has hosted an application on EC2 instances. The EC2 instances are configured with ELB and Auto Scaling. The application server session time out is 2 hours. The user wants to configure connection draining to ensure that all in-flight requests are supported by ELB even though the instance is being deregistered. What time out period should the user specify for connection draining?

  • A. 5 minutes
  • B. 1 hour
  • C. 30 minutes
  • D. 2 hours

Answer: B

NEW QUESTION 28

You have an Auto Scaling group associated with an Elastic Load Balancer (ELB). You have noticed that instances launched via the Auto Scaling group are being marked unhealthy due to an ELB health check, but these unhealthy instances are not being terminated
What do you need to do to ensure trial instances marked unhealthy by the ELB will be terminated and replaced?

  • A. Change the thresholds set on the Auto Scaling group health check
  • B. Add an Elastic Load Balancing health check to your Auto Scaling group
  • C. Increase the value for the Health check interval set on the Elastic Load Balancer
  • D. Change the health check set on the Elastic Load Balancer to use TCP rather than HTTP checks

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/as-add-elb-healthcheck.html
Add an Elastic Load Balancing Health Check to your Auto Scaling Group
By default, an Auto Scaling group periodically reviews the results of EC2 instance status to determine the health state of each instance. However, if you have associated your Auto Scaling group with an Elastic Load Balancing load balancer, you can choose to use the Elastic Load Balancing health check. In this case, Auto Scaling determines the health status of your instances by checking the results of both the EC2 instance status check and the Elastic Load Balancing instance health check.
For information about EC2 instance status checks, see.Monitor Instances With Status Checks.in the.Amazon EC2 User Guide for Linux Instances. For information about Elastic Load Balancing health checks, see.Health Check.in the.Elastic Load Balancing Developer Guide.
This topic shows you how to add an Elastic Load Balancing health check to your Auto Scaling group, assuming that you have created a load balancer and have registered the load balancer with your Auto Scaling group. If you have not registered the load balancer with your Auto Scaling group, see.Set Up a Scaled and Load-Balanced Application.
Auto Scaling marks an instance unhealthy if the calls to the Amazon EC2 action.DescribeInstanceStatus.return any state other than.running, the system status shows.impaired, or the calls to Elastic Load Balancing action.DescribeInstanceHealth.returns.OutOfService.in the instance state field.
If there are multiple load balancers associated with your Auto Scaling group, Auto Scaling checks the health state of your EC2 instances by making health check calls to each load balancer. For each call, if the Elastic Load Balancing action returns any state other than.InService, the instance is marked as unhealthy. After Auto Scaling marks an instance as unhealthy, it remains in that state, even if subsequent calls from other load balancers return an.InService.state for the same instance.

NEW QUESTION 29

A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at Rest. If the user is supplying his own keys for encryption (SSE-C., which of the below mentioned statements is true?

  • A. The user should use the same encryption key for all versions of the same object
  • B. It is possible to have different encryption keys for different versions of the same object
  • C. AWS S3 does not allow the user to upload his own keys for server side encryption
  • D. The SSE-C does not work when versioning is enabled

Answer: B

Explanation:

AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key (SSE-C.. If the bucket is versioning-enabled, each object version uploaded by the user using the SSE-C feature can have its own encryption key. The user is responsible for tracking which encryption key was used for which object's version

NEW QUESTION 30

A user has configured an HTTPS listener on an ELB. The user has not configured any security policy which can help to negotiate SSL between the client and ELB. What will ELB do in this scenario?

  • A. By default ELB will select the first version of the security policy
  • B. By default ELB will select the latest version of the policy
  • C. ELB creation will fail without a security policy
  • D. It is not required to have a security policy since SSL is already installed

Answer: B

Explanation:

Elastic Load Balancing uses a Secure Socket Layer (SSL. negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. If the user has created an HTTPS/SSL listener without associating any security policy, Elastic Load Balancing will, bydefault, associate the latest version of the ELBSecurityPolicy-YYYY-MM with the load balancer.

NEW QUESTION 31
......

P.S. Passcertsure now are offering 100% pass ensure AWS-SysOps dumps! All AWS-SysOps exam questions have been updated with correct answers: https://www.passcertsure.com/AWS-SysOps-test/ (387 New Questions)