AWS-SysOps Free Practice Test

- (Exam Topic 1)
A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service. The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east-1 Region. The web portal must be highly available across multiple Regions.
Which configuration will meet these requirements?

1. A. Deploy a copy of the stack in the us-west-2 Regio
2. B. Create a single start of authority (SOA) record in Route 53 that includes the IP address from each EL
3. C. Configure the SOA record with health check
4. D. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
5. E. Deploy a copy of the stack in the us-west-2 Regio
6. F. Create an additional A record in Route 53 that includes the ELB in us-west-2 as an alias targe
7. G. Configure the A records with a failover routing policy and health check
8. H. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
9. I. Deploy a new group of EC2 instances in the us-west-2 Regio
10. J. Associate the new EC2 instances with the existing ELB, and configure load balancer health checks on all EC2 instance
11. K. Configure the ELB to update Route 53 when EC2 instances in us-west-2 fail health checks.
12. L. Deploy a new group of EC2 instances in the us-west-2 Regio
13. M. Configure EC2 health checks on all EC2 instances in each Regio
14. N. Configure a peering connection between the VPC
15. O. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as the secondary record.

Correct Answer: B
When you create a hosted zone, Route 53 automatically creates a name server (NS) record and a start of authority (SOA) record for the zone.
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/migrate-dns-domain-in-use.html#migrate-dns-crea
https://en.wikipedia.org/wiki/SOA_record

- (Exam Topic 1)
A company wants to track its AWS costs in all member accounts that are part of an organization in AWS Organizations. Managers of the member accounts want to receive a notification when the estimated costs exceed a predetermined amount each month. The managers are unable to configure a billing alarm. The IAM permissions for all users are correct. What could be the cause of this issue?

1. A. The management/payer account does not have billing alerts turned on.
2. B. The company has not configured AWS Resource Access Manager (AWS RAM) to share billing information between the member accounts and the management/payer account.
3. C. Amazon GuardDuty is turned on for all the accounts.
4. D. The company has not configured an AWS Config rule to monitor billing.

Correct Answer: B

- (Exam Topic 1)
A SysOps administrator has created a VPC that contains a public subnet and a private subnet. Amazon EC2 instances that were launched in the private subnet cannot access the internet. The default network ACL is active on all subnets in the VPC, and all security groups allow all outbound traffic:
Which solution will provide the EC2 instances in the private subnet with access to the internet?

1. A. Create a NAT gateway in the public subne
2. B. Create a route from the private subnet to the NAT gateway.
3. C. Create a NAT gateway in the public subne
4. D. Create a route from the public subnet to the NAT gateway.
5. E. Create a NAT gateway in the private subne
6. F. Create a route from the public subnet to the NAT gateway.
7. G. Create a NAT gateway in the private subne
8. H. Create a route from the private subnet to the NAT gateway.

Correct Answer: A
NAT Gateway resides in public subnet, and traffic should be routed from private subnet to NAT Gateway: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

- (Exam Topic 1)
A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company’s on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors.
Which solution will give the application the ability to resolve the internal domain names?

1. A. Launch EC2 instances in the VP
2. B. On the EC2 instances, deploy a custom DNS forwarder that forwards all DNS requests to the on-premises DNS serve
3. C. Create an Amazon Route 53 private hosted zone that uses the EC2 instances for name servers.
4. D. Create an Amazon Route 53 Resolver outbound endpoin
5. E. Configure the outbound endpoint to forward DNS queries against the on-premises domain to the on-premises DNS server.
6. F. Set up two AWS Direct Connect connections between the AWS environment and the on-premises networ
7. G. Set up a link aggregation group (LAG) that includes the two connection
8. H. Change the VPC resolver address to point to the on-premises DNS server.
9. I. Create an Amazon Route 53 public hosted zone for the on-premises domai
10. J. Configure the network ACLs to forward DNS requests against the on-premises domain to the Route 53 public hosted zone.

Correct Answer: B
https://docs.aws.amazon.com/zh_tw/Route53/latest/DeveloperGuide/resolver-forwarding-outbound-queries.html

- (Exam Topic 1)
A company uses AWS Organizations to manage multiple AWS accounts. The company's SysOps team has been using a manual process to create and manage 1AM roles. The team requires an automated solution to create and manage the necessary 1AM roles for multiple AWS accounts.
What is the MOST operationally efficient solution that meets these requirements?

1. A. Create AWS CloudFormation template
2. B. Reuse the templates to create the necessary 1AM roles in each of the AWS accounts.
3. C. Use AWS Directory Service with AWS Organizations to automatically associate the necessary 1AM roles with Microsoft Active Directory users.
4. D. Use AWS Resource Access Manager with AWS Organizations to deploy and manage shared resources across the AWS accounts.
5. E. Use AWS CloudFormation StackSets with AWS Organizations to deploy and manage 1AM roles for the AWS accounts.

Correct Answer: D