AWS Certified SysOps Administrator – Associate Set5

Welcome to AWS Certified SysOps Administrator - Associate Set5.


1. Which feature can be used to configure console access for users authenticated by Active Directory?
2. AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data and secrets management. Which of the following AWS services natively support the Parameter Store? (Choose 3)
3. Your company has asked you to investigate the use of KMS for storing and managing keys in AWS. From the options listed below, what key management features are available in KMS?
4. STS (Security Token Service) grants temporary access to AWS resources to users authenticated using which methods? (Select THREE) (Choose 3)
5. What does the following policy do: { "Version": "2012-10-17", "Statement": [ { "Action": [ "autoscaling:Describe*", "cloudwatch:*", "logs:*", "sns:*" ], "Effect": "Allow", "Resource": "*" } ] }
6. How can you determine which of your IAM Users have configured Multi-Factor Authentication (MFA)?
7. Which service can you use to run a command on group of systems based on tags?
8. You are working on a project to migrate a banking application to AWS. Your Security Architect asks if there is a single place where you can securely store user passwords, database connection strings and license codes. What do you suggest?
9. Per the AWS Acceptable Use Policy, penetration testing of EC2 instances ________.
10. In an IAM policy, what action does IAM:PassRole relate to? (Choose 2)
11. The security team have asked you to provide them with details of all the IAM users in your account and the status of their credentials including passwords, access keys and registered MFA devices. What is the best way to approach this?
12. You are supporting a web application that runs on 3 EC2 instances. Your users must log in to the application which authenticates against the Active Directory service in your own Data Centre. You want to ensure that once the user logs in, they only have access to the AWS resources they need. Which services can you use to configure this? (Choose 3)
13. You are creating a fleet of EC2 instances that will be inside an autoscaling group. These EC2 instances will need to write a custom metric to Cloud Watch and will need the appropriate permissions with which to do this. What is the most secure way to enable this?
14. You are supporting a large environment running in AWS. The Security architect in your organization asks you to implement a configuration management tool to record the state of your infrastructure and notify you of any changes to the baseline. Which service can you use to achieve this?
15. Which AWS service can you use to protect against DDoS attacks?
16. Which of the following is an Identity Broker that can be used to enable Active Directory accounts to access AWS resources?
17. Your organization is being audited and you are asked to implement monitoring for every single API call which occurs in your AWS account. Which service can you use to achieve this?
18. Which of the following statements are correct regarding Multi-Factor Authentication (MFA)? (Select TWO) (Choose 2)
19. Given the following IAM policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:Get*", "s3:List*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::corporate_bucket/*" } ] } , what does the IAM policy allow? (Choose 3)
20. Which of the following AWS services allow native encryption of data, while at rest? (Choose 3)
21. You are working on a project to launch an application which stores highly confidential data. Your compliance team advise that they do not want to host the application on multi-tenant hardware. Which class of EC2 instance can you use to host the application?


One thought on “AWS Certified SysOps Administrator – Associate Set5

Leave a Reply

Your email address will not be published. Required fields are marked *