Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS Certified SysOps Administrator - Associate

Amazon AWS Certified SysOps Administrator - Associate Exam
AWS Certified SysOps Administrator (Page 10 )

Updated On: 12-Jan-2026
Page 10 of 97
PDF with 477 Questions

A company's security policy states that connecting to Amazon EC2 instances is not permitted through SSH and ROP. If access is required, authorized staff can connect to instances by using AWS Systems Manager Session Manager.
Users report that they are unable to connect to one specific Amazon EC2 instance that is running Ubuntu and has AWS Systems Manager Agent (SSM Agent) pre-installed. These users are able to use Session Manager to connect to other instances in the same subnet, and they are in an IAM group that has Session Manager permission for all instances.
What should a SysOps administrator do to resolve this issue?

  1. Add an inbound rule for port 22 in the security group associated with the Ubuntu instance.
  2. Assign the AmazonSSMManagedInstanceCore managed policy to the EC2 instance profile for the Ubuntu instance.
  3. Configure the SSM Agent to log in with a user name of “ubuntu”.
  4. Generate a new key pair, configure Session Manager to use this new key pair, and provide the private key to the users.

Answer(s): B



A company stores files on 50 Amazon S3 buckets in the same AWS Region. The company wants to connect to the S3 buckets securely over a private connection from its Amazon EC2 instances. The company needs a solution that produces no additional cost.
Which solution will meet these requirements?

  1. Create a gateway VPC endpoint for each S3 bucket. Attach the gateway VPC endpoints to each subnet inside the VPC.
  2. Create an interface VPC endpoint for each S3 bucket. Attach the interface VPC endpoints to each subnet inside the VPC.
  3. Create one gateway VPC endpoint for all the S3 buckets. Add the gateway VPC endpoint to the VPC route table.
  4. Create one interface VPC endpoint for all the S3 buckets. Add the interface VPC endpoint to the VPC route table.

Answer(s): C



A company hosts an internal application on Amazon EC2 On-Demand Instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group. Employees use the application to provide product prices to potential customers. The Auto Scaling group is configured with a dynamic scaling policy and tracks average CPU utilization of the instances.
Employees have noticed that sometimes the application becomes slow or unresponsive. A SysOps administrator finds that some instances are experiencing a high CPU load. The Auto Scaling group cannot scale out because the company is reaching the EC2 instance service quota.
The SysOps administrator needs to implement a solution that provides a notification when the company reaches 70% or more of the EC2 instance service quota.
Which solution will meet these requirements in the MOST operationally efficient manner?

  1. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances, and compares the total number against the applied quota value by using the Service Quotas API. Configure the Lambda function to publish an Amazon Simple Notification Service (Amazon SNS) notification if the quota utilization is equal to or greater than 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
  2. Create an AWS Lambda function that lists the EC2 instances, counts the EC2 instances, and compares the total number against the applied quota value by using the Amazon CloudWatch Metrics API. Configure the Lambda function to publish an Amazon Simple Notification Service (Amazon SNS) notification if the quota utilization is equal to or greater than 70%. Create an Amazon EventBridge rule to invoke the Lambda function.
  3. Use the Service Quotas console to create an Amazon CloudWatch alarm for the EC2 instances. Configure the alarm with quota utilization equal to or greater than 70%. Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.
  4. Create an Amazon CloudWatch alarm. Configure the alarm with a threshold of 70% for the CPUUtilization metric for the EC2 instances. Configure the alarm to publish an Amazon Simple Notification Service (Amazon SNS) notification when the alarm enters ALARM state.

Answer(s): C



A company has an application that runs behind an Application Load Balancer (ALB) in the us-west-2 Region. An Amazon Route 53 record set contains an alias record for app.anycompany.com that references the ALB in us-west-2 and uses a simple routing policy. The application is experiencing an increase in users from other locations in the world. These users are experiencing high latency.
Most of the new users are close to the ap-southeast-2 Region. The company deploys a copy of the application to ap-southeast-2. A SysOps administrator must implement a solution that automatically routes requests to the lowest latency endpoint for users without changing the URL.
Which solution will meet these requirements?

  1. Add a new value to the existing alias record for app.anycompany.com with the DNS name of the new ALB in ap-southeast-2.
  2. Change the existing alias record to use a geolocation routing policy. Create two geolocation records, one record that references each ALSelect the location that is closest to each Region.
  3. Change the existing alias record to use a latency routing policy. Create two latency records, one record that references each ALB.
  4. Change the existing alias record to use a multivalue routing policy Add the DNS name of each ALB to the record.

Answer(s): C



A company runs a high performance computing (HPC) application on an Amazon EC2 instance. The company needs to scale this architecture to two or more EC2 instances. The EC2 instances will need to communicate with each other at high speeds with low latency to support the application.
The company wants to ensure that the network performance can support the required communication between the EC2 instances
What should a SysOps administrator do to meet these requirements?

  1. Create a cluster placement group. Back up the existing EC2 instance to an Amazon Machine Image (AMI). Restore the EC2 instance from the AMI into the placement group. Launch the additional EC2 instances into the placement group.
  2. Back up the existing EC2 instance to an Amazon Machine Image (AMI). Create a launch template from the existing EC2 instance by specifying the AMI. Create an Auto Scaling group and configure the desired instance count.
  3. Create a Network Load Balancer (NLB) and a target group. Launch the new EC2 instances and register them with the target group. Register the existing EC2 instance with the target group. Pass all application traffic through the NLB.
  4. Back up the existing EC2 instance to an Amazon Machine Image (AMI). Create additional clones of the EC2 instance from the AMI in the same Availability Zone where the existing EC2 instance is located.

Answer(s): A



Viewing page 10 of 97
Viewing questions 46 - 50 out of 477 questions



Post your Comments and Discuss Amazon AWS Certified SysOps Administrator - Associate exam prep with other Community members:

Join the AWS Certified SysOps Administrator - Associate Discussion