Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS Certified SysOps Administrator - Associate

Amazon AWS Certified SysOps Administrator - Associate Exam
AWS Certified SysOps Administrator (Page 9 )

Updated On: 12-Jan-2026
Page 9 of 97
PDF with 477 Questions

A company is managing multiple AWS accounts in AWS Organizations. The company is reviewing internal security of its AWS environment. The company’s security administrator has their own AWS account and wants to review the VPC configuration of developer AWS accounts.
Which solution will meet these requirements in the MOST secure manner?

  1. Create an IAM policy in each developer account that has read-only access related to VPC resources. Assign the policy to an IAM user. Share the user credentials with the security administrator.
  2. Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC actions. Assign the policy to an IAM user. Share the user credentials with the security administrator.
  3. Create an IAM policy in each developer account that has administrator access related to VPC resources. Assign the policy to a cross-account IAM role. Ask the security administrator to assume the role from their account.
  4. Create an IAM policy in each developer account that has read-only access related to VPC resources. Assign the policy to a cross-account IAM role. Ask the security administrator to assume the role from their account.

Answer(s): D



A company runs a web application that users access using the name www example com. The company manages the domain name example.com using Amazon Route 53. The company created an Amazon CloudFront distribution in front of the application and would like www.example.com to access the application through CloudFront.
What is the MOST cost-effective way to achieve this?

  1. Create a CNAME record in Amazon Route 53 that points to the CloudFront distribution URL.
  2. Create an ALIAS record in Amazon Route 53 that points to the CioudFront distribution URL.
  3. Create an A record in Amazon Route 53 that points to the public IP address of the web application,
  4. Create a PTR record in Amazon Route 53 that points to the public IP address of the web application.

Answer(s): B



A company hosts a production MySQL database on an Amazon Aurora single-node DB cluster. The database is queried heavily for reporting purposes. The DB cluster is experiencing periods of performance degradation because of high CPU utilization and maximum connections errors. A SysOps administrator needs to improve the stability of the database.
Which solution will meet these requirements?

  1. Create an Aurora Replica node. Create an Auto Scaling policy to scale replicas based on CPU utilization. Ensure that all reporting requests use the read-only connection string
  2. Create a second Aurora MySQL single-node DB cluster in a second Availability Zone. Ensure that all reporting requests use the connection string for this additional node
  3. Create an AWS Lambda function that caches reporting requests. Ensure that all reporting requests call the Lambda function
  4. Create a multi-node Amazon ElastiCache cluster. Ensure that all reporting requests use the ElastiCache cluster. Use the database if the data is not in the cache.

Answer(s): A



A company has set up an IPsec tunnel between its AWS environment and its on-premises data center. The tunnel is reporting as UP, but the Amazon EC2 instances are not able to ping any on-premises resources.
What should a SysOps administrator do to resolve this issue?

  1. Create a new inbound rule on the EC2 instances’ security groups to allow ICMP traffic from the on-premises CIDR.
  2. Create a peering connection between the IPsec tunnel and the subnet of the EC2 instances.
  3. Enable route propagation for the virtual private gateway in the route table that is assigned to the subnet of the EC2 instances.
  4. Modify the VPC’s DHCP options set. Add the IPsec tunnel to the VPN section.

Answer(s): C



A SysOps administrator is configuring Amazon CloudWatch alarms. A particular is constantly in the ALARM state.
What could be the reason for this issue?

  1. Alarms continue to evaluate metrics against configured thresholds, even after they are triggered.
  2. After alarms are triggered, they remain in the ALARM state until they are manually disabled.
  3. After an alarm is triggered and an action is performed, the application logic must reset the alarm to its normal state.
  4. The alarm is not receiving appropriate metrics.

Answer(s): A



Viewing page 9 of 97
Viewing questions 41 - 45 out of 477 questions



Post your Comments and Discuss Amazon AWS Certified SysOps Administrator - Associate exam prep with other Community members:

Join the AWS Certified SysOps Administrator - Associate Discussion