Some Exam Questions


I failed today’s SysOps AA exam, many questions are similar to the practice tests but still need deep knowledge of some areas, I will study hard and try again. Some questions like:

  1. Setup VPN, but NAT in front of Customer Gateway. Something like this:
    A. Using MAC address from Customer device
    B. Using NAT device public IP
    C. Using Customer gateway IP
    forgot others…

Got any idea how to setup VPN if NAT in front of Customer Gateway?

  1. Here is another question for restricted port reporting to show boss you will get the alert and have complied. Trust Advisor or AWS Config?

  2. You have setup S3 and VPC Endpoint, but having problem to put file in there. What issue might be?
    A. S3 Bucket Policy and S3 Access Control List.
    B. S3 Bucket Policy and EndPoint Policy
    C. Security Group and EndPoint Policy
    D. Security Group and S3 Bucket Policy
    (I’m thinking B is correct answer?)

  3. How do we update/install SSL certificate over Classic Load Balancer to make sure can connect/support to older web server?


Here are the rest I can remember. Hope that help other!

  • One Aurora question
  • RDS Oracle backup question
  • 2-3 Spot Instance vs other types especially the answer does not list Schedule RI, so I guess it’s RI means Standard RI that Spot might be better in some case…
  • S3 resources based policy
  • Schedule to run instance maintenance scenario
  • One Bastion question
  • Route 53 Weight routing question
  • One EFS question
  • One AWS WAF question
  • A couple questions for AMI, copy to another region and use it scenario, and billingproduct code AMI.
  • One Lost SSH keypair question: make sure you read carefully instance store-backed instance or EBS-backed Linux instance
  • 2-3 MFA and S3 related questions
  • One CloudHSM question
  • One SAML, AD question
  • 2-3 ASW System Manager
  • One troubleshooting S3 getting 5xx put/delete error something like that
  • One Athena question
  • A couple RSD, elasticache, multi-AZ questions
  • A couple Tag, billing questions
  • A couple AWS organization questions
  • 2-3 Cloudwatch metric questions
  • On increase instance IOPS C.large ->c.xlarge something like that
  • One AWS Budgets question
  • 1-2 AWS Glacier questions, restore files, expedite retrieval
  • 1-2 CouldFront questions

Here are some from my exam areas as well:

  1. CDIR block needs minimum 30 IPs: should go for subnet /27 (32 IPs) or subnet /26 (64 IPs) since AWS 5 IP cannot be used? I forgot the detail question, but something like that.

  2. On premise hard coded IP for DNS question, I don’t get it.

  3. Unable to access Windows server. Show the VPC Flowlog log and identify the problem like Security Group, NACL, Windows firewall? The log shows both VPC subnet “Accept” status, source/dest IP, ports are looking good, so no sure what’s the problem unless VPN Flowlog cannot see Windows firewall listening port might block them?

  4. Instancelimitexceeded error, how to resolve it: A tricky one? B might be the one due to AWS doc.
    A. User request too many instance and should request few.
    B. Concurrent instance has reached limit and need to be filed to increase limit by AWS Support.

  5. Cloudformation: 3 questions
    5.1 To review the update infrastructure before implementing - Create Change Sets?
    5.2 To reuse the code/script - nested stack?
    5.3 To use many small files - stackset?

  6. On premise want to use storage through NFTS - Storage volume gateway?


Did you use the practice exams? How close were they to the concepts tested?


Yes, although some questions similar, unfortunately I was still like 2-3 questions short to get pass. Few questions I recalled I did not read carefully (or tricky questions) and might answer the wrong one, and few others I do not know the answer which might need in depth knowledge or somewhat. I am reviewing and studying more to nail it next time. Overall Whizlab practice tests are awesome, and I have learned a lot.



Were all questons come from practice test paper?

What did you refer while preparing the exam?


Have you retake the exam?


Not yet, I will try again end of the month.

Answer the previous question @Akanksha, not all but some of them similar to the practice test. I am using ACG course and Whizlabs as prep materials, I am going through AWS again and reading more…will see how it goes.


I also scheduled the exam end of Dec again. But I am thinking will we face similar set of questions or new set questions in the retake exam?

Btw, I faced the similar questions as you mentioned in the first attempt.


I guess if same day if you are giving exam then paper will be same.That’s how happenend with me and my friend.


@saleng76 ACG is Cloud guru right.Between am also planning to give the exam where is the study material.Can you share with me please?



Yes @Akanksha, Just A Cloud Guru and the practice tests here.


@Akanksha and @saleng76

so we should face different question sets in the retake exam, Keep it up!!!