Happy to Announce Our New Discussion Forum | Join Now

Some Exam Questions


Did you use the practice exams? How close were they to the concepts tested?


Yes, although some questions similar, unfortunately I was still like 2-3 questions short to get pass. Few questions I recalled I did not read carefully (or tricky questions) and might answer the wrong one, and few others I do not know the answer which might need in depth knowledge or somewhat. I am reviewing and studying more to nail it next time. Overall Whizlab practice tests are awesome, and I have learned a lot.



Were all questons come from practice test paper?

What did you refer while preparing the exam?


Have you retake the exam?


Not yet, I will try again end of the month.

Answer the previous question @Akanksha, not all but some of them similar to the practice test. I am using ACG course and Whizlabs as prep materials, I am going through AWS again and reading more…will see how it goes.


I also scheduled the exam end of Dec again. But I am thinking will we face similar set of questions or new set questions in the retake exam?

Btw, I faced the similar questions as you mentioned in the first attempt.


I guess if same day if you are giving exam then paper will be same.That’s how happenend with me and my friend.


@saleng76 ACG is Cloud guru right.Between am also planning to give the exam where is the study material.Can you share with me please?



Yes @Akanksha, Just A Cloud Guru and the practice tests here.


@Akanksha and @saleng76

so we should face different question sets in the retake exam, Keep it up!!!


Is that AWS asssociate it’s not easy?
Can anyone tell me is that fine if I will go through only AWS documentations for all services and then buy practise test from Whizlabs?


There is one question comes like how both instance communicate with each other ,i don’t remeber the question exactly.but anyone can help or clarify on this?


I took, and failed the exam yesterday. The questions I had were the same as those you’ve mentioned above.


Thank you so much @dakopraz and congrats! I will try again 2nd attempts soon. I had similar questions like yours as well. Below are few I still need some guidance, please advise.

“For example, one question I recall was something about c4.large with EBS io1 Provisioned IOPS and disk read and write performance issues. Have already tried 1000 iops, tried 2000 iops, but the performance problem remains. What should you do next?”

Should it B) Convert to c4.xlarge the right choice?

“M2 with classic load balancer and predictable steady load. how to reduce costs? Can we even get m2 reserved instances? is alb cheaper than classic load balancer? Is m5 cheaper than m2?”

I guess ALB cheaper since it asked for steady load, although M5 has RI and M2 does not.

RDS for Oracle - there was a backup questions specific to Oracle that I didn’t know. Think they were trying to throw me off by saying Oracle. Not specific to Oracle, remember the two ways that RDS backups: 1) automated during user specified window. 2) DB snapshots.

I don’t member if other options are auto backup or snapshots but I do remember something like RMANBackup command option.
If you chose to install the Oracle Secure Backup Cloud Module, the Quick Start performs an initial, complete backup of your database to the S3 bucket you specified in the Quick Start parameters.
You can use the /tmp/rmanbackup.cmd script to perform new backups or to schedule backup tasks and customize the settings for your needs.
You can also schedule your backups by using Crontab or another scheduling tool.

“VPC Flow logs - always questions on these and what exactly can be enabled: vpc, subnet, eni and how to read them. One question said RDC didn’t work but the flow logs showed send OK, receive OK, so what’s wrong? The answer must be the NACL on the bastion subnet deny the return traffic. This one was very tricky.”

I picked the Window firewall issue since I thought we cannot see windows log in VPN Flow logs, so I guess I got this one wrong ;(


@saleng76 and @dakopraz

If the NACL block the return traffic, how the VPC flow log receive the “receive OK”?


ALB: $0.0225 per Application Load Balancer-hour (or partial hour)
CLB: $0.025 per Classic Load Balancer-hour (or partial hour)

Same region


The packet leave the bastion host and goes first past its own security group which allows all outbound, then its own subnets NACL which allows the packet out, then into the target subnet NACL which allows it through, then to the target security group which allows it, then the return packet goes out the target security group which is stateful and allows the return traffic no matter what if it got in, then hits the target NACL for egress trip, and NACL are stateless so it won’t go by just b/c it got in, but this gets allowed, then hits the bastion NACL and can be DENIED there by either source or port. With VPC flow log, if its logging at the target subnet level, it would see the packet enter and exit and wouldn’t know that the bastion subnet NACL denied it.


I also got similar questions in the exam today and i failed.

Passed AWS SysOps Exam Dec 29th
  1. Setup VPN, but NAT in front of Customer Gateway. Something like this:
    A. Using MAC address from Customer device
    B. Using NAT device public IP
    C. Using Customer gateway IP
    forgot others…

----I think it should be B
"The public IP address value must be static. If your customer gateway is behind a network address translation (NAT) device that’s enabled for NAT traversal (NAT-T), use the public IP address of your NAT device, and adjust your firewall rules to unblock UDP port 4500. "


You have setup S3 and VPC Endpoint, but having problem to put file in there. What issue might be?
A. S3 Bucket Policy and S3 Access Control List.
B. S3 Bucket Policy and EndPoint Policy
C. Security Group and EndPoint Policy
D. Security Group and S3 Bucket Policy
(I’m thinking B is correct answer?)

A/B are both possible?