EMT Practice Test

1. Question Content...


Question List

Question1: The CFO of a company wants to allow one of his employees to view only the AWS usage report page.
Which of the below mentioned IAM policy statements allows the user to have access to the AWS usage report page?

Question2: An admin is planning to monitor the ELB. Which of the below mentioned services does not help the admin capture the monitoring information about the ELB activity?

Question3: The AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. AWS KMS is integrated with oth-er AWS services including Amazon EBS, Amazon S3, Amazon Redshift, Elastic Transcoder, Ama-zon WorkMail, and Amazon RDS to make it simple to encrypt your data with encryption keys that you manage. AWS KMS is also integrated with AWS CloudTrail to provide you with key usage logs to help meet your regulatory and compliance needs. Which of the following types of cryptog-raphy keys is supported by AWS KMS currently?

Question4: What is a security group in Amazon AWS?

Question5: Which of the following services can receive an alert from CloudWatch?

Question6: When an EC2 instance that is backed by an S3-based AMI Is terminated, what happens to the data on me root volume?

Question7: A Development team has an application stack consisting of many OS dependencies and language runtime dependencies. When deploying the application to production, the most important factor is how quickly the instance is operational.
What deployment methodology should be used to update the running environments to meet the requirement?

Question8: You use S3 to store critical data for your company Several users within your group currently have lull permissions to your S3 buckets You need to come up with a solution mat does not impact your users and also protect against the accidental deletion of objects.
Which two options will address this issue? (Choose two.)

Question9: A user has created an application which will be hosted on EC2. The application makes API calls to DynamoDB to fetch certain data. The application running on this instance is using the SDK for making these calls to DynamoDB. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?

Question10: A user has created a queue named "awsmodule" with SQS. One of the consumers of queue is down for 3 days and then becomes available. Will that component receive message from queue?

Question11: Your organization is preparing for a security assessment of your use of AWS.
In preparation for this assessment, which two IAM best practices should you consider implementing?
(Choose two.)

Question12: A custom network ACL that you create ____ until you add rules, and is not associated with a sub-net until you explicitly associate it with one.

Question13: Which services allow the customer to retain full administrative privileges of the underlying EC2 instances?
(Choose two.)

Question14: A system admin is managing buckets, objects and folders with AWS S3. Which of the below mentioned statements is true and should be taken in consideration by the sysadmin?

Question15: A company is deploying a legacy web application on Amazon EC2 instances behind an ELB Application Load Balancer. The application worked well in the test environment. However, in production, users report that they are prompted to log in to the system several times an hour.
Which troubleshooting step should be taken to help resolve the problem reported by users?

Question16: What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment if the primary DB instance fails?

Question17: You have a web-style application with a stateless but CPU and memory-intensive web tier running on a cc2 8xlarge EC2 instance inside of a VPC The instance when under load is having problems returning requests within the SLA as defined by your business The application maintains its state in a DynamoDB table, but the data tier is properly provisioned and responses are consistently fast.
How can you best resolve the issue of the application responses not meeting your SLA?

Question18: A route table in VPC can be associated with multiple subnets. However, a subnet can be associated with only ______ route table(s) at a time.

Question19: Elasticity is one of the benefits of using Elastic Beanstalk. Which of the following best describes the concept of elasticity?

Question20: A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. The ELB security policy supports various ciphers. Which of the below mentioned options helps identify the matching cipher at the client side to the ELB cipher list when client is requesting ELB DNS over SSL?

Question21: You are managing the AWS account of a big organization. The organization has more than 1000+ employees and they want to provide access to the various services to most of the employees. Which of the below mentioned options is the best possible solution in this case?

Question22: A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24) and VPN only subnets CIDR (20.0.1.0/24) along with the VPN gateway (vgw-12345) to connect to the user's data center. The user's data center has CIDR 172.28.0.0/12. The user has also setup a NAT instance (i-123456) to allow traffic to the internet from the VPN subnet. Which of the below mentioned options is not a valid entry for the main route table in this scenario?

Question23: An organization is planning to use AWS for 5 different departments. The finance department is responsible to pay for all the accounts. However, they want the cost separation for each account to map with the right cost center. How can the finance department achieve this?

Question24: An Auto Scaling group is running at the desired capacity of 5 instances and receives a trigger from the Cloudwatch Alarm to increase the capacity by 1. The cool down period is 5 minutes.
Cloudwatch sends another trigger after 2 minutes to decrease the desired capacity by 1. What will be the count of instances at the end of 4 minutes?

Question25: Which of the following statements is NOT true of CloudWatch?

Question26: You are setting up a VPC and you need to set up a public subnet within that VPC. Which following requirement must be met for this subnet to be considered a public subnet?

Question27: A media company produces new video files on-premises every day with a total size of around 100 GBS after compression All files have a size of 1 -2 GB and need to be uploaded to Amazon S3 every night in a fixed time window between 3am and 5am Current upload takes almost 3 hours, although less than half of the available bandwidth is used.
What step(s) would ensure that the file uploads are able to complete in the allotted time window?

Question28: Your EC2-Based Multi-tier application includes a monitoring instance that periodically makes application - level read only requests of various application components and if any of those fail more than three times
30 seconds calls CloudWatch lo fire an alarm, and the alarm notifies your operations team by email and SMS of a possible application health problem. However, you also need to watch the watcher -the monitoring instance itself - and be notified if it becomes unhealthy.
Which of the following is a simple way to achieve that goal?

Question29: An organization has created 10 IAM users. The organization wants each of the IAM users to have access to a separate DyanmoDB table. All the users are added to the same group and the organization wants to setup a group level policy for this. How can the organization achieve this?

Question30: George has launched three EC2 instances inside the US-East-1a zone with his AWS account. Ray has launched two EC2 instances in the US-East-1a zone with his AWS account. Which of the below mentioned statements will help George and Ray understand the availability zone (AZ) concept better?

Question31: An application running by a SysOps Administrator is under repeated, large-scale distributed denial of service (DDoS) attacks. Each time an attack occurs, multiple customers reach out to the Support team to report outages. The Administrator wants to minimize potential downtime from the DDoS attacks. The company requires 24/7 support.
Which AWS service should be set up to protect the application?

Question32: A SysOps Administrator must ensure that AWS CloudFormation deployment changes are properly tracked for governance.
Which AWS service should be used to accomplish this?

Question33: You are tasked with setting up a cluster of EC2 Instances for a NoSQL database. The database requires random read I/O disk performance up to a 100,000 IOPS at 4KB block side per node.
Which of the following EC2 instances will perform the best for this workload?

Question34: The InfoSec team has asked the SysOps Administrator to perform some hardening on the company Amazon RDS database instances.
Based on this requirement, what actions should be recommended for the start of the security review?
(Choose two.)

Question35: The Statement element, of an AWS IAM policy, contains an array of individual statements. Each individual statement is a(n) ______ block enclosed in braces { }.

Question36: An organization is planning to create 5 different AWS accounts considering various security requirements.
The organization wants to use a single payee account by using the consolidated billing option. Which of the below mentioned statements is true with respect to the above information?

Question37: An organization is trying to create various IAM users. Which of the below mentioned options is not a valid IAM username?

Question38: A customer enquires about whether all his data is secure on AWS, and is especially concerned about Elastic Map Reduce (EMR). You need to inform him of some of the security features in place for AWS.
Which of the below statements is incorrect regarding EMR or S3?

Question39: A user has configured Auto Scaling with the minimum capacity as 2 and the desired capacity as 2. The user is trying to terminate one of the existing instance with the command:

What will Auto Scaling do in this scenario?

Question40: A user has created a VPC with a public subnet. The user has terminated all the instances which are part of the subnet. Which of the below mentioned statements is true with respect to this scenario?

Question41: Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases/ decreases and has been performing well. Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks. Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175.
What should you do to avoid potential service disruptions during the ramp up in traffic?

Question42: An application is being developed that will be served across a fleet of Amazon EC2 instances, which require a consistent view of persistent data. Items stored vary in size from 1KB to 300MB; the items are read frequently, created occasionally, and often require partial changes without conflict. The data store is not expected to grow beyond 2TB, and items will be expired according to age and content type.
Which AWS service solution meets these requirements?

Question43: A user has launched an EBS backed EC2 instance in the US-East-1a region. The user stopped the instance and started it back after 20 days. AWS throws up an 'InsufficientInstanceCapacity' error. What can be the possible reason for this?

Question44: A user is planning to use AWS Cloudformation. Which of the below mentioned functionalities does not help him to correctly understand Cloudfromation?

Question45: A user is observing the EC2 CPU utilization metric on CloudWatch. The user has observed some interesting patterns while filtering over the 1 week period for a particular hour. The user wants to zoom that data point to a more granular period. How can the user do that easily with CloudWatch?

Question46: Your company Is moving towards tracking web page users with a small tracking Image loaded on each page Currently you are serving this image out of US-East, but are starting to get concerned about the time It takes to load the image for users on the west coast.
What are the two best ways to speed up serving this image? (Choose two.)

Question47: You have set up an IAM policy for your users to access Elastic Load Balancers and you know that an IAM policy is a JSON document that consists of one or more statements. Which of the following elements is not a part of the statement in an IAM policy document?

Question48: While creating the wait condition resource in AWS CloudFormation, a SysOps Administrator receives the error "received 0 signals out of the 1 expected from the EC2 instance".
What steps should be taken to troubleshoot this issue? (Choose two.)

Question49: Which of the following statements about this S3 bucket policy is true?

Question50: Malicious traffic is reaching company web servers. A SysOps Administrator is tasked with blocking this traffic. The malicious traffic is distributed over many IP addresses and represents much higher traffic than is typically seen from legitimate users.
How should the Administrator protect the web servers?

Question51: A Developer created an AWS Lambda function and has asked the SysOps Administrator to make this function run every 15 minutes.
Whats is the MOST efficient way to accomplish this request?

Question52: What is the minimum duration when setting an alarm on a detailed monitoring metric in Cloud-Watch?

Question53: A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 by mistake. The user is trying to create another subnet of CIDR 20.0.0.1/24. How can the user create the second subnet?

Question54: AWS Cloud Hardware Security Modules (HSMs) are designed to _____.

Question55: A user runs the command "dd if=/dev/xvdf of=/dev/null bs=1M" on an EBS volume created from a snapshot and attached to a Linux instance. Which of the below mentioned activities is the user performing with the step given above?

Question56: A user has launched an EC2 instance. However, due to some reason the instance was terminated. If the user wants to find out the reason for termination, where can he find the details?

Question57: A root AWS account owner is trying to understand various options to set the permission to AWS S3. Which of the below mentioned options is not the right option to grant permission for S3?

Question58: A user needs to put sensitive data in an Amazon S3 bucket that can be accessed through an S3 VPC endpoint only. The user must ensure that resources in the VPC can only access the single S3 bucket.
Which combination of actions will meet the requirements? (select TWO.)

Question59: The fastest way to load 300 TB of data to AWS is _____.

Question60: An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region. A SysOps Administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deploy.
What is likely to be the problem?

Question61: A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring on Elastic Load balancing. Which of the below mentioned statements will help the user understand this functionality better?

Question62: For IAM user, a virtual Multi-Factor Authentication (MFA) device uses an application that gener-ates
______-digit authentication codes that are compatible with the time-based one-time password (TOTP) standard.

Question63: A web application's performance has been degrading. Historically, the application has had highly-variable workloads, but lately, there has been a steady growth in traffic as the result of a new product launch. After reviewing several Amazon CloudWatch metrics, it is discovered that over the last two weeks the balance of CPU credits has dropped to zero several times.
Which solutions will improve performance? (Choose two.)

Question64: A user has launched 10 instances from the same AMI ID using Auto Scaling. The user is trying to see the average CPU utilization across all instances of the last 2 weeks under the CloudWatch console. How can the user achieve this?

Question65: An organization has created a Queue named "modularqueue" with SQS. The organization is not performing any operations such as SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission on the queue. What can happen in this scenario?

Question66: An Amazon EBS volume attached to an EC2 instance was recently modified. Part of the modification included increasing the storage capacity. The SysOps Administrator notices that the increased storage capacity is not reflected in the file system.
Which step should the Administrator complete to use the increased storage capacity?

Question67: What is the main use of EMR?

Question68: A user has hosted an application on EC2 instances. The EC2 instances are configured with ELB and Auto Scaling. The application server session time out is 2 hours. The user wants to configure connection draining to ensure that all in-flight requests are supported by ELB even though the instance is being deregistered. What time out period should the user specify for connection draining?

Question69: In Amazon RDS, which of the following provides enhanced availability and durability for Database (DB) Instances, making them to be a natural fit for production database workloads?

Question70: If you specify only the general endpoint (autoscaling.amazonaws.com), Auto Scaling directs your request to the:

Question71: A user has created a VPC with public and private subnets using the VPC wizard. Which of the below mentioned statements is not true in this scenario?

Question72: A user has launched two EBS backed EC2 instances in the US-East-1a region. The user wants to change the zone of one of the instances. How can the user change it?

Question73: A user has launched an RDS MySQL DB with the Multi AZ feature. The user has scheduled the scaling of instance storage during maintenance window. What is the correct order of events during maintenance window?
1. Perform maintenance on standby
2. Promote standby to primary
3. Perform maintenance on original primary
4. Promote original master back as primary

Question74: What can an Administrator do to monitor whether an organization's instances are compliant with corporate policies and guidelines?

Question75: In AWS KMS, which of the following is NOT a mode of server-side encryption that you can use to protect data at rest in Amazon S3?

Question76: A Content Processing team has notified a SysOps Administrator that their content is sometimes taking a long time to process, whereas other times it processes quickly. The Content Processing submits messages to an Amazon Simple Queue Service (Amazon SQS) queue, which details the files that need to be processed. An Amazon EC2 instance polls the queue to determine which file to process next.
How could the Administrator maintain a fast but cost-effective processing time?

Question77: When the AWS Cloud infrastructure experiences an event that may impact an organization, which AWS service can be used to see which of the organization's resources are affected?

Question78: A SysOps Administrator has been able to consolidate multiple, secure websites onto a single server, and each site is running on a different port. The Administrator now wants to start a duplicate server in a second Availability Zone and put both behind a load balancer for high availability.
What would be the command line necessary to deploy one of the sites' certificates to the load balancer?
A:

B:

C:

D:

Question79: What are characteristics of Amazon S3? (Choose two.)

Question80: A user has setup a CloudWatch alarm on the EC2 instance for CPU utilization. The user has setup to receive a notification on email when the CPU utilization is higher than 60%. The user is running a virus scan on the same instance at a particular time. The user wants to avoid receiving an email at this time.
What should the user do?

Question81: An AWS account wants to be part of the consolidated billing of his organization's payee account. How can the owner of that account achieve this?

Question82: A user has setup a billing alarm using CloudWatch for $200. The usage of AWS exceeded $200 after some days. The user wants to increase the limit from $200 to $400? What should the user do?

Question83: You have been asked to leverage Amazon VPC BC2 and SOS to implement an application that submits and receives millions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS Which option will provide the most scalable solution for communicating between the application and SQS?

Question84: A SysOps Administrator noticed that a large number of Elastic IP addresses are being created on the company's AWS account., but they are not being associated with Amazon EC2 instances, and are incurring Elastic IP address charges in the monthly bill.
How can the Administrator identify who is creating the Elastic IP address?

Question85: A user is publishing custom metrics to CloudWatch. Which of the below mentioned statements will help the user understand the functionality better?

Question86: Which of the following is an incorrect statement about Amazon CloudWatch?

Question87: A user has created a queue named "myqueue" with SQS. There are four messages published to queue which are not received by the consumer yet. If the user tries to delete the queue, what will happen?

Question88: An application running on Amazon EC2 allows users to launch batch jobs for data analysis. The jobs are run asynchronously, and the user is notified when they are complete. While multiple jobs can run concurrently, a user's request need not be fulfilled for up to 24 hours. To run a job, the application launches an additional EC2 instance that performs all the analytics calculations. A job takes between 75 and 110 minutes to complete and cannot be interrupted.
What is the MOST cost-effective way to run this workload?

Question89: A sys admin has created a shopping cart application and hosted it on EC2. The EC2 instances are running behind ELB. The admin wants to ensure that the end user request will always go to the EC2 instance where the user session has been created. How can the admin configure this?

Question90: AWS KMS (Key Management Service) uses symmetric key cryptography to perform encryption and decryption. Symmetric key cryptography uses the same algorithm and key to both encrypt and de-crypt digital data. The unencrypted data is typically called plaintext whether it is text or not, and the encrypted data is typically called _____.

Question91: A company's IT Security team is performing an audit of the AWS environment to determine which servers need to be patched and where additional security controls need to be added.
The company is responsible for which of the following? (Choose two.)

Question92: An organization is concerned that its Amazon RDS databases are not protected. The solution to address this issue must be low cost, protect against table corruption that could be overlooked for several days, and must offer a 30-day window of protection.
How can these requirements be met?

Question93: You have a Linux EC2 web server instance running inside a VPC The instance is In a public subnet and has an EIP associated with it so you can connect to It over the Internet via HTTP or SSH The instance was also fully accessible when you last logged in via SSH. and was also serving web requests on port 80.
Now you are not able to SSH into the host nor does it respond to web requests on port 80 that were working fine last time you checked You have double-checked that all networking configuration parameters (security groups route tables. IGW'EIP. NACLs etc) are properly configured {and you haven't made any changes to those anyway since you were last able to reach the Instance). You look at the EC2 console and notice that system status check shows "impaired." Which should be your next step in troubleshooting and attempting to get the instance back to a healthy state so that you can log in again?

Question94: A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user's data center. Which of the below mentioned options is a valid entry for the main route table in this scenario?

Question95: A SysOps Administrator has an AWS Lambda function that stops all Amazon EC2 instances in a test environment at night and on the weekend. Stopping instances causes some servers to become corrupt due to the nature of the applications running on them.
What can the SysOps Administrator use to identify these EC2 instances?

Question96: A web-based application is running in AWS. The application is using a MySQL Amazon RDS database instance for persistence. The application stores transactional data and is read-heavy. The RDS instance gets busy during the peak usage, which shows the overall application response times.
The SysOps Administrator is asked to improve the read queries performance using a scalable solution.
Which options will meet these requirements? (Choose two.)

Question97: Which AWS service offers cost optimization by launching instances automatically only when need-ed?

Question98: An application running by a SysOps Administrator is under repeated, large-scale distributed denial of service (DDoS) attacks. Each time an attack occurs, multiple customers reach out to the Support team to report outages. The Administrator wants to minimize potential downtime from the DDoS attacks. The company requires 24/7 support.
Which AWS service should be set up to protect the application?

Question99: A user has configured an HTTPS listener on an ELB. The user has not configured any security policy which can help to negotiate SSL between the client and ELB. What will ELB do in this scenario?

Question100: A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created public and VPN only subnets along with hardware VPN access to connect to the user's data center. The user has not yet launched any instance as well as modified or deleted any setup. He wants to delete this VPC from the console. Will the console allow the user to delete the VPC?

Question101: A corporate website is hosted on several Amazon EC2 instances across multiple regions around the globe.
How should an Administrator configure the website to maintain high availability with minimal downtime if one of the regions has network connectivity congestion for an extended period of time?

Question102: A SysOps Administrator stores crash dump files in Amazon S3. New security and privacy measures require that crash dumps older than 6 months be deleted.
Which approach meets this requirement?

Question103: An organization has setup consolidated billing with 3 different AWS accounts. Which of the below mentioned advantages will organization receive in terms of the AWS pricing?

Question104: ABC has three AWS accounts. They have created separate IAM users within each account.
ABC wants a single IAM login URL such as https://abc.signin.aws.amazon.com/console/ for use by IAM users in all three accounts.
How can this be achieved?

Question105: A user is launching an EC2 instance in the US East region. Which of the below mentioned options is recommended by AWS with respect to the selection of the availability zone?

Question106: A user has launched a large EBS backed EC2 instance in the US-East-1a region. The user wants to achieve Disaster Recovery (DR. for that instance by creating another small instance in Europe. How can the user achieve DR?

Question107: A user has a weighing plant. The user measures the weight of some goods every 5 minutes and sends data to AWS CloudWatch for monitoring and tracking. Which of the below mentioned parameters is mandatory for the user to include in the request list?

Question108: A user has launched an EC2 Windows instance from an instance store backed AMI. The user wants to convert the AMI to an EBS backed AMI. How can the user convert it?

Question109: A user has created a subnet in VPC and launched an EC2 instance within it. The user has not selected the option to assign the IP address while launching the instance. The user has 3 elastic IPs and is trying to assign one of the Elastic IPs to the VPC instance from the console. The console does not show any instance in the IP assignment screen. What is a possible reason that the instance is unavailable in the assigned IP console?

Question110: An Amazon EC2 instance is in a private subnet. To SSH to the instance, it is required to use a bastion host that has an IP address of 10.0.0.5. SSH logs on the EC2 instance in the private subnet show that connections are being made over SSH from several other IP addresses. The EC2 instance currently has the following inbound security group rules applied:
Protocol: TCP
Port: 22
Source: 10.0.0.5/32
Protocol: TCP
Port: 22
Source: sg-xxxxxxxx
Protocol: TCP
Port: 389
Source: 0.0.0.0/0
What is the MOST likely reason that another IP addresses is able to SSH to the EC2 instance?

Question111: A user has configured two security groups which allow traffic as given below:
1: SecGrp1:
Inbound on port 80 for 0.0.0.0/0
Inbound on port 22 for 0.0.0.0/0
2: SecGrp2:
Inbound on port 22 for 10.10.10.1/32
If both the security groups are associated with the same instance, which of the below mentioned statements is true?

Question112: Elastic Load Balancing automatically distributes incoming traffic across multiple _____ instances.

Question113: A user has created a subnet with VPC and launched an EC2 instance in that subnet with only default settings. Which of the below mentioned options is ready to use on the EC2 instance as soon as it is launched?

Question114: A user has created a VPC with CIDR 20.0.0.0/24. The user has created a public subnet with CIDR
20.0.0.0/25 and a private subnet with CIDR 20.0.0.128/25. The user has launched one instance each in the private and public subnets. Which of the below mentioned options cannot be the correct IP address (private IP. assigned to an instance in the public or private subnet?

Question115: Which of the following statements about this S3 bucket policy is true?

Question116: The networking team has created a VPC in an AWS account. The application team has asked for access to resources in another VPC in the same AWS account. The SysOps Administrator has created the VPC peering connection between both the accounts, but the resources in one VPC cannot communicate with the resources in the other VPC.
What could be causing this issue?

Question117: In the context of AWS Security Best Practices for RDS, if you require encryption or data integrity authentication of data at rest for compliance or other purposes, you can add protection at the _____ using SQL cryptographic functions.

Question118: A user is displaying the CPU utilization, and Network in and Network out CloudWatch metrics data of a single instance on the same graph. The graph uses one Y-axis for CPU utilization and Network in and another Y-axis for Network out. Since Network in is too high, the CPU utilization data is not visible clearly on graph to the user. How can the data be viewed better on the same graph?

Question119: A user is running one instance for only 3 hours every day. The user wants to save some cost with the instance. Which of the below mentioned Reserved Instance categories is advised in this case?

Question120: A security policy allows instances in the Production and Development accounts to write application logs to an Amazon S3 bucket belonging to the Security team's account. Only the Security team should be allowed to delete logs from the S3 bucket.
Using the "myAppRole" EC2 role, the production and development teams report that the application servers are not able to write to the S3 bucket.
Which changes need to be made to the policy to allow the application logs to be written to the S3 bucket?
Production Account: 111111111111
Dev Account: 222222222222
Security Account: 555555555555

Question121: An organization is planning to use AWS for their production roll out. The organization wants to implement automation for deployment such that it will automatically create a LAMP stack, download the latest PHP installable from S3 and setup the ELB. Which of the below mentioned AWS services meets the requirement for making an orderly deployment of the software?

Question122: What happens if the instance launched by Auto Scaling becomes unhealthy?

Question123: Does AWS offer any web-based graphic user interface to access and manage EC2 instances?

Question124: A company is running a popular social media site on EC2 instances. The application stores data in an Amazon RDS for MySQL DB instance and has implemented read caching by using an ElastiCache for Redis (cluster mode enabled) cluster to improve read times. A social event is happening over the weekend, and the SysOps Administrator expects website traffic to triple.
What can a SysOps Administrator do to ensure improved read times for users during the social event?

Question125: A user is launching an instance. He is on the "Tag the instance" screen. Which of the below mentioned information will not help the user understand the functionality of an AWS tag?

Question126: You are using ElastiCache Memcached to store session state and cache database queries in your infrastructure. You notice in CloudWatch that Evictions and GetMisses are Doth very high.
What two actions could you take to rectify this? (Choose two.)

Question127: A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.
How should the Administrator ensure that this is done?

Question128: An organization has configured Auto Scaling for hosting their application. The system admin wants to understand the Auto Scaling health check process. If the instance is unhealthy, Auto Scaling launches an instance and terminates the unhealthy instance. What is the order execution?

Question129: An application is generating a log file every 5 minutes. The log file is not critical but may be required only for verification in case of some major issue. The file should be accessible over the internet whenever required. Which of the below mentioned options is a best possible storage solution for it?

Question130: A user has created a VPC with two subnets: one public and one private. The user is planning to run the patch update for the instances in the private subnet. How can the instances in the private subnet connect to the Internet?

Question131: You know that AWS Billing and Cost Management integrates with the AWS Identity and Access Management (IAM) service so that you can control who in your organization has access to specific pages on the AWS Billing and Cost Management console. Which of the following items can you control access to in AWS Billing and Cost Management?

Question132: Which of the CloudWatch services mentioned below is NOT a part of the AWS free tier?

Question133: A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR
20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306). The user is configuring a security group for the public subnet (WebSecGrp. and the private subnet (DBSecGrp). Which of the below mentioned entries is required in the private subnet database security group (DBSecGrp)?

Question134: An organization is setting up programmatic billing access for their AWS account. Which of the below mentioned services is not required or enabled when the organization wants to use programmatic access?

Question135: A user has configured an EC2 instance in the US-East-1a zone. The user has enabled detailed monitoring of the instance. The user is trying to get the data from CloudWatch using a CLI. Which of the below mentioned CloudWatch endpoint URLs should the user use?

Question136: Which of the following are characteristics of Amazon VPC subnets? (Choose two.)

Question137: Application developers are reporting Access Denied errors when trying to list the contents of an Amazon S3 bucket by using the IAM user "arn:aws:iam::111111111111:user/application". The following S3 bucket policy is in use:

How should a SysOps Administrator modify the S3 bucket policy to fix the issue?

Question138: A SysOps Administrator is troubleshooting Amazon EC2 connectivity issues to the internet. The EC2 instance is in a private subnet. Below is the route table that is applied to the subnet of the EC2 instance.
Destination - 10.2.0.0/16
Target - local
Status - Active
Propagated - No
Destination - 0.0.0.0/0
Target - nat-xxxxxxx
Status - Blackhole
Propagated - No
What has caused the connectivity issue?

Question139: Network ACLs in a VPC operate at the ______.

Question140: A user has launched an ELB which has 5 instances registered with it. The user deletes the ELB by mistake. What will happen to the instances?

Question141: An organization with a large IT department has decided to migrate to AWS. With different job functions in the IT department, it is not desirable to give all users access to all AWS resources. Currently the organization handles access via LDAP credentials?

Question142: What does Amazon EMR stand for?

Question143: A user has setup a CloudWatch alarm on an EC2 action when the CPU utilization is above 75%. The alarm sends a notification to SNS on the alarm state. If the user wants to simulate the alarm action how can he achieve this?

Question144: A user has enabled the Multi AZ feature with the MS SQL RDS database server. Which of the below mentioned statements will help the user understand the Multi AZ feature better?

Question145: A SysOps Administrator wants to automate the process of configuration, deployment, and management of Amazon EC2 instances using Chef or Puppet.
Which AWS service will satisfy the requirement?

Question146: An organization stores sensitive customer information in S3 buckets protected by bucket policies.
Recently, there have been reports that unauthorized entities within the company have been trying to access the data on those S3 buckets. The Chief Information Security Officer (CISO) would like to know which buckets are being targeted and determine who is responsible for trying to access that information.
Which steps should a SysOps Administrator take to meet the CISO's requirement? (Choose two.)

Question147: A user has configured ELB with Auto Scaling. The user temporarily suspended the Auto Scaling terminate process. What might the Availability Zone Rebalancing process (AZRebalance) conse-quently cause during this period?

Question148: In the AWS Storage Gateway, using the ____________, you can cost-effectively and durably ar-chive backup data in Amazon Glacier.

Question149: What does Amazon ELB stand for?

Question150: A company's Auditor implemented a compliance requirement that all Amazon S3 buckets must have logging enabled.
How should the SysOps Administrator ensure this compliance requirement is met, while still permitting Developers to create and use new S3 buckets?

Question151: A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. Which of the below mentioned security policies is supported by ELB?

Question152: A user has launched an EC2 instance from an instance store backed AMI. The user has attached an additional instance store volume to the instance. The user wants to create an AMI from the running instance. Will the AMI have the additional instance store volume data?

Question153: What is Amazon WorkSpaces?

Question154: A user is trying to send custom metrics to CloudWatch using the PutMetricData APIs. Which of the below mentioned points should the user needs to take care while sending the data to CloudWatch?

Question155: A user is trying to create a list of IAM users with the AWS console. When the IAM users are creat-ed which of the below mentioned credentials will be enabled by default for the user?

Question156: You are setting up security groups for both incoming traffic and outgoing traffic in your VPC net-work on the AWS CLI. Which of the following AWS CLI commands would you use for adding one or more incoming traffic rules to a security group?

Question157: A user is aware that a huge download is occurring on his instance. He has already set the Auto Scal-ing policy to increase the instance count when the network I/O increases beyond a certain limit. How can the user ensure that this temporary event does not result in scaling?

Question158: What is an Auto Scaling group?

Question159: A company is auditing their infrastructure to obtain a compliance certification.
Which of the following options are the company's responsibility within the Shared Responsibility Model?
(Select two.)

Question160: An organization wants to move to Cloud. They are looking for a secure encrypted database storage option.
Which of the below mentioned AWS functionalities helps them to achieve this?

Question161: You are attempting to connect to an instance in Amazon VPC without success. You have already verified that the VPC has an Internet Gateway (IGW) the instance has an associated Elastic IP (EIP) and correct security group rules are in place.
Which VPC component should you evaluate next?

Question162: An application resides on multiple EC2 instances in public subnets in two Availability Zones. To improve security, the Information Security team has deployed an Application Load Balancer (ALB) in separate subnets and pointed the DNS at the ALB instead of the EC2 instances.
After the change, traffic is not reaching the instances, and an error is being returned from the ALB.
What steps must a SysOps Administrator take to resolve this issue and improve the security of the application? (Select TWO.)

Question163: You are tasked with the migration of a highly trafficked Node JS application to AWS in order to comply with organizational standards Chef recipes must be used to configure the application servers that host this application and to support application lifecycle events.
Which deployment option meets these requirements while minimizing administrative burden?

Question164: An organization has created one IAM user and applied the below mentioned policy to the user. What entitlements do the IAM users avail with this policy?

Question165: An organization is planning to create a user with IAM. They are trying to understand the limitations of IAM so that they can plan accordingly. Which of the below mentioned statements is not true with respect to the limitations of IAM?

Question166: An organization has been running their website on several m2 Linux instances behind a Classic Load Balancer for more than two years. Traffic and utilization have been constant and predictable.
What should the organization do to reduce costs?

Question167: A user is collecting 1000 records per second. The user wants to send the data to CloudWatch using a custom namespace. Which of the below mentioned options is recommended for this activi-ty?

Question168: Your entire AWS infrastructure lives inside of one Amazon VPC. You have an Infrastructure monitoring application running on an Amazon instance in Availability Zone (AZ) A of the region, and another application instance running in AZ B.
The monitoring application needs to make use of ICMP ping to confirm network reachability of the instance hosting the application.
Can you configure the security groups for these instances to only allow the ICMP ping to pass from the monitoring instance to the application instance and nothing else? If so how?

Question169: A user is using Cloudformation to launch an EC2 instance and then configure an application after the instance is launched. The user wants the stack creation of ELB and AutoScaling to wait until the EC2 instance is launched and configured properly. How can the user configure this?

Question170: A root account owner has created an S3 bucket testmycloud. The account owner wants to allow everyone to upload the objects as well as enforce that the person who uploaded the object should manage the permission of those objects. Which is the easiest way to achieve this?

Question171: A user has configured the Auto Scaling group with the minimum capacity as 3 and the maximum capacity as 5. When the user configures the AS group, how many instances will Auto Scaling launch?

Question172: What is Amazon Import/Export?

Question173: An application running on Amazon EC2 instances needs to write files to an Amazon S3 bucket.
What is the MOST secure way to grant the application access to the S3 bucket?

Question174: A user has launched an EC2 instance. The instance got terminated as soon as it was launched. Which of the below mentioned options is not a possible reason for this?

Question175: A new application runs on Amazon EC2 instances and accesses data in an Amazon RDS database instance. When fully deployed in production, the application fails. The database can be queried from a console on a bastion host. When looking at the web server logs, the following error is repeated multiple times:
*** Error Establishing a Database Connection.
Which of the following may be causes of the connectivity problems? (Choose two.)

Question176: A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling AddToLoadBalancer (which adds instances to the load balancer. process for a while). What will happen to the instances launched during the suspension period?

Question177: A user has enabled the CloudWatch alarm to estimate the usage charges. If the user disables moni-toring of the estimated charges but does not delete the billing alert from the AWS account, what will happen?

Question178: Network ACLs are _______.

Question179: A SysOps Administrator is reviewing AWS Trusted warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue the bucket owner, the Administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution.
Which action should the Administrator take to ensure that users access objects in Amazon S3 by using only CloudFront URLs?

Question180: How can you secure data at rest on an EBS volume?

Question181: A sys admin is trying to understand the Auto Scaling activities. Which of the below mentioned processes is not performed by Auto Scaling?

Question182: An application running by a SysOps Administrator is under repeated, large-scale distributed denial of service (DDoS) attacks. Each time an attack occurs, multiple customers reach out to the Support team to report outages. The Administrator wants to minimize potential downtime from the DDoS attacks. The company requires 24/7 support.
Which AWS service should be set up to protect the application?

Question183: When assessing an organization s use of AWS API access credentials which of the following three credentials should be evaluated? (Choose three.)

Question184: What does Amazon EMR stand for?

Question185: A user has launched an EBS backed instance. The user started the instance at 9 AM in the morning.
Between 9 AM to 10 AM, the user is testing some script. Thus, he stopped the instance twice and restarted it. In the same hour the user rebooted the instance once. For how many instance hours will AWS charge the user?

Question186: What does Amazon EC2 provide?

Question187: You need to design a VPC for a web-application consisting of an Elastic Load Balancer (ELB). a fleet of web/application servers, and an RDS database. The entire Infrastructure must be distributed over 2 availability zones.
Which VPC configuration works while assuring the database is not available from the Internet?

Question188: A company has a web application that runs both on-premises and on Amazon EC2 instances. Over time, both the on-premises servers and EC2 instances begin crashing. A SysOps Administrator suspects a memory leak in the application and wants a unified method to monitor memory utilization over time.
How can the Administrator track both the EC2 memory utilization and on-premises server memory utilization over time?

Question189: A user has configured ELB with a TCP listener at ELB as well as on the back-end instances. The user wants to enable a proxy protocol to capture the source and destination IP information in the header. Which of the below mentioned statements helps the user understand a proxy protocol with TCP configuration?

Question190: In Amazon CloudFront, if you have chosen On for Logging, the access logs are stored in
_______________.

Question191: A user has configured ELB with two EBS backed EC2 instances. The user is trying to understand the DNS access and IP support for ELB. Which of the below mentioned statements may not help the user understand the IP mechanism supported by ELB?

Question192: A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned services does not provide detailed monitoring with CloudWatch?

Question193: A user has launched an RDS postgreSQL DB with AWS. The user did not specify the maintenance window during creation. The user has configured RDS to update the DB instance type from micro to large.
If the user wants to have it during the maintenance window, what will AWS do?

Question194: A sys admin is trying to understand EBS snapshots. Which of the below mentioned statements will not be useful to the admin to understand the concepts about a snapshot?

Question195: You can configure Amazon CloudFront to deliver access logs per ________ to an Amazon S3 bucket of your choice.

Question196: An application running by a SysOps Administrator is under repeated, large-scale distributed denial of service (DDoS) attacks. Each time an attack occurs, multiple customers reach out to the Support team to report outages. The Administrator wants to minimize potential downtime from the DDoS attacks. The company requires 24/7 support.
Which AWS service should be set up to protect the application?

Question197: An organization's security policy requires multiple copies of all critical data to be replicated across at least a primary and backup data center. The organization has decided to store some critical data on Amazon S3.
Which option should you implement to ensure this requirement is met?

Question198: In IAM, a policy has to include the information about who (user) is allowed to access the resource, known as the _____.

Question199: What is a placement group in Amazon EC2?

Question200: Which two AWS services provide out-of-the-box user configurable automatic backup-as-a-service and backup rotation options? (Choose two.)

Question201: A user wants to find the particular error that occurred on a certain date in the AWS MySQL RDS DB.
Which of the below mentioned activities may help the user to get the data easily?

Question202: Can you configure multiple Load Balancers with a single Auto Scaling group?

Question203: A user has setup a web application on EC2. The user is generating a log of the application performance at every second. There are multiple entries for each second. If the user wants to send that data to CloudWatch every minute, what should he do?

Question204: An organization has applied the below mentioned policy on an IAM group which has selected the IAM users. What entitlements do the IAM users avail with this policy?

Question205: When an instance terminates, Amazon EC2 uses the value of the _____ attribute for each attached Amazon EBS volume to determine whether to preserve or delete the volume.

Question206: A system admin wants to add more zones to the existing ELB. The system admin wants to perform this activity from CLI. Which of the below mentioned command helps the system admin to add new zones to the existing ELB?

Question207: What does Amazon IAM stand for?

Question208: As part of an operational audit, an Administrator is tasked with showing that all security responsibilities under the customer's control are properly executed.
Which of the following items is the customer responsible for providing to the auditor? (Select TWO.)

Question209: Which of the following statements is true of Elastic Load Balancing?

Question210: A sys admin is maintaining an application on AWS. The application is installed on EC2 and user has configured ELB and Auto Scaling. Considering future load increase, the user is planning to launch new servers proactively so that they get registered with ELB. How can the user add these instances with Auto Scaling?

Question211: The SysOps Administrator must integrate an existing on-premises asymmetrical key management system into an AWS services platform.
How can the Administrator meet this requirement?

Question212: InfoSec is concerned that an employee may expose sensitive data in an Amazon S3 bucket.
How can this concern be addressed without putting undue restrictions on users?

Question213: A user has launched two EBS backed EC2 instances in the US-East-1a region. The user wants to change the zone of one of the instances. How can the user change it?

Question214: A colleague is attempting to launch several new CloudFormation stacks, and receives the following error response:

What should be done to address the error?

Question215: A SysOps Administrator is implementing SSL for a domain of an internet-facing application running behind an Application Load Balancer (ALB). The Administrator decides to use an SSL certificate from Amazon Certificate Manager (ACM) to secure it.
Upon creating a request for the ALB fully qualified domain name (FQDN), it fails, and the error message
"Domain Not Allowed" is displayed.
How can the Administrator fix this issue?

Question216: In which screen does a user select the Availability Zones while configuring Auto Scaling?

Question217: A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling AlarmNotification which notifies Auto Scaling for CloudWatch alarms. process for a while. What will Auto Scaling do during this period?

Question218: A user has created a VPC with CIDR 20.0.0.0/16. The user has created public and VPN only subnets along with hardware VPN access to connect to the user's datacenter. The user wants to make so that all traffic coming to the public subnet follows the organization's proxy policy. How can the user make this happen?

Question219: Which of the following activities is NOT performed by the Auto Scaling policy?

Question220: An organization (account ID 123412341234) has configured the IAM policy to allow the user to modify his credentials. What will the below mentioned statement allow the user to perform?

Question221: A web application runs on Amazon EC2 instances with public IPs assigned behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS Multi-AZ DB instance. The Application Load Balancer, EC2 instances, and RDS DB instance all run in separate sets of subnets. The EC2 instances can communicate with the DB instance, but cannot connect with external services.
What is the MOST likely solution?

Question222: A user is configuring a CloudWatch alarm on RDS to receive a notification when the CPU utilization of RDS is higher than 50%. The user has setup an alarm when there is some inactivity on RDS, such as RDS unavailability. How can the user configure this?

Question223: What is the maximum size of an object in Amazon S3?

Question224: The Database Administration team is interested in performing manual backups of an Amazon RDS Oracle DB instance.
What steps should be taken to perform the backups?

Question225: In regard to AWS CloudFormation, to pass values to your template at runtime you should use
____________.

Question226: A user has created an Auto Scaling group using CLI. The user wants to enable CloudWatch detailed monitoring for that group. How can the user configure this?

Question227: How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone to another?

Question228: A user is configuring the Multi AZ feature of an RDS DB. The user came to know that this RDS DB does not use the AWS technology, but uses server mirroring to achieve HA. Which DB is the user using right now?

Question229: When creation of an EBS snapshot Is initiated but not completed the EBS volume?

Question230: Can you use the AWS Identity and Access Management (IAM) to assign permissions determining who can manage or modify RDS resources?

Question231: A user has configured an ELB to distribute the traffic among multiple instances. The user instances are facing some issues due to the back-end servers. Which of the below mentioned CloudWatch metrics helps the user understand the issue with the instances?

Question232: A user has setup an Auto Scaling group. The group has failed to launch a single instance for more than 24 hours. What will happen to Auto Scaling in this condition?

Question233: You receive a frantic call from a new DBA who accidentally dropped a table containing all your customers.
Which Amazon RDS feature will allow you to reliably restore your database to within 5 minutes of when the mistake was made?

Question234: A user has launched an EC2 instance store backed instance in the US-East-1a zone. The user created AMI #1 and copied it to the Europe region. After that, the user made a few updates to the application running in the US-East-1a zone. The user makes an AMI#2 after the changes. If the user launches a new instance in Europe from the AMI #1 copy, which of the below mentioned statements is true?

Question235: You need to determine what encryption operations were taken with which key in AWS KMS to ei-ther encrypt or decrypt data in the AWS CodeCommit repository. Which of the following actions will best help you accomplish this?

Question236: A user is running a batch process on EBS backed EC2 instances. The batch process starts a few instances to process hadoop Map reduce jobs which can run between 50 - 600 minutes or sometimes for more time. The user wants to configure that the instance gets terminated only when the process is completed. How can the user configure this with CloudWatch?

Question237: Which of the following terms is NOT a key CloudWatch concept?

Question238: A company has an asynchronous nightly process that feeds the results to a data warehouse system for weekly and monthly reporting. The process is running on a fleet of Amazon EC2 instances. A SysOps Administrator has been asked to identify ways to reduce the cost of running this process.
What is the MOST cost-effective solution?

Question239: Does Amazon RDS support SSL encryption for SQL Server DB Instances?

Question240: You have a proprietary data store on-premises that must be backed up daily by dumping the data store contents to a single compressed 50GB file and sending the file to AWS. Your SLAs state that any dump file backed up within the past 7 days can be retrieved within 2 hours. Your compliance department has stated that all data must be held indefinitely. The time required to restore the data store from a backup is approximately 1 hour. Your on-premise network connection is capable of sustaining 1gbps to AWS.
Which backup methods to AWS would be most cost-effective while still meeting all of your requirements?

Question241: A user has created a VPC with CIDR 20.0.0.0/16 with only a private subnet and VPN connection using the VPC wizard. The user wants to connect to the instance in a private subnet over SSH. How should the user define the security rule for SSH?

Question242: In Amazon VPC, the ______ encryption function is used to ensure privacy among both IKE and IPsec Security Associations.

Question243: A company website hosts patches for software that is sold globally. The website runs in AWS and performs well until a large software patch is released. The flood of downloads puts a strain on the web servers and leads to a poor customer experience.
What can the SysOps Administrator propose to enhance customer experience, create a more available web platform, and keep costs low?

Question244: A new application is being tested for deployment on an Amazon EC2 instance that requires greater IOPS than currently provided by the single 4TB General Purpose SSD (gp2) volume.
Which actions should be taken to provide additional Amazon EBS IOPS for the application? (Choose two.)

Question245: A user has enabled detailed CloudWatch metric monitoring on an Auto Scaling group. Which of the below mentioned metrics will help the user identify the total number of instances in an Auto Scaling group including pending, terminating and running instances?

Question246: ___________ is a task coordination and state management service for cloud applications.

Question247: What does Amazon IAM provide?

Question248: A sys admin has enabled logging on ELB. Which of the below mentioned fields will not be a part of the log file name?

Question249: What does Amazon Route53 provide?

Question250: An AWS root account owner is trying to create a policy to access RDS. Which of the below mentioned statements is true with respect to the above information?

Question251: An e-commerce company hosts its website on the AWS us-west-1 region. It plans to create a special site for a promotion that should be visible only to shoppers from Canada.
What change should the SysOps Administrator make to the company's existing AWS setup to achieve this result?

Question252: Which of the following requires a custom CloudWatch metric to monitor?

Question253: A company wants to review the security requirements of Glacier. Which of the below mentioned statements is true with respect to the AWS Glacier data security?

Question254: A SysOps Administrator must find a way to set up alerts when Amazon EC2 service limits are close to being reached.
How can the Administrator achieve this requirement?

Question255: An organization has setup multiple IAM users. The organization wants that each IAM user accesses the IAM console only within the organization and not from outside. How can it achieve this?

Question256: A user has configured a VPC with a new subnet. The user has created a security group. The user wants to configure that instances of the same subnet communicate with each other. How can the user configure this with the security group?

Question257: A user has launched an EBS backed EC2 instance. The user has rebooted the instance. Which of the below mentioned statements is not true with respect to the reboot action?

Question258: A SysOps Administrator must evaluate storage solutions to replace a company's current user-shared drives infrastructure. Any solution must support security controls that enable Portable Operating System Interface (POSIX) permissions and Network File System protocols. Additionally, any solution must be accessible from multiple Amazon EC2 instances and on-premises servers connected to the Amazon VPC.
Which AWS service meets the user drive requirements?

Question259: Amazon EC2 provides virtual computing environments known as _____.

Question260: A mobile application must allow users to securely access their own content stored in a shared Amazon S3 bucket.
Which AWS services should be used to enable this access? (Choose two.)

Question261: A user has setup a VPC with CIDR 20.0.0.0/16. The VPC has a private subnet (20.0.1.0/24. and a public subnet (20.0.0.0/24.. The user's data center has CIDR of 20.0.54.0/24 and 20.1.0.0/24. If the private subnet wants to communicate with the data center, what will happen?

Question262: ____________ is a fast, flexible, fully managed pub/sub messaging service.

Question263: A SysOps Administrator receives reports of an Auto Scaling group failing to scale when the nodes running Amazon Linux in the cluster are constrained by high memory utilization.
What should the Administrator do to enable scaling to better adapt to the high memory utilization?

Question264: In configuring an Amazon Route 53 health check, a SysOps Administrator selects 'Yes' to the String Matching option in the Advanced Configuration section. In the Search String box, the Administrator types the following text: /html.
This is to ensure that the entire page is loading during the health check. Within 5 minutes of enabling the health check, the Administrator receives an alert stating that the check failed. However, when the Administrator navigates to the page, it loads successfully.
What is the MOST likely cause of this false alarm?

Question265: You are building an online store on AWS that uses SQS to process your customer orders. Your backend system needs those messages in the same sequence the customer orders have been put in. How can you achieve that?

Question266: A root account owner is trying to understand the S3 bucket ACL. Which of the below mentioned options cannot be used to grant ACL on the object using the authorized predefined group?

Question267: An application is running on Amazon EC2 instances behind a Classic Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. Occasionally multiple incoming requests will receive a 5xx HTTP response when making a request to the Classic Load Balancer. From the Amazon CloudWatch metrics, a SysOps Administrator observes the Elastic Load Balancing (ELB) SpillOverCount metric to be greater than zero during these occasions.
These errors can be avoided by triggering scaling actions on which ELB metric?

Question268: A company has mandated the use of multi-factor authentication (MFA) for all IAM users, and requires users to make all API-calls using the CLI. However, users are not prompted to enter MFA tokens, and are able to run CLI commands without MFA. In an attempt to enforce MFA, the company attached an IAM policy to all users that denies API calls that have not been authenticated with MFA.
What additional step must be taken to ensure that API calls are authenticated using MFA?

Question269: A user has set the Alarm for the CPU utilization > 50%. Due to an internal process, the current CPU utilization will be 80% for 6 hours. How can the user ensure that the CloudWatch alarm does not perform any action?

Question270: An organization (Account ID 123412341234. has attached the below mentioned IAM policy to a user. What does this policy statement entitle the user to perform?

Question271: An organization has added 3 of his AWS accounts to consolidated billing. One of the AWS accounts has purchased a Reserved Instance (RI. of a small instance size in the US-East-1a zone. All other AWS accounts are running instances of a small size in the same zone. What will happen in this case for the RI pricing?

Question272: What does AMI stand for?

Question273: A user is receiving a notification from the RDS DB whenever there is a change in the DB security group.
The user does not want to receive these notifications for only a month. Thus, he does not want to delete the notification. How can the user configure this?

Question274: An organization has configured Auto Scaling with ELB. There is a memory issue in the application which is causing CPU utilization to go above 90%. The higher CPU usage triggers an event for Auto Scaling as per the scaling policy. If the user wants to find the root cause inside the application without triggering a scaling activity, how can he achieve this?

Question275: What is Amazon CloudFront?

Question276: In the 'Detailed' monitoring data available for your Amazon EBS volumes, Provisioned IOPS volumes automatically send _____ minute metrics to Amazon CloudWatch.

Question277: A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at Rest.
If the user is supplying his own keys for encryption (SSE-C., which of the below mentioned statements is true?

Question278: A user has received a message from the support team that an issue occurred 1 week back between 3 AM to 4 AM and the EC2 server was not reachable. The user is checking the CloudWatch metrics of that instance. How can the user find the data easily using the CloudWatch console?

Question279: A user has two EC2 instances running in two separate regions. The user is running an internal memory management tool, which captures the data and sends it to CloudWatch in US East, using a CLI with the same namespace and metric. Which of the below mentioned options is true with respect to the above statement?

Question280: Which of the following statements is true of IAM?

Question281: Is it possible to create an S3 bucket accessible only by a certain IAM user using policies in a Cloud- Formation template?

Question282: A user has launched an EBS backed EC2 instance. What will be the difference while performing the restart or stop/start options on that instance?

Question283: Amazon EBS snapshots have which of the following two characteristics? (Choose two.)

Question284: A company has adopted a security policy that requires all customer data to be encrypted at rest. Currently, customer data is stored on a central Amazon EFS file system and accessed by a number of different applications from Amazon EC2 instances.
How can the SysOps Administrator ensure that all customer data stored on the EFS file system meets the new requirement?

Question285: An organization has configured Auto Scaling with ELB. One of the instance health check returns the status as Impaired to Auto Scaling. What will Auto Scaling do in this scenario?

Question286: A SysOps Administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance. The Administrator has been tasked with reconfiguring the infrastructure to support this approach.
How can the Administrator accomplish this with the LEAST administrative overhead?

Question287: AWS IAM permissions can be assigned in two ways:

Question288: During a security investigation, it is determined that there is a coordinated attack on the web applications deployed on Amazon EC2. The attack is performed through malformed HTTP headers.
What AWS service of feature would prevent this traffic from reaching the EC2 instances?

Question289: What is a "vault" in Amazon Glacier?

Question290: A sys admin has created the below mentioned policy and applied to an S3 object named aws.jpg. The aws.jpg is inside a bucket named cloudacademy. What does this policy define?

Question291: EBS (Elastic Block Store) can be best described as:

Question292: A user wants to disable connection draining on an existing ELB. Which of the below mentioned statements helps the user disable connection draining on the ELB?

Question293: A user is sending custom data metrics to CloudWatch. What is the allowed time stamp granularity for each data point published for the custom metric?

Question294: A user has created a VPC with a subnet and a security group. The user has launched an instance in that subnet and attached a public IP. The user is still unable to connect to the instance. The Internet gateway has also been created. What can be the reason for the error?

Question295: A user is trying to understand the CloudWatch metrics for the AWS services. It is required that the user should first understand the namespace for the AWS services. Which of the below mentioned is not a valid namespace for the AWS services?

Question296: A user is trying to create an EBS volume with the highest PIOPS supported by EBS. What is the minimum size of EBS required to have the maximum IOPS?

Question297: A company must share monthly report files that are uploaded to Amazon S3 with a third party. The third- party user list is dynamic, is distributed, and changes frequently. The least amount of access must be granted to the third party. Administrative overhead must be low for the internal teams who manage the process.
How can this be accomplished while providing the LEAST amount of access to the third party?

Question298: Bob is an IAM user who has access to the EC2 services. Admin is an IAM user who has access to all the AWS services including IAM. Can Bob change his own password?

Question299: Can you use CloudWatch to monitor memory and disk utilization usage for your Amazon EC2 Linux instances?

Question300: Your customers are concerned about the security of their sensitive data and their inquiry asks about what happens to old storage devices on AWS. What would be the best answer to this question?

Question301: You have an Auto Scaling group associated with an Elastic Load Balancer (ELB). You have noticed that instances launched via the Auto Scaling group are being marked unhealthy due to an ELB health check, but these unhealthy instances are not being terminated.
What do you need to do to ensure trial instances marked unhealthy by the ELB will be terminated and replaced?

Question302: A user is trying to understand AWS SNS. To which of the below mentioned end points is SNS unable to send a notification?

Question303: A user is trying to create a PIOPS EBS volume with 4000 IOPS and 100 GB size. AWS does not allow the user to create this volume. What is the possible root cause for this?

Question304: An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General Purpose SSD volumes, am Amazon RDS PostgreSQL database, an Amazon EFS file system, and static objects stored in an Amazon S3 bucket. The Security team now mandates that at-rest encryption be turned on immediately for all aspects of the application, without creating new resources and without any downtime.
To satisfy the requirements, which one of these services can the SysOps Administrator enable at-rest encryption on?

Question305: A user has provisioned 2000 IOPS to the EBS volume. The application hosted on that EBS is experiencing less IOPS than provisioned. Which of the below mentioned options does not affect the IOPS of the volume?

Question306: In IAM, can you attach more than one inline policy to a particular entity such a user, role, or group?

Question307: Your VPC automatically comes with a modifiable default network ACL, which by default _____.

Question308: A Systems Administrator is responsible for maintaining custom, approved AMIs for a company. These AMIs must be shared with each of the company's AWS accounts.
How can the Administrator address this issue?

Question309: A user has enabled instance protection for his Auto Scaling group that has spot instances. If Auto Scaling wants to terminate an instance in this Auto Scaling group due to a CloudWatch trigger unre-lated to bid price, what will happen?

Question310: Could you use IAM to grant access to Amazon DynamoDB resources and API actions?

Question311: You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration.
Which two mechanisms will allow the application to failover to new instances without the need for reconfiguration? (Choose two.)

Question312: What was the recommended use case for S3 Reduced Redundancy storage before its deprecation was planned?

Question313: A user is trying to connect to a running EC2 instance using SSH. However, the user gets an Unprotected Private Key File error. Which of the below mentioned options can be a possible reason for rejection?

Question314: An instance has enabled basic monitoring only for CloudWatch. What is the minimum time period available for basic monitoring?

Question315: A user is launching an instance with EC2. Which options below should the user consider before launching an instance?

Question316: A user had aggregated the CloudWatch metric data on the AMI ID. The user observed some abnormal behavior of the CPU utilization metric while viewing the last 2 weeks of data. The user wants to share that data with his manager. How can the user achieve this easily with the AWS console?

Question317: A user is planning to evaluate AWS for their internal use. The user does not want to incur any charge on his account during the evaluation. Which of the below mentioned AWS services would incur a charge if used?

Question318: What does Amazon SES stand for?

Question319: A user is planning to use AWS services for his web application. If the user is trying to set up his own billing management system for AWS, how can he configure it?

Question320: A user has launched an EC2 instance from an instance store backed AMI. The infrastructure team wants to create an AMI from the running instance. Which of the below mentioned steps will not be performed while creating the AMI?

Question321: A SysOps Administrator has implemented an Auto Scaling group with a step scaling policy. The Administrator notices that the additional instances have not been included in the aggregated metrics.
Why are the additional instances missing from the aggregated metrics?

Question322: A company is running a new promotion that will result in a massive spike in traffic for a single application.
The SysOps Administrator must prepare the application and ensure that the customers have a great experience. The application is heavy on memory and is running behind an AWS Application Load Balancer (ALB). The ALB has been pre-warmed, and the application is in an Auto Scaling group.
What built-in metric should be used to control the Auto Scaling group's scaling policy?

Question323: A user has created a VPC with the public subnet. The user has created a security group for that VPC.
Which of the below mentioned statements is true when a security group is created?

Question324: Which of the below mentioned options is not a best practice to securely manage the AWS access credentials?

Question325: The ______ IAM policy element describes the specific action or actions that will be allowed or de-nied.

Question326: A user has created a Cloudformation stack. The stack creates AWS services, such as EC2 instances, ELB, AutoScaling, and RDS. While creating the stack it created EC2, ELB and AutoScaling but failed to create RDS. What will Cloudformation do in this scenario?

Question327: Which instance characteristics are required if an Administrator wants to ensure use of the Amazon EC2 auto-recovery option? (Select two.)

Question328: A user has created a launch configuration for Auto Scaling where CloudWatch detailed monitoring is disabled. The user wants to now enable detailed monitoring. How can the user achieve this?

Question329: A user has created a subnet in VPC and launched an EC2 instance within it. The user has not selected the option to assign the IP address while launching the instance. Which of the below mentioned statements is true with respect to this scenario?

Question330: You can create a CloudWatch alarm that watches a single metric. The alarm performs one or more actions based on the value of the metric relative to a threshold over a number of time periods. Which of the following states is possible for the CloudWatch alarm?

Question331: The information within an IAM policy is described through a series of ______.