EMT Practice Test

1. Question Content...


Question List

Question1: A company has adopted a security policy that requires all customer data to be encrypted at rest. Currently, customer data is stored on a central Amazon EFS file system and accessed by a number of different applications from Amazon EC2 instances.
How can the SysOps Administrator ensure that all customer data stored on the EFS file system meets the new requirement?

Question2: A company backs up data from its data center using a tape gateway on AWS Storage Gateway. The SysOps Administrator needs to reboot the virtual machine running Storage Gateway.
What process will protect data integrity?

Question3: Your business is building a new application that will store its entire customer database on a RDS MySQL database, and will have various applications and users that will query that data for different purposes.
Large analytics jobs on the database are likely to cause other applications to not be able to get the query results they need to, before time out. Also, as your data grows, these analytics jobs will start to take more time, increasing the negative effect on the other applications.
How do you solve the contention issues between these different workloads on the same data?

Question4: A SysOps Administrator found that a newly-deployed Amazon EC2 application server is unable to connect to an existing Amazon RDS database. After enabling VPC Flow Logs and confirming that the flow log is active on the console, the log group cannot be located in Amazon CloudWatch.
What are the MOST likely reasons for this situation? (Select TWO.)

Question5: By default, how many Elastic IP addresses can you have per region for your EC2 instances?

Question6: Which of the following services is offered by CloudWatch?

Question7: A SysOps Administrator has received a request from the Compliance Department to enforce encryption on all objects uploaded to the corp-compliance bucket.
How can the Administrator enforce encryption on all objects uploaded to the bucket?

Question8: You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch.
Which method would be the best way to authenticate your CloudWatch PUT request?

Question9: A SysOps Administrator wants to automate the process of configuration, deployment, and management of Amazon EC2 instances using Chef or Puppet.
Which AWS service will satisfy the requirement?

Question10: A user is planning to evaluate AWS for their internal use. The user does not want to incur any charge on his account during the evaluation. Which of the below mentioned AWS services would incur a charge if used?

Question11: A company recently implemented an Amazon S3 lifecycle rule that accidentally deleted objects from one of its S3 buckets. The bucket has S3 versioning enabled.
Which actions will restore the objects? (Choose two.)

Question12: You have been asked to automate many routine systems administrator backup and recovery activities. Your current plan is to leverage AWS-managed solutions as much as possible and automate the rest with the AWS CLI and scripts.
Which task would be best accomplished with a script?

Question13: What does Amazon EBS stand for?

Question14: A user has setup connection draining with ELB to allow in-flight requests to continue while the instance is being deregistered through Auto Scaling. If the user has not specified the draining time, how long will ELB allow inflight requests traffic to continue?

Question15: A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at rest. If the user is supplying his own keys for encryption (SSE-C), what is recommended to the user for the purpose of security?

Question16: A user has provisioned 2000 IOPS to the EBS volume. The application hosted on that EBS is experiencing less IOPS than provisioned. Which of the below mentioned options does not affect the IOPS of the volume?

Question17: A company is storing monthly reports on Amazon S3. The company's security requirement states that traffic from the client VPC to Amazon S3 cannot traverse the internet.
What should the SysOps Administrator do to meet this requirement?

Question18: A user needs to put sensitive data in an Amazon S3 bucket that can be accessed through an S3 VPC endpoint only. The user must ensure that resources in the VPC can only access the single S3 bucket.
Which combination of actions will meet the requirements? (select TWO.)

Question19: The amount of data a company must back up has been increasing, and storage space is quickly running out.
There is no budget to purchase new backup software that is capable of backing up data directly to the cloud.
What is the MOST cost-effective way to make storage available to the company's legacy backup system?

Question20: A database is running on an Amazon RDS Multi-AZ DB instance. A recent security audit found the database to be cut of compliance because it was not encrypted.
Which approach will resolve the encryption requirement?

Question21: A user has configured the Auto Scaling group with the minimum capacity as 3 and the maximum capacity as
5. When the user configures the AS group, how many instances will Auto Scaling launch?

Question22: A customer has a web application that uses cookie Based sessions to track logged in users. It is deployed on AWS using ELB and Auto Scaling. The customer observes that when load increases. Auto Scaling launches new Instances but the load on the easting Instances does not decrease, causing all existing users have a sluggish experience.
Which two answer choices independently describe a behavior that could be the cause of the sluggish user experience? (Choose two.)

Question23: A user is accessing RDS from an application. The user has enabled the Multi AZ feature with the MS SQL RDS DB. During a planned outage how will AWS ensure that a switch from DB to a standby replica will not affect access to the application?

Question24: What does Amazon EMR stand for?

Question25: An application you maintain consists of multiple EC2 instances in a default tenancy VPC. This application has undergone an internal audit and has been determined to require dedicated hardware for one instance. Your compliance team has given you a week to move this instance to single-tenant hardware.
Which process will have minimal impact on your application while complying with this requirement?

Question26: A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created public and VPN only subnets along with hardware VPN access to connect to the user's data center. The user has not yet launched any instance as well as modified or deleted any setup. He wants to delete this VPC from the console. Will the console allow the user to delete the VPC?

Question27: A user is planning to use AWS Cloud formation for his automatic deployment requirements. Which of the below mentioned components are required as a part of the template?

Question28: Which of the following are characteristics of Amazon VPC subnets? (Choose two.)

Question29: A company is using AWS Organizations to manage all their accounts. The Chief Technology Officer wants to prevent certain services from being used within production accounts until the services have been internally certified. They are willing to allow developers to experiment with these uncertified services in development accounts but need a way to ensure that these services are not used within production accounts.
Which option ensures that services are not allowed within the production accounts, yet are allowed in separate development accounts within the LEAST administrative overhead?

Question30: A company stores thousands of non-critical log files in an Amazon S3 bucket. A set of reporting scripts retrieve these log files daily.
Which of the following storage options will be the MOST cost-efficient for the company's use case?

Question31: What does Amazon EC2 provide?

Question32: A SysOps Administrator created an AWS Service Catalog portfolio and shared the portfolio with a second AWS account in the company. The second account is controlled by a different Administrator.
Which action will the Administrator of the second account be able to perform?

Question33: A user has launched an EBS backed EC2 instance. What will be the difference while performing the restart or stop/start options on that instance?

Question34: What should a SysOps Administrator do to ensure a company has visibility into maintenance events performed by AWS?

Question35: What does Amazon SWF stand for?

Question36: A user has launched an EC2 instance store backed instance in the US-East-1a zone. The user created AMI #1 and copied it to the Europe region. After that, the user made a few updates to the application running in the US-East-1a zone. The user makes an AMI#2 after the changes. If the user launches a new instance in Europe from the AMI #1 copy, which of the below mentioned statements is true?

Question37: A fleet of servers must send local logs to Amazon CloudWatch.
How should the servers be configured to meet this requirement?

Question38: You are running a web-application on AWS consisting of the following components an Elastic Load Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and Relational DataBase Service (RDS) MySQL.
Which security measures fall into AWS's responsibility?

Question39: What does Amazon EMR stand for?

Question40: A Chief Financial Officer has asked fof a breakdown of costs per project in a single AWS account using Cost Explorer Which combination of options should be set to accomplish this? (Select TWO.)

Question41: A company is running a new promotion that will result in a massive spike in traffic for a single application.
The SysOps Administrator must prepare the application and ensure that the customers have a great experience.
The application is heavy on memory and is running behind an AWS Application Load Balancer (ALB). The ALB has been pre-warmed, and the application is in an Auto Scaling group.
What built-in metric should be used to control the Auto Scaling group's scaling policy?

Question42: In Amazon EC2, can you create an EBS volume from a snapshot and attach it to another instance?

Question43: A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned services provides detailed monitoring with CloudWatch without charging the user extra?

Question44: Amazon CloudFront is a ________.

Question45: What does Amazon EMR stand for?

Question46: A company developed and now runs a memory-intensive application on multiple Amazon EC2 Linux instances The memory utilization metrics of the EC2 Linux instances must be monitored every minute.
How should the SysOps Administrator publish the memory metrics? (Select TWO )

Question47: What does Amazon EMR stand for?

Question48: An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General Purpose SSD volumes, am Amazon RDS PostgreSQL database, an Amazon EFS file system, and static objects stored in an Amazon S3 bucket. The Security team now mandates that at-rest encryption be turned on immediately for all aspects of the application, without creating new resources and without any downtime.
To satisfy the requirements, which one of these services can the SysOps Administrator enable at-rest encryption on?

Question49: An organization has created 50 IAM users. The organization wants that each user can change their password but cannot change their access keys. How can the organization achieve this?

Question50: A user is sending the data to CloudWatch using the CloudWatch API. The user is sending data 90 minutes in the future. What will CloudWatch do in this case?

Question51: A user is sending custom data metrics to CloudWatch. What is the allowed time stamp granularity for each data point published for the custom metric?

Question52: A company's Information Security team has requested information on AWS environment compliance for Payment Card Industry (PCI) workloads. They have requested assistance in understanding what specific areas of the PCI standards are the responsibility of the company.
Which AWS tool will provide the necessary information?

Question53: A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling AlarmNotification which notifies Auto Scaling for CloudWatch alarms. process for a while. What will Auto Scaling do during this period?

Question54: A company has two AWS accounts: development and production. All applications send logs to a specific Amazon S3 bucket for each account, and the Developers are requesting access to the production account S3 buckets to view the logs.
Which is the MOST efficient way to provide the Developers with access?

Question55: A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user.
How should the Administrator ensure that this is done?

Question56: A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles.
Corporate policies require that developers are blocked from accessing some services.
What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?

Question57: A user has launched 5 instances in EC2-CLASSIC and attached 5 elastic IPs to the five different instances in the US East region. The user is creating a VPC in the same region. The user wants to assign an elastic IP to the VPC instance. How can the user achieve this?

Question58: Can a user depict CloudWatch metrics such as CPU utilization in % and Network I/O in bytes on a single graph?

Question59: Which services allow the customer to retain run administrative privileges or the underlying EC2 instances?
(Choose two.)

Question60: An organization has configured two single availability zones. The Auto Scaling groups are configured in separate zones. The user wants to merge the groups such that one group spans across multiple zones. How can the user configure this?

Question61: You have set up Individual AWS accounts for each project. You have been asked to make sure your AWS Infrastructure costs do not exceed the budget set per project for each month.
Which of the following approaches can help ensure that you do not exceed the budget each month?

Question62: A user has setup an EBS backed instance and attached 2 EBS volumes to it. The user has setup a CloudWatch alarm on each volume for the disk data. The user has stopped the EC2 instance and detached the EBS volumes.
What will be the status of the alarms on the EBS volume?

Question63: Which of the following are the customer's responsibilities, according to the AWS Shared Responsibility Security Model? (Choose two.)

Question64: A user has set the Alarm for the CPU utilization > 50%. Due to an internal process, the current CPU utilization will be 80% for 6 hours. How can the user ensure that the CloudWatch alarm does not perform any action?

Question65: In Amazon CloudFront, if you have chosen On for Logging, the access logs are stored in _______________.

Question66: A SysOps Administrator has configured a CloudWatch agent to send custom metrics to Amazon CloudWatch and is now assembling a CloudWatch dashboard to display these metrics.
What steps should be the Administrator take to complete this task?

Question67: The information within an IAM policy is described through a series of ______.

Question68: An Auto Scaling group is running at the desired capacity of 5 instances and receives a trigger from the Cloudwatch Alarm to increase the capacity by 1. The cool down period is 5 minutes.
Cloudwatch sends another trigger after 2 minutes to decrease the desired capacity by 1. What will be the count of instances at the end of 4 minutes?

Question69: A SysOps Administrator is receiving multiple reports from customers that they are unable to connect to the company's website. which is being served through Amazon CloudFront. Customers are receiving HTTP response codes for both 4XX and 5XX errors.
Which metric can the Administrator use to monitor the elevated error rates in CloudFront?

Question70: A SysOps Administrator implemented the following bucket policy to allow only the corporate IP address range of 54 240 143 0/24 to access objects in an Amazon S3 bucket.


Some employees are reporting that they are able 1o access the S3 bucket from IP addresses outside the corporate IP address range How can the Administrator address this issue?

Question71: A web application's performance has been degrading. Historically, the application has had highly-variable workloads, but lately, there has been a steady growth in traffic as the result of a new product launch. After reviewing several Amazon CloudWatch metrics, it is discovered that over the last two weeks the balance of CPU credits has dropped to zero several times.
Which solutions will improve performance? (Choose two.)

Question72: Your organization's security policy requires that all privileged users either use frequently rotated passwords or one-time access credentials in addition to username/password.
Which two of the following options would allow an organization to enforce this policy for AWS users?
(Choose two.)

Question73: A user wants to make so that whenever the CPU utilization of the AWS EC2 instance is above 90%, the redlight of his bedroom turns on. Which of the below mentioned AWS services is helpful for this purpose?

Question74: A user has created a VPC with public and private subnets using the VPC wizard. Which of the below mentioned statements is true in this scenario?

Question75: An organization stores sensitive customer information in S3 buckets protected by bucket policies. Recently, there have been reports that unauthorized entities within the company have been trying to access the data on those S3 buckets. The Chief Information Security Officer (CISO) would like to know which buckets are being targeted and determine who is responsible for trying to access that information.
Which steps should a SysOps Administrator take to meet the CISO's requirement? (Choose two.)

Question76: A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials The application is deployed using AWS CloudFormation to three separate environments development test, and production Each environment requires unique credentials for external services What option securely provides the application with the needed credential while requiring MINIMAL administrative overhead?

Question77: In EC2, what happens to the data in an instance store if an instance reboots (either intentionally or unintentionally)?

Question78: Amazon EBS provides the ability to create backups of any Amazon EC2 volume into what is known as _____.

Question79: A SysOps Administrator is running Amazon EC2 instances in multiple AWS Regions. The Administrator wants to aggregate the CPU utilization for all instances onto an Amazon CloudWatch dashboard. Each region should be present on the dashboard and represented by a single graph that contains the CPU utilization for all instances in that region.
How can the Administrator meet these requirements?

Question80: A user has setup a billing alarm using CloudWatch for $200. The usage of AWS exceeded $200 after some days. The user wants to increase the limit from $200 to $400? What should the user do?

Question81: A system admin wants to add more zones to the existing ELB. The system admin wants to perform this activity from CLI. Which of the below mentioned command helps the system admin to add new zones to the existing ELB?

Question82: A SysOps Administrator is troubleshooting Amazon EC2 connectivity issues to the internet. The EC2 instance is in a private subnet. Below is the route table that is applied to the subnet of the EC2 instance.
Destination - 10.2.0.0/16
Target - local
Status - Active
Propagated - No
Destination - 0.0.0.0/0
Target - nat-xxxxxxx
Status - Blackhole
Propagated - No
What has caused the connectivity issue?

Question83: What is Amazon CloudFront?

Question84: A user has created an Auto Scaling group with default configurations from CLI. The user wants to setup the CloudWatch alarm on the EC2 instances, which are launched by the Auto Scaling group. The user has setup an alarm to monitor the CPU utilization every minute. Which of the below mentioned statements is true?

Question85: Company A purchases company B and inherits three new AWS accounts. Company A would like to centralize billing and reserved instance benefits but wants to keep all other resources separate.
How can this be accomplished?

Question86: You know that AWS Billing and Cost Management integrates with the AWS Identity and Access Management (IAM) service so that you can control who in your organization has access to specific pages on the AWS Billing and Cost Management console. Which of the following items can you control access to in AWS Billing and Cost Management?

Question87: A Security team is concerned about the potential of intellectual property leaking to the internet. A SysOps Administrator is tasked with identifying controls to address the potential problem. The servers in question reside in a VPC and cannot be allowed to send traffic to the internet.
How can these requirements be met?

Question88: A user has launched an EC2 instance. The user is planning to setup the CloudWatch alarm. Which of the below mentioned actions is not supported by the CloudWatch alarm?

Question89: In Amazon S3, what is the document that defines who can access a particular bucket or object called?

Question90: Which of the following size ranges is true of Individual Amazon S3 objects?

Question91: An application running on Amazon EC2 allows users to launch batch jobs for data analysis. The jobs are run asynchronously, and the user is notified when they are complete. While multiple jobs can run concurrently, a user's request need not be fulfilled for up to 24 hours. To run a job, the application launches an additional EC2 instance that performs all the analytics calculations. A job takes between 75 and 110 minutes to complete and cannot be interrupted.
What is the MOST cost-effective way to run this workload?

Question92: Malicious traffic is reaching company web servers from a single IP address located in another country. The SysOps Administrator is tasked with blocking this IP address.
How should the Administrator implement the restriction?

Question93: Which of the scaling options given below is not supported by Auto Scaling?

Question94: A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted. What is the SIMPLEST approach the SysOps Administrator can take to ensure S3 buckets in those accounts can never be deleted?

Question95: An application is running on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are SysOps Administrator must configure the application to scale based on the number of incoming requests Which solution accomplishes this with the LEAST amount of effort?