EMT Practice Test

1. Question Content...


Question List

Question1: A SySOps Administrator has created a new Amazon S3 bucket named mybucket for the Operations team.
Members of the team are part of an IAM group to which the following IAM policy has been assigned.

Which of the following actions will be allowed on the bucket? (Select TWO.)

Question2: A sysops administrator is implementing SSL for a domain of an internet facing application running behind an Application load balancer (ALB). The administrator decides to use an SSL certificates from Amazon certificate Manager (ACM) to secure it. Upon creating a request for the ALB fully qualified domain name (FQND), it fails, and the error message "Domain not allowed" is displayed.
How can the administrator fix this issue?

Question3: A SysOps Administrator is tasked with deploying and managing a single CloudFormation templates across multiple AWS Accounts.
accomplish this?

Question4: A popular auctioning platform requires near-real-time access to dynamic bidding information The platform must be available at all times The current Amazon RDS instance often reaches 100% CPU utilization during peak bidding sessions and can no longer be resized. To improve application performance, a SysOps Administrator is evaluating Amazon ElastiCache and has chosen Redis over Memcached What advantages will this solution provide? (Select TWO )

Question5: A company has several AWS accounts and has set up consolidated billing through AWS Organizations. The total monthly bill has been increasing over several months, and a SysOps administrator has been asked to determine what is causing this increase.
What is the Most comprehensive tool that will accomplish this task?

Question6: A company's website went down for several hours. The root cause was a full disk on one of the company's Amazon EC2 instances.
Which steps should the SysOps Administrator take to prevent this from happening in this future?

Question7: A popular auctioning platform requires near-real-time access to dynamic bidding information. The platform must be available at all times The current Amazon RDS instance often reaches 100% CPU utilization during the weekend auction and can no longer be resized. To improve application performance, a sysops administrator is evaluating Amazon ElastiCache and has chosen Redis (cluster mode enabled) instead of Memcached What are reasons for making this choice? (Select TWO.)

Question8: A SysOps Administrator has implemented a VPC network design with the following requirements
* Two Availability Zones (AZs) - Two private subnets
* Two public subnets
* One internet gateway
* One NAT gateway
What would potentially cause applications in the VPC to fail during an AZ outage?

Question9: A company hosts a multi-tier ecommerce web application on AWS, and has recently been alerted to suspicious application traffic The architecture consists of Amazon EC2 instances deployed across multiple Availability Zones behind an Application Load Balancer (ALB) After examining the server logs, a sysops administrator determines that the suspicious traffic is an attempted SQL injection attack.
What should the sysops administrator do to prevent similar attacks?

Question10: A company's Auditor implemented a compliance requirement that all Amazon S3 buckets must have logging enabled.
How should the SysOps Administrator ensure this compliance requirement is met, while still permitting Developers to create and use new S3 buckets?

Question11: A Security team is concerned about the potential of intellectual property leaking to the internet. A SysOps Administrator is tasked with identifying controls to address the potential problem. The servers in question reside in a VPC and cannot be allowed to send traffic to the internet.
How can these requirements be met?

Question12: A company has deployed a fleet of Amazon EC2 web servers for the upcoming release of a new product. The SysOps Administrator needs to test the Amazon CloudWatch notification settings for this deployment to ensure that a notification is sent using Amazon SNS if the CPU utilization of an EC2 instance exceeds 70%.
How should the Administrator accomplish this?

Question13: A SysOps administrator maintains several Amazon EC2 instances that do not have access to the public internet. To patch operating systems, the instances should not be reachable from the Public internet.
The administrator deploys a NAT instance, updates the security groups, and configures the appropriate routes within the route table. However, the instances are still unable to reach the internet.
What should be done to resolve the issue?

Question14: A company has adopted a security policy that requires all customer data to be encrypted at rest. Currently, customer data is stored on a central Amazon EFS file system and accessed by a number of different applications from Amazon EC2 instances.
How can the SysOps Administrator ensure that all customer data stored on the EFS file system meets the new requirement?

Question15: An organization has decided to consolidate storage and move all of its backups and archives to Amazon S3.
With all of the data gathered into a hierarchy under a single directory, the organization determines there is 70 TB data that needs to be uploaded. The organization currently has a 150-Mbps connection with 10 people working at the location.
Which service would be the MOST efficient way to transfer this data to Amazon S3?

Question16: Security has identified an IP address that should be explicity denied for both ingress and egress requests for all services in an Amazon VPC immediately.
Which feature can be used to meet this requirement?

Question17: An ecommerce site is using Amazon ElastiCache with Memcached to store session state for a web application and to cache frequently used data. For the last month, users have been complaining about performance. The metric data for the Amazon EC2 instances and the Amazon RDS instance appear normal, but the eviction count metrics are high.
What should be done to address this issue and improve performance?

Question18: A user accidentally deleted a file from an Amazon EBS volume. The SysOps Administrator identified a recent snapshot for the volume.
What should the Administrator do to restore the user's file from the snapshot?

Question19: A sysops administrator has an AWS Lambda function that performs maintenance on various AWS resources.
This function must be run nightly. Which is the MOST cost-effective solution?

Question20: A new Amazon Redshift Spectrum Cluster has been launched for a team of Business Analysis. When the team attempts to use the cluster to query the data in Amazon S3, they receive the following error:

What is one cause of this?

Question21: A fleet of servers must send local logs to Amazon CloudWatch.
How should the servers be configured to meet this requirement?

Question22: A company needs to have real-time access to image data while seamlessly maintaining a copy of the images in an offsite location Which AWS solution would allow access to the image data locally while also providing for disaster recovery?

Question23: A SysOps Administration team is supporting an applications that stores a configuration file in an Amazon S3 bucket Previous revisions of the configuration file must be maintained for change control and rollback How should the S3 bucket be configured to meet these requirements?

Question24: A web application accepts orders from online users and places the orders into an Amazon SQS queue. Amazon EC2 instances in an EC2 Auto Scaling group read the messages from the queue, process the orders, and email order confirmations to the users. The Auto Scaling group scales up and down based on the queue depth. At the beginning of each business day, users report confirmation emails are delayed.
What action will address this issue?

Question25: A sysops administrator is writing an AWS Cloud Formation template. The template will create a new Amazon S3 bucket and copy objects from an existing Amazon S3 bucket into the new bucket. The objects include data files, images, and scripts.
How should the CIoudFormation template be configured to perform this copy operation?

Question26: A company's Information Security team has requested information on AWS environment compliance for Payment Card Industry (PCI) workloads. They have requested assistance in understanding what specific areas of the PCI standards are the responsibility of the company.
Which AWS tool will provide the necessary information?

Question27: A company's IT department noticed an increase in the spend of their Developer AWS account. There are over
50 Developers using the account and the Finance Tram wants to determine the service costs incurred by each Developer.
What should a SysOps Administrator do to collect this information? (Select TWO)

Question28: A chief financial officer has asked for a breakdown of costs per project in a single AWS account using cost explorer.
Which combination of options should be set to accomplish this? (Select two)

Question29: A company wants to icrease the availability and vulnerability of a critical business application. The appliation currently ueses a MySQL database running on an Amazon EC2 instance. The company wants to minimize application changes.
How should the company these requirements?

Question30: A company received its latest bill with a large increase in the number of requests against Amazon SQS as compared to the month prior. The company is not aware of any major changes in its SQA usage. The company is concerned about the cost increase and who or what was making these calls.
What should a sysops administrator use to validate the calls mode to SQS?

Question31: A company developed and now runs a memory-intensive application on multiple Amazon EC2 Linux instances. The memory utilization metrics of the EC2 Linux instances must be monitored every minute.
How should the SysOps Administrator publish the memory metrics? (Choose two.)

Question32: A company has an AWS account for each department and wants to consolidate billing and reduce overhead.
The company wants to make sure that the finance team is denied from accessing services other than Amazon EC2: the security team is denied from accessing services other than AWS CloudTrail. and IT can access any resource.
Which solution meets these requirements with the LEAST amount of operational overhead''

Question33: Users are struggling to connect to a single public-facing development web server using its public IP address on a unique port number ot 8181 The security group is correctly configured to allow access on that port and the network ACLs are using the default configuration Which log type will confirm whether users are trying to connect to the correct port?

Question34: An application is running on an Amazon EC2 instance. A SysOps Administrator is tasked with allowing the application access to an Amazon S3 bucket.
What should be done to ensure optimal security?

Question35: A SysOps Administrator is responsible for maintaining an Amazo EC2 instance that acts as a bastion host. The Administrator can sucessfully connect to the instance using SSH, but attempts to ping the instance result in a timeout.
What is one reason for the issue?

Question36: A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an ELB Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.
Which condition should be used with the alarm?

Question37: A company has deployed its infrastructure using AWS CloudFormation Recently the company made manual changes to the infrastructure. A SysOps Administrator is tasked with determining what was changed and updating the CloudFormation template Which solution will ensure all the changes are captured?

Question38: A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template. It installs and configures necessary software through AWS OpsWorks, and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours, but at times, the process stalls due to installation errors.
The SysOps Administrator must modify the CloudFormation template so if the process stalls, the entire stack will fail and roll back.
Based on these requirements, what should be added to the template?

Question39: A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.
Which step will fix this issue?

Question40: A Development team is designing an application that processes sensitive information within a hybrid deployment. The team needs to ensure the application data is protected both in transit and at rest.
Which combination of actions should be taken to accomplish this? (Choose two.)

Question41: A SysOps Administrator is maintaining a web application using an Amazon Cloud Front web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have services have logging enabled. The Administrator needs to investigate HTTP Layer 7 status codes from the web application.
Which log source contain the status codes? (Select TWO.)

Question42: A SysOps Administrator has been notified that some Amazon EC2 instances in the company's environment might have a vulnerable software version installed.
What should be done to check all of the instances in the environment with the LEAST operational overhead?

Question43: A local agency plans to deploy 500 Raspberry Pi devices throughout a city. All the devices need to be managed centrally and their configurations need to be consistent. What is the BEST service for managing these devices?

Question44: A company is using an AWS KMS customer master key (CMK) with imported key material. The company references the CMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months What is the process to rotate the key?

Question45: A SysOps Administrator must secure AWS CloudTrail logs. The Security team is concerned that an employee may modify or attempt to delete CloudTrail log files from its Amazon S3 bucket.
Which practices ensure that the log files are available and unaltered? (Choose two.)

Question46: Company issued SSL certificates to its users, and needs to ensure the private keys that are used to sign the certificates are encrypted. The company needs to be able to store the private and perform cryptographic signing operations in a secure environment.
Which service should be used to meet these requirements?

Question47: A SysOps Administrator is receiving alerts related to high CPU utilization of a Memcached-based Amazon ElastiCache cluster.
Which remediation steps should be taken to resolve this issue? (Select TWO.)

Question48: A company runs a web application that users access using the domain name www example com The company manages the domain name using Amazon Route 53 The company created an Amazon CloudFront distribution in front of the application and would like www example com to access the application through CloudFront What is the MOST cost-effective way to achieve this?

Question49: A SysOps Administrator has been tasked with deploying a company's infrastructure as code. The Administrator wants to write a single template that can be reused for multiple environments in a safe, repeatable manner.
What is the recommended way to use AWS CloudFormation to meet this requirement?

Question50: A company has received a notification in its AWS Personal Health Dashboard that one of its Amazon EBS-backed Amazon EC2 instances is on hardware that is scheduled maintenance The instance runs a critical production workload that must be available during normal business hours Which steps will ensure that the instance maintenance does not produce an outage?

Question51: A company is planning to expand into an additional AWS region for disaster recovery purposes. the company uses AWS CloudFormation, and its infrastructure is well-defined as code. The company would like to reuse as much of its existing code as possible when deploying resources to additional Regions.
A SysOps Administrator is reviewing how Amazon Machine Images (AMIs) are selected in AWS CloudFormation, but is having trouble making the same stack work in the new Region.
Which action would make it easier to manage multiple Regions?

Question52: A company is operating a multi-account environment under a single organization using AWS Organizations.
The Security team discovers that some employees are using AWS services in ways that violate company policies. A SysOps Administrator needs to prevent all users of an account, including the root user, from performing certain restricted actions.
What should be done to accomplish this?

Question53: In configuring an Amazon Route 53 health check, a SysOps Administrator selects 'Yes' to the String Matching option in the Advanced Configuration section. In the Search String box, the Administrator types the following text: /html.
This is to ensure that the entire page is loading during the health check. Within 5 minutes of enabling the health check, the Administrator receives an alert stating that the check failed. However, when the Administrator navigates to the page, it loads successfully.
What is the MOST likely cause of this false alarm?

Question54: A company recently implemented an Amazon S3 lifecycle rule that accidentally deleted objects from one of its S3 buckets. The bucket has S3 versioning enabled.
Which actions will restore the objects? (Choose two.)

Question55: A SysOps Administrator must remove public IP addresses from all Amazon EC2 Instances to prevent exposure to the internet. However, many corporate applications running on those EC2 instances need to access Amazon S3 buckets. The administrator is tasked with allowing the EC2 instances to continue to access the S3 buckets.
Which solutions can be used? (Select Two).

Question56: A company needs to migrate an on-premises asymmetric key management system into AWS.
Which AWS service should be used to accomplish this?

Question57: An application running on Amazon EC2 needs login credentials to access a database. The login credentials are stored in AWS Systems Manager Parameter Store as secure string parameters.
What is the MOST secure way to grant the application access to the credentials?

Question58: A SysOps Administrator must set up notifications for whenever combined billing exceeds a certain threshold for all AWS accounts within a company. The Administrator has set up AWS Organizations and enabled Consolidated Billing.
Which additional steps must the Administrator perform to set up the billing alerts?

Question59: A company is expanding its use of AWS services across its portfolios. The company wants to provision AWS accounts for each team to ensure a separation of business processes for security, compliance, and billing account creation and bootstrapping should be completed in a scalable and efficient way so new accounts are created with a defined baseline and governance guardrails in place. A sysops administrator needs to design a provisioning process that save time and resources.
Which action should be taken to meet these requirements?

Question60: Company A purchases company B and inherits three new AWS accounts. Company A would like to centralize billing and reserved instance benefits but wants to keep all other resources separate.
How can this be accomplished?

Question61: A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.
What is the SIMPLEST approach the SysOps Administrator can take to ensure S3 buckets in those accounts can never be deleted?

Question62: A SysOps Administrator has implemented an Auto Scaling group with a step scaling policy. The Administrator notices that the additional instances have not been included in the aggregated metrics.
Why are the additional instances missing from the aggregated metrics?

Question63: A SysOps Administrator is responsible for a large fleet of EC2 instances and must know whether any instances will be affected by upcoming hardware maintenance.
Which option would provide this information with the LEAST administrative overhead?

Question64: An application is running on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are configured in an Amazon EC2 Auto Scaling group. A SysOps Administrator must configure the application to scale based on the number of incoming requests.
Which solution accomplishes this with the LEAST amount of effort?

Question65: A SysOps Administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented stncl IP whitelisting that requires all build uploads to come from a single IP address.
What change should the Systems Administrator make to the existing build fleet to comply with this new requirement?

Question66: A company has an application database on Amazon RDS that runs a resource-intensive reporting job This is causing other applications using the database to run slowly What should the SysOps Administrator do to resolve this issue*?

Question67: A SysOps Administrator receives an email from AWS about a production Amazon EC2 instance backed by Amazon EBS that is on a degraded host scheduled for retirement. The scheduled retirement occurs during business-critical hours.
What should be done to MINIMIZE disruption to the business?

Question68: A sysops administrator must generate a report that provides a breakdown of all API activity by a specific user over the course of a year. AWS CloudTrail has already been enabled.
How should this report be generated?

Question69: A company has a web application that is used across all company divisions. Each application request contains a header that includes the name of the division making the request. The SysOps Administrator wants to identify and count the requests from each division.
Which condition should be added to the web ACL of the AWS WAF to accomplish this?

Question70: A company wants to increase the availability and durability of a critical business application. The application currently uses a MySQL database running on an Amazon EC2 instance. The company wants to minimize application changes.
How should the company meet these requirements?

Question71: A developer is deploying a web application on Amazon EC2 instances behind an Application Load Balancer (ALB) and notices that the application is not receiving all the expected elements from HTTP requests. The developer suspects users are not sending the correct query string How should a sysops administrator verify this?

Question72: A company has enabled AWS CloudTrail to monitor all actions across its AWS infrastructure The company would now like to add functionality to validate the file integrity of the collected AWS CloudTrail logs How should the SysOps Administrator implement this requirement?

Question73: A company has an application that is running on an EC2 instance in one Availability Zone. A sysops administrator has been tasked with making the application highly available The administrator created a launch configuration from the running EC2 instance The administrator also properly configured a load balancer.
What step should the administrator complete next to make the application highly available?

Question74: A SysOps Administrator is deploying a legacy web application on AWS. The application has four Amazon EC2 instances behind Classic Load Balancer and stores data in an Amazon RDS instance. The legacy application has known vulnerabilities to SQL injection attacks, but the application code is no longer available to update.
What cost-effective configuration change should the Administrator make to migrate the risk of SQL injection attacks?

Question75: A sysops administrator is creating two AWS Cloud Formation templates The first template will create a VPC with associated resources, such as subnets, route tables, and an internet gateway The second template will deploy application resources within the VPC that was created by the first template The second template should refer to the resources created by the first template How can this be accomplished with the LEAST amount of administrative effort?

Question76: A SysOps administrator implemented the following bucket policy to allow only the corporate IP address range of 54.240.143.0/24 to access objects in an Amazon S3 bucket.

Some employees are reporting that they are able to access the S3 bucket from IP addresses outside the corporate IP address range.
How can the Administrator address this issue?

Question77: A company's web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The EC2 instances run in an EC@ Auto Scaling group across multiple Availability Zones. Data is stored in an Amazon ElastiCache for Radius cluster and an Amazon RDS DB instance. Company policy requires all system patching to take place at midnight on Tuesday.
Which resources will need to have a maintenance window configured for midnight on Tuesday? (Choose two.)

Question78: A SysOpsAdministrator is managing a large organization with multiple accounts on the Business Support plan all linked to a single payer account. The Administrator wants to be notified automatically of AWS Personal Health Dashboard events.
In the main payer account, the Administrator configures Amazon CloudWatch Events triggered by AWS Health events triggered by AWS Health triggered by AWS Health events to issue notifications using Amazon SNS, but alerts in the linked accounts failed to trigger.
Why did the alerts fail?