EMT Practice Test

1. Question Content...


Question List

Question1: A company's Auditor implemented a compliance requirement that all Amazon S3 buckets must have logging enabled.
How should the SysOps Administrator ensure this compliance requirement is met, while still permitting Developers to create and use new S3 buckets?

Question2: A company received its latest bill with a large increase in the number of requests against Amazon SQS as compared to the month prior. The company is not aware of any major changes in its SQA usage. The company is concerned about the cost increase and who or what was making these calls.
What should a sysops administrator use to validate the calls mode to SQS?

Question3: A sysops administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue with the bucket owner, the administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution.

Question4: A company has an AWS account for each department and wants to consolidate billing and reduce overhead.
The company wants to make sure that the finance team is denied from accessing services other than Amazon EC2: the security team is denied from accessing services other than AWS CloudTrail. and IT can access any resource.
Which solution meets these requirements with the LEAST amount of operational overhead''

Question5: A company is deploying a web service to Amazon EC2 instances behind an Elastic Load Balancer. All resources will be defined and created in a single AWS CloudFormation stack using a template. The creation of each EC2 instance will not be considered complete until an initialization script has been run successfully on the EC2 instance. The Elastic Load Balancer cannot be created until all EC2 instances have been created.
Which CloudFormation resource will coordinate the Elastic Load Balancer creation in the CloudFormation stack template?

Question6: A SysOps administrator maintains several Amazon EC2 instances that do not have access to the public internet. To patch operating systems, the instances should not be reachable from the Public internet.
The administrator deploys a NAT instance, updates the security groups, and configures the appropriate routes within the route table. However, the instances are still unable to reach the internet.
What should be done to resolve the issue?

Question7: A web application accepts orders from online users and places the orders into an Amazon SQS queue. Amazon EC2 instances in an EC2 Auto Scaling group read the messages from the queue, process the orders, and email order confirmations to the users. The Auto Scaling group scales up and down based on the queue depth. At the beginning of each business day, users report confirmation emails are delayed.
What action will address this issue?

Question8: The Accounting department would like to receive billing updates more than once a month. They would like the updates to be in a format that can easily be viewed with a spreadsheet application.
How can this request be fulfilled?

Question9: A SysOps administrator is creating an AWS CloudFormation template that uses Amazon EC2 auto scaling to launch EC2 instances with windows 2016. The administrator wants to configure the CloudFormation template to ensure that newly launched instances include recent security updates before serving application traffic. This will minimize the time it takes for the instance to start.
Which action will meet these requirements?

Question10: A company's use of AWS Cloud services is quickly growing, so a SysOps Administrator has been asked to generate details of daily spending to share with management.
Which method should the Administrator choose to produce this data?

Question11: A company would like to review each change in the infrastructure before deploying updates in its AWS CloudFormation stacks.
Which action will allow an Administrator to understand the impact of these changes before implementation?

Question12: An application resides on multiple EC2 instances in public subnets in two Availability Zones. To improve security, the Information Security team has deployed an Application Load Balancer (ALB) in separate subnets and pointed the DNS at the ALB instead of the EC2 instances.
After the change, traffic is not reaching the instances, and an error is being returned from the ALB.
What steps must a SysOps Administrator take to resolve this issue and improve the security of the application?
(Select TWO.)

Question13: A company has several accounts between different teams and wants to increase its auditing and compliance capabilities The accounts are managed through AWS Organizations. Management wants to provide the security team with secure access to the account logs while also restricting the possibility for the logs to be modified.
How can a sysops administrator achieve this is with the LEAST amount of operational overhead?

Question14: A company with dozens of AWS accounts wants to ensure that governance rules being applied across all accounts. The CIO has recommend that AWS Config rules be deployed using an AWS CloudFormation temple.
How should this be accomplish?

Question15: A SysOps Administrator working on an Amazon EC2 instance has misconfigured the clock by one hour. The EC2 instance is sending data to Amazon CloudWatch through the CloudWatch agent. The timestamps on the logs are 45 minutes in the future.
What will be the result of this configuration?

Question16: A company stores thousands of non-critical log files in an Amazon S3 bucket A set of reporting scripts retrieve these log files daily. Which of the following storage options will be the MOST cost efficient for the company's use case?

Question17: A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps Administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the Administrator to alter the application code.
The MOST effective way to reduce latency is to relaunch the EC2 instances in:

Question18: An application is running on an Amazon EC2 instance. A SysOps Administrator is tasked with allowing the application access to an Amazon S3 bucket.
What should be done to ensure optimal security?

Question19: A company backs up data from its data center using a tape gateway on AWS Storage Gateway. The SysOps Administrator needs to reboot the virtual machine running Storage Gateway.
What process will protect data integrity?

Question20: An application running on Amazon EC2 allows users to launch batch jobs for data analysis. The jobs are run asynchronously, and the user is notified when they are complete. While multiple jobs can run concurrently, a user's request need not be fulfilled for up to 24 hours. To run a job, the application launches an additional EC2 instance that performs all the analytics calculations. A job takes between 75 and 110 minutes to complete and cannot be interrupted.
What is the MOST cost-effective way to run this workload?

Question21: A SysOps administrator created an AWS service catalog portfolio and shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.
Which action will the administrator of the second account be able to perform?

Question22: A company needs to migrate an on-premises asymmetric key management system into AWS.
Which AWS service should be used to accomplish this?

Question23: A SysOps administrator wants to encrypt an existing Amazon RDS DB instance with AWS Key Management Service (AWS KMS).
How should the SysOps administrator accomplish this goal?

Question24: A company designed a specialized Amazon EC2 instance configuration for its Data Scientists. The Data Scientists want to create end delete EC2 instances on their own, but are not comfortable with configuring all the settings for EC2 instances without assistance. The configuration runs proprietary software that must be kept private within the company's AWS accounts and should be available to the Data Scientists, but no other users within the accounts.
Which solution should a SysOps Administrator use to allow the Data Scientists to deploy their workloads with MINIMAL effort?

Question25: A SysOps Administrator is maintaining an application that runs on Amazon EC2 instances behind an application Load Balancer (ALB). Users are reporting errors when attempting to launch the application. The administrator notices an increase in the httpcode_ELS_5xx_Count Amazon CloudWatch metric for the load balancer.
What is the possible cause for this increase?

Question26: A SysOps Administrator has an AWS CloudFormation template of the company's existing infrastructure in us-west-2. The Administrator attempts to use the template to launch a new stack in eu-west-1, but the stack only partially deploys, receives an error message, and then rolls back.
Why would this template fail to deploy? (Choose two.)

Question27: A company runs a web application that users access using the domain name www example com The company manages the domain name using Amazon Route 53 The company created an Amazon CloudFront distribution in front of the application and would like www example com to access the application through CloudFront What is the MOST cost-effective way to achieve this?

Question28: A chief financial officer has asked for a breakdown of costs per project in a single AWS account using cost explorer.
Which combination of options should be set to accomplish this? (Select two)

Question29: An application team has asked a sysops administrator to provision an additional environment for an application in four additional regions. The application is running on more than 100 instances in us-east-1, using fully baked AMIs, An AWS CloudFormation template has been created to deploy resources in us-east-1.
What must the sysops administrator do to provision the application quickly?

Question30: A SysOps administrator is maintaining an application running on Amazon EBS-backed Amazon EC2 instances in an Amazon EC2 Auto scaling group. The application is set to automatically terminate unhealthy instances. The administrator wants to preserve application logs from these instances for failure analysis.
Which action will accomplish this?

Question31: The Security team at AnyCompany discovers that some employees have been using individual AWS accounts that are not under the control of AnyCompany. The team has requested that those individual accounts be linked to the central organization using AWS Organizations.
Which action should a SysOps Administrator take to accomplish this?

Question32: A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template. It installs and configures necessary software through AWS OpsWorks, and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours, but at times, the process stalls due to installation errors.
The SysOps Administrator must modify the CloudFormation template so if the process stalls, the entire stack will fail and roll back.
Based on these requirements, what should be added to the template?

Question33: A SysOps Administrator has been notified that some Amazon EC2 instances in the company's environment might have a vulnerable software version installed.
What should be done to check all of the instances in the environment with the LEAST operational overhead?

Question34: A company runs an application that uses Amazon RDS for MySQL. During load testing of equivalent production volumes, the Development team noticed a significant increase in query latency. A SysOps Administrator concludes from investigating Amazon CloudWatch Logs that the CPU utilization on the RDS MySQL instance was at 100%.
Which action will resolve this issue?

Question35: A SysOps Administrator must take a team's single existing AWS CloudFormation template and split it into smaller, service-specific templates. All of the services in the template reference a single, shared Amazon S3 bucket.
What should the Administrator do to ensure that this S3 bucket can be referenced by all the service templates?

Question36: A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles.
Corporate policies require that developers are blocked from accessing some services.
What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?

Question37: A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability for an on-premises website The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns 2xx or 3xx HTTP codes All other traffic should be directed to the secondary passive server. The failover record type, set ID. and routing policy have been set appropriately for both primary and secondary servers.
Which next step should be taken to configure Route 53?

Question38: A SysOps administrator is managing a VPC network consisting of public and private subnets. Instances in the pnvate subnets access the internet through a NAT gateway. A recent AWS bill shows that the NAT gateway charges have doubled. The administrator wants to identify which instances are creating the most network traffic.
How should this be accomplished?

Question39: A company's application running on Amazon EC2 Linux recently crashed because it ran out of available memory. Management wants to be alerted if this ever happens again.
Which combination of steps will accomplish this? (Select TWO.)

Question40: A company has a VPC with public and private subnets An Amazon EC2 based application resides in the private subnets and needs to process raw csv files stored in an Amazon S3 bucket A sysops administrator has set up the correct 1AM role with the required permissions for the application to access the S3 bucket, but the application is unable to communicate with the S3 bucket Which action will solve this problem while adhering to least privilege access?

Question41: A company has a multi-account AWS environment that includes the following:
A central identity account that contains all IAM users and groups
Several member accounts that contain IAM roles
A SysOp administrator must grant permissions for a particular IAM group to assume o role in one of the member accounts How should the SysOps administrator accomplish this task?

Question42: A company has an application database on Amazon RDS that runs a resource-intensive reporting job This is causing other applications using the database to run slowly What should the SysOps Administrator do to resolve this issue*?

Question43: An HTTP web application is launched on Amazon EC2 instances behind an ELB Application Load Balancer.
The EC2 instances run across multiple Availability Zones. A network ACL and a security group for the load balancer and EC2 instances allow inbound traffic on port 80. After launch, the website cannot be reached over the internet.
What additional step should be taken?

Question44: A sysops administrator is creating two AWS Cloud Formation templates The first template will create a VPC with associated resources, such as subnets, route tables, and an internet gateway The second template will deploy application resources within the VPC that was created by the first template The second template should refer to the resources created by the first template How can this be accomplished with the LEAST amount of administrative effort?

Question45: A company manages multiple AWS accounts and wants to provide access to AWS from a single management account using an existing on-premises Microsoft Active Directory domain.
Which solution will meet these requirements with the LEAST amount of effort?

Question46: A SysOps Administrator must find a way to set up alerts when Amazon EC2 service limits are close to being reached.
How can the Administrator achieve this requirement?

Question47: A SysOps Administrator is attempting to use AWS Systems Manager Session Manager to initiate a SSH session with an Amazon EC2 instance running on a custom Linux Amazon Machine Image (AMI) The Administrator cannot find the target instance in the Session Manager console Which combination of actions with solve this issue? (Select TWO )

Question48: A company has mandated the use of multi-factor authentication (MFA) for all 1AM users, and requires users to make all API calls using the CLI. However, users are not prompted to enter MFA tokens, and are able to run CLI commands without MFA. In an attempt to enforce MFA. the company attached an 1AM policy to all users that denies API calls that have not been authenticated with MFA.
What additional step must be taken to ensure that API calls are authenticated using MFA?

Question49: A company's customers are reporting increased latency while accessing static web content from Amazon S3.
A SysOps Administrator observed a very high rate of read operations on a particular S3 bucket.
What will minimize latency by reducing load on the S3 bucket?

Question50: A company has received a notification in its AWS Personal Health Dashboard that one of its Amazon EBS-backed Amazon EC2 instances is on hardware that is scheduled maintenance The instance runs a critical production workload that must be available during normal business hours Which steps will ensure that the instance maintenance does not produce an outage?

Question51: A sysops administrator is trying to identify why putObject calls are not being made from an Amazon EC2 instance to an Amazon S3 bucket in the same region. The instance is launched in a subnet with CIDR range
10.0.1.0/24 and Auto-assign Public IP' set to "yes". The instance profile tied to this instance has
'AmazonS3FullAccess" Policy.
Security group rules for the instance:

Based on the information provided, what is causing the lack of access to S3 from the instance?

Question52: A company has deployed a fleet of Amazon EC2 web servers for the upcoming release of a new product. The SysOps Administrator needs to test the Amazon CloudWatch notification settings for this deployment to ensure that a notification is sent using Amazon SNS if the CPU utilization of an EC2 instance exceeds 70%.
How should the Administrator accomplish this?

Question53: A company is releasing a now static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded, however, upon navigating to the site, the following error message is received:
403 Forbiddan - Access Denied
What change should be made to fix this error'?

Question54: A SysOps Administrator is notified that a security vulnerability affects a version of MySQL that is being used with Amazon RDS MySQL.
Who is responsible for ensuring that the patch is applied to the MySQL cluster?

Question55: A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only All traffic must be over the AWS private network What actions should the SysOps Administrator take to meet these requirements?

Question56: A company wants to reduce costs across the entire company after discovering that several AWS accounts were using unauthorized services and incurring extremely high costs.
Which AWS service enables the company to reduce costs by controlling access to AWS services for all AWS accounts?

Question57: Which component of an Ethernet frame is used to notify a host that traffic is coming?

Question58: A popular auctioning platform requires near-real-time access to dynamic bidding information. The platform must be available at all times The current Amazon RDS instance often reaches 100% CPU utilization during the weekend auction and can no longer be resized. To improve application performance, a sysops administrator is evaluating Amazon ElastiCache and has chosen Redis (cluster mode enabled) instead of Memcached What are reasons for making this choice? (Select TWO.)

Question59: A fleet of servers must send local logs to Amazon CloudWatch.
How should the servers be configured to meet this requirement?

Question60: A company recently implemented an Amazon S3 lifecycle rule that accidentally deleted objects from one of its S3 buckets. The bucket has S3 versioning enabled.
Which actions will restore the objects? (Choose two.)

Question61: A company's application infrastructure was deployed using AWS CloudFormation and is composed of Amazon EC2 instances behind an Application Load Balancer. The instances run an EC2 Auto Scaling group across multiple Availability Zones. When releasing a new version of the application, the update deployment must avoid DNS changes and allow rollback.
Which solution should a sysops administrator use to meet the deployment requirements for this new release?

Question62: A company has deployed a NAT instance to allow web servers to obtain software updates from the internet.
There latency on the NAT instance as the network grows. A SysOps Administrator needs to reduce latency on the instance in a manner that a efficient, cost effective, and allow for scaling with future demand.
Which action should be taken to accomplish this?

Question63: An existing data management application is running on a single Amazon EC2 instance and needs to be moved to a new AWS Region in another AWS account.
How can a SysOps administrator achieve this while maintaining the security of the application?

Question64: A company is concerned about a security vulnerability impacting its Linux operating system.
What should the SysOps Administrator do to alleviate this concern?

Question65: A SysOps Administrator needs to monitor all the object upload and download activity of a single Amazon S3 bucket. Monitoring most include tracking the AWS account of the catier, the IAM user role of the caller, the time of the API call, and the IP address of the API.
Where can the administrator find this information?

Question66: After a network change, application servers cannot connect to the corresponding Amazon RDS MySQL database.
What should the SysOps Administrator analyze?

Question67: After launching a new Amazon EC2 instance from a Microsoft Windows 2012 Amazon Machine Image (AMI), the SysOps Administrator is unable to connect to the instance using Remote Desktop Protocol (RDP).
The instance is also unreachable. As part of troubleshooting, the Administrator deploys a second instance from a different AMI using the same configuration and is able to connect to the instance.
What should be the next logical step in troubleshooting the first instance?

Question68: An application running on Amazon EC2 needs login credentials to access a database. The login credentials are stored in AWS Systems Manager Parameter Store as secure string parameters.
What is the MOST secure way to grant the application access to the credentials?

Question69: A company's Information Security team has requested information on AWS environment compliance for Payment Card Industry (PCI) workloads. They have requested assistance in understanding what specific areas of the PCI standards are the responsibility of the company.
Which AWS tool will provide the necessary information?

Question70: A company requires that all access from on-premises applications to AWS services go over its AWS Direct Connect connection rather than the public internet. How would a SysOps Administrator implement this requirement?

Question71: An environment company has discovered that a number of Amazon EC2 instances in a VPC are marked as high risk according to a Common Vulnerabilities and Expressures (CVE) report. The Security tea, requests that all these instances be upgraded.
Who is responsible for upgrading the EC2 instances?

Question72: A SysOps Administrator has been asked to configure user-defined cost allocation tags for a new AWS account. The company is using AWS Organizations for account management.
What should the Administrator do to enable user-defined cost allocation tags?

Question73: A SysOps adminstrator has received a request from the compliance department to enforce encryption at rest of all new objects uploaded to the corp-compliance bucket.
How can the administrator enforce encryption on all objects uploaded to the bucket?
A) Enable Amazon S3 default encryption on the bucket
B) Add the following policy statement to the bucket:

C) Add the following policy statement to the IAM user permissions policy:

D) Generate a resigned URL for the Amazon S3 PUT operation with server-side encryption flag set, and send

Question74: A SysOps Administrator is troubleshooting an AWS CloudFormation template whereby multiple Amazon EC2 instances are being created. The template is working in us-east-1, but it is failing in us-west-2 with the error code:
AMI [ami-12345678] does not exist.
How should the Administrator ensure that the AWS CloudFormation template is working in every region?

Question75: A company has deployed its infrastructure using AWS CloudFormation Recently the company made manual changes to the infrastructure. A SysOps Administrator is tasked with determining what was changed and updating the CloudFormation template Which solution will ensure all the changes are captured?

Question76: A company is running multiple AWS Lambda functions in a non-VPC environment. Most of the functions are application-specific; an operational function is involved synchronously every hour.
Recently, the Applications team deployed new functions that are triggered based on an Amazon S3 event to process multiple files that are uploaded to an S3 bucket simultaneously. The SysOps Administrator notices that the operational function occasionally fails to execute due to throttling.
What step should the Administrator take to make sure that the operational function executes?

Question77: A SysOps Administrator deployed an AWS elastic Beanstalk worker node environment that reads messages from an auto-generated Amazon simple Queue service (Amazon SQS) queue and deletes them from the queue after processing. Amazon EC2 auto scaling scales in and scales out number of worker nodes based on CPU utilization. After some time, the administrator notices that the number of messages in the SQS queue are increasing significantly.
Which action will remediate the issue?

Question78: A security researcher has published a new Common Vulnerabilities and Exposures (CVE) report that impacts a popular operating system A SysOps Administrator is concerned with the new CVE report and wants to patch the company's systems immediately The Administrator contacts AWS Support and requests the patch be applied to all Amazon EC2 instances How will AWS respond to this request?

Question79: An application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. The Information Security team wants to track application requests by the originating IP and the EC2 instance that processes the request.
Which of the following tools or services provides this information?

Question80: A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.
Which step will fix this issue?

Question81: Based on the AWS Shared Responsibility Model, which of the following actions are the responsibility of the customer for an Aurora database?

Question82: A SysOps Administrator at an ecommerce company discovers that several 404 errors are being sent to one IP address every minute. The Administrator suspects a bot is collecting information about products listed on the company's website.
Which service should be used to block this suspected malicious activity?

Question83: A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company's AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.
What should be done to accomplish this?

Question84: A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket.
Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket.

Question85: A Development team is designing an application that processes sensitive information within a hybrid deployment. The team needs to ensure the application data is protected both in transit and at rest.
Which combination of actions should be taken to accomplish this? (Choose two.)

Question86: A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an ELB Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.
Which condition should be used with the alarm?

Question87: A SysOps Administrator created an AWS CloudFormation template for the first time. The stack failed with a status of ROLLBACK_COMPLETE. The Administrator identified and resolved the template issue causing the failure.
How should the Administrator continue with the stack deployment?

Question88: A company wants to icrease the availability and vulnerability of a critical business application. The appliation currently ueses a MySQL database running on an Amazon EC2 instance. The company wants to minimize application changes.
How should the company these requirements?