EMT Practice Test

1. Question Content...


Question List

Question1: A user has created a subnet with VPC and launched an EC2 instance in that subnet with only default settings.
Which of the below mentioned options is ready to use on the EC2 instance as soon as it is launched?

Question2: Network ACLs are _______.

Question3: A user is trying to create a PIOPS EBS volume with 4000 IOPS and 100 GB size.
AWS does not allow the user to create this volume.
What is the possible root cause for this?

Question4: An application is running on an Amazon EC2 instance. A SysOps Administrator is tasked with allowing the application access to an Amazon S3 bucket.
What should be done to ensure optimal security?

Question5: An Application team has asked a SysOps Administrator to provision an additional environment for an application in four additional regions. The application is running on more than 100 instances in us-east-1, using fully baked AMIs. An AWS CloudFormation template has been created to deploy resources in us- east-1.
What must the SysOps Administrator do to provision the application quickly?

Question6: A company has an application running on a fleet of Microsoft Windows instances. Patches to the operating system need to be applied each month. AWS Systems Manager Patch Manager is used to apply the patches on a schedule.
When the fleet is being patched, customers complain about delayed service responses.
What can be done to ensure patches are deployed with MINIMAL customer impact?

Question7: A company issued SSL certificates to its users, and needs to ensure the private keys that are used to sign the certificates are encrypted. The company needs to be able to store the private keys and perform cryptographic signing operations in a secure environment.
Which service should be used to meet these requirements?

Question8: A Security and Compliance team is reviewing Amazon EC2 workloads for unapproved AMI usage.
Which action should a SysOps Administrator recommend?

Question9: A streaming company is using AWS resources in the us-east-1 Region for its production environment. The web tier of the streaming site runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group across multiple Availability Zones. The Auto Scaling group is configured to scale when the CPU utilization of the instances is greater than 75%. The user database is hosted on an Amazon RDS MySQL cluster, and video content is stored within an Amazon S3 bucket. Amazon CloudWatch metrics show that the RDS MySQL Multi-AZ DB instance has around 16 GB of memory free and an average CPU utilization of 70%. It is taking users in Asia several seconds longer to access the streaming website.
Which combination of actions will improve the access load times? (Choose two.)

Question10: A user has launched an EC2 Windows instance from an instance store backed AMI.
The user has also set the Instance initiated shutdown behavior to stop.
What will happen when the user shuts down the OS?

Question11: The majority of your Infrastructure is on premises and you have a small footprint on AWS.
Your company has decided to roll out a new application that is heavily dependent on low latency connectivity to LOAP for authentication Your security policy requires minimal changes to the company's existing application user management processes.
What option would you implement to successfully launch this application1?

Question12: A SysOps Administrator supports a legacy application that is hardcoded to service example.com.
The application has recently been moved to AWS. The external DNS are managed by a third- party provider. The Administrator has set up an internal domain for example.com and configured this record using Amazon Route.
What solution offers the MOST efficient way to have instances in the same account resolve to the Route 53 service instead of the provider?

Question13: A company has developed a new memory-intensive application that is deployed to a large Amazon EC2 Linux fleet. The company is concerned about potential memory exhaustion, so the development team wants to monitor memory usage by using Amazon CloudWatch.
What is the MOST operationally efficient way to accomplish this goal?

Question14: A user has setup Auto Scaling with ELB on the EC2 instances.
The user wants to configure that whenever the CPU utilization is below 10%, Auto Scaling should remove one instance.
How can the user configure this?

Question15: You have set up an IAM policy for your users to access Elastic Load Balancers and you know that an IAM policy is a JSON document that consists of one or more statements. Which of the following elements is not a part of the statement in an IAM policy document?

Question16: For IAM user, a virtual Multi-Factor Authentication (MFA) device uses an application that generates ______- digit authentication codes that are compatible with the time-based one-time password (TOTP) standard.

Question17: A user has setup a CloudWatch alarm on an EC2 action when the CPU utilization is above 75%.
The alarm sends a notification to SNS on the alarm state.
If the user wants to simulate the alarm action how can he achieve this?

Question18: You can configure Amazon CloudFront to deliver access logs per ________ to an Amazon S3 bucket of your choice.

Question19: Two companies will be working on several development projects together. Each company has an AWS account with a single VPC in us-east-1. Two companies would like to access one another's development servers. The IPv4 CIDR blocks in the two VPCs does not overlap.
What can the SysOps Administrators for each company do to set up network routing?

Question20: A user is trying to connect to a running EC2 instance using SSH.
However, the user gets an Unprotected Private Key File error.
Which of the below mentioned options can be a possible reason for rejection?

Question21: While setting up an AWS managed VPN connection, a SysOPs Administrator creates a customer gateway resource in AWS. The customer gateway device resides in a data center with a NAT gateway in front of it.
What address should be used to create the customer gateway resource?

Question22: A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network.
What actions should the SysOps Administrator take to meet these requirements?

Question23: A user has created a queue named "myqueue" in US-East region with AWS SQS.
The user's AWS account ID is 123456789012.
If the user wants to perform some action on this queue, which of the below Queue URL should he use?

Question24: A SysOps Administrator has been notified that some Amazon EC2 instances in the company's environment might have a vulnerable software version installed.
What should be done to check all of the instances in the environment with the LEAST operational overhead?

Question25: A user has created a VPC with public and private subnets using the VPC wizard.
The VPC has CIDR 20.0.0.0/16.
The private subnet uses CIDR 20.0.0.0/24.
The NAT instance ID is i-a12345.
Which of the below mentioned entries are required in the main route table attached with the private subnet to allow instances to connect with the internet?

Question26: Pricing is ____ consumed for EC2 instances.

Question27: A SysOps Administrator is tasked with deploying and managing a single CloudFormation template across multiple AWS accounts.
What feature of AWS CloudFormation will accomplish this?

Question28: A SysOps Administrator is notified that a security vulnerability affects a version of MySQL that is being used with Amazon RDS MySQL.
Who is responsible for ensuring that the patch is applied to the MySQL cluster?

Question29: Security has identified an IP address that should be explicitly denied for both ingress and egress requests for all services in an Amazon VPC immediately.
Which feature can be used to meet this requirement?

Question30: A SysOps Administrator must devise a strategy for enforcing tagging of all EC2 instances and Amazon Elastic Block Store (Amazon EBS) volumes.
What action can the Administrator take to implement this for real-time enforcement?

Question31: A SysOps Administrator is notified that an automated failover of an Amazon RDS database has occurred.
What are possible causes for this? (Choose two.)

Question32: An application you maintain consists of multiple EC2 instances in a default tenancy VPC.
This application has undergone an internal audit and has been determined to require dedicated hardware for one instance.
Your compliance team has given you a week to move this instance to single-tenant hardware.
Which process will have minimal impact on your application while complying with this requirement?

Question33: A user has set the Alarm for the CPU utilization > 50%. Due to an internal process, the current CPU utilization will be 80% for 6 hours. How can the user ensure that the CloudWatch alarm does not perform any action?

Question34: What is Amazon Import/Export?

Question35: Which service is offered by Auto Scaling?

Question36: A company developed and now runs a memory-intensive application on multiple Amazon EC2 Linux instances. The memory utilization metrics of the EC2 Linux instances must be monitored.
Which combination of actions must be taken to accomplish this? (Choose two.)

Question37: A company wants to increase the availability and durability of a critical business application. The application currently uses a MySQL database running on an Amazon EC2 instance. The company wants to minimize application changes.
How should the company meet these requirements?

Question38: A sys admin is planning to subscribe to the RDS event notifications.
For which of the below mentioned source categories the subscription cannot be configured?

Question39: A user has configured the Auto Scaling group with the minimum capacity as 3 and the maximum capacity as 5.
When the user configures the AS group, how many instances will Auto Scaling launch?

Question40: A company has Sales department and Marketing department. The company uses one AWS account. There is a need to determine what charges are incurred on the AWS platform by each department. There is also a need to receive notifications when a specified cost level is approached or exceeded.
Which two actions must a SysOps Administrator take to achieve both requirements with the LEAST amount of administrative overhead? (Choose two.)

Question41: A user has setup a VPC with CIDR 20.0.0.0/16.
The VPC has a private subnet (20.0.1.0/24. and a public subnet (20.0.0.0/24..
The user's data centre has CIDR of 20.0.54.0/24 and 20.1.0.0/24.
If the private subnet wants to communicate with the data centre, what will happen?

Question42: A SysOps Administrator is receiving multiple reports from customers that they are unable to connect to the company's website. which is being served through Amazon CloudFront.
Customers are receiving HTTP response codes for both 4XX and 5XX errors.
Which metric can the Administrator use to monitor the elevated error rates in CloudFront?

Question43: Which of the following activities is NOT performed by the Auto Scaling policy?

Question44: What does Amazon SES provide?

Question45: A system admin is planning to setup event notifications on RDS.
Which of the below mentioned services will help the admin setup notifications?

Question46: A SysOps administrator is implementing automated I/O load performance testing as part of the continuous integration/continuous delivery (CI/CD) process for an application. The application uses an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume for each instance that is restored from a snapshot and requires consistent I/O performance. During the initial tests, the I/O performance results are sporadic. The SysOps administrator must ensure that the tests yield more consistent results.
Which actions could the SysOps administrator take to accomplish this goal? (Choose two.)

Question47: Which of the following states is not possible for the CloudWatch alarm?

Question48: Bob is an IAM user who has access to the EC2 services. Admin is an IAM user who has access to all the AWS services including IAM. Can Bob change his own password?

Question49: A user has launched an EC2 instance from an instance store backed AMI.
The infrastructure team wants to create an AMI from the running instance.
Which of the below mentioned steps will not be performed while creating the AMI?

Question50: _________ is a fast, reliable, scalable, fully managed message queuing service.

Question51: A Chief Financial Officer has asked for a breakdown of costs per project in a single AWS account using Cost Explorer.
Which combination of options should be set to accomplish this? (Choose two.)

Question52: What does the "configure" command allow an Administrator to do when setting up the AWS CLI?
(Select TWO.)

Question53: An organization recently faced a network outage while uploading data into one of their S3 buckets. This outage generated many incomplete multipart uploads in that S3 bucket. A sysops administrator wants to delete the incomplete multipart uploads and ensure that the incomplete multipart uploads are deleted automatically the next time such an event occurs.
How should this be done?

Question54: An administrator is responding to an alarm that reports increased application latency. Upon review, the Administrator notices that the Amazon RDS Aurora database frequently runs at 100% CPU utilization. The application is read heavy and does frequent lookups of a product table.
What should the Administrator do to reduce the application latency?

Question55: What is Amazon WorkSpaces?

Question56: A company has multiple AWS accounts. The company uses AWS Organizations with an organizational unit (OU) for the production account and another OU for the development account.
Corporate policies state that developers may use only approved AWS services in the production account.
What is the MOST operationally efficient solution to control the production account?

Question57: A user has created a subnet in VPC and launched an EC2 instance within it.
The user has not selected the option to assign the IP address while launching the instance.
The user has 3 elastic IPs and is trying to assign one of the Elastic IPs to the VPC instance from the console.
The console does not show any instance in the IP assignment screen.
What is a possible reason that the instance is unavailable in the assigned IP console?

Question58: A group in IAM can contain many users. Can a user belong to multiple groups?

Question59: An organization, which has the AWS account ID as 999988887777, has created 50 IAM users.
All the users are added to the same group cloudacademy.
If the organization has enabled that each IAM user can login with the AWS console, which AWS login URL will the IAM users use?

Question60: A user accidentally deleted a file from an Amazon EBS volume. The SysOps Administrator identified a recent snapshot for the volume.
What should the Administrator do to restore the user's file from the snapshot?

Question61: A user is observing the EC2 CPU utilization metric on CloudWatch.
The user has observed some interesting patterns while filtering over the 1 week period for a particular hour.
The user wants to zoom that data point to a more granular period.
How can the user do that easily with CloudWatch?

Question62: A company has an application that is running on an Amazon EC2 instance in one Availability Zone. A SysOps administrator needs to make the application highly available. The SysOps administrator has created a launch configuration from the running EC2 instance. The SysOps administrator also has properly configured a load balancer.
What should the SysOps administrator do next to make the application highly available?

Question63: A user has created a VPC with public and private subnets using the VPC wizard.
Which of the below mentioned statements is true in this scenario?

Question64: You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch.
Which method would be the best way to authenticate your CloudWatch PUT request?

Question65: A user has two EC2 instances running in two separate regions.
The user is running an internal memory management tool, which captures the data and sends it to CloudWatch in US East, using a CLI with the same namespace and metric.
Which of the below mentioned options is true with respect to the above statement?

Question66: A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer.
Which of the below mentioned SSL protocols is not supported by the security policy?

Question67: A user has configured an HTTPS listener on an ELB.
The user has not configured any security policy which can help to negotiate SSL between the client and ELB.
What will ELB do in this scenario?

Question68: A Content Processing team has notified a SysOps Administrator that their content is sometimes taking a long time to process, whereas other times it processes quickly. The Content Processing submits messages to an Amazon Simple Queue Service (Amazon SQS) queue, which details the files that need to be processed. An Amazon EC2 instance polls the queue to determine which file to process next.
How could the Administrator maintain a fast but cost-effective processing time?

Question69: In order to optimize performance for a compute cluster that requires low inter-node latency, which feature in the following list should you use?

Question70: A SysOps Administrator is managing an application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS MySQL DB instance. The Administrator must ensure that that application stays available if the database becomes unresponsive.
How can these requirements be met?

Question71: In IAM, a policy has to include the information about who (user) is allowed to access the resource, known as the _____.

Question72: How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone to another?

Question73: You are building an online store on AWS that uses SQS to process your customer orders.
Your backend system needs those messages in the same sequence the customer orders have been put in.
How can you achieve that?

Question74: An organization (account ID 123412341234. has configured the IAM policy to allow the user to modify his credentials.
What will the below mentioned statement allow the user to perform?
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"iam:AddUserToGroup",
"iam:RemoveUserFromGroup",
"iam:GetGroup"
],
"Resource": "arn:aws:iam:: 123412341234:group/TestingGroup"
}]

Question75: Security groups in Amazon VPC ______.

Question76: What does Amazon RDS perform?

Question77: You are tasked with the migration of a highly trafficked Node JS application to AWS.
In order to comply with organizational standards Chef recipes must be used to configure the application servers that host this application and to support application lifecycle events.
Which deployment option meets these requirements while minimizing administrative burden?

Question78: As part of a federated identity configuration, an IAM policy is created and attached to an IAM role.
Who is responsible for creating the IAM policy and attaching it to the IAM role, according to the shared responsibility model?

Question79: An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region. A SysOps Administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deploy.
What is likely to be the problem?

Question80: A SysOps Administrator needs Amazon EC2 instances in two different VPCs in private subnets to be able to communicate. A peering connection between the two VPCs has been created using the AWS Management Console and shows a status of Active. The instances are still unable to send traffic to each other.
Why are the EC2 instances unable to communicate?

Question81: A kernel patch for AWS Linux has been released, and systems need to be updated to the new version. A SysOps administrator must apply an in-place update to an existing Amazon EC2 instance without replacing the instance.
How should the SysOps administrator apply the new software version to the instance?

Question82: Which of the following statements is true of an Auto Scaling group?

Question83: What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment if the primary DB instance fails?

Question84: A company has multiple web applications running on Amazon EC2 instances in private subnets.
The EC2 instances require connectivity to the internet for patching purposes, but cannot be publicly accessible.
Which step will meet these requirements?

Question85: An organization is concerned that its Amazon RDS databases are not protected. The solution to address this issue must be low cost, protect against table corruption that could be overlooked for several days, and must offer a 30-day window of protection.
How can these requirements be met?

Question86: An organization has created 50 IAM users.
The organization wants that each user can change their password but cannot change their access keys.
How can the organization achieve this?

Question87: A company with dozens of AWS accounts wants to ensure that governance rules are being applied across all accounts. The CIO has recommended that AWS Config rules be deployed using an AWS CloudFormation template. How should these requirements be met?

Question88: An organization is using cost allocation tags to find the cost distribution of different departments and projects.
One of the instances has two separate tags with the key/value as "InstanceName/HR",
"CostCenter/HR".
What will AWS do in this case?

Question89: A storage admin wants to encrypt all the objects stored in S3 using server side encryption.
The user does not want to use the AES 256 encryption key provided by S3.
How can the user achieve this?

Question90: A user is planning to scale up an application by 8 AM and scale down by 7 PM daily using Auto Scaling.
What should the user do in this case?

Question91: An organization stores sensitive customer in S3 buckets protected by bucket policies. recently, there have been reports that unauthorized entities within the company have been trying to access the data on those S3 buckets. The Chief Information Security Officer (CISO) would like to know which buckets are being targeted and determine who is responsible for trying to access that information.
Which steps should a SysOps Administrator take to meet the CISO's requirement? (Choose two.)

Question92: A corporate policy requires all new infrastructure deployments to use scalable and reusable resources to improve resources delivery times. The policy also restricts resource configuration management to the systems operations team. The development team requests the ability to deploy resources on demand in an effort to streamline their software development lifecycle.
What can the systems operations team do to ensure company policy is followed while also meeting the development team's requests?

Question93: A sysops administrator set up an Amazon ElastiCache for Memcached cluster for an application.
During testing, the application experiences increased latency. Amazon CloudWatch metrics for the Memcached cluster show CPUUtilization is consistently above 95% and FreeableMemory is consistently under 1 MB.
Which action will solve the problem?

Question94: A user has created a VPC with a public subnet.
The user has terminated all the instances which are part of the subnet.
Which of the below mentioned statements is true with respect to this scenario?

Question95: A local agency plans to deploy 50 Raspberry Pi devices throughout a city. All the devices need to be managed centrally, and their configurations need to be consistent.
What is the BEST service for managing these devices?

Question96: A company Development team to access the AWS Management Console. A System Administrator has been asked to find a solution so that the Developers can sign in to the console using Active Directory (AD) credentials and not as IAM users.
What steps should the Systems Administrator take to enable functionality?

Question97: What does Amazon SES stand for?

Question98: Is it possible to create an S3 bucket accessible only by a certain IAM user using policies in a CloudFormation template?

Question99: A system admin wants to add more zones to the existing ELB.
The system admin wants to perform this activity from CLI.
Which of the below mentioned command helps the system admin to add new zones to the existing ELB?

Question100: A company is evaluating solutions for connecting its data centers to a VPC in an AWS Region running a mission-critical application. A secondary Region has already been set up as a disaster recovery solution. The company needs a consistent, low-latency connection of at least 10 Gbps that must be highly resilient and fault tolerant.
Which solution meets these requirements?

Question101: An AWS CloudFormation template creates an Amazon RDS instance. This template is used to build up development environments as needed and then delete the stack when the environment is no longer required. The RDS-persisted data must be retained for further use, even after the CloudFormation stack is deleted.
How can this be achieved in a reliable and efficient way?

Question102: A user has configured ELB with Auto Scaling.
The user suspended the Auto Scaling terminate process only for a while.
What will happen to the availability zone rebalancing process (AZRebalance. during this period?

Question103: Which of the choices below best describes what Auto Scaling is well suited for?

Question104: What is the default maximum number of VPCs allowed per region?

Question105: You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block.
Your security team has requested that all access from the offending IP address block be denied tor the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?

Question106: A company would like to review each change in the infrastructure before deploying updates in its AWS CloudFormation stacks.
Which action will allow an Administrator to understand the impact of these changes before implementation?

Question107: A user is trying to send custom metrics to CloudWatch using the PutMetricData APIs.
Which of the below mentioned points should the user needs to take care while sending the data to CloudWatch?

Question108: A user has created a VPC with a subnet and a security group.
The user has launched an instance in that subnet and attached a public IP.
The user is still unable to connect to the instance.
The internet gateway has also been created.
What can be the reason for the error?

Question109: A company's AWS account users are launching Amazon EC2 instances without required cost allocation tags. A SysOps administrator needs to prevent users within an organization in AWS Organizations from launching new EC2 instances that do not have the required tags. The solution must require the least possible operational overhead.
Which solution meets these requirements?

Question110: When attached to an Amazon VPC which two components provide connectivity with external networks? (Choose two.)

Question111: A company is setting up a VPC peering connection between its VPC and a customer's VPC. The company VPC is an IPv4 CIDR block of 172.16.0.0/16, and the customer's is an IPv4 CIDR block of 10.0.0.0/16. The SysOps Administrator wants to be able to ping the customer's database private IP address from one of the company's Amazon EC2 instances.
What action should be taken to meet the requirements?

Question112: An AWS root account owner is trying to create a policy to access RDS.
Which of the below mentioned statements is true with respect to the above information?

Question113: A company's customers are reporting increased latency while accessing static web content from Amazon S3. A SysOps Administrator observed a very high rate of read operations on a particular S3 bucket.
What will minimize latency by reducing load on the S3 bucket?

Question114: After installing and configuring the Amazon CloudWatch agent on an EC2 instance, the anticipated system logs are not being received by CloudWatch Logs.
Which of the following are likely to be the cause of this problem? (Select TWO.)

Question115: A SysOps administrator is testing a new batch job. The batch job will upload 20 GB of data from Amazon EC2 instances in a private subnet to an Amazon S3 bucket each day. After the first test is complete, a small cost is reported. The cost has the heading "NAT Gateway - Data Processed." Which change can the SysOps administrator make to eliminate this cost for future tests?

Question116: An organization has developed a new memory-intensive application that is deployed to a large Amazon EG2 Linux fleet. There is concern about potential memory exhaustion, so the Development team wants to monitor memory usage by using Amazon CloudWatch.
What is the MOST efficient way to accomplish this goal?

Question117: Your EC2-Based Multi-tier application includes a monitoring instance that periodically makes application-level read only requests of various application components and if any of those fail more than three times 30 seconds calls CloudWatch lo fire an alarm, and the alarm notifies your operations team by email and SMS of a possible application health problem.
However, you also need to watch the watcher-the monitoring instance itself-and be notified if it becomes unhealthy.
Which of the following Is a simple way to achieve that goal?

Question118: Do Amazon EBS volumes persist independently from the running life of an Amazon EC2 instance?

Question119: What does Amazon EMR stand for?

Question120: The chief financial officer (CFO) of an organization has seen a spike in Amazon S3 storage costs over the last few months. A SysOps administrator suspects that these costs are related to storage for older versions of S3 objects from one of its S3 buckets.
What can the administrator do to confirm this suspicion?

Question121: An admin is planning to monitor the ELB.
Which of the below mentioned services does not help the admin capture the monitoring information about the ELB activity?

Question122: A company has adopted a security policy that requires all customer data to be encrypted at rest.
Currently, customer data is stored on a central Amazon EFS file system and accessed by a number of different applications from Amazon EC2 instances.
How can the SysOps Administrator ensure that all customer data stored on the EFS file system meets the new requirement?

Question123: Which service is offered by Auto Scaling?

Question124: The compliance department within your multi-national organization requires that all data for your customers that reside in the European Union (EU) must not leave the EU and also data for customers that reside in the US must not leave the US without explicit authorization.
What must you do to comply with this requirement for a web based profile management application running on EC2?

Question125: A system admin is managing buckets, objects and folders with AWS S3.
Which of the below mentioned statements is true and should be taken in consideration by the sysadmin?

Question126: An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General Purpose SSD volumes, am Amazon RDS PostgreSQL database, an Amazon EFS file system, and static objects stored in an Amazon S3 bucket. The Security team now mandates that at-rest encryption be turned on immediately for all aspects of the application, without creating new resources and without any downtime. To satisfy the requirements, which one of these services can the SysOps Administrator enable at-rest encryption on?

Question127: A company is using an Amazon ElastiCache for Redis cluster in a production environment. To align with the company's technical requirements, a SysOps administrator needs to select a deployment to provide increased availability and fault tolerance.
Which action should the SysOps administrator take to accomplish this goal?

Question128: A custom application must be installed on all Amazon EC2 instances. The application is small, updated frequently and can be installed automatically.
How can the application be deployed on new EC2 instances?

Question129: A customer is leveraging Amazon Simple Storage Service in eu-west-1 to store static content for a web-based property. The customer is storing objects using the Standard Storage class. Where are the customer's objects replicated?

Question130: An application running on Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones was deployed using an AWS CloudFormation template. The SysOps team has patched the Amazon Machine Image (AMI) version and must update all the EC2 instances to use the new AMI.
How can the SysOps Administrator use CloudFormation to apply the new AMI while maintaining a minimum level of active instances to ensure service continuity?

Question131: A company needs to ensure that all IAM users rotate their passwords on a regular basis.
Which action should be taken take to implement this?

Question132: A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented strict IP whitelisting that requires all build uploads to come from a single IP address.
What change should the systems administrator make to the existing build fleet to comply with this new requirement?

Question133: An Amazon EC2 instance is unable to connect an SMTP server in a different subnet. Other instances are successfully communicating with the SMTP server, however VPC Flow Logs have been enabled on the SMTP server's network interface and show the following information:
2 223342798652 eni-abe77dab 10.1.1.200 10.100.1.10 1123 25 17 70 48252
1515534437 1515535037 REJECT OK
What can be done to correct this problem?

Question134: A Big Data consulting company wants to separate its customers' workloads for billing and security reasons. The company would like to maintain billing and security controls on these workloads.
According to best practices, how can the workloads be separated if no shared resources are needed?

Question135: Amazon EC2 provides virtual computing environments known as _____.

Question136: You have a server with a 5O0GB Amazon EBS data volume.
The volume is 80% full.
You need to back up the volume at regular intervals and be able to re-create the volume in a new Availability Zone in the shortest time possible.
All applications using the volume can be paused for a period of a few minutes with no discernible user impact.
Which of the following backup methods will best fulfill your requirements?

Question137: An organization has configured Auto Scaling with ELB.
One of the instance health check returns the status as Impaired to Auto Scaling.
What will Auto Scaling do in this scenario?

Question138: An organization has two AWS accounts: Development and Production. A SysOps Administrator manages access of IAM users to both accounts. Some IAM users in Development should have access to certain resources in Production.
How can this be accomplished?

Question139: In regard to AWS CloudFormation, to pass values to your template at runtime you should use
____________.

Question140: A SysOps Administrator must run a script on production servers to fix an issue. The company has a policy block all remote interface access to production servers. The Based on this situation how should the Administrator execute the script?

Question141: An organization would like to set up an option for its Developers to receive an email whenever production Amazon EC2 instances are running over 80% CPU utilization.
How can this be accomplished using an Amazon CloudWatch alarm?

Question142: You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration.
Which two mechanisms will allow the application to failover to new instances without the need for reconfiguration? Choose 2 answers

Question143: Can you configure multiple Load Balancers with a single Auto Scaling group?

Question144: A user has setup a CloudWatch alarm on the EC2 instance for CPU utilization.
The user has setup to receive a notification on email when the CPU utilization is higher than 60%.
The user is running a virus scan on the same instance at a particular time.
The user wants to avoid receiving an email at this time.
What should the user do?

Question145: When creation of an EBS snapshot Is initiated but not completed the EBS volume?

Question146: A Systems Administrator is responsible for maintaining custom, approved AMIs for a company.
These AMIs must be shared with each of the company's AWS accounts.
How can the Administrator address this issue?

Question147: A user has configured an SSL listener at ELB as well as on the back-end instances.
Which of the below mentioned statements helps the user understand ELB traffic handling with respect to the SSL listener?

Question148: A sysadmin has created the below mentioned policy on an S3 bucket named cloudacademy.
What does this policy define?
"Statement": [{
"Sid": "Stmt1388811069831",
"Effect": "Allow",
"Principal": { "AWS": "*"},
"Action": [ "s3:GetObjectAcl", "s3:ListBucket"],
"Resource": [ "arn:aws:s3:::cloudacademy]
}]

Question149: A SysOps administrator is re-architecting an application. The SysOps administrator has moved the database from a public subnet, where the database used a public endpoint, into a private subnet to restrict access from the public network. After this change, an AWS Lambda function that requires read access to the database cannot connect to the database. The SysOps administrator must resolve this issue without compromising security.
Which solution meets these requirements?

Question150: A company has a business application hosted on Amazon EC2 instances behind an Application Load Balancer. Amazon CloudWatch metrics show that the CPU utilization on the EC2 instances is very high. There are also reports from users that receive HTTP 503 and 504 errors when they try to connect to the application.
Which action will resolve these issues?

Question151: An organization has been running their website on several m2 Linux instances behind a Classic Load Balancer for more than two years. Traffic and utilization have been constant and predictable.
What should the organization do to reduce costs?

Question152: A user has launched an EC2 instance.
However, due to some reason the instance was terminated.
If the user wants to find out the reason for termination, where can he find the details?

Question153: A SysOps administrator must run a script on production servers to fix an issue. The company has a policy to block all remote interactive access to production servers.
Based on this situation, how should the administrator run the script?

Question154: A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket.
Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket.

Question155: A company wants to review the security requirements of Glacier. Which of the below mentioned statements is true with respect to the AWS Glacier data security?

Question156: A sys admin is maintaining an application on AWS.
The application is installed on EC2 and user has configured ELB and Auto Scaling.
Considering future load increase, the user is planning to launch new servers proactively so that they get registered with ELB.
How can the user add these instances with Auto Scaling?

Question157: A user is launching an EC2 instance in the US East region.
Which of the below mentioned options is recommended by AWS with respect to the selection of the availability zone?

Question158: A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations.
What should a SysOps administrator do to implement this requirement?

Question159: An organization has decided to consolidate storage and move all of its backups and archives to Amazon S3. With all of the data gathered into a hierarchy under a single directory, the organization determines there is 70 TB data that needs to be uploaded. The organization currently has a 150-Mbps connection with 10 people working at the location.
Which service would be the MOST efficient way to transfer this data to Amazon S3?

Question160: As part of an operational audit, an Administrator is tasked with showing that all security responsibilities under the customer's control are properly executed.
Which of the following items is the customer responsible for providing to the auditor? (Select TWO.)

Question161: You are managing the AWS account of a big organization.
The organization has more than 1000+ employees and they want to provide access to the various services to most of the employees.
Which of the below mentioned options is the best possible solution in this case?

Question162: A SysOps Administrator must generate a report that provides a breakdown of all API activity by a specific user the course of a year.
Given that AWS Cloud Trail was enabled, how can this report be generated?

Question163: A SysOps Administrator has an AWS Direct Connect connection in place in region us-east-1, between an AWS account and a data center. The Administrator is now required to connect the data to a VPC in another AWS Region, us-west-2, which must have consistent network performance and low-latency. What is the MOST efficient and quickest way to establish this connectivity?

Question164: In IAM, can you attach more than one inline policy to a particular entity such a user, role, or group?

Question165: A user has configured Auto Scaling with 3 instances.
The user had created a new AMI after updating one of the instances.
If the user wants to terminate two specific instances to ensure that Auto Scaling launches an instances with the new launch configuration, which command should he run?

Question166: A user has created a VPC with two subnets: one public and one private.
The user is planning to run the patch update for the instances in the private subnet.
How can the instances in the private subnet connect to theinternet?

Question167: A company's Auditor implemented a compliance requirement that all Amazon S3 buckets must have logging enabled.
How should the SysOps Administrator ensure this compliance requirement is met, while still permitting Developers to create and use new S3 buckets?

Question168: A user has configured a VPC with a new subnet.
The user has created a security group.
The user wants to configure that instances of the same subnet communicate with each other.
How can the user configure this with the security group?

Question169: You have started a new job and are reviewing your company's infrastructure on AWS.
You notice one web application where they have an Elastic Load Balancer (&B) in front of web instances in an Auto Scaling Group.
When you check the metrics for the ELB in CloudWatch you see four healthy instances.
In Availability Zone (AZ) A and zero in AZ B There are zero unhealthy instances.
What do you need to fix to balance the instances across AZs?

Question170: A company creates custom AMI images by launching new Amazon EC2 instances from an AWS CloudFormation template. It installs and configures necessary software through AWS OpsWorks, and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours, but at times, the process stalls due to installation errors.
The SysOps Administrator must modify the CloudFormation template so if the process stalls, the entire stack will fail and roll back.
Based on these requirements, what should be added to the template?

Question171: What are the benefits of CloudTrail integration with CloudWatch Logs?

Question172: What does AMI stand for?

Question173: Which of the following terms is NOT a key CloudWatch concept?

Question174: The AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. AWS KMS is integrated with other AWS services including Amazon EBS, Amazon S3, Amazon Redshift, Elastic Transcoder, Amazon WorkMail, and Amazon RDS to make it simple to encrypt your data with encryption keys that you manage. AWS KMS is also integrated with AWS CloudTrail to provide you with key usage logs to help meet your regulatory and compliance needs. Which of the following types of cryptography keys is supported by AWS KMS currently?

Question175: An IAM user has two conflicting policies as part of two separate groups. One policy allows him to access an S3 bucket, while another policy denies him the access. Can the user access that bucket?

Question176: A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones. The application uses an Amazon RDS Multi-AZ DB Instance. Amazon Route 53 record sets route requests for dynamic content to the load balancer and requests for static content to an Amazon S3 bucket. Site visitors are reporting extremely long loading times.
Which actions should be taken to improve the performance of the website? (Choose two.)

Question177: A user is running one instance for only 3 hours every day.
The user wants to save some cost with the instance.
Which of the below mentioned Reserved Instance categories is advised in this case?

Question178: A company is managing multiple AWS accounts using AWS Organizations. One of these accounts is used only for retaining logs in an Amazon S3 bucket. The company wants to make sure that compute resources cannot be used in the account.
How can this be accomplished with the LEAST administrative effort?

Question179: An application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. The Information Security team wants to track application requests by the originating IP and the EC2 instance that processes the request.
Which of the following tools or services provides this information?

Question180: In AWS KMS, which of the following is NOT a mode of server-side encryption that you can use to protect data at rest in Amazon S3 ?

Question181: An organization has created 50 IAM users.
The organization has introduced a new policy which will change the access of an IAM user.
How can the organization implement this effectively so that there is no need to apply the policy at the individual user level?

Question182: A user has created a VPC with the public and private subnets using the VPC wizard.
The VPC has CIDR 20.0.0.0/16.
The public subnet uses CIDR 20.0.1.0/24.
The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306..
The user is configuring a security group for the public subnet (WebSecGrp. and the private subnet (DBSecGrp..
Which of the below mentioned entries is required in the web server security group (WebSecGrp.?

Question183: A company has a new requirement stating that all resources in AWS must be tagged according to a set policy. Which AWS service should to enforce and continually identify all resources that are not in compliance with the policy?

Question184: Is it possible to publish your own metrics to CloudWatch?

Question185: A user has enabled versioning on an S3 bucket.
The user is using server side encryption for data at Rest.
If the user is supplying his own keys for encryption (SSE-C., which of the below mentioned statements is true?

Question186: Which of the following services is offered by CloudWatch?

Question187: A company hosts its website on Amazon ECF2 instances behind an ELB Application Load Balancer. The company manages its DNS with Amazon Route 53, and wants to point its domain's zone apex to the website.
Which type of record should be used to meet these requirements?

Question188: You are running a web-application on AWS consisting of the following components an Elastic Load Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and Relational DataBase Service (RDS) MySQL.
Which security measures fall into AWS's responsibility?

Question189: The SysOps Administrator must integrate an existing on-premises asymmetrical key management system into an AWS services platform.
How can the Administrator meet this requirement?

Question190: A root account owner has created an S3 bucket testmycloud.
The account owner wants to allow everyone to upload the objects as well as enforce that the person who uploaded the object should manage the permission of those objects.
Which is the easiest way to achieve this?

Question191: A media company produces new video files on-premises every day with a total size of around
100GBS after compression
All files have a size of 1-2 GB and need to be uploaded to Amazon S3 every night in a fixed time window between 3am and 5am Current upload takes almost 3 hours, although less than half of the available bandwidth is used.
What step(s) would ensure that the file uploads are able to complete in the allotted time window?

Question192: Which of the following statements is true of Elastic Load Balancing?

Question193: A SysOps Administrator is attempting to use AWS Systems Manager Session Manager to initiate a SSH session with an Amazon EC2 instance running on a custom Linux Amazon Machine Image (AMI). The Administrator cannot find the target instance in the Session Manager console.
Which combination of actions will solve this issue? (Choose two.)

Question194: AMIs can be ______________.

Question195: A company application stores document within an Amazon S3 bucket. The application is running on Amazon EC3 in a VPC. A recent change in security requirement states traffic between the company's application and the S3 bucket must leave the Amazon network.
What AWS feature can provide this functionality?

Question196: A user is trying to understand the CloudWatch metrics for the AWS services.
It is required that the user should first understand the namespace for the AWS services.
Which of the below mentioned is not a valid namespace for the AWS services?

Question197: A company is running a popular social media site on EC2 instances. The application stores data in an Amazon RDS for MySQL DB instance and has implemented read caching by using an ElastiCache for Redis (cluster mode enabled) cluster to improve read times. A social event is happening over the weekend, and the SysOps Administrator expects website traffic to triple.
What can a SysOps Administrator do to ensure improved read times for users during the social event?

Question198: A company has a web application that is deployed in a VPC. Inbound traffic to this web application comes in through an internet gateway and arrives at a Network Load Balancer (NLB).
From there, the traffic travels to multiple Amazon EC2 instances in two private subnets. The company wants to perform deep packet inspection on the inbound traffic to identify potential hacking attempts.
Which solution meets these requirements?

Question199: An organization is setting up programmatic billing access for their AWS account.
Which of the below mentioned services is not required or enabled when the organization wants to use programmatic access?

Question200: You can create a CloudWatch alarm that watches a single metric. The alarm performs one or more actions based on the value of the metric relative to a threshold over a number of time periods. Which of the following states is possible for the CloudWatch alarm?

Question201: A user is trying to setup a recurring Auto Scaling process.
The user has setup one process to scale up every day at 8 am and scale down at 7 PM.
The user is trying to setup another recurring process which scales up on the 1st of every month at
8 AM and scales down the same day at 7 PM.
What will Auto Scaling do in this scenario?

Question202: An organization stores sensitive customer information in S3 buckets protected by bucket policies.
Recently, there have been reports that unauthorized entities within the company have been trying to access the data on those S3 buckets. The Chief Information Security Officer (CISO) would like to know which buckets are being targeted and determine who is responsible for trying to access that information.
Which steps should a SysOps Administrator take to meet the CISO's requirement? (Choose two.)

Question203: Which of the following does Amazon S3 provide?

Question204: A user is aware that a huge download is occurring on his instance. He has already set the Auto Scaling policy to increase the instance count when the network I/O increases beyond a certain limit. How can the user ensure that this temporary event does not result in scaling?

Question205: A company has two AWS accounts: development and production. All applications send logs to a specific Amazon S3 bucket for each account, and the Developers are requesting access to the production account S3 buckets to view the logs.
Which is the MOST efficient way to provide the Developers with access?

Question206: You are running a database on an EC2 instance, with the data stored on Elastic Block Store (EBS) for persistence At times throughout the day, you are seeing large variance in the response times of the database queries Looking into the instance with the isolate command you see a lot of wait time on the disk volume that the database's data is stored on.
What two ways can you improve the performance of the database's storage while maintaining the current persistence of the data? Choose 2 answers

Question207: A sysops administrator is trying to deploy a new Amazon EC2 instance using the AWS Management Console, but the instance is failing to launch.
What could be causing this problem? (Choose two.)

Question208: A block device is a storage device that moves data in sequences. How many types of block devices does Amazon EC2 support?

Question209: A user has launched an EC2 instance from an instance store backed AMI.
If the user restarts the instance, what will happen to the ephermal storage data?

Question210: A company is migrating an application to AWS that requires access to a legacy system, which remain in the company's data centre. The application runs inside a VPC in the company's AWS account. The application must offer a consistent and low-latency response to its users.
How can these requirements be met?

Question211: A company has 50 AWS accounts and wants to create an identical Amazon VPC in each account. Any changes the company makes to the VPCs in the future must be implemented on every VPC.
What is the SIMPLEST method to deploy and update the VPCs in each account?

Question212: A new website will run on Amazon EC2 instances behind an Application Load Balancer. Amazon Route 53 will be used to manage DNS records.
What type of record should be set in Route 53 to point the website's apex domain name (for example, "company.com") to the Application Load Balancer?

Question213: An Amazon EC2 instance is unable to connect an SMTP server in a different subnet. Other instances are successfully communicating with the SMTP server, however VPC Flow Logs have been enabled on the SMTP server's network interface and show the following information:
2 223342798652 eni-abe77dab 10.1.1.200 10.100.1.10 1123 25 17 70 48252 1515534437
1515535037 REJECT OK
What can be done to correct this problem?

Question214: A user has enabled instance protection for his Auto Scaling group that has spot instances.
If Auto Scaling wants to terminate an instance in this Auto Scaling group due to a Cloudwatch trigger unrelated to bid price, what will happen?

Question215: A SysOps Administrator working on an Amazon EC2 instance has misconfigured the clock by one hour. The EC2 instance is sending data to Amazon CloudWatch through the CloudWatch agent.
The timestamps on the logs are 45 minutes in the future.
What will be the result of this configuration?

Question216: A web-based application is running in AWS. The application is using a MySQL Amazon RDS database instance for persistence. The application stores transactional data and is read-heavy.
The RDS instance gets busy during the peak usage, which shows the overall application response times.
The SysOps Administrator is asked to improve the read queries performance using a scalable solution.
Which options will meet these requirements? (Choose two.)

Question217: A user has created a VPC with CIDR 20.0.0.0/16 using the wizard.
The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user's data centre.
The user's data centre has CIDR 172.28.0.0/12.
The user has also setup a NAT instance (i-123456. to allow traffic to the internet from the VPN subnet.
Which of the below mentioned options is not a valid entry for the main route table in this scenario?

Question218: Which of the following Identity and Access Management (IAM) policy keys of AWS Direct Connect is used for date/time conditions?

Question219: A company uses AWS CloudFormation to deploy its application infrastructure. Recently, a user accidentally changed a property of a database in a CloudFormation template and performed a stack update that caused an interruption to the application. A SysOps Administrator must determine how to modify the deployment process to allow the DevOps team to continue to deploy the infrastructure, but prevent against accidental modifications to specific resources.
Which solution will meet these requirements?

Question220: You need to determine what encryption operations were taken with which key in AWS KMS to either encrypt or decrypt data in the AWS CodeCommit repository. Which of the following actions will best help you accomplish this?

Question221: A SysOps Administrator must ensure all Amazon EBS volumes currently in use, and those created in the future, are encrypted with a specific AWS KMS customer master key (CMK).
What is the MOST efficient way for the Administrator to meet this requirement?

Question222: A user is receiving a notification from the RDS DB whenever there is a change in the DB security group.
The user does not want to receive these notifications for only a month.
Thus, he does not want to delete the notification.
How can the user configure this?

Question223: A SysOps Administrator management a fleet of instance store-backed Amazon Linux EC2 instances. The SSH key used to access these instances has been lost.
How can SSH access be restored?

Question224: A customer enquires about whether all his data is secure on AWS, and is especially concerned about Elastic Map Reduce (EMR). You need to inform him of some of the security features in place for AWS. Which of the below statements is incorrect regarding EMR or S3?

Question225: A SysOps Administrator stores crash dump files in Amazon S3. New security and privacy measures require that crash dumps older than 6 months be deleted.
Which approach meets this requirement?

Question226: A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes drop to 1 in Amazon CloudWatch.
HealthyHostCount
What is MOST likely causing this issue?

Question227: A SysOps Administrator responsible for an e-commerce web application observes the application does not launch new Amazon EC2 instances at peak times, even though the maximum capacity of the Auto Scaling group has not been reached.
What should the Administrator do to identify the underlying problem? (Choose two.)

Question228: Your company Is moving towards tracking web page users with a small tracking Image loaded on each page Currently you are serving this image out of US-East, but are starting to get concerned about the time It takes to load the image for users on the west coast.
What are the two best ways to speed up serving this image? Choose 2 answers

Question229: A user has launched an RDS MySQL DB with the Multi AZ feature.
The user has scheduled the scaling of instance storage during maintenance window.
What is the correct order of events during maintenance window?
1. Perform maintenance on standby
2. Promote standby to primary
3. Perform maintenance on original primary
4. Promote original master back as primary

Question230: How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?

Question231: A user has created a VPC with the public and private subnets using the VPC wizard.
The VPC has CIDR 20.0.0.0/16.
The public subnet uses CIDR 20.0.1.0/24.
The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306..
The user is configuring a security group for the public subnet (WebSecGrp. and the private subnet (DBSecGrp..
Which of the below mentioned entries is required in the private subnet database security group (DBSecGrp.?

Question232: George has launched three EC2 instances inside the US-East-1a zone with his AWS account.
Ray has launched two EC2 instances in the US-East-1a zone with his AWS account.
Which of the below entioned statements will help George and Ray understand the availability zone (AZ. concept better?

Question233: A SysOps Administrator is analyzing how Reserved Instance discounts are allocated to Amazon EC2 instances across accounts in the company's consolidated bill. Which AWS tool will provide the details necessary to understand the billing charges?

Question234: A company uses multiple accounts for its applications. Account A manages the company's Amazon Route 53 domains and hosted zones. Account B uses a load balancer fronting the company's web servers.
How can the company use Route 53 to point to the load balancer in the MOST cost-effective and efficient manner?

Question235: An organization has created 5 IAM users.
The organization wants to give them the same login ID but different passwords.
How can the organization achieve this?

Question236: A company has several AWS accounts and has set up consolidated billing through AWS Organizations. The total monthly bill has been increasing over several months, and a SysOps Administrator has been asked to determine what is causing this increase.
What is the MOST comprehensive tool that will accomplish this task?

Question237: What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment of the primary OB instance fails?

Question238: A user has launched multiple EC2 instances for the purpose of development and testing in the same region.
The user wants to find the separate cost for the production and development instances.
How can the user find the cost distribution?

Question239: Your VPC automatically comes with a modifiable default network ACL, which by default _____.

Question240: An instance is launched into a VPC subnet with the network ACL configured to allow all inbound traffic and deny all outbound traffic. The instance's security group is configured to allow SSH from any IP address and deny all outbound traffic. What changes need to be made to allow SSH access to the instance?

Question241: You run a web application where web servers on EC2 Instances are In an Auto Scaling group Monitoring over the last 6 months shows that 6 web servers are necessary to handle the minimum load During the day up to 12 servers are needed Five to six days per year, the number of web servers required might go up to 15.
What would you recommend to minimize costs while being able to provide hill availability?

Question242: A user is creating a Cloudformation stack.
Which of the below mentioned limitations does not hold true for Cloudformation?

Question243: A SysOps administrator needs to register targets for a Network Load Balancer (NLB) using IP addresses.
Which prerequisite should the SysOps administrator validate to perform this task?

Question244: A VPC is connected to a company data center by a VPN. An Amazon EC2 instance with the IP address 172.31.16.139 is within a private subnet of the VPC. A SysOps Administrator issued a ping command to the EC2 instance from an on-premises computer with the IP address
203.0.113.12 and did not receive an acknowledgment. VPC Flow Logs were enabled and showed the following:

What action will resolve the issue?

Question245: An application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group that terminates unhealthy instances. The Auto Scaling group is configured to determine the health status of EC2 instances using both EC2 status checks and ALB health checks. The Development team wants to analyze the unhealthy instances before termination.
What should the SysOps Administrator do to accomplish this?

Question246: Which of the following statements is true of tags and resource identifiers for EC2 instances?

Question247: An application running on Amazon EC2 allows users to launch batch jobs for data analysis. The jobs are run asynchronously, and the user is notified when they are complete. While multiple jobs can run concurrently, a user's request need not be fulfilled for up to 24 hours. To run a job, the application launches an additional EC2 instance that performs all the analytics calculations. A job takes between 75 and 110 minutes to complete and cannot be interrupted.
What is the MOST cost-effective way to run this workload?

Question248: Which of the following services can receive an alert from CloudWatch?

Question249: A user has setup an EBS backed instance and attached 2 EBS volumes to it.
The user has setup a CloudWatch alarm on each volume for the disk data.
The user has stopped the EC2 instance and detached the EBS volumes.
What will be the status of the alarms on the EBS volume?

Question250: A user has stored data on an encrypted EBS volume.
The user wants to share the data with his friend's AWS account.
How can user achieve this?

Question251: A SysOps Administrator discovers the organization's tape archival system is no longer functioning in its on-premises data center.
What AWS service can be used to create a virtual tape interface to replace the physical tape system?

Question252: A SysOps Administrator has been tasked with deploying a company's infrastructure as code. The Administrator wants to write a single template that can be reused for multiple environments in a safe, repeatable manner.
What is the recommended way to use AWS CloudFormation to meet this requirement?

Question253: A user has setup a billing alarm using CloudWatch for $200.
The usage of AWS exceeded $200 after some days.
The user wants to increase the limit from $200 to $400.
What should the user do?

Question254: A SysOps Administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and Amazon EC2 in a VPC. All services have logging enabled. The Administrator needs to investigate HTTP Layer 7 status codes from the web application.
Which log sources contain the status codes? (Choose two.)

Question255: AWS IAM permissions can be assigned in two ways:

Question256: You have a Linux EC2 web server instance running inside a VPC The instance is In a public subnet and has an EIP associated with it so you can connect to It over the Internet via HTTP or SSH The instance was also fully accessible when you last logged in via SSH.
and was also serving web requests on port 80.
Now you are not able to SSH into the host nor does it respond to web requests on port 80 that were working fine last time you checked You have double-checked that all networking configuration parameters (security groups route tables.
IGW'EIP. NACLs etc) are properly configured {and you haven't made any changes to those anyway since you were last able to reach the Instance).
You look at the EC2 console and notice that system status check shows "impaired." Which should be your next step in troubleshooting and attempting to get the instance back to a healthy state so that you can log in again?

Question257: An organization has hired an external firm to audit unauthorized changes on the company's AWS environment, the external auditor needs appropriate access.
How can this be accomplished?

Question258: A SysOps Administrator has received a request from the Compliance Department to enforce encryption on all objects uploaded to the corp-compliance bucket.
How can the Administrator enforce encryption on all objects uploaded to the bucket?

Question259: A company has attached the following policy to an IAM user. What of the following actions are allowed for the IAM user?

Question260: A SysOps administrator manages an AWS CloudFormation template that provisions Amazon EC2 instances, an Elastic Load Balancer, and Amazon RDS instances. As part of an ongoing transformation project, CloudFormation stacks are being created and deleted continuously. The administrator needs to ensure that the RDS instances continue running after a stack has been deleted.
Which action should be taken to meet these requirements?

Question261: An ecommerce site is using Amazon ElastiCache with Memcached to store session state for a web application and to cache frequently used data. For the last month, users have been complaining about performance. The metric data for the Amazon EC2 instances and the Amazon RDS instance appear normal, but the eviction count metrics are high.
What should be done to address this issue and improve performance?

Question262: You have a web application leveraging an Elastic Load Balancer (ELB).
In front of the web servers deployed using an Auto Scaling Group.
Your database is running on Relational Database Service (RDS).
The application serves out technical articles and responses to them in general there are more views of an article than there are responses to the article.
On occasion, an article on the site becomes extremely popular resulting in significant traffic Increases that causes the site to go down.
What could you do to help alleviate the pressure on the infrastructure while maintaining availability during these events? (Choose three)

Question263: Which of the following statements is true of Auto Scaling?

Question264: Developers are using IAM access keys to manage AWS resources using AWS CLI. Company policy requires that access keys are automatically disabled when the access key age is greater than 90 days.
Which solution will accomplish this?

Question265: A user is trying to setup a security policy for ELB.
The user wants ELB to meet the cipher supported by the client by configuring the server order preference in ELB security policy.
Which of the below mentioned preconfigured policies supports this feature?

Question266: A SysOps Administrator has implemented a VPC network design with the following requirements:
- Two Availability Zones (AZs)
- Two private subnets
- Two public subnets
- One internet gateway
- One NAT gateway
What would potentially cause applications in the VPC to fail during an AZ outage?

Question267: A SysOps Administrator has configured a CloudWatch agent to send custom metrics to Amazon CloudWatch and is now assembling a CloudWatch dashboard to display these metrics.
What steps should be the Administrator take to complete this task?

Question268: A web application runs on Amazon EC2 instances behind an Elastic Load Balancing Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. A SysOps Administrator has notice that some EC2 instances show up healthy in the Auto Scaling console but show up as unhealthy in the ALB target console.
What could be the issue?

Question269: ___________ is a task coordination and state management service for cloud applications.

Question270: A SysOps Administrator needs an Amazon EBS volume type for a big data application. The application data is accessed infrequently and stored sequentially.
What EBS volume type will be the MOST cost-effective solution?

Question271: A company uses LDAP-based credentials and has a Security Assertion Markup Language (SAML) 2.0 identity provider. A SysOps administrator has configured various federated roles in a new AWS account to provide AWS Management Console access for groups of users that use the existing LDAP-based credentials. Several groups want to use the AWS CLI on their workstations to automate daily tasks. To enable them to do so, the SysOps administrator has created an application that authenticates a user and generates a SAML assertion Which API call should be used to retrieve credentials for federated programmatic access?

Question272: Which of the scaling options given below is not supported by Auto Scaling?

Question273: A user has launched an EC2 instance.
The user is planning to setup the CloudWatch alarm.
Which of the below mentioned actions is not supported by the CloudWatch alarm?

Question274: A SysOps Administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance. The Administrator has been tasked with reconfiguring the infrastructure to support this approach.
How can the Administrator accomplish this with the LEAST administrative overhead?

Question275: When an EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store volumes?

Question276: You use S3 to store critical data for your company Several users within your group currently have lull permissions to your S3 buckets You need to come up with a solution mat does not impact your users and also protect against the accidental deletion of objects.
Which two options will address this issue? Choose 2 answers

Question277: Which of the following statements is NOT true of CloudWatch?

Question278: A SysOps Administrator has an AWS CloudFormation template of the company's existing infrastructure in us-west-2. The Administrator attempts to use the template to launch a new stack in eu-west-1, but the stack only partially deploys, receives an error message, and then rolls back.
Why would this template fail to deploy? (Choose two.)

Question279: A user has enabled termination protection on an EC2 instance.
The user has also set Instance initiated shutdown behaviour to terminate.
When the user shuts down the instance from the OS, what will happen?

Question280: A company's application infrastructure was deployed using AWS CloudFormation and is composed of Amazon EC2 instances behind an Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. When releasing a new version of the application, the update deployment must avoid DNS changes and allow rollback.
Which solution should a SysOps administrator use to meet the deployment requirements for this new release?

Question281: A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials. The application is deployed using AWS CloudFormation to three separate environments: development, test, and production. Each environment requires unique credentials for external services.
What option securely provides the application with the needed credentials while requiring MINIMAL administrative overhead?

Question282: An AWS account owner has setup multiple IAM users.
One IAM user only has CloudWatch access.
He has setup the alarm action which stops the EC2 instances when the CPU utilization is below the threshold limit.
What will happen in this case?

Question283: A user is trying to aggregate all the CloudWatch metric data of the last 1 week.
Which of the below mentioned statistics is not available for the user as a part of data aggregation?

Question284: A user has created a subnet in VPC and launched an EC2 instance within it.
The user has not selected the option to assign the IP address while launching the instance.
Which of the below mentioned statements is true with respect to this scenario?

Question285: A mobile application must allow users to securely access their own content stored in a shared Amazon S3 bucket.
Which AWS services should be used to enable this access? (Choose two.)

Question286: A company has an application database on Amazon RDS that runs a resource-intensive reporting job. This is causing other applications using the database to run slowly.
What should the SysOps Administrator do to resolve this issue?

Question287: Can you use the AWS Identity and Access Management (IAM) to assign permissions determining who can manage or modify RDS resources?

Question288: Which of the following are characteristics of Amazon VPC subnets? (Choose two.)

Question289: Which services allow the customer to retain full administrative privileges of the underlying EC2 instances? Choose 2 answers

Question290: A company is deploying a legacy web application on Amazon EC2 instances behind an ELB Application Load Balancer. The application worked well in the test environment. However, in production, users report that they are prompted to log in to the system several times an hour.
Which troubleshooting step should be taken to help resolve the problem reported by users?

Question291: A company wants to send 70% of its inbound traffic to the us-east-1 region and 30% to the us- east region under normal; conditions. If all the servers go down in one of the regions, the company wants all the traffic to be re-routed to the other region.

Question292: A user has created an ELB with three instances.
How many security groups will ELB create by default?

Question293: A company is using AWS Storage Gateway to create block storage volumes and mount them as Internet Small Computer Systems Interface (iSCSI) devices from on-premises servers. As the Storage Gateway has taken on several new projects, some of the Development teams report that the performance of the iSCSI drives has degraded. When checking the Amazon CloudWatch metrics, a SysOps Administrator notices that the CacheHitPercent metric is below 60% and the CachePercentUsed metric is above 90%.
What steps should the Administrator take to increase Storage Gateway performance?

Question294: A company has a multi-tier web application. In the web tier, all the servers are in private subnets inside a VPC. The development team wants to make changes to the application that requires access to Amazon S3.
What should be done to accomplish this?

Question295: A company's Marketing department generates gigabytes of assets each day and stores them locally. They would like to protect the files by backing them up to AWS. All the assets should be stored on the cloud, but the most recent assets should be available locally for low latency access.
Which AWS service meets the requirements?

Question296: An application is running on Amazon EC2 instances behind an Application Load Balancer (ALB).
The instances are configured in an Amazon EC2 Auto Scaling group. A SysOps Administrator must configure the application to scale based on the number of incoming requests.
Which solution accomplishes this with the LEAST amount of effort?

Question297: A user wants to upload a complete folder to AWS S3 using the S3 Management console.
How can the user perform this activity?

Question298: A company has received a notification in its AWS Personal Health Dashboard that one of its Amazon EBS-backed Amazon EC2 instances is on hardware that is scheduled for maintenance.
The instance runs a critical production workload that must be available during normal business hours.
Which steps will ensure that the instance maintenance does not produce an outage?

Question299: A company has mandated the use factor authentication (MFA) for all user, and requires users to make all API calls using CLI. However, uses are not prompted to enter MFA token, and able to return CLI commands without MF

Question300: A user has created a VPC with CIDR 20.0.0.0/16 using VPC Wizard.
The user has created a public CIDR 20.0.0.0/24. and a VPN only subnet CIDR 20.0.1.0/24.
along with the hardware VPN access to connect to the user's data centre.
Which of the below mentioned components is not present when the VPC is setup with the wizard?

Question301: A user has recently started using EC2.
The user launched one EC2 instance in the default subnet in EC2-VPC.
Which of the below mentioned options is not attached or available with the EC2 instance when it is launched?

Question302: An Organization has been backing up their database backup to Amazon S3. A lifecycle rule has been created to transition these backups to Amazon Glacier storage class. The application development now to restore a backup.
Which step can an Administrator take to restore the backup to Amazon S3 storage?

Question303: A company is running multiple AWS Lambda functions in a non-VPC environment. Most of the functions are application-specific; an operational function is involved synchronously every hour.
Recently, the Applications team deployed new functions that are triggered based on an Amazon S3 event to process multiple files that are uploaded to an S3 bucket simultaneously. The SysOps Administrator notices that the operational function occasionally fails to execute due to throttling.
What step should the Administrator take to make sure that the operational function executes?

Question304: Amazon CloudFront is a ________.

Question305: A user is planning to set up the Multi AZ feature of RDS.
Which of the below mentioned conditions won't take advantage of the Multi AZ feature?

Question306: A user has received a message from the support team that an issue occurred 1 week back between 3 AM to 4 AM and the EC2 server was not reachable.
The user is checking the CloudWatch metrics of that instance.
How can the user find the data easily using the CloudWatch console?

Question307: An organization has configured the custom metric upload with CloudWatch.
The organization has given permission to its employees to upload data using CLI as well SDK.
How can the user track the calls made to CloudWatch?

Question308: Your organization's security policy requires that all privileged users either use frequently rotated passwords or one-time access credentials in addition to username/password.
Which two of the following options would allow an organization to enforce this policy for AWS users? Choose 2 answers

Question309: A SysOps Administrator has been able to consolidate multiple, secure websites onto a single server, and each site is running on a different port. The Administrator now wants to start a duplicate server in a second Availability Zone and put both behind a load balancer for high availability.
What would be the command line necessary to deploy one of the sites' certificates to the load balancer?

Question310: In Amazon EC2, can you create an EBS volume from a snapshot and attach it to another instance?

Question311: An application running on Amazon EC2 instances needs to write files to an Amazon S3 bucket.
What is the MOST secure way to grant the application access to the S3 bucket?

Question312: A SysOps Administrator receives an email from AWS about a production Amazon EC2 instance backed by Amazon EBS that is on a degraded host scheduled for retirement. The scheduled retirement occurs during business-critical hours.
What should be done to MINIMIZE disruption to the business?

Question313: An application accesses data through a file system interface. The application runs on Amazon EC2 instances in multiple Availability Zones, all of which must share the same data. While the amount of data is currently small, the company anticipates that it will grow to tens of terabytes over the lifetime of the application.
What is the MOST scalable storage solution to fulfill the requirement?

Question314: A photo-sharing site delivers content worldwide from a library on Amazon S3 using Amazon CloudFront. Users are trying to access photos that either do not exist or they are not authorized to view.
What should be monitored to better understand the extent of this issue?

Question315: A recent AWS CloudFormation stack update has failed and returned the error . A SysOps Administrator is tasked with returning the CloudFormation stack UPDATE_ROLLBACK_FAILED to its previous working state.
What must be done to accomplish this?

Question316: A company needs to implement a system for object-based storage in a write-once, read-many (WORM) model. Objects cannot be deleted or changed after they are stored, even by an AWS account root user or administrators.
Which solution will meet these requirements?

Question317: A recent audit found that most resources belonging to the Development team were in violation of patch compliance standards. The resources were properly tagged.
Which service should be used to quickly remediate the issue and bring the resources back into compliance?

Question318: A company is concerned about a security vulnerability impacting its Linux operating system.
What should the SysOps Administrator do to alleviate this concern?

Question319: You have set up Individual AWS accounts for each project.
You have been asked to make sure your AWS Infrastructure costs do not exceed the budget set per project for each month.
Which of the following approaches can help ensure that you do not exceed the budget each month?

Question320: Elasticity is one of the benefits of using Elastic Beanstalk. Which of the following best describes the concept of elasticity?

Question321: A SysOps Administrator is creating an Amazon EC2 instance and has received an error.
InsufficientInstanceCapacity
What is the cause of the error and how can it be corrected?

Question322: A user has hosted an application on EC2 instances.
The EC2 instances are configured with ELB and Auto Scaling.
The application server session time out is 2 hours.
The user wants to configure connection draining to ensure that all in-flight requests are supported by ELB even though the instance is being deregistered.
What time out period should the user specify for connection draining?

Question323: A user has granted read/write permission of his S3 bucket using ACL.
Which of the below mentioned options is a valid ID to grant permission to other AWS accounts (grantee. using ACL?

Question324: A root AWS account owner is trying to understand various options to set the permission to AWS S3.
Which of the below mentioned options is not the right option to grant permission for S3?

Question325: An application is being migrated to AWS with the requirement that archived data be retained for at least 7 years.
What Amazon Glacier configuration option should be used to meet this compliance requirement?

Question326: You have been asked to leverage Amazon VPC BC2 and SQS to implement an application that submits and receives millions of messages per second to a message queue.
You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS Which option will provide the most scalable solution for communicating between the application and SQS?

Question327: Which of the CloudWatch services mentioned below is NOT a part of the AWS free tier?

Question328: Malicious traffic is reaching company web servers from a single IP address located in another country. The SysOps Administrator is tasked with blocking this IP address.
How should the Administrator implement the restriction?

Question329: A company in a highly regulated industry has just migrated an Amazon EC2 based application to AWS. For compliance reasons, all network traffic data between the servers must be captured and retained.
Which solution will accomplish this with the LEAST amount of effort?

Question330: A user is trying to understand AWS SNS.
To which of the below mentioned end points is SNS unable to send a notification?

Question331: A SysOps Administrator is creating additional Amazon EC2 instances and receives an InstanceLimitExceeded error.
What is the cause of the issue and how can it be resolved?

Question332: A user is planning to schedule a backup for an existing EBS volume. The user wants the backup to be created through snapshot, and for it to be encrypted. How can the user achieve data encryption with a snapshot?

Question333: Security groups in VPC operate at the ______.

Question334: A company must share monthly report files that are uploaded to Amazon S3 with a third party.
The third- party user list is dynamic, is distributed, and changes frequently. The least amount of access must be granted to the third party. Administrative overhead must be low for the internal teams who manage the process.
How can this be accomplished while providing the LEAST amount of access to the third party?

Question335: Does Amazon RDS support SSL encryption for SQL Server DB Instances?

Question336: A SysOps Administrator has been asked to configure user-defined cost allocation tags for a new AWS account. The company is using AWS Organizations for account management.
What should the Administrator do to enable user-defined cost allocation tags?

Question337: What is the maximum size of an object in Amazon S3?

Question338: A user is planning to setup infrastructure on AWS for the Christmas sales.
The user is planning to use Auto Scaling based on the schedule for proactive scaling.
What advise would you give to the user?

Question339: A user has created a VPC with CIDR 20.0.0.0/24.
The user has used all the IPs of CIDR and wants to increase the size of the VPC.
The user has two subnets: public (20.0.0.0/28. and private (20.0.1.0/28..
How can the user change the size of the VPC?

Question340: A web application accepts orders from online users and places the orders into an Amazon SQS queue. Amazon EC2 instances in an EC2 Auto Scaling group read the messages from the queue, process the orders, and email order confirmations to the users. The Auto Scaling group scales up and down based on the queue depth. At the beginning of each business day, users report confirmation emails are delayed.
What action will address this issue?

Question341: A streaming services company has a three-tier web application hosted on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). When the Auto Scaling group scales in, a deregistration delay occurs and the delay is sometimes longer than the time required to terminate the EC2 instance. A SysOps administrator must ensure that the latest logs are delivered to an external system before the EC2 instance is terminated.
Which solution will solve this problem?

Question342: A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps Administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the Administrator to alter the application code.
The MOST effective way to reduce latency is to relaunch the EC2 instances in:

Question343: A company has a web application that runs both on-premises and on Amazon EC2 instances.
Over time, both the on-premises servers and EC2 instances begin crashing. A SysOps Administrator suspects a memory leak in the application and wants a unified method to monitor memory utilization over time.
How can the Administrator track both the EC2 memory utilization and on-premises server memory utilization over time?

Question344: An Auto-Scaling group spans 3 AZs and currently has 4 running EC2 instances.
When Auto Scaling needs to terminate an EC2 instance by default, AutoScaling will:
Choose 2 answers

Question345: Which two steps are required to generate a report detailing specific cost allocation tags when creating a Monthly Cost Allocation report (Select two.)