Question1: Which of the following is true of Amazon CloudWatch?
Question2:
Question3: A user has setup a CloudWatch alarm on an EC2 action when the CPU utilization is above 75%.
The alarm sends a notification to SNS on the alarm state.
If the user wants to simulate the alarm action how can he achieve this?
Question4:
Question5: An organization has added 3 of his AWS accounts to consolidated billing. One of the AWS accounts has
purchased a Reserved Instance (RI. of a small instance size in the US-East-1a zone. All other AWS accounts are running instances of a small size in the same zone. What will happen in this case for the RI pricing?
Question6: An application you maintain consists of multiple EC2 instances in a default tenancy VPC. This application has undergone an internal audit and has been determined to require dedicated hardware for one instance. Your compliance team has given you a week to move this instance to single-tenant hardware.
Which process will have minimal impact on your application while complying with this requirement?
Question7:
Question8: A user is trying to delete an Auto Scaling group from CLI. Which of the below mentioned steps are to be performed by the user?
Question9: A user has configured a VPC with a new subnet. The user has created a security group. The user wants to configure that instances of the same subnet communicate with each other. How can the user configure this with the security group?
Question10:
Question11: A fleet of servers must send local logs to Amazon CloudWatch.
How should the servers be configured to meet this requirement?
Question12: A SysOps Administrator noticed that the cache hit ratio for an Amazon CloudFront distribution is less than 10%
.
Which collection of configuration changes will increase the cache hit ratio for the distribution? (Choose two.)
Question13:
Question14:
Question15:
Question16: A Chief Financial Officer has asked fof a breakdown of costs per project in a single AWS account using Cost Explorer Which combination of options should be set to accomplish this? (Select TWO.)
Question17:
Question18: An Amazon EC2 instance is unable to connect an SMTP server in a different subnet. Other instances are successfully communicating with the SMTP server, however VPC Flow Logs have been enabled on the SMTP server's network interface and show the following information:
2 223342798652 eni-abe77dab 10.1.1.200 10.100.1.10 1123 25 17 70 48252 1515534437 1515535037 REJECT OK What can be done to correct this problem?
Question19:
Question20: A user has enabled the Multi AZ feature with the MS SQL RDS database server. Which of the below
mentioned statements will help the user understand the Multi AZ feature better?
Question21: A company's application stores documents within an Amazon S3 bucket. The application is running on Amazon EC2 in a VPC. A recent change in security requirements states that traffic between the company's application and the S3 bucket must never leave the Amazon network.
What AWS feature can provide this functionality?
Question22:
Question23: A SysOps Administrator responsible for an e-commerce web application observes the application does not launch new Amazon EC2 instances at peak times, even though the maximum capacity of the Auto Scaling group has not been reached.
What should the Administrator do to identify the underlying problem? (Choose two.)
Question24: Which of the following is an incorrect statement about Amazon CloudWatch?
Question25:
Question26:
Question27:
Question28: A user has configured ELB with two EBS backed instances. The user has stopped the instances for 1 week to save costs. The user restarts the instances after 1 week. Which of the below mentioned statements will help the user to understand the ELB and instance registration better?
Question29: A SysOps administrator created an AWS service catalog portfolio and shared the portfolio with a second AWS account in the company. The second account is controlled by a different administrator.
Which action will the administrator of the second account be able to perform?
Question30:
Question31: Amazon Relational Database Service integrates with _____, a service that lets your organization create users
and groups under your organization's AWS account and assign unique security creden-tials to each user.
Question32: Which component of an Ethernet frame is used to notify a host that traffic is coming?
Question33: A SysOps Administrator must ensure all Amazon EBS volumes currently in use, and those created in the future, are encrypted with a specific AWS KMS customer master key (CMK).
What is the MOST efficient way for the Administrator to meet this requirement?
Question34: A SysOps Administrator needs a report of all IAM users and the status of MFA for each user.
Which IAM feature would meet this requirement?
Question35:
Question36:
Question37:
Question38: A company is running multiple AWS Lambda functions in a non-VPC environment. Most of the functions are
application-specific; an operational function is involved synchronously every hour.
Recently, the Applications team deployed new functions that are triggered based on an Amazon S3 event to
process multiple files that are uploaded to an S3 bucket simultaneously. The SysOps Administrator notices that
the operational function occasionally fails to execute due to throttling.
What step should the Administrator take to make sure that the operational function executes?
Question39:
Question40:
Question41: Amazon S3 provides a number of security features for protection of data at rest, which you can use or not, depending on your threat profile. What feature of S3 allows you to create and manage your own encryption keys for sending data?
Question42:
Question43:
Question44: A security audit revealed that the security groups in a VPC have ports 22 and 3389 open to all, introducing a possible threat that instances can be stopped or configurations can be modified. A sysops administrator needs to automate remediation.
What should the sysops administrator do to meet these requirements?
Question45: A user has created a VPC with CIDR 20.0.0.0/16. The user has created public and VPN only subnets along with hardware VPN access to connect to the user's datacenter. The user wants to make so that all traffic coming to the public subnet follows the organization's proxy policy. How can the user make this happen?
Question46: A user accidentally deleted a file from an Amazon EBS volume. The SysOps Administrator identified a recent snapshot for the volume.
What should the Administrator do to restore the user's file from the snapshot?
Question47: A user is planning to setup notifications on the RDS DB for a snapshot.
Which of the below mentioned event categories is not supported by RDS for this snapshot source type?
Question48:
Question49: A user is checking the CloudWatch metrics from the AWS console. The user notices that the CloudWatch data is coming in UTC. The user wants to convert the data to a local time zone. How can the user perform this?
Question50: After a particularly high AWS bill, an organization wants to review the use of AWS services.
What AWS service will allow the SysOps Administrator to quickly view this information to share it, and will also forecast expenses for the current billing period?
Question51: A new website will run on Amazon EC2 instances behind an Application Load Balancer. Amazon Route 53 will be used to manage DNS records.
What type of record should be set in Route 53 to point the website's apex domain name (for example,
"company.com") to the Application Load Balancer?
Question52: In AWS Identity and Access Management (IAM), you can make use of the ______ APIs to grant users temporary access to your resources.
Question53:
Question54:
Question55: What happens if the instance launched by Auto Scaling becomes unhealthy?
Question56: A user is trying to send custom metrics to CloudWatch using the PutMetricData APIs.
Which of the below mentioned points should the user needs to take care while sending the data to CloudWatch?
Question57: A company has received a notification in its AWS Personal Health Dashboard that one of its Amazon EBS- backed Amazon EC2 instances is on hardware that is scheduled for maintenance. The instance runs a critical production workload that must be available during normal business hours.
Which steps will ensure that the instance maintenance does not produce an outage?
Question58: A company is setting up a VPC peering connection between its VPC and a customer's VPC. The company VPC is an IPv4 CIDR block of 172.16.0.0/16, and the customer's is an IPv4 CIDR block of 10.0.0.0/16. The SysOps Administrator wants to be able to ping the customer's database private IP address from one of the company's Amazon EC2 instances.
What action should be taken to meet the requirements?
Question59: A Big Data consulting company wants to separate its customers' workloads for billing and security reasons.
The company would like to maintain billing and security controls on these workloads.
According to best practices, how can the workloads be separated if no shared resources are needed?
Question60: An application resides on multiple EC2 instances in public subnets in two Availability Zones. To improve security, the Information Security team has deployed an Application Load Balancer (ALB) in separate subnets and pointed the DNS at the ALB instead of the EC2 instances.
After the change, traffic is not reaching the instances, and an error is being returned from the ALB.
What steps must a SysOps Administrator take to resolve this issue and improve the security of the application?
(Select TWO.)
Question61:
Question62:
Question63:
Question64: A user has enabled termination protection on an EC2 instance. The user has also set Instance initiated
shutdown behaviour to terminate. When the user shuts down the instance from the OS, what will happen?
Question65: The networking team has created a VPC in an AWS account. The application team has asked for access to resources in another VPC in the same AWS account. The SysOps Administrator has created the VPC peering connection between both the accounts, but the resources in one VPC cannot communicate with the resources in the other VPC.
What could be causing this issue?
Question66:
Question67: How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone to another?
Question68:
Question69: A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 by mistake. The user is trying to create another subnet of CIDR 20.0.0.1/24. How can the user create the second subnet?
Question70:
Question71: Which of the following services is offered by CloudWatch?
Question72: How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone to another?
Question73:
Question74: A user has enabled detailed CloudWatch metric monitoring on an Auto Scaling group.
Which of the below mentioned metrics will help the user identify the total number of instances in an Auto Scaling group cluding pending, terminating and running instances?
Question75: An organization has configured Auto Scaling for hosting their application. The system admin wants to
understand the Auto Scaling health check process. If the instance is unhealthy, Auto Scaling launches an
instance and terminates the unhealthy instance. What is the order execution?
Question76: A user has enabled termination protection on an EC2 instance. The user has also set Instance initiated shutdown behavior to terminate. When the user shuts down the instance from the OS, what will happen?
Question77: An organization is planning to use AWS for 5 different departments. The finance department is responsible to pay for all the accounts. However, they want the cost separation for each account to map with the right cost center. How can the finance department achieve this?
Question78: A user has created a photo editing software and hosted it on EC2.
The software accepts requests from the user about the photo format and resolution and sends a message to S3 to enhance the picture accordingly.
Which of the below mentioned AWS services will help make a scalable software with the AWS infrastructure in this scenario?
Question79: A user has created a VPC with CIDR 20.0.0.0/16 using the wizard.
The user has created public and VPN only subnets along with hardware VPN access to connect to the user's data centre.
The user has not yet launched any instance as well as modified or deleted any setup.
He wants to delete this VPC from the console.
Will the console allow the user to delete the VPC?
Question80:
Question81:
Question82: A user has launched an EBS backed instance with EC2-Classic. The user stops and starts the instance. Which of the below mentioned statements is not true with respect to the stop/start action?
Question83:
Question84: Which of the following does Amazon S3 provide?
Question85: Each SysOps Administrator at a company has a unique IAM user account. Each user is a member of the SysOps IAM group that has an IAM policy applied. A recent change to the IT security policy states that employees must now use their on-premises Active Directory user accounts to access the AWS Management Console.
Which solution should be used to satisfy these requirements?
Question86: What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment if the primary DB instance fails?
Question87: A company's application stores documents within an Amazon S3 bucket. The application is running on Amazon EC2 in a VPC. A recent change in security requirements states that traffic between the company's application and the S3 bucket must never leave the Amazon network.
What AWS feature can provide this functionality?
Question88:
Question89: Which of the following requires a custom CloudWatch metric to monitor?
Question90:
Question91:
Question92:
Question93:
Question94: Your entire AWS infrastructure lives inside of one Amazon VPC. You have an Infrastructure monitoring
application running on an Amazon instance in Availability Zone (AZ) A of the region, and another application
instance running in AZ
B. The monitoring application needs to make use of ICMP ping to confirm network
reachability of the instance hosting the application.
Can you configure the security groups for these instances to only allow the ICMP ping to pass from the
monitoring instance to the application instance and nothing else? If so how?
Question95: A company has deployed a new application running on Amazon EC2 instances. The application team must
verify for the Security team that all common vulnerabilities and exposures have been addressed, both now and
regularly throughout the application's lifespan.
How can the Application team satisfy the Security team's requirement?
Question96:
Question97:
Question98: An application is generating a log file every 5 minutes. The log file is not critical but may be required only for verification in case of some major issue. The file should be accessible over the internet whenever required.
Which of the below mentioned options is a best possible storage solution for it?
Question99:
Question100:
Question101:
Question102:
Question103: An organization has created a Queue named "modularqueue" with SQS. The organization is not performing any operations such as SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission on the queue. What can happen in this scenario?
Question104: You have decided to change the Instance type for instances running
In your application tier that are using Auto Scaling.
In which area below would you change the instance type definition?
Question105: A user has a refrigerator plant. The user is measuring the temperature of the plant every 15 minutes. If the user wants to send the data to CloudWatch to view the data visually, which of the below mentioned statements is true with respect to the information given above?
Question106:
Question107: A system admin is managing buckets, objects and folders with AWS S3. Which of the below mentioned statements is true and should be taken in consideration by the sysadmin?
Question108: Website users report that an application's pages are loading slowly at the beginning of the workday. The application runs on Amazon EC2 instances, and data is stored in an Amazon RDS database. The SysOps Administrator suspects the issue is related to high CPU usage on a component of this application.
How can the Administrator find out which component is causing the performance bottleneck?
Question109: An instance has enabled basic monitoring only for CloudWatch. What is the minimum time period available for
basic monitoring?
Question110:
Question111: A user is trying to setup a scheduled scaling activity using Auto Scaling. The user wants to setup the recurring schedule. Which of the below mentioned parameters is not required in this case?
Question112: An HTTP web application is launched on Amazon EC2 instances behind an ELB Application Load Balancer. The EC2 instances run across multiple Availability Zones. A network ACL and a security group for the load balancer and EC2 instances allow inbound traffic on port 80. After launch, the website cannot be reached over the internet.
What additional step should be taken?
Question113: In which screen does a user select the Availability Zones while configuring Auto Scaling?
Question114: A user has launched an ELB which has 5 instances registered with it. The user deletes the ELB by mistake. What will happen to the instances?
Question115: A user has configured ELB with Auto Scaling. The user temporarily suspended the Auto Scaling terminate process. What might the Availability Zone Rebalancing process (AZRebalance) consequently cause during this period?
Question116: A user is planning to scale up an application by 8 AM and scale down by 7 PM daily using Auto Scaling.
What should the user do in this case?
Question117: A new website will run on Amazon EC2 instances behind an Application Load Balancer. Amazon Route 53 will
be used to manage DNS records.
What type of record should be set in Route 53 to point the website's apex domain name (for example,
"company.com") to the Application Load Balancer?
Question118: ___________ is a fully managed service for real-time processing of streaming data at massive scale.
Question119:
Question120: A user has created a queue named "myqueue" in US-East region with AWS SQS. The user's AWS account ID is 123456789012. If the user wants to perform some action on this queue, which of the below Queue URL should he use?
Question121: A company is concerned about a security vulnerability impacting its Linux operating system. What should the SysOps Administrator do to alleviate this concern?
Question122:
Question123: A user is collecting 1000 records per second. The user wants to send the data to CloudWatch using the custom namespace. Which of the below mentioned options is recommended for this activity?
Question124: A root AWS account owner is trying to understand various options to set the permission to AWS S3.
Which of the below mentioned options is not the right option to grant permission for S3?
Question125:
Question126: A user has launched an EC2 Windows instance from an instance store backed AMI. The user has also set the Instance initiated shutdown behavior to stop. What will happen when the user shuts down the OS?
Question127: A user has configured ELB with two EBS backed instances. The user has stopped the instances for 1 week to save costs. The user restarts the instances after 1 week. Which of the below mentioned statements will help the user to understand the ELB and instance registration better?
Question128:
Question129:
Question130: A placement group in Amazon EC2 can
Question131:
Question132: A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 by mistake. The user is trying to create another subnet of CIDR 20.0.0.1/24. How can the user create the second subnet?
Question133: A user has received a message from the support team that an issue occurred 1 week back between 3 AM to 4
AM and the EC2 server was not reachable. The user is checking the CloudWatch metrics of that instance. How
can the user find the data easily using the CloudWatch console?
Question134: A SysOps Administrator has implemented a VPC network design with the following requirements:
- Two Availability Zones (AZs)
- Two private subnets
- Two public subnets
- One internet gateway
- One NAT gateway
What would potentially cause applications in the VPC to fail during an AZ outage?
Question135: After installing and configuring the Amazon CloudWatch agent on an EC2 instance, the anticipated system logs are not being received by CloudWatch Logs.
Which of the following are likely to be the cause of this problem? (Select TWO.)
Question136: A user wants to make so that whenever the CPU utilization of the AWS EC2 instance is above 90%, the redlight of his bedroom turns on. Which of the below mentioned AWS services is helpful for this purpose?
Question137: Which of the following does Amazon S3 provide?
Question138:
Question139:
Question140: A system admin wants to add more zones to the existing ELB. The system admin wants to perform this
activity from CLI. Which of the below mentioned command helps the system admin to add new zones to
the existing ELB?
Question141: A user is publishing custom metrics to CloudWatch. Which of the below mentioned statements will help the
user understand the functionality better?
Question142: An application running on Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones
was deployed using an AWS CloudFormation template. The SysOps team has patched the Amazon Machine
Image (AMI) version and must update all the EC2 instances to use the new AMI.
How can the SysOps Administrator use CloudFormation to apply the new AMI while maintaining a minimum
level of active instances to ensure service continuity?
Question143: A user has a weighing plant. The user measures the weight of some goods every 5 minutes and sends data to AWS CloudWatch for monitoring and tracking. Which of the below mentioned parameters is mandatory for the user to include in the request list?
Question144: A user is trying to create a PIOPS EBS volume with 8 GB size and 200 IOPS. Will AWS create the volume?
Question145: A user is planning to setup infrastructure on AWS for the Christmas sales. The user is planning to use Auto Scaling based on the schedule for proactive scaling. What advise would you give to the user?
Question146: A company wants to identify specific Amazon EC2 instances that are underutilized and the estimated cost savings for each instance.
How can this be done with MINIMAL effort?
Question147: You have a Linux EC2 web server instance running inside a VPC.
The instance is In a public subnet and has an EIP associated with it so you can connect to It over the Internet via HTTP or SSH.
The instance was also fully accessible when you last logged in via SSH.
And was also serving web requests on port 80.
Now you are not able to SSH into the host nor does it respond to web requests on port 80 that were working fine last time you checked You have double-checked that all networking configuration parameters (security groups route tables.
IGW'EIP. NACLs etc) are properly configured {and you haven't made any changes to those anyway since you were last able to reach the Instance).
You look at the EC2 console and notice that system status check shows "impaired." Which should be your next step in troubleshooting and attempting to get the instance back to a healthy state so that you can log in again?
Question148: Your EC2-Based Multi-tier application includes a monitoring instance that periodically makes application
-level read only requests of various application components and if any of those fail more than three times 30 seconds calls CloudWatch lo fire an alarm, and the alarm notifies your operations team by email and SMS of a possible application health problem. However, you also need to "watch the watcher" --the monitoring instance itself - and be notified if it becomes unhealthy.
Which of the following is a simple way to achieve that goal?
Question149: In Amazon S3, what is the document that defines who can access a particular bucket or object called?
Question150: A company wants to review the security requirements of Glacier. Which of the below mentioned statements is true with respect to the AWS Glacier data security?
Question151: A user is trying to setup a recurring Auto Scaling process. The user has setup one process to scale up
every day at 8 am and scale down at 7 PM. The user is trying to setup another recurring process which
scales up on the 1st of every month at 8 AM and scales down the same day at 7 PM. What will Auto
Scaling do in this scenario?
Question152: A SysOps Administrator has implemented a VPC network design with the following requirements:
- Two Availability Zones (AZs)
- Two private subnets
- Two public subnets
- One internet gateway
- One NAT gateway
What would potentially cause applications in the VPC to fail during an AZ outage?
Question153: A user has created a VPC with public and private subnets using the VPC wizard.
The VPC has CIDR 20.0.0.0/16.
The private subnet uses CIDR 20.0.0.0/24.
The NAT instance ID is i-a12345.
Which of the below mentioned entries are required in the main route table attached with the private subnet to allow instances to connect with the internet?
Question154:
Question155: A user has configured an EC2 instance in the US-East-1a zone. The user has enabled detailed monitoring of the instance. The user is trying to get the data from CloudWatch using a CLI. Which of the below mentioned CloudWatch endpoint URLs should the user use?
Question156: A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 by mistake. The user is trying to create another subnet of CIDR 20.0.0.1/24. How can the user create the second subnet?
Question157:
Question158: A customer needs to capture all client connection information from their load balancer every five minutes. The company wants to use this data for analyzing traffic patterns and troubleshooting their applications. Which of the following options meets the customer requirements?
Question159: An organization is trying to create various IAM users.
Which of the below mentioned options is not a valid IAM username?
Question160:
Question161: Which of the following services can receive an alert from CloudWatch?
Question162: A company has adopted a security policy that requires all customer data to be encrypted at rest.
Currently, customer data is stored on a central Amazon EFS file system and accessed by a number of different applications from Amazon EC2 instances.
How can the SysOps Administrator ensure that all customer data stored on the EFS file system meets the new requirement?
Question163:
Question164:
Question165: A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16
by mistake. The user is trying to create another subnet of CIDR 20.0.0.1/24. How can the user create the
second subnet?
Question166:
Question167: A sys admin is using server side encryption with AWS S3. Which of the below mentioned statements helps the
user understand the S3 encryption functionality?
Question168: An organization has developed a new memory-intensive application that is deployed to a large Amazon EC2 Linux fleet. There is concern about potential memory exhaustion, so the Development team wants to monitor memory usage by using Amazon CloudWatch.
What is the MOST efficient way to accomplish this goal?
Question169: A Chief Financial Officer has asked fof a breakdown of costs per project in a single AWS account using Cost Explorer Which combination of options should be set to accomplish this? (Select TWO.)
Question170:
Question171: A SysOps Administrator is managing a Memcached cluster in Amazon ElastiCache. The cluster has been heavily used recently, and the Administrator wants to use a larger instance type with more memory. What should the Administrator use to make this change?
Question172: A user has launched multiple EC2 instances for the purpose of development and testing in the same region. The user wants to find the separate cost for the production and development instances. How can the user find the cost distribution?
Question173: A user is accessing RDS from an application.
The user has enabled the Multi AZ feature with the MS SQL RDS DB.
During a planned outage how will AWS ensure that a switch from DB to a standby replica will not affect access to the application?
Question174:
Question175:
Question176: A user is displaying the CPU utilization, and Network in and Network out CloudWatch metrics data of a single instance on the same graph.
The graph uses one Y-axis for CPU utilization and Network in and another Y-axis for Network out.
Since Network in is too high, the CPU utilization data is not visible clearly on graph to the user.
How can the data be viewed better on the same graph?
Question177: Your company Is moving towards tracking web page users with a small tracking Image loaded on each page Currently you are serving this image out of US-East, but are starting to get concerned about the time It takes to load the image for users on the west coast.
What are the two best ways to speed up serving this image? Choose 2 answers
Question178:
Question179:
Question180: In regard to AWS CloudFormation, to pass values to your template at runtime you should use
____________.
Question181: An organization is using AWS since a few months. The finance team wants to visualize the pattern of AWS
spending. Which of the below AWS tool will help for this requirement?
Question182:
Question183: Which of the following are true regarding encrypted Amazon Elastic Block Store (EBS) volumes?
Choose 2 answers
Question184: A user is trying to create an EBS volume with the highest PIOPS supported by EBS. What is the minimum size
of EBS required to have the maximum IOPS?
Question185:
Question186: A Security team is concerned about the potential of intellectual property leaking to the internet. A SysOps Administrator is tasked with identifying controls to address the potential problem. The servers in question reside in a VPC and cannot be allowed to send traffic to the internet.
How can these requirements be met?
Question187:
Question188: A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at Rest.
If the user is supplying his own keys for encryption (SSE-C), which of the below mentioned statements is
true?
Question189:
Question190: The IAM entity "AWS Account" is similar to:
Question191: A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket.
Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket.
Question192: A user has launched an EC2 instance from an instance store backed AMI. The infrastructure team wants to create an AMI from the running instance. Which of the below mentioned credentials is not required while creating the AMI?
Question193:
Question194:
Question195:
Question196:
Question197: A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials. The application is deployed using AWS CloudFormation to three separate environments: development, test, and production. Each environment has unique credentials services.
What option securely provides the application with the needed credentials while requiring MINIMAL administrative overhead?
Question198:
Question199: A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials. The application is deployed using AWS CloudFormation to three separate environments: development, test, and production. Each environment has unique credentials services.
What option securely provides the application with the needed credentials while requiring MINIMAL administrative overhead?
Question200:
Question201:
Question202:
Question203:
Question204: A company has centralized all its logs into one Amazon CloudWatch Logs log group. The SysOps Administrator is to alert different teams of any issues relevant to them.
What is the MOST efficient approach to accomplish this?
Question205: A user has hosted an application on EC2 instances.
The EC2 instances are configured with ELB and Auto Scaling.
The application server session time out is 2 hours.
The user wants to configure connection draining to ensure that all in-flight requests are supported by ELB even though the instance is being deregistered.
What time out period should the user specify for connection draining?
Question206: A SysOps Administrator has an AWS Direct Connect connection in place in region us-east-1, between an AWS account and a data center. The Administrator is now required to connect the data to a VPC in another AWS Region, us-west-2, which must have consistent network performance and low-latency. What is the MOST efficient and quickest way to establish this connectivity?
Question207: A SysOps Administrator has an AWS Lambda function that stops all Amazon EC2 instances in a test environment at night and on the weekend. Stopping instances causes some servers to become corrupt due to the nature of the applications running on them.
What can the SysOps Administrator use to identify these EC2 instances?
Question208: A Chief Financial Officer has asked fof a breakdown of costs per project in a single AWS account using Cost Explorer Which combination of options should be set to accomplish this? (Select TWO.)
Question209:
Question210: A sys admin is trying to understand the Auto Scaling activities. Which of the below mentioned processes is not performed by Auto Scaling?
Question211: Which of the following statements is true of tags and resource identifiers for EC2 instances?
Question212: A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 by mistake. The user is trying to create another subnet of CIDR 20.0.0.1/24. How can the user create the second subnet?
Question213: You have started a new job and are reviewing your company's infrastructure on AWS You notice one web
application where they have an Elastic Load Balancer (&B) in front of web instances in an Auto Scaling
Group When you check the metrics for the ELB in CloudWatch you see four healthy instances In
Availability Zone (AZ) A and zero in AZ B
There are zero unhealthy instances.
What do you need to fix to balance the instances across AZs?
Question214: You have a Linux EC2 web server instance running inside a VPC The instance is In a public subnet and has an EIP associated with it so you can connect to It over the Internet via HTTP or SSH The instance was also fully accessible when you last logged in via SSH. and was also serving web requests on port 80.
Now you are not able to SSH into the host nor does it respond to web requests on port 80 that were working fine last time you checked You have double-checked that all networking configuration parameters (security groups route tables. IGW'EIP. NACLs etc) are properly configured {and you haven't made any changes to those anyway since you were last able to reach the Instance). You look at the EC2 console and notice that system status check shows "impaired."
Which should be your next step in troubleshooting and attempting to get the instance back to a healthy state so that you can log in again?
Question215: Can you configure multiple Load Balancers with a single Auto Scaling group?
Question216: A sys admin has created a shopping cart application and hosted it on EC2. The EC2 instances are running behind ELB. The admin wants to ensure that the end user request will always go to the EC2 instance where the user session has been created. How can the admin configure this?
Question217: An admin is planning to monitor the ELB. Which of the below mentioned services does not help the admin capture the monitoring information about the ELB activity?
Question218: You can create a CloudWatch alarm that watches a single metric. The alarm performs one or more actions based on the value of the metric relative to a threshold over a number of time periods. Which of the following states is possible for the CloudWatch alarm?
Question219: You have identified network throughput as a bottleneck on your ml small EC2 instance when uploading data Into Amazon S3 In the same region.
How do you remedy this situation?
Question220:
Question221:
Question222:
Question223: What does Amazon SWF stand for?
Question224: A storage admin wants to encrypt all the objects stored in S3 using server side encryption. The user does not want to use the AES 256 encryption key provided by S3. How can the user achieve this?
Question225: A user is trying to setup a recurring Auto Scaling process. The user has setup one process to scale up every day at 8 am and scale down at 7 PM. The user is trying to setup another recurring process which scales up on the 1st of every month at 8 AM and scales down the same day at 7 PM. What will Auto Scaling do in this scenario?
Question226:
Question227:
Question228: A user has configured the Auto Scaling group with the minimum capacity as 3 and the maximum capacity as
5. When the user configures the AS group, how many instances will Auto Scaling launch?
Question229:
Question230:
Question231: An application is running on multiple EC2 instances. As part of an initiative to overall infrastructure security, the EC2 instance were moved to a private subnet. However, since moving, the EC2 instance have been able to automatically update, and a SysOps Administrator has not been able to SSH into them remotely.
Which two actions could the Administrator take to security these issues? (select TWO.)
Question232: A user has launched an EBS backed instance. The user started the instance at 9 AM in the morning.
Between 9 AM to 10 AM, the user is testing some script. Thus, he stopped the instance twice and
restarted it. In the same hour the user rebooted the instance once. For how many instance hours will AWS
charge the user?
Question233: A user has created a queue named "myqueue" in US-East region with AWS SQS. The user's AWS account ID is 123456789012. If the user wants to perform some action on this queue, which of the below Queue URL should he use?
Question234: A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in
the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCountdrop to
1 in Amazon CloudWatch.
What is MOST likely causing this issue?
Question235: A Developer created an AWS Lambda function and has asked the SysOps Administrator to make this function run every 15 minutes.
What is the MOST efficient way to accomplish this request?
Question236: A user has created a VPC with public and private subnets. The VPC has CIDR 20.0.0.0/16. The private subnet
uses CIDR 20.0.1.0/24 and the public subnet uses CIDR 20.0.0.0/24. The user is planning to host a web server
in the public subnet (port 80. and a DB server in the private subnet (port 3306). The user is configuring a
security group of the NAT instance. Which of the below mentioned entries is not required for the NAT security
group?
Question237: An organization (Account ID 123412341234) has attached the below mentioned IAM policy to a user. What does this policy statement entitle the user to perform?

Question238: A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials. The application is deployed using AWS CloudFormation to three separate environments: development, test, and production. Each environment has unique credentials services.
What option securely provides the application with the needed credentials while requiring MINIMAL administrative overhead?
Question239: A SysOps Administrator has configured a CloudWatch agent to send custom metrics to Amazon CloudWatch and is now assembling a CloudWatch dashboard to display these metrics.
What steps should be the Administrator take to complete this task?
Question240:
Question241: A SysOps Administrator needs to retrieve a file from the GLACIER storage class of Amazon S3. The Administrator wants to receive an Amazon SNS notification when the file is available for access.
What action should be taken to accomplish this?
Question242: A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. Which of the below mentioned SSL protocols is not supported
by the security policy?
Question243: Your entire AWS infrastructure lives inside of one Amazon VPC. You have an Infrastructure monitoring application running on an Amazon instance in Availability Zone (AZ) A of the region, and another application instance running in AZ
B. The monitoring application needs to make use of ICMP ping to confirm network reachability of the instance hosting the application.
Can you configure the security groups for these instances to only allow the ICMP ping to pass from the monitoring instance to the application instance and nothing else? If so how?
Question244:
Question245: A sysadmin has created the below mentioned policy on an S3 bucket named cloudacademy. The bucket has both AWS.jpg and index.html objects. What does this policy define?

Question246: You are tasked with the migration of a highly trafficked Node JS application to AWS in order to comply with organizational standards Chef recipes must be used to configure the application servers that host this application and to support application lifecycle events.
Which deployment option meets these requirements while minimizing administrative burden?
Question247: A user has created a mobile application which makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK and root account access/secret access key to connect to DynamoDB from mobile. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?
Question248: After installing and configuring the Amazon CloudWatch agent on an EC2 instance, the anticipated system logs are not being received by CloudWatch Logs.
Which of the following are likely to be the cause of this problem? (Select TWO.)
Question249: Which of the following statements about this S3 bucket policy is true?

Question250: A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to
1 in Amazon CloudWatch.
What is MOST likely causing this issue?
Question251: A sys admin has enabled a log on ELB. Which of the below mentioned activities are not captured by the log?
Question252: A company needs to restrict access to an Amazon S3 bucket to Amazon EC2 instances in a VPC only. All traffic must be over the AWS private network.
What actions should the SysOps Administrator take to meet these requirements?
Question253:
Question254:
Question255: You have been asked to propose a multi-region deployment of a web-facing application where a controlled portion of your traffic is being processed by an alternate region.
Which configuration would achieve that goal?
Question256: What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment if the primary DB instance fails?
Question257:
Question258:
Question259: An organization finds that a high number of gps Amazon EBS volumes are running out of space.
Which solution will provides the LEAST description with MINIMAL effort?
Question260: A SysOps Administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance. The Administrator has been tasked with reconfiguring the infrastructure to support this approach.
How can the Administrator accomplish this with the LEAST administrative overhead?
Question261:
Question262:
Question263: Your organization is preparing for a security assessment of your use of AWS.
In preparation for this assessment, which two IAM best practices should you consider implementing? Choose 2 answers
Question264: An ecommerce company uses an Amazon ElastiCache for memcached cluster for in-memory caching of popular product queries on the shopping site. When viewing recent Amazon CloudWatch metrics data for the ElastiCache cluster, the sysops administrator notices a large number of evictions.
Which of the following actions will reduce these evictions? (Select Two)
Question265: The majority of your Infrastructure is on premises and you have a small footprint on AWS Your company has decided to roll out a new application that is heavily dependent on low latency connectivity to LOAP for authentication Your security policy requires minimal changes to the company's existing application user management processes.
What option would you implement to successfully launch this application1?
Question266: A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 by mistake. The user is trying to create another subnet of CIDR 20.0.0.1/24. How can the user create the second subnet?
Question267:
Question268: An organization with large IT department has decided to migrate to AWS. With different job functions in the IT department, it is desirable to give all users access to all AWS resources. Currently the organization handles access via LDAP group membership.
What is the BEST method to allow access using current LDAP credentials?
Question269: A system admin is planning to setup event notifications on RDS. Which of the below mentioned services will help the admin setup notifications?
Question270: A SysOps Administrator launched an Amazon EC2 instance and received a message that the service limit was exceeded for that instance type. What action should the Administrator take to ensure that EC2 instances can be launched?
Question271: A user has configured ELB with a TCP listener at ELB as well as on the back-end instances. The user wants to enable a proxy protocol to capture the source and destination IP information in the header. Which of the below mentioned statements helps the user understand a proxy protocol with TCP configuration?
Question272: A custom application must be installed on all Amazon EC2 instances. The application is small, updated frequently and can be installed automatically.
How can the application be deployed on new EC2 instances?
Question273:
Question274: A streaming services company has a three-tier web application hosted on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). When the Auto Scaling group scales in, a deregistration delay occurs and the delay is sometimes longer than the time required to terminate the EC2 instance. A SysOps administrator must ensure that the latest logs are delivered to an external system before the EC2 instance is terminated.
Which solution will solve this problem?
Question275: A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials. The application is deployed using AWS CloudFormation to three separate environments: development, test, and production. Each environment has unique credentials services.
What option securely provides the application with the needed credentials while requiring MINIMAL administrative overhead?
Question276:
Question277:
Question278: Which of the below mentioned AWS RDS logs cannot be viewed from the console for MySQL?
Question279: Which of the CloudWatch services mentioned below is NOT a part of the AWS free tier?
Question280: A user has launched an ELB which has 5 instances registered with it. The user deletes the ELB by mistake. What will happen to the instances?
Question281: A user has created a photo editing software and hosted it on EC2. The software accepts requests from the user about the photo format and resolution and sends a message to S3 to enhance the picture accordingly. Which of the below mentioned AWS services will help make a scalable software with the AWS infrastructure in this scenario?
Question282:
Question283:
Question284: A user has created a VPC with the public and private subnets using the VPC wizard.
The VPC has CIDR 20.0.0.0/16.
The public subnet uses CIDR 20.0.1.0/24.
The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306..
The user is configuring a security group for the public subnet (WebSecGrp. and the private subnet (DBSecGrp..
Which of the below mentioned entries is required in the private subnet database security group (DBSecGrp.?
Question285:
Question286: A financial service company is running distributed computing software to manage a fleet of 20 servers for their calculations. There are 2 control nodes and 18 worker nodes to run the calculations. Worker nodes can be automatically started by the control nodes when required. Currently, all nodes are running on demand, and the worker nodes are uses for approximately 4 hours each day.
Which combination of actions will be most cost-effective? (Select Two)
Question287: A company is using AWS Organizations to manage all of their accounts. The Chief Technology Officer wants to prevent certain services from being used within production accounts until the services have been internally certified. They are willing to allow developers to experiment with these uncertified services in development accounts but need a way to ensure that these services are not used within production accounts.
Which option ensures that services are not allowed within the production accounts, yet are allowed in separate development accounts with the LEAST administrative overhead?
Question288:
Question289: An image processing system runs asynchronously on AWS Lambda. A SysOps administrator is configuring a Lambda function to notify developers when an image falls to process after three attempts. The SysOps administrator has created an Amazon Simple Notification Service (Amazon SNS) topic to notify the developers.
Which additional action should the SysOps administrator take to meet this requirement?
Question290: Based on the AWS Shared Responsibility Model, which of the following actions are the responsibility of the customer for an Aurora database?
Question291: A company must ensure that any objects upload to an bucket are encrypted. Which of the following actions will meet this requirement? (Select TWO.)
Question292:
Question293: Network ACLs are _______.
Question294:
Question295: You have been asked to leverage Amazon VPC BC2 and SOS to implement an application that submits and receives millions of messages per second to a message queue.
You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS Which option will provide the most scalable solution for communicating between the application and SOS?
Question296: An application resides on multiple EC2 instances in public subnets in two Availability Zones. To improve security, the Information Security team has deployed an Application Load Balancer (ALB) in separate subnets and pointed the DNS at the ALB instead of the EC2 instances.
After the change, traffic is not reaching the instances, and an error is being returned from the ALB.
What steps must a SysOps Administrator take to resolve this issue and improve the security of the application? (Select TWO.)
Question297:
Question298: A photo-sharing site delivers content worldwide from a library on Amazon S3 using Amazon CloudFront. Users are trying to access photos that either do not exist or they are not authorized to view.
What should be monitored to better understand the extent of this issue?
Question299: A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials. The application is deployed using AWS CloudFormation to three separate environments: development, test, and production. Each environment has unique credentials services.
What option securely provides the application with the needed credentials while requiring MINIMAL administrative overhead?
Question300:
Question301: A company has a VPC with public and private subnets. An Amazon EC2 based application resides in the private subnets and needs to process raw .csv files stored in an Amazon S3 bucket. A SysOps administrator has set up the correct IAM role with the required permissions for the application to access the S3 bucket, but the application is unable to communicate with the S3 bucket.
Which action will solve this problem while adhering to least privilege access?
Question302: A user is sending custom data metrics to CloudWatch. What is the allowed time stamp granularity for each data point published for the custom metric?
Question303: The billing process for Amazon EC2 instances was updated as of October 2, 2017. Which of the following statements is true regarding how you pay for Amazon EC2 instances? (Choose two.)
Question304: A user is trying to create a PIOPS EBS volume with 8 GB size and 200 IOPS. Will AWS create the volume?
Question305: A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned services does not provide detailed monitoring with CloudWatch?
Question306:
Question307: Spot instances are ideally designed for which purpose below?
Question308: You are tasked with the migration of a highly trafficked Node JS application to AWS In order to comply
with organizational standards Chef recipes must be used to configure the application servers that host
this application and to support application lifecycle events.
Which deployment option meets these requirements while minimizing administrative burden?
Question309: Amazon S3 provides a number of security features for protection of data at rest, which you can use or not, depending on your threat profile. What feature of S3 allows you to create and manage your own encryption keys for sending data?
Question310: When creation of an EBS snapshot Is initiated but not completed the EBS volume?
Question311:
Question312:
Question313: A company has mandated the use factor authentication (MFA) for all user, and requires users to make all API calls using CLI. However, uses are not prompted to enter MFA token, and able to return CLI commands without MF
Question314: What happens if the instance launched by Auto Scaling becomes unhealthy?
Question315: A user has hosted an application on EC2 instances. The EC2 instances are configured with ELB and Auto Scaling. The application server session time out is 2 hours. The user wants to configure connection draining to ensure that all in-flight requests are supported by ELB even though the instance is being deregistered. What time out period should the user specify for connection draining?
Question316: Which AWS service offers cost optimization by launching instances automatically only when need-ed?
Question317: A user is trying to setup a security policy for ELB. The user wants ELB to meet the cipher supported by the client by configuring the server order preference in ELB security policy. Which of the below mentioned preconfigured policies supports this feature?
Question318:
Question319:
Question320: A user has recently started using EC2. The user launched one EC2 instance in the default subnet in
EC2-VPC. Which of the below mentioned options is not attached or available with the EC2 instance when
it is launched?
Question321: A company wants to increase the availability and durability of a critical business application. The application currently uses a MySQL database running on an Amazon EC2 instance. The company wants to minimize application changes.
How should the company meet these requirements?
Question322:
Question323:
Question324: A SysOps Administrator is configuring AWS SSO for the first time. The Administrator has already created a
directory in the master account using AWS Directory Service and enabled full access in AWS Organizations.
What should the Administrator do next to configure the service?
Question325:
Question326: A user has configured ELB with Auto Scaling. The user temporarily suspended the Auto Scaling terminate process. What might the Availability Zone Rebalancing process (AZRebalance) consequently cause during this period?
Question327: A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials. The application is deployed using AWS CloudFormation to three separate environments: development, test, and production. Each environment has unique credentials services.
What option securely provides the application with the needed credentials while requiring MINIMAL administrative overhead?
Question328:
Question329:
Question330: A SysOps Administrator is running an auto-scaled application behind a Classic Load Balancer. Scaling out is triggered when the CPUUtilization instance metric is more than 75% across the Auto Scaling group. The Administrator noticed aggressive scaling out and after discussing with developers, an application memory leak is suspected causing aggressive garbage collection cycle.
How can the Administrator troubleshoot the application without triggering the scaling process?
Question331: Your VPC automatically comes with a modifiable default network ACL, which by default _____.
Question332: A sys admin is trying to understand the sticky session algorithm. Please select the correct sequence of steps, both when the cookie is present and when it is not, to help the admin understand the implementation of the sticky session:
Question333:
Question334: An application is being developed that will be across a fleet of Amazon EC2 instances, which requires a consistent a view of persistent data item. Stored very in size from 1kB to 300MB, the item are read frequently, created occasionally, and often requires partial changes without conflict. The data store is excepted to grow beyond 2TB, and items will be expired according to age and type.
Which AWS service solution meet these requirements?
Question335:
Question336:
Question337: A media company produces new video files on-premises every day with a total size of around 100 GBS after compression All files have a size of 1 -2 GB and need to be uploaded to Amazon S3 every night in a fixed time window between 3am and 5am Current upload takes almost 3 hours, although less than half of the available bandwidth is used.
What step(s) would ensure that the file uploads are able to complete in the allotted time window?
Question338:
Question339:
Question340:
Question341: A new application is being tested for deployment on an Amazon EC2 instance that requires greater IOPS than currently provided by the single 4TB General Purpose SSD (gp2) volume.
Which actions should be taken to provide additional Amazon EBS IOPS for the application? (Choose two.)
Question342: You receive a frantic call from a new DBA who accidentally dropped a table containing all your customers.
Which Amazon RDS feature will allow you to reliably restore your database to within 5 minutes of when the mistake was made?
Question343: A user is configuring the Multi AZ feature of an RDS DB. The user came to know that this RDS DB does not use the AWS technology, but uses server mirroring to achieve HA. Which DB is the user using right now?
Question344: Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases/ decreases and has been performing well. Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks. Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175.
What should you do to avoid potential service disruptions during the ramp up in traffic?
Question345:
Question346:
Question347: An application resides on multiple EC2 instances in public subnets in two Availability Zones. To improve security, the Information Security team has deployed an Application Load Balancer (ALB) in separate subnets and pointed the DNS at the ALB instead of the EC2 instances.
After the change, traffic is not reaching the instances, and an error is being returned from the ALB.
What steps must a SysOps Administrator take to resolve this issue and improve the security of the application?
(Select TWO.)
Question348:
Question349: A user has launched an ELB which has 5 instances registered with it. The user deletes the ELB by mistake. What will happen to the instances?
Question350: Fill in the blanks: One of the basic characteristics of security groups for your VPC is that you
______ .
Question351: A user is displaying the CPU utilization, and Network in and Network out CloudWatch metrics data of a single instance on the same graph. The graph uses one Y-axis for CPU utilization and Network in and another Y-axis for Network out. Since Network in is too high, the CPU utilization data is not visible clearly on graph to the user. How can the data be viewed better on the same graph?
Question352: You receive a frantic call from a new DBA who accidentally dropped a table containing all your customers.
Which Amazon RDS feature will allow you to reliably restore your database to within 5 minutes of when the mistake was made?
Question353: A user is trying to pre-warm a blank EBS volume attached to a Linux instance. Which of the below mentioned steps should be performed by the user?
Question354: A company has centralized all its logs into one Amazon CloudWatch Logs log group. The SysOps Administrator is to alert different teams of any issues relevant to them.
What is the MOST efficient approach to accomplish this?
Question355: A user has launched an EBS backed EC2 instance in the US-East-1a region.
The user stopped the instance and started it back after 20 days.
AWS throws up an `InsufficientInstanceCapacity' error.
What can be the possible reason for this?
Question356: A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring on Auto Scaling. Which of the below mentioned statements will help the user understand the functionality better?
Question357:
Question358: When rebalancing, Auto Scaling launches new instances before terminating the old ones, so that re- balancing does not compromise the performance or availability of your application. Because Auto Scaling attempts to launch new instances before terminating the old ones, being at or near the speci-fied maximum capacity could impede or completely halt rebalancing activities. What does Auto Scaling do in order to avoid this problem?
Question359: A Chief Financial Officer has asked fof a breakdown of costs per project in a single AWS account using Cost Explorer Which combination of options should be set to accomplish this? (Select TWO.)
Question360: What was the recommended use case for S3 Reduced Redundancy storage before its deprecation was planned?
Question361: A SysOps Administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue the bucket owner, the Administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution.
Which action should the Administrator take to ensure that users access objects in Amazon S3 by using only CloudFront URLs?
Question362: What does Amazon Route53 provide?
Question363:
Question364:
Question365: A root account owner has created an S3 bucket testmycloud. The account owner wants to allow everyone
to upload the objects as well as enforce that the person who uploaded the object should manage the
permission of those objects. Which is the easiest way to achieve this?
Question366: A user has created a subnet in VPC and launched an EC2 instance within it. The user has not selected the
option to assign the IP address while launching the instance. The user has 3 elastic IPs and is trying to assign
one of the Elastic IPs to the VPC instance from the console. The console does not show any instance in the IP
assignment screen. What is a possible reason that the instance is unavailable in the assigned IP console?
Question367: Which AWS service offers cost optimization by launching instances automatically only when need-ed?
Question368: A colleague is attempting to launch several new CloudFormation stacks, and receives the following error response:

What should be done to address the error?
Question369: You have a server with a 5O0GB Amazon EBS data volume. The volume is 80% full. You need to back up the volume at regular intervals and be able to re-create the volume in a new Availability Zone in the shortest time possible. All applications using the volume can be paused for a period of a few minutes with no discernible user impact.
Which of the following backup methods will best fulfill your requirements?
Question370:
Question371: How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone to another?
Question372: A SysOps Administrator is running Amazon EC2 instances in multiple AWS Regions. The Administrator wants
to aggregate the CPU utilization for all instances onto an Amazon CloudWatch dashboard. Each region should
be present on the dashboard and represented by a single graph that contains the CPU utilization for all
instances in that region.
How can the Administrator meet these requirements?
Question373:
Question374: A user wants to disable connection draining on an existing ELB. Which of the below mentioned statements helps the user disable connection draining on the ELB?
Question375: AWS IAM permissions can be assigned in two ways:
Question376: An organization stores files on Amazon S3. Employees download the files, edit them with the same file name to the same folder on Amazon S3. Occasionally the files are unintentionally modified or deleted.
What is the MOST cost-effective way to ensure that these files can be recovered to their correct state?
Question377:
Question378: A user has configured an ELB to distribute the traffic among multiple instances. The user instances are facing some issues due to the back-end servers. Which of the below mentioned CloudWatch metrics helps the user understand the issue with the instances?
Question379: A user has created a photo editing software and hosted it on EC2. The software accepts requests from the user about the photo format and resolution and sends a message to S3 to enhance the picture accordingly.Which of the below mentioned AWS services will help make a scalable software with the AWS infrastructure in this scenario?
Question380: A company received its latest bill with a large increase in the number of requests against Amazon SQS as compared to the month prior. The company is not aware of any changes in its SQS usage. The company is concerned about the cost increase and who or what was making these calls.
What should the SysOps Administrator use to validate the calls made to SQS?
Question381: A user is having data generated randomly based on a certain event. The user wants to upload that data to CloudWatch. It may happen that event may not have data generated for some period due to andomness. Which of the below mentioned options is a recommended option for this case?
Question382: A SysOps Administrator manages an Amazon RDS MySQL DB instance in production. The database is accessed by several applications. The Administrator needs to ensure minimal downtime of the applications in the event the database suffers a failure. This change must not impact customer use during regular business hours.
Which action will make the database MORE highly available?
Question383: You need to set up security for your VPC and you know that Amazon VPC provides two features that you can use to increase security for your VPC: Security groups and network access control lists (ACLs). You start to look into security groups first. Which statement below is incorrect in relation to security groups?
Question384:
Question385: A user has moved an object to Glacier using the life cycle rules. The user requests to restore the archive after
6 months. When the restore request is completed the user accesses that archive. Which of the below mentioned statements is not true in this condition?
Question386:
Question387:
Question388:
Question389: A photo-sharing site delivers content worldwide from a library on Amazon S3 using Amazon CloudFront.
Users are trying to access photos that either do not exist or they are not authorized to view.
What should be monitored to better understand the extent of this issue?
Question390: An application resides on multiple EC2 instances in public subnets in two Availability Zones. To improve security, the Information Security team has deployed an Application Load Balancer (ALB) in separate subnets and pointed the DNS at the ALB instead of the EC2 instances.
After the change, traffic is not reaching the instances, and an error is being returned from the ALB.
What steps must a SysOps Administrator take to resolve this issue and improve the security of the application?
(Select TWO.)
Question391: A manufacturing company uses an Amazon RDS DB instance to store inventory of all stock items. The company maintains several AWS Lambda functions that interact with the database to add, update, and delete items. The Lambda functions use hardcoded credentials to connect to the database.
A SysOps administrator must ensure that the database credentials are never stored in plaintext and that the password is rotated every 30 days.
Which solution will meet these requirements in the MOST operationally efficient manner?
Question392:
Question393:
Question394: A block device is a storage device that moves data in sequences. How many types of block devices does
Amazon EC2 support?
Question395: A root AWS account owner is trying to understand various options to set the permission to AWS S3. Which of the below mentioned options is not the right option to grant permission for S3?
Question396: Your organization is preparing for a security assessment of your use of AWS.
In preparation for this assessment, which two IAM best practices should you consider implementing?
(Choose two.)
Question397: A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user's data center. Which of the below mentioned options is a valid entry for the main route table in this scenario?
Question398:
Question399:
Question400: An organization is measuring the latency of an application every minute and storing data inside a file in the JSON format. The organization wants to send all latency data to AWS CloudWatch. How can the organization achieve this?
Question401: An application running on Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones was deployed using an AWS CloudFormation template. The SysOps team has patched the Amazon Machine Image (AMI) version and must update all the EC2 instances to use the new AMI.
How can the SysOps Administrator use CloudFormation to apply the new AMI while maintaining a minimum level of active instances to ensure service continuity?
Question402: A user has granted read/write permission of his S3 bucket using ACL. Which of the below mentioned options is a valid ID to grant permission to other AWS accounts (grantee. using ACL?
Question403:
Question404: What is the default maximum number of VPCs allowed per region?
Question405: An organization stores files on Amazon S3. Employees download the files, edit them with the same file name to the same folder on Amazon S3. Occasionally the files are unintentionally modified or deleted.
What is the MOST cost-effective way to ensure that these files can be recovered to their correct state?
Question406: A user is planning to use AWS services for his web application. If the user is trying to set up his own billing management system for AWS, how can he configure it?
Question407:
Question408:
Question409:
Question410:
Question411: A VPC is connected to a company data center by a VPN. An Amazon EC2 instance with the IP address 172.31.16.139 is within a private subnet of the VPC. A SysOps Administrator issued a ping command to the EC2 instance from an on-premises computer with the IP address
203.0.113.12 and did not receive an acknowledgment. VPC Flow Logs were enabled and showed the following:

What action will resolve the issue?
Question412:
Question413: A company has an AWS account for each department and wants to consolidate billing and reduce overhead.
The company wants to make sure that the finance team is denied from accessing services other than Amazon EC2: the security team is denied from accessing services other than AWS CloudTrail. and IT can access any resource.
Which solution meets these requirements with the LEAST amount of operational overhead''
Question414:
Question415: An application running on Amazon EC2 needs login credentials to access a database. The login credentials are stored in AWS Systems Manager Parameter Store as secure string parameters.
What is the MOST secure way to grant the application access to the credentials?
Question416: A user has created a web application with Auto Scaling. The user is regularly monitoring the application and he observed that the traffic is highest on Thursday and Friday between 8 AM to 6 PM. What is the best solution to handle scaling in this case?
Question417:
Question418: An AWS account owner has setup multiple IAM users. One IAM user only has CloudWatch access. He has setup the alarm action which stops the EC2 instances when the CPU utilization is below the threshold limit. What will happen in this case?
Question419: A user has launched 10 instances from the same AMI ID using Auto Scaling. The user is trying to see the average CPU utilization across all instances of the last 2 weeks under the CloudWatch console. How can the user achieve this?
Question420: A user is observing the EC2 CPU utilization metric on CloudWatch.
The user has observed some interesting patterns while filtering over the 1 week period for a particular hour.
The user wants to zoom that data point to a more granular period.
How can the user do that easily with CloudWatch?
Question421: A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials. The application is deployed using AWS CloudFormation to three separate environments: development, test, and production. Each environment has unique credentials services.
What option securely provides the application with the needed credentials while requiring MINIMAL administrative overhead?
Question422: A SysOps Administrator is running an auto-scaled application behind a Classic Load Balncer. Scaling out is triggered when the CPUUtilization instance metric is more than 75% across the Auto Scaling group. The Administrator noticed aggressive scaling out and after discussing with developers, an application memory leak is suspected causing aggressive garbage collection cycle.
How can the Administrator troubleshoot the application without triggering the scaling process?
Question423: An organization has created 5 IAM users. The organization wants to give them the same login ID but
different passwords. How can the organization achieve this?
Question424: A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 by mistake. The user is trying to create another subnet of CIDR 20.0.0.1/24. How can the user create the second subnet?
Question425:
Question426: A SysOps Administrator manages an application that stores object metadata in Amazon S3.
There is a requirement to have S2 server-side encryption enabled on all new objects in the bucket.
How can the Administrator ensure that all new objects to the bucket satisfy this requirement?
Question427:
Question428: A user wants to disable connection draining on an existing ELB. Which of the below mentioned statements helps the user disable connection draining on the ELB?
Question429:
Question430:
Question431: An organization has created 50 IAM users.
The organization has introduced a new policy which will change the access of an IAM user.
How can the organization implement this effectively so that there is no need to apply the policy at the individual user level?
Question432: You have set up Individual AWS accounts for each project.
You have been asked to make sure your AWS Infrastructure costs do not exceed the budget set per project for each month.
Which of the following approaches can help ensure that you do not exceed the budget each month?
Question433: A user has created a public subnet with VPC and launched an EC2 instance within it. The user is trying to delete the subnet. What will happen in this scenario?
Question434:
Question435: Elastic Load Balancing automatically distributes incoming traffic across multiple _____ instances.
Question436: A SysOps Administrator using AWS KMS needs to rotate all customer master keys (CMKs) every week to meet information security guidelines.
Which option would meet the requirement?
Question437: A sys admin is trying to understand the sticky session algorithm. Please select the correct sequence of steps, both when the cookie is present and when it is not, to help the admin understand the implementation of the sticky session:
1. ELB inserts the cookie in the response
2. ELB chooses the instance based on the load balancing algorithm
3. Check the cookie in the service request
4. The cookie is found in the request
5. The cookie is not found in the request
Question438: Which of the following statements is true of IAM?
Question439:
Question440: An organization has configured the custom metric upload with CloudWatch. The organization has given permission to its employees to upload data using CLI as well SDK. How can the user track the calls made to CloudWatch?
Question441:
Question442: A Chief Financial Officer has asked fof a breakdown of costs per project in a single AWS account using Cost Explorer Which combination of options should be set to accomplish this? (Select TWO.)
Question443: Do Amazon EBS volumes persist independently from the running life of an Amazon EC2 instance?
Question444:
Question445: A SysOps Administrator has implemented an Auto Scaling group with a step scaling policy. The
Administrator notices that the additional instances have not been included in the aggregated metrics.
Why are the additional instances missing from the aggregated metrics?
Question446: A user has enabled termination protection on an EC2 instance. The user has also set Instance initiated
shutdown behavior to terminate. When the user shuts down the instance from the OS, what will happen?
Question447: What does Amazon IAM provide?
Question448: A security audit revealed that the security groups in a VPC have ports 22 and 3389 open to all, introducing a possible threat that instances can be stopped or configurations can be modified. A SysOps administrator needs to automate remediation.
What should the administrator do to meet these requirements?
Question449: A user is trying to create a list of IAM users with the AWS console. When the IAM users are creat-ed which of the below mentioned credentials will be enabled by default for the user?
Question450:
Question451: Which of the following terms is NOT a key CloudWatch concept?
Question452: A user has launched two EBS backed EC2 instances in the US-East-1a region. The user wants to change
the zone of one of the instances. How can the user change it?
Question453: An IAM group is a:
Question454:
Question455: A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring on Elastic Load balancing. Which of the below mentioned statements will help the user understand this functionality better?
Question456:
Question457: InfoSec is concerned that an employee may expose sensitive data in an Amazon S3 bucket.
How can this concern be addressed without putting undue restrictions on users?
Question458: A user wants to find the particular error that occurred on a certain date in the AWS MySQL RDS DB. Which of the below mentioned activities may help the user to get the data easily?
Question459: An AWS account wants to be part of the consolidated billing of his organization's payee account. How can the owner of that account achieve this?
Question460: A user is trying to setup a scheduled scaling activity using Auto Scaling. The user wants to setup the recurring schedule. Which of the below mentioned parameters is not required in this case?
Question461: The Statement element, of an AWS IAM policy, contains an array of individual statements. Each individual statement is a(n) ______ block enclosed in braces { }.
Question462: A Big Data consulting company wants to separate its customers' workloads for billing and security reasons. The company would like to maintain billing and security controls on these workloads.
According to best practices, how can the workloads be separated if no shared resources are needed?
Question463: A user has launched 10 instances from the same AMI ID using Auto Scaling. The user is trying to see the
average CPU utilization across all instances of the last 2 weeks under the CloudWatch console. How can the user achieve this?
Question464: A user has launched an EC2 instance. However, due to some reason the instance was terminated. If the user wants to find out the reason for termination, where can he find the details?
Question465: A user has created an Auto Scaling group using CLI. The user wants to enable CloudWatch detailed monitoring for that group. How can the user configure this?
Question466:
Question467:
Question468: A company has Amazon EC2 instances that serve web content behind an Elastic Load Balancing (ELB) load balancer. The ELB Amazon CloudWatch metrics from a few hours ago indicate a significant number of 4XX errors. The EC2 instances from the time of these errors have been deleted.
At the time of the 4XX errors, how can an Administrator obtain information about who originated these requests?
Question469: A sysops administrator is managing an application on AWS that uses Amazon EC2 instances and Amazon Aurora MySQL. The EC2 instances and Aurora instances are in two different subnets. The application servers running in EC2 cannot connect to the Aurora database.
The EC2 subnet is 192.168.87.0/24 and has a security group named sg-123456 with the following configuration.

The Aurora subnet is 192.168.88.0/24 and has a security group named sg-abcdef with the following configuration.

Which action should the sysops administrator take to allow the EC2 instances to connect to the Aurora database?
Question470: You are setting up a VPC and you need to set up a public subnet within that VPC. Which following requirement must be met for this subnet to be considered a public subnet?
Question471: A company has a multi-account AWS environment that includes the following:
A central identity account that contains all IAM users and groups
Several member accounts that contain IAM roles
A SysOp administrator must grant permissions for a particular IAM group to assume o role in one of the member accounts How should the SysOps administrator accomplish this task?
Question472: A user has two EC2 instances running in two separate regions. The user is running an internal memory management tool, which captures the data and sends it to CloudWatch in US East, using a CLI with the same namespace and metric. Which of the below mentioned options is true with respect to the above statement?
Question473: An organization has configured two single availability zones. The Auto Scaling groups are configured in separate zones. The user wants to merge the groups such that one group spans across multiple zones. How can the user configure this?
Question474:
Question475:
Question476: For IAM user, a virtual Multi-Factor Authentication (MFA) device uses an application that generates
______-digit authentication codes that are compatible with the time-based one-time password (TOTP) standard.
Question477: A company manages an application that uses Amazon ElastiCache for Redis with two extra-large nodes spread across two different Availability Zones. The company's IT team discovers that the ElastiCache for Redis cluster has 75% freeable memory. The application must maintain high availability.
What is the MOST cost-effective way to resize the cluster?
Question478: You are managing the AWS account of a big organization. The organization has more than 1000+ employees
and they want to provide access to the various services to most of the employees. Which of the below
mentioned options is the best possible solution in this case?
Question479:
Question480: What is the default maximum number of VPCs allowed per region?
Question481:
Question482: A user has configured CloudWatch monitoring on an EBS backed EC2 instance. If the user has not attached any additional device, which of the below mentioned metrics will always show a 0 value?
Question483: A company is creating an application that will keep records. The application will run on Amazon EC2 instances and will use an Amazon Aurora MySQL database as its data store. To maintain compliance, the application must not retain information that is determined to be sensitive.
Which technique should a SysOps administrator use to detect if sensitive data is being stored in the application?
Question484: You use S3 to store critical data for your company Several users within your group currently have lull
permissions to your S3 buckets You need to come up with a solution mat does not impact your users and also
protect against the accidental deletion of objects.
Which two options will address this issue? (Choose two.)
Question485:
Question486: A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones. The application uses an Amazon RDS Multi-AZ DB Instance. Amazon Route 53 record sets route requests for dynamic content to the load balancer and requests for static content to an Amazon S3 bucket. Site visitors are reporting extremely long loading times.
Which actions should be taken to improve the performance of the website? (Choose two.)
Question487:
Question488: A company hosts its website on Amazon ECF2 instances behind an ELB Application Load Balancer. The company manages its DNS with Amazon Route 53, and wants to point its domain's zone apex to the website.
Which type of record should be used to meet these requirements?
Question489:
Question490:
Question491: A Chief Financial Officer has asked fof a breakdown of costs per project in a single AWS account using Cost Explorer Which combination of options should be set to accomplish this? (Select TWO.)
Question492: A SysOps Administrator is responsible for a legacy, CPU-heavy application. The application can only be scaled vertically. Currently, the application is deployed on a single t2.large Amazon EC2 instance. The system is showing 90% CPU usage and significant performance latency after a few minutes.
What change should be made to alleviate the performance problem?
Question493: A user is configuring a CloudWatch alarm on RDS to receive a notification when the CPU utilization of RDS is higher than 50%. The user has setup an alarm when there is some inactivity on RDS, such as RDS unavailability. How can the user configure this?
Question494: A company has mandated the use of multi-factor authentication (MFA) for all 1AM users, and requires users to make all API calls using the CLI. However, users are not prompted to enter MFA tokens, and are able to run CLI commands without MFA. In an attempt to enforce MFA. the company attached an 1AM policy to all users that denies API calls that have not been authenticated with MFA.
What additional step must be taken to ensure that API calls are authenticated using MFA?
Question495: In IAM, can you attach more than one inline policy to a particular entity such a user, role, or group?
Question496: A user has launched an EC2 instance. The instance got terminated as soon as it was launched. Which of the below mentioned options is not a possible reason for this?
Question497:
Question498:
Question499: You have set up Individual AWS accounts for each project. You have been asked to make sure your AWS Infrastructure costs do not exceed the budget set per project for each month.
Which of the following approaches can help ensure that you do not exceed the budget each month?
Question500:
Question501: A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling AlarmNotification (which notifies Auto Scaling for CloudWatch alarms. process for a while. What will Auto Scaling do during this period?
Question502: What does enabling a sticky session with ELB do?
Question503: A user has created an S3 bucket which is not publicly accessible. The bucket is having thirty objects which are also private. If the user wants to make the objects public, how can he configure this with minimal efforts?
Question504: An application you maintain consists of multiple EC2 instances in a default tenancy VPC. This application has undergone an internal audit and has been determined to require dedicated hardware for one instance. Your compliance team has given you a week to move this instance to single-tenant hardware.
Which process will have minimal impact on your application while complying with this requirement?
Question505: A user has created a queue named "awsmodule" with SQS. One of the consumers of queue is down for 3 days and then becomes available. Will that component receive message from queue?
Question506: A user is trying to understand the ACL and policy for an S3 bucket. Which of the below mentioned policy
permissions is equivalent to the WRITE ACL on a bucket?
Question507: When preparing for a compliance assessment of your system built inside of AWS. what are three best-practices for you to prepare for an audit?
Choose 3 answers
Question508: You need to design a VPC for a web-application consisting of an Elastic Load Balancer (ELB).
A fleet of web/application servers, and an RDS database.
The entire Infrastructure must be distributed over 2 availability zones.
Which VPC configuration works while assuring the database is not available from the Internet?
Question509: A user has configured an Auto Scaling group with ELB. The user has enabled detailed
CloudWatch monitoring on Auto Scaling. Which of the below mentioned statements will help the user understand the functionality better?
Question510: ______ in VPC are stateful where return traffic is automatically allowed, regardless of any rules.
Question511: An organization has created a Queue named "modularqueue" with SQS. The organization is not performing any operations such as SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission on the queue. What can happen in this scenario?
Question512: The Database Administration team is interested in performing manual backups of an Amazon RDS Oracle DB instance.
What steps should be taken to perform the backups?
Question513: An organization is using cost allocation tags to find the cost distribution of different departments and projects.
One of the instances has two separate tags with the key/ value as "InstanceName/HR", "CostCenter/HR". What will AWS do in this case?
Question514:
Question515: A sysops administrator created an AWS Lambda function within a VPC with no access to the Internet. The Lambda function pulls messages from an Amazon SQS queue and stores them in an Amazon RDS instance in the same VPC. After executing the Lambda function, the data is not showing up on the RDS instance.
Which of the following are possible causes for this? (Choose two.)
Question516: A SysOps administrator is deploying a fleet of over 100 Amazon EC2 instances in an Amazon VPC. After the instances are set up and serving clients, a new DNS server needs to be added to the instances for DNS resolution.
What is the MOST efficient way to make this change?
Question517:
Question518:
Question519:
Question520:
Question521: Which of the following states is not possible for the CloudWatch alarm?
Question522:
Question523:
Question524: A SysOps Administrator has received a request from the Compliance Department to enforce encryption on all objects uploaded to the corp-compliance bucket.
How can the Administrator enforce encryption on all objects uploaded to the bucket?
Question525: A user has launched two EBS backed EC2 instances in the US-East-1a region. The user wants to change the
zone of one of the instances. How can the user change it?
Question526: A user is trying to setup a scheduled scaling activity using Auto Scaling. The user wants to setup the recurring schedule. Which of the below mentioned parameters is not required in this case?
Question527: A user has configured the Auto Scaling group with the minimum capacity as 3 and the maximum capacity as 5. When the user configures the AS group, how many instances will Auto Scaling launch?
Question528:
Question529: A security policy allows instances in the Production and Development accounts to write application logs to an Amazon S3 bucket belonging to the Security team's account. Only the Security team should be allowed to delete logs from the S3 bucket.
Using the "myAppRole" EC2 role, the production and development teams report that the application servers are not able to write to the S3 bucket.
Which changes need to be made to the policy to allow the application logs to be written to the S3 bucket?
Production Account: 111111111111
Dev Account: 222222222222
Security Account: 555555555555

Question530: The information within an IAM policy is described through a series of ______.
Question531: What should a SysOps Administrator do to ensure a company has visibility into maintenance events performed by AWS?
Question532: After a particularly high AWS bill, an organization wants to review the use of AWS services.
What AWS service will allow the SysOps Administrator to quickly view this information to share it, and will also forecast expenses for the current billing period?
Question533: A user is having data generated randomly based on a certain event. The user wants to upload that data to
CloudWatch. It may happen that event may not have data generated for some period due to randomness.
Which of the below mentioned options is a recommended option for this case?
Question534:
Question535:
Question536:
Question537: A user has enabled instance protection for his Auto Scaling group that has spot instances. If Auto Scaling wants to terminate an instance in this Auto Scaling group due to a CloudWatch trigger unrelated to bid price, what will happen?
Question538: A user needs to put sensitive data in an Amazon S3 bucket that can be accessed through an S3 VPC endpoint only. The user must ensure that resources in the VPC can only access the single S3 bucket.
Which combination of actions will meet the requirements? (select TWO.)
Question539:
Question540: A user has launched an EC2 instance from an instance store backed AMI. If the user restarts the instance, what will happen to the ephemeral storage data?
Question541: Which services allow the customer to retain full administrative privileges of the underlying EC2 instances?
(Choose two.)
Question542:
Question543: A user has launched an EBS backed instance.
The user started the instance at 9 AM in the morning.
Between 9 AM to 10 AM, the user is testing some script.
Thus, he stopped the instance twice and restarted it.
In the same hour the user rebooted the instance once.
For how many instance hours will AWS charge the user?
Question544:
Question545: AWS IAM permissions can be assigned in two ways:
Question546: A user has created a VPC with CIDR 20.0.0.0/16 using the wizard.
The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user's data centre.
Which of the below mentioned options is a valid entry for the main route table in this scenario?
Question547:
Question548: A company's Auditor implemented a compliance requirement that all Amazon S3 buckets must have logging enabled.
How should the SysOps Administrator ensure this compliance requirement is met, while still permitting Developers to create and use new S3 buckets?
Question549: A company is migrating an application to AWS that requires access to a legacy system, which remain in the company's data centre. The application runs inside a VPC in the company's AWS account. The application must offer a consistent and low-latency response to its users.
How can these requirements be met?
Question550:
Question551:
Question552: A user has launched 10 instances from the same AMI ID using Auto Scaling. The user is trying to see the
average CPU utilization across all instances of the last 2 weeks under the CloudWatch console. How can
the user achieve this?
Question553: Which AWS service offers cost optimization by launching instances automatically only when need-ed?
Question554: A user has created a Cloudformation stack. The stack creates AWS services, such as EC2 instances, ELB, AutoScaling, and RDS. While creating the stack it created EC2, ELB and AutoScaling but failed to create RDS. What will Cloudformation do in this scenario?
Question555:
Question556: A SysOps Administrator is maintaining an application running on Amazon EBS-backed Amazon EC2 instances in an Amazon EC2 Auto Scaling group. The application is set to automatically terminate unhealthy instances. The Administrator wants to preserve application logs from these instances for future analysis.
Which action will accomplish this?
Question557:
Question558: You have a Linux EC2 web server instance running inside a VPC The instance is In a public subnet and has an
EIP associated with it so you can connect to It over the Internet via HTTP or SSH The instance was also fully
accessible when you last logged in via SSH. and was also serving web requests on port 80.
Now you are not able to SSH into the host nor does it respond to web requests on port 80 that were working
fine last time you checked You have double-checked that all networking configuration parameters (security
groups route tables. IGW'EIP. NACLs etc) are properly configured {and you haven't made any changes to
those anyway since you were last able to reach the Instance). You look at the EC2 console and notice that
system status check shows "impaired."
Which should be your next step in troubleshooting and attempting to get the instance back to a healthy state so
that you can log in again?
Question559: A company's static website hosted on Amazon S3 was launched recently, and is being used by tens of
thousands of users. Subsequently, website users are experiencing 503 service unavailable errors.
Why are these errors occurring?
Question560:
Question561:
Question562: A media company produces new video files on-premises every day with a total size of around 100GBS after compression All files have a size of 1 -2 GB and need to be uploaded to Amazon S3 every night in a fixed time window between 3am and 5am Current upload takes almost 3 hours, although less than half of the available bandwidth is used.
What step(s) would ensure that the file uploads are able to complete in the allotted time window?
Question563:
Question564:
Question565: A user is collecting 1000 records per second. The user wants to send the data to CloudWatch using the custom namespace. Which of the below mentioned options is recommended for this activity?
Question566: A company issued SSL certificates to its users, and needs to ensure the private keys that are used to sign the certificates are encrypted. The company needs to be able to store the private keys and perform cryptographic signing operations in a secure environment.
Which service should be used to meet these requirements?
Question567: Two companies will be working on several development projects together. Each company has an AWS account with a single VPC in us-east-1. Two companies would like to access one another's development servers. The IPv4 CIDR blocks in the two VPCs does not overlap.
What can the SysOps Administrators for each company do to set up network routing?
Question568: A company is auditing their infrastructure to obtain a compliance certification.
Which of the following options are the company's responsibility within the Shared Responsibility Model? (Select two.)
Question569:
Question570: An enterprise is using federated Security Assertion Markup Language (SAML) to access the AWS Management Console.
How should the SAML assertion mapping be configured?
Question571: A company has attached the following policy to an IAM user.

Which of the following actions are allowed for the IAM user?
Question572: A user is running a batch process on EBS backed EC2 instances. The batch process starts a few instances to process hadoop Map reduce jobs which can run between 50 - 600 minutes or sometimes for more time. The user wants to configure that the instance gets terminated only when the process is completed. How can the user configure this with CloudWatch?
Question573:
Question574: The SysOps Administrator must integrate an existing on-premises asymmetrical key management system into an AWS services platform.
How can the Administrator meet this requirement?
Question575: A company has an asynchronous nightly process that feeds the results to a data warehouse system for weekly and monthly reporting. The process is running on a fleet of Amazon EC2 instances. A SysOps Administrator has been asked to identify ways to reduce the cost of running this process.
What is the MOST cost-effective solution?
Question576: By default, how many Elastic IP addresses can you have per region for your EC2 instances?
Question577: A SysOps Administrator has been tasked with deploying a company's infrastructure as code. The Administrator wants to write a single template that can be reused for multiple environments in a safe, repeatable manner.
What is the recommended way to use AWS CloudFormation to meet this requirement?
Question578: A user is planning to set up the Multi AZ feature of RDS. Which of the below mentioned conditions won't take advantage of the Multi AZ feature?
Question579: The CFO of a company wants to allow one of his employees to view only the AWS usage report page.
Which of the below mentioned IAM policy statements allows the user to have access to the AWS usage report page?
Question580: A user has enabled session stickiness with ELB. The user does not want ELB to manage the cookie; instead he wants the application to manage the cookie. What will happen when the server instance, which is bound to a cookie, crashes?
Question581: The billing process for Amazon EC2 instances was updated as of October 2, 2017. Which of the following statements is true regarding how you pay for Amazon EC2 instances? (Choose 2 answers)
Question582:
Question583: A user has launched a large EBS backed EC2 instance in the US-East-1a region.
The user wants to achieve Disaster Recovery (DR. for that instance by creating another small instance in Europe.
How can the user achieve DR?
Question584: An application access data through a file system interface. The application runs on Amazon EC2 instance in multiple availability Zones, all of which must share the same data. While the amount of data is currently small, the company that it will grow to tens of terabytes over the lifetime of the application.
What is the MOST scalable storage solution to full this requirement?
Question585: A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling AddToLoadBalancer
(which adds instances to the load balancer. process for a while). What will happen to the instances launched
during the suspension period?
Question586: A user has launched an EC2 instance from an instance store backed AMI. If the user
restarts the instance, what will happen to the ephermal storage data?
Question587: A Chief Financial Officer has asked fof a breakdown of costs per project in a single AWS account using Cost Explorer Which combination of options should be set to accomplish this? (Select TWO.)
Question588: An organization (account ID 123412341234) has configured the IAM policy to allow the user to modify his credentials. What will the below mentioned statement allow the user to perform?

Question589: 
Based on the information provided what is causing the lack of access to S3 from the instance?
Question590: An organization has configured a VPC with an Internet Gateway (IGW). pairs of public and private subnets (each with one subnet per Availability Zone), and an Elastic Load Balancer (ELB) configured to use the public subnets. The application s web tier leverages the ELB. Auto Scaling and a mum-AZ RDS database instance The organization would like to eliminate any potential single points ft failure in this design.
What step should you take to achieve this organization's objective?
Question591:
Question592: A SysOps Administrator found that a newly-deployed Amazon EC2 application server is unable to connect to an existing Amazon RDS database. After enabling VPC Flow Logs and confirming that the flow log is active on the console, the log group cannot be located in Amazon CloudWatch.
What are the MOST likely reasons for this situation? (Choose two.)
Question593: In Amazon EC2, can you create an EBS volume from a snapshot and attach it to another instance?
Question594: A user has configured an Auto Scaling group with ELB.
The user has enabled detailed CloudWatch monitoring on Elastic Load balancing.
Which of the below mentioned statements will help the user understand this functionality better?
Question595: What are the benefits of CloudTrail integration with CloudWatch Logs?
Question596:
Question597:
Question598:
Question599:
Question600:
Question601: What does Amazon VPC stand for?
Question602: Which of the below mentioned options is not a best practice to securely manage the AWS access credentials?
Question603:
Question604:
Question605:
Question606:
Question607: When using the following AWS services, which should be implemented in multiple Availability Zones for high availability solutions? Choose 2 answers
Question608:
Question609: ______ in VPC are stateful where return traffic is automatically allowed, regardless of any rules.
Question610: An organization is concerned that its Amazon RDS databases are not protected. The solution to address this
issue must be low cost, protect against table corruption that could be overlooked for several days, and must
offer a 30-day window of protection.
How can these requirements be met?
Question611:
Question612:
Question613: A user is measuring the CPU utilization of a private data centre machine every minute. The machine
provides the aggregate of data every hour, such as Sum of data", "Min value", "Max value, and "Number
of Data points". The user wants to send these values to CloudWatch. How can the user achieve this?
Question614: A user has configured an ELB to distribute the traffic among multiple instances. The user instances are facing
some issues due to the back-end servers. Which of the below mentioned CloudWatch metrics helps the user
understand the issue with the instances?
Question615:
Question616: Which of the following statements about this S3 bucket policy is true?

Question617:
Question618: In Amazon S3, what is the document that defines who can access a particular bucket or object called?
Question619: A sysadmin has created the below mentioned policy on an S3 bucket named cloudacademy. The bucket has both AWS.jpg and index.html objects. What does this policy define?
"Statement": [{
"Sid": "Stmt1388811069831",
"Effect": "Allow",
"Principal": { "AWS": "*"},
"Action": [ "s3:GetObjectAcl", "s3:ListBucket", "s3:GetObject"],
"Resource": [ "arn:aws:s3:::cloudacademy/*.jpg]
}]
Question620: Amazon S3 provides a number of security features for protection of data at rest, which you can use or not, depending on your threat profile. What feature of S3 allows you to create and manage your own encryption keys for sending data?
Question621:
Question622: A Chief Financial Officer has asked fof a breakdown of costs per project in a single AWS account using Cost Explorer Which combination of options should be set to accomplish this? (Select TWO.)
Question623: Spot instances are ideally designed for which purpose below?
Question624:
Question625: A user is using the AWS EC2. The user wants to make so that when there is an issue in the EC2 server, such as instance status failed, it should start a new instance in the user's private cloud. Which AWS service helps to achieve this automation?
Question626: A user has created a VPC with public and private subnets using the VPC wizard.
Which of the below mentioned statements is not true in this scenario?
Question627: A user has created a VPC with a subnet and a security group. The user has launched an instance in that
subnet and attached a public IP. The user is still unable to connect to the instance. The internet gateway has also been created. What can be the reason for the error?
Question628:
Question629: A user has created an ELB with three instances. How many security groups will ELB create by default?
Question630: A user runs the command "dd if=/dev/xvdf of=/dev/null bs=1M" on an EBS volume created from a snapshot and attached to a Linux instance. Which of the below mentioned activities is the user performing with the step given above?
Question631:
Question632: A SysOps Administrator is using AWS CloudFormation to deploy resources but would like to manually address any issues that the template encounters.
What should the Administrator add to the template to support the requirement?
Question633: A user needs to put sensitive data in an Amazon S3 bucket that can be accessed through an S3 VPC endpoint only. The user must ensure that resources in the VPC can only access the single S3 bucket.
Which combination of actions will meet the requirements? (select TWO.)
Question634: Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases' decreases and has been performing well Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175.
What should you do to avoid potential service disruptions during the ramp up in traffic?
Question635: A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to
1 in Amazon CloudWatch.
What is MOST likely causing this issue?
Question636: An enterprise is using federated Security Assertion Markup Language (SAML) to access the AWS Management Console.
How should the SAML assertion mapping be configured?
Question637: A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at rest. If the user is supplying his own keys for encryption (SSE-C., what is recommended to the user for the purpose of security?
Question638:
Question639: A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account
B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.
Which step will fix this issue?
Question640:
Question641: A user has created a Cloudformation stack. The stack creates AWS services, such as EC2 instances,
ELB, AutoScaling, and RDS. While creating the stack it created EC2, ELB and AutoScaling but failed to
create RDS. What will Cloudformation do in this scenario?
Question642:
Question643: Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases' decreases
and has been performing well Your marketing team expects a steady ramp up in traffic to follow an
upcoming campaign that will result in a 20x growth in traffic over 4 weeks Your forecast for the
approximate number of Amazon EC2 instances necessary to meet the peak demand is 175.
What should you do to avoid potential service disruptions during the ramp up in traffic?
Question644:
Question645: A user has created a VPC with the public subnet. The user has created a security group for that VPC. Which of the below mentioned statements is true when a security group is created?
Question646: A company's static website hosted on Amazon S3 was launched recently, and is being used by tens of thousands of users. Subsequently, website users are experiencing 503 service unavailable errors.
Why are these errors occurring?
Question647: A user has configured ELB with three instances. The user wants to achieve High Availability as well as
redundancy with ELB. Which of the below mentioned AWS services helps the user achieve this for ELB?
Question648: A SysOps Administrator manages an Amazon RDS MySQL DB instance in production. The database is accessed by several applications. The Administrator needs to ensure minimal downtime of the applications in the event the database suffers a failure. This change must not impact customer use during regular business hours.
Which action will make the database MORE highly available?
Question649: A user has created a VPC with CIDR 20.0.0.0/16. The user has created public and VPN only subnets along with hardware VPN access to connect to the user's datacenter. The user wants to make so that all traffic coming to the public subnet follows the organization's proxy policy. How can the user make this happen?
Question650: An application running on Amazon EC2 allows users to launch batch jobs for data analysis. The jobs are run asynchronously, and the user is notified when they are complete. While multiple jobs can run concurrently, a user's request need not be fulfilled for up to 24 hours. To run a job, the application launches an additional EC2 instance that performs all the analytics calculations. A job takes between 75 and 110 minutes to complete and cannot be interrupted.
What is the MOST cost-effective way to run this workload?
Question651: An organization, which has the AWS account ID as 999988887777, has created 50 IAM users. All the users are added to the same group cloudacademy. If the organization has enabled that each IAM user can login with the AWS console, which AWS login URL will the IAM users use?
Question652:
Question653: AWS IAM permissions can be assigned in two ways:
Question654:
Question655: A SysOps administrator implemented the following bucket policy to allow only the corporate IP address range of 54.240.143.0/24 to access objects in an Amazon S3 bucket.

Some employees are reporting that they are able to access the S3 bucket from IP addresses outside the corporate IP address range.
How can the Administrator address this issue?
Question656:
Question657: A Chief Financial Officer has asked fof a breakdown of costs per project in a single AWS account using Cost Explorer Which combination of options should be set to accomplish this? (Select TWO.)
Question658: An IAM user has two conflicting policies as part of two separate groups. One policy allows him to access an S3
bucket, while another policy denies him the access. Can the user access that bucket?
Question659: A root account owner is trying to understand the S3 bucket ACL.
Which of the below mentioned options cannot be used to grant ACL on the object using the authorized predefined group?
Question660:
Question661: A user is using the AWS SQS to decouple the services. Which of the below mentioned operations is not supported by SQS?
Question662: You are tasked with setting up a cluster of EC2 Instances for a NoSQL database. The database requires random read I/O disk performance up to a 100,000 IOPS at 4KB block side per node.
Which of the following EC2 instances will perform the best for this workload?
Question663: A SysOps Administrator has implemented an Auto Scaling group with a step scaling policy. The Administrator notices that the additional instances have not been included in the aggregated metrics.
Why are the additional instances missing from the aggregated metrics?
Question664:
Question665: Can you use CloudWatch to monitor memory and disk utilization usage for your Amazon EC2 Linux instances?
Question666: A SysOps Administrator has been able to consolidate multiple, secure websites onto a single server, and each site is running on a different port. The Administrator now wants to start a duplicate server in a second Availability Zone and put both behind a load balancer for high availability.
What would be the command line necessary to deploy one of the sites' certificates to the load balancer?
Question667: A user is trying to create a list of IAM users with the AWS console. When the IAM users are created which of the below mentioned credentials will be enabled by default for the user?
Question668:
Question669:
Question670: A user wants to upload a complete folder to AWS S3 using the S3 Management console. How can the user perform this activity?
Question671: A user has created a VPC with the public subnet. The user has created a security group for that VPC.
Which of the below mentioned statements is true when a security group is created?
Question672:
Question673: Pass4test has three AWS accounts. They have created separate IAM users within each account.
Pass4test wants a single IAM login URL such as https://pass4test.signin.aws.amazon.com/console/ for use by IAM users in all three accounts.
How can this be achieved?
Question674: A root AWS account owner is trying to understand various options to set the permission to AWS S3. Which of
the below mentioned options is not the right option to grant permission for S3?
Question675:
Question676:
Question677: Application developers are reporting Access Denied errors when trying to list the contents of an Amazon S3 bucket by using the IAM user "arn:aws:iam::111111111111:user/application". The following S3 bucket policy is in use:

How should a SysOps Administrator modify the S3 bucket policy to fix the issue?
Question678:
Question679: A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials. The application is deployed using AWS CloudFormation to three separate environments: development, test, and production. Each environment has unique credentials services.
What option securely provides the application with the needed credentials while requiring MINIMAL administrative overhead?
Question680: An application is being migrated to AWS with the requirement that archived data be retained for at least 7 years.
What Amazon Glacier configuration option should be used to meet this compliance requirements?
Question681: What happens if the instance launched by Auto Scaling becomes unhealthy?
Question682:
Question683:
Question684: A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials. The application is deployed using AWS CloudFormation to three separate environments: development, test, and production. Each environment has unique credentials services.
What option securely provides the application with the needed credentials while requiring MINIMAL administrative overhead?
Question685:
Question686:
Question687: A user has provisioned 2000 IOPS to the EBS volume. The application hosted on that EBS is
experiencing less IOPS than provisioned. Which of the below mentioned options does not affect the IOPS
of the volume?
Question688:
Question689: A user has configured ELB with SSL using a security policy for secure negotiation between the client and load
balancer. Which of the below mentioned security policies is supported by ELB?
Question690:
Question691: A user has launched an EC2 instance. The instance got terminated as soon as it was launched. Which of the below mentioned options is not a possible reason for this?
Question692: An application is running on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are SysOps Administrator must configure the application to scale based on the number of incoming requests Which solution accomplishes this with the LEAST amount of effort?
Question693:
Question694:
Question695:
Question696: A company's Marketing department generates gigabytes of assets each day and stores them locally. They would like to protect the files by backing them up to AWS All the assets should be stored on the cloud but the most recent assets should be available locally for tow latency access Which AWS service meets the requirements?
Question697: A user is using a small MySQL RDS DB. The user is experiencing high latency due to the Multi AZ feature.Which of the below mentioned options may not help the user in this situation?
Question698: A Chief Financial Officer has asked fof a breakdown of costs per project in a single AWS account using Cost Explorer Which combination of options should be set to accomplish this? (Select TWO.)
Question699: A database is running on an Amazon RDS Multi-AZ DB instance. A recent security audit found the database to be cut of compliance because it was not encrypted.
Which approach will resolve the encryption requirement?
Question700:
Question701: A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch
monitoring on Elastic Load balancing. Which of the below mentioned statements will help the user
understand this functionality better?
Question702:
Question703: Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases' decreases and has been performing well Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175.
What should you do to avoid potential service disruptions during the ramp up in traffic?
Question704: A company is using AWS Storage Gateway to create block storage volumes and mount them as Internet Small Computer Systems Interlace (iSCSI) devices from on-premise! servers As the Storage Gateway has taken on several new projects some of the Development teams report that the performance of the iSCSI drives has degraded. When checking the Amazon CloudWatch metrics a SysOps Administrator notices that the cachePercentUsed metric is below 60% and the cachePercentUsed metric is above 90%.
What steps should the Administrator take to increase Storage Gateway performance?
Question705: A user has stored data on an encrypted EBS volume. The user wants to share the data with his friend's AWS account. How can user achieve this?
Question706:
Question707: If you want to launch Amazon Elastic Compute Cloud (EC2) Instances and assign each Instance a predetermined private IP address you should:
Question708:
Question709:
Question710: Which of the following requires a custom CloudWatch metric to monitor?
Question711:
Question712: Which of the following statements is true about Auto Scaling?
Question713: A user is trying to understand the CloudWatch metrics for the AWS services. It is required that the user should first understand the namespace for the AWS services. Which of the below mentioned is not a valid namespace for the AWS services?