EMT Practice Test

1. Question Content...


Question List

Question1: A company wants to identify specific Amazon EC2 instances that are underutilized and the estimated cost savings for each instance. How can this be done with MINIMAL effort?

Question2: A development team recently deployed new version of a web application to production. After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data.
Which AWS service will mitigate this issue?

Question3: A SysOps Administrator deployed an AWS elastic Beanstalk worker node environment that reads messages from an auto-generated Amazon simple Queue service (Amazon SQS) queue and deletes them from the queue after processing. Amazon EC2 auto scaling scales in and scales out number of worker nodes based on CPU utilization. After some time, the administrator notices that the number of messages in the SQS queue are increasing significantly.
Which action will remediate the issue?

Question4: An HTTP web application is launched on Amazon EC2 instances behind an ELB Application Load Balancer.
The EC2 instances run across multiple Availability Zones. A network ACL and a security group for the load balancer and EC2 instances allow inbound traffic on port 80. After launch, the website cannot be reached over the internet.
What additional step should be taken?

Question5: A company is about to launch a new product and is expecting a large increase in application traffic. The application is running on Amazon EC3 is an Auto scaling group and using an Amazon RDS multi-AZ instance. The static content is stored in Amazon S3. During the load test, the time to access the application increased significantly. A SysOps administrator wants to increase the scalability of the application without compromising the durability of the architecture.
How can this goal be achieved?

Question6: A sysops administrator is writing an AWS Cloud Formation template. The template will create a new Amazon S3 bucket and copy objects from an existing Amazon S3 bucket into the new bucket. The objects include data files, images, and scripts.
How should the CIoudFormation template be configured to perform this copy operation?

Question7: A company runs an Amazon RDS MySQL DB instance. Corporate policy requires that a daily backup of the database must be copied to a separate security account.
What is the MOST cost-effective way to meet this requirement?

Question8: A SysOps Administrator is trying to set up an Amazon Route 53 domain namo to route traffic to a website hosted on Amazon S3 The domain name of the website is www anycompany com and the S3 bucket name is anycompany-static After the record set is set up in Route 53, the domain name www anycompany com does not seem to work, and the static website is not displayed in the browser Which of the following is a cause of this?

Question9: Which command must be present in a Cisco device configuration to enable the device to resolve an FQDN?

Question10: A company wants to reduce costs across the entire company after discovering that several AWS accounts were using unauthorized services and incurring extremely high costs.
Which AWS service enables the company to reduce costs by controlling access to AWS services for all AWS accounts?

Question11: A SysOps Administrator is using AWS KMS with AWS-generated key material to encrypt an Amazon EBS volume in a company's AWS environment. The Administrator wants to rotate the KMS keys using automatic key rotation, and needs to ensure that the EBS volume encrypted with the current key remains readable.
What should be done to accomplish this?

Question12: A company must ensure that any objects uploaded to an S3 bucket are encrypted Which of the following actions will meet this requirement? (Select TWO.)

Question13: A SySOps Administrator has created a new Amazon S3 bucket named mybucket for the Operations team.
Members of the team are part of an IAM group to which the following IAM policy has been assigned.

Which of the following actions will be allowed on the bucket? (Select TWO.)

Question14: An application is running on an Amazon EC2 instance. A SysOps Administrator is tasked with allowing the application access to an Amazon S3 bucket.
What should be done to ensure optimal security?

Question15: A SysOps Administrator observes a large number of rogue HTTP requests on an Application Load Balancer (ALB). The requests originate from various IP addresses.
Which action should be taken to block this traffic?

Question16: A company wants to icrease the availability and vulnerability of a critical business application. The appliation currently ueses a MySQL database running on an Amazon EC2 instance. The company wants to minimize application changes.
How should the company these requirements?

Question17: A SysOps Administrator has an AWS CloudFormation template of the company's existing infrastructure in us-west-2. The Administrator attempts to use the template to launch a new stack in eu-west-1, but the stack only partially deploys, receives an error message, and then rolls back.
Why would this template fail to deploy? (Choose two.)

Question18: Company issued SSL certificates to its users, and needs to ensure the private keys that are used to sign the certificates are encrypted. The company needs to be able to store the private and perform cryptographic signing operations in a secure environment.
Which service should be used to meet these requirements?

Question19: An organization has decided to consolidate storage and move all of its backups and archives to Amazon S3.
With all of the data gathered into a hierarchy under a single directory, the organization determines there is 70 TB data that needs to be uploaded. The organization currently has a 150-Mbps connection with 10 people working at the location.
Which service would be the MOST efficient way to transfer this data to Amazon S3?

Question20: A company's customers are reporting increased latency while accessing static web content from Amazon S3.
A SysOps Administrator observed a very high rate of read operations on a particular S3 bucket.
What will minimize latency by reducing load on the S3 bucket?

Question21: A user accidentally deleted a file from an Amazon EBS volume. The SysOps Administrator identified a recent snapshot for the volume.
What should the Administrator do to restore the user's file from the snapshot?

Question22: A company recently implemented an Amazon S3 lifecycle rule that accidentally deleted objects from one of its S3 buckets. The bucket has S3 versioning enabled.
Which actions will restore the objects? (Choose two.)

Question23: An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba41fc, and it is actively used by 10 Amazon EC2 hosts. The organization has become concerned that the file system is not encrypted?
How can this be resolved?

Question24: A company designed a specialized Amazon EC2 instance configuration for its Data Scientists. The Data Scientists want to create end delete EC2 instances on their own, but are not comfortable with configuring all the settings for EC2 instances without assistance. The configuration runs proprietary software that must be kept private within the company's AWS accounts and should be available to the Data Scientists, but no other users within the accounts.
Which solution should a SysOps Administrator use to allow the Data Scientists to deploy their workloads with MINIMAL effort?

Question25: A company's Auditor implemented a compliance requirement that all Amazon S3 buckets must have logging enabled.
How should the SysOps Administrator ensure this compliance requirement is met, while still permitting Developers to create and use new S3 buckets?

Question26: A SysOpsAdministrator is managing a large organization with multiple accounts on the Business Support plan all linked to a single payer account. The Administrator wants to be notified automatically of AWS Personal Health Dashboard events.
In the main payer account, the Administrator configures Amazon CloudWatch Events triggered by AWS Health events triggered by AWS Health triggered by AWS Health events to issue notifications using Amazon SNS, but alerts in the linked accounts failed to trigger.
Why did the alerts fail?

Question27: A SysOps Administrator receives reports of an Auto Scaling group failing to scale when the nodes running Amazon Linux in the cluster are constrained by high memory utilization.
What should the Administrator do to enable scaling to better adapt to the high memory utilization?

Question28: A SysOps Administrator needs to create a replica of a company's existing AWS infrastructure in a new AWS account. Currently, an AWS Service Catalog portfolio is used to create and manage resources.
What is the MOST efficient way to accomplish this?

Question29: A SysOps adminstrator has received a request from the compliance department to enforce encryption at rest of all new objects uploaded to the corp-compliance bucket.
How can the administrator enforce encryption on all objects uploaded to the bucket?
A) Enable Amazon S3 default encryption on the bucket
B) Add the following policy statement to the bucket:

C) Add the following policy statement to the IAM user permissions policy:

D) Generate a resigned URL for the Amazon S3 PUT operation with server-side encryption flag set, and send

Question30: A sysops administrator is creating two AWS Cloud Formation templates The first template will create a VPC with associated resources, such as subnets, route tables, and an internet gateway The second template will deploy application resources within the VPC that was created by the first template The second template should refer to the resources created by the first template How can this be accomplished with the LEAST amount of administrative effort?

Question31: A company has deployed a fleet of Amazon EC2 web servers for the upcoming release of a new product. The SysOps Administrator needs to test the Amazon CloudWatch notification settings for this deployment to ensure that a notification is sent using Amazon SNS if the CPU utilization of an EC2 instance exceeds 70%.
How should the Administrator accomplish this?

Question32: A SysOps Administrator must secure AWS CloudTrail logs. The Security team is concerned that an employee may modify or attempt to delete CloudTrail log files from its Amazon S3 bucket.
Which practices ensure that the log files are available and unaltered? (Choose two.)

Question33: A SySOps Administrator is managing an AWS account where Developers are authorized to launch Amazon EC2 instances to test new code. To limit costs, the Administrator must ensure that the EC2 instances in the account are terminated 24 hours after launch.
How should the Administrator meet these requirements?

Question34: A sysops administrator runs a web application that is using a microservices approach whereby different responsibilities of the application have been divided in a separate microservice running on a different Amazon EC2 instance The administrator has been tasked with reconfiguring the infrastructure to support this approach How can the administrator accomplish this with the LEAST administrative overhead?

Question35: A company is planning to expand into an additional AWS region for disaster recovery purposes. the company uses AWS CloudFormation, and its infrastructure is well-defined as code. The company would like to reuse as much of its existing code as possible when deploying resources to additional Regions.
A SysOps Administrator is reviewing how Amazon Machine Images (AMIs) are selected in AWS CloudFormation, but is having trouble making the same stack work in the new Region.
Which action would make it easier to manage multiple Regions?

Question36: The Accounting department would like to receive billing updates more than once a month. They would like the updates to be in a format that can easily be viewed with a spreadsheet application.
How can this request be fulfilled?

Question37: A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability for an on-premises website The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns 2xx or 3xx HTTP codes All other traffic should be directed to the secondary passive server. The failover record type, set ID. and routing policy have been set appropriately for both primary and secondary servers.
Which next step should be taken to configure Route 53?

Question38: An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region A sysops administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deploy What is likely to be the problem?

Question39: Application developers are reporting Access Denied errors when trying to list the contents of an Amazon S3 bucket by using the IAM user "arn:aws:iam::111111111111:user/application". The following S3 bucket policy is in use:

How should a SysOps Administrator modify the S3 bucket policy to fix the issue?

Question40: An Amazon EC2 instance has a secondary Amazon Elastic Block Store (EBS) volume attached that contains sensitive data A new company policy requires the secondary volume to be encrypted at rest.
Which solution will meet this requirement?

Question41: A SysOps Administrator has been asked to configure user-defined cost allocation tags for a new AWS account. The company is using AWS Organizations for account management.
What should the Administrator do to enable user-defined cost allocation tags?

Question42: A company runs an application that uses Amazon RDS for MySQL. During load testing of equivalent production volumes, the Development team noticed a significant increase in query latency. A SysOps Administrator concludes from investigating Amazon CloudWatch Logs that the CPU utilization on the RDS MySQL instance was at 100%.
Which action will resolve this issue?

Question43: A company with dozens of AWS accounts wants to ensure that governance rules being applied across all accounts. The CIO has recommend that AWS Config rules be deployed using an AWS CloudFormation temple.
How should this be accomplish?

Question44: A SysOps Administrator has configured health checks on a load balancer. An Amazon EC2 instance attached to this load balancer fails the health check.
What will happen next? (Choose two.)

Question45: After a network change, application servers cannot connect to the corresponding Amazon RDS MySQL database.
What should the SysOps Administrator analyze?

Question46: A SysOps administrator implemented the following bucket policy to allow only the corporate IP address range of 54.240.143.0/24 to access objects in an Amazon S3 bucket.

Some employees are reporting that they are able to access the S3 bucket from IP addresses outside the corporate IP address range.
How can the Administrator address this issue?

Question47: A company stores thousands of non-critical log files in an Amazon S3 bucket A set of reporting scripts retrieve these log files daily. Which of the following storage options will be the MOST cost efficient for the company's use case?

Question48: An application running on Amazon EC2 allows users to launch batch jobs for data analysis. The jobs are run asynchronously, and the user is notified when they are complete. While multiple jobs can run concurrently, a user's request need not be fulfilled for up to 24 hours. To run a job, the application launches an additional EC2 instance that performs all the analytics calculations. A job takes between 75 and 110 minutes to complete and cannot be interrupted.
What is the MOST cost-effective way to run this workload?

Question49: A recent AWS CloudFormation stack update has failed and returned the error update_rollback_failed. A Sysops administrator is tasked with returning the CloudFormation stack to its previous working state.
What must be done to accomplish this?

Question50: Users are struggling to connect to a single public-facing development web server using its public IP address on a unique port number ot 8181 The security group is correctly configured to allow access on that port and the network ACLs are using the default configuration Which log type will confirm whether users are trying to connect to the correct port?

Question51: A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket.
Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket.

Question52: A Security and Compliance team is reviewing Amazon EC2 workloads for unapproved AMI usage.
Which action should a SysOps Administrator recommend?

Question53: A company needs to deploy a web application on two Amazon EC2 instances behind an Application Load Balancer (ALB). Two EC2 instances will also be deployed to host the database. The infrastructure needs to be designed across Availability Zones for high availability and must limit public access to the instances as much as possible.
How should this be achieved within a VPC?

Question54: A company has an existing web application that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB) across two Availability Zones. The application uses an Amazon RDS Multi-AZ DB Instance. Amazon Route 53 record sets route requests for dynamic content to the load balancer and requests for static content to an Amazon S3 bucket. Site visitors are reporting extremely long loading times.
Which actions should be taken to improve the performance of the website? (Choose two.)

Question55: A SysOps Administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a company's account. The Administrator must be alerted to potential issues. What should the Administrator do to receive email alerts before low storage space affects EC2 instance performance?

Question56: A security audit revealed that the security groups in a VPC have ports 22 and 3389 open to all, introducing a possible threat that instances can be stopped or configurations can be modified. A SysOps administrator needs to automate remediation.
What should the administrator do to meet these requirements?

Question57: A data analytics application is running on an Amazon EC2 instance A SysOps administrator must add custom dimensions to the metrics collected by the Amazon CloudWatch agent How can the SysOps administrator meet this requirement?

Question58: Which type routing protocol operates by exchanging the entire routing information?

Question59: A SysOps Administration team is supporting an applications that stores a configuration file in an Amazon S3 bucket Previous revisions of the configuration file must be maintained for change control and rollback How should the S3 bucket be configured to meet these requirements?

Question60: A SysOps Administrator has been able to consolidate multiple, secure websites onto a single server, and each site is running on a different port. The Administrator now wants to start a duplicate server in a second Availability Zone and put both behind a load balancer for high availability.
What would be the command line necessary to deploy one of the sites' certificates to the load balancer?

Question61: A company has a web application that is used across all company divisions. Each application request contains a header that includes the name of the division making the request. The SysOps Administrator wants to identify and count the requests from each division.
Which condition should be added to the web ACL of the AWS WAF to accomplish this?

Question62: A company's web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The EC2 instances run in an EC@ Auto Scaling group across multiple Availability Zones. Data is stored in an Amazon ElastiCache for Radius cluster and an Amazon RDS DB instance. Company policy requires all system patching to take place at midnight on Tuesday.
Which resources will need to have a maintenance window configured for midnight on Tuesday? (Choose two.)

Question63: An enterprise is using federated Security Assertion Markup Language (SAML) to access the AWS Management Console.
How should the SAML assertion mapping be configured?

Question64: A company is running critical applications on Amazon EC2 instances. The company needs to ensure its resources are automatically recovered if they become impaired due to an underlying hardware failure.
Which service can be used to monitor and recover the EC2 instances?

Question65: A company runs a web application that users access using the domain name www example com The company manages the domain name using Amazon Route 53 The company created an Amazon CloudFront distribution in front of the application and would like www example com to access the application through CloudFront What is the MOST cost-effective way to achieve this?

Question66: A sysops administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue with the bucket owner, the administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution.

Question67: A SysOps Administrator manages an Amazon RDS MySQL DB instance in production. The database is accessed by several applications. The Administrator needs to ensure minimal downtime of the applications in the event the database suffers a failure. This change must not impact customer use during regular business hours.
Which action will make the database MORE highly available?

Question68: An application running on Amazon EC2 needs login credentials to access a database. The login credentials are stored in AWS Systems Manager Parameter Store as secure string parameters.
What is the MOST secure way to grant the application access to the credentials?

Question69: A company has several accounts between different teams and wants to increase its auditing and compliance capabilities The accounts are managed through AWS Organizations. Management wants to provide the security team with secure access to the account logs while also restricting the possibility for the logs to be modified.
How can a sysops administrator achieve this is with the LEAST amount of operational overhead?

Question70: A SysOps administrator maintains several Amazon EC2 instances that do not have access to the public internet. To patch operating systems, the instances should not be reachable from the Public internet.
The administrator deploys a NAT instance, updates the security groups, and configures the appropriate routes within the route table. However, the instances are still unable to reach the internet.
What should be done to resolve the issue?

Question71: A company's finance department wants to receive a monthly report showing AWS resource usage by department. Which solution should be used to meet the requirements?

Question72: A SysOps Administrator created an Application Load balancer (ALB) and placed two Amazon EC2 instances in the same subnet behind the ALB. During monitoring, the Administrator observes HealthyHostCount drop to
1 in Amazon CloudWatch.
What is MOST likely causing this issue?

Question73: A VPC is connected to a company data center by a VPN. An Amazon EC2 instance with the IP address
172.31.16.139 is within a private subnet of the VPC. A SysOps Administrator issued a ping command to the EC2 instance from an on-premises computer with the IP address 203.0.113.12 and did not receive an acknowledgment. VPC Flow Logs were enabled and showed the following:

What action will resolve the issue?

Question74: A SysOps administrator wants to encrypt an existing Amazon RDS DB instance with AWS Key Management Service (AWS KMS).
How should the SysOps administrator accomplish this goal?

Question75: A company needs to migrate an on-premises asymmetric key management system into AWS.
Which AWS service should be used to accomplish this?

Question76: A kernel patch for AWS Linux has been released, and systems need to be updated to the new version. A SysOps administrator must apply an m-place update to an existing Amazon EC2 instance without replacing the instance.
How should the SysOps administrator apply the new software version to the instance?

Question77: Users are struggling to connect to a single public-facing development web server using its public IP address on a unique port number ot 8181 The security group is correctly configured to allow access on that port and the network ACLs are using the default configuration Which log type will confirm whether users are trying to connect to the correct port?

Question78: A SysOps Administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-1 Region. The Administrator finds that this template has failed to create an EC2 instance in the uswest-2 Region.
What is one cause for this failure?

Question79: A company is using an AWS KMS customer master key (CMK) with imported key material. The company references the CMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months What is the process to rotate the key?

Question80: A large company has multiple AWS accounts that are assigned to each department. A SysOps administrator needs to help the company reduce overhead and manage its AWS resources more easily. The SysOps administrator also must ensure that department users, including AWS account root users, have access only to AWS services that are essential for their job function.
Which solution will meet these requirements?

Question81: A SysOps Administrator must take a team's single existing AWS CloudFormation template and split it into smaller, service-specific templates. All of the services in the template reference a single, shared Amazon S3 bucket.
What should the Administrator do to ensure that this S3 bucket can be referenced by all the service templates?

Question82: After launching a new Amazon EC2 instance from a Microsoft Windows 2012 Amazon Machine Image (AMI), the SysOps Administrator is unable to connect to the instance using Remote Desktop Protocol (RDP).
The instance is also unreachable. As part of troubleshooting, the Administrator deploys a second instance from a different AMI using the same configuration and is able to connect to the instance.
What should be the next logical step in troubleshooting the first instance?

Question83: A web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. Amazon Route 53 is used for DNS and points to the load balancer. A SysOps Administrator has launched a new Auto Scaling group with a new version of the application, and wants to gradually shift traffic to the new version.
How can this be accomplished?

Question84: A company has adopted a security policy that requires all customer data to be encrypted at rest. Currently, customer data is stored on a central Amazon EFS file system and accessed by a number of different applications from Amazon EC2 instances.
How can the SysOps Administrator ensure that all customer data stored on the EFS file system meets the new requirement?

Question85: A company is using AWS Storage Gateway to create block storage volumes and mount them as Internet Small Computer Systems Interlace (iSCSI) devices from on-premise! servers As the Storage Gateway has taken on several new projects some of the Development teams report that the performance of the iSCSI drives has degraded. When checking the Amazon CloudWatch metrics a SysOps Administrator notices that the cachePercentUsed metric is below 60% and the cachePercentUsed metric is above 90%.
What steps should the Administrator take to increase Storage Gateway performance?

Question86: A company manages multiple AWS accounts and wants to provide access to AWS from a single management account using an existing on-premises Microsoft Active Directory domain.
Which solution will meet these requirements with the LEAST amount of effort?

Question87: A SysOps Administrator noticed that the cache hit ratio for an Amazon CloudFront distribution is less than
10%. Which collection of configuration changes will increase the cache hit ratio for the distribution? (Select two.)