AWS Sysops Practice Questions Part 4
root2019-11-08T14:06:47+07:00Sysops Quiz 4
Quiz-summary
0 of 105 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
Information
Sysops Quiz 4
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 105 questions answered correctly
Time has elapsed
You have reached 0 of 0 points, (0)
| Average score | |
| Your score |
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- Answered
- Review
- Question 1 of 105
1. Question
How would you restore an EBS snapshot to an EC2 instance?
Choose the correct answer:
CorrectCorrect answer
Create a new volume from the snapshot, attach the volume to the EC2 instance, pre-warm the volume and mount it to the device
IncorrectCorrect answer
Create a new volume from the snapshot, attach the volume to the EC2 instance, pre-warm the volume and mount it to the device
- Question 2 of 105
2. Question
You are running a legacy application that has a hard coded IP address in your application. How might you apply high availability to the instance running that application?
Choose the correct answer:
CorrectCorrect answer
Assign an elastic IP address to the EC2 instance, have a backup instance running. In the event of failure, move Elastic IP from the primary instance to the backup instance
IncorrectCorrect answer
Assign an elastic IP address to the EC2 instance, have a backup instance running. In the event of failure, move Elastic IP from the primary instance to the backup instance
- Question 3 of 105
3. Question
What item, when attached to a subnet, will allow the internal subnet to communicate to external networks?
Choose the 2 correct answers:
CorrectCorrect answer
IGW Internet Gateway, Virtual Private Gateway
IncorrectCorrect answer
IGW Internet Gateway, Virtual Private Gateway
- Question 4 of 105
4. Question
You see an increased load on an EC2 instance that is used as a web server. You decide placing the server behind an Elastic Load Balancer and deploying an additional instance should help meet this increased demand on system resources. You deploy the ELB, configure it to listen for traffic on port 80, bring up a second EC2 instance, move both instances behind the load balancer, and provide customers with the ELB’s URL – https://mywebapp-1234567890.us-west-2.elb.amazonaws.com. You immediately begin receiving complaints that customers cannot connect to the web application via the ELB’s URL. Why?
Choose the correct answer:
CorrectExplanation
Specifying https:// directs web traffic to port 443. If you only configured a listener for port 80 on the ELB, traffic on port 443 will not be accepted.
IncorrectExplanation
Specifying https:// directs web traffic to port 443. If you only configured a listener for port 80 on the ELB, traffic on port 443 will not be accepted.
- Question 5 of 105
5. Question
If we want to be able to monitor billing and cost metrics, what AWS services do we need to enable and use together?
Choose the correct answer
CorrectCorrect answer
Account Preferences Billing Alerts
IncorrectCorrect answer
Account Preferences Billing Alerts
- Question 6 of 105
6. Question
In your LAMP application, you have some developers that say they would like access to your logs. However, since you are using an AWS Auto Scaling group, your instances are constantly being re-created. What would you do to make sure that these developers can access these log files?
Choose the correct answer:
CorrectCorrect answer
Set up a central logging server that you can use to archive your logs; archive these logs to an S3 bucket for developer-access
IncorrectCorrect answer
Set up a central logging server that you can use to archive your logs; archive these logs to an S3 bucket for developer-access
- Question 7 of 105
7. Question
You run a stateless web application with the following components: an Elastic Load Balancer, three Web/Application servers on EC2, and a MySQL RDS database with 5000 Provisioned IOPS. Average response time for users is increasing. Looking at CloudWatch, you observe 95% CPU usage on the Web/Application servers and 20% CPU usage on the database. The average number of database disk operations varies between 2000 and 2500. How would you improve performance? (Choose Two)
Choose the 2 correct answers:
CorrectCorrect answer
Choose a different EC2 instance type for the Web/Application servers with a more appropriate CPU/Memory ratio, Use Auto Scaling to add additional Web/Application servers based on CPU load threshold
IncorrectCorrect answer
Choose a different EC2 instance type for the Web/Application servers with a more appropriate CPU/Memory ratio, Use Auto Scaling to add additional Web/Application servers based on CPU load threshold
- Question 8 of 105
8. Question
Your applications in AWS need to authenticate against LDAP credentials that are in your on-premises data center. You need low latency between the AWS app authenticating between AWS and your on- premises network. How can you achieve this?
Choose the correct answer:
CorrectCorrect answer
If you don’t already have a secure tunnel, create a VPN between your on-premises data center and AWS. Once you have a VPN tunnel established between the data centers then you can spin up a secondary LDAP server that replicates from on premises LDAP server
IncorrectCorrect answer
If you don’t already have a secure tunnel, create a VPN between your on-premises data center and AWS. Once you have a VPN tunnel established between the data centers then you can spin up a secondary LDAP server that replicates from on premises LDAP server
- Question 9 of 105
9. Question
You have been tasked with identifying an appropriate storage solution for a NoSQL database that requires random I/O reads of greater than 10,000 4kB IOPS. Which EC2 option will meet this requirement?
Choose the correct answer:
CorrectCorrect answer
EBS optimized instances
Explanation
EBS volumes only allow you to provision up to 4,000k IOPS per volume. EBS optimized instances have greater IOPs and can go up to 16K
IncorrectCorrect answer
EBS optimized instances
Explanation
EBS volumes only allow you to provision up to 4,000k IOPS per volume. EBS optimized instances have greater IOPs and can go up to 16K
- Question 10 of 105
10. Question
You have enabled a CloudWatch metric on your Redis ElastiCache cluster. Your alarm is triggered due to an increased amount of evictions. How might you go about solving the increased eviction errors from the ElastiCache cluster?
Choose the correct answer:
CorrectCorrect answer
Increase the size of your node
IncorrectCorrect answer
Increase the size of your node
- Question 11 of 105
11. Question
True or False: Read replicas can be a read replica of another read replica.
Choose the correct answer:
CorrectIncorrect - Question 12 of 105
12. Question
You have decided to extend your on-site data center to Amazon Web Servers by creating a VPC. You already have multiple DNS servers on the premises. You are using these DNS servers to host DNS records for your internal applications. You have a corporate security network policy that says that a DNS name for an internal application can only be resolved internally and never publicly over the internet. Your existing on-premises data center is already connected to your VPC using IPSec VPN.
You are deploying new applications within your AWS service that need to resolve these new applications by name. How might you set up the scalable DNS architecture?
Choose the correct answer:
CorrectCorrect answer
Create a DNS option set that includes both the DHCP options with domain-name-servers=AmazonProvidedDNS and your internal DNS servers
IncorrectCorrect answer
Create a DNS option set that includes both the DHCP options with domain-name-servers=AmazonProvidedDNS and your internal DNS servers
- Question 13 of 105
13. Question
You manage EC2 instances in two different VPCs and you would like instances in both VPCs to be able to easily communicate with each other. You are considering using VPC peering. Will this work? (Choose Two)
Choose the 2 correct answers:
CorrectCorrect answer
Yes, as long as the VPC’s are in the same region., Yes, as long as the VPCs’ CIDR blocks don’t overlap.
Further Reading
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html
IncorrectCorrect answer
Yes, as long as the VPC’s are in the same region., Yes, as long as the VPCs’ CIDR blocks don’t overlap.
Further Reading
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html
- Question 14 of 105
14. Question
What is the result of the following bucket policy?
{
“Statement”: [
{
“Sid”: “Sid2”,
“Action”: “s3:*”,
“Effect”: “Allow”,
“Resource”: “arn:aws:s3:::mybucket/*.”,
“Condition”: {
“ArnEquals”: {
“s3:prefix”: “finance_”
}
},
“Principal”: {
“AWS”: [
“*”
]
}
}
]
}Choose the correct answer:
CorrectCorrect answer
It will allow all actions only against objects with the prefix finance_
IncorrectCorrect answer
It will allow all actions only against objects with the prefix finance_
- Question 15 of 105
15. Question
You notice that several of your AWS environment’s CloudWatch metrics are hovering near a value of 100. Which of these are you least concerned about?
Choose the correct answer:
CorrectCorrect answer
ElastiCache CurrConnections
Explanation
A high number of connections is not necessarily a bad thing, if there are adequate resources to service those connections. 100% usage of resources, as in options A and C, typically means they are strained under a heavy load. A high SpilloverCount for an Elastic Load Balancer is also bad, as you do not want requests to be rejected
IncorrectCorrect answer
ElastiCache CurrConnections
Explanation
A high number of connections is not necessarily a bad thing, if there are adequate resources to service those connections. 100% usage of resources, as in options A and C, typically means they are strained under a heavy load. A high SpilloverCount for an Elastic Load Balancer is also bad, as you do not want requests to be rejected
- Question 16 of 105
16. Question
Your company is being audited by a third party IT auditing service; they have asked you for details about the physical network and virtualization infrastructure. What to you tell them?
Choose the correct answer:
CorrectCorrect answer
You go to your AWS rep with the control in question and AWS will give the provided information to the third party in charge of doing your audit
IncorrectCorrect answer
You go to your AWS rep with the control in question and AWS will give the provided information to the third party in charge of doing your audit
- Question 17 of 105
17. Question
Which of the following is a security best practice for an AWS environment?
Choose the correct answer:
CorrectCorrect answer
Enable MFA on the root user for your AWS account and use IAM users rather than the root user for administrative tasks.
Explanation
IAM user accounts should not be used for executing automated scheduled tasks on EC2 instances, and automated tasks do not use MFA. The default VPC is built for ease of use, not security. IAM user credentials should not be stored on AMIs; EC2 instances that need permission to perform actions on AWS resources should use IAM roles
IncorrectCorrect answer
Enable MFA on the root user for your AWS account and use IAM users rather than the root user for administrative tasks.
Explanation
IAM user accounts should not be used for executing automated scheduled tasks on EC2 instances, and automated tasks do not use MFA. The default VPC is built for ease of use, not security. IAM user credentials should not be stored on AMIs; EC2 instances that need permission to perform actions on AWS resources should use IAM roles
- Question 18 of 105
18. Question
We have terminated an instance in which we have an EBS attached volume. What do we do now if we need to access the important data that was on this volume if we created this instance with the default storage options?
Choose the correct answer:
CorrectCorrect answer
If we did not first take a snapshot of the EBS volume we will not be able to access the data after an instance termination
Explanation
By default, the EBS volumes are selected to terminate upon instance termination; however, when creating an EC2 instance we have the option to un-select the data deletion option. We must also create snapshots of the EBS volume which we can restore the data from
IncorrectCorrect answer
If we did not first take a snapshot of the EBS volume we will not be able to access the data after an instance termination
Explanation
By default, the EBS volumes are selected to terminate upon instance termination; however, when creating an EC2 instance we have the option to un-select the data deletion option. We must also create snapshots of the EBS volume which we can restore the data from
- Question 19 of 105
19. Question
We have a two-tiered application with the following components. We have an ELB, three web/application servers on EC2, and one MySQL RDS database. When our load grows, the database queries take longer and slow down the overall response time for the user request.
Which three options would we choose to speed up performance?
Choose the 3 correct answers:
CorrectCorrect answer
We can shard the database and distribute the load between shards, We can create an RDS read-replica and redirect half of the database read requests to it, We can cache our database queries with ElastiCache
IncorrectCorrect answer
We can shard the database and distribute the load between shards, We can create an RDS read-replica and redirect half of the database read requests to it, We can cache our database queries with ElastiCache
- Question 20 of 105
20. Question
A successful systems administrator probably does not need to know how to use a script for:
Choose the correct answer:
CorrectCorrect answer
Automating backups of RDS databases
Explanation
AWS offers automated backups of RDS, thus it is not a requirement to script this task.
IncorrectCorrect answer
Automating backups of RDS databases
Explanation
AWS offers automated backups of RDS, thus it is not a requirement to script this task.
- Question 21 of 105
21. Question
Given the following IAM policy:
{
“Version”: “2014-19-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“s3:Get*”, “s3:List*”
],
“Resource”: “*”
},
{
“Effect”: “Allow”,
“Action”: “s3:PutObject”,
“Resource”: “arn:aws:s3:::corporate_bucket/*”
}
]
}What does the IAM policy allow?
Choose the 2 correct answers:
CorrectCorrect answer
The user is allowed to read objects from the bucket named ‘corporate_bucket’, The user is allowed to write objects into the bucket named ‘corporate_bucket’
IncorrectCorrect answer
The user is allowed to read objects from the bucket named ‘corporate_bucket’, The user is allowed to write objects into the bucket named ‘corporate_bucket’
- Question 22 of 105
22. Question
What is the result of the following bucket policy?
{
“Statement”: [
{
“Sid”: “SID1”,
“Effect”: “Allow”,
“Principal”: {
“AWS”: “*”
},
“Action”: “s3:*”,
“Resource”: “arn:aws:s3:::mybucket/*”,
“Condition”: {
“IpAddress”: {
“aws:SourceIp”: “50.97.0.0/32”
}
}
}
]
}Choose the correct answer:
CorrectCorrect answer
It will deny all access to the S3 mybucket bucket except for requests coming from the IP 50.97.0.0
IncorrectCorrect answer
It will deny all access to the S3 mybucket bucket except for requests coming from the IP 50.97.0.0
- Question 23 of 105
23. Question
Which option below is part of a failover process for a Multi-AZ zone in an RDS instance?
Choose the correct answer:
CorrectCorrect answer
The DNS for our primary DB instance is switched to the standby DB instance
IncorrectCorrect answer
The DNS for our primary DB instance is switched to the standby DB instance
- Question 24 of 105
24. Question
We have developed a mobile application that gets downloaded several hundred times a week. What authentication method should we enable for the mobile clients to access images that are stored in an AWS S3 bucket that provides us with the highest flexibility and rotates the credentials?
Choose the correct answer:
CorrectCorrect answer
Identity Federation based on AWS STS using an AWS IAM policy for the respective S3 bucket
IncorrectCorrect answer
Identity Federation based on AWS STS using an AWS IAM policy for the respective S3 bucket
- Question 25 of 105
25. Question
You have multiple AWS users with access to an Amazon S3 bucket. These users have permission to add and delete objects. If you wanted to prevent accidental deletions, what might you do to prevent these users from performing accidental deletions of an object?
Choose the correct answer:
CorrectCorrect answer
You can use Amazon MFA for verification for deleting an object
IncorrectCorrect answer
You can use Amazon MFA for verification for deleting an object
- Question 26 of 105
26. Question
You maintain an application on AWS to provide development and test platforms for your developers. Currently, both environments consist of an m1.small EC2 instance. Your developers notice performance degradation as they increase network load in the test environment. How would you mitigate these performance issues in the test environment?
Choose the correct answer:
CorrectCorrect answer
Upgrade the m1.small to a larger instance type
IncorrectCorrect answer
Upgrade the m1.small to a larger instance type
- Question 27 of 105
27. Question
True or False: You can configure an internal elastic load balancer to load balance internal traffic.
Choose the correct answer:
CorrectTrue
IncorrectTrue
- Question 28 of 105
28. Question
Your supervisor is concerned about losing read access to your RDS database in the unlikely event of an AWS regional failure. You design a plan to create a read replica of the database in another region, but your supervisor sees a problem with this plan. What problem does he see?
Choose the correct answer:
CorrectCorrect answer
Your database is using PostgreSQL, which does not support cross-region replication.
Explanation
Note: PostgreSQL on RDS now supports cross-region read replicas since June 2016, but please keep in mind that the exam probably won’t be updated for a while. Read replicas are supported in different regions than the source RDS database, but only when using MySQL 5.6. You cannot synchronous replication between the two regions because, while latency is an important metric, read replicas use asynchronous replication, not synchronous replication. You cannot VPC peer between VPCs in different regions and because replication does not require VPC peering.
IncorrectCorrect answer
Your database is using PostgreSQL, which does not support cross-region replication.
Explanation
Note: PostgreSQL on RDS now supports cross-region read replicas since June 2016, but please keep in mind that the exam probably won’t be updated for a while. Read replicas are supported in different regions than the source RDS database, but only when using MySQL 5.6. You cannot synchronous replication between the two regions because, while latency is an important metric, read replicas use asynchronous replication, not synchronous replication. You cannot VPC peer between VPCs in different regions and because replication does not require VPC peering.
- Question 29 of 105
29. Question
You are uploading 3 gigabytes of data every night to S3 from your on-premises data center. It takes 3 hours to upload and you are uploading it to Amazon S3. You are only using half of your available bandwidth through your internet provider. How might you decrease the amount of time to back up that 3GB of data from your on-premises data center to S3?
Choose the 2 correct answers:
CorrectCorrect answer
You can use multipart upload to speed up the upload process, You could establish a Direct Connect connection between your on-premises data center and AWS VPC
IncorrectCorrect answer
You can use multipart upload to speed up the upload process, You could establish a Direct Connect connection between your on-premises data center and AWS VPC
- Question 30 of 105
30. Question
Rule 100 in a NACL associated with subnets A and B denies HTTP traffic from 0.0.0.0/0. Rule 105 in the same NACL allows HTTP traffic from 0.0.0.0/0. EC2 Instances in subnet A are associated with a security group that allows HTTP traffic from 192.168.0.0/24. EC2 Instances in subnet B are associated with a security group that denies HTTP traffic from 128.168.0.0/24. Which of the following statements are true?
Choose the correct answer:
CorrectCorrect answer
HTTP traffic from the internet will be denied to EC2 instances in both subnets due to the NACL rules.
Explanation
Rule 105 is the higher number rule and will not be evaluated. NACL rules are evaluated in order from lowest to highest so HTTP traffic from the internet will be denied to instances in subnet B.
IncorrectCorrect answer
HTTP traffic from the internet will be denied to EC2 instances in both subnets due to the NACL rules.
Explanation
Rule 105 is the higher number rule and will not be evaluated. NACL rules are evaluated in order from lowest to highest so HTTP traffic from the internet will be denied to instances in subnet B.
- Question 31 of 105
31. Question
You need to establish a secure backup and archiving solution for your company, using AWS. Documents should be immediately accessible for three months and available for five years for compliance reasons. Which AWS service fulfills these requirements in the most cost-effective way?
Choose the correct answer:
CorrectCorrect answer
Upload data to S3 and use lifecycle policies to move the data into Glacier for long-term archiving.
IncorrectCorrect answer
Upload data to S3 and use lifecycle policies to move the data into Glacier for long-term archiving.
- Question 32 of 105
32. Question
Which of the following CloudWatch metrics require a custom monitoring script to populate the metric?
Choose the 2 correct answers:
CorrectCorrect answer
Swap Usage, Available Disk Space
IncorrectCorrect answer
Swap Usage, Available Disk Space
- Question 33 of 105
33. Question
What AWS services allow you access to the underlying operating system?
Choose the 3 correct answers:
CorrectCorrect answer
EC2, Hadoop, Elastic BeanStalk
IncorrectCorrect answer
EC2, Hadoop, Elastic BeanStalk
- Question 34 of 105
34. Question
A colleague noticed that CloudWatch was reporting that there had not been any connections to one of your MySQL databases for several months. You decided to terminate the database. Two months after the database was terminated, you get a phone call from a very upset user who needs information from that database to run end-of-year reports. What can you do?
Choose the correct answer:
CorrectCorrect answer
If you took a manual snapshot of the database, you can restore the database from that snapshot.
Explanation
Manual snapshots persist even after a database is terminated. There is not an expiration period for manual snapshots. While automated backups do have a maximum retention period of 35 days, they are deleted at the time a database is terminated
IncorrectCorrect answer
If you took a manual snapshot of the database, you can restore the database from that snapshot.
Explanation
Manual snapshots persist even after a database is terminated. There is not an expiration period for manual snapshots. While automated backups do have a maximum retention period of 35 days, they are deleted at the time a database is terminated
- Question 35 of 105
35. Question
You are managing a large magazine application inside Amazon Web Services. Your company posts an article that gets picked up internationally, causing millions of visitors to hit your application. Such a large increase in traffic causes strain on your DB server which is dynamically servicing the blog content. How might you quickly resolve this issue and make the blog post infinitely scaleable?
Choose the correct answer:
CorrectCorrect answer
Create a static HTML page using S3 and use Route 53 to point DNS to the static S3 bucket.
IncorrectCorrect answer
Create a static HTML page using S3 and use Route 53 to point DNS to the static S3 bucket.
- Question 36 of 105
36. Question
Best practice is to pre-warm:
Choose the correct answer:
CorrectCorrect answer
Newly created EBS volumes. Pre-warm using the read and then write back method.
Explanation
The read and write back method is used to pre-warm EBS volumes created from a snapshot. Fresh EBS volumes do require read or write back during pre-warming. Elastic load balancers should be pre-warmed prior to an anticipated large spike in traffic, but this is done by contacting AWS to provision additional back-end resources, not by a read and write back command.
IncorrectCorrect answer
Newly created EBS volumes. Pre-warm using the read and then write back method.
Explanation
The read and write back method is used to pre-warm EBS volumes created from a snapshot. Fresh EBS volumes do require read or write back during pre-warming. Elastic load balancers should be pre-warmed prior to an anticipated large spike in traffic, but this is done by contacting AWS to provision additional back-end resources, not by a read and write back command.
- Question 37 of 105
37. Question
True or False: When taking a snapshot of an EBS volume there is a performance issue: It decreases the performance due to the increased I/O.
Choose the correct answer:
CorrectIncorrect - Question 38 of 105
38. Question
Your AWS application is set up to use Auto Scaling with an ELB. To be sure that your application is performing its best and the page loads quickly what, precisely, could you monitor in CloudWatch?
Choose the correct answer:
CorrectCorrect answer
Monitor your ELB latency using CloudWatch metrics
Explanation
CloudWatch provides latency metrics which monitor the time it takes for the request to go from the Elastic Load Balancer to the instance and back. Latency is a good metric to determine if our Elastic Load Balancer is healthy
IncorrectCorrect answer
Monitor your ELB latency using CloudWatch metrics
Explanation
CloudWatch provides latency metrics which monitor the time it takes for the request to go from the Elastic Load Balancer to the instance and back. Latency is a good metric to determine if our Elastic Load Balancer is healthy
- Question 39 of 105
39. Question
In the shared responsibility model at AWS, what two options are you responsible for instead of Amazon within an audit?
Choose the 2 correct answers:
CorrectCorrect answer
The operating systems’ administrators group, An application that you have running within AWS EC2
IncorrectCorrect answer
The operating systems’ administrators group, An application that you have running within AWS EC2
- Question 40 of 105
40. Question
. Assuming you have kept the default settings and are using the automated backup services provided by AWS, which of the following will retain automated backups?
Choose the correct answer:
CorrectCorrect answer
None of these
Explanation
Automated backups of RDS databases are deleted when an RDS instance is terminated. Only manual snapshots of an RDS database remain after the RDS instance is terminated. AWS does not offer an automated backup solution for volumes attached to EC2 instances.
IncorrectCorrect answer
None of these
Explanation
Automated backups of RDS databases are deleted when an RDS instance is terminated. Only manual snapshots of an RDS database remain after the RDS instance is terminated. AWS does not offer an automated backup solution for volumes attached to EC2 instances.
- Question 41 of 105
41. Question
Your Infrastructure does not have an Internet gateway attached to any of the subnets. What might you do in order to SSH into your EC2 instances? All other configuration is correct.
Choose the correct answer:
CorrectCorrect answer
Create a VPN connection
IncorrectCorrect answer
Create a VPN connection
- Question 42 of 105
42. Question
What might be the cause of an EC2 instance not launching in an auto-scaling group?
Choose the 3 correct answers:
CorrectCorrect answer
Availability zone is no longer supported, Invalid EBS device mapping, Key pair associated with EC2 instance does not exist
IncorrectCorrect answer
Availability zone is no longer supported, Invalid EBS device mapping, Key pair associated with EC2 instance does not exist
- Question 43 of 105
43. Question
You have enabled a CloudWatch metric on your MemCached ElastiCache cluster. Your alarm is triggered due to an increased amount of evictions. How might you go about solving the increased eviction errors from the ElastiCache cluster? (Choose Two)
Choose the 2 correct answers:
CorrectCorrect answer
Increase the node size, Add a node to the cluster
IncorrectCorrect answer
Increase the node size, Add a node to the cluster
- Question 44 of 105
44. Question
How might you assign permissions to an EC2 instance so that the EC2 custom CloudWatch metric scripts can send the required data to Amazon CloudWatch?
Choose the correct answer:
CorrectCorrect answer
Assign an IAM role to the EC2 instance at creation time with permissions to write to CloudWatch
IncorrectCorrect answer
Assign an IAM role to the EC2 instance at creation time with permissions to write to CloudWatch
- Question 45 of 105
45. Question
Your RDS database is experiencing high levels of read requests during the business day and performance is slowing down. You have already verified that the source of the congestion is not backups taking place during the business day, as automatic backups are not enabled. Which of the following is the first step you can take toward resolving the issue?
Choose the correct answer:
CorrectCorrect answer
Enable automated backups of the database.
Explanation
A read replica of the database cannot be created until automated backups are enabled. Your first step should be to enable automated backups. Once automated backups are enabled, you can proceed with creating a read replica of the database and offloading some client read requests to .
IncorrectCorrect answer
Enable automated backups of the database.
Explanation
A read replica of the database cannot be created until automated backups are enabled. Your first step should be to enable automated backups. Once automated backups are enabled, you can proceed with creating a read replica of the database and offloading some client read requests to .
- Question 46 of 105
46. Question
Which features can be used to restrict access to data in S3?
Choose the 3 correct answers:
CorrectCorrect answer
Create a CloudFront distribution for the bucket, Set an S3 bucket policy, Set an S3 ACL on the bucket or the object
IncorrectCorrect answer
Create a CloudFront distribution for the bucket, Set an S3 bucket policy, Set an S3 ACL on the bucket or the object
- Question 47 of 105
47. Question
What happens during a failover process in a Multi-AZ with AWS RDS instance?
Choose the correct answer:
CorrectCorrect answer
The DNS record of the DB instance changes from the primary to the standby DB instance
Explanation
The Multi-AZ failover process does not require any action from the SysOps admin. The DNS on the backend of AWS will change from primary to the secondary instance. This occurs during time periods such as DB failure and DB updates by AWS.
IncorrectCorrect answer
The DNS record of the DB instance changes from the primary to the standby DB instance
Explanation
The Multi-AZ failover process does not require any action from the SysOps admin. The DNS on the backend of AWS will change from primary to the secondary instance. This occurs during time periods such as DB failure and DB updates by AWS.
- Question 48 of 105
48. Question
True or False: In a Network ACL an explicit Deny always overrides an explicit Allow.
Choose the correct answer:
CorrectIncorrect - Question 49 of 105
49. Question
If you configure a VPC with an Internet gateway that has a private and a public subnet, is each in its own Availability Zone and is using a dual-tunnel VPN between the Virtual Private Gateway and the router in the private data center. You want to make sure that you do not have a potential single point of failure in this design. Which option would you get rid of to make sure we achieve this above environment?
Choose the correct answer:
CorrectCorrect answer
There is not a single point of failure with this architecture
IncorrectCorrect answer
There is not a single point of failure with this architecture
- Question 50 of 105
50. Question
You have been asked to maintain a small AWS environment consisting of five on-demand EC2 web server instances. Traffic from the Internet is distributed to these servers via an Elastic Load Balancer. Your supervisor is not pleased with a recent AWS bill. Assuming a consistent, moderately high load on the web servers, what option should you recommend to reduce the cost for this environment without negatively affecting availability?
Choose the correct answer:
CorrectCorrect answer
Use reserved EC2 instances rather than on-demand instances.
Explanation
Auto Scaling can often save money in environments with variable load, but would likely not help reduce costs in an environment with a consistent high load spread across all servers. Reserved instances are recommended for instances with a consistently high load. Removing the ELB or using spot instances would save money, but could decrease availability.
IncorrectCorrect answer
Use reserved EC2 instances rather than on-demand instances.
Explanation
Auto Scaling can often save money in environments with variable load, but would likely not help reduce costs in an environment with a consistent high load spread across all servers. Reserved instances are recommended for instances with a consistently high load. Removing the ELB or using spot instances would save money, but could decrease availability.
- Question 51 of 105
51. Question
You are running an EC2 instance serving a website with an SSL certificate. Your CPU utilization is constantly high. How might you resolve this issue?
Choose the correct answer:
CorrectCorrect answer
Offload the SSL cert form the EC2 instance and configure on the Elastic Load Balancer
IncorrectCorrect answer
Offload the SSL cert form the EC2 instance and configure on the Elastic Load Balancer
- Question 52 of 105
52. Question
We need to run a business intelligence application against our production database. This application requires near real time data from the database. How might we configure our RDS setup so that our application does not increase I/O load against our production database?
Choose the correct answer:
CorrectCorrect answer
Create a read replica from the production instance and point the application to the read replica
IncorrectCorrect answer
Create a read replica from the production instance and point the application to the read replica
- Question 53 of 105
53. Question
When managing our VPC in an AWS region, we want to give other teams access to create their own instances and modify the security groups inside subnets dedicated to their teams. We have to make sure the development team can NOT do anything in their subnets that could allow their instances to impact production instances in the production subnets.
What can we do to separate out our VPC so that instances that the dev team can access can never interfere or interact with the ones within our production?
Choose the correct answer:
CorrectCorrect answer
We can create NACLs that restrict which subnets that can talk to each other
IncorrectCorrect answer
We can create NACLs that restrict which subnets that can talk to each other
- Question 54 of 105
54. Question
Your EC2 instance has a system static check error with an error message of loss of network connectivity. What is the best way to attempt to resolve the EC2 instance status check error?
Choose the 2 correct answers:
CorrectCorrect answer
Attempt to change the physical host that the instance is on by stopping and starting the instance , Terminate the instance and build a new one
IncorrectCorrect answer
Attempt to change the physical host that the instance is on by stopping and starting the instance , Terminate the instance and build a new one
- Question 55 of 105
55. Question
A deny overrides an allow in which circumstances?
Choose the correct answer:
CorrectCorrect answer
An explicit allow is set in an IAM policy governing S3 access and an explicit deny is set on an S3 bucket via an S3 bucket policy
IncorrectCorrect answer
An explicit allow is set in an IAM policy governing S3 access and an explicit deny is set on an S3 bucket via an S3 bucket policy
- Question 56 of 105
56. Question
What is the most likely reason you are being charged for an instance you launched from a free-tier eligible AMI?
Choose the correct answer:
CorrectCorrect answer
Your account has passed the one-year trial period
IncorrectCorrect answer
Your account has passed the one-year trial period
- Question 57 of 105
57. Question
True or False: Read replicas can have Multi Availability Zones enabled.
Choose the correct answer:
CorrectIncorrect - Question 58 of 105
58. Question
In order for reserved instances to reduce the cost of running instances, those instances must match the exact specifications of the reserved instance including: Region, Availability Zone, and instance type.
Choose the correct answer:
CorrectIncorrect - Question 59 of 105
59. Question
Your website is hosted on 10 EC2 instances in five regions around the globe, with two instances per region. How could you configure your site to maintain availability with minimum downtime if one of the five regions was to lose network connectivity for an extended period?
Choose the correct answer:
CorrectCorrect answer
Create a Route 53 Latency Based Routing Record Set that resolves to an Elastic Load Balancer in each region and has the Evaluate Target Health flag set to true.
IncorrectCorrect answer
Create a Route 53 Latency Based Routing Record Set that resolves to an Elastic Load Balancer in each region and has the Evaluate Target Health flag set to true.
- Question 60 of 105
60. Question
When working with Amazon RDS, by default, AWS is responsible for implementing which two management-related activities?
Choose the 2 correct answers:
CorrectCorrect answer
Installing and periodically patching the database software, If automated backups are enabled, creating and maintaining automated database backups with a point-in-time recovery of up to five minutes
IncorrectCorrect answer
Installing and periodically patching the database software, If automated backups are enabled, creating and maintaining automated database backups with a point-in-time recovery of up to five minutes
- Question 61 of 105
61. Question
What would be a reason you would upgrade to Direct Connect instead of a traditional VPN connection?
Choose the correct answer:
CorrectCorrect answer
You gain higher bandwidth and consistent network connectivity
IncorrectCorrect answer
You gain higher bandwidth and consistent network connectivity
- Question 62 of 105
62. Question
Your supervisor sends you a list of several processes in your AWS environment that she would like you to automate via scripts. Which of the following list items should you set as the highest priority?
Choose the correct answer:
CorrectCorrect answer
Implement CloudWatch alerts for EC2 instances’ memory usage
IncorrectCorrect answer
Implement CloudWatch alerts for EC2 instances’ memory usage
- Question 63 of 105
63. Question
Your company is setting up an application that is used to share files. Because these files are important for the sales team, the application must be highly available. Which AWS-specific storage option would you set up for low cost, reliability, and scaling?
Choose the correct answer:
CorrectCorrect answer
Use AWS (S3) that can be access via end users with signed URLs
IncorrectCorrect answer
Use AWS (S3) that can be access via end users with signed URLs
- Question 64 of 105
64. Question
True or False: AWS is solely responsible for the security on the guest operating system.
Choose the correct answer:
CorrectIncorrect - Question 65 of 105
65. Question
Your company has decided to deploy a “Pilot Light” AWS environment to keep minimal resources in AWS with the intention of rapidly expanding the environment in the event of a disaster in your on-premises Datacenter. Which of the following services will you likely not make use of?
Choose the correct answer:
CorrectCorrect answer
CloudFormation for automating the large-scale deployment of AWS resources in the event of an on-premises disaster
Explanation
A Gateway-Cached implementation of Storage Gateway stores all of your data in AWS and caches your frequently-accessed data on premises. Keeping all data in AWS is not a minimal AWS implementation. A Gateway-Stored implementation of Storage Gateway would be preferred for a “Pilot Light” AWS environment, as it would allow you retain your data on-premises but take snapshot copies of the data to AWS, so it could be accessed in the event of an on-premises disaster. With that being said, here is why CloudFormation is the correct answer to this question: “pilot light” requires the replication of data in order to easily “scale out.” For RDS this means you already have a running instance that is receiving replicated data. If you use CloudFormation to “increase the instance size” it will actually terminate the instance and launch a new one. In the event of a disaster, it’s better to just increase the size of the instance which you can’t do with a CloudFormation template.
IncorrectCorrect answer
CloudFormation for automating the large-scale deployment of AWS resources in the event of an on-premises disaster
Explanation
A Gateway-Cached implementation of Storage Gateway stores all of your data in AWS and caches your frequently-accessed data on premises. Keeping all data in AWS is not a minimal AWS implementation. A Gateway-Stored implementation of Storage Gateway would be preferred for a “Pilot Light” AWS environment, as it would allow you retain your data on-premises but take snapshot copies of the data to AWS, so it could be accessed in the event of an on-premises disaster. With that being said, here is why CloudFormation is the correct answer to this question: “pilot light” requires the replication of data in order to easily “scale out.” For RDS this means you already have a running instance that is receiving replicated data. If you use CloudFormation to “increase the instance size” it will actually terminate the instance and launch a new one. In the event of a disaster, it’s better to just increase the size of the instance which you can’t do with a CloudFormation template.
- Question 66 of 105
66. Question
Which of the following could be a procedure to disaster recovery as it relates to RDS?
Choose the correct answer:
CorrectCorrect answer
Configure a read replica to a different region. In the event of a failover, promote the read replica as the primary and change the DNS for your application to point to the new primary and then enable Multi AZ.
IncorrectCorrect answer
Configure a read replica to a different region. In the event of a failover, promote the read replica as the primary and change the DNS for your application to point to the new primary and then enable Multi AZ.
- Question 67 of 105
67. Question
True or False: By using NACLs at the subnet level, you can create security entries to ensure that other applications such as development applications do not accidentally have any malicious effects against your primary application.
Choose the correct answer:
CorrectCorrect answer
True
Explanation
NACLs allow you to block/allow traffic at the subnet level. NACLs can be used to prevent any “accidental” traffic from affecting other AWS apps in your environment.
IncorrectCorrect answer
True
Explanation
NACLs allow you to block/allow traffic at the subnet level. NACLs can be used to prevent any “accidental” traffic from affecting other AWS apps in your environment.
- Question 68 of 105
68. Question
You manage a social media website on EC2 instances in an Auto Scaling group. You have configured your Auto Scaling group to deploy one new EC2 instance when CPU utilization is greater than 90% for 3 consecutive periods of 10 minutes. You notice that between 6:00 pm and 10:00 pm every night, you see a gradual increase in traffic to your website. Although Auto Scaling launches several new instances every night, some users complain they are seeing timeouts when trying to load the index page during those hours. What is the least cost-effective way to resolve this problem?
Choose the correct answer:
CorrectCorrect answer
Increase the minimum number of instances in the AutoScaling group
Explanation
Increasing the minimum number of instances in the AutoScaling group will keep more instances running around the clock, thus making it a very inefficient way to manage cost. The other options all increase the AutoScaling group’s sensitivity to an increase in load and enable it to respond quicker to increased load by spinning up instances as soon as they become necessary.
IncorrectCorrect answer
Increase the minimum number of instances in the AutoScaling group
Explanation
Increasing the minimum number of instances in the AutoScaling group will keep more instances running around the clock, thus making it a very inefficient way to manage cost. The other options all increase the AutoScaling group’s sensitivity to an increase in load and enable it to respond quicker to increased load by spinning up instances as soon as they become necessary.
- Question 69 of 105
69. Question
We have a web application that is using Auto Scaling and an ELB. We would like to monitor the application to make sure that it maintains a good quality of service for our customers, defined by the application’s page load time.
What metic within CloudWatch can we use for this?
Choose the correct answer
CorrectCorrect answer
The latency that is reported by the ELB
IncorrectCorrect answer
The latency that is reported by the ELB
- Question 70 of 105
70. Question
True or False: By default, there is no route between the subnets in a VPC.
Choose the correct answer:
CorrectIncorrect - Question 71 of 105
71. Question
True or False: If Multi-AZ is enabled and automated backups occur on your instance, your application will experience performance issues due to the increased I/O of the automated backup.
Choose the correct answer :
CorrectIncorrect - Question 72 of 105
72. Question
True or False: RDS Read Replicas are Synchronous in their replications.
Choose the correct answer:
CorrectIncorrect - Question 73 of 105
73. Question
You manage a technology blog website on EC2 instances in an Auto Scaling group behind an Elastic Load Balancer. Traffic volume to the site is consistently low, except during several weeks of the year when major technology conferences are occurring, when traffic increases 300 percent. What is the least advisable way to manage this environment?
Choose the correct answer:
CorrectCorrect answer
Upgrade the reserved instances that handle the typical load for the website to larger reserved instances during technology conference weeks.
Explanation
Upgrading the size of reserved instances means you incur a cost to reserve resources for the entire period of the reservation, which at a minimum of one year, is much more commitment than is needed for a few week-long conferences. It’s better to keep the reserved instances sized properly to handle the typical load and use on-demand instances to handle the spikes.
IncorrectCorrect answer
Upgrade the reserved instances that handle the typical load for the website to larger reserved instances during technology conference weeks.
Explanation
Upgrading the size of reserved instances means you incur a cost to reserve resources for the entire period of the reservation, which at a minimum of one year, is much more commitment than is needed for a few week-long conferences. It’s better to keep the reserved instances sized properly to handle the typical load and use on-demand instances to handle the spikes.
- Question 74 of 105
74. Question
What is the result of the following bucket policy?
{
“Statement”: [
{
“Sid”: “Sid1”,
“Action”: “s3:*”,
“Effect”: “Allow”,
“Resource”: “arn:aws:s3:::mybucket/*.”,
“Principal”: {
{“AWS”: [“arn:aws:iam::5555555555:user/jeff”]}
}
},
{
“Sid”: “Sid2”,
“Action”: “s3:*”,
“Effect”: “Deny”,
“Resource”: “arn:aws:s3:::mybucket/*”,
“Principal”: {
“AWS”: [
“*”
]
}
}
]
}Choose the correct answer:
CorrectCorrect answer
It will deny all all access to the bucket mybucket
IncorrectCorrect answer
It will deny all all access to the bucket mybucket
- Question 75 of 105
75. Question
What is the result of the following bucket policy?
{
“Statement”: [
{
“Sid”: “Sid1”,
“Action”: “s3:*”,
“Effect”: “Allow”,
“Resource”: “arn:aws:s3:::mybucket/*.”,
“Principal”: {
{“AWS”: [“arn:aws:iam::5555555555:user/jeff”]}
}
},
{
“Sid”: “Sid2”,
“Action”: “s3:*”,
“Effect”: “Deny”,
“Resource”: “arn:aws:s3:::mybucket/*”,
“Principal”: {
“AWS”: [
“*”
]
}
}
]
}Choose the correct answer:
CorrectCorrect answer
It will deny all all access to the bucket mybucket
IncorrectCorrect answer
It will deny all all access to the bucket mybucket
- Question 76 of 105
76. Question
Which of the following would you be likely to schedule during a maintenance window (rather than during business hours) when working in a Multi-AZ RDS environment?
Choose the correct answer:
CorrectCorrect answer
All of these
Explanation
While patches and upgrades can be performed with minimal downtime in a Multi-AZ environment, any work that requires a failover of the database or functional changes to the database or underlying OS can still impact connectivity and should be performed during a maintenance window.
Further Reading
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html
IncorrectCorrect answer
All of these
Explanation
While patches and upgrades can be performed with minimal downtime in a Multi-AZ environment, any work that requires a failover of the database or functional changes to the database or underlying OS can still impact connectivity and should be performed during a maintenance window.
Further Reading
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html
- Question 77 of 105
77. Question
Assuming you have kept the default settings and have taken manual snapshots, which of the following manual snapshots will be retained?
Choose the 2 correct answers:
CorrectCorrect answer
A snapshot of an EBS root volume when the EC2 instance is terminated, A snapshot of an RDS database when the RDS instance is terminated
Explanation
Manual snapshots of RDS databases and EBS volumes persist after instance termination. You cannot snapshot an EC2 instance store volume.
IncorrectCorrect answer
A snapshot of an EBS root volume when the EC2 instance is terminated, A snapshot of an RDS database when the RDS instance is terminated
Explanation
Manual snapshots of RDS databases and EBS volumes persist after instance termination. You cannot snapshot an EC2 instance store volume.
- Question 78 of 105
78. Question
True or False: Multi-AZ RDS replications of data are asynchronous.
Choose the correct answer:
CorrectIncorrect - Question 79 of 105
79. Question
Which of the following will cause a noticeable performance impact on an RDS Multi-AZ deployment?
Choose the correct answer:
CorrectCorrect answer
None of these
IncorrectCorrect answer
None of these
- Question 80 of 105
80. Question
In your infrastructure, you are running a corporate application using a T2.Small instance. You are also using a NAT instance so that your private instances can reach out to the internet without being publicly available. What is one thing that we should do to speed up bandwidth and performance?
Choose the correct answer:
CorrectCorrect answer
Increase your T2.Small instance to a M3.Small or M3.Medium
Explanation
Instance size has a direct influence on the amount of data your instance can send and receive. If your AWS environment has many instances using NAT availability, a network bottleneck could occur. Increasing the instance size will increase the available network throughput.
IncorrectCorrect answer
Increase your T2.Small instance to a M3.Small or M3.Medium
Explanation
Instance size has a direct influence on the amount of data your instance can send and receive. If your AWS environment has many instances using NAT availability, a network bottleneck could occur. Increasing the instance size will increase the available network throughput.
- Question 81 of 105
81. Question
You support a website with a large user base concentrated on the east coast, but very few users outside of that region. Traffic load is much heavier on the site during business hours so you are planning to implement Auto Scaling to optimize the number of running EC2 instances to meet the traffic load throughout the day. You are also looking for a solution to distribute traffic evenly among those instances. Which of the following solutions will distribute traffic most evenly among the EC2 instances hosting this website in the US-East-1 region?
Choose the correct answer:
CorrectCorrect answer
Place the instances behind an Elastic Load Balancer with stickiness disabled.
Explanation
Elastic Load Balancers with sticky sessions configured may not distribute traffic equally between EC2 instances. Latency-based routing won’t evenly distribute the load among all instances, since the users are not evenly distributed and all the instances are in the same region.
IncorrectCorrect answer
Place the instances behind an Elastic Load Balancer with stickiness disabled.
Explanation
Elastic Load Balancers with sticky sessions configured may not distribute traffic equally between EC2 instances. Latency-based routing won’t evenly distribute the load among all instances, since the users are not evenly distributed and all the instances are in the same region.
- Question 82 of 105
82. Question
Which one of the below setups would need a custom CloudWatch metric in which to monitor?
Choose the correct answer:
CorrectCorrect answer
Disk full percentage of an Elastic Block Store volume
IncorrectCorrect answer
Disk full percentage of an Elastic Block Store volume
- Question 83 of 105
83. Question
What sort of host might you set up in your AWS environment that can be used as a way to “hop” into your environment to gain access to secure servers within a private subnet?
Choose the correct answer:
CorrectCorrect answer
Bastion
IncorrectCorrect answer
Bastion
- Question 84 of 105
84. Question
We are preparing for our regular scheduled security assessment. What two configuration management practices should our organization have implemented?
Choose the 2 correct answers:
CorrectCorrect answer
Determine our remote administrative access is performed securely, Make sure that S3 bucket policies and ACLs correctly implement our security policies
IncorrectCorrect answer
Determine our remote administrative access is performed securely, Make sure that S3 bucket policies and ACLs correctly implement our security policies
- Question 85 of 105
85. Question
A colleague noticed that CloudWatch was reporting that there had not been any connections to one of your MySQL databases for several months. You decided to terminate the database. Two months after the database was terminated, you get a phone call from a very upset user who needs information from that database to run end-of-year reports. You are hopeful that you can restore the database to full functionality from snapshot, but your database administrator is not quite as confident. Why?
Choose the correct answer:
CorrectCorrect answer
The MySQL database was not using a transactional database engine such as InnoDB and may not restore properly
IncorrectCorrect answer
The MySQL database was not using a transactional database engine such as InnoDB and may not restore properly
- Question 86 of 105
86. Question
Select all that apply: Per the AWS Acceptable Use Policy, penetration testing of EC2 instances:
Choose the correct answer:
CorrectCorrect answer
may be performed by the customer against their own instances with prior authorization from AWS
IncorrectCorrect answer
may be performed by the customer against their own instances with prior authorization from AWS
- Question 87 of 105
87. Question
Your company’s compliance department mandates that within your multi-national organization, all data for customers in the UK must never leave UK servers and networks. Similarly, US data must never leave US servers and networks without explicit authorization first. What do we have to do to comply with this requirement in our web-based applications running on AWS in EC2? The user has already set up a user profile that states their geographic location.
Choose the correct answer:
CorrectCorrect answer
We can run EC2 instances in multiple regions, and leverage a third-party data provider to determine whether a user should be redirected to the appropriate region based on that user’s profiles.
IncorrectCorrect answer
We can run EC2 instances in multiple regions, and leverage a third-party data provider to determine whether a user should be redirected to the appropriate region based on that user’s profiles.
- Question 88 of 105
88. Question
What would we need to attach to a Bastion host or NAT host to a primary host for high availability in the event that the primary host went down and that traffic coming in would establish to a backup Bastion host?
Choose the correct answer:
CorrectCorrect answer
Elastic IP Address
IncorrectCorrect answer
Elastic IP Address
- Question 89 of 105
89. Question
Which of the following services have automated backups?
Choose the 3 correct answers:
CorrectCorrect answer
RDS, Redshift, ElastiCache
IncorrectCorrect answer
RDS, Redshift, ElastiCache
- Question 90 of 105
90. Question
You have been tasked by your manager to build a tiered storage setup for database backups and their logs. These backups must be archived to a durable solution. After 10 days, the backups can then be archived to a lower priced storage tier. The data, however, must be retained for compliance policies. Which tiered storage solution would help you save cost, and still meet this compliance policy?
Choose the correct answer:
CorrectCorrect answer
Set up an independent EBS volume where we can store daily backups and then copy these files over to S3, where we configure a bucket that has a lifecycle policy to archive files older than 10 days to AWS Glacier
IncorrectCorrect answer
Set up an independent EBS volume where we can store daily backups and then copy these files over to S3, where we configure a bucket that has a lifecycle policy to archive files older than 10 days to AWS Glacier
- Question 91 of 105
91. Question
You want to run a web application in which application servers on an instance of EC2 are in an Auto Scaling group spread across two Availability Zones. Monitoring over the last six months, we notice that only one of our web servers is needed to handle our minimum load. During our core utilization hours (8-8 M-F), mostly five to six web servers are needed to handle the minimum load. Four to five days a year, the number of web servers required can go up to 18 servers.
What choice would mostly reduce our costs providing full availability?
Choose the correct answer:
CorrectCorrect answer
Five Reserved Instances (heavy utilization), the rest covered by on-demand instances
IncorrectCorrect answer
Five Reserved Instances (heavy utilization), the rest covered by on-demand instances
- Question 92 of 105
92. Question
You have an Amazon VPC that has a private subnet and a public subnet, in which you have a NAT instance server. You have created a group of EC2 instances that configure themselves at startup via downloading a bootstrapping script from S3 that deploys an application via GIT.
Which one of the following setups would give us the highest level of security?
Choose the correct answer:
CorrectCorrect answer
EC2 instances in our private subnet, no EIPs, route outgoing traffic via the NAT
IncorrectCorrect answer
EC2 instances in our private subnet, no EIPs, route outgoing traffic via the NAT
- Question 93 of 105
93. Question
You patch the operating system on an EC2 instance and issue a reboot command from inside the instance’s OS. After disconnecting from the instance and waiting several minutes, you notice that you still cannot successfully ping the instance’s public IP address. What is the most likely reason for this?
Choose the correct answer:
CorrectCorrect answer
Changes made during OS patching caused a problem with the instance’s NIC driver
IncorrectCorrect answer
Changes made during OS patching caused a problem with the instance’s NIC driver
- Question 94 of 105
94. Question
You are running an application on an EC2 instance that needs access to stored images on Amazon S3. What would be the best practice for allowing API access from the EC2 instance to Amazon S3?
Choose the correct answer:
CorrectCorrect answer
Launch the EC2 instances using AWS identity and IAM roles that restrict API access for the instance
Explanation
When available, it is best practice to use IAM roles for communicating with the AWS API. You should never store API credentials on an AMI. If roles are unavailable, your next best option would be to pass the API credentials to the instance at runtime.
IncorrectCorrect answer
Launch the EC2 instances using AWS identity and IAM roles that restrict API access for the instance
Explanation
When available, it is best practice to use IAM roles for communicating with the AWS API. You should never store API credentials on an AMI. If roles are unavailable, your next best option would be to pass the API credentials to the instance at runtime.
- Question 95 of 105
95. Question
Which of the following statements is true?
Choose the 2 correct answers:
CorrectCorrect answer
You can customize your AWS deployments using JSON templates in CloudFormation., You can customize your AWS deployments using JSON templates in OpsWorks.
IncorrectCorrect answer
You can customize your AWS deployments using JSON templates in CloudFormation., You can customize your AWS deployments using JSON templates in OpsWorks.
- Question 96 of 105
96. Question
Your company’s website is hosted on several EC2 instances behind an Elastic Load Balancer. Every time the development team deploys a new upgrade to the web application, the support desk begins receiving calls of customers being disconnected from their sessions. Customers’ session data is very important, as it contains their shopping cart information, and this information is lost when the customers’ sessions are disconnected. Which of the following steps can be taken to prevent customers’ shopping cart data from being lost without affecting website availability? (Choose Two)
Choose the 2 correct answers:
CorrectCorrect answer
Use ElastiCache to store session state., Enable connection draining and remove instances from the Elastic Load Balancer prior to upgrading the application on those instances.
Explanation
Storing session state in ElastiCache will allow an instance to become unavailable without losing session data. Removing instances from the Elastic Load Balancer prior to upgrading them will prevent users from establishing new sessions on instances that are about to receive the application upgrade.
IncorrectCorrect answer
Use ElastiCache to store session state., Enable connection draining and remove instances from the Elastic Load Balancer prior to upgrading the application on those instances.
Explanation
Storing session state in ElastiCache will allow an instance to become unavailable without losing session data. Removing instances from the Elastic Load Balancer prior to upgrading them will prevent users from establishing new sessions on instances that are about to receive the application upgrade.
- Question 97 of 105
97. Question
You manage a popular blog website on EC2 instances in an Auto Scaling group. You notice that between 8:00 am and 8:00 pm, you see a 50% increase in traffic to your website. In addition, there are occasional random 1- to 2-hour spikes in traffic and some users are seeing timeouts when trying to load the index page during those spikes. What is the least cost-effective way to manage this Auto Scaling group?
Choose the correct answer:
CorrectCorrect answer
Use reserved instances for the instances needed to handle the load during traffic spikes
Explanation
Reserved instances become cost-effective when they are in use for greater than 30% of the time. Using reserved instances to handle the brief spikes in traffic would not be cost effective.
IncorrectCorrect answer
Use reserved instances for the instances needed to handle the load during traffic spikes
Explanation
Reserved instances become cost-effective when they are in use for greater than 30% of the time. Using reserved instances to handle the brief spikes in traffic would not be cost effective.
- Question 98 of 105
98. Question
You have an Elastic Load Balancer with an Auto Scaling group for your application. You also have 4 running instances with Auto Scaling. All of these instances are running in the same Availability Zone. Some instances within the zone are not highly available. What could be the cause? (Choose Two)
Choose the 2 correct answers:
CorrectCorrect answer
The ELB isn’t configured for that Availability Zone, The auto scaling group is not configured for more that one Availability Zone
IncorrectCorrect answer
The ELB isn’t configured for that Availability Zone, The auto scaling group is not configured for more that one Availability Zone
- Question 99 of 105
99. Question
Your RDS instance is consistently maxed out on its resource utilization. What are multiple ways to solve this issue?
Choose the 3 correct answers:
CorrectCorrect answer
Fire up an ElastiCache cluster in front of your RDS instance., Increase RDS instance size., Offload read-only activity if it exist in your environment to a read replica.
IncorrectCorrect answer
Fire up an ElastiCache cluster in front of your RDS instance., Increase RDS instance size., Offload read-only activity if it exist in your environment to a read replica.
- Question 100 of 105
100. Question
Instance A and instance B are running in two different subnets, A and B, of a VPC. Instance A is not able to ping instance B. What are two possible reasons for this?
Choose the 2 correct answers:
CorrectCorrect answer
The security group attached to instance B does not allow inbound ICMP traffic, The NACL on subnet B does not allow outbound ICMP traffic
IncorrectCorrect answer
The security group attached to instance B does not allow inbound ICMP traffic, The NACL on subnet B does not allow outbound ICMP traffic
- Question 101 of 105
101. Question
You have created an application that utilizes Auto Scaling behind an Elastic Load Balancer. You notice that users are not evenly distributing sessions on the newly spun up instances. What could be a reason that your users’ web sessions are stuck on one instance and not using others?
Choose the correct answer:
CorrectCorrect answer
Your ELB is sending all the sessions to the old instance and not evenly sending sessions to all new instances that are spun up during Auto Scaling
Explanation
If stuck sessions are enabled on the Elastic Load Balancer then the load balancer will “remember” what instance that request was sent to and will continue to send that request to the same instance.
IncorrectCorrect answer
Your ELB is sending all the sessions to the old instance and not evenly sending sessions to all new instances that are spun up during Auto Scaling
Explanation
If stuck sessions are enabled on the Elastic Load Balancer then the load balancer will “remember” what instance that request was sent to and will continue to send that request to the same instance.
- Question 102 of 105
102. Question
You notice that several of your AWS environment’s CloudWatch metrics consistently have a value of zero. Which of these are you most likely to be concerned about and take action on?
Choose the correct answer:
CorrectCorrect answer
RDS DatabaseConnections
Explanation
Zero connections to a database for a long period of time may mean you are paying for database is not in use. If you cannot find anyone with a legitimate use case for the database, you may want to consider taking a snapshot of it and terminating it. Zero is an ideal value for the other metrics listed.
IncorrectCorrect answer
RDS DatabaseConnections
Explanation
Zero connections to a database for a long period of time may mean you are paying for database is not in use. If you cannot find anyone with a legitimate use case for the database, you may want to consider taking a snapshot of it and terminating it. Zero is an ideal value for the other metrics listed.
- Question 103 of 105
103. Question
Which of the following can be overridden at the EC2 instance level?
Choose the 2 correct answers:
CorrectCorrect answer
The choice to not use dedicated tenancy at the VPC level., An IAM policy explicitly allowing a user the right to terminate all EC2 instances.
Explanation
The default option for a VPC is to not use dedicated tenancy, but that can be overridden at the instance level. If the option to use dedicated tenancy is explicitly set at the VPC level, however, it cannot be overridden at the instance level. Explicit denies in IAM policies always trump explicit allows, so a user who is allowed to terminate all EC2 instances in an account can be denied the permission to terminate a particular instance.
IncorrectCorrect answer
The choice to not use dedicated tenancy at the VPC level., An IAM policy explicitly allowing a user the right to terminate all EC2 instances.
Explanation
The default option for a VPC is to not use dedicated tenancy, but that can be overridden at the instance level. If the option to use dedicated tenancy is explicitly set at the VPC level, however, it cannot be overridden at the instance level. Explicit denies in IAM policies always trump explicit allows, so a user who is allowed to terminate all EC2 instances in an account can be denied the permission to terminate a particular instance.
- Question 104 of 105
104. Question
For which of the following reasons would you not contact AWS?
Choose the correct answer:
CorrectCorrect answer
Request consolidated billing for multiple AWS accounts owned by your company
IncorrectCorrect answer
Request consolidated billing for multiple AWS accounts owned by your company
- Question 105 of 105
105. Question
We have a customer that has a web application that uses cookie-based sessions to see if users are logged in. This uses AWS Elastic Load Balancing and Auto Scaling. When our load on the application increases, then Auto Scaling launches new instances for us, so load on the other instances does not decrease; therefore, all our existing users still experience slow response time.
What could be the cause of this?
Choose the correct answer:
CorrectCorrect answer
Our ELB is continuing to send the request to the web app with the previously established connections in the same backend instances rather than spreading them to the new auto scaled instances.
IncorrectCorrect answer
Our ELB is continuing to send the request to the web app with the previously established connections in the same backend instances rather than spreading them to the new auto scaled instances.
Comments (16)
Answer in question 78 is incorrect. Should be asynced.
Rds read replicas are a sync
Rds multi AZ deps are sync
Having failed a few, before coming across awslagi, this quiz closest to real exam questions.
Not as hard as the previous, which was really testing deep knowledge.
answer to Q68 is not C, but Should be B.
Please check question 103, no 1 is flagged as incorrect
the correct answer as you specified in the explanation, no 1 i the correct answer, not no 3
shouldn’t question #25 be answers #2 AND #3 ?
Versioning has to be enabled for MFA-delete to work, right?
Question 9: looks like some instance types can go up to 32k and 65k IOPS with EBS optimization. Wow! http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html
Wrong answer for Question # 25 on Sysops Questions Part 4
Correction answer should be “Enable versioning”
not “MFA for verification” .
Please fix it.
Given Answer is Correct. Enable MFA for Accidental Deletion.
Actually, “MFA for verification” is the correct answer
https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html
Questions 74 and 75 are identical.
Question 50 gives you an incorrect answer even if you answer correctly. The description text however says that you are correct but the answer turns red.
Correct answer is: “Use reserved EC2 instances rather than on-demand instances.”
Thanks Tom , Srr for my mistake , i just fixed this .
Question 13 asks for 2 answers but you can only choose 1.
Thanks for your suggestion ! i will fix this .
One answer seems to be wrong, Cross region VPC peering is possible according to AWS documentation.
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html
“You can create a VPC peering connection between your own VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region.”