AWS Certified SysOps Administrator – Associate Q & A

1)Which service allows you to manage multiple AWS accounts at once, automate account creation, control access to AWS services and consolidate billing across multiple accounts?
IAM
AWS Billing Dashboard
AWS Organizations

Correct Answer: AWS Organizations

2) For which of the following would you need to use a custom metric in order to monitor it in CloudWatch?
Disk
Memory
CPU

Correct Answer: Memory

3) A custom CloudWatch metric is required to monitor which of the following?
CPU Utilization of an Amazon EC2 instance
Disk usage activity of an EBS volume attached to an Amazon EC2 instance
Disk full percentage of an Elastic Block Store Volume

Correct Answer: Disk full percentage of an Elastic Block Store Volume

4) You are running your mission-critical application on a large number of On-Demand EC2 instances and your monthly bill is steadily growing each month. Your Head of Finance challenges the project to reduce infrastructure costs by 50% over the next 3 months. What can you suggest to optimize your AWS infrastructure costs?
Consolidate your applications to fewer larger instances and terminate some of your instances
Use Reserved Instances
Use Dedicated Hosts

Correct Answer: Use Reserved Instances

5) Which feature allows you to organize your AWS resources according to user-defined tags?
IAM Groups
Resource Groups
AWS Organizations

Correct Answer: Resource Groups

6) Your application is using Elasticache to handle session state and cache frequently accessed data, however during peak times users are complaining that your website is running very slowly. You check the CloudWatch metrics for your application servers and database and cannot see any evidence of an issue, however you notice that your Memcached cluster is showing 98% CPU utilization. What can you do to improve performance?
Scale your cluster by adding read replicas
Scale your application server by adding more EC2 instances
Scale your cluster by adding more nodes

Correct Answer: Scale your cluster by adding more nodes

7) Which of the following CloudWatch metrics can you use to determine the percentage of I/O operations delivered of the total IOPS provisioned for an EBS volume?
VolumeThroughputPercentage
VolumeConsumedReadWriteOps
ThroughputConsumedPercentage

Correct Answer: VolumeThroughputPercentage

8) By default, EC2 monitoring carried out by CloudWatch monitors which metrics? (Choose 3)
Memory
Disk
CPU
Status

Correct Answer: Disk

.CPU.

Status.

9) Your data analytics team wants to run a number of data processing jobs in parallel. All processed data will be written to an RDS database and the developers have indicated that it doesn’t matter if the jobs stop and restart. You have a number of days to produce the data. Which is the most cost-effective way to purchase compute instances to run these jobs?
Use On-Demand Instances
Use Spot Instances
Use Dedicated Hosts

Correct Answer: Use Spot Instances

10) You work for an online clothing retailer supporting a website running on EC2, storing product data in Aurora and product images and videos in S3. Your Marketing department announces a Black Friday sale discounting every product on the website. This drives a huge amount traffic to your website and millions of additional requests per second to your database. The CEO is concerned that performance of the website is suffering and after studying the CloudWatch data you realize that Aurora CPU utilization has hit 100%. What can you do to improve the performance of your application?
Add a read replica
Configure Aurora as multi-AZ
increase the size of your application server instances

Correct Answer: Add a read replica

11) Which of the following is not a use case for read replicas?
Serving read traffic while the source DB instance is unavailable. If your source DB Instance cannot take I/O requests (e.g., due to I/O suspension for backups or scheduled maintenance), you can direct read traffic to your read replicas.
Providing greater redundancy via automatic failovers.
Business reporting or data warehousing scenarios; you may want business reporting queries to run against a read replica, rather than your primary DB Instance.

Correct Answer: Providing greater redundancy via automatic failovers.

12) You have been hired by a large online store to help optimize their web application. There are 3 webservers behind an elastic load balancer and each connects to the same RDS instance. This RDS instance started out as a small memory optimized instance. However, as the traffic increased, the company has moved to a larger instance type. The current instance is the largest RDS instance currently available and it is beginning to run out of memory. You need to find a way to further scale the web application. What should you do?
Advise your customer that their application has grown beyond the capabilities of AWS and should be migrated back to an on-premise solution.
Advise the company to hold a sale, and then contact Amazon to pre-warm the elastic load balancer.
Add a couple of read replicas and adjust the application so that read-only traffic is diverted to these instances. Write traffic will remain with the main DB server.

Correct Answer: Add a couple of read replicas and adjust the application so that read-only traffic is diverted to these instances. Write traffic will remain with the main DB server.

13) You are using ElastiCache to cache your web application. The caching seems to be running more and more slowly, and you want to diagnose the cause of this issue. If you are using Memcached as your caching engine, what parameter should be adjusted if you find that the overhead pool is less than 50MB?
Redis_Connections_Overhead
Memcached_Connections_Overhead
Memcached-Memory-Overhead

Correct Answer: Memcached_Connections_Overhead

14) Which of the following is part of the failover process for a Multi-Availability Zone RDS instance?
A new DB instance is created in the standby availability zone.
The IP of the primary DB instance is switched to the standby DB instance.
The DNS record for the RDS endpoint is changed from primary to standby.

Correct Answer: The DNS record for the RDS endpoint is changed from primary to standby.

15) You are attempting to launch EC2 instances in an auto-scaling group, however every time you try, the launch operation fails. Which of the following could be a reason for the failure? (Choose 3)
The Key Pair you have specified doesn’t exist
The requested instance type is not supported in your Availability Zone
You have hit the default limit for the number of times you can use the Key Pair

Correct Answer: The Key Pair you have specified doesn’t exist.The requested instance type is not supported in your Availability Zone..

16) You have a web application with the front end hosted on EC2 and the database hosted on RDS in a single Availability Zone. You notice that when backups are taken from your RDS instance, your applications performance is severely degraded. Your boss asks you to fix the issue. What should you do?
Move your RDS instance to an in-house SQL server that has Netbackup installed.
Upgrade your RDS instance to an instance that has better disk IO. This way, the IO suspension from the back up will be “equaled out” by the increase in the new IO from the upgraded instance.
Create a multi-AZ RDS instance and migrate your DB to it. This way, when the backups are taken, they will be taken from the secondary — not the primary.

Correct Answer: Create a multi-AZ RDS instance and migrate your DB to it. This way, when the backups are taken, they will be taken from the secondary — not the primary.

17) Amazon ElastiCache can fulfill a number of roles. Choose the operations from the following list which can be implemented using Elasticache for Redis. (Choose 3)
Sorted Sets
In-Memory Data Store
Pub/Sub
Relational Data Store

Correct Answer: Sorted Sets.

In-Memory Data Store.

Pub/Sub.

18) You work for a large telecommunications company, supporting their main customer billing application which runs on a number of load balanced EC2 instances and writes millions of records per second to an Aurora database. Last month you on-boarded a large new customer and the Billing department are now complaining about poor performance of the platform when generating customer bills which is a write-heavy operation, making multiple additional updates to the database. CloudWatch is reporting 100% CPU utilization for Aurora. What can you do to improve performance of your application?
Increase the size of your Aurora instances
Add a read replica
Configure Aurora as multi-AZ

Correct Answer: Increase the size of your Aurora instances

19) Which CLI command can you use to determine which version of RDS you are using?
describe-instances –db-version
describe-instances –rds-version
describe-db-instances

Correct Answer: describe-db-instances

20) Which of the following features only relate to Spread Placement Groups?
The placement group can only have 7 running instances per Availability Zone
The name of your placement group must be unique within your AWS Account
Instances must be deployed in a single Availability Zone

Correct Answer: The placement group can only have 7 running instances per Availability Zone

21) What happens when RDS fails-over from one availability zone to another?
You need to update the connection string in your application to point to the new RDS IP address.
Failover is handled by AWS, and the failover mechanism automatically changes the DNS record of the DB instance to point to the standby DB instance.
You need to update the connection string in your application to point to the new RDS IP address.

Correct Answer: Failover is handled by AWS, and the failover mechanism automatically changes the DNS record of the DB instance to point to the standby DB instance.

22) You are supporting a large application which runs on 200 EC2 instances located in us-east-1. You would like to share a number of files between the application servers. Which of the following is the best approach for storing these files so that all the servers can access them?
Glacier
EFS
S3

Correct Answer: EFS

23) You are migrating 500TB of image data into S3 and you estimate that it is going to take over a week for the transfer if you use the spare capacity on your internet link. What should you do?
Upgrade your network to enable faster upload speeds
Use Snowball to transport the data
Use CloudFront to transfer the data

Correct Answer: Use Snowball to transport the data

Use CloudFront to transfer the data

24) Which AWS feature allows you to manage your objects to ensure that they are stored using the most cost-effective category of storage?
S3 Lifecycle Rules
Systems Manager
Trusted Advisor

Correct Answer: S3 Lifecycle Rules

25) Your application has a requirement for dedicated hardware to manage cryptographic keys, which service should you choose to generate, store and manage your keys?
CloudHSM
SSE-C
MFA

Correct Answer: CloudHSM

26) You are migrating 500TB of scientific data into S3. The data also needs to be converted from EBCDIC to a stream compressed ASCII format (protobuf) format. You estimate that it is going to take over a week for the transfer if you use the spare capacity on your internet link. What should you do?
Transform the data in-house and use CloudFront to transfer the data
Use Snowball Edge to transform and transport the data
Transform the data in-house and use Snowball to transport the data

Correct Answer: Use Snowball Edge to transform and transport the data

27) Instance Store storage is __.
Temporary/Non Persistent
Permanent
Persistent

Correct Answer: Temporary/Non Persistent

28) What is Athena?
A query service which allows you to run Map Reduce queries on data stored in S3
A query service which allows you to run SQL queries on data stored in S3
A SQL database backed by S3

Correct Answer: A query service which allows you to run SQL queries on data stored in S3

29) You have an EC2 instance which is backed by an Instance Store volume. Which of the following statements is true? (Choose 3)
If you shut down the OS in the instance you will lose your data
If you terminate the instance you will lose your data
If the underlying physical disk drive fails you will lose your data
If you reboot the instance you will lose your data

Correct Answer: If you shut down the OS in the instance you will lose your data.

If you terminate the instance you will lose your data.

If the underlying physical disk drive fails you will lose your data.

30) In addition to choosing the correct EBS volume type for your specific task, what else can be done to increase the performance of your volume? (Choose 3)
Schedule snapshots of HDD based volumes for periods of low use
Never use HDD volumes, always ensure that SSDs are used
Ensure that your EC2 instances are types that can be optimized for use with EBS
Stripe volumes together in a RAID 0 configuration.

Correct Answer: Schedule snapshots of HDD based volumes for periods of low use.

Ensure that your EC2 instances are types that can be optimized for use with EBS.

Stripe volumes together in a RAID 0 configuration..

31) Which of the following statements is incorrect?
Athena is a SQL database

Correct Answer: Athena is a SQL database

32) What is the difference between KMS and CloudHSM? (Choose 2)
CloudHSM is multi-tenancy
KMS is multi-tenancy
CloudHSM allows you to have dedicated hardware
KMS allows you to have dedicated hardware

Correct Answer: CloudHSM allows you to have dedicated hardware.KMS is multi-tenancy.

33) You are about to launch a new EC2 instance with an EBS root device volume. Which of the following statements is true? (Choose 2)
By default, if you terminate the instance, the root device will also be terminated
By default, additional EBS volumes attached to the instance will be deleted when the instance is terminated
You can disable delete-on-termination for the EBS volume when you launch the instance
If you stop the instance you will lose your data

Correct Answer: By default, if you terminate the instance, the root device will also be terminated.

You can disable delete-on-termination for the EBS volume when you launch the instance.

34) Use CloudFront to transfer the data
Standard, Standard-Infrequent Access, One Zone-Infrequent Access
Reduced Redundancy Storage, Standard, One Zone-Infrequent Access
Standard-Infrequent Access, One Zone-Infrequent Access, Reduced Redundancy Storage

Correct Answer: Standard, Standard-Infrequent Access, One Zone-Infrequent Access

35) What is the difference between KMS and CloudHSM? (Choose 2)
KMS allows you to have dedicated hardware
CloudHSM allows you to have dedicated hardware
CloudHSM is multi-tenancy
KMS is multi-tenancy

Correct Answer: KMS is multi-tenancy.CloudHSM allows you to have dedicated hardware.

36) Which AWS service allows you to use S3 as your primary storage and store a copy of only the most frequently accessed files locally in your own data center?
Cache Gateway
Volume Gateway – Gateway Cached
Volume Gateway – Gateway Stored

Correct Answer: Volume Gateway – Gateway Cached

37) You are planning to upload a set of objects to S3, which parameter can you add to the PUT request header to ensure that encryption using AWS KMS is used to encrypt your files?
x-kms-server-side-encryption: AES256
amz-x-server-side-encryption: aws:kms
x-amz-server-side-encryption: aws:kms

Correct Answer: x-amz-server-side-encryption: aws:kms

38) Which class of storage is most appropriate to use for storing mission critical production data?
Reduce Redundancy Storage
Standard S3
One Zone IA

Correct Answer: Standard S3

39) Which of the following services allow you to enable encryption after creation?
S3 object or bucket
RDS database
Elastic File System

Correct Answer: S3 object or bucket

40) Which class of storage is most appropriate to use for storing mission critical production data?
One Zone IA
Standard S3
Glacier

Correct Answer: Standard S3

41) You have an EC2 instance which is backed by an Instance Store volume. Which of the following statements is true? (Choose 3)
If the underlying physical disk drive fails you will lose your data
If you reboot the instance you will lose your data
If you terminate the instance you will lose your data
If you shut down the OS in the instance you will lose your data

Correct Answer: If you shut down the OS in the instance you will lose your data.If you terminate the instance you will lose your data.If the underlying physical disk drive fails you will lose your data.

42) You are migrating 40TB of data into S3, but you also need to process the data before transferring it to S3. Which service should you use?
Use Snowball Edge to process and transport the data
Process the data locally and use Snowball to transport the data
Process the data locally and use Snowball Edge to transport the data

Correct Answer: Use Snowball Edge to process and transport the data

43) You need to run a SQL query on your CloudTrail logs stored in S3, which service can you use to do this?
RDS
Athena
DynamoDB

Correct Answer: Athena

44) Which of the following can you achieve using S3 Lifecycle policies? (Choose 2)
Delete files if they haven’t been accessed in the past year
Delete files 5 years after creating them
Transition files to Infrequently Accessed storage if they haven’t been accessed in the past 90 days
Transition objects to Infrequently Accessed storage 90 days after you created them

Correct Answer: Transition objects to Infrequently Accessed storage 90 days after you created them.Delete files 5 years after creating them.

45) Which of the following is true in relation to a custom AMI? (Choose 3)
You can share a custom AMI with specific AWS accounts
You cannot share an AMI with any other AWS accounts
You can make a custom AMI public so that any other AWS account can use it
By default a custom AMI is private and only your own AWS account can use it


Correct Answer: You can share a custom AMI with specific AWS accounts.

You can make a custom AMI public so that any other AWS account can use it.

By default a custom AMI is private and only your own AWS account can use it.

46) You have been asked to enable encryption at rest on your EFS file system. What should you do?
Explain that it is not possible to encrypt an existing EFS file system.
Select KMS default encryption in the configuration settings of the file system.
Enable encryption in transit for all systems connecting to the file system.

Correct Answer: Explain that it is not possible to encrypt an existing EFS file system.

47) You have enabled MFA Delete on your S3 bucket, which of the following actions will require a valid code from your registered MFA device? (Choose 2)
Permanently deleting an object version
Modifying S3 Lifecycle policies
Enabling or disabling S3 versioning
Deleting Bucket Policies

Correct Answer: Permanently deleting an object version.

Enabling or disabling S3 versioning.

48) You are planning to upload a set of objects to S3, which parameter can you add to the PUT request header to ensure that encryption using AWS KMS is used to encrypt your files?
x-ams-server-side-encryption: AES256
x-amz-server-side-encryption: aws:kms
amz-x-server-side-encryption: aws:kms

Correct Answer: x-amz-server-side-encryption: aws:kms

49) You are supporting a large application which runs on 200 EC2 instances located in us-east-1. You would like to share a number of files between the application servers. Which of the following is the best approach for storing these files so that all the servers can access them?
DynamoDB
Glacier
EFS

Correct Answer: EFS

50) Which of the following is true in relation to Instance Store volumes?
The data will still be there after the instance is deleted
By default it is ephemeral storage but you can configure it to be persistent at any time
The data will always be deleted when the instance is deleted

Correct Answer: The data will always be deleted when the instance is deleted

51) Which of the following strategies can be used to restrict access to data in S3?
Enable IAM Identity Federation
Set an S3 bucket policy
Configure MFA delete

Correct Answer: Set an S3 bucket policy

52) Which AWS feature allows you to manage your objects to ensure that they are stored using the most cost-effective category of storage?
Glacier
S3 Lifecycle Rules
Systems Manager

Correct Answer: S3 Lifecycle Rules

53) Which of the following can you achieve using S3 Lifecycle policies? (Choose 2)
Transition files to Infrequently Accessed storage if they haven’t been accessed in the past 90 days
Transition objects to Infrequently Accessed storage 90 days after you created them
Delete files 5 years after creating them
Delete files if they haven’t been accessed in the past year

Correct Answer: Transition objects to Infrequently Accessed storage 90 days after you created them.Delete files 5 years after creating them.

54) Which of the following features does S3 versioning provide? (Choose 2)
The ability to revert back to previous versions of your objects
It appends your object name with a numerical version number
It allows you to store multiple versions of an object in the same bucket
It allows you to back up your important objects

Correct Answer: The ability to revert back to previous versions of your objects.

It allows you to store multiple versions of an object in the same bucket.

55) Which class of storage is most appropriate for archiving data that you need to keep but rarely need to access?
Glacier
IA
One Zone IA

Correct Answer: Glacier

56) Which of the following pairs of actions can best be used to restrict access to data in S3?
Using S3 Virtual Hosting; setting an S3 ACL on the bucket or the object.
Creating a CloudFront distribution for the bucket; setting an S3 bucket policy.
Setting an S3 bucket policy; setting an S3 ACL on the bucket or the object.

Correct Answer: Permanently deleting an object version.Enabling or disabling S3 versioning.

57) You are planning to deploy a production database to EC2 and need to choose the best storage type. You anticipate that at your busiest times, you will need a maximum of 20,000 IOPS, and an average of 8,000 – 10,000 IOPS. What storage medium should you choose?
Provisioned IOPS
Magnetic Storage
General Purpose SSD

Correct Answer: Provisioned IOPS

58) What is the maximum size for a file stored in S3?
5GB
500GB
5TB

Correct Answer: 5TB

59) You are about to launch a new EC2 instance with an EBS root device volume. Which of the following statements is true? (Choose 2)
If you stop the instance you will lose your data
By default, additional EBS volumes attached to the instance will be deleted when the instance is terminated
By default, if you terminate the instance, the root device will also be terminated
You can disable delete-on-termination for the EBS volume when you launch the instance

Correct Answer: By default, if you terminate the instance, the root device will also be terminated.

You can disable delete-on-termination for the EBS volume when you launch the instance.

60) Which of the following is true in relation to Instance Store volumes?
By default it is ephemeral storage but you can configure it to be persistent at volume creation time only
The data will still be there after the instance is deleted
The data will always be deleted when the instance is deleted

Correct Answer: The data will always be deleted when the instance is deleted

61) You are running your production database in MySQL on an independent EBS volume and you are fast approaching an average IOPS of 9,000. You have decided to migrate your database to an EBS volume with provisioned IOPS. Your key users only use the database between 9 am – 6 pm, so you can afford to have some down time out of hours, but not during the working day. Which is the best option below to achieve this migration.
Choose a suitable time window for your downtime. Stop the MySQL service. Move the database to S3. Restart the MySQL service, but set the configuration so that it addresses your new bucket S3://mydatabasebucket.
Update the EBS volume where the MySQL database is running to change it’s volume type from gp2 to io1. The changes will take place behind the scenes, and requires no further intervention from an administrator
Choose a suitable time window for your downtime. Stop the MySQL service. Take a snapshot of the EBS volume where the MySQL database is running. Detach and then delete the old database volume. Restore the snapshot to a new volume running on provisioned IOPS.

Correct Answer: Update the EBS volume where the MySQL database is running to change it’s volume type from gp2 to io1. The changes will take place behind the scenes, and requires no further intervention from an administrator

62) You are deploying a latency sensitive application using EC2 instances. You would like to ensure that all instances are placed in the same AZ for maximum throughput between the components of your application. Which of the following approaches do you recommend?
Use a cluster placement group to place all instances in the same AZ.
Launch all the instances at the same time and place each one in the same AZ.
Launch each instance separately and place each one in the same AZ.

Correct Answer: Use a cluster placement group to place all instances in the same AZ.

63) Which of the following ELB error codes indicates a successful request?
500
300
200

Correct Answer: 200

64) You are a SysOps engineer at a startup that is growing quite quickly. The startup has a fleet of EC2 instances inside an autoscaling group that scales based on CPU Utilization. You notice that CPU Utilization is not a good metric, and that the main bottleneck is the maxed-out number of connections between the ELB and an EC2 instance. You want to adjust your Autoscaling configuration to address this bottleneck. Which two of the following ELB metrics should you consider?
SurgeQueueLength & SpilloverCount
Latency & RequestCount
RequestCount & SpilloverCount

Correct Answer: SurgeQueueLength & SpilloverCount

65) Which of the following statements does NOT describe a Bastion host?
It allows you to safely administer EC2 instances without exposing them to the internet
It allows EC2 instances to download security patches from whitelisted endpoints
It is used for incoming SSH and RDP only

Correct Answer: It allows EC2 instances to download security patches from whitelisted endpoints

66) You are attempting to launch a number of on-demand EC2 instances, but the launch operation fails with the InstanceLimitExceeded error. What does this error mean?
You have selected an instance type which does not have sufficient capacity to run the operating system
You have exceeded the default limit for the number of instances you are allowed to launch in a single region. Contact AWS support to have your limit increased.
There is a region-wide problem with EC2. Check the Personal Health Dashboard to see the status of the issue.

Correct Answer: You have exceeded the default limit for the number of instances you are allowed to launch in a single region. Contact AWS support to have your limit increased.

67) Your web application runs on a group EC2 instances behind a Classic Load Balancer. This morning, users are complaining that the application is running very slowly. You suspect this is due to a significant increase in traffic to your application. Which CloudWatch metrics could you use, to determine if you are correct? (Choose 2)
SurgeQueueLength
SpilloverCount
SurgeQueueCount
RequestCount

Correct Answer: SurgeQueueLength.

SpilloverCount.

68) By default, how frequently are ELB metrics published to CloudWatch?
Every 3 minutes
Every 5 minutes
Every 60 seconds

Correct Answer: Every 60 seconds

69) You are planning to deploy a production database to EC2 and need to choose the best storage type. You anticipate that you will need a maximum of 20,000 IOPS during peak times, but an average of 8,000 – 10,000 IOPS. What storage medium should you choose?
Magnetic Storage
S3
Provisioned IOPS

Correct Answer: Provisioned IOPS

70) Which of the following is most suitable for load balancing based on the content of HTTP / HTTPS request headers?
EC2 Load Balancer
Application Load Balancer
Classic Load Balancer

Correct Answer: Application Load Balancer

71) Which of the following is most suitable for load balancing requests to latency sensitive production applications?
Classic Load Balancer
Network Load Balancer
EC2 Load Balancer

Correct Answer: Network Load Balancer

72) You have a fleet of EC2 instances in a private subnet and you need to securely access these via SSH. What should you implement?
A new route to your private subnet to make the subnet public
A Bastion Host/Jump Box
An internet gateway

Correct Answer: A Bastion Host/Jump Box

73) What is the maximum IOPS capability of a gp2 volume?
32,000
16,000
10,000

Correct Answer: 16,000

74) You are running an application on a load-balanced group of 10 EC2 instances. Which of the following metrics would use to check how many of your application servers are available?
RegisteredHosts
HealthyInstanceCount
HealthyHostCount

Correct Answer: HealthyHostCount

75) Which feature of Systems Manager can you use to run a script on multiple EC2 instances simultaneously and without logging in to each one?
Parameter Store
Run Command
Config

Correct Answer: Run Command

76) Which service does Systems Manager integrate with to give you visibility of the overall health of your AWS infrastructure?
CloudWatch
Trusted Advisor
CloudTrail

Correct Answer: CloudWatch

77) You need to configure a load balancer with a static IP address, which of the following would you recommend?
Application Load Balancer
Classic Load Balancer
Network Load Balancer

Correct Answer: Network Load Balancer

78) You are a SysOps Administrator for an events company that is launching a new TV show tomorrow. You are expecting that traffic to your website tomorrow will be huge. You have created an autoscaling group and have a combination of Reserved and On-demand instances ready. You are about to contact AWS support to ask them to prewarm your ELB in order to meet this demand. Typically, AWS requires 3 pieces of information. Which of the following is NOT information that AWS requires?
The start and end dates of your expected surge in traffic.
The traffic type (HTTP or HTTPS).
The expected request rate per second.

Correct Answer: The traffic type (HTTP or HTTPS).

79) You have a web application that uses AutoScaling and Elastic Load Balancing. You want to monitor the application to make sure that it maintains a “good” customer experience, defined in terms of the amount of time it takes to load the application for the end-user in their browser. Which AWS CloudWatch metric can best be used for this?
Latency reported by the elastic load balancer (ELB).
Aggregate CPUUtilization for the web tier.
Aggregate NetworkIn for the web tier.

Correct Answer: Latency reported by the elastic load balancer (ELB).

80) What is the maximum IOPS capability of an io1 volume?
32,000
64,000
10,000

Correct Answer: 64,000

81) You are supporting a data processing application which runs on an EC2 instance, using gp2 storage and currently performs around 10,000 reads / writes per second. Your Sales and Marketing Teams are planning to introduce a number of additional reports which are expected to at least double the current workload for your application. How can you ensure that the performance of your application does not suffer when the new reports are introduced?
Increase the storage capacity of your gp2 volume
Change the storage class to Provisioned IOPS
Migrate all your data to DynamoDB

Correct Answer: Change the storage class to Provisioned IOPS

82) You are about to initiate a load test on your website to ensure it can keep up with seasonal demands. Your website is behind an elastic load balancer and will receive a burst of traffic totalling of millions of requests. What should you do to prepare for this?
Contact Amazon and warn them of the test. Ask them to pre-warm the elastic load balancer.
Use CloudFront and ElastiCache to help reduce the load.
Contact Amazon and ask them to build an additional data center.

Correct Answer: Contact Amazon and warn them of the test. Ask them to pre-warm the elastic load balancer.

83) Which of the following ELB error codes indicates a server-side issue?
300
500
400

Correct Answer: 500

84) Which of the following ELB error codes indicates a client-side issue?
200
400
500

Correct Answer: 400

85) You are attempting to launch a number of on-demand EC2 instances, but the launch operation fails with an InsufficientInstanceCapacity error. What does this error mean?
AWS does not currently have enough on-demand capacity available to complete your request
You have exceeded the default limit for the number of instances you are allowed to launch in a single region
You have selected an instance type which does not have sufficient capacity to run the operating system

Correct Answer: AWS does not currently have enough on-demand capacity available to complete your request

86) You would like to receive an alert if more than 3 of your application servers fail to respond to a basic health check by the Elastic Load Balancer. Which metric could you use to configure this?
UnHealthyInstanceCount
UnHealthyHostCount
FailedHostCount

Correct Answer: UnHealthyHostCount

87) You are a SysOps Administrator at a fast-growing startup that has scripted most of their infrastructure. You have a fleet of EC2 instances behind an elastic load balancer. When a new instance is launched, it performs a number of system updates before automatically copying the website’s code from an S3 bucket. Due to the number of steps taken when launching a new instance, it can sometimes take up to 5 minutes for the new instance to be a fully functioning web server. This length of time is now causing a problem, as the Elastic Load Balancer reports the new instance to be unhealthy, and your autoscaling group then deletes it before it can become live. What should you do to prevent this from happening again?
Reduce the number of automated steps so that the instance provisions faster and becomes healthy faster.
Adjust the health check on your elastic load balancer so that an instance is considered healthy within 10 seconds of it serving HTTP traffic.
Get rid of autoscaling and simply add new instances manually when you need them.

Correct Answer: Adjust the health check on your elastic load balancer so that an instance is considered healthy within 10 seconds of it serving HTTP traffic.

88) Which of the following management tools gives you visibility and operational control over your AWS infrastructure?
Systems Manager
AWS Config
CloudFormation

Correct Answer: Systems Manager

89) Per the AWS Acceptable Use Policy, penetration testing of EC2 instances __.
May be performed by the customer against their own instances without prior authorization from AWS.
May be performed by AWS, and is periodically performed by AWS.
May be performed by AWS, and will be performed by AWS upon customer request.

Correct Answer: May be performed by the customer against their own instances without prior authorization from AWS.

90) Given the following IAM policy: { “Version”: “2012-10-17”, “Statement”: [ { “Effect”: “Allow”, “Action”: [ “s3:Get“, “s3:List” ], “Resource”: “” }, { “Effect”: “Allow”, “Action”: “s3:PutObject”, “Resource”: “arn:aws:s3:::corporate_bucket/” } ] } , what does the IAM policy allow? (Choose 3)
The user is allowed to read objects from all S3 buckets owned by the account.
The user is not allowed to list the objects in the bucket named “corporate_bucket”.
The user is allowed to write objects into the bucket named “corporate_bucket”.
The user is allowed to change access rights for the bucket named “corporate_bucket”.
The user is allowed to read objects from the bucket named “corporate_bucket”.

Correct Answer: The user is allowed to read objects from all S3 buckets owned by the account.

.The user is allowed to write objects into the bucket named “corporate_bucket”.

.The user is allowed to read objects from the bucket named “corporate_bucket”..

91) You are supporting a large environment running in AWS. The Security architect in your organization asks you to implement a configuration management tool to record the state of your infrastructure and notify you of any changes to the baseline. Which service can you use to achieve this?
CloudTrail
AWS Config
Systems Manager

Correct Answer: AWS Config

92) You are working on a project to migrate a banking application to AWS. Your Security Architect asks if there is a single place where you can securely store user passwords, database connection strings and license codes. What do you suggest?
S3
DynamoDB
Systems Manager Parameter Store

Correct Answer: Systems Manager Parameter Store

93) Your organization is being audited and you are asked to implement monitoring for every single API call which occurs in your AWS account. Which service can you use to achieve this?
CloudWatch
CloudTrail
AWS Inspect

Correct Answer: CloudTrail

94) You are creating a fleet of EC2 instances that will be inside an autoscaling group. These EC2 instances will need to write a custom metric to Cloud Watch and will need the appropriate permissions with which to do this. What is the most secure way to enable this?
Create a unique user in IAM with CloudWatch permissions and store these credentials in GitHub. Have the EC2 instances pull these credentials when they need to log to CloudWatch
Create an IAM role with CloudWatch permissions and modify the autoscaling launch configuration to use EC2 instances that have been assigned the new role.
Create a unique user in IAM with CloudWatch permissions and modify the autoscaling group to include a boot strap script that passes the EC2 instance that users credentials.

Correct Answer: Create an IAM role with CloudWatch permissions and modify the autoscaling launch configuration to use EC2 instances that have been assigned the new role.

95) What does the following policy do: { “Version”: “2012-10-17”, “Statement”: [ { “Action”: [ “autoscaling:Describe“, “cloudwatch:“, “logs:“, “sns:” ], “Effect”: “Allow”, “Resource”: “*” } ] }
Allows Read Only Access to CloudWatch
Allows Write & Read Access to Cloudwatch only.
Allows full access to CloudWatch

Correct Answer: Allows full access to CloudWatch

96) Your company has asked you to investigate the use of KMS for storing and managing keys in AWS. From the options listed below, what key management features are available in KMS?
Generate keys, disable and delete keys, operate as a private, native Hardware Security Module (HSM)
Import your own keys, disable and re-enable keys and define key management roles in IAM
Generate keys, disable and re-enable keys and import keys into a custom key store

Correct Answer: Import your own keys, disable and re-enable keys and define key management roles in IAM

97) Which service can you use to run a command on group of systems based on tags?
Systems Manager Run Command
AWS Config
AWS CLI

Correct Answer: Systems Manager Run Command

98) You are working on a project to launch an application which stores highly confidential data. Your compliance team advise that they do not want to host the application on multi-tenant hardware. Which class of EC2 instance can you use to host the application?
Spot Instances
Dedicated Instances
Reserved Instances

Correct Answer: Dedicated Instances

99) STS (Security Token Service) grants temporary access to AWS resources to users authenticated using which methods? (Select THREE) (Choose 3)
Active Directory Federation
Cross-Origin Resource Sharing
Federation with Web Identity Providers
AWS Rekognition
Cross Account Access

Correct Answer: Active Directory Federation.Federation with Web Identity Providers.Cross Account Access.

100) Which of the following AWS services allow native encryption of data, while at rest? (Choose 3)
Elastic File System (EFS)
S3
Elastic Block Store (EBS)
Elasticache for Memcached

Correct Answer: Elastic File System (EFS).S3.Elastic Block Store (EBS).