301 terms

aws sys admin

STUDY
PLAY

Terms in this set (...)

You receive a frantic call from a new DBA who accidentally dropped a table containing all your customers. Which Amazon RDS feature will allow you to reliably restore your database to within 5 minutes of when the
mistake was made?
RDS automated backup
When assessing an organization s use of AWS API access credentials which of the following three credentials
should be evaluated?
Key pairs, Access keys, Signing certificates
Your company Is moving towards tracking web page users with a small tracking Image loaded on each page Currently you are serving this image out of US-East, but are starting to get concerned about the time It takes to load the image for users on the west coast. What are the two best ways to speed up serving this image?
Use Route 53's Latency Based Routing and serve the image out of US-West-2 as well as US-East-1,
Use EBS PIOPs to serve the image faster out of your EC2 instances
Which of the following statements about this S3 bucket policy is true?
Denies the server with the IP address 192 168 100 188 full access to the "mybucket" bucket
When preparing for a compliance assessment of your system built inside of AWS. what are three best-practices
for you to prepare for an audit?
"Gather evidence of your IT operational controls", "Request and obtain applicable third-party audited AWS compliance reports and certifications", "Request and obtain approval from AWS to perform relevant network scans and in-depth penetration tests of
your system's Instances and endpoints"
You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from
a specific IP address block. Your security team has requested that all access from the offending IP address block
be denied for the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the specified IP address
block?
Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address
block
You have two Elastic Compute Cloud (EC2) instances inside a Virtual Private Cloud (VPC) in the same
Availability Zone (AZ) but in different subnets. One instance is running a database and the other instance an application that will interface with the database. You want to confirm that they can talk to each other for your application to work properly.
Which two things do we need to confirm in the VPC settings so that these EC2 instances can communicate
inside the VPC?
A network ACL that allows communication between the two subnets. , Security groups are set to allow the application host to talk to the database on the right port/protocol.
When an EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store
volumes?
Data is unavailable until the instance is restarted
You have set up Individual AWS accounts for each project. You have been asked to make sure your AWS Infrastructure costs do not exceed the budget set per project for each month.
Which of the following approaches can help ensure that you do not exceed the budget each month?
Set up CloudWatch billing alerts for all AWS resources used by each project, with a notification occurring
when the amount for each resource tagged to a particular project matches the budget allocated to the project.
You use S3 to store critical data for your company Several users within your group currently have lull
permissions to your S3 buckets You need to come up with a solution mat does not impact your users and also
protect against the accidental deletion of objects.
Which two options will address this issue?
A. Enable versioning on your S3 Buckets
B. Configure your S3 Buckets with MFA delete
You have an Auto Scaling group associated with an Elastic Load Balancer (ELB). You have noticed that
instances launched via the Auto Scaling group are being marked unhealthy due to an ELB health check, but
these unhealthy instances are not being terminated
What do you need to do to ensure trial instances marked unhealthy by the ELB will be terminated and replaced?
Add an Elastic Load Balancing health check to your Auto Scaling group
An organization has configured a VPC with an Internet Gateway (IGW). pairs of public and private subnets
(each with one subnet per Availability Zone), and an Elastic Load Balancer (ELB) configured to use the public
subnets The application s web tier leverages the ELB.
Auto Scaling and a mum-AZ RDS database instance The organization would like to eliminate any potential
single points ft failure in this design.
What step should you take to achieve this organization's objective?
Nothing, there are no single points of failure in this architecture.
A customer has a web application that uses cookie Based sessions to track logged in users It Is deployed on
AWS using ELB and Auto Scaling The customer observes that when load increases. Auto Scaling launches new
Instances but the load on the easting Instances does not decrease, causing all existing users to have a sluggish
experience.
Which two answer choices independently describe a behavior that could be the cause of the sluggish user
experience?
B. ELB's behavior when sticky sessions are enabled causes ELB to send requests in the same session to the
same backend instance,

D. The web application uses long polling such as comet or websockets. Thereby keeping a connection open to a
web server tor a long time
An application that you are managing has EC2 instances & Dynamo OB tables deployed to several AWS
Regions In order to monitor the performance of the application globally, you would like to see two graphs 1)
Avg CPU Utilization across all EC2 instances and 2) Number of Throttled Requests for all DynamoDB tables.
How can you accomplish this?
Add SNMP traps to each instance and DynamoDB table Leverage a central monitoring server to capture data
from each instance and table Put the aggregate data into Cloud Watch for graphing.
You are using ElastiCache Memcached to store session state and cache database queries in your infrastructure.
You notice in CloudWatch that Evictions and GetMisses are Doth very high.
What two actions could you take to rectify this?
B. Tweak the max_item_size parameter,
D. Increase the size of the nodes in the duster
You are designing a system that has a Bastion host. This component needs to be highly available without human
intervention.
Which of the following approaches would you select?
Configure the bastion instance in an Auto Scaling group Specify the Auto Scaling group to include multiple
AZs but have a min-size of 1 and max-size of 1
The majority of your Infrastructure is on premises and you have a small footprint on AWS Your company has
decided to roll out a new application that is heavily dependent on low latency connectivity to LOAP for
authentication Your security policy requires minimal changes to the company's existing application user
management processes.
What option would you implement to successfully launch this application1?
Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between
your new and existing domains and use the new domain for authentication
Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases/ decreases and
has been performing well Your marketing team expects a steady ramp up in traffic to follow an upcoming
campaign that will result in a 20x growth in traffic over 4 weeks Your forecast for the approximate number of
Amazon EC2 instances necessary to meet the peak demand is 175.
What should you do to avoid potential service disruptions during the ramp up in traffic?
Pre-warm your Elastic Load Balancer to match the requests per second anticipated during peak demand prior
to the marketing campaign
You are tasked with the migration of a highly trafficked Node JS application to AWS In order to comply with
organizational standards Chef recipes must be used to configure the application servers that host this application
and to support application lifecycle events.
Which deployment option meets these requirements while minimizing administrative burden?
Create a new application within Elastic Beanstalk and deploy this application to a new environment
When attached to an Amazon VPC which two components provide connectivity with external networks?
C. Internet Gateway {IGW)
D. Virtual Private Gateway (VGW)
You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers deployed
using an Auto Scaling Group Your database is running on Relational Database Service (RDS) The application
serves out technical articles and responses to them in general there are more views of an article than there are
responses to the article. On occasion, an article on the site becomes extremely popular resulting in significant
traffic Increases that causes the site to go down.
What could you do to help alleviate the pressure on the infrastructure while maintaining availability during
these events?
A. Leverage CloudFront for the delivery of the articles.
C. Leverage ElastiCache for caching the most frequently used data.
E. Use Route53 health checks to fail over to an S3 bucket for an error page.
You have identified network throughput as a bottleneck on your m1.small EC2 instance when uploading data
Into Amazon S3 In the same region.
How do you remedy this situation?
B. Change to a larger Instance
You have decided to change the Instance type for instances running In your application tier that are using Auto
Scaling.
In which area below would you change the instance type definition?
Auto Scaling launch configuration
Which of the following are characteristics of Amazon VPC subnets?
C. Instances in a private subnet can communicate with the internet only if they have an Elastic IP.

E. V Each subnet spans at least 2 Availability zones to provide a high-availability environment
You are attempting to connect to an instance in Amazon VPC without success You have already verified that
the VPC has an Internet Gateway (IGW) the instance has an associated Elastic IP (EIP) and correct security
group rules are in place.
Which VPC component should you evaluate next?
The configuration of the Routing Table
What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment of the
primary OB instance fails?
The canonical name record (CNAME) is changed from primary to standby
You have a web-style application with a stateless but CPU and memory-intensive web tier running on a cc2
8xlarge EC2 instance inside of a VPC The instance when under load is having problems returning requests
within the SLA as defined by your business The application maintains its state in a DynamoDB table, but the
data tier is properly provisioned and responses are consistently fast.
How can you best resolve the issue of the application responses not meeting your SLA?
Move the cc2 8xlarge to the same Availability Zone as the DynamoDB table
You have a server with a 5O0GB Amazon EBS data volume. The volume is 80% full. You need to back up the
volume at regular intervals and be able to re-create the volume in a new Availability Zone in the shortest time
possible. All applications using the volume can be paused for a period of a few minutes with no discernible user
impact.
Which of the following backup methods will best fulfill your requirements?
Create another EBS volume in the second Availability Zone attach it to the Amazon EC2 instance, and use a
disk manager to mirror me two disks
You are running a database on an EC2 instance, with the data stored on Elastic Block Store (EBS) for
persistence At times throughout the day, you are seeing large variance in the response times of the database
queries Looking into the instance with the isolate command you see a lot of wait time on the disk volume that
the database's data is stored on.
What two ways can you improve the performance of the database's storage while maintaining the current
persistence of the data?
A. Move to an SSD backed instance
B. Move the database to an EBS-Optimized Instance
Which services allow the customer to retain full administrative privileges of the underlying EC2 instances?
A. Amazon Elastic Map Reduce
C. AWS Elastic Beanstalk
You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration. Which two mechanisms will allow the application to failover to new instances without the need for reconfiguration?
A. Create an ELB to reroute traffic to a failover instance,

D. Assign a secondary private IP address to the primary ENIO that can be moved to a failover instance
You have a Linux EC2 web server instance running inside a VPC The instance is In a public subnet and has an EIP associated with it so you can connect to It over the Internet via HTTP or SSH The instance was also fully accessible when you last logged in via SSH. and was also serving web requests on port 80. Now you are not able to SSH into the host nor does it respond to web requests on port 80 that were working fine last time you checked You have double-checked that all networking configuration parameters (security groups route tables. IGW'EIP. NACLs etc) are properly configured {and you haven't made any changes to those anyway since you were last able to reach the Instance). You look at the EC2 console and notice that system status check shows "impaired." Which should be your next step in troubleshooting and attempting to get the instance back to a healthy state so that you can log in again?
A. Stop and start the instance so that it will be able to be redeployed on a healthy host system that most likely will fix the "impaired" system status
Your EC2-Based Multi-tier application includes a monitoring instance that periodically makes application -level read only requests of various application components and if any of those fail more than three times 30 seconds calls CloudWatch lo fire an alarm, and the alarm notifies your operations team by email and SMS of a possible application health problem. However, you also need to watch the watcher -the monitoring instance itself - and be notified if it becomes unhealthy. Which of the following is a simple way to achieve that goal?
D. Have the monitoring instances post messages to an SOS queue and then dequeue those messages on another instance should the queue cease to have new messages, the second instance should first terminate the original monitoring instance start another backup monitoring instance and assume (he role of the previous monitoring instance and beginning adding messages to the SQSqueue.
What is a placement group?
B. Feature that enables EC2 instances to interact with each other via nigh bandwidth, low latency connections
Your entire AWS infrastructure lives inside of one Amazon VPC You have an Infrastructure monitoring application running on an Amazon instance in Availability Zone (AZ) A of the region, and another application instance running in AZ B. The monitoring application needs to make use of ICMP ping to confirm network reachability of the instance hosting the application. Can you configure the security groups for these instances to only allow the ICMP ping to pass from the monitoring instance to the application instance and nothing else'' If so how?
D. Yes, Both the monitoring instance's security group and the application instance's security group need to allow both inbound and outbound ICMP ping packets since ICMP is not a connection-oriented protocol
You are running a web-application on AWS consisting of the following components an Elastic Load Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and Relational DataBase Service (RDS) MySQL. Which security measures fall into AWS's responsibility?
B. Protect against IP spoofing or packet sniffing
You are tasked with setting up a cluster of EC2 Instances for a NoSQL database. The database requires random read IO disk performance up to a 100,000 IOPS at 4KB block side per node. Which of the following EC2 instances will perform the best for this workload?
C. High I/O Quadruple Extra Large (hi1.4xlarge) using instance storage
When creation of an EBS snapshot Is initiated but not completed the EBS volume?
"Best Material, Great Results". www.certkingdom.com 15

C. Can be used while me snapshot Is in progress
Which two AWS services provide out-of-the-box user configurable automatic backup-as-a-service and backup rotation options
B. Amazon RDS
D. Amazon Red shift
If you want to launch Amazon Elastic Compute Cloud (EC2) Instances and assign each Instance a predetermined private IP address you should:
C. Launch the instances in the Amazon virtual Private Cloud (VPC)
You have been asked to automate many routine systems administrator backup and recovery activities. Your current plan is to leverage AWS-managed solutions as much as possible and automate the rest with the AWS CLI and scripts. Which task would be best accomplished with a script?
Creating daily EBS snapshots with a monthly rotation of snapshot
You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch. Which method would be the best way to authenticate your CloudWatch PUT request?
A. Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to launch instances in that role
Your organization's security policy requires that all privileged users either use frequently rotated passwords or one-time access credentials in addition to username/password. Which two of the following options would allow an organization to enforce this policy for AWS users?
C. Implement identity federation between your organization's Identity provider leveraging the 1AM Security Token Service D. Enable the 1AM single-use password policy option for privileged users
Which of the following requires a custom CloudWatch metric to monitor?
C. Memory Utilization of an EC2 instance
You run a web application where web servers on EC2 Instances are In an Auto Scaling group Monitoring over the last 6 months shows that 6 web servers are necessary to handle the minimum load During the day up to 12 servers are needed Five to six days per year, the number of web servers required might go up to 15. What would you recommend to minimize costs while being able to provide hill availability?
B. 6 Reserved instances (heavy utilization). 6 On-Demand instances, rest covered by Spot Instances
You have been asked to propose a multi-region deployment of a web-facing application where a controlled portion of your traffic is being processed by an alternate region. Which configuration would achieve that goal?
D. Elastic Load Balancing with health checks enabled
Your team Is excited about the use of AWS because now they have access to programmable Infrastructure" You have been asked to manage your AWS infrastructure In a manner similar to the way you might manage application code You want to be able to deploy exact copies of different versions of your infrastructure, stage changes into different environments, revert back to previous versions, and identify what versions are running at any particular time (development test Q A. production). Which approach addresses this requirement?
B. Use AWS CloudWatch metrics and alerts along with resource tagging to deploy and manage your infrastructure.
A media company produces new video files on-premises every day with a total size of around 100GBS after compression All files have a size of 1 -2 GB and need to be uploaded to Amazon S3 every night in a fixed time window between 3am and 5am Current upload takes almost 3 hours, although less than half of the available bandwidth is used. What step(s) would ensure that the file uploads are able to complete in the allotted time window?
B. Upload the files in parallel to S3
You need to design a VPC for a web-application consisting of an Elastic Load Balancer (ELB). a fleet of web/application servers, and an RDS database The entire Infrastructure must be distributed over 2 availability zones. Which VPC configuration works while assuring the database is not available from the Internet?
A. One public subnet for ELB one public subnet for the web-servers, and one private subnet for the database
When an EC2 instance that is backed by an S3-based AMI Is terminated, what happens to the data on me root volume?
C. Data is automatically deleted.
What are characteristics of Amazon S3?
A. Objects are directly accessible via a URL
D. S3 allows you to store virtually unlimited amounts of data
An organization's security policy requires multiple copies of all critical data to be replicated across at least a primary and backup data center. The organization has decided to store some critical data on Amazon S3. Which option should you implement to ensure this requirement is met?
D. You do not need to implement anything since S3 data is automatically replicated between multiple facilities within an AWS Region
How can the domain's zone apex for example "myzoneapexdomain com" be pointed towards an Elastic Load Balancer?
D. By using an Amazon Route 53 Alias record
You have started a new job and are reviewing your company's infrastructure on AWS You notice one web application where they have an Elastic Load Balancer (&B) in front of web instances in an Auto Scaling Group When you check the metrics for the ELB in CloudWatch you see four healthy instances In Availability Zone (AZ) A and zero in AZ B There are zero unhealthy instances. What do you need to fix to balance the instances across AZs?
B. Make sure Auto Scaling is configured to launch in both AZs
You have been asked to leverage Amazon VPC BC2 and SOS to implement an application that submits and receives millions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS Which option will provide the most scalable solution for communicating between the application and SQS?
B. Ensure the application instances are launched in private subnets with the EBS-optimized option enabled
An organization (Account ID 123412341234. has attached the below mentioned IAM policy to a user. What does this policy statement entitle the user to perform? "Statement": [ { "Sid": "AllowUsersAllActionsForCredentials", "Effect": "Allow", "Action": [ "iam:AccessKey", ], "Resource": ["arn:aws:iam:: 123412341234:user/${aws:username}"] } ]
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the organization (Account ID 123412341234. wants some of their users to manage keys (access and secret access keys. of all IAM users, the organization should set the below mentioned policy which entitles the IAM user to modify keys of all IAM users with CLI, SDK or API. "Statement": [ { "Sid": "AllowUsersAllActionsForCredentials", "Effect": "Allow", "Action": [ "iam:AccessKey", ], "Resource": ["arn:aws:iam:: 123412341234:user/${aws:username}"] } ]
A user has stored data on an encrypted EBS volume. The user wants to share the data with his friend's AWS account. How can user achieve this?
B. Copy the data to an unencrypted volume and then share
A user is trying to delete an Auto Scaling group from CLI. Which of the below mentioned steps are to be performed by the user?
C. Set the minimum size and desired capacity to 0
An organization is using cost allocation tags to find the cost distribution of different departments and projects. One of the instances has two separate tags with the key/ value as "InstanceName/HR", "CostCenter/HR". What will AWS do in this case?
D. AWS will allow both the tags and show properly in the cost distribution report
A root account owner has created an S3 bucket testmycloud. The account owner wants to allow everyone to upload the objects as well as enforce that the person who uploaded the object should manage the permission of those objects. Which is the easiest way to achieve this?
C. The root account should use ACL with the bucket to allow everyone to upload the object
A user has launched 10 instances from the same AMI ID using Auto Scaling. The user is trying to see the average CPU utilization across all instances of the last 2 weeks under the CloudWatch console. How can the user achieve this?
B. Aggregate the data over the instance AMI ID
A user has enabled detailed CloudWatch metric monitoring on an Auto Scaling group. Which of the below mentioned metrics will help the user identify the total number of instances in an Auto Scaling group cluding pending, terminating and running instances?
A. GroupTotalInstances
An organization is planning to use AWS for 5 different departments. The finance department is responsible to pay for all the accounts. However, they want the cost separation for each account to map with the right cost centre. How can the finance department achieve this?
A. Create 5 separate accounts and make them a part of one consolidate billing
A user wants to disable connection draining on an existing ELB. Which of the below mentioned statements helps the user disable connection draining on the ELB?
C. The user can disable the connection draining feature from EC2 -> ELB console or from CLI
An organization is setting up programmatic billing access for their AWS account. Which of the below mentioned services is not required or enabled when the organization wants to use programmatic access?
C. AWS billing alerts
A system admin is managing buckets, objects and folders with AWS S3. Which of the below mentioned statements is true and should be taken in consideration by the sysadmin?
A. The folders support only ACL
A user is trying to configure the CloudWatch billing alarm. Which of the below mentioned steps should be performed by the user for the first time alarm creation in the AWS Account Management section?
B. Enable Receiving Billing Alerts
An organization has setup consolidated billing with 3 different AWS accounts. Which of the below mentioned advantages will organization receive in terms of the AWS pricing?
B. All AWS accounts will be charged for S3 storage by combining the total storage of each account
A user has created a VPC with CIDR 20.0.0.0/24. The user has created a public subnet with CIDR 20.0.0.0/25. The user is trying to create the private subnet with CIDR 20.0.0.128/25. Which of the below mentioned statements is true in this scenario?
B. It will allow the user to create a private subnet with CIDR as 20.0.0.128/25
An organization is generating digital policy files which are required by the admins for verification. Once the files are verified they may not be required in the future unless there is some compliance issue. If the organization wants to save them in a cost effective way, which is the best possible solution?
D. AWS Glacier
A user has launched an EBS backed instance. The user started the instance at 9 AM in the morning. Between 9 AM to 10 AM, the user is testing some script. Thus, he stopped the instance twice and restarted it. In the same hour the user rebooted the instance once. For how many instance hours will AWS charge the user?
A. 3 hours
You are managing the AWS account of a big organization. The organization has more than 1000+ employees and they want to provide access to the various services to most of the employees. Which of the below mentioned options is the best possible solution in this case?
Attach an IAM role with the organization's authentication service to authorize each user for various AWS services
A user is planning to use AWS Cloudformation. Which of the below mentioned functionalities does not help him to correctly understand Cloudfromation?
A. Cloudformation follows the DevOps model for the creation of Dev & Test
An organization has created 50 IAM users. The organization has introduced a new policy which will change the access of an IAM user. How can the organization implement this effectively so that there is no need to apply the policy at the individual user level?
A. Use the IAM groups and add users as per their role to different groups and apply policy to group
A user is publishing custom metrics to CloudWatch. Which of the below mentioned statements will help the user understand the functionality better?
B. The user should be able to see the data in the console after around 15 minutes
A user is launching an instance. He is on the "Tag the instance" screen. Which of the below mentioned information will not help the user understand the functionality of an AWS tag?
C. The maximum value of the tag key length is 64 unicode characters
A customer is using AWS for Dev and Test. The customer wants to setup the Dev environment with Cloudformation. Which of the below mentioned steps are not required while using Cloudformation?
B. Configure a service
An organization has configured the custom metric upload with CloudWatch. The organization has given permission to its employees to upload data using CLI as well SDK. How can the user track the calls made to CloudWatch?
B. Use CloudTrail to monitor the API calls
A sys admin is trying to understand EBS snapshots. Which of the below mentioned statements will not be useful to the admin to understand the concepts about a snapshot?
A. The snapshot is synchronous
A user has launched a large EBS backed EC2 instance in the US-East-1a region. The user wants to achieve Disaster Recovery (DR. for that instance by creating another small instance in Europe. How can the user achieve DR?
B. Create an AMI of the instance and copy the AMI to the EU region. Then launch the instance from the EU AMI
A user is trying to connect to a running EC2 instance using SSH. However, the user gets a connection time out
error. Which of the below mentioned options is not a possible reason for rejection?
A. The access key to connect to the instance is wrong
A user has configured ELB with two EBS backed EC2 instances. The user is trying to understand the DNS
access and IP support for ELB. Which of the below mentioned statements may not help the user understand the
IP mechanism supported by ELB?
D. The ELB supports either IPV4 or IPV6 but not both
A user is launching an EC2 instance in the US East region. Which of the below mentioned options is
recommended by AWS with respect to the selection of the availability zone?
B. Do not select the AZ; instead let AWS select the AZ
A user has configured the Auto Scaling group with the minimum capacity as 3 and the maximum capacity as 5.
When the user configures the AS group, how many instances will Auto Scaling launch?
C. 5
A user is trying to understand the ACL and policy for an S3 bucket. Which of the below mentioned policy
permissions is equivalent to the WRITE ACL on a bucket?
D. s3:DeleteObject
A user has launched an ELB which has 5 instances registered with it. The user deletes the ELB by mistake.
What will happen to the instances?
D. Instances will keep running
A user is planning to setup infrastructure on AWS for the Christmas sales. The user is planning to use Auto
Scaling based on the schedule for proactive scaling. What advise would you give to the user?
Wait till end of November before scheduling the activity
A user is planning to use AWS Cloud formation for his automatic deployment requirements. Which of the below mentioned components are required as a part of the template?
D. Resources
A user has created a photo editing software and hosted it on EC2. The software accepts requests from the user
about the photo format and resolution and sends a message to S3 to enhance the picture accordingly.Which of
the below mentioned AWS services will help make a scalable software with the AWS infrastructure in this
scenario?
D. AWS Simple Queue Service
A user has created a VPC with CIDR 20.0.0.0/24. The user has created a public subnet with CIDR 20.0.0.0/25
and a private subnet with CIDR 20.0.0.128/25. The user has launched one instance each in the private and
public subnets. Which of the below mentioned options cannot be the correct IP address (private IP. assigned to
an instance in the public or private subnet?
A. 20.0.0.255
A root AWS account owner is trying to understand various options to set the permission to AWS S3. Which of
the below mentioned options is not the right option to grant permission for S3?
B. S3 Object Access Policy
A user is trying to save some cost on the AWS services. Which of the below mentioned options will not help
him save cost?
B. Delete the AutoScaling launch configuration after the instances are terminated
A user has launched an EC2 instance from an instance store backed AMI. The infrastructure team wants to
create an AMI from the running instance. Which of the below mentioned steps will not be performed while
creating the AMI?
A. Define the AMI launch permissions
A user is running one instance for only 3 hours every day. The user wants to save some cost with the instance.
Which of the below mentioned Reserved Instance categories is advised in this case?
A. The user should not use RI; instead only go with the on-demand pricing
A user has setup Auto Scaling with ELB on the EC2 instances. The user wants to configure that whenever the
CPU utilization is below 10%, Auto Scaling should remove one instance.
How can the user configure this?
D. Configure CloudWatch to send a notification to the Auto Scaling group when the CPU
Utilization is less than 10% and configure the Auto Scaling policy to remove the instance
A user has configured the AWS CloudWatch alarm for estimated usage charges in the US East region. Which of
the below mentioned statements is not true with respect to the estimated charges?
D. The metric data will show data specific to that region
An organization, which has the AWS account ID as 999988887777, has created 50 IAM users. All the users are
added to the same group cloudacademy. If the organization has enabled that each IAM user can login with the
AWS console, which AWS login URL will the IAM users use?
A. https:// 999988887777.signin.aws.amazon.com/console/
A user has enabled the Multi AZ feature with the MS SQL RDS database server. Which of the below
mentioned statements will help the user understand the Multi AZ feature better?
C. In a Multi AZ, AWS runs just one DB but copies the data synchronously to the standby replica
A sys admin has created the below mentioned policy and applied to an S3 object named aws.jpg. The aws.jpg is
inside a bucket named cloudacademy. What does this policy define?
"Statement": [{
"Sid": "Stmt1388811069831",
"Effect": "Allow",
"Principal": { "AWS": "*"},
"Action": [ "s3:GetObjectAcl", "s3:ListBucket", "s3:GetObject"],
"Resource": [ "arn:aws:s3:::cloudacademy/*.jpg"]
}]
A. It is not possible to define a policy at the object level
A user has configured Elastic Load Balancing by enabling a Secure Socket Layer (SSL. negotiation
configuration known as a Security Policy. Which of the below mentioned options is not part of this secure
policy while negotiating the SSL connection between the user and the client?
B. Client Order Preference
A sys admin is trying to understand the Auto Scaling activities. Which of the below mentioned processes is not performed by Auto Scaling?
A. Reboot Instance
A user has created an S3 bucket which is not publicly accessible. The bucket is having thirty objects which are
also private. If the user wants to make the objects public, how can he configure this with minimal efforts?
C. Set the AWS bucket policy which marks all objects as public
A user has developed an application which is required to send the data to a NoSQL database. The user wants to
decouple the data sending such that the application keeps processing and sending data but does not wait for an
acknowledgement of DB. Which of the below mentioned applications helps in this scenario?
C. AWS Simple Queue Service
A user has setup connection draining with ELB to allow in-flight requests to continue while the instance is
being deregistered through Auto Scaling. If the user has not specified the draining time, how long will ELB
allow inflight requests traffic to continue?
C. 300 seconds
An admin is planning to monitor the ELB. Which of the below mentioned services does not help the admin
capture the monitoring information about the ELB activity?
B. ELB health check
A user has created an ELB with Auto Scaling. Which of the below mentioned offerings from ELB helps the
user to stop sending new requests traffic from the load balancer to the EC2 instance when the instance is being
deregistered while continuing in-flight requests?
C. ELB connection draining
An organization is using AWS since a few months. The finance team wants to visualize the pattern of AWS
spending. Which of the below AWS tool will help for this requirement?
B. AWS Cost Explorer
A user has setup a web application on EC2. The user is generating a log of the application performance at every
second. There are multiple entries for each second. If the user wants to send that data to CloudWatch every
minute, what should he do?
C. Give CloudWatch the Min, Max, Sum, and SampleCount of a number of every minute
A sys admin is maintaining an application on AWS. The application is installed on EC2 and user has configured
ELB and Auto Scaling. Considering future load increase, the user is planning to launch new servers proactively
so that they get registered with ELB. How can the user add these instances with Auto Scaling?
A. Increase the desired capacity of the Auto Scaling group
An organization wants to move to Cloud. They are looking for a secure encrypted database storage option.
Which of the below mentioned AWS functionalities helps them to achieve this?
B. AWS EBS encryption
An application is generating a log file every 5 minutes. The log file is not critical but may be required only for
verification in case of some major issue. The file should be accessible over the internet whenever required.
Which of the below mentioned options is a best possible storage solution for it?
D. AWS RRS
A user has created numerous EBS volumes. What is the general limit for each AWS account for the maximum
number of EBS volumes that can be created?
B. 5000
A user has a refrigerator plant. The user is measuring the temperature of the plant every 15 minutes. If the user
wants to send the data to CloudWatch to view the data visually, which of the below mentioned statements is
true with respect to the information given above?
A. The user needs to use AWS CLI or API to upload the data
A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring
on Auto Scaling. Which of the below mentioned statements will help the user understand the functionality
better?
B. In this case, Auto Scaling will send data every minute and will charge the user extra
A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR
(20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to
the user's data centre. Which of the below mentioned options is a valid entry for the main route table in this
scenario?
D. Destination: 0.0.0.0/0 and Target: vgw-12345
An organization is planning to use AWS for their production roll out. The organization wants to implement
automation for deployment such that it will automatically create a LAMP stack, download the latest PHP
installable from S3 and setup the ELB. Which of the below mentioned AWS services meets the quirement for
making an orderly deployment of the software?
C. AWS Cloudformation
A user has launched an EBS backed EC2 instance. What will be the difference while performing the restart or
stop/start options on that instance?
A. For restart it does not charge for an extra hour, while every stop/start it will be charged as a separate
hour
An organization has added 3 of his AWS accounts to consolidated billing. One of the AWS accounts has
purchased a Reserved Instance (RI. of a small instance size in the US-East-1a zone. All other AWS accounts are
running instances of a small size in the same zone. What will happen in this case for the RI pricing?
C. Any single instance from all the three accounts can get the benefit of AWS RI pricing if they are
running in the same zone and are of the same size
You are building an online store on AWS that uses SQS to process your customer orders.
Your backend system needs those messages in the same sequence the customer orders have been put in. How
can you achieve that?
B. You can use sequencing information on each message
A user has launched an EBS backed EC2 instance. The user has rebooted the instance. Which of the below
mentioned statements is not true with respect to the reboot action?
D. The instance runs on a new host computer
A user has setup an EBS backed instance and a CloudWatch alarm when the CPU utilization is more than 65%.
The user has setup the alarm to watch it for 5 periods of 5
minutes each. The CPU utilization is 60% between 9 AM to 6 PM. The user has stopped the EC2 instance for
15 minutes between 11 AM to 11:15 AM. What will be the status of the alarm at 11:30 AM?
B. OK
A sys admin has created a shopping cart application and hosted it on EC2. The EC2 instances are running
behind ELB. The admin wants to ensure that the end user request will always go to the EC2 instance where the
user session has been created. How can the admin configure this?
C. Enable ELB sticky session
A user has created a web application with Auto Scaling. The user is regularly monitoring the application and he
observed that the traffic is highest on Thursday and Friday between 8 AM to 6 PM. What is the best solution to
handle scaling in this case?
B. Schedule Auto Scaling to scale up by 8 AM Thursday and scale down after 6 PM on Friday
A user has setup a billing alarm using CloudWatch for $200. The usage of AWS exceeded $200 after some days.
The user wants to increase the limit from $200 to $400? What should the user do?
C. Update the alarm to set the limit at $400 instead of $200
A user has setup an RDS DB with Oracle. The user wants to get notifications when someone modifies the
security group of that DB. How can the user configure that?
C. Configure event notification on the DB security group
A user wants to make so that whenever the CPU utilization of the AWS EC2 instance is above 90%, the redlight
of his bedroom turns on. Which of the below mentioned AWS services is helpful for this purpose?
B. AWS CloudWatch + AWS SNS
A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring
on Elastic Load balancing. Which of the below mentioned statements will help the user understand this
functionality better?
A. ELB sends data to CloudWatch every minute only and does not charge the user
A user is trying to understand AWS SNS. To which of the below mentioned end points is SNS unable to send a
notification?
D. AWS SES
A user has launched an EC2 instance. The user is planning to setup the CloudWatch alarm. Which of the below mentioned actions is not supported by the CloudWatch alarm?
B. Send an SMS using SNS
An organization has created 5 IAM users. The organization wants to give them the same login ID but different
passwords. How can the organization achieve this?
C. It is not possible to have the same login ID for multiple IAM users of the same account
An organization is planning to create 5 different AWS accounts considering various security requirements. The
organization wants to use a single payee account by using the consolidated billing option. Which of the below
mentioned statements is true with respect to the above information?
B. Master (Payee. account can view only the AWS billing details of the linked accounts
A user has deployed an application on his private cloud. The user is using his own monitoring tool. He wants to
configure that whenever there is an error, the monitoring tool should notify him via SMS. Which of the below
mentioned AWS services will help in this scenario?
B. AWS SNS
A user has created a queue named "myqueue" in US-East region with AWS SQS. The user's AWS account ID
is 123456789012. If the user wants to perform some action on this queue, which of the below Queue URL
should he use?
A. http://sqs.us-east-1.amazonaws.com/123456789012/myqueue
A user has setup a CloudWatch alarm on an EC2 action when the CPU utilization is above 75%. The alarm sends a notification to SNS on the alarm state. If the user wants to simulate the alarm action how can he achieve
this?
C. The user can set the alarm state to 'Alarm' using CLI
A user is trying to setup a scheduled scaling activity using Auto Scaling. The user wants to setup the recurring
schedule. Which of the below mentioned parameters is not required in this case?
A. Maximum size
A system admin is planning to setup event notifications on RDS. Which of the below mentioned services will
help the admin setup notifications?
D. AWS SNS
A user has launched two EBS backed EC2 instances in the US-East-1a region. The user wants to change the
zone of one of the instances. How can the user change it?
D. Create an AMI of the running instance and launch the instance in a separate AZ
A user is trying to setup a recurring Auto Scaling process. The user has setup one process to scale up every day
at 8 am and scale down at 7 PM. The user is trying to setup another recurring process which scales up on the 1st
of every month at 8 AM and scales down the same day at 7 PM. What will Auto Scaling do in this scenario?
D. Auto Scaling will throw an error since there is a conflict in the schedule of two separate Auto Scaling
Processes
A user has received a message from the support team that an issue occurred 1 week back between 3 AM to 4
AM and the EC2 server was not reachable. The user is checking the CloudWatch metrics of that instance. How
can the user find the data easily using the CloudWatch console?
D. The user can find the data by giving the exact values in the Absolute tab under CloudWatch metrics
A user has created an ELB with the availability zone US-East-1
A. The user wants to add more zones to ELB to achieve High Availability. How can the user add more zones to
the existing ELB?
D. The user can add zones on the fly from the AWS console
An organization has created 50 IAM users. The organization wants that each user can change their password but
cannot change their access keys. How can the organization achieve this?
D. The root account owner can set the policy from the IAM console under the password policy screen
A user has created a VPC with CIDR 20.0.0.0/16. The user has created public and VPN only subnets along with
hardware VPN access to connect to the user's datacenter. The user wants to make so that all traffic coming to
the public subnet follows the organization's proxy policy. How can the user make this happen?
D. Setting the route table and security group of the public subnet which receives traffic from a virtual private
gateway
A user is accessing RDS from an application. The user has enabled the Multi AZ feature with the MS SQL RDS
DB. During a planned outage how will AWS ensure that a switch from DB to a standby replica will not affect
access to the application?
B. RDS uses DNS to switch over to stand by replica for seamless transition
A user has created a queue named "myqueue" with SQS. There are four messages published to queue which are
not received by the consumer yet. If the user tries to delete the queue, what will happen?
B. It will delete the queue
A user has recently started using EC2. The user launched one EC2 instance in the default subnet in EC2-VPC
Which of the below mentioned options is not attached or available with the EC2 instance when it is launched?
C. Elastic IP
A user has created an ELB with three instances. How many security groups will ELB create by default?
C. 2
A user has created a VPC with CIDR 20.0.0.0/16 with only a private subnet and VPN connection using the VPC
wizard. The user wants to connect to the instance in a private subnet over SSH. How should the user define the
security rule for SSH?
A. Allow Inbound traffic on port 22 from the user's network
A user is planning to setup notifications on the RDS DB for a snapshot. Which of the below mentioned event
categories is not supported by RDS for this snapshot source type?
A. Backup
A user has configured CloudWatch monitoring on an EBS backed EC2 instance. If the user has not attached any
additional device, which of the below mentioned metrics will always show a 0 value?
A. DiskReadBytes
A user is planning to evaluate AWS for their internal use. The user does not want to incur any charge on his
account during the evaluation. Which of the below mentioned AWS services would incur a charge if used?
D. AWS PIOPS volume of 10 GB size
A user has configured a VPC with a new subnet. The user has created a security group. The user wants to
configure that instances of the same subnet communicate with each other. How can the user configure this with
the security group?
C. Configure the security group itself as the source and allow traffic on all the protocols and ports
A user has created a subnet with VPC and launched an EC2 instance in that subnet with only default
settings.Which of the below mentioned options is ready to use on the EC2 instance as soon as it is launched?
B. Private IP
A user is trying to aggregate all the CloudWatch metric data of the last 1 week. Which of the below mentioned
statistics is not available for the user as a part of data aggregation?
A. Aggregate
A user is checking the CloudWatch metrics from the AWS console. The user notices that the CloudWatch data
is coming in UTC. The user wants to convert the data to a local time zone. How can the user perform this?
B. In the CloudWatch console select the local timezone under the Time Range tab to view the data as
per the local timezone
A user has configured ELB with three instances. The user wants to achieve High Availability as well as
redundancy with ELB. Which of the below mentioned AWS services helps the user achieve this for ELB?
A. Route 53
A user is trying to launch an EBS backed EC2 instance under free usage. The user wants to achieve
encryption of the EBS volume. How can the user encrypt the data at rest?
B. The user cannot use EBS encryption and has to encrypt the data manually or using a third party tool
A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling AddToLoadBalancer
(which adds instances to the load balancer. process for a while. What will happen to the instances launched
during the suspension period?
A. The instances will not be registered with ELB and the user has to manually register when the process
is resumed
A user has created an EBS volume of 10 GB and attached it to a running instance. The user is trying to access
EBS for first time. Which of the below mentioned options is the correct statement with respect to a first time
EBS access?
B. The volume will show a loss of the IOPS performance the first time
A user has enabled session stickiness with ELB. The user does not want ELB to manage the cookie; instead he
wants the application to manage the cookie. What will happen when the server instance, which is bound to a
cookie, crashes?
B. The session will not be sticky until a new cookie is inserted
A user has created a VPC with CIDR 20.0.0.0/16 using VPC Wizard. The user has created a public CIDR
(20.0.0.0/24. and a VPN only subnet CIDR (20.0.1.0/24. along with the hardware VPN access to connect to the
user's data centre. Which of the below mentioned components is not present when the VPC is setup with the
wizard?
B. A NAT instance configured to allow the VPN subnet instances to connect with the internet
An organization has setup Auto Scaling with ELB. Due to some manual error, one of the instances got
rebooted. Thus, it failed the Auto Scaling health check. Auto Scaling has marked it for replacement. How can
the system admin ensure that the instance does not get terminated?
D. Change the health of the instance to healthy using the Auto Scaling commands
A user runs the command "dd if=/dev/xvdf of=/dev/null bs=1M" on an EBS volume created from a snapshot
and attached to a Linux instance. Which of the below mentioned activities is the user performing with the step
given above?
A. Pre warming the EBS volume
A user is trying to send custom metrics to CloudWatch using the PutMetricData APIs. Which of the below
mentioned points should the user needs to take care while sending the data to CloudWatch?
A. The size of a request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests
A sys admin is planning to subscribe to the RDS event notifications. For which of the below mentioned source
categories the subscription cannot be configured?
C. DB options group
A user is sending the data to CloudWatch using the CloudWatch API. The user is sending data 90 minutes in
the future. What will CloudWatch do in this case?
A. CloudWatch will accept the data
A user has launched an EC2 Windows instance from an instance store backed AMI. The user has also set the
Instance initiated shutdown behavior to stop. What will happen when the user shuts down the OS?
B. It is not possible to set the termination behaviour to Stop for an Instance store backed AMI instance
An organization has configured two single availability zones. The Auto Scaling groups are configured in
separate zones. The user wants to merge the groups such that one group spans across multiple zones. How can the user configure this?
B. Run the command as-update-auto-scaling-group to configure one group to span across
zones and
delete the other group
A user wants to find the particular error that occurred on a certain date in the AWS MySQL RDS DB. Which of
the below mentioned activities may help the user to get the data easily?
C. Direct the logs to the DB table and then query that table
A user has hosted an application on EC2 instances. The EC2 instances are configured with ELB and Auto
Scaling. The application server session time out is 2 hours. The user wants to configure connection draining to
ensure that all in-flight requests are supported by ELB even though the instance is being deregistered. What
time out period should the user specify for connection draining?
B. 1 hour
An organization is planning to create a user with IAM. They are trying to understand the limitations of IAM so
that they can plan accordingly. Which of the below mentioned statements is not true with respect to the
limitations of IAM?
A. One IAM user can be a part of a maximum of 5 groups
A user has created a VPC with a subnet and a security group. The user has launched an instance in that
subnet and attached a public IP. The user is still unable to connect to the instance. The internet gateway has also
been created. What can be the reason for the error?
A. The internet gateway is not configured with the route table
A user is displaying the CPU utilization, and Network in and Network out CloudWatch metrics data of a single
instance on the same graph. The graph uses one Y-axis for CPU utilization and Network in and another Y-axis
for Network out. Since Network in is too high, the CPU utilization data is not visible clearly on graph to the
user. How can the data be viewed better on the same graph?
C. Change the axis of Network by using the Switch command from the graph
How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running
on?
B. Query the appropriate Amazon CloudWatch metric.
A user is planning to set up the Multi AZ feature of RDS. Which of the below mentioned conditions won't take
advantage of the Multi AZ feature?
C. Region outage
A user is trying to understand the CloudWatch metrics for the AWS services. It is required that the user should
first understand the namespace for the AWS services. Which of the below mentioned is not a valid namespace
for the AWS services?
B. AWS/CloudTrail
A user has created a VPC with the public subnet. The user has created a security group for that VPC. Which of
the below mentioned statements is true when a security group is created?
C. It will have all the outbound traffic by default
A system admin is planning to encrypt all objects being uploaded to S3 from an application. The system admin
does not want to implement his own encryption algorithm; instead he is planning to use server side encryption
by supplying his own key (SSE-C.. Which parameter is not required while making a call for SSE-C?
A. x-amz-server-side-encryption-customer-key-AES-256
A user wants to upload a complete folder to AWS S3 using the S3 Management console. How can the user
perform this activity?
D. Use the Enable Enhanced Uploader option from the S3 console while uploading objects
An organization has configured Auto Scaling for hosting their application. The system admin wants to
understand the Auto Scaling health check process. If the instance is unhealthy, Auto Scaling launches an
instance and terminates the unhealthy instance. What is the order execution?
D. Auto Scaling terminates the instance first and then launches a new instance
A user is trying to setup a security policy for ELB. The user wants ELB to meet the cipher supported by the
client by configuring the server order preference in ELB security policy. Which of the below mentioned
preconfigured policies supports this feature?
A. ELBSecurity Policy-2014-01
A user is planning to schedule a backup for an EBS volume. The user wants security of the snapshot data. How
can the user achieve data encryption with a snapshot?
A. Use encrypted EBS volumes so that the snapshot will be encrypted by AWS
A user has two EC2 instances running in two separate regions. The user is running an internal memory
management tool, which captures the data and sends it to CloudWatch in US East, using a CLI with the same
namespace and metric. Which of the below mentioned options is true with respect to the above statement?
B. CloudWatch will receive and aggregate the data based on the namespace and metric
A user is configuring the Multi AZ feature of an RDS DB. The user came to know that this RDS DB does not
use the AWS technology, but uses server mirroring to achieve HA.
Which DB is the user using right now?
C. MS SQL
When an EC2 instance mat is backed by an S3-Dased AMI is terminated, what happens to the data on the root
volume?
A. Data is automatically deleted
A user is observing the EC2 CPU utilization metric on CloudWatch. The user has observed some interesting
patterns while filtering over the 1 week period for a particular hour. The user wants to zoom that data point to a
more granular period. How can the user do that easily with CloudWatch?
A. The user can zoom a particular period by selecting that period with the mouse and then releasing the
mouse
Which method can be used to prevent an IP address block from accessing public objects in an S3 bucket?
A. Create a bucket policy and apply it to the bucket
A user has created a subnet in VPC and launched an EC2 instance within it. The user has not selected the option
to assign the IP address while launching the instance. The user has 3 elastic IPs and is trying to assign one of the
Elastic IPs to the VPC instance from the console. The console does not show any instance in the IP assignment
screen. What is a possible reason that the instance is unavailable in the assigned IP console?
D. The IP addresses belong to EC2 Classic; so they cannot be assigned to VPC
The CFO of a company wants to allow one of his employees to view only the AWS usage report page. Which of
the below mentioned IAM policy statements allows the user to have access to the AWS usage report page?
C. "Effect": "Allow", "Action": ["aws-portal:ViewUsage"], "Resource": "*"
A user has created a VPC with public and private subnets using the VPC wizard. The VPC has CIDR
20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24 . The NAT instance ID is i-a12345. Which of the below
mentioned entries are required in the main route table attached with the private subnet to allow instances to
connect with the internet?
A. Destination: 0.0.0.0/0 and Target: i-a12345
A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling AlarmNotification (which
notifies Auto Scaling for CloudWatch alarms. process for a while. What will Auto Scaling do during this period?
B. AWS will receive the alarms but will not execute the Auto Scaling policy
A user has provisioned 2000 IOPS to the EBS volume. The application hosted on that EBS is experiencing less
IOPS than provisioned. Which of the below mentioned options does not affect the IOPS of the volume?
D. The volume size is too large
A user has created a launch configuration for Auto Scaling where CloudWatch detailed monitoring is disabled.
The user wants to now enable detailed monitoring. How can the user achieve this?
D. Create a new Launch Config with detail monitoring enabled and update the Auto Scaling group
A user is running a batch process on EBS backed EC2 instances. The batch process starts a few instances to
process hadoop Map reduce jobs which can run between 50 - 600 minutes or sometimes for more time. The
user wants to configure that the instance gets terminated only when the process is completed. How can the user
configure this with CloudWatch?
D. It is not possible to terminate instances automatically
A user has created a Cloudformation stack. The stack creates AWS services, such as EC2 instances, ELB,
AutoScaling, and RDS. While creating the stack it created EC2, ELB and AutoScaling but failed to create RDS.
What will Cloudformation do in this scenario?
C. Rollback all the changes and terminate all the created services
A user has launched two EBS backed EC2 instances in the US-East-1a region. The user wants to change the
zone of one of the instances. How can the user change it?
B. It is not possible to change the zone of an instance after it is launched
A user is using the AWS EC2. The user wants to make so that when there is an issue in the EC2 server, such as
instance status failed, it should start a new instance in the user's private cloud. Which AWS service helps to
achieve this automation?
D. AWS CloudWatch + AWS SNS
A user has created a public subnet with VPC and launched an EC2 instance within it. The user is trying to
delete the subnet. What will happen in this scenario?
B. It will not allow the user to delete the subnet until the instances are terminated
A user has created a VPC with CIDR 20.0.0.0/24. The user has used all the IPs of CIDR and wants to increase
the size of the VPC. The user has two subnets: public (20.0.0.0/28. and private (20.0.1.0/28.. How can the user
change the size of the VPC?
B. It is not possible to change the size of the VPC once it has been created
A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR
(20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to
the user's data centre. The user's data centre has CIDR 172.28.0.0/12. The user has also setup a NAT instance
(i-123456. to allow traffic to the internet from the VPN subnet. Which of the below mentioned options is not a
valid entry
for the main route table in this scenario?
A. Destination: 20.0.1.0/24 and Target: i-12345
A user is trying to pre-warm a blank EBS volume attached to a Linux instance. Which of the below mentioned
steps should be performed by the user?
C. Unmount the volume before pre-warming
A user has created a queue named "awsmodule" with SQS. One of the consumers of queue is down for 3 days
and then becomes available. Will that component receive message from queue?
A. Yes, since SQS by default stores message for 4 days
A user has configured ELB with SSL using a security policy for secure negotiation between the client and load
balancer. Which of the below mentioned security policies is supported by ELB?
C. Predefined Security Policy
A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at rest. If the
user is supplying his own keys for encryption (SSE-C., what is recommended to the user for the purpose of
security?
D. Keep rotating the encryption key manually at the client side
Amazon EBS snapshots have which of the following two characteristics?
A. EBS snapshots only save incremental changes from snapshot to snapshot,

D. EBS snapshots can only be restored and mounted to an instance in the same Availability Zone as the original
EBS volume
A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at Rest. If the
user is supplying his own keys for encryption (SSE-C., which of the below mentioned statements is true?
B. It is possible to have different encryption keys for different versions of the same object
A user has configured an HTTPS listener on an ELB. The user has not configured any security policy which can
help to negotiate SSL between the client and ELB. What will ELB do in this scenario?
B. By default ELB will select the latest version of the policy
A user is creating a Cloudformation stack. Which of the below mentioned limitations does not hold true for
Cloudformation?
A. One account by default is limited to 100 templates
A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned
services provides detailed monitoring with CloudWatch without charging the user extra?
B. AWS Route 53
A user has launched a Windows based EC2 instance. However, the instance has some issues and the user wants
to check the log. When the user checks the Instance console output from the AWS console, what will it display?
D. The last three system events' log errors
An organization has applied the below mentioned policy on an IAM group which has selected the IAM users.
What entitlements do the IAM users avail with this policy?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
C. It allows full access to all AWS services for the IAM users who are a part of this group
An application you maintain consists of multiple EC2 instances in a default tenancy VPC. This application has
undergone an internal audit and has been determined to require dedicated hardware for one instance. Your compliance team has given you a week to move this instance to single-tenant hardware.
Which process will have minimal impact on your application while complying with this requirement?
A. Create a new VPC with tenancy=dedicated and migrate to the new VPC
A user has deployed an application on an EBS backed EC2 instance. For a better performance of application, it
requires dedicated EC2 to EBS traffic. How can the user achieve this?
D. Launch the EC2 instance as EBS optimized with PIOPS EBS
An organization has setup multiple IAM users. The organization wants that each IAM user accesses the IAM
console only within the organization and not from outside. How can it achieve this?
B. Create an IAM policy with a condition which denies access when the IP address range is not from the
organization
You have private video content in S3 that you want to serve to subscribed users on the Internet. User IDs,
credentials, and subscriptions are stored in an Amazon RDS database.
Which configuration will allow you to securely serve private content to your users?
C. Create an S3 bucket policy that limits access to your private content to only your subscribed users'
credentials
George has launched three EC2 instances inside the US-East-1a zone with his AWS account. Ray has
launched two EC2 instances in the US-East-1a zone with his AWS account. Which of the below entioned
statements will help George and Ray understand the availability zone (AZ. concept better?
D. The US-East-1a region of George and Ray can be different availability zones
A user has created a VPC with a public subnet. The user has terminated all the instances which are part of the
subnet. Which of the below mentioned statements is true with respect to this scenario?
B. All network interface attached with the instances will be deleted
A user is using a small MySQL RDS DB. The user is experiencing high latency due to the Multi AZ
feature.Which of the below mentioned options may not help the user in this situation?
D. Take a snapshot from standby Replica
A user has configured an ELB to distribute the traffic among multiple instances. The user instances are facing
some issues due to the back-end servers. Which of the below mentioned CloudWatch metrics helps the user
understand the issue with the instances?
D. HTTPCode_Backend_5XX
A user has launched an RDS MySQL DB with the Multi AZ feature. The user has scheduled the scaling of
instance storage during maintenance window. What is the correct order of events during maintenance window?
Perform maintenance on standby
Promote standby to primary
Perform maintenance on original primary
Promote original master back as primary
B. 1, 2, 3
A user has created an Auto Scaling group using CLI. The user wants to enable CloudWatch detailed
monitoring for that group. How can the user configure this?
B. By default detailed monitoring is enabled for Auto Scaling
A user has created a VPC with public and private subnets using the VPC wizard. Which of the below
mentioned statements is true in this scenario?
B. VPC bounds the main route table with a private subnet and a custom route table with a public subnet
A user has launched an EC2 instance. The instance got terminated as soon as it was launched. Which of the
below mentioned options is not a possible reason for this?
A. The user account has reached the maximum EC2 instance limit
A user has launched an EC2 instance. However, due to some reason the instance was terminated. If the user
wants to find out the reason for termination, where can he find the details?
D. The user can get information from the AWS console, by checking the Instance description under the
Instance Termination reason label
A user is using Cloudformation to launch an EC2 instance and then configure an application after the instance is
launched. The user wants the stack creation of ELB and AutoScaling to wait until the EC2 instance is launched
and configured properly. How can the user configure this?
D. The user can use the WaitCondition resource to hold the creation of the other dependent resources
An organization is measuring the latency of an application every minute and storing data inside a file in the
JSON format. The organization wants to send all latency data to AWS CloudWatch. How can the organization
achieve this?
C. The user can supply the file as an input to the CloudWatch command
A user has created a subnet in VPC and launched an EC2 instance within it. The user has not selected the option
to assign the IP address while launching the instance. Which of the below mentioned statements is true with
respect to this scenario?
D. The user would need to create an internet gateway and then attach an elastic IP to the instance to
connect from internet
A user has launched multiple EC2 instances for the purpose of development and testing in the same region. The
user wants to find the separate cost for the production and development instances. How can the user find the
cost distribution?
D. The user should use Cost Allocation Tags and AWS billing reports
A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned
services does not provide detailed monitoring with CloudWatch?
A. AWS EMR
An organization has configured Auto Scaling with ELB. There is a memory issue in the application which is
causing CPU utilization to go above 90%. The higher CPU usage triggers an event for Auto Scaling as per the
scaling policy. If the user wants to find the root cause inside the application without triggering a scaling activity,
how can he achieve this?
D. Suspend the scaling process until research is completed
A user has launched an RDS postgreSQL DB with AWS. The user did not specify the maintenance window
during creation. The user has configured RDS to update the DB instance type from micro to large. If the user
wants to have it during the maintenance window, what will AWS do?
B. AWS will select the default maintenance window if the user has not provided it
George has shared an EC2 AMI created in the US East region from his AWS account with Stefano. George
copies the same AMI to the US West region. Can Stefano access the copied AMI of George's account from the
US West region?
A. No, copy AMI does not copy the permission
A user had aggregated the CloudWatch metric data on the AMI ID. The user observed some abnormal
behaviour of the CPU utilization metric while viewing the last 2 weeks of data. The user wants to share that
data with his manager. How can the user achieve this easily with the AWS console?
A. The user can use the copy URL functionality of CloudWatch to share the exact details
A user has created a VPC with public and private subnets using the VPC wizard. Which of the below
mentioned statements is not true in this scenario?
A. The VPC will create a routing instance and attach it with a public subnet
A user has created a VPC with public and private subnets using the VPC wizard. The user has not launched any
instance manually and is trying to delete the VPC. What will happen in this scenario?
D. It will not allow to delete the VPC since it has a running NAT instance
An AWS root account owner is trying to create a policy to access RDS. Which of the below mentioned
statements is true with respect to the above information?
C. The root account owner should create a policy for the IAM user and give him access to the RDS
services
A system admin wants to add more zones to the existing ELB. The system admin wants to perform this activity from CLI. Which of the below mentioned command helps the system admin to add new zones to the existing
ELB?
A. elb-enable-zones-for-lb
A user has setup a VPC with CIDR 20.0.0.0/16. The VPC has a private subnet
(20.0.1.0/24. and a public
subnet (20.0.0.0/24.. The user's data centre has CIDR of 20.0.54.0/24 and 20.1.0.0/24. If the private subnet
wants to communicate with the data centre, what will happen?
D. It will allow traffic with data centre on CIDR 20.1.0.0/24 but does not allow on 20.0.54.0/24
A user has setup a CloudWatch alarm on the EC2 instance for CPU utilization. The user has setup to receive a
notification on email when the CPU utilization is higher than 60%. The user is running a virus scan on the same
instance at a particular time. The user wants to avoid receiving an email at this time. What should the user do?
B. Disable the alarm for a while using CLI
A sys admin has enabled a log on ELB. Which of the below mentioned activities are not captured by the log?
B. Front end processing time
A user has launched 5 instances in EC2-CLASSIC and attached 5 elastic IPs to the five different instances in
the US East region. The user is creating a VPC in the same region. The user wants to assign an elastic IP to the
VPC instance. How can the user achieve this?
D. The user can allocate a new IP address in VPC as it has a different limit than EC2
A user has configured Auto Scaling with the minimum capacity as 2 and the desired capacity as 2. The user is
trying to terminate one of the existing instance with the command:
as-terminate-instance-in-auto-scaling-group<Instance ID> --decrement-desired-capacity
What will Auto Scaling do in this scenario?
D. Throws an error
The compliance department within your multi-national organization requires that all data for your customers
that reside in the European Union (EU) must not leave the EU and also data for customers that reside in the US
must not leave the US without explicit authorization.
What must you do to comply with this requirement for a web based profile management application running on
EC2?
C. Run EC2 instances in multiple Regions and leverage a third party data provider to determine if a user needs
to be redirect to the appropriate region to create their profile
A user has created an application which will be hosted on EC2. The application makes calls to DynamoDB to
fetch certain data. The application is using the DynamoDB SDK to connect with from the EC2 instance. Which
of the below mentioned statements is true with respect to the best practice for security in this scenario?
A. The user should attach an IAM role with DynamoDB access to the EC2 instance
A sysadmin has created the below mentioned policy on an S3 bucket named cloudacademy. What does this
policy define?
"Statement": [{
"Sid": "Stmt1388811069831",
"Effect": "Allow",
"Principal": { "AWS": "*"},
"Action": [ "s3:GetObjectAcl", "s3:ListBucket"],
"Resource": [ "arn:aws:s3:::cloudacademy]
}]
D. It will make the cloudacademy bucket as public
A user is using the AWS SQS to decouple the services. Which of the below mentioned operations is not
supported by SQS?
D. DeleteMessageQueue
A user is trying to create an EBS volume with the highest PIOPS supported by EBS. What is the minimum size
of EBS required to have the maximum IOPS?
C. 134
Your mission is to create a lights-out datacenter environment, and you plan to use AWS OpsWorks to
accomplish this. First you created a stack and added an App Server layer with an instance running in it. Next
you added an application to the instance, and now you need to deploy a MySQL RDS database instance.
Which of the following answers accurately describe how to add a backend database server to an OpsWorks
stack?
C. The variables that characterize the RDS database connection—host, user, and so on—are set using the
corresponding values from the deploy JSON's [:depioy][:app_name][:database] attributes.
D. Cookbook attributes are stored in a repository, so OpsWorks requires that the "password": "your_password"
attribute for the RDS instance must be encrypted using at least a 256-bit key.
E. Set up the connection between the app server and the RDS layer by using a custom recipe. The recipe
configures the app server as required, typically by creating a configuration file. The recipe gets the connection
data such as the host and database name from a set of attributes in the stack configuration and deployment
JSON that AWS OpsWorks installs on every instance.
A user has created a mobile application which makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK and root account access/secret access key to connect to DynamoDB from mobile.
Which of the below mentioned statements is true with respect to the best practice for security in this scenario?
C. The application should use an IAM role with web identity federation which validates calls
to
DynamoDB with identity providers, such as Google, Amazon, and Facebook
D. Create an IAM Role with DynamoDB access and attach it with the mobile
An organization (account ID 123412341234. has configured the IAM policy to allow the user to modify his
credentials. What will the below mentioned statement allow the user to perform?
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"iam:AddUserToGroup",
"iam:RemoveUserFromGroup",
"iam:GetGroup"
],
"Resource": "arn:aws:iam:: 123412341234:group/TestingGroup" }]
C. Allow the IAM user to update the membership of the group called TestingGroup
You have a proprietary data store on-premises that must be backed up daily by dumping the data store contents
to a single compressed 50GB file and sending the file to AWS. Your
SLAs state that any dump file backed up within the past 7 days can be retrieved within 2
hours. Your compliance department has stated that all data must be held indefinitely. The time required to
restore the data store from a backup is approximately 1 hour. Your on-premise network connection is capable of
sustaining 1gbps to AWS.
Which backup methods to AWS would be most cost-effective while still meeting all of your requirements?
D. Host the backup files on a Storage Gateway with Gateway-Cached Volumes and take daily snapshots
A user has scheduled the maintenance window of an RDS DB on Monday at 3 AM. Which of the below
mentioned events may force to take the DB instance offline during the maintenance window?
D. Security patching
A user has setup a custom application which generates a number in decimals. The user wants to track that
number and setup the alarm whenever the number is above a certain limit. The application is sending the data to
CloudWatch at regular intervals for this purpose. Which of the below mentioned statements is not true with
respect to the above scenario?
B. The user has to supply the timezone with each data point
A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR
20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is planning to host a web server in the public
subnet (port 80. and a DB server in the private subnet (port 3306.. The user is configuring a security group for
the public subnet (WebSecGrp. and the private subnet (DBSecGrp.. Which of the below mentioned entries is
required in the private subnet database security group (DBSecGrp.?
A. Allow Inbound on port 3306 for Source Web Server Security Group (WebSecGrp.
A user has configured ELB with two EBS backed instances. The user has stopped the instances for 1 week to
save costs. The user restarts the instances after 1 week. Which of the below mentioned statements will help the
user to understand the ELB and instance registration better?
C. If the instances have the same Elastic IP assigned after reboot they will be registered with ELB
In order to optimize performance for a compute cluster that requires low inter-node latency, which feature in the
following list should you use?
E. Multiple Availability Zones
A user has configured ELB with a TCP listener at ELB as well as on the back-end instances. The user wants to
enable a proxy protocol to capture the source and destination IP information in the header. Which of the below
mentioned statements helps the user understand a proxy protocol with TCP configuration?
A. If the end user is requesting behind a proxy server then the user should not enable a proxy protocol
on ELB
Which of the below mentioned AWS RDS logs cannot be viewed from the console for MySQL?
C. Transaction Log
A user is measuring the CPU utilization of a private data centre machine every minute. The machine provides
the aggregate of data every hour, such as Sum of data", "Min value", "Max value, and "Number of Data points".
The user wants to send these values to CloudWatch. How can the user achieve this?
C. Send the data using the put-metric-data command with the statistic-values parameter
A user has launched an EC2 instance store backed instance in the US-East-1a zone. The user created AMI #1
and copied it to the Europe region. After that, the user made a few
updates to the application running in the US-East-1a zone. The user makes an AMI#2 after the changes. If the
user launches a new instance in Europe from the AMI #1 copy, which of the below mentioned statements is true?
D. The new instance in the EU region will not have the changes made after the AMI copy
A user has launched an EC2 instance from an instance store backed AMI. If the user restarts the instance, what
will happen to the ephermal storage data?
D. The data is preserved
A user has launched an EBS backed EC2 instance in the US-East-1a region. The user stopped the instance and
started it back after 20 days. AWS throws up an 'InsufficientInstanceCapacity' error. What can be the possible
reason for this?
A. AWS does not have sufficient capacity in that availability zone
A user has created a VPC with public and private subnets using the VPC Wizard. The VPC has CIDR
20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24. Which of the below mentioned entries are required in
the main route table to allow the instances in VPC to communicate with each other?
D. Destination : 20.0.0.0/24 and Target : Local
A user has configured an EC2 instance in the US-East-1a zone. The user has enabled detailed monitoring of the
instance. The user is trying to get the data from CloudWatch using a CLI. Which of the below mentioned
CloudWatch endpoint URLs should the user use?
A. monitoring.us-east-1.amazonaws.com
When you put objects in Amazon S3, what is the indication that an object was successfully stored?
B. A success code is inserted into the S3 object metadata.
Which services allow the customer to retain run administrative privileges or the undertying EC2 instances?
A. AWS Elastic Beanstalk
B. Amazon Elastic Map Reduce
A user is trying to connect to a running EC2 instance using SSH. However, the user gets a Host key not found
error. Which of the below mentioned options is a possible reason for rejection?
A. The user has provided the wrong user name for the OS login
A root account owner has given full access of his S3 bucket to one of the IAM users using the bucket ACL.
When the IAM user logs in to the S3 console, which actions can he perform?
C. It is not possible to give access to an IAM user using ACL
An organization (Account ID 123412341234. has attached the below mentioned IAM policy to a user. What
does this policy statement entitle the user to perform?
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "AllowUsersAllActionsForCredentials",
"Effect": "Allow",
"Action": [
"iam:*LoginProfile",
"iam:AccessKey",
"iam:SigningCertificate"
],
"Resource": ["arn:aws:iam:: 123412341234:user/${aws:username}"]
}]
}
D. The policy allows the user to modify all IAM user's password, sign in certificates and access keys
using only CLI, SDK or APIs
A user has setup an EBS backed instance and attached 2 EBS volumes to it. The user has setup a
CloudWatch alarm on each volume for the disk data. The user has stopped the EC2 instance and detached the
EBS volumes. What will be the status of the alarms on the EBS volume?
B. Insufficient Data
An AWS account owner has setup multiple IAM users. One IAM user only has CloudWatch access. He has
setup the alarm action which stops the EC2 instances when the CPU utilization is below the threshold limit. What will happen in this case?
D. The user can setup the action but it will not be executed if the user does not have EC2 rights
A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 in
this VPC. The user is trying to create another subnet with the same VPC for CIDR 20.0.0.1/24. What will
happen in this scenario?
D. It will throw a CIDR overlaps error
A user has launched an EC2 instance and deployed a production application in it. The user wants to prohibit any
mistakes from the production team to avoid accidental termination. How can the user achieve this?
A. The user can the set DisableApiTermination attribute to avoid accidental termination
A user is trying to connect to a running EC2 instance using SSH. However, the user gets an Unprotected
Private Key File error. Which of the below mentioned options can be a possible reason for rejection?
A. The private key file has the wrong file permission
A user has configured an SSL listener at ELB as well as on the back-end instances. Which of the below
mentioned statements helps the user understand ELB traffic handling with respect to the SSL listener?
D. ELB will not modify the headers
A user has configured ELB with SSL using a security policy for secure negotiation between the client and load
balancer. The ELB security policy supports various ciphers. Which of the below mentioned options helps
identify the matching cipher at the client side to the ELB cipher list when client is requesting ELB DNS over
SSL?
C. Server Order Preference
A sysadmin has created the below mentioned policy on an S3 bucket named cloudacademy. The bucket has
both AWS.jpg and index.html objects. What does this policy define?
"Statement": [{
"Sid": "Stmt1388811069831",
"Effect": "Allow",
"Principal": { "AWS": "*"},
"Action": [ "s3:GetObjectAcl", "s3:ListBucket", "s3:GetObject"],
"Resource": [ "arn:aws:s3:::cloudacademy/*.jpg]
}]
B. It will throw an error for the wrong action and does not allow to save the policy
A user is trying to create a PIOPS EBS volume with 8 GB size and 200 IOPS. Will AWS create the volume?
C. No, the EBS size is less than 10 GB
You have a business-to-business web application running in a VPC consisting of an Elastic Load Balancer
(ELB), web servers, application servers and a database. Your web application should only accept traffic from
pre-defined customer IP addresses.
Which two options meet this security requirement?
A. Configure web server VPC security groups to allow traffic from your customers' IPs
B. Configure your web servers to filter traffic based on the ELB's "X-forwarded-for"
header
A user has a weighing plant. The user measures the weight of some goods every 5 minutes and sends data to
AWS CloudWatch for monitoring and tracking. Which of the below mentioned parameters is mandatory for the
user to include in the request list?
B. Namespace
A user has created an Auto Scaling group with default configurations from CLI. The user wants to setup the
CloudWatch alarm on the EC2 instances, which are launched by the Auto Scaling group. The user has setup an
alarm to monitor the CPU utilization every minute. Which of the below mentioned statements is true?
B. It will fetch the data at every minute as detailed monitoring on EC2 will be enabled by the default
launch configuration of Auto Scaling
A user is collecting 1000 records per second. The user wants to send the data to CloudWatch using the
custom namespace. Which of the below mentioned options is recommended for this activity?
A. Aggregate the data with statistics, such as Min, max, Average, Sum and Sample data and send the
data to CloudWatch
A user runs the command "dd if=/dev/zero of=/dev/xvdfbs=1M" on a fresh blank EBS volume attached to a
Linux instance. Which of the below mentioned activities is the user performing with the command given above?
C. Pre warming the EBS volume
A user has granted read/write permission of his S3 bucket using ACL. Which of the below mentioned options is
a valid ID to grant permission to other AWS accounts (grantee. using ACL?
D. Canonical user ID
A user has created a VPC with two subnets: one public and one private. The user is planning to run the patch
update for the instances in the private subnet. How can the instances in the private subnet connect to theinternet?
D. Use NAT with an elastic IP
A user has setup an Auto Scaling group. The group has failed to launch a single instance for more than 24 hours.
What will happen to Auto Scaling in this condition?
B. Auto Scaling will suspend the scaling process
How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone
to another?
D. Detach the volume and attach it to another EC2 instance in the other AZ.
A user has launched an EC2 instance from an instance store backed AMI. The user has attached an additional
instance store volume to the instance. The user wants to create an AMI from the running instance. Will the AMI
have the additional instance store volume data?
A. Yes, the block device mapping will have information about the additional instance store volume
A user is trying to create a PIOPS EBS volume with 4000 IOPS and 100 GB size. AWS does not allow the user
to create this volume. What is the possible root cause for this?
A. The ratio between IOPS and the EBS volume is higher than 30
What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment if the
primary DB instance fails?
D. The RDS (Relational Database Service) DB instance reboots.
An organization has configured Auto Scaling with ELB. One of the instance health check returns the status as
Impaired to Auto Scaling. What will Auto Scaling do in this scenario?
B. Terminate the instance and launch a new instance
A user has launched an EBS backed instance with EC2-Classic. The user stops and starts the instance. Which of
the below mentioned statements is not true with respect to the stop/start action?
C. The Elastic IP remains associated with the instance
A user is having data generated randomly based on a certain event. The user wants to upload that data to
CloudWatch. It may happen that event may not have data generated for some period due to andomness. Which
of the below mentioned options is a recommended option for this case?
C. For the period when there is no data the user should send the value as 0
A user is planning to use AWS services for his web application. If the user is trying to set up his own billing
management system for AWS, how can he configure it?
A. Set up programmatic billing access. Download and parse the bill as per the requirement
A user has configured ELB with SSL using a security policy for secure negotiation between the client and load
balancer. Which of the below mentioned SSL protocols is not supported by the security policy?
A. TLS 1.3
A user has moved an object to Glacier using the life cycle rules. The user requests to restore the archive after 6
months. When the restore request is completed the user accesses that archive. Which of the below mentioned
statements is not true in this condition?
B. The restored object's storage class will be RRS
A user is configuring a CloudWatch alarm on RDS to receive a notification when the CPU utilization of RDS is
higher than 50%. The user has setup an alarm when there is some inactivity on RDS, such as RDS
unavailability. How can the user configure this?
B. Setup the notification when the state is Insufficient Data
A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR
20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user is planning to host a web server in the public
subnet (port 80. and a DB server in the private subnet (port 3306.. The
user is configuring a security group for the public subnet (WebSecGrp. and the private subnet (DBSecGrp..
Which of the below mentioned entries is required in the web server security group (WebSecGrp.?
A. Configure Destination as DB Security group ID (DbSecGrp. for port 3306 Outbound
An AWS account wants to be part of the consolidated billing of his organization's payee account. How can the
owner of that account achieve this?
C. The payee account will send a request to the linked account to be a part of consolidated billing
An organization has launched 5 instances: 2 for production and 3 for testing. The organization wants that one
particular group of IAM users should only access the test instances and not the production ones. How can the
organization set that as a part of the policy?
D. Define the tags on the test and production servers and add a condition to the IAM policy which allows
access to specific tags
A user has created a VPC with public and private subnets. The VPC has CIDR 20.0.0.0/16. The private subnet
uses CIDR 20.0.1.0/24 and the public subnet uses CIDR 20.0.0.0/24. The user is planning to host a web server
in the public subnet (port 80. and a DB server in the private subnet (port 3306.. The user is configuring a
security group of the NAT instance. Which of the below mentioned entries is not required for the NAT security
group?
C. For Inbound allow Source: 20.0.0.0/24 on port 80
A root account owner is trying to understand the S3 bucket ACL. Which of the below mentioned options cannot
be used to grant ACL on the object using the authorized predefined group?
D. Canonical user group
YOU MIGHT ALSO LIKE...
STUDY GUIDE