Notes: Hi all, AWS SysOps Administrator Associate Practice Exam will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics.
We highly recommend you should take AWS SysOps Administrator Associate Guarantee Part because it include real questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.

1.Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases’ decreases and has been performing well. Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks. Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175. What should you do to avoid potential service disruptions during the ramp up in traffic?

A. Ensure that you have pre-allocated 175 Elastic IP addresses so that each server will be able to obtain one as it launches.
B. Check the service limits in Trusted Advisor and adjust as necessary so the forecasted count remains within limits.
C. Change your Auto Scaling configuration to set a desired capacity of 175 prior to the launch of the marketing campaign.
D.Pre-warm your Elastic Load Balancer to match the requests per second anticipated during peak demand prior to the marketing
campaign.

2.An application that you are managing has EC2 instances & Dynamo OB tables deployed to several AWS Regions. In order to monitor the performance of the application globally, you would like to see two graphs:
1.) Avg CPU Utilization across all EC2 instances
2.) Number of Throttled Requests for all DynamoDB tables

How can you accomplish this?

A. Tag your resources with the application name, and select the tag name as the dimension in the Cloudwatch Management console to view the respective graphs.
B. Use the Cloud Watch CLI tools to pull the respective metrics from each regional endpoint.
Aggregate the data offline & store it for graphing in CloudWatch.
C. Add SNMP traps to each instance and DynamoDB table. Leverage a central monitoring server to capture data from each instance and table. Put the aggregate data into Cloud Watch for graphing.
D. Add a CloudWatch agent to each instance and attach one to each DynamoDB table.
When configuring the agent set the appropriate application name & view the graphs in CloudWatch.

3.How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?

A. Query the appropriate Amazon CloudWatch metric.
B. Use ipconfig or ifconfig command.
C. Query the local instance userdata.
D. Query the local instance metadata.

4. An organization has configured a VPC with an Internet Gateway (IGW). pairs of public and private subnets(each with one subnet per Availability Zone), and an Elastic Load Balancer (ELB) configured to use the public subnets The applications web tier leverages the ELB. Auto Scaling and a mum-AZ RDS database instance The organization would like to eliminate any potential single points ft failure in this design.What step should you take to achieve this organization’s objective?

A. Nothing, there are no single points of failure in this architecture.
B. Create and attach a second IGW to provide redundant internet connectivity.
C. Create and configure a second Elastic Load Balancer to provide a redundant load balancer.
D. Create a second multi-AZ RDS instance in another Availability Zone and configure replication to provide a redundant database.

5.When an EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store volumes?

A. Data will be deleted and win no longer be accessible
B. Data is automatically saved in an EBS volume.
C. Data is automatically saved as an EBS snapshot
D. Data is unavailable until the instance is restarted

6. You have an Auto Scaling group associated with an Elastic Load Balancer (ELB). You have noticed that instances launched via the Auto Scaling group are being marked unhealthy due to an ELB health check, but these unhealthy instances are not being terminated. What do you need to do to ensure trial instances marked unhealthy by the ELB will be terminated and replaced?

A. Change the thresholds set on the Auto Scaling group health check
B. Add an Elastic Load Balancing health check to your Auto Scaling group
C. Increase the value for the Health check interval set on the Elastic Load Balancer
D. Change the health check set on the Elastic Load Balancer to use TCP rather than HTTP checks

7. How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone to another?

A. Simply create a new volume in the other AZ and specify the original volume as the source.
B. Detach the volume, then use the ec2-migrate-volume command to move it to another AZ.
C. Create a snapshot of the volume, and create a new volume from the snapshot in the other AZ.
D. Detach the volume and attach it to another EC2 instance in the other AZ.

8. Your team Is excited about the use of AWS because now they have access to programmable Infrastructure”. You have been asked to manage your AWS infrastructure In a manner similar to the way you might manage application code You want to be able to deploy exact copies of different versions of your infrastructure, stage changes into different environments, revert back to previous versions, and identify what versions are running at any particular time (development test QA . production). Which approach addresses this requirement?

A. Use cost allocation reports and AWS Opsworks to deploy and manage your infrastructure.
B. Use AWS CloudWatch metrics and alerts along with resource tagging to deploy and manage your infrastructure.
C. Use AWS Beanstalk and a version control system like GIT to deploy and manage your infrastructure.
D. Use AWS CloudFormation and a version control system like GIT to deploy and manage your infrastructure.

9. You have been asked to leverage Amazon VPC BC2 and SOS to implement an application that submits and receives millions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS
Which option will provide the most scalable solution for communicating between the application and SQS

A. Ensure the application instances are properly configured with an Elastic Load Balancer
B. Ensure the application instances are launched in private subnets with the EBS-optimized option enabled
C. Ensure the application instances are launched in public subnets with the associate-public-IP-address=true option enabled
D. Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SQS queue size

10. Which of the following are characteristics of Amazon VPC subnets?
Choose 2 answers

A. Each subnet maps to a single Availability Zone
B. A CIDR block mask of /25 is the smallest range supported
C. Instances in a private subnet can communicate with the internet only if they have an Elastic IP.
D. By default, all subnets can route between each other, whether they are private or public
E. V Each subnet spans at least 2 Availability zones to provide a high-availability environment

11. Your business is building a new application that will store its entire customer database on a RDS MySQL database, and will have various applications and users that will query that data for different purposes. Large analytics jobs on the database are likely to cause other applications to not be able to get the query results they need to, before time out. Also, as your data grows, these analytics jobs will start to take more time, increasing the negative effect on the other applications. How do you solve the contention issues between these different workloads on the same data?

A. Enable Multi-AZ mode on the RDS instance
B. Use ElastiCache to offload the analytics job data
C. Create RDS Read-Replicas for the analytics work
D. Run the RDS instance on the largest size possible

12. You have started a new job and are reviewing your company’s infrastructure on AWS. You notice one web application where they have an Elastic Load Balancer (ELB) in front of web instances in an Auto Scaling Group. When you check the metrics for the ELB in CloudWatch you see four healthy instances. In Availability Zone (AZ) A and zero in AZ B There are zero unhealthy instances. What do you need to fix to balance the instances across AZs?

A. Set the ELB to only be attached to another AZ
B. Make sure Auto Scaling is configured to launch in both AZs
C. Make sure your AMI is available in both AZs
D. Make sure the maximum size of the Auto Scaling Group is greater than 4

13. You run a web application with the following components Elastic Load Balancer (EL8), 3 Web/Application servers, 1 MySQL RDS database with read replicas, and Amazon Simple Storage Service (Amazon S3) for static content. Average response time for users is increasing slowly. What three CloudWatch RDS metrics will allow you to identify if the database is the bottleneck? Choose 3 answers

A. The number of outstanding IOs waiting to access the disk.
B. The amount of write latency.
C. The amount of disk space occupied by binary logs on the master.
D. The amount of time a Read Replica DB Instance lags behind the source DB Instance
E. The average number of disk I/O operations per second.

14. You have a web-style application with a stateless but CPU and memory-intensive web tier running on a cc2 8xlarge EC2 instance inside of a VPC The instance when under load is having problems returning requests within the SLA as defined by your business The application maintains its state in a DynamoDB table, but the data tier is properly provisioned and responses are consistently fast. How can you best resolve the issue of the application responses not meeting your SLA?

A. Add another cc2 8xlarge application instance, and put both behind an Elastic Load Balancer
B. Move the cc2 8xlarge to the same Availability Zone as the DynamoDB table
C. Cache the database responses in ElastiCache for more rapid access
E. Move the database from DynamoDB to RDS MySQL in scale-out read-replica configuration

15. You have set up Individual AWS accounts for each project. You have been asked to make sure your AWS Infrastructure costs do not exceed the budget set per project for each month. Which of the following approaches can help ensure that you do not exceed the budget each month?

A. Consolidate your accounts so you have a single bill for all accounts and projects
B. Set up auto scaling with CloudWatch alarms using SNS to notify you when you are running too many Instances in a given account
C. Set up CloudWatch billing alerts for all AWS resources used by each project, with a notification occurring when the amount for each resource tagged to a particular project matches the budget allocated to the project.
D. Set up CloudWatch billing alerts for all AWS resources used by each account, with email notifications when it hits 50%. 80% and 90% of its budgeted monthly spend

16. What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment if the primary DB instance fails?

A. The IP of the primary DB Instance is switched to the standby DB Instance.
B. A new DB instance is created in the standby availability zone.
C. The canonical name record (CNAME) is changed from primary to standby.
D. The RDS (Relational Database Service) DB instance reboots.

17. An organization’s security policy requires multiple copies of all critical data to be replicated across at least a primary and backup data center. The organization has decided to store some critical data on Amazon S3. Which option should you implement to ensure this requirement is met?

A. Use the S3 copy API to replicate data between two S3 buckets in different regions
B. You do not need to implement anything since S3 data is automatically replicated between regions
C. Use the S3 copy API to replicate data between two S3 buckets in different facilities within an AWS Region
D. You do not need to implement anything since S3 data is automatically replicated between multiple facilities within an AWS Region

18. You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers deployed using an Auto Scaling Group Your database is running on Relational Database Service (RDS) The application serves out technical articles and responses to them in general there are more views of an article than there are responses to the article. On occasion, an article on the site becomes extremely popular resulting in significant traffic Increases that causes the site to go down. What could you do to help alleviate the pressure on the infrastructure while maintaining availability during these events? Choose 3 answers

A. Leverage CloudFront for the delivery of the articles.
B. Add RDS read-replicas for the read traffic going to your relational database
C. Leverage ElastiCache for caching the most frequently used data.
D. Use SOS to queue up the requests for the technical posts and deliver them out of the queue.
E. Use Route53 health checks to fail over to an S3 bucket for an error page.

19. You have been asked to automate many routine systems administrator backup and recovery activities. Your current plan is to leverage AWS-managed solutions as much as possible and automate the rest with the AWS CLI and scripts. Which task would be best accomplished with a script?

A. Creating daily EBS snapshots with a monthly rotation of snapshots
B. Creating daily RDS snapshots with a monthly rotation of snapshots
C. Automatically detect and stop unused or underutilized EC2 instances
D. Automatically add Auto Scaled EC2 instances to an Amazon Elastic Load Balancer

20. You are using ElastiCache Memcached to store session state and cache database queries in your infrastructure. You notice in CloudWatch that Evictions and GetMisses are Doth very high. What two actions could you take to rectify this?
Choose 2 answers

A. Increase the number of nodes in your cluster
B. Tweak the max_item_size parameter
C. Shrink the number of nodes in your cluster
D. Increase the size of the nodes in the duster

21.An administrator creates a Private VLAN with a Primary VLAN ID of 2. The administrator than creates three Private VLANs as follows:
Marketing
PVLAN ID. 4
PVLAN Type. Isolated
Accounting
PVLAN ID. 5
PVLAN Type. Community
Secretary
PVLAN ID. 17
PVLAN Type. Isolated
Users in the Accounting PVLAN are reporting problems communicating with servers in the Marketing PVLAN. Which two actions could the administrator take to resolve this problem? (Choose two.)

A. Change the PVLAN type for the Accounting network to Promiscuous.
B. Change the PVLAN ID for the Accounting network to 2.
C. Change the PVLAN type for Marketing network to Promiscuous.
D. Change the PVLAN ID for Accounting network to 4.

22. A media company produces new video files on-premises every day with a total size of around 100GBS after compression All files have a size of 1 -2 GB and need to be uploaded to Amazon S3 every night in a fixed time window between 3am and 5am Current upload takes almost 3 hours, although less than half of the available bandwidth is used. What step(s) would ensure that the file uploads are able to complete in the allotted time window?

A. Increase your network bandwidth to provide faster throughput to S3
B. Upload the files in parallel to S3
C. Pack all files into a single archive, upload it to S3, then extract the files in AWS
D. Use AWS Import/Export to transfer the video files

23.How can the domain’s zone apex, for example, “myzoneapexdomain.com”, be pointed towards an Elastic Load Balancer?

A. By using an Amazon Route 53 Alias record
B. By using an AAAA record
C. By using an Amazon Route 53 CNAME record
D. By using an A record

23. In order to optimize performance for a compute cluster that requires low inter-node latency, which feature in the following list should you use?

A. AWS Direct Connect
B. Placement Groups
C. VPC private subnets
D. EC2 Dedicated Instances
E. Multiple Availability Zones

24. You are designing a system that has a Bastion host. This component needs to be highly available without human intervention. Which of the following approaches would you select?

A. Run the bastion on two instances one in each AZ
B. Run the bastion on an active Instance in one AZ and have an AMI ready to boot up in the event of failure
C. Configure the bastion instance in an Auto Scaling group Specify the Auto Scaling group to include multiple AZs but have a min-size of 1 and max-size of 1
D. Configure an ELB in front of the bastion instance

25. An application you maintain consists of multiple EC2 instances in a default tenancy VPC. This application has undergone an internal audit and has been determined to require dedicated hardware for one instance. Your compliance team has given you a week to move this instance to single-tenant hardware.
Which process will have minimal impact on your application while complying with this requirement?

A. Create a new VPC with tenancy=dedicated and migrate to the new VPC
B. Use ec2-reboot-instances command line and set the parameter “dedicated=true”
C. Right click on the instance, select properties and check the box for dedicated tenancy
D. Stop the instance, create an AMI, launch a new instance with tenancy=dedicated, and terminate the old instance

26. You are attempting to connect to an instance in Amazon VPC without success You have already verified that the VPC has an Internet Gateway (IGW) the instance has an associated Elastic IP (EIP) and correct security group rules are in place. Which VPC component should you evaluate next?

A. The configuration of a NAT instance
B. The configuration of the Routing Table
C. The configuration of the internet Gateway (IGW)
D. The configuration of SRC/DST checking

27. You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration. Which two mechanisms will allow the application to failover to new instances without the need for reconfiguration? Choose 2 answers

A. Create an ELB to reroute traffic to a failover instance
B. Create a secondary ENI that can be moved to a failover instance
C. Use Route53 health checks to fail traffic over to a failover instance
D. Assign a secondary private IP address to the primary ENIO that can be moved to a failover instance

28. You are tasked with the migration of a highly trafficked Node JS application to AWS In order to comply with organizational standards Chef recipes must be used to configure the application servers that host this application and to support application lifecycle events. Which deployment option meets these requirements while minimizing administrative burden?

A. Create a new stack within Opsworks add the appropriate layers to the stack and deploy the application
B. Create a new application within Elastic Beanstalk and deploy this application to a new environment
C. Launch a Mode JS server from a community AMI and manually deploy the application to the launched EC2
instance
D. Launch and configure Chef Server on an EC2 instance and leverage the AWS CLI to launch application
servers and configure those instances using Chef.

29. Your EC2-Based Multi-tier application includes a monitoring instance that periodically makes application -level read only requests of various application components and if any of those fail more than three times 30 seconds calls Cloud Watch lo fire an alarm, and the alarm notifies your operations team by email and SMS of a possible application health problem. However, you also need to watch the watcher-the monitoring instance itself-and be notified if it becomes unhealthy. Which of the following Is a simple way to achieve that goal?

A. Run another monitoring instance that pings the monitoring instance and fires a could watch alarm mat notifies your operations team should the primary monitoring instance become unhealthy.
B. Set a Cloud Watch alarm based on EC2 system and instance status checks and have the alarm notify your operations team of any detected problem with the monitoring instance.
C. Set a Cloud Watch alarm based on the CPU utilization of the monitoring instance and nave the alarm notifies your operations
team if C r the CPU usage exceeds 50% few more than one minute: then have your monitoring application go into a CPU-bound
loop should it Detect any application problems.
D. Have the monitoring instances post messages to an SOS queue and then dequeuer those messages on another instance
should DC-the queue cease to have new messages, the second instance should first terminate the original monitoring instance
start another backup monitoring instance and assume the role of the previous monitoring instance and beginning adding messages
to the SOS queue.

30. You have a server with a 5O0GB Amazon EBS data volume. The volume is 80% full. You need to back up the volume at regular intervals and be able to re-create the volume in a new Availability Zone in the shortest time possible. All applications using the volume can be paused for a period of a few minutes with no discernible user impact. Which of the following backup methods will best fulfill your requirements?

A. Take periodic snapshots of the EBS volume
B. Use a third party Incremental backup application to back up to Amazon Glacier
C. Periodically back up all data to a single compressed archive and archive to Amazon S3 using a parallelized multi-part upload
D. Create another EBS volume in the second Availability Zone attach it to the Amazon EC2 instance, and use a disk manager to mirror me two disks

31. Your application currently leverages AWS Auto Scaling to grow and shrink as load Increases’ decreases and has been performing well. Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 weeks. Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175. What should you do to avoid potential service disruptions during the ramp up in traffic?

A. Ensure that you have pre-allocated 175 Elastic IP addresses so that each server will be able to obtain one as it launches.
B. Check the service limits in Trusted Advisor and adjust as necessary so the forecasted count remains within limits.
C. Change your Auto Scaling configuration to set a desired capacity of 175 prior to the launch of the marketing campaign.
D. Pre-warm your Elastic Load Balancer to match the requests per second anticipated during peak demand prior to the marketing campaign.

32. When attached to an Amazon VPC which two components provide connectivity with external networks? (Choose two.)

A. Elastic IPS (EIP)
B. NAT Gateway (NAT)
C. Internet Gateway {IGW)
D. Virtual Private Gateway (VGW)

33. You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration. Which two mechanisms will allow the application to failover to new instances without the need for reconfiguration? (Choose two.)

A. Create an ELB to reroute traffic to a failover instance
B. Create a secondary ENI that can be moved to a failover instance
C. Use Route53 health checks to fail traffic over to a failover instance
D. Assign a secondary private IP address to the primary ENIO that can De moved to a failover instance

34. You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied tor then ext 24 hours. Which of the following is the best method to quickly and temporarily deny access from the specified IPaddress block?

A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block
B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block
C. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block
D. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block

35. You are running a web-application on AWS consisting of the following components an Elastic Load Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and Relational DataBase Service (RDS) MySQL. Which security measures fall into AWS’s responsibility?

A. Protect the EC2 instances against unsolicited access by enforcing the principle of least-privilege access
B. Protect against IP spoofing or packet sniffing
C. Assure all communication between EC2 instances and ELB is encrypted
D. Install latest security patches on ELB. RDS and EC2 instances

36. You have been asked to automate many routine systems administrator backup and recovery activities. Your current plan is to leverage AWS-managed solutions as much as possible and automate the rest with the AWS CLI and scripts. Which task would be best accomplished with a script?

A. Creating daily EBS snapshots with a monthly rotation of snapshots
B. Creating daily RDS snapshots with a monthly rotation of snapshots
C. Automatically detect and stop unused or underutilized EC2 instances
D. Automatically add Auto Scaled EC2 instances to an Amazon Elastic Load Balancer

37. Your entire AWS infrastructure lives inside of one Amazon VPC. You have an Infrastructure monitoring application running on an Amazon instance in Availability Zone (AZ) A of the region, and another application instance running in AZB)The monitoring application needs to make use of ICMP ping to confirm network reachability of the instance hosting the application. Can you configure the security groups for these instances to only allow the ICMP ping to pass from the monitoring instance to the application instance and nothing else” If so how?

A. No. Two instances in two different AZ’s can’t talk directly to each other via ICMP ping as that protocol is not allowed across subnet (ie broadcast) boundaries.
B. Yes. Both the monitoring instance and the application instance have to be a part of the same security group, and that security group needs to allow inbound ICMP.
C. Yes. The security group for the monitoring instance needs to allow outbound ICMP and the application instance’s security group needs to allow Inbound ICMP.
D. Yes. Both the monitoring instance’s security group and the application instance’s security group need to allow both inbound and outbound ICMP ping packets since ICMP is not a connection-oriented protocol.

38. You run a web application where web servers on EC2 Instances are In an Auto Scaling group Monitoring over the last 6 months shows that 6 web servers are necessary to handle the minimum load During the day up to 12 servers are needed Five to six days per year, the number of web servers required might go up to 15. What would you recommend to minimize costs while being able to provide high availability?

A. 6 Reserved instances (heavy utilization). 6 Reserved instances {medium utilization), rest covered by On-Demand instances.
B. 6 Reserved instances (heavy utilization). 6 On-Demand instances, rest covered by Spot Instances.
C. 6 Reserved instances (heavy utilization). 6 Spot instances, rest covered by On-Demand instances.
D. 6 Reserved instances (heavy utilization). 6 Reserved instances (medium utilization) rest covered by Spot instances.

39. You are tasked with the migration of a highly trafficked Node JS application to AWS. In order to comply with organizationalstandards Chef recipes must be used to configure the application servers that host this application and to supportapplication lifecycle events. Which deployment option meets these requirements while minimizing administrative burden?

A. Create a new stack within Opsworks add the appropriate layers to the stack and deploy the application.
B. Create a new application within Elastic Beanstalk and deploy this application to a new environment.
C. Launch a Mode JS server from a community AMI and manually deploy the application to the launched EC2 instance.
D. Launch and configure Chef Server on an EC2 instance and leverage the AWS CLI to launch application servers and configure those instances using Chef.

40. Which services allow the customer to retain full administrative privileges of the underlying EC2 instances? (Choose two.)

A. Amazon Elastic Map Reduce
B. Elastic Load Balancing
C. AWS Elastic Beanstalk
D. Amazon Elastic cache
E. Amazon Relational Database service

41. When assessing an organization s use of AWS API access credentials which of the following three credentials should be evaluated? (Choose three.)

A. Key pairs
B. Console passwords
C. Access keys
D. Signing certificates
E. Security Group memberships

42. What are characteristics of Amazon S3? (Choose two.)

A. Objects are directly accessible via a URL
B. S3 should be used to host a relational database
C. S3 allows you to store objects or virtually unlimited size
D. S3 allows you to store virtually unlimited amounts of data
E. S3 offers Provisioned IOPS

43. An application that you are managing has EC2 instances & Dynamo OB tables deployed to several AWS Regions. Inorder to monitor the performance of the application globally, you would like to see two graphs:1.) Avg CPU Utilization across all EC2 instances2.) Number of Throttled Requests for all DynamoDB tablesHow can you accomplish this?
A. Tag your resources with the application name, and select the tag name as the dimension in the Cloudwatch Management console to view the respective graphs.
B. Use the Cloud Watch CLI tools to pull the respective metrics from each regional endpoint. Aggregate the data offline & store it for graphing in CloudWatch.
C. Add SNMP traps to each instance and DynamoDB table. Leverage a central monitoring server to capture data from each instance and table. Put the aggregate data into Cloud Watch for graphing.
D. Add a CloudWatch agent to each instance and attach one to each DynamoDB table. When configuring the agent set the appropriate application name & view the graphs in CloudWatch.

44. Your EC2-Based Multi-tier application includes a monitoring instance that periodically makes application-level read onlyrequests of various application components and if any of those fail more than three times 30 seconds calls CloudWatchlo fire an alarm, and the alarm notifies your operations team by email and SMS of a possible application health problem.However, you also need to watch the watcher-the monitoring instance itself-and be notified if it becomes unhealthy. Whichof the following Is a simple way to achieve that goal?
A. Run another monitoring instance that pings the monitoring instance and fires a could watch alarm mat notifies your operations team should the primary monitoring instance become unhealthy.
B. Set a CloudWatch alarm based on EC2 system and instance status checks and have the alarm notify your operations team of any detected problem with the monitoring instance.
C. Set a CloudWatch alarm based on the CPU utilization of the monitoring instance and have the alarm notify your operations team if the CPU usage exceeds 50% few more than one minute, then have your monitoring application go into a CPU-bound loop should it detect any application problems.
D. Have the monitoring instances post messages to an SQS queue and then dequeue those messages on another instance should the queue cease to have new messages, the second instance should first terminate the original monitoring instance start another backup monitoring instance and assume the role of the previous monitoring instance and beginning adding messages to the SQS queue.

45. Your organization’s security policy requires that all privileged users either use frequently rotated passwords or one-timeaccess credentials in addition to username/password. Which two of the following options would allow an organization toenforce this policy for AWS users? (Choose two.)
A. Configure multi-factor authentication for privileged 1AM users
B. Create IAM users for privileged accounts
C. Implement identity federation between your organization’s Identity provider leveraging the 1AM Security Token Service
D. Enable the IAM single-use password policy option for privileged users

46. Which of the following requires a custom CloudWatch metric to monitor?
A. Data transfer of an EC2 instance
B. Disk usage activity of an EC2 instance
C. Memory Utilization of an EC2 instance
D. CPU Utilization of an EC2mstance

47. You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch. Which method would be the best way to authenticate your CloudWatch PUT request?
A. Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to launch instances in that role
B. Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch configuration to inject the userscredentials into the instance User Data
C. Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission to instances from the Auto Scaling group
D. Create an IAM user with the PutMetricData permission and put the credentials in a private repository and have applications on the server pull the credentials as needed

48. Which two AWS services provide out-of-the-box user configurable automatic backup-as-a-service and backup rotation options? (Choose two.)
A. Amazon S3
B. Amazon RDS
C. Amazon EBS
D. Amazon Red shift

49. A customer has a web application that uses cookie Based sessions to track logged in users It Is deployed on AWS usingELB and Auto Scaling. The customer observes that when load increases. Auto Scaling launches new Instances but theload on the easting Instances does not decrease, causing all existing users to have a sluggish experience. Which twoanswer choices independently describe a behavior that could be the cause of the sluggish user experience? (Choosetwo.)
A. ELB’s normal behavior sends requests from the same user to the same backend instance.
B. ELB’s behavior when sticky sessions are enabled causes ELB to send requests in the same session to the same backend instance.
C. A faulty browser is not honoring the TTL of the ELB DNS name.
D. The web application uses long polling such as comet or websockets. Thereby keeping a connection open to a web server tor a long time.

50. When creation of an EBS snapshot Is initiated but not completed the EBS volume?
A. Cannot De detached or attached to an EC2 instance until me snapshot completes
B. Can be used in read-only mode while me snapshot is in progress
C. Can be used while me snapshot Is in progress
D. Cannot be used until the snapshot completes

51. You have set up Individual AWS accounts for each project. You have been asked to make sure your AWS Infrastructurecosts do not exceed the budget set per project for each month. Which of the following approaches can help ensure thatyou do not exceed the budget each month?
A. Consolidate your accounts so you have a single bill for all accounts and projects.
B. Set up auto scaling with CloudWatch alarms using SNS to notify you when you are running too many Instances in a given account.
C. Set up CloudWatch billing alerts for all AWS resources used by each project, with a notification occurring when the amount for each resource tagged to a particular project matches the budget allocated to the project.
D. Set up CloudWatch billing alerts for all AWS resources used by each account, with email notifications when it hits 50%. 80% and 90% of its budgeted monthly spend.

52. What is a placement group?
A. A collection of Auto Scaling groups in the same Region
B. Feature that enables EC2 instances to interact with each other via nigh bandwidth, low latency connections
C. A collection of Elastic Load Balancers in the same Region or Availability Zone
D. A collection of authorized Cloud Front edge locations for a distribution

53. You need to design a VPC for a web-application consisting of an Elastic Load Balancer (ELB). A fleet of web/applicationservers, and an RDS database. The entire Infrastructure must be distributed over 2 availability zones. Which VPCconfiguration works while assuring the database is not available from the Internet?
A. One public subnet for ELB one public subnet for the web-servers, and one private subnet for the database
B. One public subnet for ELB two private subnets for the web-servers, two private subnets for RDS
C. Two public subnets for ELB two private subnets for the web-servers and two private subnets for RDS
D. Two public subnets for ELB two public subnets for the web-servers, and two public subnets for RDS

54. You have a web-style application with a stateless but CPU and memory-intensive web tier running on a cc2 8xlarge EC2instance inside of a VPC. The instance when under load is having problems returning requests within the SLA as definedby your business The application maintains its state in a DynamoDB table, but the data tier is properly provisioned andresponses are consistently fast. How can you best resolve the issue of the application responses not meeting your SLA?
A. Add another cc2 8xlarge application instance, and put both behind an Elastic Load Balancer
B. Move the cc2 8xlarge to the same Availability Zone as the DynamoDB table
C. Cache the database responses in ElastiCache for more rapid access
D. Move the database from DynamoDB to RDS MySQL in scale-out read-replica configuration

55. You are using ElastiCache Memcached to store session state and cache database queries in your infrastructure Younotice in Cloud Watch that Evictions and GetMisses are Doth very high. What two actions could you take to rectify this?(Choose two.)
A. Increase the number of nodes in your cluster
B. Tweak the max-item-size parameter
C. Shrink the number of nodes in your cluster
D. Increase the size of the nodes in the duster

56. You have a Linux EC2 web server instance running inside a VPC The instance is In a public subnet and has an EIPassociated with it so you can connect to It over the Internet via HTTP or SSH The instance was also fully accessible whenyou last logged in via SSH. and was also serving web requests on port 80. Now you are not able to SSH into the host nordoes it respond to web requests on port 80 that were working fine last time you checked. You have double-checked thatall networking configuration parameters (security groups route tables. IGW’EIP, NACLs etc.) are properly configured {andyou haven’t made any changes to those anyway since you were last able to reach the Instance). You look at the EC2console and notice that system status check shows “impaired”. Which should be your next step in troubleshooting andattempting to get the instance back to a healthy state so that you can log in again?
A. Stop and start the instance so that it will be able to be redeployed on a healthy host system that most likely will fix the “impaired” system status.
B. Reboot your instance so that the operating system will have a chance to boot in a clean healthy state that most likely will fix the ‘impaired” system status.
C. Add another dynamic private IP address to me instance and try to connect via mat new path, since the networking stack of the OS may be locked up causing the “impaired” system status.
D. Add another Elastic Network Interface to the instance and try to connect via that new path since the networking stack of the OS may be locked up causing the “impaired” system status.
E. un-map and then re-map the EIP to the instance, since the IGWVNAT gateway may not be working properly, causing the “impaired” system status.

57. The majority of your Infrastructure is on premises and you have a small footprint on AWS. Your company has decided toroll out a new application that is heavily dependent on low latency connectivity to LOAP for authentication. Your securitypolicy requires minimal changes to the company’s existing application user management processes. What option wouldyou implement to successfully launch this application?
A. Create a second, independent LOAP server in AWS for your application to use for authentication
B. Establish a VPN connection so your applications can authenticate against your existing on-premises LDAP servers
C. Establish a VPN connection between your data center and AWS create a LDAP replica on AWS and configure your application to use the LDAP replica for authentication
D. Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between your new and existing domains and use the new domain for authentication

58. You have been asked to propose a multi-region deployment of a web-facing application where a controlled portion ofyour traffic is being processed by an alternate region. Which configuration would achieve that goal?
A. Route53 record sets with weighted routing policy
B. Route53 record sets with latency based routing policy
C. Auto Scaling with scheduled scaling actions set
D. Elastic Load Balancing with health checks enabled
59. You have been asked to leverage Amazon VPC BC2 and SQS to implement an application that submits and receives millions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS. Which option will provide the most scalable solution for communicating betweenthe application and SQS?
A. Ensure the application instances are properly configured with an Elastic Load Balancer
B. Ensure the application instances are launched in private subnets with the EBS-optimized option enabled
C. Ensure the application instances are launched in public subnets with the associate-public-IP address=true option enabled
D. Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SQS queue size

60. You are using ElastiCache Memcached to store session state and cache database queries in your infrastructure. Younotice in Cloud Watch that Evictions and GetMisses are Doth very high. What two actions could you take to rectify this?(Choose two.)
A. Increase the number of nodes in your cluster
B. Tweak the max-item-size parameter
C. Shrink the number of nodes in your cluster
D. Increase the size of the nodes in the duster

61. Which of the following statements about this S3 bucket policy is true?
{
“Id”: “IPAllowPolicy”
“Statement”:[
{
“Sid”: “IPAllow”,
“Action”: “s3”,
“Effect”: “Allow”,
“Resource”: “arn:aws:s3:::mybucket/*,
“Condition”: {
“IPAddress”: {
“aws:SourceIP”: “192.168.100.0/24”
},
“NotipAddress”: {
“aws:SourceIp”: “192.168.100.188/32
}
},
“Principal”: {
“AWS”: {
“*”
]
}
}
]
}

A. Denies the server with the IP address 192.166 100.0 full access to the “mybucket” bucket
B. Denies the server with the IP address 192.166 100.188 full access to the “mybucket bucket
C. Grants all the servers within the 192 168 100 0/24 subnet full access to the “mybucket” bucket
D. Grants all the servers within the 192 168 100 188/32 subnet full access to the “mybucket” bucket

62. You are tasked with setting up a cluster of EC2 Instances for a NoSQL database. The database requires randomread IO disk performance up to a 100,000 IOPS at 4KB block side per node.Which of the following EC2 instances will perform the best for this workload?
A. A High-Memory Quadruple Extra Large (m2.4xlarge) with EBS-Optimized set to true and a PIOPs EBS volume
B. A Cluster Compute Eight Extra Large (cc2.8xlarge) using instance storage
C. High I/O Quadruple Extra Large (hi1.4xlarge) using instance storage
D. A Cluster GPU Quadruple Extra Large (cg1.4xlarge) using four separate 4000 PIOPS EBS volumes in a RAID 0 configuration

63. A media company produces new video files on-premises every day with a total size of around 100GBS after compression All files have a size of 1 -2 GB and need to be uploaded to Amazon S3 every night in a fixed timewindow between 3am and 5am Current upload takes almost 3 hours, although less than half of the availablebandwidth is used.What step(s) would ensure that the file uploads are able to complete in the allotted time window?
A. Increase your network bandwidth to provide faster throughput to S3
B. Upload the files in parallel to S3
C. Pack all files into a single archive, upload it to S3, then extract the files in AWS
D. Use AWS Import/Export to transfer the video files