A company creates custom AMI images by launching new Amazon EC2 instances from an flaws CloudFormation template. It installs and configures necessary software through flaws OpsWorks, and takes images of each EC2 instance. The process of installing and configuring software can take between 2 to 3 hours, but at times, the process stalls due to installation errors.
The SysOps Administrator must modify the CloudFormation template so if the process stalls, the entire stack will fail and roll back.
Based on these requirements, what should be added to the template?

A. Conditions with a timeout set to 4 hours.

B. CreationPolicy with a timeout set to 4 hours.

C. DependsOn with a timeout set to 4 hours.

D. Metadata with a timeout set to 4 hours.

A user has setup an Auto Scaling group. The group has failed to launch a single instance for more than 24 hours. What will happen to Auto Scaling in this condition?

A. Auto Scaling will keep trying to launch the instance for 72 hours

B. Auto Scaling will suspend the scaling process

C. Auto Scaling will start an instance in a separate region

D. The Auto Scaling group will be terminated automatically

A company has 50 flaws accounts and wants to create an identical Amazon VPC in each account. Any changes the company makes to the VPCs in the future must be implemented on every VPC.
What is the SIMPLEST method to deploy and update the VPCs in each account?

A. Create an flaws CloudFormation template defines the VPC. Log in to the flaws Management Console under each account and create a stack from the template.

B. Create a shell script that configures the VPC using the flaws CLI. Provide a list of accounts to the script from a text file, then create the VPC in every account in the list.

C. Create an flaws Lambda function that configures the VPC. Store the account information in Amazon DynamoDB, grant Lambda access to the DynamoDB table, then create the VPC in every account in the list.

D. Create an flaws CloudFormation template that defines the VPC. Create an flaws CloudFormation StackSet based on the template, then deploy the template to all accounts using the stack set.

In Amazon RDS, which of the following provides enhanced availability and durability for Database (DB) Instances, making them to be a natural fit for production database workloads?

A. Placement Groups

B. Multi-Option Group deployment

C. Multi-AZ deployment

D. Multi-VPC deployment

A SysOps Administrator is responsible for maintaining an Amazon EC2 instance that acts as a bastion host. The Administrator can successfully connect to the instance using SSH, but attempts to ping the instance result in a timeout.
What is one reason for the issue?

A. The instance does not have an Elastic IP address

B. The instance has a security group that does not allow Internet Control Message Protocol (ICMP) traffic

C. The instance is not set up in a VPC using flaws Direct Connect

D. The instance is running in a peered VPC

A user has launched an EC2 instance from an instance store backed AMI. The infrastructure team wants to create an AMI from the running instance. Which of the below mentioned steps will not be performed while creating the AMI?

A. Define the AMI launch permissions

B. Upload the bundled volume

C. Register the AMI

D. Bundle the volume

A user has setup a CloudWatch alarm on an EC2 action when the CPU utilization is above 75%. The alarm sends a notification to SNS on the alarm state. If the user wants to simulate the alarm action how can he achieve this?

A. Run activities on the CPU such that its utilization reaches above 75%

B. From the flaws console change the state to ‘Alarm’

C. The user can set the alarm state to ‘Alarm’ using CLI

D. Run the SNS action manually

The InfoSec team has asked the SysOps Administrator to perform some hardening on the company Amazon RDS database instances.
Based on this requirement, what actions should be recommended for the start of the security review? (Choose two.)

A. Use Amazon Inspector to present a detailed report of security vulnerabilities across the RDS database fleet

B. Review the security group’s inbound access rules for least privilege

C. Export flaws CloudTrail entries detailing all SSH activity on the RDS instances

D. Use the cat command to enumerate the allowed SSH keys in ~/.ssh on each RDS instance

E. Report on the Parameter Group settings and ensure that encrypted connections are enforced

A SysOps Administrator is maintaining an application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). Users are reporting errors when attempting to launch the application. The Administrator notices an increase in the HTTPCode_ELB_5xx_Count Amazon CloudWatch metric for the load balancer.
What is a possible cause for this increase?

A. The ALB is associated with private subnets within the VPC.

B. The ALB received a request from a client, but the client closed the connection.

C. The ALB security group is not configured to allow inbound traffic from the users.

D. The ALB target group does not contain healthy EC2 instances.

A user has setup a custom application which generates a number in decimals. The user wants to track that number and setup the alarm whenever the number is above a certain limit. The application is sending the data to CloudWatch at regular intervals for this purpose. Which of the below mentioned statements is not true with respect to the above scenario?

A. The user can get the aggregate data of the numbers generated over a minute and send it to CloudWatch

B. The user has to supply the time zone with each data point

C. CloudWatch will not truncate the number until it has an exponent larger than 126 (i.e. (1 x 10^126))

D. The user can create a file in the JSON format with the metric name and value and supply it to CloudWatch

A SysOps Administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and
Amazon EC2 in a VPC. All services have logging enabled. The Administrator needs to investigate HTTP Layer 7 status codes from the web application.
Which log sources contain the status codes? (Choose two.)

A. VPC Flow Logs

B. flaws CloudTrail logs

C. ALB access logs

D. CloudFront access logs

E. RDS logs

A company issued SSL certificates to its users, and needs to ensure the private keys that are used to sign the certificates are encrypted. The company needs to be able to store the private keys and perform cryptographic signing operations in a secure environment.
Which service should be used to meet these requirements?

A. flaws CloudHSM

B. flaws KMS

C. flaws Certificate Manager

D. Amazon Connect

A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24.
The user is planning to host a web server in the public subnet (port 80. and a DB server in the private subnet (port 3306). The user is configuring a security group for the public subnet (WebSecGrp. and the private subnet (DBSecGrp). Which of the below mentioned entries is required in the private subnet database security group (DBSecGrp)?

A. Allow Inbound on port 3306 for Source Web Server Security Group (WebSecGrp)

B. Allow Inbound on port 3306 from source 20.0.0.0/16

C. Allow Outbound on port 3306 for Destination Web Server Security Group (WebSecGrp)

D. Allow Outbound on port 80 for Destination NAT Instance IP

A user has configured ELB with three instances. The user wants to achieve High Availability as well as redundancy with ELB. Which of the below mentioned flaws services helps the user achieve this for ELB?

A. Route 53

B. flaws Mechanical Turk

C. Auto Scaling

D. flaws EMR

A user has created a web application with Auto Scaling. The user is regularly monitoring the application and he observed that the traffic is highest on Thursday and Friday between 8 AM to 6 PM. What is the best solution to handle scaling in this case?

A. Add a new instance manually by 8 AM Thursday and terminate the same by 6 PM Friday

B. Schedule Auto Scaling to scale up by 8 AM Thursday and scale down after 6 PM on Friday

C. Schedule a policy which may scale up every day at 8 AM and scales down by 6 PM

D. Configure a batch process to add an instance by 8 AM and remove it by Friday 6 PM

A user has configured Auto Scaling with 3 instances. The user had created a new AMI after updating one of the instances. If the user wants to terminate two specific instances to ensure that Auto Scaling launches an instances with the new launch configuration, which command should he run?

A. as-delete-instance-in-auto-scaling-group –no-decrement-desired-capacity

B. as-terminate-instance-in-auto-scaling-group –update-desired-capacity

C. as-terminate-instance-in-auto-scaling-group –decrement-desired-capacity

D. as-terminate-instance-in-auto-scaling-group –no-decrement-desired-capacity

Which of the following activities is NOT performed by the Auto Scaling policy?

A. Changing instance types

B. Scaling up instance counts

C. Maintaining current instance levels

D. Scaling down instance counts

An organization has created a Queue named `modularqueue` with SQS. The organization is not performing any operations such as SendMessage,
ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission on the queue. What can happen in this scenario?

A. flaws SQS sends notification after 15 days for inactivity on queue

B. flaws SQS can delete queue after 30 days without notification

C. flaws SQS marks queue inactive after 30 days

D. flaws SQS notifies the user after 2 weeks and deletes the queue after 3 weeks.

A user is trying to understand the CloudWatch metrics for the flaws services. It is required that the user should first understand the namespace for the flaws services. Which of the below mentioned is not a valid namespace for the flaws services?

A. flaws/StorageGateway

B. flaws/CloudTrail

C. flaws/ElastiCache

D. flaws/SWF

An application running on Amazon EC2 needs login credentials to access a database. The login credentials are stored in flaws Systems Manager Parameter Store as secure string parameters.
What is the MOST secure way to grant the application access to the credentials?

A. Create an IAM EC2 role for the EC2 instances and grant the role permission to read the Systems Manager parameters

B. Create an IAM group for the application and grant the group permissions to read the Systems Manager parameters

C. Create an IAM policy for the application and grant the policy permission to read the Systems Manager parameters

D. Create an IAM user for the application and grant the user permission to read the Systems Manager parameters

A user is aware that a huge download is occurring on his instance. He has already set the Auto Scal-ing policy to increase the instance count when the network I/
O increases beyond a certain limit. How can the user ensure that this temporary event does not result in scaling?

A. The policy cannot be set on the network I/O

B. There is no way the user can stop scaling as it is already configured

C. The network I/O are not affected during data download

D. He can suspend scaling temporarily

What is a "vault" in Amazon Glacier?

A. A unique ID that maps an flaws Region, plus a specific Amazon S3 bucket

B. A way to group archives together in Amazon Glacier

C. A container for storing S3 buckets

D. A free tier available for 12 months following your flaws sign-up date

A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR
(20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user's data center. Which of the below mentioned options is a valid entry for the main route table in this scenario?

A. Destination: 20.0.0.0/24 and Target: vgw-12345

B. Destination: 20.0.0.0/16 and Target: ALL

C. Destination: 20.0.1.0/16 and Target: vgw-12345

D. Destination: 0.0.0.0/0 and Target: vgw-12345

A company needs to deploy a web application on two Amazon EC2 instances behind an Application Load Balancer (ALB). Two EC2 instances will also be deployed to host the database. The infrastructure needs to be designed across Availability Zones (AZs) for high availability and must limit public access to the instances as much as possible.
How should this be achieved within a VPC?

A. Use two AZs and create a public subnet in each AZ for the Application Load Balancer, a private subnet in each AZ for the web servers, and a private subnet in each AZ for the database servers.

B. Use two AZs and create a public subnet in each AZ for the Application Load Balancer, a public subnet in each AZ for the web servers, and a public subnet in each AZ for the database servers.

C. Use two AZs and create one public subnet for the Application Load Balancer, a private subnet in each AZ for the web servers, and a public subnet in each AZ for the database servers.

D. Use two AZs and create one public subnet for the Application Load Balancer, a public subnet in each AZ for the web servers, and a private subnet in each AZ for the database servers.

What does Amazon EC2 provide?

A. A platform to run code (Java, PHP, Python), paying on an hourly basis

B. A physical computing environment

C. Virtual Server Hosting

D. Domain Name System (DNS)

A user has deployed an application on his private cloud. The user is using his own monitoring tool. He wants to configure that whenever there is an error, the monitoring tool should notify him via SMS. Which of the below mentioned flaws services will help in this scenario?

A. None because the user infrastructure is in the private cloud/

B. flaws SNS

C. flaws SES

D. flaws SMS

If you specify only the general endpoint (autoscaling.amazonaws.com), Auto Scaling directs your request to the:

A. us-west-2 endpoint.

B. eu-central-1.

C. eu-west-1 endpoint.

D. us-east-1 endpoint.

A company has an application that is running on an Amazon EC2 instance in one Availability Zone. A SysOps administrator needs to make the application highly available. The SysOps administrator has created a launch configuration from the running EC2 instance. The SysOps administrator also has properly configured a load balancer.
What should the SysOps administrator do next to make the application highly available?

A. Create an Auto Scaling group by using the launch configuration across at least two Availability Zones. Configure a minimum capacity of 1, a desired capacity of 1, and a maximum capacity of 1.

B. Create an Auto Scaling group by using the launch configuration across at least three Availability Zones. Configure a minimum capacity of 2, a desired capacity of 2, and a maximum capacity of 2.

C. Create an Auto Scaling group by using the launch configuration across at least two flaws Regions. Configure a minimum capacity of 1, a desired capacity of 1, and a maximum capacity of 1.

D. Create an Auto Scaling group by using the launch configuration across at least three flaws Regions. Configure a minimum capacity of 2, a desired capacity of 2, and a maximum capacity of 2.

A SysOps Administrator is required to monitor free space on Amazon EBS volumes attached to Microsoft Windows-based Amazon EC2 instances within a company's account. The Administrator must be alerted to potential issues.
What should the Administrator do to receive email alerts before low storage space affects EC2 instance performance?

A. Use built-in Amazon CloudWatch metrics, and configure CloudWatch alarms and an Amazon SNS topic for email notifications

B. Use flaws CloudTrail logs and configure the trail to send notifications to an Amazon SNS topic

C. Use the Amazon CloudWatch agent to send disk space metrics, then set up CloudWatch alarms using an Amazon SNS topic

D. Use flaws Trusted Advisor and enable email notification alerts for EC2 disk space

An flaws account wants to be part of the consolidated billing of his organization's payee account. How can the owner of that account achieve this?

A. The payee account has to request flaws support to link the other accounts with his account

B. The owner of the linked account should add the payee account to his master account list from the billing console

C. The payee account will send a request to the linked account to be a part of consolidated billing

D. The owner of the linked account requests the payee account to add his account to consolidated billing

A user has enabled the CloudWatch alarm to estimate the usage charges. If the user disables moni-toring of the estimated charges but does not delete the billing alert from the flaws account, what will happen?

A. The user cannot edit the existing billing alarm.

B. The data collection on estimated charges is stopped.

C. It is not possible to disable monitoring of the estimated charges.

D. flaws will stop sending the billing alerts to the user.

What does the flaws Storage Gateway provide?

A. It provides data security features by enabling an encrypted data storage on Amazon S3.

B. It provides an encrypted SSL endpoint for backups in the cloud.

C. It provides seamless integration with data security features between your on-premises IT envi-ronment and the Amazon Web Services (flaws) storage infrastructure.

D. It provides a backup solution to on-premises Cloud storage.

An organization is planning to create 5 different flaws accounts considering various security requirements. The organization wants to use a single payee account by using the consolidated billing option. Which of the below mentioned statements is true with respect to the above information?

A. Master (Payee. account will get only the total bill and cannot see the cost incurred by each account

B. Master (Payee. account can view only the flaws billing details of the linked accounts

C. It is not recommended to use consolidated billing since the payee account will have access to the linked accounts

D. Each flaws account needs to create an flaws billing policy to provide permission to the payee account

A company is using an Amazon ElastiCache for Redis cluster in a production environment. To align with the company's technical requirements, a SysOps administrator needs to select a deployment to provide increased availability and fault tolerance.
Which action should the SysOps administrator take to accomplish this goal?

A. Deploy the ElastiCache cluster with Memcached as the engine.

B. Deploy the Redis cluster within an Auto Scaling group to launch replicas across multiple Availability Zones.

C. Verify that cluster mode is disabled. Increase the number of shards.

D. Verify that Multi-AZ with automatic failover is enabled. Place replicas in multiple Availability Zones.

A SysOps Administrator must evaluate storage solutions to replace a company's current user-shared drives infrastructure. Any solution must support security controls that enable Portable Operating System Interface (POSIX) permissions and Network File System protocols. Additionally, any solution must be accessible from multiple Amazon EC2 instances and on-premises servers connected to the Amazon VPC.
Which flaws service meets the user drive requirements?

A. Amazon S3

B. Amazon EFS

C. Amazon EBS

D. Amazon SQS

An organization finds that a high number of gp2 Amazon EBS volumes are running out of space.
Which solution will provide the LEAST disruption with MINIMAL effort?

A. Create a snapshot and restore it to a larger gp2 volume.

B. Create a RAID 0 with another new gp2 volume to increase capacity.

C. Leverage the Elastic Volumes feature of EBS to increase gp2 volume size.

D. Write a script to migrate data to a larger gp2 volume.

An organization would like to set up an option for its Developers to receive an email whenever production Amazon EC2 instances are running over 80% CPU utilization.
How can this be accomplished using an Amazon CloudWatch alarm?

A. Configure the alarm to send emails to subscribers using Amazon SES.

B. Configure the alarm to send emails to subscribers using Amazon SNS.

C. Configure the alarm to send emails to subscribers using Amazon Inspector.

D. Configure the alarm to send emails to subscribers using Amazon Cognito.

A SysOps Administrator receives a connection timeout error when attempting to connect to an Amazon EC2 instance from a home network using SSH. The
Administrator was able to connect to this EC2 instance using from their office network in the past.
What caused the connection to time out?

A. The IAM role associated with the EC2 instance does not allow SSH connections from the home network.

B. The public key used by SSH located on the Administrator’s server does not have the required permissions.

C. The route table contains a route that sends 0.0.0.0/0 to the internet gateway for the VPC.

D. The security group is not allowing inbound traffic from the home network on the SSH port.

A SysOps Administrator is tasked with deploying and managing a single CloudFormation template across multiple flaws accounts.
What feature of flaws CloudFormation will accomplish this?

A. Change sets

B. Nested stacks

C. Stack policies

D. StackSets

A root flaws account owner has created three IAM users: Bob, John and Michael. Michael is the IAM administrator. Bob and John are not the super users, but users with some pre-defined policies. John does not have access to modify his password. Thus, he asks Bob to change his password. How can Bob change
John's password?

A. This statement is false. Only Michael can change the password for John

B. This is possible if Michael can add Bob to a group which has permissions to modify the IAM passwords

C. It is not possible for John to modify his password

D. Provided Bob is the manager of John

An organization stores files on Amazon S3. Employees download the files, edit them with the same file name to the same folder on Amazon S3. Occasionally the files are unintentionally modified or deleted.
What is the MOST cost-effective way to ensure that these files can be recovered to their correct state?

A. Enable cross-region replication on the Amazon S3 bucket

B. Enable versioning on the Amazon S3 bucket

C. Use Lifecycle Management to move the files to Amazon Glacier

D. Copy the edited files to Amazon Elastic File System

Which of the following statements is true of Elastic Load Balancing?

A. It distributes traffic only to instances across different Availability Zones.

B. It distributes the outgoing traffic across multiple EC2 instances.

C. It distributes incoming traffic across multiple EC2 instances.

D. It distributes traffic only to instances across a single Availability Zone.

What was the recommended use case for S3 Reduced Redundancy storage before its deprecation was planned?

A. It was used to reduce storage costs by providing 500 times the durability of a typical disk drive at lower levels of redundancy.

B. It was used to reduce storage costs for noncritical data at lower levels of redundancy.

C. It was used to reduce storage costs by allowing you to destroy any copy of your files outside a specific jurisdiction.

D. It was used to reduce storage costs for reproducible data at high levels of redundancy in a single facility.

An HTTP web application is launched on Amazon EC2 instances behind an ELB Application Load Balancer. The EC2 instances run across multiple Availability
Zones. A network ACL and a security group for the load balancer and EC2 instances allow inbound traffic on port 80. After launch, the website cannot be reached over the internet.
What additional step should be taken?

A. Add a rule to the security group allowing outbound traffic on port 80.

B. Add a rule to the network ACL allowing outbound traffic on port 80.

C. Add a rule to the security group allowing outbound traffic on ports 1024 through 65535.

D. Add a rule to the network ACL allowing outbound traffic on ports 1024 through 65535.

A SysOps administrator is evaluating Amazon Route 53 DNS options to address concerns about high availability for an on-premises website. The website consists of two servers: a primary active server and a secondary passive server. Route 53 should route traffic to the primary server if the associated health check returns
2xx or 3xx HTTP codes. All other traffic should be directed to the secondary passive server. The failover record type, set ID, and routing policy have been set appropriately for both primary and secondary servers.
Which next step should be taken to configure Route 53?

A. Create an A record for each server. Associate the records with the Route 53 HTTP health check.

B. Create an A record for each server. Associate the records with the Route 53 TCP health check.

C. Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 HTTP health check.

D. Create an alias record for each server with evaluate target health set to yes. Associate the records with the Route 53 TCP health check.

A company needs to have real-time access to image data while seamlessly maintaining a copy of the images in an offsite location for disaster recovery purposes.
Which solution meets the requirement?

A. Create an flaws Storage Gateway volume gateway configured as a stored volume. Mount it from clients using Internet Small Computer System Interface (iSCSI).

B. Mount an Amazon EFS volume on a local server. Share this volume with employees who need access to the images.

C. Store the images in Amazon S3, and use flaws Data Pipeline to allow for caching of S3 data on local workstations.

D. Use Amazon S3 for file storage, and enable S3 Transfer Acceleration to maintain a cache for frequently used files to increase local performance.

A user has created a subnet with VPC and launched an EC2 instance in that subnet with only default settings. Which of the below mentioned options is ready to use on the EC2 instance as soon as it is launched?

A. Elastic IP

B. Private IP

C. Public IP

D. Internet gateway

A company must share monthly report files that are uploaded to Amazon S3 with a third party. The third-party user list is dynamic, is distributed, and changes frequently. The least amount of access must be granted to the third party. Administrative overhead must be low for the internal teams who manage the process.
How can this be accomplished while providing the LEAST amount of access to the third party?

A. Allow only specified IP addresses to access the S3 buckets which will host files that need to be provided to the third party.

B. Create an IAM role with the appropriate access to the S3 bucket, and grant login permissions to the console for the third party to access the S3 bucket.

C. Create a pre-signed URL that can be distributed by email to the third party, allowing it to download specific S3 filed.

D. Have the third party sign up for an flaws account, and grant it cross-account access to the appropriate S3 bucket in the source account.

A user has configured ELB with Auto Scaling. The user temporarily suspended the Auto Scaling terminate process. What might the Availability Zone Rebalancing process (AZRebalance) conse-quently cause during this period?

A. Auto Scaling will keep launching instances in all AZs until the maximum instance number is reached.

B. AZ Rebalancing might now allow Auto Scaling to launch or terminate any instances.

C. AZ Rebalancing might allow the number instances in an Availability Zone to remain higher than the maximum size

D. It is not possible to suspend the terminate process while keeping the launch active.

Based on the flaws Shared Responsibility Model, which of the following actions are the responsibility of the customer for an Aurora database?

A. Performing underlying OS updates

B. Provisioning of storage for database

C. Scheduling maintenance, patches, and other updates

D. Executing maintenance, patches, and other updates