A corporate website is hosted on several Amazon EC2 instances across multiple regions around the globe.
How should an Administrator configure the website to maintain high availability with minimal downtime if one of the regions has network connectivity congestion for an extended period of time?

A. Create an Elastic Load Balancer in front of all the Amazon EC2 instances.

B. Create an Elastic Load Balancer that fails over to the secondary site when the primary site is not reachable.

C. Create an Amazon Route 53 Latency Based Routing Record Set that resolves to an Elastic Load Balancer in each region. Set an appropriate health check on each ELB.

D. Create an Amazon Route 53 latency Based Routing Record Set that resolves to Elastic Load Balancers I each region and has the Evaluate Target Health flag set to ג€trueג€.

You have been asked to automate many routine systems administrator backup and recovery activities. Your current plan is to leverage flaws-managed solutions as much as possible and automate the rest with the flaws CLI and scripts.
Which task would be best accomplished with a script?

A. Creating daily EBS snapshots with a monthly rotation of snapshots

B. Creating daily RDS snapshots with a monthly rotation of snapshots

C. Automatically detect and stop unused or underutilized EC2 instances

D. Automatically add Auto Scaled EC2 instances to an Amazon Elastic Load Balancer

Application developers are reporting Access Denied errors when trying to list the contents of an Amazon S3 bucket by using the IAM user
`arn:flaws:iam::111111111111:user/application`. The following S3 bucket policy is in use:
How should a SysOps Administrator modify the S3 bucket policy to fix the issue?

A. Change the ג€Effectג€ from ג€Allowג€ to ג€Denyג€

B. Change the ג€Actionג€ from ג€s3:List*ג€ to ג€s3:ListBucketג€

C. Change the ג€Resourceג€ from ג€arn:flaws:s3:::bucketname/*ג€ to ג€arn:flaws:s3:::bucketnameג€

D. Change the ג€Principalג€ from ג€arn:flaws:iam::111111111111:user/applicationג€ to ג€arn:flaws:iam::111111111111:role/applicationג€

How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone to another?

A. Simply create a new volume in the other AZ and specify the original volume as the source.

B. Detach the volume, then use the ec2-migrate-volume command to move it to another AZ.

C. Create a snapshot of the volume, and create a new volume from the snapshot in the other AZ.

D. Detach the volume and attach it to another EC2 instance in the other AZ.

Is it possible to protect the connections between your application servers and your MySQL instances using SSL encryption?

A. Yes, it is possible but only in certain regions.

B. Yes

C. No

D. Yes, it is possible but only in VPC.

What does AMI stand for?

A. Amazon Machine Image

B. Advanced Machine Instance

C. Amazon Micro Instance

D. Advanced Machine Image

What is the default maximum number of VPCs allowed per region?

A. 5

B. 15

C. 100

D. 10

A user has setup a VPC with CIDR 20.0.0.0/16. The VPC has a private subnet (20.0.1.0/24. and a public subnet (20.0.0.0/24.. The user's data center has CIDR of
20.0.54.0/24 and 20.1.0.0/24. If the private subnet wants to communicate with the data center, what will happen?

A. It will allow traffic communication on both the CIDRs of the data center

B. It will not allow traffic with data center on CIDR 20.1.0.0/24 but allows traffic communication on 20.0.54.0/24

C. It will not allow traffic communication on any of the data center CIDRs

D. It will allow traffic with data center on CIDR 20.1.0.0/24 but does not allow on 20.0.54.0/24

A SysOps Administrator has configured a CloudWatch agent to send custom metrics to Amazon CloudWatch and is now assembling a CloudWatch dashboard to display these metrics.
What steps should the Administrator take to complete this task?

A. Select the flaws Namespace, filter by metric name, then add to the dashboard.

B. Add a text widget, select the appropriate metric from the custom namespace, then add to the dashboard.

C. Select the appropriate widget and metrics from the custom namespace, then add to the dashboard.

D. Open the CloudWatch console, from the CloudWatch Events, add all custom metrics.

An application hosted on flaws is going through an external compliance assessment. An Administrator has been tasked with providing proof of physical security at the facilities that are hosting the application.
What should the Administrator do?

A. Work with flaws support to schedule a tour for the auditors.

B. Send a copy of the flaws Security whitepaper to the auditors.

C. Obtain a relevant report from flaws Artifact and share it with the auditors.

D. Find the address for the flaws Direct Connect facility on the flaws Website.

An organization stores sensitive customer in S3 buckets protected by bucket policies. Recently, there have been reports that unauthorized entities within the company have been trying to access the data on those S3 buckets. The Chief Information Security Officer (CISO) would like to know which buckets are being targeted and determine who is responsible for trying to access that information.
Which steps should a SysOps Administrator take to meet the CISO's requirement? (Choose two.)

A. Enable Amazon S3 Analytics on all affected S3 buckets to obtain a report of which buckets are being accessed without authorization.

B. Enable Amazon S3 Server Access Logging on all affected S3 buckets and have the logs stored in a bucket dedicated for logs.

C. Use Amazon Athena to query S3 Analytics report for HTTP 403 errors, and determine the IAM user or role making the requests.

D. Use Amazon Athena to query the S3 Server Access Logs for HTTP 403 errors, and determine the IAM user or role making the requests.

E. Use Amazon Athena to query the S3 Server Access Logs for HTTP 503 errors, and determine the IAM user or role making the requests.

Pricing is ____ consumed for EC2 instances.

A. per instance-hour only

B. per instance-minute or instance-hour

C. per instance-second or per instance-hour

D. per instance-minute only

What are the benefits of CloudTrail integration with CloudWatch Logs?

A. It delivers API activity captured by CloudTrail to an S3 bucket.

B. It doesn’t exist

C. It delivers SDK activity captured by CloudTrail to a CloudWatch Logs log stream.

D. It delivers API activity captured by CloudTrail to a CloudWatch Logs log stream.

A gaming application is deployed on four Amazon EC2 instances in a default VPC. The SysOps Administrator has noticed consistently high latency in responses as data is transferred among the four instances. There is no way for the Administrator to alter the application code.
The MOST effective way to reduce latency is to relaunch the EC2 instances in:

A. a dedicated VPC.

B. a single subnet inside the VPC.

C. a placement group.

D. a single Availability Zone.

What is a security group in Amazon flaws?

A. A UNIX Group that gives permission to edit security settings

B. An authorized group of instances that control access to other resources

C. A virtual firewall that controls the traffic for one or more instances

D. An Access Control List (ACL) for flaws resources

An organization has developed a new memory-intensive application that is deployed to a large Amazon EC2 Linux fleet. There is concern about potential memory exhaustion, so the Development team wants to monitor memory usage by using Amazon CloudWatch.
What is the MOST efficient way to accomplish this goal?

A. Deploy the solution to memory-optimized EC2 instances, and use the CloudWatch MemoryUtilization metric

B. Enable the Memory Monitoring option by using flaws Config

C. Install the flaws Systems Manager agent on the applicable EC2 instances to monitor memory

D. Monitor memory by using a script within the instance, and send it to CloudWatch as a custom metric

You have an Auto Scaling group associated with an Elastic Load Balancer (ELB). You have noticed that instances launched via the Auto Scaling group are being marked unhealthy due to an ELB health check, but these unhealthy instances are not being terminated.
What do you need to do to ensure trial instances marked unhealthy by the ELB will be terminated and replaced?

A. Change the thresholds set on the Auto Scaling group health check

B. Add an Elastic Load Balancing health check to your Auto Scaling group

C. Increase the value for the Health check interval set on the Elastic Load Balancer

D. Change the health check set on the Elastic Load Balancer to use TCP rather than HTTP checks

A user wants to make so that whenever the CPU utilization of the flaws EC2 instance is above 90%, the redlight of his bedroom turns on. Which of the below mentioned flaws services is helpful for this purpose?

A. flaws CloudWatch + flaws SES

B. flaws CloudWatch + flaws SNS

C. None. It is not possible to configure the light with the flaws infrastructure services

D. flaws CloudWatch and a dedicated software turning on the light

Which instance characteristics are required if an Administrator wants to ensure use of the Amazon EC2 auto-recovery option? (Choose two.)

A. The instance only has EBS volumes.

B. The instance has EC2 Instance Store root volumes.

C. The tenancy attribute is set to ג€defaultג€ (shred tenancy).

D. The tenancy attribute is set to ג€Dedicatedג€.

E. The instance type belongs to the d2, i2 or i3 instance type.

A user has created numerous EBS volumes. What is the general limit for each flaws account for the maximum number of EBS volumes that can be created?

A. 10000

B. 5000

C. 100

D. 1000

Amazon Relational Database Service integrates with _____, a service that lets your organization create users and groups under your organization's flaws account and assign unique security creden-tials to each user.

A. Amazon RDS tags

B. flaws IAM

C. flaws Lambda

D. Amazon EMR

A user has configured ELB with two EBS backed EC2 instances. The user is trying to understand the DNS access and IP support for ELB. Which of the below mentioned statements may not help the user understand the IP mechanism supported by ELB?

A. The client can connect over IPV4 or IPV6 using Dualstack

B. ELB DNS supports both IPV4 and IPV6

C. Communication between the load balancer and back-end instances is always through IPV4

D. The ELB supports either IPV4 or IPV6 but not both

A Developer created an flaws Lambda function and has asked the SysOps Administrator to make this function run every 15 minutes.
What is the MOST efficient way to accomplish this request?

A. Create an Amazon EC2 instance and schedule a cron to invoke the Lambda function.

B. Create a Repeat Time variable inside the Lambda function to invoke the Lamdba function.

C. Create a second Lambda function to monitor and invoke the first Lamdba function.

D. Create an Amazon CloudWatch scheduled event to invoke the Lambda function.

A fleet of servers must send local logs to Amazon CloudWatch.
How should the servers be configured to meet this requirement?

A. Configure flaws Config to forward events to CloudWatch.

B. Configure a Simple Network Management Protocol (SNMP) agent to forward events to CloudWatch.

C. Install and configure the unified CloudWatch agent.

D. Install and configure the Amazon Inspector agent.

How many metrics are supported by CloudWatch for Auto Scaling?

A. 8 metrics and 1 dimension

B. 7 metrics and 5 dimension

C. 5 metrics and 1 dimension

D. 1 metric and 5 dimensions

What is Amazon CloudFront?

A. A global Content Delivery Network

B. An encrypted endpoint to upload files to the Cloud

C. A web service to schedule regular data movement

D. A development front-end to Amazon Web Services

The CFO of a company wants to allow one of his employees to view only the flaws usage report page. Which of the below mentioned IAM policy statements allows the user to have access to the flaws usage report page?

A. “Effect”: “Allow”, “Action”: [ג€Describeג€], “Resource”: “Billing”

B. “Effect”: “Allow”, “Action”: [“AccountUsage], “Resource”: “*”

C. “Effect”: “Allow”, “Action”: [“flaws-portal:ViewUsage”], “Resource”: “*”

D. “Effect”: “Allow”, “Action”: [“flaws-portal: ViewBilling”], “Resource”: “*”

A SysOps Administrator must take a team's single existing flaws CloudFormation template and split it into smaller, service-specific templates. All of the services in the template reference a single, shared Amazon S3 bucket.
What should the Administrator do to ensure that this S3 bucket can be referenced by all the service templates?

A. Include the S3 bucket as a mapping in each template.

B. Add the S3 bucket as a resource in each template.

C. Create the S3 bucket in its own template and export it.

D. Generate the S3 bucket using StackSets.

A .NET application that you manage is running in Elastic Beanstalk. Your developers tell you they will need access to application log files to debug issues that arise. The infrastructure will scale up and down.
How can you ensure the developers will be able to access only the log files?

A. Access the log files directly from Elastic Beanstalk

B. Enable log file rotation to S3 within the Elastic Beanstalk configuration

C. Ask your developers to enable log file rotation in the applications web.config file

D. Connect to each Instance launched by Elastic Beanstalk and create a Windows Scheduled task to rotate the log files to S3.

Recently several critical files were mistakenly deleted from a shared Amazon S3 bucket. A SysOps Administrator needs to prevent accidental deletions from occurring in the future by enabling MFA Delete.
Once enabled, which bucket activities will require MFA authentication? (Choose two.)

A. Permanently removing an object version from the bucket

B. Disabling default object encryption for the bucket

C. Listing all versions of deleted objects in the bucket

D. Suspending versioning on the bucket

E. Enabling MFA Add on the bucket

A SysOps administrator recently launched an application consisting of web servers running on Amazon EC2 instances, an Amazon ElastiCache cluster communicating on port 6379, and an Amazon RDS for PostgreSQL DB instance communicating on port 5432. The web servers are in the security group web-sg, the ElastiCache cluster is in the security group cache-sg, and the DB instance is in the security group database-sg.
The application fails on start, with the error message `Unable to connect to the database`.
The rules in web-sg are as follows.
Which change should the SysOps administrator make to web-sg to correct the issue without compromising security?

A. Add a new inbound rule: database-sg TCP 5432

B. Add a new outbound rule: database-sg TCP 5432

C. Add a new outbound rule: 0.0.0.0/0 All Traffic 0-65535

D. Change the outbound rule to: cache-sg TCP 5432

When an instance terminates, Amazon EC2 uses the value of the _____ attribute for each attached Amazon EBS volume to determine whether to preserve or delete the volume.

A. InstanceInitiatedShutdownBehavior

B. DeleteOnTermination

C. EC2ModifyInstance

D. DisableApiTermination

Which of the following statements about this S3 bucket policy is true?

A. Denies the server with the IP address 192.166 100.0 full access to the “mybucket” bucket

B. Denies the server with the IP address 192.166 100.188 full access to the “mybucket bucket

C. Grants all the servers within the 192 168 100 0/24 subnet full access to the “mybucket” bucket

D. Grants all the servers within the 192 168 100 188/32 subnet full access to the “mybucket” bucket

After installing and configuring the Amazon CloudWatch agent on an EC2 instance, the anticipated system logs are not being received by CloudWatch Logs.
Which of the following are likely to be the cause of this problem? (Choose two.)

A. A custom of third-party solution for logs is being used.

B. The IAM role attached to the EC2 instance does not have the proper permissions.

C. The CloudWatch agent does not support the operating system used.

D. A billing constraint is limiting the number of CloudWatch Logs within this account.

E. The EC2 instance is in a private subnet, and the VPC does not have a NAT gateway.

A root flaws account owner is trying to understand various options to set the permission to flaws S3. Which of the below mentioned options is not the right option to grant permission for S3?

A. User Access Policy

B. S3 Object Access Policy

C. S3 Bucket Access Policy

D. S3 ACL

A user has developed an application which is required to send the data to a NoSQL database. The user wants to decouple the data sending such that the application keeps processing and sending data but does not wait for an acknowledgement of DB. Which of the below mentioned applications helps in this scenario?

A. flaws Simple Notification Service

B. flaws Simple Workflow

C. flaws Simple Queue Service

D. flaws Simple Query Service

A SysOps Administrator is notified that an automated failover of an Amazon RDS database has occurred.
What are possible causes for this? (Choose two.)

A. A read contention on the database.

B. A storage failure on the primary database.

C. A write contention on the database.

D. Database corruption errors.

E. The database instance type was changed.

A developer created a new application that uses Spot Fleet for a variety of instance families across multiple Availability Zones.
What should the developer do to ensure that the Spot Fleet is configured for cost optimization?

A. Deploy a capacityOptimized allocation strategy for provisioning Spot Instances.

B. Ensure instance capacity by specifying the desired target capacity and how much of that capacity must be On-Demand.

C. Use the lowestPrice allocation strategy with InstancePoolsToUseCount in the Spot Fleet request.

D. Launch instances up to the Spot Fleet target capacity or the maximum acceptable payment amount.

A user is planning to evaluate flaws for their internal use. The user does not want to incur any charge on his account during the evaluation. Which of the below mentioned flaws services would incur a charge if used?

A. flaws S3 with 1 GB of storage

B. flaws micro instance running 24 hours daily

C. flaws ELB running 24 hours a day

D. flaws PIOPS volume of 10 GB size

A company designed a specialized Amazon EC2 instance configuration for its Data Scientists. The Data Scientists want to create and delete EC2 instances on their own, but are not comfortable with configuring all the settings for EC2 instances without assistance. The configuration runs proprietary software that must be kept private within the company's flaws accounts, and should be available to the Data Scientists, but no other users within the accounts.
Which solution should a SysOps Administrator use to allow the Data Scientists to deploy their workloads with MINIMAL effort?

A. Create an Amazon Machine Image (AMI) of the EC2 instance. Share the AMI with authorized accounts owned by the company. Allow the Data Scientists to create EC2 instances with this AMI.

B. Distribute an flaws CloudFormation template containing the EC2 instance configuration to the Data Scientists from an Amazon S3 bucket. Set the S3 template object to be readable from the flaws Organizations orgId.

C. Publish the instance configuration to the Private Marketplace. Share the Private Marketplace with the company’s flaws accounts. Allow the Data Scientists to subscribe and launch the product from the Private Marketplace.

D. Upload an flaws CloudFormation template to flaws Service Catalog. Allow the Data Scientists to provision and deprovision products from the company’s flaws Service Catalog portfolio.

A user has launched multiple EC2 instances for the purpose of development and testing in the same region. The user wants to find the separate cost for the production and development instances. How can the user find the cost distribution?

A. The user should download the activity report of the EC2 services as it has the instance ID wise data

B. It is not possible to get the flaws cost usage data of single region instances separately

C. The user should use Cost Distribution Metadata and flaws detailed billing

D. The user should use Cost Allocation Tags and flaws billing reports

While creating the wait condition resource in flaws CloudFormation, a SysOps Administrator receives the error `received 0 signals out of the 1 expected from the
EC2 instance`.
What steps should be taken to troubleshoot this issue? (Choose two.)

A. Confirm from the cfn logs that the cfn-signal command was successfully run on the instance.

B. Try to re-create the stack with a different IAM user.

C. Check that the instance has a route to the Internet through a NAT device.

D. Update the flaws CloudFormation stack service role to have iam:PassRole permission.

E. Delete the existing stack and attempt to create a new once.

A user has scheduled the maintenance window of an RDS DB on Monday at 3 AM. Which of the below mentioned events may force to take the DB instance offline during the maintenance window?

A. Enabling Read Replica

B. Making the DB Multi AZ

C. DB password change

D. Security patching

The networking team has created a VPC in an flaws account. The application team has asked for access to resources in another VPC in the same flaws account.
The SysOps Administrator has created the VPC peering connection between both the accounts, but the resources in one VPC cannot communicate with the resources in the other VPC.
What could be causing this issue?

A. One of the VPCs is not sized correctly for peering.

B. There is no public subnet in one of the VPCs.

C. The route tables have not been updated.

D. One VPC has disabled the peering flag.

A company has an application that is running on an EC2 instance in one Availability Zone. A SysOps Administrator has been tasked with making the application highly available. The Administrator created a launch configuration from the running EC2 instance. The Administrator also properly configured a load balancer.
What step should the Administrator complete next to make the application highly available?

A. Create an Auto Scaling group by using the launch configuration across at least 2 Availability Zones with a minimum size of 1, desired capacity of 1, and a maximum size of 1.

B. Create an Auto Scaling group by using the launch configuration across at least 3 Availability Zones with a minimum size of 2, desired capacity of 2, and a maximum of 2.

C. Create an Auto Scaling group by using the launch configuration across at least 2 regions with a minimum size of 1, desired capacity of 1, and a maximum size of 1.

D. Create an Auto Scaling group by using the launch configuration across at least 3 regions with a minimum size of 2, desired capacity of 2, and a maximum size of 2.

flaws KMS (Key Management Service) uses symmetric key cryptography to perform encryption and decryption. Symmetric key cryptography uses the same algorithm and key to both encrypt and de-crypt digital data. The unencrypted data is typically called plaintext whether it is text or not, and the encrypted data is typically called _____.

A. ciphertext

B. symtext

C. encryptext

D. cryptext

A SysOps administrator is investigating why a user has been unable to use RDP to connect over the internet from their home computer to a bastion server running on an Amazon EC2 Windows instance.
Which of the following are possible causes of this issue? (Choose two.)

A. A network ACL associated with the bastion’s subnet is blocking the network traffic.

B. The instance does not have a private IP address.

C. The route table associated with the bastion’s subnet does not have a route to the internet gateway.

D. The security group for the instance does not have an inbound rule on port 22.

E. The security group for the instance does not have an outbound rule on port 3389.

A user is trying to connect to a running EC2 instance using SSH. However, the user gets an Unprotected Private Key File error. Which of the below mentioned options can be a possible reason for rejection?

A. The private key file has the wrong file permission

B. The ppk file used for SSH is read only

C. The public key file has the wrong permission

D. The user has provided the wrong user name for the OS login

An flaws CloudFormation template creates an Amazon RDS instance. This template is used to build up development environments as needed and then delete the stack when the environment is no longer required. The RDS-persisted data must be retained for further use, even after the CloudFormation stack is deleted.
How can this be achieved in a reliable and efficient way?

A. Write a script to continue backing up the RDS instance every five minutes

B. Create an flaws Lambda function to take a snapshot of the RDS instance, and manually execute the function before deleting the stack

C. Use the Snapshot Deletion Policy in the CloudFormation template definition of the RDS instance

D. Create a new CloudFormation template to perform backups of the RDS instance, and run this template before deleting the stack

A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 by mistake. The user is trying to create another subnet of CIDR 20.0.0.1/24. How can the user create the second subnet?

A. There is no need to update the subnet as VPC automatically adjusts the CIDR of the first subnet based on the second subnet’s CIDR

B. The user can modify the first subnet CIDR from the console

C. It is not possible to create a second subnet as one subnet with the same CIDR as the VPC has been created

D. The user can modify the first subnet CIDR with flaws CLI