The Security team at AnyCompany discovers that some employees have been using individual flaws accounts that are not under the control of AnyCompany. The team has requested that those individual accounts be linked to the central organization using flaws Organizations.
Which action should a SysOps Administrator take to accomplish this?

A. Add each existing account to the central organization using flaws IAM.

B. Create a new organization in each account and join them to the central organization.

C. Log in to each existing account and add them to the central organization.

D. Send each existing account an invitation from the central organization.

What does Amazon SWF stand for?

A. Simple Waveflow Service

B. Simple WebFactor Service

C. Simple Workflow Service

D. Simple WebForm Service

During a security investigation, it is determined that there is a coordinated attack on the web applications deployed on Amazon EC2. The attack is performed through malformed HTTP headers.
What flaws service of feature would prevent this traffic from reaching the EC2 instances?

A. Amazon Inspector

B. Amazon Security Groups

C. flaws WAF

D. Application Load Balancer (ALB)

You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers deployed using an Auto Scaling Group Your database is running on Relational Database Service (RDS) The application serves out technical articles and responses to them in general there are more views of an article than there are responses to the article. On occasion, an article on the site becomes extremely popular resulting in significant traffic Increases that causes the site to go down.
What could you do to help alleviate the pressure on the infrastructure while maintaining availability during these events? (Choose three.)

A. Leverage CloudFront for the delivery of the articles.

B. Add RDS read-replicas for the read traffic going to your relational database

C. Leverage ElastiCache for caching the most frequently used data.

D. Use SOS to queue up the requests for the technical posts and deliver them out of the queue.

E. Use Route53 health checks to fail over to an S3 bucket for an error page.

An application running on Amazon EC2 needs login credentials to access a database. The login credentials are stored in flaws Systems Manager Parameter Store as secure string parameters.
What is the MOST secure way to grant the application access to the credentials?

A. Create an IAM EC2 role for the EC2 instances and grant the role permission to read the Systems Manager parameters

B. Create an IAM group for the application and grant the group permissions to read the Systems Manager parameters

C. Create an IAM policy for the application and grant the policy permission to read the Systems Manager parameters

D. Create an IAM user for the application and grant the user permission to read the Systems Manager parameters

In EC2, what happens to the data in an instance store if an instance reboots (either intentionally or unintentionally)?

A. Data is partially present in the instance store.

B. Data persists in the instance store.

C. Data is deleted from the instance store for security reasons.

D. Data in the instance store will be lost.

In the context of sending metrics to CloudWatch using Amazon Kinesis, which of the following statements best describes the metric "PutRecord.Latency"?

A. It is the time taken per PutRecord operation, measured over the specified time period.

B. It is the number of successful records in a PutRecords operation per Amazon Kinesis stream, measured over the specified time period.

C. It is the time taken per PutRecords operation to calculate the statistics of the PutRecords opera-tions.

D. It is the number of successful PutRecord operations per Amazon Kinesis stream, measured over the specified time period.

What does RRS stand, in the context of S3 services?

A. Regional Rights Storage

B. Relational Rights Storage

C. Regional Rights Standard

D. Reduced Redundancy Storage

A security researcher has published a new Common Vulnerabilities and Exposures (CVE) report that impacts a popular operating system. A SysOps Administrator is concerned with the new CVE report and wants to patch the company's systems immediately. The administrator contacts flaws Support and requests the patch be applied to all Amazon EC2 instances.
How will flaws respond to this request?

A. flaws will apply the patch during the next maintenance window, and will provide the Administrator with a report of all patched EC2 instances.

B. flaws will relaunch the EC2 instances with the latest version of the Amazon Machine Image (AMI), and will provide the Administrator with a report of all patched EC2 instances.

C. flaws will research the vulnerability to see if the Administrator’s operating system is impacted, and will patch the EC2 instances that are affected.

D. flaws will review the shared responsibility model with the Administrator and advise them regarding how to patch the EC2 instances.

You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied for the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?

A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block

B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block

C. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block

D. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block

What does Amazon Route53 provide?

A. A global Content Delivery Network

B. A scalable DNS web service

C. An SSH endpoint for Amazon EC2

D. None of these

A user has created an EBS volume of 10 GB and attached it to a running instance. The user is trying to access EBS for first time. Which of the below mentioned options is the correct statement with respect to a first time EBS access?

A. The volume will show a size of 8 GB

B. The volume will show a loss of the IOPS performance the first time

C. The volume will be blank

D. If the EBS is mounted it will ask the user to create a file system

A user has launched an EC2 instance from an instance store backed AMI. The user has attached an additional instance store volume to the instance. The user wants to create an AMI from the running instance. Will the AMI have the additional instance store volume data?

A. Yes, the block device mapping will have information about the additional instance store volume

B. No, since the instance store backed AMI can have only the root volume bundled

C. It is not possible to attach an additional instance store volume to the existing instance store backed AMI instance

D. No, since this is ephemeral storage it will not be a part of the AMI

Which of the following services is used to monitor the Amazon Web Services resources?

A. flaws CloudWatch

B. flaws Cloudfront

C. flaws Monitor

D. flaws EC2

Which of the following programming languages is not supported by Amazon's Elastic Beanstalk?

A. Ruby

B. Java

C. Node.js

D. Perl

You have a business-to-business web application running in a VPC consisting of an Elastic Load Balancer (ELB), web servers, application servers and a database. Your web application should only accept traffic from pre-defined customer IP addresses.
Which two options meet this security requirement? (Choose two.)

A. Configure web server VPC security groups to allow traffic from your customers’ IPs

B. Configure your web servers to filter traffic based on the ELB’s “X-forwarded-for” header

C. Configure ELB security groups to allow traffic from your customers’ IPs and deny all outbound traffic

D. Configure a VPC NACL to allow web traffic from your customers’ IPs and deny all outbound traffic

A web application runs on Amazon EC2 instances and accesses external services. The external services require authentication credentials. The application is deployed using flaws CloudFormation to three separate environments: development, test, and production. Each environment requires unique credentials for external services.
What option securely provides the application with the needed credentials while requiring MINIMAL administrative overhead?

A. Pass the credentials for the target environment to the CloudFormation template as parameters. Use the user data script to insert the parameterized credentials into the EC2 instances.

B. Store the credentials as secure strings in flaws Systems Manager Parameter Store. Pass an environment tag as a parameter to the CloudFormation template. Use the user data script to insert the environment tag in the EC2 instances. Access the credentials from the application.

C. Create a separate CloudFormation template for each environment. In the Resources section, include a user data script for each EC2 instance. Use the user data script to insert the proper credentials for the environment into the EC2 instances.

D. Create separate Amazon Machine Images (AMIs) with the required credentials for each environment. Pass the environment tag as a parameter to the CloudFormation template. In the Mappings section of the CloudFormation template, map the environment tag to the proper AMI, then use that AMI when launching the EC2 instances.

A company has deployed a NAT instance to allow web servers to obtain software updates from the internet. There is high latency on the NAT instance as the network grows. A SysOps Administrator needs to reduce latency on the instance in a manner that is efficient, cost-effective, and allows for scaling with future demand.
Which action should be taken to accomplish this?

A. Add a second NAT instance and place both instances behind a load balancer

B. Convert the NAT instance to a larger instance size

C. Replace the NAT instance with a NAT gateway

D. Replace the NAT instance with a virtual private gateway

A company runs an application that uses Amazon RDS for MySQL. During load testing of equivalent production volumes, the Development team noticed a significant increase in query latency. A SysOps Administrator concludes from investigating Amazon CloudWatch Logs that the CPU utilization on the RDS MySQL instance was at 100%.
Which action will resolve this issue?

A. Configure flaws Database Migration Service (flaws DMS) to allow Amazon RDS for MySQL to scale and accept more requests.

B. Configure RDS for MySQL to scale horizontally by adding additional nodes to offload write requests.

C. Enable the Multi-AZ feature for the RDS instance.

D. Modify the RDS MySQL instance so it is a larger instance type.

In flaws, which security aspects are the customer's responsibility? (Choose four.)

A. Controlling physical access to compute resources

B. Patch management on the EC2 instance s operating system

C. Encryption of EBS (Elastic Block Storage) volumes

D. Life-cycle management of IAM credentials

E. Decommissioning storage devices

F. Security Group and ACL (Access Control List) settings

A SysOps Administrator has received a request from the Compliance Department to enforce encryption at rest of all new objects uploaded to the corp-compliance bucket.
How can the Administrator enforce encryption on all objects uploaded to the bucket?

A. Enable Amazon S3 default encryption on the bucket.

B. Add the following policy statement to the bucket:

C. Add the following policy statement to the IAM user permissions policy:

D. Generate a presigned URL for the Amazon S3 PUT operation with server-side encryption flag set, and send the URL to the user.

A user has enabled termination protection on an EC2 instance. The user has also set Instance initiated shutdown behavior to terminate. When the user shuts down the instance from the OS, what will happen?

A. The OS will shutdown but the instance will not be terminated due to protection

B. It will terminate the instance

C. It will not allow the user to shutdown the instance from the OS

D. It is not possible to set the termination protection when an Instance initiated shutdown is set to Terminate

What is a "vault" in Amazon Glacier?

A. A unique ID that maps an flaws Region, plus a specific Amazon S3 bucket

B. A way to group archives together in Amazon Glacier

C. A container for storing S3 buckets

D. A free tier available for 12 months following your flaws sign-up date

A user is trying to setup a scheduled scaling activity using Auto Scaling. The user wants to setup the recurring schedule. Which of the below mentioned parameters is not required in this case?

A. Maximum size

B. Auto Scaling group name

C. End time

D. Recurrence value

A user has configured the flaws CloudWatch alarm for estimated usage charges in the US East region. Which of the below mentioned statements is not true with respect to the estimated charges?

A. It will store the estimated charges data of the last 14 days

B. It will include the estimated charges of every flaws service

C. The metric data will represent the data of all the regions

D. The metric data will show data specific to that region

What does Amazon SES provide?

A. A managed Email Server

B. A scalable anti-spam service

C. A scalable email sending and receiving service

D. A managed drag-and-drop interface with the flaws CloudFormation Designer

An Amazon EC2 instance has a secondary Amazon Elastic Block Store (EBS) volume attached that contains sensitive data. A new company policy requires the secondary volume to be encrypted at rest.
Which solution will meet this requirement?

A. Create a snapshot of the volume. Create a new volume from the snapshot with the Encrypted parameter set to true. Detach the original volume and attach the new volume to the instance.

B. Create an encrypted Amazon Machine Image (AMI) of the EC2 instance. Launch a new instance with the encrypted AMI. Terminate the original instance.

C. Stop the EC2 instance. Encrypt the volume with flaws CloudHSM. Start the instance and verify encryption.

D. Stop the EC2 instance. Modify the instance properties and set the Encrypted parameter to true. Start the instance and verify encryption.

An organization recently faced a network outage while uploading data into one of their S3 buckets. This outage generated many incomplete multipart uploads in that S3 bucket. A sysops administrator wants to delete the incomplete multipart uploads and ensure that the incomplete multipart uploads are deleted automatically the next time such an event occurs.
How should this be done?

A. Create an Amazon S3 Event Notification to trigger an flaws Lambda function that deletes incomplete multipart uploads.

B. Create an Amazon S3 lifecycle rule to abort incomplete multipart uploads so that they are deleted this time and in the future.

C. Use the flaws CLI to list all the multipart uploads, and abort all the incomplete uploads from the day of the event so that they are deleted.

D. Use the flaws Management Console to abort all the incomplete uploads from the day of the event so that they are deleted.

In Amazon CloudFront, if you have chosen On for Logging, the access logs are stored in _______________.

A. Amazon S3 bucket.

B. Amazon EBS.

C. Amazon Edge locations.

D. Amazon EC2 instance.

What does the `configure` command allow an Administrator to do when setting up the flaws CLI? (Choose two.)

A. Decide which VPC to create instances in.

B. Designate the format of the response to CLI commands.

C. Choose the default EC2 instance.

D. Encrypt the CLI commands.

E. Designate the default region.

A SysOps Administrator is creating an Amazon EC2 instance and has received an InsufficientInstanceCapacity error.
What is the cause of the error and how can it be corrected?

A. flaws does not currently have enough capacity to service the request for that instance type. A different Availability Zone or instance type must be used.

B. The account has reached its concurrent running instance limit. An EC2 limit increase request must be filed with flaws Support.

C. The APIs that service the EC2 requests have received too many requests and capacity has been reached. The request should be attempted again in a few minutes.

D. The Administrator did not specify the correct size of the instance to support the capacity requirements of the workload. Select a bigger instance.

Amazon Cognito supports web identity federation through _____.

A. custom sign-in code or own user identities

B. Facebook, Google, and Amazon

C. a configuration check for rules that deny access to specific ports

D. an flaws user group

What is a security group in Amazon flaws?

A. A UNIX Group that gives permission to edit security settings

B. An authorized group of instances that control access to other resources

C. A virtual firewall that controls the traffic for one or more instances

D. An Access Control List (ACL) for flaws resources

A recent organizational audit uncovered an existing Amazon RDS database that is not currently configured for high availability. Given the critical nature of this database, it must be configured for high availability as soon as possible.
How can this requirement be met?

A. Switch to an active/passive database pair using the create-db-instance-read-replica with the – -availability-zone flag.

B. Specify high availability when creating a new RDS instance, and live-migrate the data.

C. Modify the RDS instance using the console to include the Multi-AZ option.

D. Use the modify-db-instance command with the – -ha flag.

A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR
(20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user's data center. Which of the below mentioned options is a valid entry for the main route table in this scenario?

A. Destination: 20.0.0.0/24 and Target: vgw-12345

B. Destination: 20.0.0.0/16 and Target: ALL

C. Destination: 20.0.1.0/16 and Target: vgw-12345

D. Destination: 0.0.0.0/0 and Target: vgw-12345

What are characteristics of Amazon S3? (Choose two.)

A. Objects are directly accessible via a URL

B. S3 should be used to host a relational database

C. S3 allows you to store objects or virtually unlimited size

D. S3 allows you to store virtually unlimited amounts of data

E. S3 offers Provisioned IOPS

A SysOps Administrator working on an Amazon EC2 instance has misconfigured the clock by one hour. The EC2 instance is sending data to Amazon CloudWatch through the CloudWatch agent. The timestamps on the logs are 45 minutes in the future.
What will be the result of this configuration?

A. Amazon CloudWatch will not capture the data because it is in the future.

B. Amazon CloudWatch will accept the custom metric data and record it.

C. The Amazon CloudWatch agent will check the Network Time Protocol (NTP) server before sending the data, and the agent will correct the time.

D. The Amazon CloudWatch agent will check the Network Time Protocol (NTP) server, and the agent will not send the data because it is more than 30 minutes in the future.

You are building an online store on flaws that uses SQS to process your customer orders. Your backend system needs those messages in the same sequence the customer orders have been put in. How can you achieve that?

A. It is not possible to do this with SQS

B. You can use sequencing information on each message

C. You can do this with SQS but you also need to use SWF

D. Messages will arrive in the same order by default

A user has created numerous EBS volumes. What is the general limit for each flaws account for the maximum number of EBS volumes that can be created?

A. 10000

B. 5000

C. 100

D. 1000

In order to optimize performance for a compute cluster that requires low inter-node latency, which feature in the following list should you use?

A. flaws Direct Connect

B. Placement Groups

C. VPC private subnets

D. EC2 Dedicated Instances

E. Multiple Availability Zones

A SysOps Administrator wants to prevent Developers from accidentally terminating Amazon EC2 instances.
How can this be accomplished?

A. Use flaws Systems Manager to restrict EC2 termination

B. Use flaws Config to restrict EC2 termination

C. Apply Amazon CloudWatch Events to prevent EC2 termination

D. Enable termination protection on EC2 instances

A SysOps Administrator is managing a Memcached cluster in Amazon ElastiCache. The cluster has been heavily used recently, and the Administrator wants to use a larger instance type with more memory. What should the Administrator use to make this change?

A. use the ModifyCacheCluster API and specify a new CacheNodeType

B. use the CreateCacheCluster API and specify a new CacheNodeType

C. use the ModifyCacheParameterGroup API and specify a new CacheNodeType

D. use the RebootCacheCluster API and specify a new CacheNodeType

A sysops administrator has an flaws Lambda function that performs maintenance on various flaws resources. This function must be run nightly.
Which is the MOST cost-effective solution?

A. Launch a single t2.nano Amazon EC2 instance and create a Linux cron job to invoke the Lambda function at the same time every night.

B. Set up an Amazon CloudWatch metrics alarm to invoke the Lambda function at the same time every night.

C. Schedule an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the Lambda function at the same time every night.

D. Implement a Chef recipe in flaws OpsWorks stack to invoke the Lambda function at the same time every night.

A user is configuring a CloudWatch alarm on RDS to receive a notification when the CPU utilization of RDS is higher than 50%. The user has setup an alarm when there is some inactivity on RDS, such as RDS unavailability. How can the user configure this?

A. Setup the notification when the CPU is more than 75% on RDS

B. Setup the notification when the state is Insufficient Data

C. Setup the notification when the CPU utilization is less than 10%

D. It is not possible to setup the alarm on RDS

In Amazon VPC, the ______ encryption function is used to ensure privacy among both IKE and IPsec Security Associations.

A. AES 192-bit

B. AES 256-bit

C. SHA 180-bit

D. SHA 2-bit

What does Amazon EBS stand for?

A. Elastic Business Server

B. Elastic Basic Storage

C. Elastic Blade Server

D. Elastic Block Store

A company stores thousands of non-critical log files in an Amazon S3 bucket. A set of reporting scripts retrieve these log files daily.
Which of the following storage options will be the MOST cost-efficient for the company's use case?

A. Amazon Glacier

B. Amazon S3 Standard IA (infrequent access) storage

C. Amazon S3 Standard Storage

D. flaws Snowball

The Accounting department would like to receive billing updates more than once a month. They would like the updates to be in a format that can easily be viewed with a spreadsheet application.
How can this request be fulfilled?

A. Use Amazon CloudWatch Events to schedule a billing inquiry on a bi-weekly basis. Use flaws Glue to convert the output to CSV.

B. Set flaws Cost and Usage Reports to publish bills daily to an Amazon S3 bucket in CSV format.

C. Use the flaws CLI to output billing data as JSON. Use Amazon SES to email bills on a daily basis.

D. Use flaws Lambda, triggered by CloudWatch, to query billing data and push to Amazon RDS.

Two companies will be working on several development projects together. Each company has an flaws account with a single VPC in us-east-1. Two companies would like to access one another's development servers. The IPv4 CIDR blocks in the two VPCs does not overlap.
What can the SysOps Administrators for each company do to set up network routing?

A. Each Administrator should create a custom routing table that points to the other company’s internet gateway public IP address.

B. Both Administrators should set up a NAT gateway in a public subnet in their respective VPCs. Then. using the public IP address from the NAT gateway, the Administrators should enable routing between the two VPCs.

C. Both Administrators should install a 1 Gbps flaws Direct Connect circuit in their respective environments. Then, using the flaws Management Console, the Administrators should create an flaws Direct Connect routing requests to enable connectivity.

D. One Administrator should create a VPC peering request and send it to the other Administrator’s account. Once the other Administrator accepts the request, update the routing tables to enable traffic.

You run a web application with the following components Elastic Load Balancer (EL8), 3 Web/Application servers, 1 MySQL RDS database with read replicas, and
Amazon Simple Storage Service (Amazon S3) for static content. Average response time for users is increasing slowly.
What three CloudWatch RDS metrics will allow you to identify if the database is the bottleneck? (Choose three.)

A. The number of outstanding IOs waiting to access the disk.

B. The amount of write latency.

C. The amount of disk space occupied by binary logs on the master.

D. The amount of time a Read Replica DB Instance lags behind the source DB Instance

E. The average number of disk I/O operations per second.