NEW QUESTION 1
A user has launched an EC2 instance. However, due to some reason the instance was terminated. If the user wants to find out the reason for termination, where can he find the details?

• A. It is not possible to find the details after the instance is terminated
• B. The user can get information from the AWS console, by checking the Instance description under the State transition reason label
• C. The user can get information from the AWS console, by checking the Instance description under the Instance Status Change reason label
• D. The user can get information from the AWS console, by checking the Instance description under the Instance Termination reason label

Answer: D

Explanation:
An EC2 instance, once terminated, may be available in the AWS console for a while after termination. The user can find the details about the termination from the description tab under the label State transition reason. If the instance is still running, there will be no reason listed. If the user has explicitly stopped or terminated the instance, the reason will be “User initiated shutdown”.

NEW QUESTION 2
A user is trying to create a PIOPS EBS volume with 8 GB size and 200 IOPS. Will AWS create the volume?

• A. Yes, since the ratio between EBS and IOPS is less than 30
• B. No, since the PIOPS and EBS size ratio is less than 30
• C. No, the EBS size is less than 10 GB
• D. Yes, since PIOPS is higher than 100

Answer: C

Explanation:
A provisioned IOPS EBS volume can range in size from 10 GB to 1 TB and the user can provision up to 4000 IOPS per volume. The ratio of IOPS provisioned to the volume size requested should be a maximum of 30; for example, a volume with 3000 IOPS must be at least 100 GB.

NEW QUESTION 3
A user has created an Auto Scaling group with default configurations from CLI. The user wants to setup the CloudWatch alarm on the EC2 instances, which are launched by the Auto Scaling group. The user has setup an alarm to monitor the CPU utilization every minute. Which of the below mentioned statements is true?

• A. It will fetch the data at every minute but the four data points [corresponding to 4 minutes] will not have value since the EC2 basic monitoring metrics are collected every five minutes
• B. It will fetch the data at every minute as detailed monitoring on EC2 will be enabled by the default launch configuration of Auto Scaling
• C. The alarm creation will fail since the user has not enabled detailed monitoring on the EC2 instances
• D. The user has to first enable detailed monitoring on the EC2 instances to support alarm monitoring at every minute

Answer: B

Explanation:
CloudWatch is used to monitor AWS as well as the custom services. To enable detailed instance monitoring for a new Auto Scaling group, the user does not need to take any extra steps. When the user creates an Auto Scaling launch config using CLI, each launch configuration contains a flag named InstanceMonitoring.Enabled. The default value of this flag is true. Thus, by default detailed monitoring will be enabled for Auto Scaling as well as for all the instances launched by that Auto Scaling group.

NEW QUESTION 4
You have a business-to-business web application running in a VPC consisting of an Elastic Load Balancer (ELB), web servers, application servers and a database. Your web application should only accept traffic from pre-defined customer IP addresses.
Which two options meet this security requirement? Choose 2 answers A. Configure web server VPC security groups to allow traffic from your customers' IPs

• A. Configure your web servers to filter traffic based on the ELB's "X-forwarded-for" header
• B. Configure ELB security groups to allow traffic from your customers' IPs and deny all outbound traffic
• C. Configure a VPC NACL to allow web traffic from your customers' IPs and deny all outbound traffic

Answer: AB

NEW QUESTION 5
A user has setup a CloudWatch alarm on the EC2 instance for CPU utilization. The user has setup to receive a notification on email when the CPU utilization is higher than 60%. The user is running a virus scan on the same instance at a particular time. The user wants to avoid receiving an email at this time. What should the user do?

• A. Remove the alarm
• B. Disable the alarm for a while using CLI
• C. Modify the CPU utilization by removing the email alert
• D. Disable the alarm for a while using the console

Answer: B

Explanation:
Amazon CloudWatch alarm watches a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. When the user has setup an alarm and it is know that for some unavoidable event the status may change to Alarm, the user can disable the alarm using the DisableAlarmActions API or from the command line mon-disable-alarm-actions.

NEW QUESTION 6
If you want to launch Amazon Elastic Compute Cloud (EC2) Instances and assign each Instance a predetermined private IP address you should:

• A. Assign a group or sequential Elastic IP address to the instances
• B. Launch the instances in a Placement Group
• C. Launch the instances in the Amazon virtual Private Cloud (VPC).
• D. Use standard EC2 instances since each instance gets a private Domain Name Service (DNS) already
• E. Launch the Instance from a private Amazon Machine image (Mil)

Answer: C

Explanation: Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-ip-addressing.html

NEW QUESTION 7
A user is creating a Cloudformation stack. Which of the below mentioned limitations does not hold true for
Cloudformation?

• A. One account by default is limited to 100 templates
• B. The user can use 60 parameters and 60 outputs in a single template
• C. The template, parameter, output, and resource description fields are limited to 4096 characters
• D. One account by default is limited to 20 stacks

Answer: A

Explanation:
AWS Cloudformation is an application management tool which provides application modelling, deployment, configuration, management and related activities. The limitations given below apply to the Cloudformation template and stack. There are no limits to the number of templates but each AWS CloudFormation account is limited to a maximum of 20 stacks by default. The Template, Parameter, Output, and Resource description fields are limited to 4096 characters. The user can include up to 60 parameters and 60 outputs in a template.

NEW QUESTION 8
A user is trying to pre-warm a blank EBS volume attached to a Linux instance. Which of the below mentioned steps should be performed by the user?

• A. There is no need to pre-warm an EBS volume
• B. Contact AWS support to pre-warm
• C. Unmount the volume before pre-warming
• D. Format the device

Answer: C

Explanation:
When the user creates a new EBS volume or restores a volume from the snapshot, the back-end storage blocks are immediately allocated to the user EBS. However, the first time when the user is trying to access a block of the storage, it is recommended to either be wiped from the new volumes or instantiated from the snapshot (for restored volumes. before the user can access the block. This preliminary action takes time and can cause a 5 to 50 percent loss of IOPS for the volume when the block is accessed for the first time. To avoid this it is required to pre warm the volume. Pre-warming an EBS volume on a Linux instance requires that the user should unmount the blank device first and then write all the blocks on the device using a command, such as “dd”.

NEW QUESTION 9
Amazon EBS snapshots have which of the following two characteristics? (Choose 2.) Choose 2 answers

• A. EBS snapshots only save incremental changes from snapshot to snapshot
• B. EBS snapshots can be created in real-time without stopping an EC2 instance
• C. EBS snapshots can only be restored to an EBS volume of the same size or smaller
• D. EBS snapshots can only be restored and mounted to an instance in the same Availability Zone as the original EBS volume

Answer: AD

NEW QUESTION 10
An organization has created 50 IAM users. The organization has introduced a new policy which will change the access of an IAM user. How can the organization implement this effectively so that there is no need to apply the policy at the individual user level?

• A. Use the IAM groups and add users as per their role to different groups and apply policy to group
• B. The user can create a policy and apply it to multiple users in a single go with the AWS CLI
• C. Add each user to the IAM role as per their organization role to achieve effective policy setup
• D. Use the IAM role and implement access at the role level

Answer: A

Explanation:
With AWS IAM, a group is a collection of IAM users. A group allows the user to specify permissions for a collection of users, which can make it easier to manage the permissions for those users. A group helps an organization manage access in a better way; instead of applying at the individual level, the organization can apply at the group level which is applicable to all the users who are a part of that group.

NEW QUESTION 11
A user has created a VPC with public and private subnets using the VPC Wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24. Which of the below mentioned entries are required in the main route table to allow the instances in VPC to communicate with each other?

• A. Destination : 20.0.0.0/24 and Target : VPC
• B. Destination : 20.0.0.0/16 and Target : ALL
• C. Destination : 20.0.0.0/0 and Target : ALL
• D. Destination : 20.0.0.0/24 and Target : Local

Answer: D

NEW QUESTION 12
A user has stored data on an encrypted EBS volume. The user wants to share the data with his friend’s AWS account. How can user achieve this?

• A. Create an AMI from the volume and share the AMI
• B. Copy the data to an unencrypted volume and then share
• C. Take a snapshot and share the snapshot with a friend
• D. If both the accounts are using the same encryption key then the user can share the volume directly

Answer: B

Explanation:
AWS EBS supports encryption of the volume. It also supports creating volumes from existing snapshots
provided the snapshots are created from encrypted volumes. If the user is having data on an encrypted volume and is trying to share it with others, he has to copy the data from the encrypted volume to a new unencrypted volume. Only then can the user share it as an encrypted volume data. Otherwise the snapshot cannot be shared.

NEW QUESTION 13
A user has launched an EC2 instance from an instance store backed AMI. The infrastructure team wants to create an AMI from the running instance. Which of the below mentioned credentials is not required while creating the AMI?

• A. AWS account ID
• B. X.509 certificate and private key
• C. AWS login ID to login to the console
• D. Access key and secret access key

Answer: C

Explanation:
When the user has launched an EC2 instance from an instance store backed AMI and the admin team wants to create an AMI from it, the user needs to setup the AWS AMI or the API tools first. Once the tool is setup the user will need the following credentials:
AWS account ID;
AWS access and secret access key;
X.509 certificate with private key.

NEW QUESTION 14
A user has launched an EC2 instance from an instance store backed AMI. The user has attached an additional instance store volume to the instance. The user wants to create an AMI from the running instance. Will the AMI have the additional instance store volume data?

• A. Yes, the block device mapping will have information about the additional instance store volume
• B. No, since the instance store backed AMI can have only the root volume bundled
• C. It is not possible to attach an additional instance store volume to the existing instance store backed AMI instance
• D. No, since this is ephermal storage it will not be a part of the AMI

Answer: A

Explanation:
When the user has launched an EC2 instance from an instance store backed AMI and added an instance store volume to the instance in addition to the root device volume, the block device mapping for the new AMI contains the information for these volumes as well. In addition, the block device mappings for the instances those are launched from the new AMI will automatically contain information for these volumes.

NEW QUESTION 15
A sys admin is maintaining an application on AWS. The application is installed on EC2 and user has configured ELB and Auto Scaling. Considering future load increase, the user is planning to launch new servers proactively so that they get registered with ELB. How can the user add these instances with Auto Scaling?

• A. Increase the desired capacity of the Auto Scaling group
• B. Increase the maximum limit of the Auto Scaling group
• C. Launch an instance manually and register it with ELB on the fly
• D. Decrease the minimum limit of the Auto Scaling grou

Answer: A

Explanation:
A user can increase the desired capacity of the Auto Scaling group and Auto Scaling will launch a new instance as per the new capacity. The newly launched instances will be registered with ELB if Auto Scaling group is configured with ELB. If the user decreases the minimum size the instances will be removed from Auto Scaling. Increasing the maximum size will not add instances but only set the maximum instance cap.

NEW QUESTION 16
You have been asked to automate many routine systems administrator backup and recovery activities. Your current plan is to leverage AWS-managed solutions as much as possible and automate the rest with the AWS CLI and scripts.
Which task would be best accomplished with a script?

• A. Creating daily EBS snapshots with a monthly rotation of snapshots
• B. Creating daily RDS snapshots with a monthly rotation of snapshots
• C. Automatically detect and stop unused or underutilized EC2 instances
• D. Automatically add Auto Scaled EC2 instances to an Amazon Elastic Load Balancer

Answer: A

NEW QUESTION 17
A user has created a VPC with CIDR 20.0.0.0/24. The user has created a public subnet with CIDR 20.0.0.0/25 and a private subnet with CIDR 20.0.0.128/25. The user has launched one instance each in the private and public subnets. Which of the below mentioned options cannot be the correct IP address (private IP. assigned to an instance in the public or private subnet?

• A. 20.0.0.255
• B. 20.0.0.132
• C. 20.0.0.122
• D. 20.0.0.55

Answer: A

Explanation:
When the user creates a subnet in VPC, he specifies the CIDR block for the subnet. In this case the user has created a VPC with the CIDR block 20.0.0.0/24, which supports 256 IP addresses (20.0.0.0 to 20.0.0.255.. The public subnet will have IP addresses between 20.0.0.0 - 20.0.0.127 and the private subnet will have IP addresses between 20.0.0.128 -20.0.0.255. AWS reserves the first four IP addresses and the last IP address in each subnet’s CIDR block. These are not available for the user to use. Thus, the instance cannot have an IP address of 20.0.0.255

NEW QUESTION 18
An AWS account owner has setup multiple IAM users. One IAM user only has CloudWatch access. He has setup the alarm action which stops the EC2 instances when the CPU utilization is below the threshold limit. What will happen in this case?

• A. It is not possible to stop the instance using the CloudWatch alarm
• B. CloudWatch will stop the instance when the action is executed
• C. The user cannot set an alarm on EC2 since he does not have the permission
• D. The user can setup the action but it will not be executed if the user does not have EC2 rights

Answer: D

Explanation:
Amazon CloudWatch alarms watch a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The user can setup an action which stops the instances when their CPU utilization is below a certain threshold for a certain period of time. The EC2 action can either terminate or stop the instance as part of the EC2 action. If the IAM user has read/write permissions for Amazon CloudWatch but not for Amazon EC2, he can still create an alarm. However, the stop or terminate actions will not be performed on the Amazon EC2 instance.