EC2, EBS & FS, Auto-scaling

Question 1

Which actions are required to make an EC2 instance publicly accessible on the IPv4 internet.. (Choose all that apply)

Answer 1

0.0.0.0/0
Public IP4 Address configured on the instance
An attached IGW

Question 2

Assuming you have allocated a keypair when launching a public EC2 instance and have network connectivity .. which of the following ways are valid for logging into a linux EC2 instance

Answer 2

Local SSH client using key auth
EC2 Instance Connect

Question 3

A mission critical EBS volume has 20 GiB of data. A 1st EBS snapshot is taken. 6 GiB of changes are made to the drive before a 2nd snapshot is taken. 2 GiB of further changes are made, before a 3rd snapshot is taken. To save costs the first snapshot is deleted. Which statement best describes what can be recovered from the remaining snapshots?

Answer 3

A full recovery can be made to either snap­shot 2 and 3

Question 4

A startup is preparing to deploy its application on various instance types of Amazon EC2. However, during the initial testing phase, a SysOps Administrator encounters performance issues with specific EC2 instances. Due to budget limitations, the SysOps Administrator must carefully choose resource types that align with the required performance characteristics for the workload.

How can the SysOps Administrator fulfill this requirement?

Answer 4

AWS Compute Optimizer provides Amazon EC2 instance recommendations to help you improve performance, save money, or both. You can use these recommendations to decide whether to move to a new instance type. To make recommendations, Compute Optimizer analyzes your existing instance specifications and utilization metrics.

Question 5

A stock brokerage company is setting up a PostgreSQL database on a large Reserved EC2 Instance for its online stock trading platform. Since the database is hosting critical financial data, you are instructed to ensure that the database tier is fault tolerant.

Which of the following options would you implement to satisfy this requirement in the MOST cost-effective manner?

Answer 5

Set up a RAID 1 configuration with multiple EBS volumes together.

Question 6

A known security vulnerability was discovered in the outdated Operating System of your company’s EC2 fleet. As the Systems Administrator, you are responsible in mitigating the vulnerability as soon as possible to safeguard your systems from various cyber security attacks.

What is the most efficient way to solve this issue?

Answer 6

Use AWS Systems Manager to manage and deploy the security patch for the OS for the entire fleet of EC2 instances.

Question 7

A SysOps team is in the process of automating tasks to expedite the time to recover Amazon instances in the event of underlying hardware failure. The team must ensure that the attached Elastic IP and the private IP address of the original instance are retained after the instance is recovered. Additionally, an automated email notification should be in place to inform everyone in the SysOps team once a recovery process is triggered to run.

Which steps should the SysOps team perform to meet the requirements

Answer 7

Create an Amazon SNS topic and subscribe everyone in the SysOps team using their corporate emails. Then, configure an Amazon CloudWatch alarm for the EC2 instance and specify StatusCheckFailed_System as the metric. Finally, create an alarm notification that publishes a message to the SNS topic that you just created.

NOT specify an EC2 action to the alarm to recover the instance (The StatusCheckFailed_Instance metric just monitors the software and network configuration of your individual instance. It does not detect if the underlying hardware failed. )

Question 8

A DevOps Engineer reported a problem accessing his EC2 instance with a private IP address of 172.31.8.11 from his corporate laptop. The EC2 instance is hosting a web application which works well but he is still experiencing an issue establishing a connection to manage the instance.

As the SysOps Administrator, which of the following options is the most suitable solution in this scenario based on the VPC flow log entries below?

2 123456789010 eni-abc123de 110.217.100.70 172.31.8.11 49761 3389 6 20 4249 1418530010 1418530070 REJECT OK

Answer 8

Allow incoming RDP traffic in the security group of the EC2 instance including the inbound and outbound rules in the Network ACL.

Question 9

A company has a new policy to encrypt all Amazon Elastic Block Store (Amazon EBS) volumes in the us-east-2 and us-west-2 AWS regions. To help enforce this policy, the company’s administrator needs to come up with a solution for automatically encrypting newly created EBS volumes.

Which method will meet the requirement in the most efficient way?

Answer 9

Enable the default EBS encryption setting in the Amazon EC2 Console of each AWS region.

NOT Configure the encrypted-volume AWS Config managed rule. Associate a remediation action that encrypts unencrypted EBS volumes as this would encrypt only existing EBS volumes, not new ones

Question 10

A startup hosts its web application on a large Spot Fleet that uses tens of Amazon EC2 instances with diversified instance families across multiple Availability Zones. The application is primarily used for integration testing by a group of external customers for their staging environments. The Chief Information Officer(CIO) requires that the Spot Fleet is cost-optimized and less susceptible to application downtime due to Spot instance interruptions.

Which of the following should the SysOps Administrator implement to adhere to the CIO requirements?

Answer 10

Combine the lowestPrice allocation strategy with the InstancePoolsToUseCount parameter when making a Spot Fleet request.

NOT On-demand or RESERVED instances

Question 11

An organization hosts its operating system, database, and application on an Amazon EC2 instance backed by multiple attached Amazon Elastic Block Store (EBS) volumes. The SysOps administrator plans to automate the process of taking daily Amazon Machine Images (AMIs). When performing the backups, he has to ensure the file system integrity of created images.

What should the SysOps Administrator do to meet these requirements?

Answer 11

Using the CreateImage API, build a Lambda function that will take an AMI of the EC2 instance and include a reboot parameter. Then, create a rule to invoke the Lambda function daily on Amazon EventBridge (Amazon CloudWatch Events).

Question 12

An organization hosts an application across multiple Amazon EC2 instances backed by an Amazon Elastic File System (Amazon EFS) file system. While monitoring the instances, the SysOps administrator noticed that the file system’s PercentIOLimit metric consistently hit 100% for 20 minutes or longer. This issue resulted in the poor performance of the application that reads and writes data into the file system. The SysOps admin needs to ensure high throughput and IOPS while accessing the file system.

What step should the SysOps administrator perform to resolve the high PercentIOLimit metric on the file system?

Answer 12

Build a new EFS file system that is configured with Max I/O performance mode. Utilize AWS DataSync to migrate data to the newly created EFS file system.

NOT The option that says: Modify the existing EFS file system configuration and activate Max I/O performance mode is incorrect because you can’t change the performance mode configuration of an EFS file system right away. You need to MIGRATE DATA TO ANOTHER FS configured with your desired performance mode.

Question 13

A research agency is performing a migration operation with its production file server to AWS. The SysOps administrator is required to ensure that the data stored on the file server in AWS will remain accessible even if an Availability Zone (AZ) is unavailable, system maintenance is ongoing, or unplanned service disruption occurs. In addition, users should be able to interact with the file server via SMB protocol and manage file permissions using Windows Access Control Lists (ACLs).

Which cloud solution can help the SysOps administrator accomplish the requirements?

Answer 13

Set up a Multi-AZ Amazon FSx for Windows File Server.

NO Create two Amazon FSx for Windows File Server Single-AZ 2 file systems on different AZs. Use Microsoft Distributed File System Replication (DFSR) to replicate data between the two file systems automatically

Question 14

A company currently has an application which is hosted in an On-Demand EC2 instance in one Availability Zone. You are instructed to redesign the architecture to make it scalable and highly available. Which of the following should you do to accomplish this task?

Answer 14

Launch an Auto Scaling Group with subnets across 3 Availability Zones. Set the desired and maximum capacity to 5

Question 15

A finance organization is running an application on its on-premises data center but needs to use AWS for backing up its data. The manager requires that the backup data is made available locally to comply with regulatory requirements. The backup software can only write to block-based storage compatible with Portable Operating System Interface (POSIX).

Which backup solution will help the SysOps admin meet the requirements?

Answer 15

Utilize AWS Storage Gateway and configure it to operate using stored volumes.

Question 16

A web development company is using a fleet of On-Demand EC2 instances. You are working as their IT Consultant when a critical security vulnerability was discovered on the OS that the company is using. You are instructed to ensure that all EC2 instances are updated with the latest security patches as soon as possible.

Which of the following AWS services can you use to fulfill this task?

Answer 16

AWS Systems Manager.

NOT AWS Config

Question 17

A company hosts its web application on an Amazon EC2 instance. To adhere to company standards, the SysOps Administrator was tasked to set up Traffic Mirroring on the instance. Upon reviewing the logs from the traffic mirror, the SysOps Administrator detected that several packets had been truncated.

How can the SysOps Administrator effectively resolve this issue?

Answer 17

Adjust the maximum transmission unit (MTU) size for the mirror target to a higher value.

Traffic Mirroring is an Amazon VPC feature that can be used to copy network traffic from an elastic network interface of type interface. Users can send the traffic to out-of-band security and monitoring appliances for:

– Content inspection
– Threat monitoring
– Troubleshooting

NOT Perform packet tracing on the truncated packets before they enter the AWS network

Question 18

A tech lead plans to deploy a highly available web application on 12 Amazon EC2 instances. She is required to deploy each of the instances on distinct underlying hardware.

What solution should the tech lead implement to meet the requirements?

Answer 18

Deploy the instances in a single region and place them into a spread placement group.

Question 19

A SysOps Administrator needs to implement a highly available and scalable cloud architecture in AWS for the new online remittance system of the organization. The Administrator set up an Application Load Balancer and launched an Auto Scaling group of Spot EC2 instances on their UAT VPC. The QA team conducted performance testing on the new system and found out a defect in the application server. The Administrator wants to investigate the problem and make the necessary changes without invoking the scaling down processes, which is why the Administrator temporarily suspended the Terminate scaling process.

What will be its effect on the Auto Scaling group’s Availability Zone rebalancing process (AZRebalance) during this period?

Answer 19

The Auto Scaling group can grow up to ten percent larger than its maximum size.

Question 20

A SysOps Administrator launched an EBS-backed On-Demand EC2 Instance to host a web application. However, the instance always terminates after going into the pending state.

Which of the following could be the cause of this issue? (Select TWO.)

Answer 20

– The EBS volume limit has been reached.

– The root EBS volume is encrypted and you do not have permission to access the KMS key for decryption.

NOT The limit for EC2 Instances in your region has already been reached
AWS does not currently have enough available On-Demand capacity to service your request

Question 21

A technology company is planning to use an Auto Scaling group of On-Demand EC2 Instances that would be used to host a suite of web-based applications written in ReactJS and NodeJS. These applications would be running 24/7 throughout the year and as the Systems Administrator, you are responsible in ensuring that the architecture is both elastic and cost-effective. The instance type would need to be upgraded during the year depending on the usage of the application.

Which of the following is the most suitable instance purchasing option to use?

Answer 21

Convertible Reserved Instances

In this scenario, the keyword is “instance type”. You can upgrade or downgrade the instance size of both Standard and Convertible Reserved Instance. However, only the Convertible Reserved instance can change the instance type.

Question 22

A facial recognition system is using an Auto Scaling group of On-Demand EC2 instances. It has one specific instance which is causing an error and must be terminated immediately. Using the AWS CLI, how can you terminate an instance from the specified Auto Scaling group without updating the size of the group?

Answer 22

terminate-instance-in-auto-scaling-group –instance-id –no-should-decrement-desired-capacity.

Question 23

A company has an application that is hosted on a fleet of EC2 instances with an Application Load Balancer that evenly distributes the incoming traffic. There once was an incident where a Junior DevOps Engineer accidentally made changes in the ALB in production that brought the whole application down. These situations should not happen again and hence, you have to monitor any activity or changes made to your AWS resources.

Which of the following services does not help you capture the monitoring information about the ELB activity?

Answer 23

ELB health checks

Question 24

An application is deployed on us-east1 that runs on Amazon EC2 instances in an Auto Scaling Group called asg-prod. An Application Load Balancer is configured to target the asg-prod when forwarding traffic from Route 53. The SysOps Administrator needs to configure a CloudWatch alarm if all instances behind the ALB become unhealthy.

Which condition should you use in CloudWatch?

Answer 24

Use AWS/ApplicationELB HealthyHostCount <= 0.

Question 25

A tech startup plans to launch a data analytics application that uses a MongoDB database and an NGINX server. The SysOps Administrator is instructed to provision a service that provides more than 200,000 IOPS in 4kB random I/O reads for the database.

Which of the following options will meet this requirement?

Answer 25

Storage Optimized Instances

Question 26

Large amounts of transactions are going through your banking system into your EC2 instances, causing degradation in its overall performance. After monitoring the event, you found out that the root cause of the problem is the data transferring to your EBS volumes. This is caused by a high volume of transactions exceeding your bandwidth capacity.

What would be a cost-effective solution to optimize EBS performance?

Answer 26

If the instance type of your instance does not support EBS optimization, change your instance type to one that supports it.

NOT Throttle the incoming traffic to enable your instances and EBS volumes to cope up with the volume of transactions is incorrect since throttling your network might cause your transactions to pile up and affect your banking operations, which is counterproductive from what you are trying to solve.

Question 27

A leading media company is utilizing a wide range of instance store-backed and EBS-backed EC2 instances in their VPC. There are a couple of instances that always go from the pending state to the terminated state immediately after restarting it.

Which of the following is a possible cause of this problem? (Select TWO.)

Answer 27

– You’ve reached your EBS volume limit.

– The instance store-backed AMI that you used to launch the instance is missing a required part.

NOT AWS does not currently have enough available On-Demand capacity to service your request is incorrect because this is the root cause when you get the InsufficientInstanceCapacity error when you try to launch a new instance or restart a stopped instance, but it does not cause the instance to be in the terminated state immediately after restarting it.

Question 28

A leading insurance firm has a customer portal that is hosted on a fleet of Spot EC2 instances which are part of an Auto Scaling Group. The application is being used quite extensively during office hours from 8 in the morning till 4 in the afternoon. Users are complaining that the performance of the application is slow during the start of the day after which the application works properly.

Which of the following can be done to ensure that the application works properly at the beginning of the day?

Answer 28

Add a Scheduled scaling policy for the Auto Scaling group to launch new instances before the start of the day.

NOT Add a Dynamic scaling policy for the Auto Scaling group to launch new instances based on the CPU utilization and Add a Dynamic scaling policy for the Auto Scaling group to launch new instances based on the Memory utilization are incorrect. Although this is a valid solution, it is still better to configure a Scheduled scaling policy as you already know the exact peak hours of your application.

Question 29

A SysOps Administrator is monitoring and handling groups of EC2 instances using AWS Systems Manager. Whenever there are batch operations such as maintenance and OS patching on these instances, the Administrator can rely on the Systems Manager to automatically perform these activities.

What other tasks can the Administrator perform with automation in Systems Manager? (Select TWO.)

Answer 29

Create custom workflows or use pre-defined workflows maintained by AWS.

– Receive notifications about automation tasks and workflows by using CloudWatch Events.

NOT Design Automation documents that are securely tied to the user and cannot be shared to others is incorrect because you can create best practices for resource management in automation documents and easily share the documents across AWS Regions and groups. You can also constrain the allowed values for the parameters that the document accepts.

Question 30

A company that still uses previous generation EC2 instances is currently building an online fashion website which has both development and UAT environments. You deployed the application to an On-Demand m1.small EC2 instance that exists on both environments. While testing the new website, the Operations team noticed performance degradation as they increase network load in the UAT environment.

In this scenario, how would you mitigate these performance issues in the UAT environment?

Answer 30

Change the m1.small EC2 instance to a larger instance type.

Question 31

A SysOps Administrator is maintaining a fleet of EC2 instances in Amazon VPC which are used to host several business applications. The Administrator noticed that there are some instances where their CPU credits go down to zero during peak processing times.

Which of the following can solve this issue? (Select TWO.)

Answer 31

– Change instance type to T2 Unlimited.

– Upgrade to a higher instance type.

NOT Manually allocating higher CPU credits to each EC2 instances is incorrect because you cannot manually allocate CPU Credits as this is defined based on the type of instance.

Question 32

A company has a serverless batch processing application that comprises hundreds of individual batch jobs. Each batch job is executed on a single Lambda function invocation. The company’s system administrator must see to it that all 100 jobs can be run in parallel at all times.

What change should the administrator do?

Answer 32

Set the reserved concurrency for the function to 100.

Question 33

A SysOps Administrator has recently launched an On-Demand Amazon EC2 instance with a Microsoft Windows 2019 Amazon Machine Image (AMI). The Administrator tried to connect to the instance via a Remote Desktop Protocol (RDP) on port 3389 but the connection always fails. In an attempt to troubleshoot the issue, the Administrator deploys a second EC2 instance from a different AMI using the same network configuration and is able to successfully connect to the instance. Same goes with the third and fourth EC2 instances with different AMIs with the same configuration.

Which of the following is the MOST suitable action to do in order to troubleshoot the first instance and identify the root cause?

Answer 33

gather operating system log files for analysis using the EC2Rescue tool.

NOT Gathering operating system log files for analysis using Amazon Inspector

Question 34

A supply chain application is hosted on a large EC2 instance with multiple SSD-backed, General Purpose-type EBS volumes. The instance contains an entire set of logistics data with a total of over 10 TB. You have to increase the IOPS of the volume to improve its performance.

Which of the following options can help you accomplish this? (Select TWO.)

Answer 34

– Switch the EBS Volume to use Provisioned IOPS.

– Set up the volumes in a RAID 0 configuration.

Question 35

A leading telecommunications company has a hybrid cloud architecture that runs its online services. In order to optimize the use of their cloud resources and to save costs, your manager requested for you to analyze their existing architecture and perform the necessary tasks to make it cost-effective.

Which of the following options will help reduce your costs on your AWS usage? (Select TWO.)

Answer 35

– Consider purchasing Reserved EC2 instances for specific workloads which are expected to run continuously for more than a year.

– Consider deleting idle EBS volumes which are not attached to any EC2 instances.