1. You have spun up an EC2 Linux instance with an instance storage root volume. You also attached an EBS for the database. When you stop the instances, what happens to the data on the root volume?

A. When we stop the instance, the data on the root volume will be deleted.

B. When we stop the instance, the data on the root volume is copied to the EBS volume.

C. When we stop the instance, the data on the root volume is automatically saved as an EBS snapshot.

D. When we stop the instance, the data on the root volume will be available again only after we start the same exact EC2 instance ID.

2. You are running a Linux EC2 instance and need to determine the public IP addresses from the operating system. How can that be done?

A. Use the AWS CLI to query CloudWatch for the IPAddr metric.

B. Use the ifconfig command in the operating system.

C. It is not possible to determine the public IP from the operating system, as it is assigned on the router.

D. Use curl to read the local instance metadata.

3. You have created an ELB, an EC2 Auto Scaling cluster, and an ELB health check for the /healthcheck.php page. Due to a traffic increase, your application is scaling out, but all new instances are showing as unhealthy in the ELB health check. You don't want to run unhealthy instances in your cluster, but they are not being terminated automatically. You are at your Auto Scaling maximum and need to take action quickly. How can you ensure that any unhealthy EC2 instances are terminated and replaced with healthy ones?

A. Check the thresholds of the Auto Scaling group health check.

B. Check the load balancing health check page on the instances.

C. Raise the health check interval set on the ELB.

D. Set up a new health check on the ELB with TCP checks.

4. You need to migrate an EC2 Linux instance with a root EBS volume containing a database from one Availability Zone (AZ) to another. What would be the right approach to perform this action?

A. Shut down the instance. Create a new volume in the other AZ. Specify the EC2 instance's volume as the origin. Start the instance in the new AZ with the new volume.

B. Create a snapshot of the instance. Use the c2-migrate-volume command to move the EBS volume to the other AZ. Start an instance from the copied volume.

C. Shut down the instance. Create an AMI from the instance. Start a new instance from the AMI in the other AZ.

D. Shut down the instance. Detach the volume. Attach it to any other EC2 instance in the other AZ.

5. You decide to design a VPC. Which options would not be available for your subnets? Choose all that apply:

A. You will be able to map one subnet to one AZ.

B. You can assign a CIDR as small as /28 to the subnet.

C. You don't need routing for the private subnet, as the internet is available by default.

D. Routing between all subnets in a VPC is enabled by default.

E. You will be able to map one subnet to two AZs for high availability.

6. You are running a stateless application on one EC2 c5-8xlarge instance. When traffic increases, the application stops responding. You store the state of the application in a DynamoDB table that is always below the provisioned RCUs and WCUs. How could you fix this issue?

A. Create an ELB. Create an Auto Scaling group that adds another c5-8xlarge instance when the load is high.

B. The instance needs to be in the same AZ as the DynamoDB table.

C. Cache the database queries in ElastiCache.

D. Move the database from DynamoDB to RDS MySQL in a Multi-AZ configuration.

7. You are automating database backup and recovery activities. You would like to use as many AWS-managed solutions as you can, but could use AWS CLI and scripts to do the rest. Identify the task that is best performed by a script:

A. Regularly creating and rotating EBS snapshots

B. Regularly creating and rotating RDS snapshots

C. Regularly detecting and stopping unused or underutilized EC2 instances

D. Regularly attaching elastic IP addresses to EC2 instances

8. Your physical security system has a video component that produces hundreds of video files on-premises every day with a total size of around 300 GB. The files need to be uploaded to Amazon S3 every night in a fixed time window between 1 a.m. and 5 a.m., but the upload takes over 8 hours. The upload is consuming less than a quarter of the available bandwidth. What needs to be done to make sure the files are uploaded during the time window?

A. Add a VGW and create a VPN connection to increase your network performance.

B. Upload the files in parallel to S3.

C. Compress the files into a single archive – this will reduce the size of the upload and make it run faster.

D. Use AWS Snowball for this operation on a weekly basis.

9. You need to point your domain's zone apex FQDN (for example, www.markocloud.com) to an application sitting behind an ELB. Which option should you choose?

A. Use an Amazon Route 53 Alias record.

B. Use an Amazon Route 53 PTR record.

C. Use an Amazon Route 53 CNAME record.

D. Use an Amazon Route 53 A record.

10. You need to design a bastion or jump instance. The requirement is that you set up a Windows instance with RDS enabled. Once logged into the instance, you will be able to use PuTTY to SSH to the hosts running in EC2. You need to make sure the instance can be recovered if it fails automatically:

A. Run two bastion instances, one in each AZ for redundancy.

B. Run the bastion on an active instance in one AZ and have an AMI ready to boot up in the event of failure.

C. Configure the bastion instance in an Auto Scaling group. Specify the Auto Scaling group to include multiple AZs, but have a min-size of 1 and max-size of 1.

D. Configure an ELB in front of a single bastion instance.

11. You are migrating an on-premises application deployed with Chef Automation to AWS. What would be the approach that would have the least management overhead?

A. Use OpsWorks to deploy the application in a new stack with the existing chef recipes.

B. Use Elastic Beanstalk's Chef import feature to import the configuration into a new environment.

C. Deploy a Linux instance and install Chef community on EC2. Import your Chef recipes to the newly deployed Chef server.

D. Deploy a Linux instance and install Chef community on EC2. Use the AWS CLI to automate the deployment.

12. Which of the following are true regarding Amazon S3? Choose two:

A. Objects are directly accessible via a URL.

B. S3 is the perfect data-store for a relational database.

C. Objects stored in S3 can have unlimited size.

D. You can store an unlimited number of objects in S3.

E. Provisioned IOPS is a feature of S3.

13. You are inserting costume metrics into CloudWatch from an EC2 instance. You need to assign permissions to the EC2 instance to be able to write to CloudWatch. Which approach would be correct?

A. Create an IAM role and assign the role to the instance.

B. Create an IAM user and inject the user's credentials into the instance metadata.

C. Create an IAM policy and assign the policy to the instance.

D. Create an IAM user and use the /root/.aws/credentials file to allow the instance to use the correct credentials for CloudWatch.

14. Which AWS allows you to create a daily backup that can be maintained for up to 35 days?

A. S3 Standard

B. RDS

C. EBS

D. S3 RRS

15. What is an EC2 placement group?

A. A cluster of Auto Scaling groups that can communicate with high bandwidth and low latency

B. A cluster of EC2 instances that can communicate with high bandwidth and low latency

C. A cluster of ELBs that can communicate with high bandwidth and low latency

D. A cluster of CloudFront edge locations that can communicate with high bandwidth and low latency

16. Your application creates daily DynamoDB tables in multiple AWS regions. You are required to maintain watch over the tables and be able to create a daily report of the total number of throttled requests for your application. What is the correct way to do this?

A. Use AWS CLI to retrieve metrics from DynamoDB. Pool the data into an CSV file and import the custom metrics into a custom dashboard in CloudWatch.

B. Use SNMP to retrieve metrics from DynamoDB. Pool the data into your SNMP server, extract the data in a text file, and import the custom metrics into a custom dashboard in CloudWatch.

C. Tag your DynamoDB tables and use the tag as the dimension for a custom dashboard in CloudWatch.

D. Attach a CloudWatch agent to DynamoDB and use the agent data as the dimension for a custom dashboard in CloudWatch.

17. You are operating an Auto Scaling chat application in AWS behind a load balancer. Each instance is able to handle the load of approximately 100,000 users. Your application has steadily grown to almost a million users. Your company has secured VC funding and is rolling out a huge marketing campaign in one week's time. You are expecting the application to go viral after this. The marketing projections show that you have so far had about 8% engagement and the marketing has been sent out to the whole US. You estimate that you might need anything up to 300 instances to be able to handle traffic . What should you do to avoid potential service disruptions during the ramp up in traffic?

A. Make sure to get 300 Elastic IP addresses.

B. Check the service limits in EC2 and request a limit increase if necessary.

C. In Auto Scaling group, set a maximum of 300 instances a few minutes prior to the launch of the marketing campaign.

D. In Auto Scaling group, set a desired number of 300 instances an hour prior to the launch of the marketing campaign.

18. You have a VPC. It has one internet gateway and one ELB. You have created two private and two public subnets in two availability zones. You have an Auto Scaling group of EC2 instances with half the instances in each of the public subnets. You have a MySQL RDS instance deployed in Multi-AZ mode in the private subnets. What else do you need to add to make this architecture highly available?

A. Nothing.

B. Attach a second internet gateway to the VPC.

C. Attach a second Elastic Load Balancer to the Auto Scaling group.

D. Attach a second Multi-AZ RDS and configure synchronous replication, as Multi-AZ is asynchronous.

19. Your cloud adoption business driver is access to programmable infrastructure. You have been tasked to develop an Infrastructure as Code (IaC) strategy for your company that would enable you to deploy the development, test, QA, and production environments from the same Infrastructure as Code document. Which approach addresses this requirement?

A. Deploy an OpsWorks server into EC2. Use environment tags, such as development and test, to identify the environments and store the IaC document in the tag. Use the OpsWorks server to manage your EC2 instances.

B. Deploy your servers manually. Use environment tags such as development and test to identify the environment and store the IaC document in the tag. Use the tags to deploy and manage your infrastructure.

C. Use Elastic Beanstalk. Store the IaC document in Git. Deploy and manage your EC2 instances with Elastic Beanstalk.

D. Use CloudFormation. Store the IaC document in Git. Deploy and manage your EC2 instances with CloudFormation.

20. Your development team needs to deliver infrastructure for an application that can receive up to millions of messages per second and process them at a regular pace. EC2 will be used to run the application that will process the messages and SQS will be the receiver. You want to ensure your application has sufficient bandwidth to be able to receive the messages and process them as the numbers of messages increase. Which of the following should you do?

A. Make sure the EC instances are connected behind an Elastic Load Balancer.

B. Make sure that the EC2 instances are launched with the appropriate network interface attached.

C. Make sure the instances all have a public IP assigned.

D. Make sure you launch the instances in an Auto Scaling group and have Auto Scaling triggers configured to match the number of messages in the SQS queue.

21. Your developers are implementing a centralized MySQL database that will be used by all your enterprise applications. Regular analytics jobs are likely to cause the database to become unavailable to other applications due to the complex nature of the analytics jobs. As your data grows, these analytics jobs will start to take more time, increasing the negative effect on the other applications. How do you solve the contention issues between these different workloads on the same data?

A. Enable Multi-AZ mode on the RDS instance. Point the analytics jobs to the standby DB.

B. Use ElastiCache to offload the analytics job data. Point the analytics jobs to the ElastiCache.

C. Create RDS read replicas. Point the analytics jobs to the read replicas.

D. Run the RDS instance on an x1-16xlarge instance type. Deliver the required centralization from the single database.

22. You are reviewing your company's infrastructure on AWS. While reviewing your web applications behind ELBs, you notice one application that has an Auto Scaling group with 10 instances. All 10 instances are running in the same Availability Zone. What do you need to fix to balance the instances across AZs for high availability?

A. Modify the ELB AZ attachments. The ELB will auto-balance the instances.

B. Modify the Auto Scaling group to launch into multiple AZs. Make sure the ELB is set with cross-zone balancing enabled.

C. Copy your AMI to the other AZ and run a re-balance operation on the Auto Scaling group.

D. Increase the maximum size of the Auto Scaling Group to 20. This will create 10 more instances in another AZ.

23. You are running an ELB, three EC2 servers, and one MySQL RDS with multiple read replicas and S3 for static files. Your application has started to perform badly. Which CloudWatch metrics would point to the database as the problem? Choose all that apply:

A. Outstanding I/Os

B. Write latency

C. Amount of space used by binary logs

D. Lag time of read replicas

E. High average of disk I/Os

24. You have three teams. Each team has one AWS account. You set a monthly budget to each team. What can you do to be aware of the costs and make sure the budget isn't exceeded?

A. Use AWS Consolidated Billing to get a unified bill.

B. Use CloudWatch alarms using SNS in each account. Create a notification based on the price and number of instances.

C. Use CloudWatch billing alerts in each account. Create a notification when the budget amount is spent.

D. Use CloudWatch billing alerts in each account. Create separate notifications at 50%, 75%, and 90% of the budget amount spend.

25. You have a Multi-AZ RDS deployed and the primary RDS instance fails. How can you recover from the failure?

A. The automatic process of switching the IP of the primary RDS instance is performed on the standby RDS instance, and the traffic resumes as soon as the IP is switched.

B. You need to manually create a new RDS instance in the standby AZ and resume RDS traffic.

C. The automatic process that changes the CNAME record from primary to standby and the traffic resumes as soon as the CNAME is switched.

D. You need to manually reboot the primary RDS instance.

26. You are required to maintain your data across two data centers for 99.99% availability. Your business will start storing data on Amazon S3. How can you ensure the 99.99% uptime requirement is met?

A. Clone the data among two S3 buckets in different regions, using the CLI.

B. S3 data is automatically replicated between regions so you don't need to worry.

C. Clone the data among two S3 buckets in different data centers within the same region using the CLI.

D. S3 data is automatically replicated between multiple data centers within a region, so you don't need to worry.

27. You are hosting a WordPress site with a forum. The forum sometimes becomes really busy when a hot topic is started and the whole site slows down. You have identified the RDS database as the component that is slowing down your site. What could you do to reduce the load on the site and make sure the site performs well even when the forum is hot? Choose 3 answers:

A. Use CloudFront to cache the static content in the forum.

B. Use RDS read replicas for all the read traffic to your database.

C. Use ElastiCache to cache the most frequently used data.

D. Use an SQS to queue up the requests for the forum and offload the database.

E. Use Route 53 health checks to fail over to an S3 bucket with the static content when traffic is high.

28. You are storing session state and caching database queries in a Memcached cluster, deployed via ElastiCache. You notice a high number of Evictions and GetMisses in the ElastiCache metrics. How can you fix this situation?

A. Increase the number of nodes in your cluster.

B. Shrink the number of nodes in your cluster.

C. Shrink the size of nodes in your cluster.

D. Increase the size of the nodes in the cluster.

29. You have two EC2 in a VPC in the same AZ in different subnets. You want to confirm that the two instances are able to communicate. How can you confirm the VPC settings are correct? Choose two:

A. Check that the NACL allows communication between the two subnets.

B. Check that both instances are of the same type, as they will also have a network adapter in the same zone.

C. Check the NAT instance and IGW are properly configured.

D. Check that the Security Groups allow communication between the two instances on the appropriate ports.

30. What feature would provide your EC2 instances with low inter-node latency?

A. AWS Direct Connect

B. Placement Groups

C. VPC private subnets

D. EC2 Dedicated Instances

31. You have an application on an EC2 instance that is running in the default VPC. The application needs to be PCI compliant and needs to be moved to dedicated hardware. How can this be done in the simplest manner?

A. Create a dedicated VPC and migrate the instance to the new VPC.

B. Use the AWS CLI with ec2-configure-instances and set the parameter as dedicated=true.

C. Change the properties of the instance and check the box for dedicated tenancy.

D. Stop the instance, create an AMI, launch a new instance with tenancy=dedicated, and terminate the old instance.

32. You have created a VPC with a public subnet, an IGW, and a security group allowing port 22 traffic. You start up a Linux instance with a public IP and try to SSH to it, but you are not able to. The instance is reporting as healthy and should be reachable. What would you check next to try and resolve the issue?

A. The configuration of a NAT instance

B. The configuration of the routing table

C. The configuration of IGW

D. The configuration of VGW

33. Your application can only work with hardcoded IP addresses and is unable to resolve DNS. You set up an EC2 instance and enter the public IP of the instance in the application. The application works. You test the recovery strategy but discover that each time the instance is stopped or a new instance is created to replace it, a new public IP is assigned to it. How can you set up a static IP so that it can be hardcoded into the application, while also being able to fail over to new instance? 

A. Use an ELB and an Elastic IP. Hardcode the ELB public IP into the application.

B. Use an ENI and an Elastic IP. Hardcode the ENI elastic IP into the application.

C. Use an EFS adapter for the hardcoded IP configuration and move it to the failover instance.

D. This is not possible. The application with the hardcoded IP will need to be rebuilt.

34. Your EC2 windows application in AWS is constantly getting hit by port scans. Your network team has identified the IP address block from where the port scans are coming. No valid traffic has ever come from that IP address block, so you would like to deny access. How can you easily do this in AWS?

A. Modify the Windows Firewall setting across all EC2 hosts to deny access from the IP address block.

B. Modify the Windows Firewall settings across all public EC2 hosts to deny access from the IP address block.

C. Modify the access rule to all of the VPC Security Groups to deny access from the IP address block.

D. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block.

35. You are running web servers in an Auto Scaling group behind an ELB. The web servers store their data in an RDS layer. You would like to understand shared security between you and AWS. What part of security is AWS responsible for?

A. Protect the EC2 instance network with an operating system firewall configuration.

B. Protect the EC2 instance network against IP spoofing or packet sniffing.

C. Protect the EC2 instance network with encryption.

D. Protect the EC2 instance operating system by installing security patches.

36. While automating administration tasks, you have noticed that some AWS services can deliver fully functional services with a built-in setting. Which of these would represent such a service? Choose all that apply:

A. Creating daily EBS backups

B. Creating daily RDS backups

C. Creating daily S3 bucket snapshots

D. Creating daily EC2 snapshots

37. You are implementing a monitoring solution in AZ A that will be pinging EC2 instances with the ICMP protocol across all the subnets in all AZs in the same VPC. How do we enable the monitoring instance to ping the EC2 instances in the most effective manner?

A. This is not possible, as ICMP can not traverse AZs.

B. Put the monitoring instance and the application instances into the same security group. Allow inbound ICMP to the security group from the monitoring instance public IP.

C. Put the monitoring instance and the application instances in separate security groups. Allow inbound ICMP to the application instance security group from the monitoring instance security group.

D. Put the monitoring instance and the application instances in separate security groups. Allow inbound ICMP to the application instance security group and outbound ICMP to the monitoring instance security group.

38. Your e-commerce application requires six servers to run on a daily basis but will be required to scale up to 18 when sales are on. Your application processes payments that may take up to 4 minutes to complete once initiated. What types of instance plan would you recommend to minimize costs while providing high availability?

A. 9 Reserved Instances and 9 On-Demand Instances

B. 6 Reserved Instances and 12 On-Demand Instances

C. 6 Reserved Instances, and 6 On-Demand Instances, and 6 Spot Instances

D. 3 Reserved Instances, and 3 On-Demand instances, and 12 Spot Instances

39. You are migrating your application to AWS. Your on-premises deployment mode uses Ansible as the configuration management tool. You need to make the transition as simple as possible and deliver a solution with the least management overhead. Which deployment option meets these requirements?

A. Create a new stack within OpsWorks for Ansible Automation and import the Ansible configuration to the layers of the stack.

B. Migrate your application to Elastic Beanstalk.

C. Launch EC2 instances through CloudFormation and then perform configuration management with your Ansible scripts.

D. Launch and configure an Ansible Server on an EC2 instance and launch the application via the AWS CLI.

40. You need to maintain SSH access into all the EC2 instances due to compliance regulations. Which service would allow you to do this? Choose two:

A. Amazon Elastic Map Reduce

B. Elastic Load Balancing

C. AWS Elastic Beanstalk

D. Amazon ElastiCache

E. Amazon Relational Database service

41. You are choosing a schema for the usernames for your organisation. Which would not be a valid IAM username to choose for the schema?

A. Marko.cloud

B. Marko@cloud

C. Marko=cloud

D. Marko#cloud

42. Your EC2 application is designed to perform a high number of read requests to other instances. A monitoring instance maintains a record of all calls and reports a custom metric to CloudWach. A CloudWatch alarm is set up that will trigger if any request fails more than three times within a 30-second period. The alarm notifies your incident response team, but you also need to enable an alarm on the monitoring instance if it becomes unhealthy. Which of the following is a simple way to enable this?

A. Run another monitoring instance that pings the primary monitoring instance and uses SNS to notify your incident response team if the primary monitoring instance fails.

B. Create an EC2 instance status check CloudWatch alarm and notify your incident response team if the monitoring instance fails.

C. Create an EC2 instance CPU usage CloudWatch alarm and notify your incident response team if the monitoring instance goes above the CPU usage threshold.

D. Create an Auto Scaling group of monitoring instances. Record the state of monitoring in a DynamoDB table. If any of the instances fail, the service will survive and the incident response team does not need to deal with this issue at all.

43. You need to design a solution to backup a 1 TB volume that stores about 850 GB of application data. The application server is put in maintenance mode and commits all the writes to disk. The maintenance window is between 1 a.m. and 3 a.m. every night. The backup needs to be completed within that window. The backup needs to be recoverable as a full volume within 1 hour of failure. What would be the simplest way to achieve this?

A. Take snapshots of the EBS volume during the maintenance window.

B. Use a third-party backup application to back the volume up to Amazon Glacier.

C. Back up all data to a single compressed archive on the same volume and store the archive to S3.

D. Create another 1 TB EBS volume in a second AZ. Attach it to the Amazon EC2 instance, and mirror the two disks.

44. You have an Auto Scaling IIS web application behind a load balancer that delivers news services to users. Whenever a breaking news story is released you start seeing 500 errors in the ELB logs. As soon as the number of connections decreases, the 500 errors go away. What could you do to fix this issue?

A. 500 errors mean your service is not optimized for the HTTP host type. Install Apache and rewrite your application for Apache.

B. 500 errors mean your service is overloaded. Increase the maximum site of the Auto Scaling group.

C. 500 errors are to be dealt with by AWS.

D. 500 errors can be ignored as the service is still responding to most requests and the errors go away.

45. You need to connect to external networks. Which component of the VPC will allow you to do this? Choose two:

A. EIP

B. NAT

C. IGW

D. VGW

46. An application is licensed based on a MAC address. You would like to migrate this application to AWS. What approach can you use to be able to use this application in AWS and make sure you don't have to get your license re-issued if the instance fails?

A. Use an ELB and register the ELB MAC to the license. Route the traffic to multiple backend instances that will verify the license against the ELB MAC.

B. Use an ENI and register the ENI MAC to the license. If the instance fails, attach the ENI to an instance restored from a backup of the original.

C. Write a script that changes the MAC in the operating system and apply the script to multiple instances. All of these instances will now be able to respond to requests for the licensed software.

D. This is not possible on AWS. You will need to ask the provider for a CloudVM license.

47. Your application uses cookies to track sessions. The application has grown and you now need to deploy multiple instances of the application behind an ELB in an Auto Scaling group. You enable sticky sessions on the ELB and deploy the Auto Scaling group. The system works great until, a few weeks in, you notice some servers in the Auto Scaling group are hitting 100% CPU utilization, while others are at almost zero. How can you configure the ELB to properly load balance the requests?

A. This is the ELB's normal behavior as the sessions from the same user are sent to the same instance.

B. This is not the ELB's normal behavior. Enable cross-zone load balancing.

C. This is not the ELB's fault. There must be a leak in your application's code.

D. This is the ELB's normal behavior. When using cookies, only one AZ can be used. Move the servers that have low utilization to the same AZ as the ones at 100% and the ELB will re-balance.

48. You are taking a snapshot of an EBS volume. What happens during the snapshot process?

A. The volume cannot be detached from an EC2 instance or attached to an EC2 instance.

B. The volume can be used in read-only mode.

C. The volume can be used in read-write mode.

D. The volume cannot be used until the snapshot completes.

49. You are required to maintain complete separation of duties between different teams so your company decided to create multiple accounts for the development, test, QA, and production teams. Along with these accounts, your company runs a master account for billing and operations. You need to make sure the billing department can easily consolidate costs across all teams. You also need to allow the operations engineers from the master department to gain administrative access to all other accounts:

A. Use the same credit card on all accounts to aggregate the billing to the credit card. For the operations team members, create a cross-account role in each account and allow the operations team to assume the role to perform maintenance tasks in the other accounts.

B. Use the same credit card on all accounts to aggregate the billing to the credit card. For the operations team members, create an administrative user in each account and distribute the credentials to the operations team so they can perform maintenance tasks in the other accounts.

C. Enable consolidated billing for the accounts and aggregate the billing in the master account. For the operations team members, create an administrative user in each account and distribute the credentials to the operations team so they can perform maintenance tasks in the other accounts.

D. Enable consolidated billing for the accounts and aggregate the billing in the master account. For the operations team members, create a cross-account role in each account and allow the operations team to assume the role to perform maintenance tasks in the other accounts.

50. Which of the following metrics require us to deliver a custom CloudWatch metric in EC2? Select all that apply:

A. Instance CPU utilization.

B. Instance memory utilization.

C. Instance network utilization.

D. CPU utilization per thread.

E. Network utilization of an ENI.

51. When designing permissions for users to perform certain tasks, which approach should we be using?

A. Least effort.

B. Least privilege.

C. Best effort.

D. All policies should be inline.

52. You have identified a need for strengthening the security of your AWS management console access. Which option would allow you to increase the security of your AWS account?

A. Configure MFA for IAM users.

B. Create IAM users with full privileges instead of using the root user.

C. Implement identity federation between a web identity provider (web IdP) and IAM, and use IdP accounts.

D. Allow management console-access only with access key and secret key ID.

53. CloudWatch custom metrics have some limitations. Which of these would you not be able to record in CloudWatch?

A. Data transfer on a virtual network adapter on Windows hosts.

B. Disk usage on C.

C. Memory utilization of Windows hosts.

D. CPU utilization of Windows hosts.

E. All of these can be delivered as custom metrics.

54. You have an application that requires the lowest latency possible between instances. You have spun up five instances in a cluster placement group and the application is working correctly. Now you need to double the size of the group. You try to deploy another five instances, but you are unable to put them in the same cluster placement group. How would you fix this?

A. Create an Auto Scaling group for the cluster placement group and set the desired number of instances to 10.

B. Change the cluster placement group desired size setting to 10.

C. Delete the five instances in the cluster placement group and redeploy with 10 instances.

D. It is not possible to increase the size of a cluster placement group.

55. Your application uses cookies to store sessions. You now need to create a cluster of instances behind an ELB due to increased volume in your application. You know sticky sessions are an option, but your developers say that they can store the sessions as key:value information in a centralized data-store. What AWS services would be suitable as a sessions storage backend? Choose all that apply:

A. ElastiCache

B. SessionCache

C. DynamoDB

D. ElastiSearch

E. Amazon Neptune 

56. You have a running instance that has previously been accessible via SSH and HTTP and has suddenly stopped working. No changes to any settings have been performed on EC2 or the network. You verify the security groups, IGW, VPC, and routing tables and see that everything is configured correctly. You look at the EC2 console and see a system status check showing impaired. What action would you perform to try and recover the instance?

A. Stop and start the instance. The operation is likely to fix the impaired system status.

B. Reboot your instance. The operation is likely to fix the impaired system status.

C. Add another dynamic private IP to the instance. The operation is likely to fix the impaired system status.

D. Add another ENI to the instance. The operation is likely to fix the impaired system status.

E. Terminate the instance and redeploy, as this is the only way to fix the impaired system status.

57. You are running a hybrid cloud infrastructure with applications that authenticate to LDAP in your on-premises environment via VPN. You are noticing the applications in AWS sometimes time out while authenticating and this is disrupting user's sessions. You need to continue using your LDAP on-premises deployment due to compliance reasons related to your business. How would you go about fixing this issue?

A. Create a second, independent LDAP directory in AWS and create the users that use the application also in this second LDAP.

B. Establish a Direct Connect connection alongside your VPN so your applications can authenticate against your existing on-premises LDAP servers faster.

C. Create a LDAP replica on AWS and configure your application to use the LDAP replica for authentication.

D. Create a second LDAP domain on AWS and establish a trust relationship between your new and existing domains and use the new domain for authentication.

58. Your application runs in us-west-1 region. Recently, an outage caused the application to be unavailable since the whole region was affected. The architects designed a solution with a smaller copy of the application running in us-west-2 region to prevent from this kind of outage and have the ability to fail over and scale out the secondary site. The secondary site must always be online and be able to respond to 10% of all requests. Which configuration would achieve that goal?

A. Route53 record sets with weighted routing policy

B. Route53 record sets with latency-based routing policy

C. Auto Scaling with scheduled scaling actions set

D. Elastic Load Balancing with health checks enabled

59. You have been asked to provide a recommendation on a design for a notification system in AWS. The application needs to be able to receive any number of messages and distribute them across a set of different services that accept requests on different protocols including SMS, email, HTTP, AMQP, JMS, and WebSocket. The solution needs to be unified and be able to deliver messages to systems in AWS and on-premises:

A. AWS would not be able to support the mix of protocols.

B. Use SNS to receive messages. Use SQS to distribute them on all the required protocols.

C. Use SNS to receive messages. Use SQS to deliver the SMS, email, and HTTP and a custom solution for AMQP, JMS, and WebSockets.

D. Use SNS to receive messages. Use SNS to deliver the SMS, email, and HTTP and a custom solution for AMQP, JMS, and WebSockets.

60. Your company is using S3 for storage of mission critical, sensitive data. A full regional EC2 outage in a separate region raised the question of whether the availability of S3 is enough to comply with the 99.9999% availability you are required to maintain for your data as per your SLA. Your engineers have come back from their research with different answers – which one is correct?

A. S3 has an availability of 99.999999999%, which is far better than the SLA. No action is required.

B. We would need to implement cross-region bucket replication on the mission-critical data to meet the SLA.

C. S3 has a durability of 99.999999999%. Even if the service is down, the data will survive, so no action is required. We will meet our 99.9999% SLA.

D. We need to create a static website and serve the bucket contents via CloudFront. This will be the cheapest solution and will replicate our bucket across the world via the CloudFront CDN.