AWS EC2 Exam Practice Questions:

 

1. What are the Amazon EC2 API tools?

  1. They don’t exist. The Amazon EC2 AMI tools, instead, are used to manage permissions.
  2. Command-line tools to the Amazon EC2 web service
  3. They are a set of graphical tools to manage EC2 instances.
  4. They don’t exist. The Amazon API tools are a client interface to Amazon Web Services.

[showhide type=”q1″ more_text=”Answer is…” less_text=”Show less…”]
2. Command-line tools to the Amazon EC2 web service
[/showhide]

 

2. When a user is launching an instance with EC2, which of the below mentioned options is not available during the instance launch console for a key pair?

  1. Proceed without the key pair
  2. Upload a new key pair
  3. Select an existing key pair
  4. Create a new key pair

[showhide type=”q2″ more_text=”Answer is…” less_text=”Show less…”]
2. Upload a new key pair
[/showhide]

 

3. A user has launched an EC2 instance from an instance store backed AMI. The infrastructure team wants to create an AMI from the running instance. Which of the below mentioned credentials is not required while creating the AMI?

  1. AWS account ID
  2. 509 certificate and private key
  3. AWS login ID to login to the console
  4. Access key and secret access key

[showhide type=”q3″ more_text=”Answer is…” less_text=”Show less…”]
3. AWS login ID to login to the console
[/showhide]

 

4. A user has launched an EC2 Windows instance from an instance store backed AMI. The user wants to convert the AMI to an EBS backed AMI. How can the user convert it?

  1. Attach an EBS volume to the instance and unbundle all the AMI bundled data inside the EBS
  2. A Windows based instance store backed AMI cannot be converted to an EBS backed AMI
  3. It is not possible to convert an instance store backed AMI to an EBS backed AMI
  4. Attach an EBS volume and use the copy command to copy all the ephemeral content to the EBS Volume

[showhide type=”q4″ more_text=”Answer is…” less_text=”Show less…”]
2. A Windows based instance store backed AMI cannot be converted to an EBS backed AMI
[/showhide]

 

5. A user has launched two EBS backed EC2 instances in the US-East-1a region. The user wants to change the zone of one of the instances. How can the user change it?

  1. Stop one of the instances and change the availability zone
  2. The zone can only be modified using the AWS CLI
  3. From the AWS EC2 console, select the Actions – > Change zones and specify new zone
  4. Create an AMI of the running instance and launch the instance in a separate AZ

[showhide type=”q5″ more_text=”Answer is…” less_text=”Show less…”]
4. Create an AMI of the running instance and launch the instance in a separate AZ.
[/showhide]

 




 

6. A user has launched a large EBS backed EC2 instance in the US-East-1a region. The user wants to achieve Disaster Recovery (DR) for that instance by creating another small instance in Europe. How can the user achieve DR?

  1. Copy the running instance using the “Instance Copy” command to the EU region
  2. Create an AMI of the instance and copy the AMI to the EU region. Then launch the instance from the EU AMI
  3. Copy the instance from the US East region to the EU region
  4. Use the “Launch more like this” option to copy the instance from one region to another

[showhide type=”q6″ more_text=”Answer is…” less_text=”Show less…”]
2. Create an AMI of the instance and copy the AMI to the EU region. Then launch the instance from the EU AMI.
[/showhide]

 

7. A user has launched an EC2 instance store backed instance in the US-East-1a zone. The user created AMI #1 and copied it to the Europe region. After that, the user made a few updates to the application running in the US-East-1a zone. The user makes an AMI#2 after the changes. If the user launches a new instance in Europe from the AMI #1 copy, which of the below mentioned statements is true?

  1. The new instance will have the changes made after the AMI copy as AWS just copies the reference of the original AMI during the copying. Thus, the copied AMI will have all the updated data
  2. The new instance will have the changes made after the AMI copy since AWS keeps updating the AMI
  3. It is not possible to copy the instance store backed AMI from one region to another
  4. The new instance in the EU region will not have the changes made after the AMI copy

[showhide type=”q7″ more_text=”Answer is…” less_text=”Show less…”]
4. The new instance in the EU region will not have the changes made after the AMI copy.
[/showhide]

 

8. George has shared an EC2 AMI created in the US East region from his AWS account with Stefano. George copies the same AMI to the US West region. Can Stefano access the copied AMI of George’s account from the US West region?

  1. No, copy AMI does not copy the permission
  2. It is not possible to share the AMI with a specific account
  3. Yes, since copy AMI copies all private account sharing permissions
  4. Yes, since copy AMI copies all the permissions attached with the AMI

[showhide type=”q8″ more_text=”Answer is…” less_text=”Show less…”]
1. No, copy AMI does not copy the permission.
[/showhide]

 

9. EC2 instances are launched from Amazon Machine images (AMIS). A given public AMI can:

  1. be used to launch EC2 Instances in any AWS region.
  2. only be used to launch EC2 instances in the same country as the AMI is stored.
  3. only be used to launch EC2 instances in the same AWS region as the AMI is stored.
  4. only be used to launch EC2 instances in the same AWS availability zone as the AMI is stored.

[showhide type=”q9″ more_text=”Answer is…” less_text=”Show less…”]
3. Only be used to launch EC2 instances in the same AWS region as the AMI is stored. An AMI is tied to the region where its files are located within Amazon S3. [/showhide]

 

10. Which of the following instance types are available as Amazon EBS-backed only? Choose 2 answers

  1. General purpose T2
  2. General purpose M3
  3. Compute-optimized C4
  4. Compute-optimized C3
  5. Storage-optimized 12

[showhide type=”q10″ more_text=”Answer is…” less_text=”Show less…”]
1. General Purpose T2   &    3. Compute-Optimized C4
[/showhide]

 




 
11. A t2.medium EC2 instance type must be launched with what type of Amazon Machine Image (AMI)?

  1. An Instance store Hardware Virtual Machine AMI
  2. An Instance store Paravirtual AMI
  3. An Amazon EBS-backed Hardware Virtual Machine AMI
  4. An Amazon EBS-backed Paravirtual AMI

[showhide type=”q11″ more_text=”Answer is…” less_text=”Show less…”]
3. An Amazon EBS-backed Hardware Virtual Machine AMI.
[/showhide]

 

12. You have identified network throughput as a bottleneck on your m1.small EC2 instance when uploading data Into Amazon S3 in the same region. How do you remedy this situation? Add an additional ENI

  1. Change to a larger Instance
  2. Use DirectConnect between EC2 and S3
  3. Use EBS PIOPS on the local volume

[showhide type=”q12″ more_text=”Answer is…” less_text=”Show less…”]
1. Change to a larger instance.
[/showhide]

 

13. You are using an m1.small EC2 Instance with one 300 GB EBS volume to host a relational database. You determined that write throughput to the database needs to be increased. Which of the following approaches can help achieve this? Choose 2 answers

  1. Use an array of EBS volumes (Striping to increase throughput)
  2. Enable Multi-AZ mode.
  3. Place the instance in an Auto Scaling Groups
  4. Add an EBS volume and place into RAID 5
  5. Increase the size of the EC2 Instance.
  6. Put the database behind an Elastic Load Balancer.

[showhide type=”q13″ more_text=”Answer is…” less_text=”Show less…”]
1. Use an array of EBS volumes & 5. Increase the size of the EC2 instance. [/showhide]

 

14. You are tasked with setting up a cluster of EC2 Instances for a NoSQL database. The database requires random read IO disk performance up to a 100,000 IOPS at 4KB block side per node. Which of the following EC2 instances will perform the best for this workload?

  1. A High-Memory Quadruple Extra Large (m2.4xlarge) with EBS-Optimized set to true and a PIOPs EBS volume
  2. A Cluster Compute Eight Extra Large (cc2.8xlarge) using instance storage
  3. High I/O Quadruple Extra Large (hi1.4xlarge) using instance storage
  4. A Cluster GPU Quadruple Extra Large (cg1.4xlarge) using four separate 4000 PIOPS EBS volumes in a RAID 0 configuration

[showhide type=”q14″ more_text=”Answer is…” less_text=”Show less…”]
3. High I/O Quadruple Extra Large (hil.4xlarge) using instance storage
[/showhide]

 

15. If I want my instance to run on a single-tenant hardware, which value do I have to set the instance’s tenancy attribute to?

  1. dedicated
  2. isolated
  3. one
  4. reserved

[showhide type=”q15″ more_text=”Answer is…” less_text=”Show less…”]
1. Dedicated
[/showhide]

 



 

16. You have a video transcoding application running on Amazon EC2. Each instance polls a queue to find out which video should be transcoded, and then runs a transcoding process. If this process is interrupted, the video will be transcoded by another instance based on the queuing system. You have a large backlog of videos, which need to be transcoded, and would like to reduce this backlog by adding more instances. You will need these instances only until the backlog is reduced. Which type of Amazon EC2 instances should you use to reduce the backlog in the most cost efficient way?

  1. Reserved instances
  2. Spot instances
  3. Dedicated instances
  4. On-demand instances

[showhide type=”q16″ more_text=”Answer is…” less_text=”Show less…”]
2. Spot instances
[/showhide]

 

17. The one-time payment for Reserved Instances is __________ refundable if the reservation is cancelled.

  1. always
  2. in some circumstances
  3. never

[showhide type=”q17″ more_text=”Answer is…” less_text=”Show less…”]
3. Never
[/showhide]

 

18. You run a web application where web servers on EC2 Instances are In an Auto Scaling group Monitoring over the last 6 months shows that 6 web servers are necessary to handle the minimum load. During the day up to 12 servers are needed Five to six days per year, the number of web servers required might go up to 15. What would you recommend to minimize costs while being able to provide hill availability?

  1. 6 Reserved instances (heavy utilization). 6 Reserved instances (medium utilization), rest covered by On-Demand instances
  2. 6 Reserved instances (heavy utilization). 6 On-Demand instances, rest covered by Spot Instances
  3. 6 Reserved instances (heavy utilization) 6 Spot instances, rest covered by On-Demand instances
  4. 6 Reserved instances (heavy utilization) 6 Reserved instances (medium utilization) rest covered by Spot instances

[showhide type=”q18″ more_text=”Answer is…” less_text=”Show less…”]
1. 6 Reserved instances (heavy utilization). 6 Reserved instances (medium utilization), rest covered by On-Demand instances
[/showhide]

 

19. A user is running one instance for only 3 hours every day. The user wants to save some cost with the instance. Which of the below mentioned Reserved Instance categories is advised in this case?

  1. The user should not use RI; instead only go with the on-demand pricing
  2. The user should use the AWS high utilized RI
  3. The user should use the AWS medium utilized RI
  4. The user should use the AWS low utilized RI

[showhide type=”q19″ more_text=”Answer is…” less_text=”Show less…”]
1. The user should not use RI; instead only go with the on-demand pricing
[/showhide]

 

20. Which of the following are characteristics of a reserved instance? Choose 3 answers

  1. It can be migrated across Availability Zones
  2. It is specific to an Amazon Machine Image (AMI)
  3. It can be applied to instances launched by Auto Scaling
  4. It is specific to an instance Type
  5. It can be used to lower Total Cost of Ownership (TCO) of a system

[showhide type=”q20″ more_text=”Answer is…” less_text=”Show less…”]
1. It can be migrated across Availability Zones

3.It can be applied to instances launched by Auto Scaling

5.It can be used to lower Total Cost of Ownership (TCO) of a system[/showhide]

 



 

21. You have a distributed application that periodically processes large volumes of data across multiple Amazon EC2 Instances. The application is designed to recover gracefully from Amazon EC2 instance failures. You are required to accomplish this task in the most cost-effective way. Which of the following will meet your requirements?

  1. Spot Instances
  2. Reserved instances
  3. Dedicated instances
  4. On-Demand instances

[showhide type=”q21″ more_text=”Answer is…” less_text=”Show less…”]
1. Spot Instances
[/showhide]

 

22. Can I move a Reserved Instance from one Region to another?

  1. No
  2. Only if they are moving into GovCloud
  3. Yes
  4. Only if they are moving to US East from another region

[showhide type=”q22″ more_text=”Answer is…” less_text=”Show less…”]
1. No
[/showhide]

 

23. An application you maintain consists of multiple EC2 instances in a default tenancy VPC. This application has undergone an internal audit and has been determined to require dedicated hardware for one instance. Your compliance team has given you a week to move this instance to single-tenant hardware. Which process will have minimal impact on your application while complying with this requirement?

  1. Create a new VPC with tenancy=dedicated and migrate to the new VPC
  2. Use ec2-reboot-instances command line and set the parameter “dedicated=true”
  3. Right click on the instance, select properties and check the box for dedicated tenancy
  4. Stop the instance, create an AMI, launch a new instance with tenancy=dedicated, and terminate the old instance

[showhide type=”q23″ more_text=”Answer is…” less_text=”Show less…”]
4. Stop the instance, create an AMI, launch a new instance with tenancy=dedicated, and terminate the old instance  [/showhide]

 

24. What does Amazon EC2 provide?

    1. Virtual servers in the Cloud
    2. A platform to run code (Java, PHP, Python), paying on an hourly basis.
    3. Computer Clusters in the Cloud.
    4. Physical servers, remotely managed by the customer.

[showhide type=”q24″ more_text=”Answer is…” less_text=”Show less…”]
1. Virtual servers in the Cloud  [/showhide]

 

25. A user has enabled termination protection on an EC2 instance. The user has also set Instance initiated shutdown behavior to terminate. When the user shuts down the instance from the OS, what will happen?

    1. The OS will shutdown but the instance will not be terminated due to protection
    2. It will terminate the instance
    3. It will not allow the user to shutdown the instance from the OS
    4. It is not possible to set the termination protection when an Instance initiated shutdown is set to Terminate

[showhide type=”q25″ more_text=”Answer is…” less_text=”Show less…”]
2. It will terminate the instance  [/showhide]

 



 

26. A user has launched an EC2 instance and deployed a production application in it. The user wants to prohibit any mistakes from the production team to avoid accidental termination. How can the user achieve this?

    1. The user can the set DisableApiTermination attribute to avoid accidental termination
    2. It is not possible to avoid accidental termination
    3. The user can set the Deletion termination flag to avoid accidental termination
    4. The user can set the InstanceInitiatedShutdownBehavior flag to avoid accidental termination

[showhide type=”q26″ more_text=”Answer is…” less_text=”Show less…”]
1. The user can the set DisableApiTermination attribute to avoid accidental termination  [/showhide]

 

27. You have been doing a lot of testing of your VPC Network by deliberately failing EC2 instances to test whether instances are failing over properly. Your customer who will be paying the AWS bill for all this asks you if he being charged for all these instances. You try to explain to him how the billing works on EC2 instances to the best of your knowledge. What would be an appropriate response to give to the customer in regards to this?

  1. Billing commences when Amazon EC2 AMI instance is completely up and billing ends as soon as the instance starts to shutdown.
  2. Billing commences when Amazon EC2 initiates the boot sequence of an AMI instance and billing ends when the instance shuts down.
  3. Billing only commences only after 1 hour of uptime and billing ends when the instance terminates.
  4. Billing commences when Amazon EC2 initiates the boot sequence of an AMI instance and billing ends as soon as the instance starts to shutdown.

[showhide type=”q27″ more_text=”Answer is…” less_text=”Show less…”]
2. Billing commences when Amazon EC2 initiates the boot sequence of an AMI instance and billing ends when the instance shuts down.  [/showhide]

 

28. When you view the block device mapping for your instance, you can see only the EBS volumes, not the instance store volumes.

    1. Depends on the instance type
    2. FALSE
    3. Depends on whether you use API call
    4. TRUE

[showhide type=”q28″ more_text=”Answer is…” less_text=”Show less…”]
4. TRUE.  [/showhide]

 

29. Amazon EC2 provides a repository of public data sets that can be seamlessly integrated into AWS cloud-based applications. What is the monthly charge for using the public data sets?

    1. A 1 time charge of 10$ for all the datasets.
    2. 1$ per dataset per month
    3. 10$ per month for all the datasets
    4. There is no charge for using the public data sets

[showhide type=”q29″ more_text=”Answer is…” less_text=”Show less…”]
4. There is no charge for using the public data sets  [/showhide]

 

30. How many types of block devices does Amazon EC2 support?

    1. 2
    2. 4
    3. 3
    4. 1

[showhide type=”q30″ more_text=”Answer is…” less_text=”Show less…”]
1. 2.  [/showhide]

 

31. You are responsible for a legacy web application whose server environment is approaching end of life. You would like to migrate this application to AWS as quickly as possible, since the application environment currently has the following limitations: The VM’s single 10GB VMDK is almost full. The virtual network interface still uses the 10Mbps driver, which leaves your 100Mbps WAN connection completely underutilized. It is currently running on a highly customized Windows VM within a VMware environment: You do not have the installation media. This is a mission critical application with an RTO (Recovery Time Objective) of 8 hours. RPO (Recovery Point Objective) of 1 hour. How could you best migrate this application to AWS while meeting your business continuity requirements?

    1. Use the EC2 VM Import Connector for vCenter to import the VM into EC2
    2. Use Import/Export to import the VM as an EBS snapshot and attach to EC2.
    3. Use S3 to create a backup of the VM and restore the data into EC2.
    4. Use the ec2-bundle-instance API to Import an Image of the VM into EC2

[showhide type=”q31″ more_text=”Answer is…” less_text=”Show less…”]
1. Use the EC2 VM Import Connector for vCenter to import the VM into EC2.  [/showhide]

 

32. You are tasked with moving a legacy application from a virtual machine running inside your datacenter to an Amazon VPC. Unfortunately this app requires access to a number of on-premises services and no one who configured the app still works for your company. Even worse there’s no documentation for it. What will allow the application running inside the VPC to reach back and access its internal dependencies without being reconfigured? (Choose 3 answers)

    1. An AWS Direct Connect link between the VPC and the network housing the internal services
    2. An Internet Gateway to allow a VPN connection.
    3. An Elastic IP address on the VPC instance
    4. An IP address space that does not conflict with the one on-premises
    5. Entries in Amazon Route 53 that allow the Instance to resolve its dependencies’ IP addresses
    6. A VM Import of the current virtual machine

[showhide type=”q32″ more_text=”Answer is…” less_text=”Show less…”]
1. An AWS Direct Connect link between the VPC and the network housing the internal services.

4. An IP address space that does not conflict with the one on-premises

6. A VM Import of the current virtual machine

  [/showhide]

 

33. A user is launching an EC2 instance in the US East region. Which of the below mentioned options is recommended by AWS with respect to the selection of the availability zone?

    1. Always select the US-East-1-a zone for HA
    2. Do not select the AZ; instead let AWS select the AZ
    3. The user can never select the availability zone while launching an instance
    4. Always select the AZ while launching an instance

[showhide type=”q33″ more_text=”Answer is…” less_text=”Show less…”]
2. Do not select the AZ; instead let AWS select the AZ.  [/showhide]

 

34. You have multiple Amazon EC2 instances running in a cluster across multiple Availability Zones within the same region. What combination of the following should be used to ensure the highest network performance (packets per second), lowest latency, and lowest jitter? Choose 3 answers

    1. Amazon EC2 placement groups
    2. Enhanced networking
    3. Amazon PV AMI
    4. Amazon HVM AMI
    5. Amazon Linux
    6. Amazon VPC

[showhide type=”q34″ more_text=”Answer is…” less_text=”Show less…”]
2. Enhanced Networking.

4. Amazon HVM AMI

6. Amazon VPC

  [/showhide]

 

35. Regarding the attaching of ENI to an instance, what does ‘warm attach’ refer to?

    1. Attaching an ENI to an instance when it is stopped
    2. Attaching an ENI to an instance when it is running
    3. Attaching an ENI to an instance during the launch process

[showhide type=”q35″ more_text=”Answer is…” less_text=”Show less…”]
1. Attaching an ENI to an instance when it is stopped.  [/showhide]

 



 

36. Can I detach the primary (eth0) network interface when the instance is running or stopped?

    1. Yes, You can.
    2. You cannot
    3. Depends on the state of the interface at the time

[showhide type=”q36″ more_text=”Answer is…” less_text=”Show less…”]
2. You cannot.  [/showhide]

 

37. By default what are ENIs that are automatically created and attached to instances using the EC2 console set to do when the attached instance terminates?

    1. Remain as is
    2. Terminate
    3. Hibernate
    4. Pause

[showhide type=”q37″ more_text=”Answer is…” less_text=”Show less…”]
2. Terminate.  [/showhide]

 

38. Select the incorrect statement

    1. In Amazon EC2, the private IP addresses only returned to Amazon EC2 when the instance is stopped or terminated
    2. In Amazon VPC, an instance retains its private IP addresses when the instance is stopped.
    3. In Amazon VPC, an instance does NOT retain its private IP addresses when the instance is stopped
    4. In Amazon EC2, the private IP address is associated exclusively with the instance for its lifetime

[showhide type=”q38″ more_text=”Answer is…” less_text=”Show less…”]
3. In Amazon VPC, an instance does NOT retain its private IP addresses when the instance is stopped.  [/showhide]

 

39. To ensure failover capabilities, consider using a _____ for incoming traffic on a network interface”.

    1. primary public IP
    2. secondary private IP
    3. secondary public IP
    4. add on secondary IP

[showhide type=”q39″ more_text=”Answer is…” less_text=”Show less…”]
2. Secondary Private IP.  [/showhide]

 

40. Which statements are true about Elastic Network Interface (ENI)? (Choose 2 answers)

  1. You can attach an ENI in one AZ to an instance in another AZ
  2. You can change the security group membership of an ENI
  3. You can attach an instance to two different subnets within a VPC by using two ENIs
  4. You can attach an ENI in one VPC to an instance in another VPC

[showhide type=”q40″ more_text=”Answer is…” less_text=”Show less…”]
2. You can change the security group membership of an ENI.

3. You can attach an instance to two different subnets within a VPC by using two ENIs

  [/showhide]

 

41. A user is planning to host a web server as well as an app server on a single EC2 instance, which is a part of the public subnet of a VPC. How can the user setup to have two separate public IPs and separate security groups for both the application as well as the web server?

    1. Launch a VPC instance with two network interfaces. Assign a separate security group to each and AWS will assign a separate public IP to them.
    2. Launch VPC with two separate subnets and make the instance a part of both the subnets.
    3. Launch a VPC instance with two network interfaces. Assign a separate security group and elastic IP to them.
    4. Launch a VPC with ELB such that it redirects requests to separate VPC instances of the public subnet.

[showhide type=”q41″ more_text=”Answer is…” less_text=”Show less…”]
3. Launch a VPC instance with two network interfaces. Assign a separate security group and elastic IP to them.  [/showhide]

 

42. An organization has created multiple components of a single application for compartmentalization. Currently all the components are hosted on a single EC2 instance. Due to security reasons the organization wants to implement two separate SSLs for the separate modules although it is already using VPC. How can the organization achieve this with a single instance?

  1. Create a VPC instance, which will have both the ACL and the security group attached to it and have separate rules for each IP address.
  2. Create a VPC instance, which will have multiple network interfaces with multiple elastic IP addresses.
  3. You have to launch two instances each in a separate subnet and allow VPC peering for a single IP.
  4. Create a VPC instance, which will have multiple subnets attached to it and each will have a separate IP address.

[showhide type=”q42″ more_text=”Answer is…” less_text=”Show less…”]
2. Create a VPC instance, which will have multiple network interfaces with multiple elastic IP addresses.  [/showhide]

 

43. Your system automatically provisions EIPs to EC2 instances in a VPC on boot. The system provisions the whole VPC and stack at once. You have two of them per VPC. On your new AWS account, your attempt to create a Development environment failed, after successfully creating Staging and Production environments in the same region. What happened?

  1. You didn’t choose the Development version of the AMI you are using.
  2. You didn’t set the Development flag to true when deploying EC2 instances.
  3. You hit the soft limit of 5 EIPs per region and requested a 6th.
  4. You hit the soft limit of 2 VPCs per region and requested a 3rd.

[showhide type=”q43″ more_text=”Answer is…” less_text=”Show less…”]
3. You hit the soft limit of 5 EIPs per region and requested a 6th.  [/showhide]

 

44. A user has created a VPC with a public subnet. The user has terminated all the instances, which are part of the subnet. Which of the below mentioned statements is true with respect to this scenario?

  1. The user cannot delete the VPC since the subnet is not deleted
  2. All network interface attached with the instances will be deleted
  3. When the user launches a new instance it cannot use the same subnet
  4. The subnet to which the instances were launched with will be deleted

[showhide type=”q44″ more_text=”Answer is…” less_text=”Show less…”]
2. All network interface attached with the instances will be deleted.  [/showhide]

 

45. You launch an Amazon EC2 instance without an assigned AWS identity and Access Management (IAM) role. Later, you decide that the instance should be running with an IAM role. Which action must you take in order to have a running Amazon EC2 instance with an IAM role assigned to it?

    1. Create an image of the instance, and register the image with an IAM role assigned and an Amazon EBS volume mapping.
    2. Create a new IAM role with the same permissions as an existing IAM role, and assign it to the running instance.
    3. Create an image of the instance, add a new IAM role with the same permissions as the desired IAM role, and deregister the image with the new role assigned.
    4. Create an image of the instance, and use this image to launch a new instance with the desired IAM role assigned

[showhide type=”q45″ more_text=”Answer is…” less_text=”Show less…”]
2. Create a new IAM role with the same permissions as an existing IAM role, and assign it to the running instance.  [/showhide]

 



 

46. What does the following command do with respect to the Amazon EC2 security groups? ec2-revoke RevokeSecurityGroupIngress

    1. Removes one or more security groups from a rule.
    2. Removes one or more security groups from an Amazon EC2 instance.
    3. Removes one or more rules from a security group
    4. Removes a security group from our account.

[showhide type=”q46″ more_text=”Answer is…” less_text=”Show less…”]
3. Removes one or more rules from security.  [/showhide]

 

47. Which of the following cannot be used in Amazon EC2 to control who has access to specific Amazon EC2 instances?

    1. Security Groups
    2. IAM System
    3. SSH keys
    4. Windows passwords

[showhide type=”q47″ more_text=”Answer is…” less_text=”Show less…”]
2. IAM System.  [/showhide]

 

48. You must assign each server to at least _____ security group

    1. 3
    2. 2
    3. 4
    4. 1

[showhide type=”q48″ more_text=”Answer is…” less_text=”Show less…”]
4. 1.  [/showhide]

 

49. A company is building software on AWS that requires access to various AWS services. Which configuration should be used to ensure that AWS credentials (i.e., Access Key ID/Secret Access Key combination) are not compromised?

    1. Enable Multi-Factor Authentication for your AWS root account.
    2. Assign an IAM role to the Amazon EC2 instance
    3. Store the AWS Access Key ID/Secret Access Key combination in software comments.
    4. Assign an IAM user to the Amazon EC2 Instance.

[showhide type=”q49″ more_text=”Answer is…” less_text=”Show less…”]
2. Assign IAM role to the Amazon EC2 instance.  [/showhide]

 

50. Which of the following items are required to allow an application deployed on an EC2 instance to write data to a DynamoDB table? Assume that no security keys are allowed to be stored on the EC2 instance. (Choose 2 answers)

    1. Create an IAM Role that allows write access to the DynamoDB table
    2. Add an IAM Role to a running EC2 instance.
    3. Create an IAM User that allows write access to the DynamoDB table.
    4. Add an IAM User to a running EC2 instance.
    5. Launch an EC2 Instance with the IAM Role included in the launch configuration

[showhide type=”q50″ more_text=”Answer is…” less_text=”Show less…”]
1. Create an IAM Role that allows write access to the DynamoDB table.

2. Add an IAM Role to a running EC2 instance. [/showhide]

 

51. You have an application running on an EC2 Instance, which will allow users to download files from a private S3 bucket using a pre-assigned URL. Before generating the URL the application should verify the existence of the file in S3. How should the application use AWS credentials to access the S3 bucket securely?

    1. Use the AWS account access Keys the application retrieves the credentials from the source code of the application.
    2. Create a IAM user for the application with permissions that allow list access to the S3 bucket launch the instance as the IAM user and retrieve the IAM user’s credentials from the EC2 instance user data.
    3. Create an IAM role for EC2 that allows list access to objects in the S3 bucket. Launch the instance with the role, and retrieve the role’s credentials from the EC2 Instance metadata
    4. Create an IAM user for the application with permissions that allow list access to the S3 bucket. The application retrieves the IAM user credentials from a temporary directory with permissions that allow read access only to the application user.

[showhide type=”q51″ more_text=”Answer is…” less_text=”Show less…”]
3. Create an IAM role for EC2 that allows list access to objects in the S3 bucket. Launch the instance with the role, and retrieve the role’s credentials from the EC2 Instance metadata.  [/showhide]

 

52. A user has created an application, which will be hosted on EC2. The application makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK to connect with from the EC2 instance. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?

    1. The user should attach an IAM role with DynamoDB access to the EC2 instance
    2. The user should create an IAM user with DynamoDB access and use its credentials within the application to connect with DynamoDB
    3. The user should create an IAM role, which has EC2 access so that it will allow deploying the application
    4. The user should create an IAM user with DynamoDB and EC2 access. Attach the user with the application so that it does not use the root account credentials

[showhide type=”q52″ more_text=”Answer is…” less_text=”Show less…”]
1. The user should attach an IAM role with DynamoDB access to the EC2 instance.  [/showhide]

 

53. Your application is leveraging IAM Roles for EC2 for accessing object stored in S3. Which two of the following IAM policies control access to you S3 objects.

  1. An IAM trust policy allows the EC2 instance to assume an EC2 instance role.
  2. An IAM access policy allows the EC2 role to access S3 objects
  3. An IAM bucket policy allows the EC2 role to access S3 objects.
  4. An IAM trust policy allows applications running on the EC2 instance to assume as EC2 role
    1. An IAM trust policy allows applications running on the EC2 instance to access S3 objects.

[showhide type=”q53″ more_text=”Answer is…” less_text=”Show less…”]
1. An IAM trust policy allows the EC2 instance to assume an EC2 instance role. 

2. An IAM access policy allows the EC2 role to access S3 objects [/showhide]

 

54. You have an application running on an EC2 Instance, which will allow users to download files from a private S3 bucket using a pre-assigned URL. Before generating the URL the application should verify the existence of the file in S3. How should the application use AWS credentials to access the S3 bucket securely?

    1. Use the AWS account access Keys the application retrieves the credentials from the source code of the application.
    2. Create a IAM user for the application with permissions that allow list access to the S3 bucket launch the instance as the IAM user and retrieve the IAM user’s credentials from the EC2 instance user data.
    3. Create an IAM role for EC2 that allows list access to objects in the S3 bucket. Launch the instance with the role, and retrieve the role’s credentials from the EC2 Instance metadata
    4. Create an IAM user for the application with permissions that allow list access to the S3 bucket. The application retrieves the IAM user credentials from a temporary directory with permissions that allow read access only to the application user.

[showhide type=”q54″ more_text=”Answer is…” less_text=”Show less…”]
3. Create an IAM role for EC2 that allows list access to objects in the S3 bucket. Launch the instance with the role, and retrieve the role’s credentials from the EC2 Instance metadata.  [/showhide]

 

55. In the basic monitoring package for EC2, Amazon CloudWatch provides the following metrics:

    1. Web server visible metrics such as number failed transaction requests
    2. Operating system visible metrics such as memory utilization
    3. Database visible metrics such as number of connections
    4. Hypervisor visible metrics such as CPU utilization

[showhide type=”q55″ more_text=”Answer is…” less_text=”Show less…”]
4. Hypervisor visible metrics such as CPU utilization.  [/showhide]

 



 

56. Which of the following requires a custom CloudWatch metric to monitor?

    1. Memory Utilization of an EC2 instance
    2. CPU Utilization of an EC2 instance
    3. Disk usage activity of an EC2 instance
    4. Data transfer of an EC2 instance

[showhide type=”q56″ more_text=”Answer is…” less_text=”Show less…”]
1. Memory utilization of an EC2 instance.  [/showhide]

 

57. A user has configured CloudWatch monitoring on an EBS backed EC2 instance. If the user has not attached any additional device, which of the below mentioned metrics will always show a 0 value?

    1. DiskReadBytes
    2. NetworkIn
    3. NetworkOut
    4. CPUUtilization

[showhide type=”q57″ more_text=”Answer is…” less_text=”Show less…”]
1. DiskReadBytes.  [/showhide]

 

58. A user is running a batch process on EBS backed EC2 instances. The batch process starts a few instances to process Hadoop Map reduce jobs, which can run between 50 – 600 minutes or sometimes for more time. The user wants to configure that the instance gets terminated only when the process is completed. How can the user configure this with CloudWatch?

    1. Setup the CloudWatch action to terminate the instance when the CPU utilization is less than 5%
    2. Setup the CloudWatch with Auto Scaling to terminate all the instances
    3. Setup a job which terminates all instances after 600 minutes
    4. It is not possible to terminate instances automatically

[showhide type=”q58″ more_text=”Answer is…” less_text=”Show less…”]
1. Setup the CloudWatch action to terminate the instance when the CPU utilization is less than 5%.  [/showhide]

 

59. An AWS account owner has setup multiple IAM users. One IAM user only has CloudWatch access. He has setup the alarm action, which stops the EC2 instances when the CPU utilization is below the threshold limit. What will happen in this case?

    1. It is not possible to stop the instance using the CloudWatch alarm
    2. CloudWatch will stop the instance when the action is executed
    3. The user cannot set an alarm on EC2 since he does not have the permission
    4. The user can setup the action but it will not be executed if the user does not have EC2 rights

[showhide type=”q59″ more_text=”Answer is…” less_text=”Show less…”]
4. The user can setup the action but it will not be executed if the user does not have EC2 rights.  [/showhide]

 

60. A user has launched 10 instances from the same AMI ID using Auto Scaling. The user is trying to see the average CPU utilization across all instances of the last 2 weeks under the CloudWatch console. How can the user achieve this?

    1. View the Auto Scaling CPU metrics
    2. Aggregate the data over the instance AMI ID
    3. The user has to use the CloudWatchanalyser to find the average data across instances
    4. It is not possible to see the average CPU utilization of the same AMI ID since the instance ID is different

[showhide type=”q60″ more_text=”Answer is…” less_text=”Show less…”]
1. View the Auto Scaling CPU metrics.  [/showhide]

 

61. You try to connect via SSH to a newly created Amazon EC2 instance and get one of the following error messages: “Network error: Connection timed out” or “Error connecting to instance], reason: -> Connection timed out: connect,” You have confirmed that the network and security group rules are configured correctly and the instance is passing status checks. What steps should you take to identify the source of the behavior? Choose 2 answers

  1. Verify that the private key file corresponds to the Amazon EC2 key pair assigned at launch.
  2. Verify that your IAM user policy has permission to launch Amazon EC2 instances.
  3. Verify that you are connecting with the appropriate user name for your AMI.
  4. Verify that the Amazon EC2 Instance was launched with the proper IAM role.
  5. Verify that your federation trust to AWS has been established.

[showhide type=”q61″ more_text=”Answer is…” less_text=”Show less…”]
1. Verify that the private key file corresponds to the Amazon EC2 key pair assigned at launch. 

3. Verify that you are connecting with the appropriate user name for your AMI

[/showhide]