Browse all 20 free AWS Certified CloudOps Engineer - Associate practice questions below.
A SysOps administrator notices that an EC2 instance is experiencing high CPU utilization. Which CloudWatch metric should be monitored to investigate this issue?
- NetworkIn
- StatusCheckFailed
- DiskReadBytes
- CPUUtilization
An organization wants to automatically terminate unhealthy EC2 instances in an Auto Scaling group. Which feature should they configure?
- EC2 Auto Scaling health checks with ELB health checks enabled
- CloudWatch Logs only
- S3 lifecycle policies
- AWS Config rules
A company needs to deploy a consistent infrastructure across multiple AWS accounts and regions. Which AWS service should they use?
- AWS CloudFormation StackSets
- AWS Systems Manager Patch Manager
- AWS Config
- Amazon EC2 Image Builder
Which of the following are valid scaling policies for EC2 Auto Scaling? (Select TWO)
- Target tracking scaling policy
- Lambda scaling policy
- Step scaling policy
- Database scaling policy
A company wants to restrict IAM users from launching EC2 instances larger than t3.large. Which approach should they use?
- CloudWatch alarms
- Security group rules
- VPC flow logs
- IAM policy with a condition key restricting ec2:InstanceType
A CloudOps engineer needs to collect custom application metrics from EC2 instances and visualize them in CloudWatch dashboards. Which approach is MOST efficient?
- Store metrics in DynamoDB
- Write metrics to S3 and use Athena to query them
- Use CloudFront to distribute metrics
- Install the CloudWatch agent and configure it to publish custom metrics using StatsD or collectd protocols
An application is logging errors to CloudWatch Logs. The operations team wants to be notified when a specific error pattern appears more than 10 times in 5 minutes. Which solution should they implement?
- Use VPC Flow Logs
- Create a CloudWatch Logs metric filter and set up a CloudWatch alarm with SNS notification
- Configure CloudTrail data events
- Enable S3 event notifications
A company uses EventBridge to trigger Lambda functions for automated remediation. They need to ensure that failed remediation attempts are captured for analysis. What should they configure?
- Configure a dead-letter queue (DLQ) for the EventBridge rule
- Enable CloudFront access logs
- Modify the VPC route table
- Create an S3 bucket policy
Which of the following can be used to automatically remediate non-compliant resources detected by AWS Config? (Select TWO)
- S3 lifecycle policies
- CloudFront distributions
- EventBridge rules with Lambda function targets
- Systems Manager Automation documents
A CloudOps engineer needs to identify which AWS resources are generating the most CloudWatch Logs data to optimize costs. Which tool should they use?
- AWS Artifact
- CloudWatch Logs Insights with IncomingBytes metric analysis
- VPC Flow Logs
- CloudFront reports
A company has mission-critical EC2 instances running in a single Availability Zone. Management requires that the instances maintain high availability with automatic failover capabilities. What is the MOST cost-effective solution to meet this requirement?
- Deploy identical instances in another Region and use Route 53 failover routing
- Deploy the instances in an Auto Scaling group across multiple Availability Zones with a minimum capacity of the required instances
- Create AMIs of the instances and manually launch them in another AZ when failures occur
- Use EC2 Dedicated Hosts in multiple Availability Zones
A SysOps administrator needs to implement a backup strategy for Amazon RDS databases that meets a Recovery Point Objective (RPO) of 5 minutes. Which backup approach should be used?
- Use AWS Database Migration Service for continuous replication
- Enable RDS Multi-AZ deployment
- Enable automated backups with point-in-time recovery
- Create manual RDS snapshots every 5 minutes using EventBridge and Lambda
A company stores critical data in Amazon S3 and needs to protect against accidental deletions. They also need the ability to recover deleted objects for up to 90 days. Which combination of S3 features should be enabled? (Select TWO)
- Configure a lifecycle rule to permanently delete noncurrent versions after 90 days
- Enable S3 Object Lock in governance mode
- Enable S3 Versioning on the bucket
- Enable Cross-Region Replication to another bucket
- Enable MFA Delete on the bucket
A company operates a multi-tier web application in AWS. The operations team needs to be automatically notified when any EC2 instance in the production environment becomes unhealthy. What is the MOST efficient way to implement this monitoring?
- Install a third-party monitoring agent on each instance to report health status
- Configure CloudWatch alarms on the StatusCheckFailed metric for each EC2 instance with SNS notification actions
- Create Route 53 health checks for each instance endpoint and configure CloudWatch alarms on the health check metrics to send SNS notifications
- Create a Lambda function that polls the EC2 DescribeInstanceStatus API every minute
A company needs to implement disaster recovery for their primary RDS MySQL database in us-east-1. The Recovery Time Objective (RTO) is 1 hour and Recovery Point Objective (RPO) is 5 minutes. Which solution meets these requirements with MINIMAL operational overhead?
- Create an RDS cross-region read replica in us-west-2 and promote it to primary during a disaster
- Configure RDS Multi-AZ deployment with synchronous replication
- Enable automated backups and copy snapshots to us-west-2 hourly, then restore during a disaster
- Use AWS Database Migration Service with continuous replication to a standby RDS instance in us-west-2
A SysOps administrator is deploying a CloudFormation stack that creates an EC2 instance and an RDS database. The stack creation fails after the EC2 instance is created but before the RDS database completes. What happens to the EC2 instance by default?
- The stack is paused and waits for manual intervention
- The EC2 instance is stopped but not terminated to preserve data
- The EC2 instance is automatically terminated as part of the stack rollback
- The EC2 instance remains running and the stack status shows CREATE_FAILED
A company needs to deploy identical infrastructure across 50 AWS accounts in their organization. The deployment must be centrally managed and automatically updated when the template changes. Which AWS service should be used?
- CloudFormation StackSets with service-managed permissions
- Use AWS Service Catalog to share a CloudFormation product
- Create a Lambda function that deploys stacks to each account
- Create CloudFormation stacks individually in each account
A development team uses Elastic Beanstalk to deploy their application. They need to ensure that during deployments, the application maintains full capacity and no requests are lost. Which deployment policy should they use?
- Immutable deployment
- Rolling deployment
- All at once deployment
- Rolling with additional batch
A company uses CodeDeploy to deploy applications to EC2 instances. They want to automatically roll back deployments if the deployment causes more than 10% of instances to fail health checks. How should they configure this?
- Configure the CodeDeploy agent to monitor health and trigger rollback
- Set the minimum healthy hosts percentage to 90% in the deployment configuration
- Enable deployment failure handling in the appspec.yml file
- Configure a deployment group with automatic rollback enabled and set alarm-based rollback with CloudWatch alarms monitoring instance health
A company wants to standardize their EC2 instance launches using a configuration that includes the AMI, instance type, security groups, and user data. They need to version these configurations and use them with Auto Scaling. What should they use?
- Launch Configurations
- EC2 Image Builder recipes
- Launch Templates
- CloudFormation templates
