2. Question1
How can you share an encrypted snapshot with another AWS
account?
A. Make the snapshot public so the other accounts will access it
B. Send your CMK keys to the other AWS accounts so they can access your
snapshot
C. Ensure it is not encrypted with your default CMK keys, mark the
snapshot as private, and then enter the other AWS accounts, and give
them permissions to the encryption key used
D. You can’t share your own encrypted snapshots, you have to convert it to
un-encrypted first before sharing
Ans: C
3. Question2
You have an EBS volume attached to an instance in one AZ
and you need to move it to a new availability zone in the same
region, how can you achieve this?
A. Detach the volume from the EC2 instance and re-attach it to the
new EC2 instance in the new AZ
B. You can not migrate EBS volumes between AZs, you need to
store your data objects on S3 and create a new EBS volume in
the new AZ, then restore data from S3
C. Create a snapshot of the volume, and use that snapshot to
create a new volume in the new AZ
D. Using AWS console, drag and drop the EBS volume to the new
EC2 instance in the other AZ
Ans: C
4. Question3
You want to use the EBS volume you have in region A, in
another region B, how can you migrate the volume to another
region ?
A. Create a snapshot of the volume and use it to create a new volume in
the new region
B. Create a snapshot of the volume, copy the snapshot and specify the
new region during the copy process, create a new volume from the
copied snapshot in the new region
C. You can not move EBS volumes between regions
D. Create a snapshot of the EBS volume and make it public that all
regions can use it
Ans: B
5. Question4
EBS encryption is
A. Enabled by default on all EBS volumes
B. Supported on all EC2 instance types
C. Supported on all EBS volumes types
D. Supported only by EBS snapshots
Ans: C
6. Question5
You have an EBS volume that is the root volume of an EC2
instance, and you want to take a snapshot, how can you do
this while ensuring consistency between EBS volume and
snapshots?
A. You can take the snapshot while the EC2 instance is running
B. You must stop the instance, then take the snapshot
C. You can’t take a snapshot of a EBS that is an EC2 instance boot
volume
D. AWS will automatically take these snapshots during
maintenance windows
Ans: B
7. Question6
In a client meeting, as the AWS SME, the client had questions
about EBS snapshots characteristics, which of the below is
true regarding EBS snapshots: (Choose 5)
A. They occur synchronously
B. Snapshots of Encrypted volumes are also encrypted
C. Volumes created from encrypted snapshots are also encrypted
D. Volumes created from encrypted snapshots are unencrypted
E. Encrypted snapshots are AZ specific
F. Encrypted snapshots are Region specific
G. They occur asynchronously
H. They are differential
I. They are incremental
Ans: B,C,F,G,I
8. Question7
How can you ensure that your EBS volumes created during an
EC2 instance launch are still available when the respective EC2
instances are terminated?
A. Change the “DeleteOnTermination” attribute of the EBS volume
to false while launching the instance
B. EBS volume automatically persists after the EC2 instance is
terminated
C. You can not keep the EBS volume after the EC2 instance is
terminated
D. Select the detach EBS volumes option when terminating the
instance
Ans: A
9. Question8
Your AWS infrastructure has an EC2 instance that has a non-root EBS
volume.The volume stores company confidential information, and you
were asked to ensure the data is protected.
How can you encrypt this confidential information on this EBS volume?
(Choose 2)
A. Through AWS console, change the encryption parameter setting of the volume
B. You can not protect this information on the volume since it is not an encrypted
volume
C. Create a new encrypted EBS volume and mount it to the same EC2 instance,
move(copy) the data to the new volume
D. Take a snapshot of the EBS volume, and use the snapshot to create a new EBS
volume and attach it to the EC2 instance
E. Create a snapshot of the EBS volume, copy the snapshot and choose encryption
while copying, use the encrypted snapshot copy to create a new EBS volume
and mount it to the EC2 instance
Ans: C, E
10. Question9
How can you share an encrypted snapshot with another AWS
account?
A. Make the snapshot public so the other accounts will access it
B. Send your CMK keys to the other AWS accounts so they can access
your snapshot
C. Ensure it is not encrypted with your default CMK keys, mark the
snapshot as private, and then enter the other AWS accounts, and give
them permissions to the encryption key used
D. You can’t share your own encrypted snapshots, you have to convert it
to un-encrypted first before sharing
Ans: C
11. Question 10
How can you ensure the EBS volume data is secured when
creating a snapshot which will be saved on S3?
A. EBS snapshots stored on S3 are always encrypted
B. Use of encrypted volumes ensures that any snapshots created
will be encrypted too
C. Request encryption of the snapshot while you create it
D. S3 has Server Side Encryption and it will take care of this
Ans: B
12. Question 11
Your EBS volume snapshots are stored in S3, and you can
access them through:
A. Browsing your account S3 bucket created for EBS snapshots
B. Through EC2 APIs
C. You can only view them when you are creating a new volume
D. You can not access them except through contacting AWS
support
Ans: B
13. Question 12
EBS volume snapshots are: (Choose 2)
A. Created and updated asynchronously
B. Created and updated synchronously
C. Are differential
D. Are incremental
Ans: A,D
14. Question 13
How can you achieve EBS volume data encryption at rest?
(Choose 4)
A. Use native OS encryption drivers
B. Snapshot the data and encrypt it on S3 using SSE
C. Use SSL between your EC2 instance and EBS volume
D. Use encrypted EBS volumes
E. Use 3rd party encryption tools that can encrypt EBS volumes
F. Use encrypted file system on top of your EBS volume
Ans: A,D,E,F
15. Question 14
Can you access an EBS volume during the process of creating a
snapshot?
A. Yes, you can
B. No, you can’t
C. Yes, you can if the EBS volume is configured to do so.
D. EBS volume snapshot can not be accessed
Ans: A
16. Question 15
Can an EBS snapshot be used to create a smaller size EBS
volume than the one used to create the snapshot?
A. No
B. Yes
C. Only if data is encrypted
D. You can’t create an EBS volume from another volume’s snapshot
Ans: A
17. Question 16
An encrypted EBS volumes’ actual data encryption process
happens
A. On S3
B. On the EBS volume itself
C. On the EC2 instance
D. EBS volumes can not be encrypted
Ans: C
18. Question 17
You are trying to explain to your junior AWS Sysadmin the
difference between an EC2 instance – EBS backed, and EC2 instance
– Instance-Store backed, what of the below would be helpful to
explain this? (Choose 3)
A. For an EBS-backed EC2 instance, the instance can be stopped,
restarted, rebooted
B. For Instance-store backed EC2 instance, the instance can be stopped
and restarted
C. For EBS volumes on EC2 instance, the data persists when the instance
is stopped or rebooted
D. For Instance-store volumes (non boot) on EC2 instance, the data
persists when the instance is stopped
E. For Instance-store backed EC2 instance, the instance can not be
stopped
Ans: A,C,E
19. Question 18
Your manager requested you to take a snapshot of a non-root
EBS volume that contains sensitive corporate data, the
required is to take the most accurate (consistent) snapshot of
that EBS volume without disrupting the instance operation,
what is the best way to achieve this?
A. Take the snapshot while the EBS volume is attached and
instance is running
B. Stop the instance and take the snapshot
C. You can’t take a snapshot for a non-root EBS volume
D. Un-mount the EBS volume, take the snapshot, then re-mount it
again
Ans: D
20. Question 19
Your manager requested you to take a snapshot of a root EBS
volume of an EC2 instance.The required is to take a complete
snapshot of that EBS volume, what is the best way to achieve
this?
A. Take the snapshot while the EBS volume is attached and
instance is running
B. Stop the instance and take the snapshot
C. You can’t take a snapshot for a root EBS volume
D. Un-mount the EBS volume, take the snapshot, then re-mount it
again
Ans: B
21. Question 20
Which of the below is true regarding copying snapshots?
(Choose 2)
A. When you copy an unencrypted snapshot that you own,
you can encrypt it during the copy process.
B. You can not copy an encrypted snapshot for security
reasons
C. When you copy an encrypted snapshot that you own, you
can re-encrypt it with a different key during the copy
process.
D. You can not re-encrypt an already encrypted snapshot
Ans: A,C
22. Question 21
Your manager requested that you must ensure data
encryption in transit between EC2 instances and EBS volumes
you are about to create. If the EC2 instance family/type used
supports EBS encryption, what can you do to achieve this?
A. Select EC2 instances that support EBS volume encryption, and
encrypt the non-root EBS volumes
B. Use HTTPs/SSL as the protocol between EC2 instance and their
attached EBS volumes
C. You can not ensure data in-transit between EC2 and EBS
volumes is encrypted
D. All EC2 to EBS communication is encrypted by default
Ans: A
23. Question 22
What is the minimum number of snapshots of an EBS volume
you need to maintain to guarantee low cost, and ability to
create a complete volume of that snapshot?
A. One snapshot every 5 minutes
B. Any single snapshot will do, since the changes are incremental
C. Two snapshots, most recent and very first one
D. Only the latest one, it is incremental and complete. Older
snapshots can be archived or deleted
Ans: D
24. Question 23
You have data on an encrypted EBS volume that you want to
share, how can you achieve this?
A. You can not share encrypted snapshots
B. Mark the snapshot as public, this will make it widely available
C. You can mark the snapshot as private, then enter the AWS
accounts with which you want to share it, and give these
accounts permissions to the key used to encrypt the snapshot
D. You have to create a copy of the data and then share it
Ans: C
25. Sharing Encrypted volumes/snapshots
Ê You cannot change the encryption key(CMK) used to encrypt an
existing encrypted snapshot or encrypted EBS volume
Ê If you want to change the key, create a copy of the snapshot and specify
during the copy process that you want to re-encrypt the copy with a
different key
Ê You can share your encrypted snapshots with specific AWS accounts
as follows
Ê Make sure you use a custom CMK key to encrypt the snapshot, not the
default CMK key(AWS will not allow sharing if default key is used)
Ê Give the account(s) which you want to share the snapshot with, access to
the custom CMK used to encrypt the snapshot
Ê Mark the snapshot private, then enter the AWS accounts with which you
want to share the snapshot
26. Question 24
You have an encrypted snapshot that was shared with you from
another AWS account.You want to use this snapshot to create a
new EBS volume under your account.
Which of the below statements is the right next step you must do
before you can create EBS volumes from the shared snapshot?
A. Create an EBS volume from the shared snapshot directly
B. Store the CMK keys used to encrypt the original snapshot for future
encryption
C. Unencrypt the snapshot then create the volume from the unencrypted
snapshot
D. First you must create a copy of the shared snapshot, then you can
create the EBS volume from the copy
Ans: D
27. Sharing of Encrypted Snapshots
Ê You must first create a copy of the encrypted snapshot from other
accounts before you can use it to create / restore EBS volumes
Ê You can choose the re-encrypt it during the copy process using
one of your own CMK keys to have full control over it
Ê This protects your copy in case the original account , that shared this
snapshot with you, revokes your access to the key used to encrypt
the original snapshot.
28. Question 25
An AWS account “A” shared an encrypted snapshot with AWS account “B”.
The owner of AWS account “B” created a copy of it, then created an EBS
volume off that copy. Later, the owner of AWS account “A” revoked AWS
account “B”’s rights on the CMK encryption key of the originally shared
snapshot.
Would AWS account “B”’s access to the created EBS volume off of the
shared snapshot copy be impacted? Why?
A. No, since a copy is already created and the volume is under the new account
B. No, the access to the shared snapshot will be impacted, but not the EBS volume
created
C. Yes, EBS volume data will be unencrypted since access to the CMK key used to
encrypt the shared snapshot is lost
D. Yes, EBS volume access will be denied, since the permissions over the CMK key
used to encrypt the shared snapshot is now revoked, which is still the key used
to encrypt the created EBS volume
Ans: D
29. Question 26
You have an encrypted snapshot that is shared from another AWS
account.You are trying to copy the snapshot and then use the copy
to create an EBS volume, but for some reason the copy process does
not happen, what could be a reason for this?
A. You can not have an encrypted shared snapshot
B. You may not have access to the Custom CMK key used to encrypt the
shared snapshot, check with the sharing AWS account owner
C. There is a problem with your default CMK encryption key
D. Log out and log in again to AWS console and try again
Ans: B
30. Question 27
Which of the below options would give the highest IOPS for
your data that does not need to be persistent?
A. Use optimized EC2 instances
B. Use the instance’s local (ephemeral) storage allocated on the
local host
C. Use S3 RRS
D. Use magnetic HDD
Ans: B
31. Question 28
You need to increase the write throughput for your EC2
instances’ EBS volumes, which of the below can help you
achieve this? (Choose 3)
A. Use the XLarge instance size of your instance family
B. Always use DynamoDB as it can provide a higher I/O
C. Use provisioned IOPS EBS volumes
D. Use EBS optimized instances
E. Use a RAID array of your EBS volumes
Ans: C,D,E
32. Question 29
You launched an instance-store backed EC2 instance, and now
you need to add an additional Instance store volume, how can
you achieve this?
A. Create the instance-store volume on the EC2 host and attach it
to the EC2 instance
B. Instance store volumes can be added only while launching the
instance, and can’t be added after the EC2 instance is created
C. Add an EBS volume and check the Instance-store box to enable
instance store features
D. You can not have an EC2 instance with Instance store
Ans: B
33. Question 30
What are the data block stores available and can be attached/
used by an Amazon EC2? (Choose 2)
A. Elastic Block Store (EBS)
B. Instance Store
C. S3
D. S3-IA
Ans: A,B