- (Exam Topic 1)
A company is using Amazon CloudFront to serve static content for its web application to its users. The CloudFront distribution uses an existing on-premises website as a custom origin.
The company requires the use of TLS between CloudFront and the origin server. This configuration has worked as expected for several months. However, users are now experiencing HTTP 502 (Bad Gateway) errors when they view webpages that include content from the CloudFront distribution.
What should a SysOps administrator do to resolve this problem?

1. A. Examine the expiration date on the certificate on the origin sit
2. B. Validate that the certificate has not expire
3. C. Replace the certificate if necessary.
4. D. Examine the hostname on the certificate on the origin sit
5. E. Validate that the hostname matches one of the hostnames on the CloudFront distributio
6. F. Replace the certificate if necessary.
7. G. Examine the firewall rules that are associated with the origin serve
8. H. Validate that port 443 is open for inbound traffic from the interne
9. I. Create an inbound rule if necessary.
10. J. Examine the network ACL rules that are associated with the CloudFront distributio
11. K. Validate that port 443 is open for outbound traffic to the origin serve
12. L. Create an outbound rule if necessary.

Correct Answer: A
HTTP 502 errors from CloudFront can occur because of the following reasons:
There's an SSL negotiation failure because the origin is using SSL/TLS protocols and ciphers that aren't supported by CloudFront.
There's an SSL negotiation failure because the SSL certificate on the origin is expired or invalid, or because the certificate chain is invalid.
There's a host header mismatch in the SSL negotiation between your CloudFront distribution and the custom origin.
The custom origin isn't responding on the ports specified in the origin settings of the CloudFront distribution. The custom origin is ending the connection to CloudFront too quickly.
https://aws.amazon.com/premiumsupport/knowledge-center/resolve-cloudfront-connection-error/

- (Exam Topic 1)
A company runs a web application on three Amazon EC2 instances behind an Application Load Balancer (ALB). The company notices that random periods of increased traffic cause a degradation in the application's performance. A SysOps administrator must scale the application to meet the increased traffic. Which solution meets these requirements?

1. A. Create an Amazon CloudWatch alarm to monitor application latency and increase the size of each EC2 instance if the desired threshold is reached.
2. B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to monitor application latency and add an EC2 instance to the ALB if the desired threshold is reached.
3. C. Deploy the application to an Auto Scaling group of EC2 instances with a target tracking scaling policy.Attach the ALB to the Auto Scaling group.
4. D. Deploy the application to an Auto Scaling group of EC2 instances with a scheduled scaling policy.Attach the ALB to the Auto Scaling group.

Correct Answer: C

- (Exam Topic 1)
A company is testing Amazon Elasticsearch Service (Amazon ES) as a solution for analyzing system logs from a fleet of Amazon EC2 instances. During the test phase, the domain operates on a single-node cluster. A SysOps administrator needs to transition the test domain into a highly available production-grade deployment.
Which Amazon ES configuration should the SysOps administrator use to meet this requirement?

1. A. Use a cluster of four data nodes across two AWS Region
2. B. Deploy four dedicated master nodes in each Region.
3. C. Use a cluster of six data nodes across three Availability Zone
4. D. Use three dedicated master nodes.
5. E. Use a cluster of six data nodes across three Availability Zone
6. F. Use six dedicated master nodes.
7. G. Use a cluster of eight data nodes across two Availability Zone
8. H. Deploy four master nodes in a failover AWS Region.

Correct Answer: B

- (Exam Topic 1)
A company is migrating its production file server to AWS. All data that is stored on the file server must remain accessible if an Availability Zone becomes unavailable or when system maintenance is performed. Users must be able to interact with the file server through the SMB protocol. Users also must have the ability to manage file permissions by using Windows ACLs.
Which solution will net these requirements?

1. A. Create a single AWS Storage Gateway file gateway.
2. B. Create an Amazon FSx for Windows File Server Multi-AZ file system.
3. C. Deploy two AWS Storage Gateway file gateways across two Availability Zone
4. D. Configure an Application Load Balancer in front of the file gateways.
5. E. Deploy two Amazon FSx for Windows File Server Single-AZ 2 file system
6. F. Configure Microsoft Distributed File System Replication (DFSR).

Correct Answer: B
https://aws.amazon.com/fsx/windows/

- (Exam Topic 1)
A company runs its entire suite of applications on Amazon EC2 instances. The company plans to move the applications to containers and AWS Fargate. Within 6 months, the company plans to retire its EC2 instances and use only Fargate. The company has been able to estimate its future Fargate costs.
A SysOps administrator needs to choose a purchasing option to help the company minimize costs. The SysOps administrator must maximize any discounts that are available and must ensure that there are no unused reservations.
Which purchasing option will meet these requirements?

1. A. Compute Savings Plans for 1 year with the No Upfront payment option
2. B. Compute Savings Plans for 1 year with the Partial Upfront payment option
3. C. EC2 Instance Savings Plans for 1 year with the All Upfront payment option
4. D. EC2 Reserved Instances for 1 year with the Partial Upfront payment option

Correct Answer: C