- (Exam Topic 1)
A user working in the Amazon EC2 console increased the size of an Amazon Elastic Block Store (Amazon EBS) volume attached to an Amazon EC2 Windows instance. The change is not reflected in the file system.
What should a SysOps administrator do to resolve this issue?

1. A. Extend the file system with operating system-level tools to use the new storage capacity.
2. B. Reattach the EBS volume to the EC2 instance.
3. C. Reboot the EC2 instance that is attached to the EBS volume.
4. D. Take a snapshot of the EBS volum
5. E. Replace the original volume with a volume that is created from the snapshot.

Correct Answer: B

- (Exam Topic 1)
A SysOps administrator is tasked with deploying a company's infrastructure as code. The SysOps administrator want to write a single template that can be reused for multiple environments.
How should the SysOps administrator use AWS CloudFormation to create a solution?

1. A. Use Amazon EC2 user data in a CloudFormation template
2. B. Use nested stacks to provision resources
3. C. Use parameters in a CloudFormation template
4. D. Use stack policies to provision resources

Correct Answer: C
Reuse templates to replicate stacks in multiple environments After you have your stacks and resources set up, you can reuse your templates to replicate your infrastructure in multiple environments. For example, you can create environments for development, testing, and production so that you can test changes before implementing them into production. To make templates reusable, use the parameters, mappings, and conditions sections so that you can customize your stacks when you create them. For example, for your development environments, you can specify a lower-cost instance type compared to your production environment, but all other configurations and settings remain the same. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html#reuse

- (Exam Topic 1)
A company monitors its account activity using AWS CloudTrail. and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket.
Moving forward, how can the SysOps administrator confirm that the log files have not been modified after being delivered to the S3 bucket?

1. A. Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
2. B. Enable log file integrity validation and use digest files to verify the hash value of the log file.
3. C. Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.
4. D. Enable S3 server access logging to track requests made to the log bucket for security audits.

Correct Answer: B
When you enable log file integrity validation, CloudTrail creates a hash for every log file that it delivers. Every hour, CloudTrail also creates and delivers a file that references the log files for the last hour and contains a hash of each. This file is called a digest file. CloudTrail signs each digest file using the private key of a public and private key pair. After delivery, you can use the public key to validate the digest file. CloudTrail uses different key pairs for each AWS region
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html

- (Exam Topic 1)
A company is expanding its fleet of Amazon EC2 instances before an expected increase of traffic. When a SysOps administrator attempts to add more instances, an InstanceLimitExceeded error is returned.
What should the SysOps administrator do to resolve this error?

1. A. Add an additional CIDR block to the VPC.
2. B. Launch the EC2 instances in a different Availability Zone.
3. C. Launch new EC2 instances in another VPC.
4. D. Use Service Quotas to request an EC2 quota increase.

Correct Answer: D

- (Exam Topic 1)
A SysOps administrator notices a scale-up event for an Amazon EC2 Auto Scaling group Amazon CloudWatch shows a spike in the RequestCount metric for the associated Application Load Balancer The administrator would like to know the IP addresses for the source of the requests
Where can the administrator find this information?

1. A. Auto Scaling logs
2. B. AWS CloudTrail logs
3. C. EC2 instance logs
4. D. Elastic Load Balancer access logs

Correct Answer: D
Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the time the request was received, the client's IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and troubleshoot issues.
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html