- (Exam Topic 1)
A SysOos administrator s tasked with analyzing database performance. The database runs on a single Amazon RDS D6 instance. The SysOps administrator finds that, during times of peak traffic, resources on the database are over utilized due to the amount of read traffic.
Which actions should the SysOps administrator take to improve RDS performance? (Select TWO.)

1. A. Add a read replica.
2. B. Modify the application to use Amazon ElastiCache for Memcached.
3. C. Migrate the database from RDS to Amazon DynamoDB.
4. D. Migrate the database to Amazon EC2 with enhanced networking enabled
5. E. Upgrade the database to a Multi-AZ deployment.

Correct Answer: AB

- (Exam Topic 1)
A company has multiple Amazon EC2 instances that run a resource-intensive application in a development environment. A SysOps administrator is implementing a solution to stop these EC2 instances when they are not in use.
Which solution will meet this requirement?

1. A. Assess AWS CloudTrail logs to verify that there is no EC2 API activit
2. B. Invoke an AWS Lambda function to stop the EC2 instances.
3. C. Create an Amazon CloudWatch alarm to stop the EC2 instances when the average CPU utilization is lower than 5% for a 30-minute period.
4. D. Create an Amazon CloudWatch metric to stop the EC2 instances when the VolumeReadBytes metric is lower than 500 for a 30-minute period.
5. E. Use AWS Config to invoke an AWS Lambda function to stop the EC2 instances based on resource configuration changes.

Correct Answer: B
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/UsingAlarmActions.html#AddingStopActi

- (Exam Topic 1)
A company needs to automatically monitor an AWS account for potential unauthorized AWS Management Console logins from multiple geographic locations.
Which solution will meet this requirement?

1. A. Configure Amazon Cognito to detect any compromised 1AM credentials.
2. B. Set up Amazon Inspecto
3. C. Scan and monitor resources for unauthorized logins.
4. D. Set up AWS Confi
5. E. Add the iam-policy-blacklisted-check managed rule to the account.
6. F. Configure Amazon GuardDuty to monitor the UnauthorizedAccess:IAMUser/ConsoleLoginSuccess finding.

Correct Answer: D

- (Exam Topic 1)
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of
fs-85ba4Kc. and it is actively used by 10 Amazon EC2 hosts The organization has become concerned that the file system is not encrypted
How can this be resolved?

1. A. Enable encryption on each host's connection to the Amazon EFS volume Each connection must be recreated for encryption to take effect
2. B. Enable encryption on the existing EFS volume by using the AWS Command Line Interface
3. C. Enable encryption on each host's local drive Restart each host to encrypt the drive
4. D. Enable encryption on a newly created volume and copy all data from the original volume Reconnect each host to the new volume

Correct Answer: D
https://docs.aws.amazon.com/efs/latest/ug/encryption.html
Amazon EFS supports two forms of encryption for file systems, encryption of data in transit and encryption at rest. You can enable encryption of data at rest when creating an Amazon EFS file system. You can enable encryption of data in transit when you mount the file system.

- (Exam Topic 2)
If your AWS Management Console browser does not show that you are logged in to an AWS account, close the browser and relaunch the
console by using the AWS Management Console shortcut from the VM desktop.
If the copy-paste functionality is not working in your environment, refer to the instructions file on the VM desktop and use Ctrl+C, Ctrl+V or Command-C , Command-V.
Configure Amazon EventBridge to meet the following requirements.
* 1. use the us-east-2 Region for all resources,
* 2. Unless specified below, use the default configuration settings.
* 3. Use your own resource naming unless a resource name is specified below.
* 4. Ensure all Amazon EC2 events in the default event bus are replayable for the past 90 days.
* 5. Create a rule named RunFunction to send the exact message every 1 5 minutes to an existing AWS Lambda function named LogEventFunction.
* 6. Create a rule named SpotWarning to send a notification to a new standard Amazon SNS topic named TopicEvents whenever an Amazon EC2
Spot Instance is interrupted. Do NOT create any topic subscriptions. The notification must match the following structure:

Input Path:
{“instance” : “$.detail.instance-id”}
Input template:
“ The EC2 Spot Instance has been on account.
Solution:
Here are the steps to configure Amazon EventBridge to meet the above requirements:
Log in to the AWS Management Console by using the AWS Management Console shortcut from the VM desktop. Make sure that you are logged in to the desired AWS account.
Go to the EventBridge service in the us-east-2 Region.
In the EventBridge service, navigate to the "Event buses" page.
Click on the "Create event bus" button.
Give a name to your event bus, and select "default" as the event source type.
Navigate to "Rules" page and create a new rule named "RunFunction"
In the "Event pattern" section, select "Schedule" as the event source and set the schedule to run every 15 minutes.
In the "Actions" section, select "Send to Lambda" and choose the existing AWS Lambda function named "LogEventFunction"
Create another rule named "SpotWarning"
In the "Event pattern" section, select "EC2" as the event source, and filter the events on "EC2 Spot Instance interruption"
In the "Actions" section, select "Send to SNS topic" and create a new standard Amazon SNS topic named "TopicEvents"
In the "Input Transformer" section, set the Input Path to {“instance” : “$.detail.instance-id”} and Input template to “The EC2 Spot Instance has been interrupted on account.
Now all Amazon EC2 events in the default event bus will be replayable for past 90 days. Note:
You can use the AWS Management Console, AWS CLI, or SDKs to create and manage EventBridge resources.
You can use CloudTrail event history to replay events from the past 90 days.
You can refer to the AWS EventBridge documentation for more information on how to configure and use the service: https://aws.amazon.com/eventbridge/

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A