A DevOps engineer manages a company's Amazon Elastic Container Service (Amazon ECS) cluster. The cluster runs on several Amazon EC2 instances that are in an Auto Scaling group. The DevOps
engineer must implement a solution that logs and reviews all stopped tasks for errors. Which solution will meet these requirements?

1. A. Create an Amazon EventBridge rule to capture task state change
2. B. Send the event to Amazon CloudWatch Log
3. C. Use CloudWatch Logs Insights to investigate stopped tasks.
4. D. Configure tasks to write log data in the embedded metric forma
5. E. Store the logs in Amazon CloudWatch Log
6. F. Monitor the ContainerInstanceCount metric for changes.
7. G. Configure the EC2 instances to store logs in Amazon CloudWatch Log
8. H. Create a CloudWatch Contributor Insights rule that uses the EC2 instance log dat
9. I. Use the Contributor Insights rule to investigate stopped tasks.
10. J. Configure an EC2 Auto Scaling lifecycle hook for the EC2_INSTANCE_TERMINATING scale-in even
11. K. Write the SystemEventLog file to Amazon S3. Use Amazon Athena to query the log file for errors.

Correct Answer: A
The best solution to log and review all stopped tasks for errors is to use Amazon EventBridge and Amazon CloudWatch Logs. Amazon EventBridge allows the DevOps engineer to create a rule that matches task state change events from Amazon ECS. The rule can then send the event data to Amazon CloudWatch Logs as the target. Amazon CloudWatch Logs can store and monitor the log data, and also provide CloudWatch Logs Insights, a feature that enables the DevOps engineer to interactively search and analyze the log data. Using CloudWatch Logs Insights, the DevOps engineer can filter and aggregate the log data based on various fields, such as cluster, task, container, and reason. This way, the DevOps engineer can easily identify and investigate the stopped tasks and their errors.
The other options are not as effective or efficient as the solution in option A. Option B is not suitable because the embedded metric format is designed for custom metrics, not for logging task state changes. Option C is not feasible because the EC2 instances do not store the task state change events in their logs. Option D is not relevant because the EC2_INSTANCE_TERMINATING lifecycle hook is triggered when an EC2 instance is terminated by the Auto Scaling group, not when a task is stopped by Amazon ECS. References:
✑ : Creating a CloudWatch Events Rule That Triggers on an Event - Amazon Elastic
Container Service
✑ : Sending and Receiving Events Between AWS Accounts - Amazon EventBridge
✑ : Working with Log Data - Amazon CloudWatch Logs
✑ : Analyzing Log Data with CloudWatch Logs Insights - Amazon CloudWatch Logs
✑ : Embedded Metric Format - Amazon CloudWatch
✑ : Amazon EC2 Auto Scaling Lifecycle Hooks - Amazon EC2 Auto Scaling

A company uses AWS Key Management Service (AWS KMS) keys and manual key rotation to meet regulatory compliance requirements. The security team wants to be notified when any keys have not been rotated after 90 days.
Which solution will accomplish this?

1. A. Configure AWS KMS to publish to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old.
2. B. Configure an Amazon EventBridge event to launch an AWS Lambda function to call the AWS Trusted Advisor API and publish to an Amazon Simple Notification Service (Amazon SNS) topic.
3. C. Develop an AWS Config custom rule that publishes to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old.
4. D. Configure AWS Security Hub to publish to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old.

Correct Answer: C
https://aws.amazon.com/blogs/security/how-to-use-aws-config-to-determine-compliance-of-aws-kms-key-policies-to-your-specifications/

A company's DevOps engineer is creating an AWS Lambda function to process notifications from an Amazon Simple Notification Service (Amazon SNS) topic. The Lambda function will process the notification messages and will write the contents of the notification messages to an Amazon RDS Multi-AZ DB instance.
During testing a database administrator accidentally shut down the DB instance. While the database was down the company lost several of the SNS notification messages that were delivered during that time.
The DevOps engineer needs to prevent the loss of notification messages in the future Which solutions will meet this requirement? (Select TWO.)

1. A. Replace the RDS Multi-AZ DB instance with an Amazon DynamoDB table.
2. B. Configure an Amazon Simple Queue Service (Amazon SQS) queue as a destination of the Lambda function.
3. C. Configure an Amazon Simple Queue Service (Amazon SQS> dead-letter queue for the SNS topic.
4. D. Subscribe an Amazon Simple Queue Service (Amazon SQS) queue to the SNS topic Configure the Lambda function to process messages from the SQS queue.
5. E. Replace the SNS topic with an Amazon EventBridge event bus Configure an EventBridge rule on the new event bus to invoke the Lambda function for each event.

Correct Answer: CD
These solutions will meet the requirement because they will prevent the loss of notification messages in the future. An Amazon SQS queue is a service that provides a reliable, scalable, and secure message queue for asynchronous communication between distributed components. You can use an SQS queue to buffer messages from an SNS topic and ensure that they are delivered and processed by a Lambda function, even if the function or the database is temporarily unavailable.
Option C will configure an SQS dead-letter queue for the SNS topic. A dead-letter queue is a queue that receives messages that could not be delivered to any subscriber after a specified number of retries. You can use a dead-letter queue to store and analyze failed messages, or to reprocess them later. This way, you can avoid losing messages that could not be delivered to the Lambda function due to network errors, throttling, or other issues. Option D will subscribe an SQS queue to the SNS topic and configure the Lambda function to process messages from the SQS queue. This will decouple the SNS topic from the Lambda function and provide more flexibility and control over the message delivery and processing. You can use an SQS queue to store messages from the SNS topic until they are ready to be processed by the Lambda function, and also to retry processing in case of failures. This way, you can avoid losing messages that could not be processed by the Lambda function due to database errors, timeouts, or other issues.

A highly regulated company has a policy that DevOps engineers should not log in to their Amazon EC2 instances except in emergencies. It a DevOps engineer does log in the security team must be notified within 15 minutes of the occurrence.
Which solution will meet these requirements'?

1. A. Install the Amazon Inspector agent on each EC2 instance Subscribe to Amazon EventBridge notifications Invoke an AWS Lambda function to check if a message is about user logins If it is send a notification to the security team using Amazon SNS.
2. B. Install the Amazon CloudWatch agent on each EC2 instance Configure the agent to push all logs to Amazon CloudWatch Logs and set up a CloudWatch metric filter that searches for user login
3. C. If a login is found send a notification to the security team using Amazon SNS.
4. D. Set up AWS CloudTrail with Amazon CloudWatch Log
5. E. Subscribe CloudWatch Logs to Amazon Kinesis Attach AWS Lambda to Kinesis to parse and determine if a log contains a user login If it does, send a notification to the security team using Amazon SNS.
6. F. Set up a script on each Amazon EC2 instance to push all logs to Amazon S3 Set up an S3 event to invoke an AWS Lambda function which invokes an Amazon Athena query to ru
7. G. The Athena query checks tor logins and sends the output to the security team using Amazon SNS.

Correct Answer: B
https://aws.amazon.com/blogs/security/how-to-monitor-and-visualize-failed-ssh-access-attempts-to-amazon-ec2-linux-instances/

A company's application uses a fleet of Amazon EC2 On-Demand Instances to analyze and process data. The EC2 instances are in an Auto Scaling group. The Auto Scaling group is a target group for an Application Load Balancer (ALB). The application analyzes critical data that cannot tolerate interruption. The application also analyzes noncritical data that can withstand interruption.
The critical data analysis requires quick scalability in response to real-time application demand. The noncritical data analysis involves memory consumption. A DevOps engineer must implement a solution that reduces scale-out latency for the critical data. The solution also must process the noncritical data.
Which combination of steps will meet these requirements? (Select TWO.)

1. A. For the critical data, modify the existing Auto Scaling grou
2. B. Create a warm pool instance in the stopped stat
3. C. Define the warm pool siz
4. D. Create a new version of the launch template that has detailed monitoring enable
5. E. use Spot Instances.
6. F. For the critical data, modify the existing Auto Scaling grou
7. G. Create a warm pool instance in the stopped stat
8. H. Define the warm pool siz
9. I. Create a new version of the launch template that has detailed monitoring enable
10. J. Use On-Demand Instances.
11. K. For the critical dat
12. L. modify the existing Auto Scaling grou
13. M. Create a lifecycle hook to ensure that bootstrap scripts are completed successfull
14. N. Ensure that the application on the instances is ready to accept traffic before the instances are registere
15. O. Create a new version of the launch template that has detailed monitoring enabled.
16. P. For the noncritical data, create a second Auto Scaling group that uses a launch templat
17. Q. Configure the launch template to install the unified Amazon CloudWatch agent and to configure the CloudWatch agent with a custom memory utilization metri
18. R. Use Spot Instance
19. S. Add the new Auto Scaling group as the target group for the AL
20. T. Modify the application to use two target groups for critical data and noncritical data.
21. . For the noncritical data, create a second Auto Scaling grou
22. . Choose the predefined memory utilization metric type for the target tracking scaling polic
23. . Use Spot Instance
24. . Add the new Auto Scaling group as the target group for the AL
25. . Modify the application to use two target groups for critical data and noncritical data.

Correct Answer: BD
✑ For the critical data, using a warm pool1 can reduce the scale-out latency by having pre-initialized EC2 instances ready to serve the application traffic. Using On-Demand Instances can ensure that the instances are always available and not interrupted by Spot interruptions2.
✑ For the noncritical data, using a second Auto Scaling group with Spot Instances can reduce the cost and leverage the unused capacity of EC23. Using a launch template with the CloudWatch agent4 can enable the collection of memory utilization metrics, which can be used to scale the group based on the memory
demand. Adding the second group as a target group for the ALB and modifying the application to use two target groups can enable routing the traffic based on the data type.
References: 1: Warm pools for Amazon EC2 Auto Scaling 2: Amazon EC2 On-Demand Capacity Reservations 3: Amazon EC2 Spot Instances 4: Metrics collected by the CloudWatch agent