- (Exam Topic 1)
A company has an internal web application that runs on Amazon EC2 instances behind an Application Load
Balancer. The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone. A SysOps administrator must make the application highly available.
Which action should the SysOps administrator take to meet this requirement?

1. A. Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
2. B. Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
3. C. Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.
4. D. Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.

Correct Answer: C

- (Exam Topic 1)
A company is migrating its production file server to AWS. All data that is stored on the file server must remain accessible if an Availability Zone becomes unavailable or when system maintenance is performed. Users must be able to interact with the file server through the SMB protocol. Users also must have the ability to manage file permissions by using Windows ACLs.
Which solution will net these requirements?

1. A. Create a single AWS Storage Gateway file gateway.
2. B. Create an Amazon FSx for Windows File Server Multi-AZ file system.
3. C. Deploy two AWS Storage Gateway file gateways across two Availability Zone
4. D. Configure an Application Load Balancer in front of the file gateways.
5. E. Deploy two Amazon FSx for Windows File Server Single-AZ 2 file system
6. F. Configure Microsoft Distributed File System Replication (DFSR).

Correct Answer: B
https://aws.amazon.com/fsx/windows/

- (Exam Topic 1)
A SysOps Administrator is managing a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group. The administrator wants to set an alarm for when all target instances associated with the ALB are unhealthy.
Which condition should be used with the alarm?

1. A. AWS/ApplicationELB HealthyHostCount <= 0
2. B. AWS/ApplicationELB UnhealthyHostCount >= 1
3. C. AWS/EC2 StatusCheckFailed <= 0
4. D. AWS/EC2 StatusCheckFailed >= 1

Correct Answer: A
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html

- (Exam Topic 1)
A SysOps administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue with the bucket owner, the administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution.
Which action should the administrator take to ensure that users access objects in Amazon S3 by using only CloudFront URLs?

1. A. Encrypt the S3 bucket content with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).
2. B. Create an origin access identity and grant it permissions to read objects in the S3 bucket.
3. C. Assign an 1AM user to the CloudFront distribution and grant the user permissions in the S3 bucket policy.
4. D. Assign an 1AM role to the CloudFront distribution and grant the role permissions in the S3 bucket policy.

Correct Answer: B
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3

- (Exam Topic 1)
A Sysops administrator has created an Amazon EC2 instance using an AWS CloudFormation template in the us-east-I Region. The administrator finds that this
template has failed to create an EC2 instance in the us-west-2 Region. What is one cause for this failure?

1. A. Resource tags defined in the CloudFormation template are specific to the us-east-I Region.
2. B. The Amazon Machine Image (AMI) ID referenced in the CloudFormation template could not be found in the us-west-2 Region.
3. C. The cfn-init script did not run during resource provisioning in the us-west-2 Region.
4. D. The IAM user was not created in the specified Region.

Correct Answer: B
One possible cause for the failure of the CloudFormation template to create an EC2 instance in the us-west-2 Region is that the Amazon Machine Image (AMI) ID referenced in the template could not be found in the us-west-2 Region. This could be due to the fact that the AMI is not available in that region, or the credentials used to access the AMI were not configured properly. The other options (resource tags defined in the CloudFormation template are specific to the us-east-I Region, the cfn-init script did not run during resource provisioning in the us-west-2 Region, and the IAM user was not created in the specified Region) are not valid causes for this failure.