- (Exam Topic 1)
A company is tunning a website on Amazon EC2 instances thai are in an Auto Scaling group When the website traffic increases, additional instances lake several minutes to become available because ot a
long-running user data script that installs software A SysOps administrator must decrease the time that is required (or new instances to become available
Which action should the SysOps administrator take to meet this requirement?

1. A. Reduce the scaling thresholds so that instances are added before traffic increases
2. B. Purchase Reserved Instances to cover 100% of the maximum capacity of the Auto Scaling group
3. C. Update the Auto Scaling group to launch instances that have a storage optimized instance type
4. D. Use EC2 Image Builder to prepare an Amazon Machine Image (AMI) that has pre-installed software

Correct Answer: D
automated way to update your image. Have a pipeline to update your image. When you boot from your AMI updates = scrits are already pre-installed, so no need to complete boot scripts in boot process. https://aws.amazon.com/image-builder/

- (Exam Topic 1)
A SysOps administrator created an AWS Cloud Formation template that provisions Amazon EC2 instances, an Elastic Load Balancer (ELB), and an Amazon RDS DB instance. During stack creation, the creation of the EC2 instances and the creation of the ELB are successful. However, the creation of the DB instance fails.
What is the default behavior of CloudFormation in this scenario?

1. A. CloudFormation will roll back the stack and delete the stack.
2. B. CloudFormation will roll back the stack but will not delete the stack.
3. C. CloudFormation will prompt the user to roll back the stack or continue.
4. D. CloudFormation will successfully complete the stack but will report a failed status for the DB instance.

Correct Answer: C

- (Exam Topic 1)
A company hosts a web application on an Amazon EC2 instance in a production VPC. Client connections to the application are failing. A SysOps administrator inspects the VPC flow logs and finds the following entry:
2 111122223333 eni-<###> 192.0.2.15 203.0.113.56 40711 443 6 1 40 1418530010 1418530070 REJECT OK
What is a possible cause of these failed connections?

1. A. A security group is denying traffic on port 443.
2. B. The EC2 instance is shut down.
3. C. The network ACL is blocking HTTPS traffic.
4. D. The VPC has no internet gateway attached.

Correct Answer: A
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html#flow-log-example-accepted https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html#
Accepted and rejected traffic: In this example, RDP traffic (destination port 3389, TCP protocol) to network interface eni-1235b8ca123456789 in account 123456789010 was rejected. 2 123456789010
eni-1235b8ca123456789 172.31.9.69 172.31.9.12 49761 3389 6 20 4249 1418530010 1418530070 REJECT OK

- (Exam Topic 1)
A SysOps administrator needs to automate the invocation of an AWS Lambda function. The Lambda function must run at the end of each day to generate a report on data that is stored in an Amazon S3 bucket.
What is the MOST operationally efficient solution that meets these requirements?

1. A. Create an Amazon EventBridge {Amazon CloudWatch Events) rule that has an event pattern for Amazon S3 and the Lambda function as a target.
2. B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that has a schedule and the Lambda function as a target.
3. C. Create an S3 event notification to invoke the Lambda function whenever objects change in the S3 bucket.
4. D. Deploy an Amazon EC2 instance with a cron job to invoke the Lambda function.

Correct Answer: C

- (Exam Topic 1)
A company's backend infrastructure contains an Amazon EC2 instance in a private subnet. The private subnet has a route to the internet through a NAT gateway in a public subnet. The instance must allow connectivity to a secure web server on the internet to retrieve data at regular intervals.
The client software times out with an error message that indicates that the client software could not establish the TCP connection.
What should a SysOps administrator do to resolve this error?

1. A. Add an inbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP, Source - 0.0.0.0/0.
2. B. Add an inbound rule to the security group for the EC2 instance with the following parameters: Type - HTTPS, Source - 0.0.0.0/0.
3. C. Add an outbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP, Destination - 0.0.0.0/0.
4. D. Add an outbound rule to the security group for the EC2 instance with the following parameters: Type - HTTP
5. E. Destination - 0.0.0.0/0.

Correct Answer: D