- (Exam Topic 1)
An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General Purpose SSD volumes, an Amazon RDS PostgreSQL database, an Amazon EFS file system, and static objects stored in an Amazon S3 bucket. The Security team now mandates that at-rest encryption be turned on immediately for all aspects of the application, without creating new resources and without any downtime.
To satisfy the requirements, which one of these services can the SysOps administrator enable at-rest encryption on?

1. A. EBS General Purpose SSD volumes
2. B. RDS PostgreSQL database
3. C. Amazon EFS file systems
4. D. S3 objects within a bucket

Correct Answer: D
https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingEncryption.html

- (Exam Topic 1)
An errant process is known to use an entire processor and run at 100% A SysOps administrator wants to automate restarting the instance once the problem occurs for more than 2 minutes
How can this be accomplished?

1. A. Create an Amazon CloudWatch alarm for the Amazon EC2 instance with basic monitoring Enable an action to restart the instance
2. B. Create a CloudWatch alarm for the EC2 instance with detailed monitoring Enable an action to restart the instance
3. C. Create an AWS Lambda function to restart the EC2 instance triggered on a scheduled basis every 2 minutes
4. D. Create a Lambda function to restart the EC2 instance, triggered by EC2 health checks

Correct Answer: B

- (Exam Topic 1)
A company migrated an I/O intensive application to an Amazon EC2 general purpose instance. The EC2 instance has a single General Purpose SSD Amazon Elastic Block Store (Amazon EBS) volume attached.
Application users report that certain actions that require intensive reading and writing to the disk are taking much longer than normal or are failing completely. After reviewing the performance metrics of the EBS volume, a SysOps administrator notices that the VolumeQueueLength metric is consistently high during the same times in which the users are reporting issues. The SysOps administrator needs to resolve this problem to restore full performance to the application.
Which action will meet these requirements?

1. A. Modify the instance type to be storage optimized.
2. B. Modify the volume properties by deselecting Auto-Enable Volume 10.
3. C. Modify the volume properties to increase the IOPS.
4. D. Modify the instance to enable enhanced networking.

Correct Answer: C

- (Exam Topic 1)
A SysOps administrator is optimizing the cost of a workload. The workload is running in multiple AWS Regions and is using AWS Lambda with Amazon EC2 On-Demand Instances for the compute. The overall usage is predictable. The amount of compute that is consumed in each Region varies, depending on the users' locations.
Which approach should the SysOps administrator use to optimize this workload?

1. A. Purchase Compute Savings Plans based on the usage during the past 30 days
2. B. Purchase Convertible Reserved Instances by calculating the usage baseline.
3. C. Purchase EC2 Instance Savings Plane based on the usage during the past 30 days
4. D. Purchase Standard Reserved Instances by calculating the usage baseline.

Correct Answer: C

- (Exam Topic 1)
A development team recently deployed a new version of a web application to production. After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data.
Which AWS service will mitigate this issue?

1. A. AWS Shield Standard
2. B. AWS WAF
3. C. Elastic Load Balancing
4. D. Amazon Cognito

Correct Answer: A