- (Exam Topic 1)
A company's public website is hosted in an Amazon S3 bucket in the us-east-1 Region behind an Amazon
CloudFront distribution. The company wants to ensure that the website is protected from DDoS attacks. A SysOps administrator needs to deploy a solution that gives the company the ability to maintain control over the rate limit at which DDoS protections are applied.
Which solution will meet these requirements?

1. A. Deploy a global-scoped AWS WAF web ACL with an allow default actio
2. B. Configure an AWS WAF rate-based rule to block matching traffi
3. C. Associate the web ACL with the CloudFront distribution.
4. D. Deploy an AWS WAF web ACL with an allow default action in us-east-1. Configure an AWS WAF rate-based rule to block matching traffi
5. E. Associate the web ACL with the S3 bucket.
6. F. Deploy a global-scoped AWS WAF web ACL with a block default actio
7. G. Configure an AWS WAF rate-based rule to allow matching traffi
8. H. Associate the web ACL with the CloudFront distribution.
9. I. Deploy an AWS WAF web ACL with a block default action in us-east-1. Configure an AWS WAF rate-based rule to allow matching traffi
10. J. Associate the web ACL with the S3 bucket.

Correct Answer: B

- (Exam Topic 1)
A company stores files on 50 Amazon S3 buckets in the same AWS Region. The company wants to connect to the S3 buckets securely over a private connection from its Amazon EC2 instances. The company needs a solution that produces no additional cost.
Which solution will meet these requirements?

1. A. Create a gateway VPC endpoint for each S3 bucke
2. B. Attach the gateway VPC endpoints to each subnetinside the VPC.
3. C. Create an interface VPC endpoint for each S3 bucke
4. D. Attach the interface VPC endpoints to each subnet inside the VPC.
5. E. Create one gateway VPC endpoint for all the S3 bucket
6. F. Add the gateway VPC endpoint to the VPC route table.
7. G. Create one interface VPC endpoint for all the S3 bucket
8. H. Add the interface VPC endpoint to the VPC route table.

Correct Answer: C

- (Exam Topic 1)
A company is using Amazon Elastic File System (Amazon EFS) to share a file system among several Amazon EC2 instances. As usage increases, users report that file retrieval from the EFS file system is slower than normal.
Which action should a SysOps administrator take to improve the performance of the file system?

1. A. Configure the file system for Provisioned Throughput.
2. B. Enable encryption in transit on the file system.
3. C. Identify any unused files in the file system, and remove the unused files.
4. D. Resize the Amazon Elastic Block Store (Amazon EBS) volume of each of the EC2 instances.

Correct Answer: A

- (Exam Topic 1)
A SysOps administrator is tasked with deploying a company's infrastructure as code. The SysOps administrator want to write a single template that can be reused for multiple environments.
How should the SysOps administrator use AWS CloudFormation to create a solution?

1. A. Use Amazon EC2 user data in a CloudFormation template
2. B. Use nested stacks to provision resources
3. C. Use parameters in a CloudFormation template
4. D. Use stack policies to provision resources

Correct Answer: C
Reuse templates to replicate stacks in multiple environments After you have your stacks and resources set up, you can reuse your templates to replicate your infrastructure in multiple environments. For example, you can create environments for development, testing, and production so that you can test changes before implementing them into production. To make templates reusable, use the parameters, mappings, and conditions sections so that you can customize your stacks when you create them. For example, for your development environments, you can specify a lower-cost instance type compared to your production environment, but all other configurations and settings remain the same. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html#reuse

- (Exam Topic 1)
A SysOps administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and
Amazon EC2 in a VPC. All services have logging enabled. The administrator needs to investigate HTTP
Layer 7 status codes from the web application.
Which log sources contain the status codes? (Choose two.)

1. A. VPC Flow Logs
2. B. AWS CloudTrail logs
3. C. ALB access logs
4. D. CloudFront access logs
5. E. RDS logs

Correct Answer: CD
"C" because Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html
"D" because "you can configure CloudFront to create log files that contain detailed information about every user request that CloudFront receives"
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html