- (Exam Topic 1)
A company is using Amazon Elastic Container Sen/ice (Amazon ECS) to run a containerized application on Amazon EC2 instances. A SysOps administrator needs to monitor only traffic flows between the ECS tasks.
Which combination of steps should the SysOps administrator take to meet this requirement? (Select TWO.)

1. A. Configure Amazon CloudWatch Logs on the elastic network interface of each task.
2. B. Configure VPC Flow Logs on the elastic network interface of each task.
3. C. Specify the awsvpc network mode in the task definition.
4. D. Specify the bridge network mode in the task definition.
5. E. Specify the host network mode in the task definition.

Correct Answer: AE

- (Exam Topic 1)
A SysOps administrator creates two VPCs, VPC1 and VPC2, in a company’s AWS account The SysOps administrator deploys a Linux Amazon EC2 instance in VPC1 and deploys an Amazon RDS for MySQL DB instance in VPC2. The DB instance is deployed in a private subnet. An application that runs on the EC2 instance needs to connect to the database.
What should the SysOps administrator do to give the EC2 instance the ability to connect to the database?

1. A. Enter the DB instance connection string into the VPC1 route table.
2. B. Configure VPC peering between the two VPCs.
3. C. Add the same IPv4 CIDR range for both VPCs.
4. D. Connect to the DB instance by using the DB instance’s public IP address.

Correct Answer: B
VPC peering allows two VPCs to communicate with each other securely. By configuring VPC peering between the two VPCs, the SysOps administrator will be able to give the EC2 instance in VPC1 the ability to connect to the database in VPC2. Once the VPC peering is configured, the EC2 instance will be able to communicate with the database using the private IP address of the DB instance in the private subnet.

- (Exam Topic 1)
A company hosts a website on multiple Amazon EC2 instances that run in an Auto Scaling group. Users are reporting slow responses during peak times between 6 PM and 11 PM every weekend. A SysOps administrator must implement a solution to improve performance during these peak times.
What is the MOST operationally efficient solution that meets these requirements?

1. A. Create a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function to increase the desired capacity before peak times.
2. B. Configure a scheduled scaling action with a recurrence option to change the desired capacity before and after peak times.
3. C. Create a target tracking scaling policy to add more instances when memory utilization is above 70%.
4. D. Configure the cooldown period for the Auto Scaling group to modify desired capacity before and after peak times.

Correct Answer: B
"Scheduled scaling helps you to set up your own scaling schedule according to predictable load changes. For example, let's say that every week the traffic to your web application starts to increase on Wednesday, remains high on Thursday, and starts to decrease on Friday. You can configure a schedule for Amazon EC2 Auto Scaling to increase capacity on Wednesday and decrease capacity on Friday." https://docs.aws.amazon.com/autoscaling/ec2/userguide/schedule_time.html

- (Exam Topic 1)
A company uses Amazon Elasticsearch Service (Amazon ES) to analyze sales and customer usage data. Members of the company's geographically dispersed sales team are traveling. They need to log in to Kibana by using their existing corporate credentials that are stored in Active Directory. The company has deployed
Active Directory Federation Services (AD FS) to enable authentication to cloud services. Which solution will meet these requirements?

1. A. Configure Active Directory as an authentication provider in Amazon E
2. B. Add the Active Directory server's domain name to Amazon E
3. C. Configure Kibana to use Amazon ES authentication.
4. D. Deploy an Amazon Cognito user poo
5. E. Configure Active Directory as an external identity provider for the user poo
6. F. Enable Amazon Cognito authentication for Kibana on Amazon ES.
7. G. Enable Active Directory user authentication in Kiban
8. H. Create an IP-based custom domain access policy in Amazon ES that includes the Active Directory server's IP address.
9. I. Establish a trust relationship with Kibana on the Active Directory serve
10. J. Enable Active Directory user authentication in Kiban
11. K. Add the Active Directory server's IP address to Kibana.

Correct Answer: B
https://aws.amazon.com/blogs/security/how-to-enable-secure-access-to-kibana-using-aws-single-sign-on/ https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-cognito-auth.html

- (Exam Topic 1)
A company is running a serverless application on AWS Lambda The application stores data in an Amazon RDS for MySQL DB instance Usage has steadily increased and recently there have been numerous "too many connections" errors when the Lambda function attempts to connect to the database The company already has configured the database to use the maximum max_connections value that is possible
What should a SysOps administrator do to resolve these errors'?

1. A. Create a read replica of the database Use Amazon Route 53 to create a weighted DNS record that contains both databases
2. B. Use Amazon RDS Proxy to create a proxy Update the connection string in the Lambda function
3. C. Increase the value in the max_connect_errors parameter in the parameter group that the database uses
4. D. Update the Lambda function's reserved concurrency to a higher value

Correct Answer: B
https://aws.amazon.com/blogs/compute/using-amazon-rds-proxy-with-aws-lambda/
RDS Proxy acts as an intermediary between your application and an RDS database. RDS Proxy establishes and manages the necessary connection pools to your database so that your application creates fewer database connections. Your Lambda functions interact with RDS Proxy instead of your database instance. It handles the connection pooling necessary for scaling many simultaneous connections created by concurrent Lambda functions. This allows your Lambda applications to reuse existing connections, rather than creating new connections for every function invocation.
Check "Database proxy for Amazon RDS" section in the link to see how RDS proxy help Lambda handle huge connections to RDS MySQL
https://aws.amazon.com/blogs/compute/using-amazon-rds-proxy-with-aws-lambda/