- (Exam Topic 1)
A SysOps administrator must ensure that a company's Amazon EC2 instances auto scale as expected The SysOps administrator configures an Amazon EC2 Auto Scaling Lifecycle hook to send an event to Amazon EventBridge (Amazon CloudWatch Events), which then invokes an AWS Lambda function to configure the EC2 distances When the configuration is complete, the Lambda function calls the complete Lifecycle-action event to put the EC2 instances into service. In testing, the SysOps administrator discovers that the Lambda function is not invoked when the EC2 instances auto scale.
What should the SysOps administrator do to reserve this issue?

1. A. Add a permission to the Lambda function so that it can be invoked by the EventBridge (CloudWatch Events) rule.
2. B. Change the lifecycle hook action to CONTINUE if the lifecycle hook experiences a fa* we or timeout.
3. C. Configure a retry policy in the EventBridge (CloudWatch Events) rule to retry the Lambda function invocation upon failure.
4. D. Update the Lambda function execution role so that it has permission to call the complete lifecycle-action event

Correct Answer: D

- (Exam Topic 1)
A SysOps administrator is creating an Amazon EC2 Auto Scaling group in a new AWS account. After adding some instances, the SysOps administrator notices that the group has not reached the minimum number of instances. The SysOps administrator receives the following error message:

Which action will resolve this issue?

1. A. Adjust the account spending limits for Amazon EC2 on the AWS Billing and Cost Management console
2. B. Modify the EC2 quota for that AWS Region in the EC2 Settings section of the EC2 console.
3. C. Request a quota Increase for the Instance type family by using Service Quotas on the AWS Management Console.
4. D. Use the Rebalance action In the Auto Scaling group on the AWS Management Console.

Correct Answer: C

- (Exam Topic 1)
An Amazon S3 Inventory report reveals that more than 1 million objects in an S3 bucket are not encrypted These objects must be encrypted, and all future objects must be encrypted at the time they are written
Which combination of actions should a SysOps administrator take to meet these requirements? (Select TWO )

1. A. Create an AWS Config rule that runs evaluations against configuration changes to the S3 bucket When an unencrypted object is found run an AWS Systems Manager Automation document to encrypt the object in place
2. B. Edit the properties of the S3 bucket to enable default server-side encryption
3. C. Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted Create an S3 Batch Operations job to copy each object in place with en cryption enabled
4. D. Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted Send each object name as a message to an Amazon Simple Queue Service (Amazon SQS) queue Use the SQS queue to invoke an AWS Lambda function to tag each object with a key of "Encryption" and a value of "SSE-KMS"
5. E. Use S3 Event Notifications to invoke an AWS Lambda function on all new object-created events for the S3 bucket Configure the Lambda function to check whether the object is encrypted and to run an AWS Systems Manager Automation document to encrypt the object in place when an unencrypted object is found

Correct Answer: BC
https://aws.amazon.com/blogs/storage/encrypting-objects-with-amazon-s3-batch-operations/

- (Exam Topic 1)
A company is using an Amazon DynamoDB table for data. A SysOps administrator must configure replication of the table to another AWS Region for disaster recovery.
What should the SysOps administrator do to meet this requirement?

1. A. Enable DynamoDB Accelerator (DAX).
2. B. Enable DynamoDB Streams, and add a global secondary index (GSI).
3. C. Enable DynamoDB Streams, and-add a global table Region.
4. D. Enable point-in-time recovery.

Correct Answer: C

- (Exam Topic 1)
A development team recently deployed a new version of a web application to production After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data
Which AWS service will mitigate this issue?

1. A. AWS Shield Standard
2. B. AWS WAF
3. C. Elastic Load Balancing
4. D. Amazon Cognito

Correct Answer: B
https://www.imperva.com/learn/application-security/cross-site-scripting-xss-attacks/