- (Exam Topic 1)
A company is undergoing an external audit of its systems, which run wholly on AWS. A SysOps administrator must supply documentation of Payment Card Industry Data Security Standard (PCI DSS) compliance for the infrastructure managed by AWS.
Which set of action should the SysOps administrator take to meet this requirement?

1. A. Download the applicable reports from the AWS Artifact portal and supply these to the auditors.
2. B. Download complete copies of the AWS CloudTrail log files and supply these to the auditors.
3. C. Download complete copies of the AWS CloudWatch logs and supply these to the auditors.
4. D. Provide the auditors with administrative access to the production AWS account so that the auditors can determine compliance.

Correct Answer: A

- (Exam Topic 1)
A company is using Amazon Elastic Container Sen/ice (Amazon ECS) to run a containerized application on Amazon EC2 instances. A SysOps administrator needs to monitor only traffic flows between the ECS tasks.
Which combination of steps should the SysOps administrator take to meet this requirement? (Select TWO.)

1. A. Configure Amazon CloudWatch Logs on the elastic network interface of each task.
2. B. Configure VPC Flow Logs on the elastic network interface of each task.
3. C. Specify the awsvpc network mode in the task definition.
4. D. Specify the bridge network mode in the task definition.
5. E. Specify the host network mode in the task definition.

Correct Answer: AE

- (Exam Topic 1)
A company creates a new member account by using AWS Organizations. A SysOps administrator needs to add AWS Business Support to the new account
Which combination of steps must the SysOps administrator take to meet this requirement? (Select TWO.)

1. A. Sign in to the new account by using 1AM credential
2. B. Change the support plan.
3. C. Sign in to the new account by using root user credential
4. D. Change the support plan.
5. E. Use the AWS Support API to change the support plan.
6. F. Reset the password of the account root user.
7. G. Create an IAM user that has administrator privileges in the new account.

Correct Answer: BE
The best combination of steps to meet this requirement is to sign in to the new account by using root user credentials and change the support plan, and to create an IAM user that has administrator privileges in the new account.
Signing in to the new account by using root user credentials will allow the SysOps administrator to access the account and change the support plan to AWS Business Support. Additionally, creating an IAM user that has administrator privileges in the new account will ensure that the SysOps administrator has the necessary access to manage the account and make changes to the support plan if necessary.
Reference:
[1] https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_ma

- (Exam Topic 1)
A company runs several workloads on AWS. The company identifies five AWS Trusted Advisor service quota metrics to monitor in a specific AWS Region. The company wants to receive email notification each time resource usage exceeds 60% of one of the service quotas.
Which solution will meet these requirements?

1. A. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metri
2. B. Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas.
3. C. Create five Amazon CloudWatch alarms, one for each Trusted Advisor service quota metri
4. D. Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas.
5. E. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric.Configure an Amazon Simple Queue Service (Amazon SQS) queue for email notification each time that usage exceeds 60% of one of the service quotas.
6. F. Use the AWS Service Health Dashboard to monitor each Trusted Advisor service quota metric.Configure an Amazon Simple Notification Service (Amazon SNS) topic for email notification each time that usage exceeds 60% of one of the service quotas.

Correct Answer: A
CloudWatch alarms allow you to monitor AWS resources, and you can configure an SNS topic to send an email notification each time one of the alarms is triggered. This will ensure that the company receives email notifications each time one of the service quotas is exceeded, allowing the company to take action as needed.

- (Exam Topic 1)
A data storage company provides a service that gives users the ability to upload and download files as needed. The files are stored in Amazon S3 Standard and must be immediately retrievable for 1 year. Users access files frequently during the first 30 days after the files are stored. Users rarely access files after 30 days.
The company's SysOps administrator must use S3 Lifecycle policies to implement a solution that maintains object availability and minimizes cost.
Which solution will meet these requirements?

1. A. Move objects to S3 Glacier after 30 days.
2. B. Move objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.
3. C. Move objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.
4. D. Move objects to S3 Standard-Infrequent Access (S3 Standard-IA) immediately.

Correct Answer: C
https://aws.amazon.com/s3/storage-classes/