- (Exam Topic 1)
A company is trying to connect two applications. One application runs in an on-premises data center that has a hostname of hostl .onprem.private. The other application runs on an Amazon EC2 instance that has a hostname of hostl.awscloud.private. An AWS Site-to-Site VPN connection is in place between the on-premises network and AWS.
The application that runs in the data center tries to connect to the application that runs on the EC2 instance, but DNS resolution fails. A SysOps administrator must implement DNS resolution between on-premises and AWS resources.
Which solution allows the on-premises application to resolve the EC2 instance hostname?

1. A. Set up an Amazon Route 53 inbound resolver endpoint with a forwarding rule for the onprem.private hosted zon
2. B. Associate the resolver with the VPC of the EC2 instanc
3. C. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the inbound resolver endpoint.
4. D. Set up an Amazon Route 53 inbound resolver endpoin
5. E. Associate the resolver with the VPC of the EC2 instanc
6. F. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the inbound resolver endpoint.
7. G. Set up an Amazon Route 53 outbound resolver endpoint with a forwarding rule for the onprem.private hosted zon
8. H. Associate the resolver with the AWS Region of the EC2 instanc
9. I. Configure theon-premises DNS resolver to forward onprem.private DNS queries to the outbound resolver endpoint.
10. J. Set up an Amazon Route 53 outbound resolver endpoin
11. K. Associate the resolver with the AWS Region of the EC2 instanc
12. L. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the outbound resolver endpoint.

Correct Answer: C

- (Exam Topic 1)
A company has a critical serverless application that uses multiple AWS Lambda functions. Each Lambda function generates 1 GB of log data daily in its own Amazon CloudWatch Logs log group. The company's security team asks for a count of application errors, grouped by type, across all of the log groups.
What should a SysOps administrator do to meet this requirement?

1. A. Perform a CloudWatch Logs Insights query that uses the stats command and count function.
2. B. Perform a CloudWatch Logs search that uses the groupby keyword and count function.
3. C. Perform an Amazon Athena query that uses the SELECT and GROUP BY keywords.
4. D. Perform an Amazon RDS query that uses the SELECT and GROUP BY keywords.

Correct Answer: A

- (Exam Topic 1)
A SysOps administrator must set up notifications for whenever combined billing exceeds a certain threshold for all AWS accounts within a company. The administrator has set up AWS Organizations and enabled Consolidated Billing.
Which additional steps must the administrator perform to set up the billing alerts?

1. A. In the payer account: Enable billing alerts in the Billing and Cost Management console; publish an Amazon SNS message when the billing alert triggers.
2. B. In each account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in Amazon CloudWatch; publish an SNS message when the alarm triggers.
3. C. In the payer account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in the Billing and Cost Management console to publish an SNS message when the alarm triggers.
4. D. In the payer account: Enable billing alerts in the Billing and Cost Management console; set up a billing alarm in Amazon CloudWatch; publish an SNS message when the alarm triggers.

Correct Answer: D

- (Exam Topic 1)
A company hosts a database on an Amazon RDS Multi-AZ DB instance. The database is not encrypted. The company's new security policy requires all AWS resources to be encrypted at rest and in transit.
What should a SysOps administrator do to encrypt the database?

1. A. Configure encryption on the existing DB instance.
2. B. Take a snapshot of the DB instanc
3. C. Encrypt the snapsho
4. D. Restore the snapshot to the same DB instance.
5. E. Encrypt the standby replica in a secondary Availability Zon
6. F. Promote the standby replica to the primary DB instance.
7. G. Take a snapshot of the DB instanc
8. H. Copy and encrypt the snapsho
9. I. Create a new DB instance by restoring the encrypted copy.

Correct Answer: B

- (Exam Topic 1)
A company hosts a web portal on Amazon EC2 instances. The web portal uses an Elastic Load Balancer (ELB) and Amazon Route 53 for its public DNS service. The ELB and the EC2 instances are deployed by way of a single AWS CloudFormation stack in the us-east-1 Region. The web portal must be highly available across multiple Regions.
Which configuration will meet these requirements?

1. A. Deploy a copy of the stack in the us-west-2 Regio
2. B. Create a single start of authority (SOA) record in Route 53 that includes the IP address from each EL
3. C. Configure the SOA record with health check
4. D. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
5. E. Deploy a copy of the stack in the us-west-2 Regio
6. F. Create an additional A record in Route 53 that includes the ELB in us-west-2 as an alias targe
7. G. Configure the A records with a failover routing policy and health check
8. H. Use the ELB in us-east-1 as the primary record and the ELB in us-west-2 as the secondary record.
9. I. Deploy a new group of EC2 instances in the us-west-2 Regio
10. J. Associate the new EC2 instances with the existing ELB, and configure load balancer health checks on all EC2 instance
11. K. Configure the ELB to update Route 53 when EC2 instances in us-west-2 fail health checks.
12. L. Deploy a new group of EC2 instances in the us-west-2 Regio
13. M. Configure EC2 health checks on all EC2 instances in each Regio
14. N. Configure a peering connection between the VPC
15. O. Use the VPC in us-east-1 as the primary record and the VPC in us-west-2 as the secondary record.

Correct Answer: B
When you create a hosted zone, Route 53 automatically creates a name server (NS) record and a start of authority (SOA) record for the zone.
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/migrate-dns-domain-in-use.html#migrate-dns-crea
https://en.wikipedia.org/wiki/SOA_record