- (Exam Topic 1)
A company's financial department needs to view the cost details of each project in an AWS account A SysOps administrator must perform the initial configuration that is required to view cost for each project in Cost Explorer
Which solution will meet this requirement?

1. A. Activate cost allocation tags Add a project tag to the appropriate resources
2. B. Configure consolidated billing Create AWS Cost and Usage Reports
3. C. Use AWS Budgets Create AWS Budgets reports
4. D. Use cost categories to define custom groups that are based on AWS cost and usage dimensions

Correct Answer: A

- (Exam Topic 1)
A company has a memory-intensive application that runs on a fleet of Amazon EC2 instances behind an Elastic Load Balancer (ELB). The instances run in an Auto Scaling group. A Sysops administrator must ensure that the application can scale based on the number of users that connect to the application.
Which solution will meet these requirements?

1. A. Create a scaling policy that will scale the application based on the ActiveConnectionCount Amazon CloudWatch metric that is generated from the ELB.
2. B. Create a scaling policy that will scale the application based on the mem used Amazon CloudWatch metric that is generated from the ELB.
3. C. Create a scheduled scaling policy to increase the number of EC2 instances in the Auto Scaling group to support additional connections.
4. D. Create and deploy a script on the ELB to expose the number of connected users as a custom Amazon CloudWatch metri
5. E. Create a scaling policy that uses the metric.

Correct Answer: D
This solution will allow the application to scale based on the number of users that connect to the application. The other solutions (creating a scaling policy that uses the ActiveConnectionCount Amazon CloudWatch metric generated from the ELB, creating a scaling policy that uses the mem used Amazon CloudWatch metric generated from the ELB, or creating a scheduled scaling policy to increase the number of EC2 instances in the Auto Scaling group to support additional connections) will not meet the requirements, as they do not allow the application to scale based on the number of users that connect to the application.

- (Exam Topic 1)
An organization is running multiple applications for their customers. Each application is deployed by running a base AWS CloudFormation template that configures a new VPC. All applications are run in the same AWS account and AWS Region. A SysOps administrator has noticed that when trying to deploy the same AWS CloudFormation stack, it fails to deploy. What is likely to be the problem?

1. A. The Amazon Machine image used is not available in that region.
2. B. The AWS CloudFormation template needs to be updated to the latest version.
3. C. The VPC configuration parameters have changed and must be updated in the template.
4. D. The account has reached the default limit for VPCs allowed.

Correct Answer: D

- (Exam Topic 1)
A SysOps administrator is designing a solution for an Amazon RDS for PostgreSQL DB instance. Database credentials must be stored and rotated monthly. The applications that connect to the DB instance send
write-intensive traffic with variable client connections that sometimes increase significantly in a short period of time.
Which solution should a SysOps administrator choose to meet these requirements?

1. A. Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instanc
2. B. Use RDS Proxy to handle the increases in database connections.
3. C. Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instanc
4. D. Use RDS read replicas to handle the increases in database connections.
5. E. Configure AWS Secrets Manager to automatically rotate the credentials for the DB instanc
6. F. Use RDS Proxy to handle the increases in database connections.
7. G. Configure AWS Secrets Manager to automatically rotate the credentials for the DB instanc
8. H. Use RDS read replicas to handle the increases in database connections.

Correct Answer: A

- (Exam Topic 1)
A company's SysOps administrator has created an Amazon EC2 instance with custom software that will be used as a template for all new EC2 instances across multiple AWS accounts. The Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the EC2 instance are encrypted with AWS managed keys.
The SysOps administrator creates an Amazon Machine Image (AMI) of the custom EC2 instance and plans to share the AMI with the company's other AWS accounts. The company requires that all AMIs are encrypted with AWS Key Management Service (AWS KMS) keys and that only authorized AWS accounts can access the shared AMIs.
Which solution will securely share the AMI with the other AWS accounts?

1. A. In the account where the AMI was created, create a customer master key (CMK). Modify the key policyto provide kms:DescribeKey, kms ReEncrypf, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared wit
2. B. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.
3. C. In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*. kms:CreateGrant, and kms;Decrypt permissions to the AWS accounts that the AMI will be shared wit
4. D. Create a copy of the AM
5. E. and specify the CM
6. F. Modify the permissions on the copied AMI to specify the AWS account numbers that the AMI will be shared with.
7. G. In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescrlbeKey, kms:ReEncrypt\ kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared wit
8. H. Create a copy of the AM
9. I. and specify the CM
10. J. Modify the permissions on the copied AMI to make it public.
11. K. In the account where the AMI was created, modify the key policy of the AWS managed key to provide kms:DescnbeKe
12. L. kms:ReEncrypt\ kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared wit
13. M. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.

Correct Answer: B
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-explicit.html