Amazon

Question Which AWS Cloud design principle does a company follow by using AWS CloudTrail? A. Recover automatically. B. Perform operations as code. C. Measure efficiency. D. Ensure traceability. Answer D. Ensure traceability. Explanation The AWS Cloud design principle that a company follows by using AWS CloudTrail is D. Ensure traceability. AWS CloudTrail is a service …

Question A company wants to reconfigure its ecommerce application to automatically scale to meet customer demands. The company wants the operating system that the application runs on to be automatically updated. Which AWS service will meet these requirements? A. Amazon Lightsail B. Amazon EC2 C. AWS Lambda D. Amazon EC2 Auto Scaling Answer D. Amazon …

Question A company is migrating an application to AWS. It wants to use fully managed services as much as possible during the migration. The company needs to store large important documents within the application with the following requirements: The data must be highly durable and available The data must always be encrypted at rest and …

Question A company uses AWS Organizations to manage its AWS accounts. The company needs a list of all its Amazon EC2 instances that have underutilized CPU or memory usage. The company also needs recommendations for how to downsize these underutilized instances. Which solution will meet these requirements with the LEAST effort? A. Install a CPU …

Question A company uses AWS Organizations for a multi-account setup in the AWS Cloud. The company’s finance team has a data processing application that uses AWS Lambda and Amazon DynamoDB. The company’s marketing team wants to access the data that is stored in the DynamoDB table.The DynamoDB table contains confidential data. The marketing team can …

Question An environmental company is deploying sensors in major cities throughout a country to measure air quality. The sensors connect to AWS IoT Core to ingest timeseries data readings. The company stores the data in Amazon DynamoDB. For business continuity, the company must have the ability to ingest and store data in two AWS Regions. …

Question A company is updating an application that customers use to make online orders. The number of attacks on the application by bad actors has increased recently. The company will host the updated application on an Amazon Elastic Container Service (Amazon ECS) cluster. The company will use Amazon DynamoDB to store application data. A public …

Question A company decides to use AWS Key Management Service (AWS KMS) for data encryption operations. The company must create a KMS key and automate the rotation of the key. The company also needs the ability to deactivate the key and schedule the key for deletion. Which solution will meet these requirements? A. Create an …

Question A company has an AWS Key Management Service (AWS KMS) customer managed key with imported key material. Company policy requires all encryption keys to be rotated every year. What should a security engineer do to meet this requirement for this customer managed key? A. Enable automatic key rotation annually for the existing customer managed …

Question A company wants to implement host-based security for Amazon EC2 instances and containers in Amazon Elastic Container Registry (Amazon ECR). The company has deployed AWS Systems Manager Agent (SSM Agent) on the EC2 instances. All the company’s AWS accounts are in one organization in AWS Organizations. The company will analyze the workloads for software …

Question A company in France uses Amazon Cognito with the Cognito Hosted UI as an identity broker for sign-in and sign-up processes. The company is marketing an application and expects that all the application’s users will come from France. When the company launches the application, the company’s security team observes fraudulent sign-ups for the application. …

Question A security engineer is configuring AWS Config for an AWS account that uses a new 1AM entity. When the security engineer tries to configure AWS Config rules and automatic remediation options, errors occur. In the AWS CloudTrail logs, the security engineer sees the following error message: “Insufficient delivery policy to s3 bucket: DOC-EXAMPLE-BUCKET, unable …

Question A company wants to protect its website from man-in-the-middle attacks by using Amazon CloudFront. Which solution will meet these requirements with the LEAST operational overhead? A. Use the SimpleCORS managed response headers policy. B. Use a Lambda@Edge function to add the Strict-Transport-Security response header. C. Use the SecurityHeadersPolicy managed response headers policy. D. Include …

Question A company hosts an end user application on AWS. Currently, the company deploys the application on Amazon EC2 instances behind an Elastic Load Balancer. The company wants to configure end-to-end encryption between the Elastic Load Balancer and the EC2 instances. Which solution will meet this requirement with the LEAST operational effort? A. Use Amazon …

Question A company uses AWS Organizations to manage 20 AWS accounts. The company has a new requirement to enforce IAM access key rotation every 90 days. Currently, the company uses the access keys to connect to Amazon EC2 instances. The company uses the organization’s management account to manage the IAM users of all the accounts. …