When managing permissions for the API gateway, what can be used to ensure that the right level of permissions are given to developers, IT admins and users? These permissions should be easily managed.
Please select:

• A.Use the secure token service to manage the permissions for the different users
• B.Use 1AM Policies to create different policies for the different types of users.
• C.Use the AWS Config tool to manage the permissions for the different users
• D.Use 1AM Access Keys to create sets of keys for the different types of users.

Comment: *

Name: *

Email: *

Verification: *

A company recently experienced a DDoS attack that prevented its web server from serving content. The website is static and hosts only HTML, CSS, and PDF files that users download.
Based on the architecture shown in the image, what is the BEST way to protect the site against future attacks while minimizing the ongoing operational overhead?

• A.Move all the files to an Amazon S3 bucket. Have the web server serve the files from the S3 bucket.
• B.Launch a second Amazon EC2 instance in a new subnet. Launch an Application Load Balancer in front of both instances.
• C.Launch an Application Load Balancer in front of the EC2 instance. Create an Amazon CloudFront distribution in front of the Application Load Balancer.
• D.Move all the files to an Amazon S3 bucket. Create a CloudFront distribution in front of the bucket and terminate the web server.

Comment: *

Name: *

Email: *

Verification: *

A company uses identity federation to authenticate users into an identity account (987654321987) where the users assume an IAM role named IdentityRole. The users then assume an IAM role named JobFunctionRole in the target AWS account (123456789123) to perform their job functions.
A user is unable to assume the IAM role in the target account. The policy attached to the role in the identity account is:

What should be done to enable the user to assume the appropriate role in the target account?

• A.Option D
• B.Option C
• C.Option A
• D.Option B

Comment: *

Name: *

Email: *

Verification: *

A company has a VPC with an IPv6 address range and a public subnet with an IPv6 address block. The VPC currently hosts some public Amazon EC2 instances but a Security Engineer needs to migrate a second application into the VPC that also requires IPv6 connectivity.
This new application will occasionally make API requests to an external, internet-accessible endpoint to receive updates However, the Security team does not want the application's EC2 instance exposed directly to the internet The Security Engineer intends to create a private subnet with a custom route table and to associate the route table with the private subnet What else does the Security Engineer need to do to ensure the application will not be exposed directly to the internet, but can still communicate as required''

• A.Launch a NAT instance in the public subnet Update the custom route table with a new route to the NAT instance
• B.Remove the internet gateway, and add AWS PrivateLink to the VPC Then update the custom route table with a new route to AWS PrivateLink
• C.Add an egress-only internet gateway to the VPC. Update the custom route table with a new route to the gateway
• D.Add a managed NAT gateway to the VPC Update the custom route table with a new route to the gateway

Comment: *

Name: *

Email: *

Verification: *

Your company has been using AWS for the past 2 years. They have separate S3 buckets for logging the various AWS services that have been used. They have hired an external vendor for analyzing their log files.
They have their own AWS account. What is the best way to ensure that the partner account can access the log files in the company account for analysis. Choose 2 answers from the options given below Please select:

• A.Create an 1AM user in the company account
• B.Create an 1AM Role in the company account
• C.Ensure the 1AM user has access for read-only to the S3 buckets
• D.Ensure the 1AM Role has access for read-only to the S3 buckets

Comment: *

Name: *

Email: *

Verification: *