A company has hired a new cloud engineer who should not have access to an Amazon S3 bucket named Company Confidential. the cloud engineer must be able to read from and write to an S3 bucket called AdminTools.
Which IAM policy will meet these requirements?
A)

B)

C)

D)

• A.Option B
• B.Option A
• C.Option D
• D.Option C

Comment: *

Name: *

Email: *

Verification: *

A solutions architect is creating a new Amazon CloudFront distribution for an application. Some of the information submitted by users is sensitive. The application uses HTTPS but needs another layer of security.
The sensitive information should be protected throughout the entire application stack, and access to the information should be restricted to certain applications.
Which action should the solutions architect take?

• A.Configure a CloudFront signed URL.
• B.Configure a CloudFront signed cookie.
• C.Configure a CloudFront field-level encryption profile.
• D.Configure CloudFront and set the Origin Protocol Policy setting to HTTPS Only for the Viewer Protocol Policy.

Comment: *

Name: *

Email: *

Verification: *

A recently created startup built a three-tier web application. The front end nas static content The application layer is based on mtcroservtces User data is stored as JSON documents that need to be accessed with low latency. The company expects regular traffic to be tow during the first year with peaks in traffic when it publicizes new features every month. The startup team needs to minimize operational overhead costs What should a solutions architect recommend to accomplish this?

• A.Use Amazon S3 static website hosting to store and serve the front end Use Amazon Elastic Kubernetes Service (Amazon EKSJ for the application layer Use Amazon DynamoDB lo store user data
• B.Use Amazon S3 static website hosting to store and serve the front end Use Amazon API Gateway and AWS Lambda function for the application layer Use Amazon DynamoDB to store user data
• C.Use Amazon S3 static website hosting to store and serve the front end Use AWS Elastic Beanstalk tor the application layer Use Amazon DynamoDB to store user data
• D.Use Amazon S3 static website hosting to store and serve the front end Use Amazon API Gateway and AWS Lambda function for the application layer Use Amazon RDS with read replicas to store user data

Comment: *

Name: *

Email: *

Verification: *

An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table. What is the MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?

• A.Use a VPC endpoint for DynamoDB.
• B.Use a NAT gateway in a public subnet.
• C.Use the internet gateway attached to the VPC.
• D.Use a NAT instance in a private subnet.

Comment: *

Name: *

Email: *

Verification: *

A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora database. The EC2 instances connect to the database by using user names and passwords that are stored locally in a file. The company wants to minimize the operational overhead of credential management.
What should a solutions architect do to accomplish this goal?

• A.Use AWS Secrets Manager. Turn on automatic rotation.
• B.Create an encrypted Amazon Elastic Block Store (Amazon EBS) volume (or each EC2 instance. Attach the new EBS volume to each EC2 instance. Migrate the credential file to the new EBS volume. Point the application to the new EBS volume.
• C.Use AWS Systems Manager Parameter Store. Turn on automatic rotation. * Create an Amazon S3 bucket lo store objects that are encrypted with an AWS Key
• D.Management Service (AWS KMS) encryption key. Migrate the credential file to the S3 bucket. Point the application to the S3 bucket.

Comment: *

Name: *

Email: *

Verification: *