Within the lAM service a GROUP is regarded as a:

• A.A collection of AWS accounts
• B.There's no GROUP in lAM, but only USERS and RESOURCES.
• C.A collection of users.
• D.It's the group of EC2 machines that gain t he permissions specified in the GROUP.

Comment: *

Name: *

Email: *

Verification: *

As a part of building large applications in the AWS Cloud, the Solutions Architect is required to implement the perimeter security protection. Applications running on AWS have the following endpoints:
* Application Load Balancer
* Amazon API Gateway regional endpoint
* Elastic IP address-based EC2 instances.
* Amazon S3 hosted websites.
* Classic Load Balancer
The Solutions Architect must design a solution to protect all of the listed web front ends and provide the following security capabilities:
* DDoS protection
* SQL injection protection
* IP address whitelist/blacklist
* HTTP flood protection
* Bad bot scraper protection
How should the Solutions Architect design the solution?

• A.Deploy Amazon CloudFront in front of all the endpoints. Deploy AWS WAF and AWS Shield Advanced.
  Add AWS WAF rules to enforce the company's requirements. Use AWS Lambda to automate and enhance the security posture.
• B.Deploy Amazon CloudFront in front of all the endpoints. The CloudFront distribution provides perimeter protection. Add AWS Lambda-based automation to provide additional security.
• C.Secure the endpoints by using network ACLs and security groups and adding rules to enforce the company's requirements. Use AWS Lambda to automatically update the rules.
• D.Deploy AWS WAF and AWS Shield Advanced on all web endpoints. Add AWS WAF rules to enforce the company's requirements.

Comment: *

Name: *

Email: *

Verification: *

A company has media and application files that need to be shared internally. Users currently are authenticated using Active Directory and access files from a Microsoft Windows platform. The chief executive officer wants to keep the same user permissions, but wants the company to improve the process as the company is reaching its storage capacity limit.
What should a solutions architect recommend?

• A.Set up a corporate Amazon S3 bucket and move all media and application files.
• B.Configure Amazon FSx for Windows File Server and move all the media and application files.
• C.Configure Amazon Elastic File System (Amazon EFS) and move all media and application files.
• D.Set up Amazon EC2 on Windows, attach multiple Amazon Elastic Block Store (Amazon EBS) volumes, and move all media and application files.

Comment: *

Name: *

Email: *

Verification: *

A company is writing a new service running on Amazon EC2 that must create thumbnail images of thousands of images in a large archive. The system will write scratch data to storage during the process.
Which storage service is best suited for this scenario?

• A.Amazon CloudSearch
• B.Amazon EBS Throughput Optimized HDD (st1)
• C.Amazon EFS
• D.EC2 instance store

Comment: *

Name: *

Email: *

Verification: *

You are designing a connectivity solution between on-premises infrastructure and Amazon VPC Your server's on-premises will De communicating with your VPC instances You will De establishing IPSec tunnels over the internet You will be using VPN gateways and terminating the IPsec tunnels on AWS-supported customer gateways.
Which of the following objectives would you achieve by implementing an IPSec tunnel as outlined above? (Choose 4 answers)

• A.Data encryption across the Internet
• B.Data integrity protection across the Internet
• C.Protection of data in transit over the Internet
• D.Peer identity authentication between VPN gateway and customer gateway
• E.End-to-end protection of data in transit
• F.End-to-end Identity authentication

Comment: *

Name: *

Email: *

Verification: *