Your CTO thinks your AWS account was hacked. What is the only way to know for certain if there was
unauthorized access and what they did, assuming your hackers are very sophisticated AWS engineers
and doing everything they can to cover their tracks?

• A.Use CloudTrail Log File Integrity Validation.
• B.Use AWS Config SNS Subscriptions and process events in real time.
• C.Use CloudTrail backed up to AWS S3 and Glacier.
• D.Use AWS Config Timeline forensics.

Comment: *

Name: *

Email: *

Verification: *

After conducting a disaster recovery exercise, an Enterprise Architect discovers that a large team of Database and Storage Administrators need more then seven hours of manual effort to make a flagship application's database functional in a different AWS Region. The Architect also discovers that the recovered database is often missing as much as two hours of data transactions. Which solution provides improved RTO and RPO in a cross-region failover scenario?

• A.Use Amazon RDS scheduled instance lifecycle events to create a snapshot and specify a frequency to match the RPO. Use Amazon RDS scheduled instance lifecycle event configuration to perform a cross- region snapshot copy into the failover region upon SnapshotCreateComplete events. Configure Amazon CloudWatch to alert when the CloudWatch RDS namespace CPUUtilization metric for the database instance falls to 0% and make a call to Amazon RDS to restore the database snapshot in the failover region.
• B.Create a scheduled Amazon CloudWatch Events rule to make a call to Amazon RDS to create a snapshot from a database instance and specify a frequency to match the RPO. Create an AWS Step Functions task to call Amazon RDS to perform a cross-region snapshot copy into the failover region, and configure the state machine to execute the task when the RDS snapshot create state is complete.
  Create an SNS topic subscribed to RDS availability events, and push these messages to an Amazon SQS queue located in the failover region. Configure an Auto Scaling group of worker nodes to poll the queue for new messages and make a call to Amazon RDS to restore a database from a snapshot after a checksum on the cross-region copied snapshot returns valid.
• C.Use Amazon SNS topics to receive published messages from Amazon RDS availability and backup events. Use AWS Lambda for three separate functions with calls to Amazon RDS to snapshot a database instance, create a cross-region snapshot copy, and restore an instance from a snapshot. Use a scheduled Amazon CloudWatch Events rule at a frequency matching the RPO to trigger the Lambda function to snapshot a database instance. Trigger the Lambda function to create a cross-region snapshot copy when the SNS topic for backup events receives a new message. Configure the Lambda function to restore an instance from a snapshot to trigger sending new messages published to the availability SNS topic.
• D.Deploy an Amazon RDS Multi-AZ instance backed by a multi-region Amazon EFS. Configure the RDS option group to enable multi-region availability for native automation of cross-region recovery and continuous data replication. Create an Amazon SNS topic subscribed to RDS-impacted events to send emails to the Database Administration team when significant query Latency is detected in a single Availability Zone.

Comment: *

Name: *

Email: *

Verification: *

A Lambda function must execute a query against an Amazon RDS database in a private subnet.
Which steps are required to allow the Lambda function to access the Amazon RDS database? (Select two.)

• A.Create a VPC Endpoint for Amazon RDS.
• B.Change the ingress rules of Lambda security group, allowing the Amazon RDS security group.
• C.Change the ingress rules of the Amazon RDS security group, allowing the Lambda security group.
• D.Create the Lambda function within the Amazon RDS VPC.
• E.Add an Internet Gateway (IGW) to the VPC, route the private subnet to the IGW.

Comment: *

Name: *

Email: *

Verification: *

A company indexes all of its Amazon CloudWatch Logs on Amazon ES and uses Kibana to view a dashboard for actionable insight. The company wants to restrict user access to Kibana by user Which actions can a DevOps Engineer take to meet this requirement? (Select TWO.)

• A.Create a proxy server with user authentication in an Auto Scaling group and restrict access of the Amazon ES endpoint to an Auto Scaling group tag
• B.Create a proxy server with user authentication and an Elastic IP address and restrict access of the Amazon ES endpoint to the IP address
• C.Use Amazon Cognito to offer user name and password protection for Kibana
• D.Create a proxy server with AWS 1AM user and restrict access of the Amazon ES endpoint to the 1AM user
• E.Use AWS SSO to offer user name and password protection for Kibana

Comment: *

Name: *

Email: *

Verification: *

You are using Chef in your data center. Which service is designed to let the customer leverage existing Chef
recipes in AWS?

• A.AWS Elastic Beanstalk
• B.AWSOpsWorks
• C.AWS CloudFormation
• D.Amazon Simple Workflow Service

Comment: *

Name: *

Email: *

Verification: *