In AWS, which security aspects are the customer's responsibility? Choose 4 answers

• A.Life-cycle management of IAM credentials
• B.Decommissioning storage devices
• C.Security Group and ACL (Access Control List) settings
• D.Encryption of EBS (Elastic Block Storage) volumes
• E.Controlling physical access to compute resources
• F.Patch management on the EC2 instance's operating system

Comment: *

Name: *

Email: *

Verification: *

A Developer uses AWS CodeDeploy to automate application deployment that connects to an external MySQL database. The Developer wants to securely access the encrypted secrets, such as API keys and database passwords.
Which of the following solutions would involve the LEAST administrative effort?

• A.Save the secrets in Amazon S3 with AWS KMS server-side encryption, and use a signed URL to access them by using the IAM role from Amazon EC2 instances.
• B.Use the instance metadata to store the secrets and to programmatically access the secrets from EC2 instances.
• C.Use the Amazon DynamoDB client-side encryption library to save the secrets in DynamoDB and to programmatically access the secrets from EC2 instances.
• D.Use AWS SSM Parameter Store to store the secrets and to programmatically access them by using the IAM role from EC2 instances.

Comment: *

Name: *

Email: *

Verification: *

A developer wants the ability to roll back to a previous version of an AWS Lambda function in the event of errors caused by a new deployment.
How can the developer achieve this with MINIMAL impact on users?

• A.Do not make any changes to the application Deploy the new version of the code. If too many errors are encountered, point the application back to the previous version using the version number in the Amazon Resource Name (ARN)
• B.Create three aliases: new, existing, and router Point the existing alias to the current version Have the router alias direct 100% of users to the existing alias Update the application to use the router alias Deploy the new version of the code Point the new alias to this version Update the router alias to direct
  10% of users to the new alias If too many errors are encountered, send 100% of traffic to the existing alias
• C.Change the application to use an alias that points to the current version Deploy the new version of the code. Update the alias to direct 10% of users to the newly deployed version. If too many errors are encountered, send 100% of traffic to the previous version
• D.Change the application to use an alias that points to the current version Deploy the new version of the code Update the alias to use the newly deployed version. If too many errors are encountered, point the alias back to the previous version

Comment: *

Name: *

Email: *

Verification: *

A company runs continuous integration/continuous delivery (CI/CD) pipeline for its application on AWS CodePipeline. A developer must write unit tests and run them as part of the pipelines before staging the artifacts for testing.
How should the Developer incorporate unit tests as part of CI/CD pipeline?

• A.Install the AWS CodeDeploy agent on an Amazon EC2 instance to run unit tests.
• B.Create a separate codePipline pipline to run unit tests.
• C.Create a testing branch in AWS CodeCommit to run unit tests.
• D.Update the AWS codeBuild build specification to include a phase for running unit tests.

Comment: *

Name: *

Email: *

Verification: *

A Developer created a dashboard for an application using Amazon API Gateway, Amazon S3, AWS Lambda, and Amazon RDS. The Developer needs an authentication mechanism allowing a user to sign in and view the dashboard. It must be accessible from mobile applications, desktops, and tablets, and must remember user preferences across platforms.
Which AWS service should the Developer use to support this authentication scenario?

• A.AWS KMS
• B.Amazon Cognito
• C.AWS Directory Service
• D.Amazon IAM

Comment: *

Name: *

Email: *

Verification: *