A developer is deploying a new application to Amazon Elastic Container Service (Amazon ECS). The developer needs to securely store and retrieve different types of variables. These variables include authentication information for a remote API, the URL for the API, and credentials. The authentication information and API URL must be available to all current and future deployed versions of the application across development, testing, and production environments.
How should the developer retrieve the variables with the FEWEST application changes?

• A.Update the application to retrieve the variables from each of the deployed environments. Define the authentication information and API URL in the ECS task definition as unique names during the deployment process.
• B.Update the application to retrieve the variables from AWS Systems Manager Parameter Store. Use unique paths in Parameter Store for each variable in each environment. Store the credentials in AWS Secrets Manager in each environment.
• C.Update the application to retrieve the variables from an encrypted file that is stored with the application. Store the API URL and credentials in unique files for each environment.
• D.Update the application to retrieve the variables from AWS Key Management Service (AWS KMS). Store the API URL and credentials as unique keys for each environment.

Comment: *

Name: *

Email: *

Verification: *

An application that is hosted on an Amazon EC2 instance needs access to files that are stored in an Amazon S3 bucket. The application lists the objects that are stored in the S3 bucket and displays a table to the user. During testing, a developer discovers that the application does not show any objects in the list.
What is the MOST secure way to resolve this issue?

• A.Update the IAM instance profile that is attached to the EC2 instance to include the S3:ListBucket permission for the S3 bucket.
• B.Update the S3 bucket policy by including the S3:ListBucket permission and by setting the Principal element to specify the account number of the EC2 instance.
• C.Update the IAM instance profile that is attached to the EC2 instance to include the S3:* permission for the S3 bucket.
• D.Update the developer's user permissions to include the S3:ListBucket permission for the S3 bucket.

Comment: *

Name: *

Email: *

Verification: *

A developer has an application that stores data in an Amazon S3 bucket. The application uses an HTTP API to store and retrieve objects. When the PutObject API operation adds objects to the S3 bucket the developer must encrypt these objects at rest by using server-side encryption with Amazon S3 managed keys (SSE-S3).
Which solution will meet this requirement?

• A.Apply TLS to encrypt the traffic to the S3 bucket.
• B.Set the x-amz-server-side-encryption header when invoking the PutObject API operation.
• C.Provide the encryption key in the HTTP header of every request.
• D.Create an AWS Key Management Service (AWS KMS) key. Assign the KMS key to the S3 bucket.

Comment: *

Name: *

Email: *

Verification: *

A development team maintains a web application by using a single AWS CloudFormation template. The template defines web servers and an Amazon RDS database. The team uses the Cloud Formation template to deploy the Cloud Formation stack to different environments.
During a recent application deployment, a developer caused the primary development database to be dropped and recreated. The result of this incident was a loss of dat a. The team needs to avoid accidental database deletion in the future.
Which solutions will meet these requirements? (Choose two.)

• A.Create a CloudFormation stack set for the web application and database deployments.
• B.Modify the database to use a Multi-AZ deployment.
• C.Update the CloudFormation stack policy to prevent updates to the database.
• D.Add a CloudFormation Deletion Policy attribute with the Retain value to the database resource.
• E.Add a Cloud Formation DeletionPolicy attribute with the Retain value to the stack.

Comment: *

Name: *

Email: *

Verification: *