A company is developing an application that will be accessed through the Amazon API Gateway REST API.
Registered users should be the only ones who can access certain resources of this API. The token being used should expire automatically and needs to be refreshed periodically.
How can a developer meet these requirements?

• A.Create an Amazon Cognito identity pool, configure the Amazon Cognito Authorizer in API Gateway, and use the temporary credentials generated by the identity pool.
• B.Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway, and use the identity or access token.
• C.Create an 1AM user for each API user, attach an invoke permissions policy to the API. and use an I AM authorizer in API Gateway.
• D.Create and maintain a database record for each user with a corresponding token and use an AWS Lambda authorizer in API Gateway.

Comment: *

Name: *

Email: *

Verification: *

An application that is hosted on an Amazon EC2 instance needs access to files that are stored in an Amazon S3 bucket. The application lists the objects that are stored in the S3 bucket and displays a table to the user. During testing, a developer discovers that the application does not show any objects in the list.
What is the MOST secure way to resolve this issue?

• A.Update the S3 bucket policy by including the S3:ListBucket permission and by setting the Principal element to specify the account number of the EC2 instance.
• B.Update the developer's user permissions to include the S3:ListBucket permission for the S3 bucket.
• C.Update the IAM instance profile that is attached to the EC2 instance to include the S3:* permission for the S3 bucket.
• D.Update the IAM instance profile that is attached to the EC2 instance to include the S3:ListBucket permission for the S3 bucket.

Comment: *

Name: *

Email: *

Verification: *

A company launched an online portal to announce a new product that the company will release in 6 months.
The portal requests that users enter an email address to receive communications about the product. The company needs to create a REST API that will store the email addresses in Amazon DynamoDB.
A developer has created an AWS Lambda function that can store the email addresses. The developer will deploy the Lambda function by using the AWS Serverless Application Model (AWS SAM). The developer must provide access to the Lambda function over HTTP.
Which solutions will meet these requirements with the LEAST additional configuration? (Select TWO.)

• A.Expose the Lambda function by using a Gateway Load Balancer.
• B.Expose the Lambda function by using a Network Load Balancer.
• C.Expose the Lambda function by using Amazon API Gateway.
• D.Expose the Lambda function by using function URLs.
• E.Expose the Lambda function by using AWS Global Accelerator

Comment: *

Name: *

Email: *

Verification: *

A data visualization company wants to strengthen the security of its core applications. The applications are deployed on AWS across its development, staging, pre-production, and production environments. The company needs to encrypt all of its stored sensitive credentials.
The sensitive credentials need to be automatically rotated. A version of the sensitive credentials need to be stored for each environment.
Which solution will meet these requirements in the MOST operationally efficient way?

• A.Configure AWS Secrets Manager versions to store different copies of the same credentials across multiple environments.
• B.Configure AWS Secrets Manager to create a new secret for each environment type. Store the environment-specific credentials in the secret.
• C.Configure the environment variables in the application code. Use different names for each environment type.
• D.Create a new parameter version in AWS Systems Manager Parameter Store for each environment. Store the environment-specific credentials in the parameter version.

Comment: *

Name: *

Email: *

Verification: *

A developer is writing a web application that is deployed on Amazon EC2 instances behind an internet-facing Application Load Balancer (ALB). The developer must add an Amazon CloudFront distribution in front of the ALB. The developer also must ensure that customer data from outside the VPC is encrypted in transit.
Which combination of CloudFront configuration settings should the developer use to meet these requirements? (Choose two.)

• A.Restrict viewer access by using signed URLs.
• B.Set the Origin Protocol Policy setting to Match Viewer.
• C.Enable field-level encryption.
• D.Enable automatic object compression.
• E.Set the Viewer Protocol Policy setting to Redirect HTTP to HTTPS.

Comment: *

Name: *

Email: *

Verification: *