A company has a web application that is hosted on AWS. The application is behind an Amazon CloudFront distribution. A developer needs a dashboard to monitor error rates and anomalies of the CloudFront distribution as frequently as possible.
Which combination of steps should the developer take to meet these requirements? (Choose two.)

• A.Enable real-time logs on the CloudFront distribution. Create a data stream in Amazon Kinesis Data Streams.
• B.Set up Amazon Kinesis Data Streams to send the logs to Amazon OpenSearch Service by using an AWS Lambda function. Make a dashboard in OpenSearch Dashboards.
• C.Set up Amazon Kinesis Data Firehose to send the logs to AWS CloudTrail. Create CloudTrail metrics, alarms, and dashboards.
• D.Stream the CloudFront distribution logs to Amazon Kinesis Data Firehose.
• E.Stream the CloudFront distribution logs to an Amazon S3 bucket. Detect anomalies and error rates by using Amazon Athena.

Comment: *

Name: *

Email: *

Verification: *

A developer has a financial application. The application uses AWS Secrets Manager to manage an Amazon RDS for PostgreSQL database's username and password. The developer needs to rotate thepassword while maintaining the application's high availability. Which solution will meet these requirements with LEAST development effort?

• A.Rotate the secret by using the alternating-users rotation strategy. Update the application with an appropriate retry strategy to handle authentication failures.
• B.Use the PostgreSQL client to create a new database username and password. Include the new secret values by performing an immediate rotation. Use the AWS CLI to update the RDS database password.
  Perform an immediate rotation of the Secrets Manager secrets.
• C.Rotate the secret by using multivalue answer rotation. Update the application with an appropriate retry strategy to handle authentication failures.
• D.Rotate the secret by using the single-user rotation strategy. Update the application with an appropriate retry strategy to handle authentication failures.

Comment: *

Name: *

Email: *

Verification: *

A company hosts its application on AWS. The application runs on an Amazon Elastic Container Service (Amazon ECS) cluster that uses AWS Fargate. The cluster runs behind an Application Load Balancer. The application stores data in an Amazon Aurora database. A developer encrypts and manages database credentials inside the application.
The company wants to use a more secure credential storage method and implement periodic credential rotation.
Which solution will meet these requirements with the LEAST operational overhead?

• A.Migrate the secret credentials to Amazon RDS parameter groups. Encrypt the parameter by using an AWS Key Management Service (AWS KMS) key. Turn on secret rotation. Use IAM policies and roles to grant AWS KMS permissions to access Amazon RDS.
• B.Migrate the credentials to AWS Systems Manager Parameter Store. Encrypt the parameter by using an AWS Key Management Service (AWS KMS) key. Turn on secret rotation. Use IAM policies and roles to grant Amazon ECS Fargate permissions to access to AWS Secrets Manager.
• C.Migrate the credentials to AWS Secrets Manager. Encrypt the credentials by using an AWS Key Management Service (AWS KMS) key. Turn on secret rotation. Use IAM policies and roles to grant Amazon ECS Fargate permissions to access to AWS Secrets Manager by using keys.
• D.Migrate the credentials to ECS Fargate environment variables. Encrypt the credentials by using an AWS Key Management Service (AWS KMS) key. Turn on secret rotation. Use IAM policies and roles to grant Amazon ECS Fargate permissions to access to AWS Secrets Manager.

Comment: *

Name: *

Email: *

Verification: *

An AWS Lambda function requires read access to an Amazon S3 bucket and requires read/write access to an Amazon DynamoDB table The correct 1AM policy already exists What is the MOST secure way to grant the Lambda function access to the S3 bucket and the DynamoDB table?

• A.Attach the existing 1AM policy to the Lambda function.
• B.Create an 1AM role for the Lambda function Attach the existing 1AM policy to the role Attach the role to the Lambda function
• C.Create an 1AM user with programmatic access Attach the existing 1AM policy to the user. Add the user access key ID and secret access key as environment variables in the Lambda function.
• D.Add the AWS account root user access key ID and secret access key as encrypted environment variables in the Lambda function

Comment: *

Name: *

Email: *

Verification: *

A developer needs to automate deployments for a serverless, event-based workload. The developer needs to create standardized templates to define the infrastructure and to test the functionality of the workload locally before deployment.
The developer already uses a pipeline in AWS CodePipeline. The developer needs to incorporate any other infrastructure changes into the existing pipeline.
Which solution will meet these requirements?

• A.Create an AWS CloudFormation template. Use the existing pipeline workflow to build a pipeline for AWS CloudFormation stacks.
• B.Create an AWS Serverless Application Model (AWS SAM) template. Use an automated script to deploy the serverless workload by using the AWS SAM CLI deploy command.
• C.Create an AWS Serverless Application Model (AWS SAM) template. Configure the pipeline stages in CodePipeline to run the necessary AWS SAM CLI commands to deploy the serverless workload.
• D.Create an AWS Step Functions workflow template based on the infrastructure by using the Amazon States Language. Start the Step Functions state machine from the existing pipeline.

Comment: *

Name: *

Email: *

Verification: *