Your company has confidential documents stored in the simple storage service.
Due to compliance requirements, you have to ensure that the data in the S3 bucket is available in a different geographical location.
As an architect what is the change you would make to comply with this requirement.
Please select:

• A.Apply Multi-AZ for the underlying 53 bucket
• B.Copy the data to an EBS Volume in another Region
• C.Create a snapshot of the S3 bucket and copy it to another region
• D.Enable Cross region replication for the S3 bucket

Comment: *

Name: *

Email: *

Verification: *

A large organization is planning on AWS to host their resources. They have a number of autonomous departments that wish to use AWS. What could be the strategy to adopt for managing the accounts.
Please select:

• A.Use multiple VPCs in the account each VPC for each department
• B.Use multiple 1AM groups, each group for each department
• C.Use multiple 1AM roles, each group for each department
• D.Use multiple AWS accounts, each account for each department

Correct Answer: D

Explanation
A recommendation for this is given in the AWS Security best practices

Option A is incorrect since this would be applicable for resources in a VPC Options B and C are incorrect since operationally it would be difficult to manage For more information on AWS Security best practices please refer to the below URL
https://d1.awsstatic.com/whitepapers/Security/
AWS Security Best Practices.pdl The correct answer is: Use multiple AWS accounts, each account for each department Submit your Feedback/Queries to our Experts

Comment: *

Name: *

Email: *

Verification: *

An application developer is using an IAM Lambda function that must use IAM KMS to perform encrypt and decrypt operations for API keys that are less than 2 KB Which key policy would allow the application to do this while granting least privilege?

• A.Option C
• B.Option B
• C.Option D
• D.Option A

Comment: *

Name: *

Email: *

Verification: *

Your company is planning on AWS on hosting its AWS resources. There is a company policy which mandates that all security keys are completely managed within the company itself. Which of the following is the correct measure of following this policy?
Please select:

• A.Using the AWS KMS service for creation of the keys and the company managing the key lifecycle thereafter.
• B.Generating the key pairs for the EC2 Instances using puttygen
• C.Use the EC2 Key pairs that come with AWS
• D.Use S3 server-side encryption

Comment: *

Name: *

Email: *

Verification: *

A company has resources hosted in their AWS Account. There is a requirement to monitor all API activity for all regions. The audit needs to be applied for future regions as well. Which of the following can be used to fulfil this requirement.
Please select:

• A.Ensure Cloudtrail for each region. Then enable for each future region.
• B.Ensure one Cloudtrail trail is enabled for all regions.
• C.Create a Cloudtrail for each region. Use Cloudformation to enable the trail for all future regions.
• D.Create a Cloudtrail for each region. Use AWS Config to enable the trail for all future regions.

Comment: *

Name: *

Email: *

Verification: *