A database is running on an Amazon RDS Multi-AZ DB instance. A recent security audit found the database to be cut of compliance because it was not encrypted.
Which approach will resolve the encryption requirement?

• A.Take a snapshot of the RDS instance, copy and encrypt the snapshot, and then restore to the new RDS instance.
• B.Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance.
• C.Log in to the RDS console and select the encryption box to encrypt the database.
• D.Create a new encrypted Amazon EBS volume and attach it to the instance.

Comment: *

Name: *

Email: *

Verification: *

A company is setting up a VPC peering connection between its VPC and a customer's VPC The company VPC is an IPv4 CIDR block of 172 16 0 0 16 and the customer's is an IPv4 CIDR block of 10 0 0.0/16 The SysOps Administrator wants to be able to ping the customer's database private IP address from one of the company's Amazon EC2 instances What action should be taken to meet the requirements?

• A.Ensure that both accounts are linked and are part of consolidated billing to create a file sharing network and then enable VPC peering
• B.Ensure that both VPC owners manually add a route to the VPC route tables that points to the IP address range of the other VPC
• C.Instruct the customer to create a virtual private gateway to link the two VPCs
• D.Instruct the customer to set up a VPC with the same IPv4 CIDR block as that of the source VPC 172 16
  0 0V16

Comment: *

Name: *

Email: *

Verification: *

A user has hosted an application on EC2 instances. The EC2 instances are configured with ELB and Auto Scaling. The application server session time out is 2 hours. The user wants to configure connection draining to ensure that all in-flight requests are supported by ELB even though the instance is being deregistered. What time out period should the user specify for connection draining?

• A.5 minutes
• B.1 hour
• C.30 minutes
• D.2 hours

Comment: *

Name: *

Email: *

Verification: *

A web application runs on Amazon EC2 instances with public IPs assigned behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS Multi-AZ DB instance. The Application Load Balancer, EC2 instances, and RDS DB instance all run in separate sets of subnets. The EC2 instances can communicate with the DB instance, but cannot connect with external services.
What is the MOST likely solution?

• A.Create and attach an Internet gateway to the VPC. Create a route table for the EC2 instance's subnets that sends Internet traffic to the gateway.
• B.Assign a public IP address to the database server and restart the database engine.
• C.Create and attach a virtual private gateway to the VPC. Create a route table for the EC2 instances' subnets that sends Internet traffic to the gateway.
• D.Create a VPC peering connection to a VPC that has an Internet gateway attached. Create a route table for the EC2 instances' subnets that sends Internet traffic to the peered VPC.

Comment: *

Name: *

Email: *

Verification: *

A Security and Compliance team is reviewing Amazon EC2 workloads for unapproved AMI usage.
Which action should a SysOps Administrator recommend?

• A.Use an AWS Config rule to identify unapproved AMIs
• B.Create a custom report using AWS Systems Manager Inventory to identify unapproved AMIs
• C.Use AWS Trusted Advisor to identify EC2 workloads using unapproved AMIs
• D.Run Amazon Inspector on all EC2 instances and flag instances using unapproved AMIs

Comment: *

Name: *

Email: *

Verification: *