A user has created an application which will be hosted on EC2. The application makes API calls to DynamoDB to fetch certain data. The application running on this instance is using the SDK for making these calls to DynamoDB. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?

• A.The user should create an IAM user with permissions to access DynamoDB and use its credentials within the application for connecting to DynamoDB
• B.The user should create an IAM user with DynamoDB and EC2 permissions. Attach the user with the application so that it does not use the root account credentials
• C.The user should attach an IAM role to the EC2 instance with necessary permissions for making API calls to DynamoDB.
• D.The user should create an IAM role with EC2 permissions to deploy the application

Comment: *

Name: *

Email: *

Verification: *

A SysOps Administrator manages an Amazon RDS MySQL DB instance in production. The database is accessed by several applications. The Administrator needs to ensure minimal downtime of the applications in the event the database suffers a failure. This change must not impact customer use during regular business hours.
Which action will make the database MORE highly available?

• A.Contact AWS Support to pre-warm the database to ensure that it can handle any unexpected spikes in traffic
• B.Create a new Multi-AZ RDS DB instance. Migrate the data to the new DB instance and delete the old one
• C.Create a read replica from the existing database outside of business hours
• D.Modify the DB instance to outside of business hours be a Multi-AZ deployment

Comment: *

Name: *

Email: *

Verification: *

When creation of an EBS snapshot is initiated but not completed the EBS volume?

• A.Cannot De detached or attached to an EC2 instance until me snapshot completes
• B.Can be used in read-only mode while me snapshot is in progress
• C.Can be used while me snapshot is in progress
• D.Cannot be used until the snapshot completes

Comment: *

Name: *

Email: *

Verification: *

Malicious traffic is reaching company web servers from a single IP address located in another country. The SysOps Administrator is tasked with blocking this IP address.
How should the Administrator implement the restriction?

• A.Edit the security group for the web servers and add a deny entry for the IP address
• B.Edit the network access control list for the web server subnet and add a deny entry for the IP address
• C.Edit the VPC route table to route the malicious IP address to a black hole
• D.Use Amazon CloudFront's geo restriction feature to block traffic from the IP address

Comment: *

Name: *

Email: *

Verification: *

You have a web-style application with a stateless but CPU and memory-intensive web tier running on a cc2
8xlarge EC2 instance inside of a VPC The instance when under load is having problems returning requests within the SLA as defined by your business The application maintains its state in a DynamoDB table, but the data tier is properly provisioned and responses are consistently fast.
How can you best resolve the issue of the application responses not meeting your SLA?

• A.Add another cc2 8xlarge application instance, and put both behind an Elastic Load Balancer
• B.Move the cc2 8xlarge to the same Availability Zone as the DynamoDB table
• C.Cache the database responses in ElastiCache for more rapid access
• D.Move the database from DynamoDB to RDS MySQL in scale-out read-replica configuration

Comment: *

Name: *

Email: *

Verification: *