A SysOps administrator is using Amazon EC2 instances to host an application. The SysOps administrator needs to grant permissions for the application to access an Amazon DynamoDB table.
Which solution will meet this requirement?

• A.Create access keys to access the DynamoDB table. Assign the access keys to the EC2 instance profile.
• B.Create an EC2 key pair to access the DynamoDB table. Assign the key pair to the EC2 instance profile.
• C.Create an IAM user to access the DynamoDB table. Assign the IAM user to the EC2 instance profile.
• D.Create an IAM role to access the DynamoDB table. Assign the IAM role to the EC2 instance profile.

Comment: *

Name: *

Email: *

Verification: *

A company hosts its website in the us-east-1 Region. The company is preparing to deploy its website into the eu-central-1 Region.
Website visitors who are located in Europe should access the website that is hosted in eu-central-
1.
All other visitors access the website that is hosted in us-east-1.
The company uses Amazon Route 53 to manage the website's DNS records.
Which routing policy should a SysOps administrator apply to the Route 53 record set to meet these requirements?

• A.Geolocation routing policy
• B.Geoproximity routing policy
• C.Latency routing policy
• D.Multivalue answer routing policy

Comment: *

Name: *

Email: *

Verification: *

A company updates its security policy to prohibit the public exposure of any data in Amazon S3 buckets in the company's account. What should a SysOps administrator do to meet this requirement?

• A.Turn on S3 Block Public Access from the account level.
• B.Create an Amazon EventBridge (Amazon CloudWatch Events) rule to enforce that all S3 objects are private.
• C.Use Amazon Inspector to search for S3 buckets and to automatically reset S3 ACLs if any public S3 buckets are found.
• D.Use S3 Object Lambda to examine S3 ACLs and to change any public S3 ACLs to private.

Comment: *

Name: *

Email: *

Verification: *

A company requires that all activity in its AWS account be logged using AWS CloudTrail.
Additionally, a SysOps administrator must know when CloudTrail log files are modified or deleted.
How should the SysOps administrator meet these requirements?

• A.Enable log file integrity validation. Use the AWS CLI to validate the log files.
• B.Enable log file integrity validation. Use the AWS CloudTrail Processing Library to validate the log files.
• C.Use CloudTrail Insights to monitor the log files for modifications.
• D.Use Amazon CloudWatch Logs to monitor the log files for modifications.

Comment: *

Name: *

Email: *

Verification: *

An organization with a large IT department has decided to migrate to AWS With different job functions in the IT department it is not desirable to give all users access to all AWS resources Currently the organization handles access via LDAP group membership What is the BEST method to allow access using current LDAP credentials?

• A.Create an AWS Directory Service Simple AD Replicate the on-premises LDAP directory to Simple AD
• B.Use AWS CloudFormation to create IAM roles Deploy Direct Connect to allow access to the on-premises LDAP server
• C.Create a Lambda function to read LDAP groups and automate the creation of IAM users
• D.Federate the LDAP directory with IAM using SAML Create different IAM roles to correspond to different LDAP groups to limit permissions

Comment: *

Name: *

Email: *

Verification: *