A.  

Create an Application Load Balancer (ALB). Create an AWS Lambda function, and set the function as a target group in the ALB. Invoke the Lambda function by using the put_item method through the ALB.

B.  

Create an AWS Lambda function. Configure the Lambda function to interact with the DynamoDB table by using the put-item method from Boto3. Invoke the Lambda function from the web application.

C.  

Create an Amazon Simple Queue Service (Amazon SQS) queue and an AWS Lambda function that has an SQS trigger type. Instruct the developers to add customer ratings to the SQS queue as JSON messages. Configure the Lambda function to fetch the ratings from the queue and store the ratings in DynamoDB.

D.  

Create an Amazon API Gateway REST API Define a resource and create a new POST method Choose AWS as the integration type, and select DynamoDB as the service. Set the action to PutItem.

A.  

Configure interface VPC endpoints for each AWS service that the teams need. Use the required interface VPC endpoints to submit the big data workloads.

B.  

Create EMR runtime roles. Configure the cluster to use the runtime roles. Use the runtime roles to submit the big data workloads.

C.  

Create an EC2 IAM instance profile that has the required permissions for each team. Use the instance profile to submit the big data workloads.

D.  

Create an EMR security configuration that has the EnableApplicationScoped IAM Role option set to false. Use the security configuration to submit the big data workloads.

A.  

Use Amazon API Gateway to create a REST API.

B.  

Use Amazon API Gateway to create an HTTP API.

C.  

Use Amazon API Gateway to create a WebSocket API.

D.  

Use Amazon API Gateway to create a gRPC API.

A.  

Deploy the application on Amazon Elastic Container Service (Amazon ECS) with the AWS Fargate launch type. Use Amazon RDS as the database. Use Amazon Simple Queue Service (Amazon SQS) to decouple message processing between components.

B.  

Deploy the application on Amazon Elastic Container Service (Amazon ECS) with the AWS Fargate launch type. Use Amazon RDS as the database. Use Amazon Simple Notification Service (Amazon SNS) to decouple message processing between components.

C.  

Use Amazon DynamoDB as the database. Use AWS Lambda functions to implement the application. Configure Amazon DynamoDB Streams to invoke the Lambda functions. Use AWS Step Functions to manage workflows between services.

D.  

Use an AWS Elastic Beanstalk environment with auto scaling to deploy the application. Use Amazon RDS as the database. Use Amazon Simple Notification Service (Amazon SNS) to decouple message processing between components.

A.  

Use AWS Global Accelerator.

B.  

Implement Amazon CloudFront into the architecture.

C.  

Use an Amazon Route 53 geoproximity routing policy.

D.  

Migrate from Application Load Balancers to Network Load Balancers.

A.  

Use Amazon CloudWatch Network Monitor to set up Internet Control Message Protocol (ICMP) probe monitoring from each subnet to the on-premises destination.

B.  

Create an Amazon EC2 instance in each subnet. Create a scheduled job to send Internet Control Message Protocol (ICMP) packets to the on-premises destination.

C.  

Create an AWS Lambda function in each subnet. Write a script to perform Internet Control Message Protocol (ICMP) connectivity checks.

D.  

Create an AWS Batch job in each subnet. Write a script to perform Internet Control Message Protocol (ICMP) connectivity checks.

A.  

Create an accelerator using AWS Global Accelerator. Add the load balancers as endpoints.

B.  

Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the load balancers.

C.  

Configure two Application Load Balancers in each Region. The first will route to the EC2 endpoints. and the second will route lo the on-premises endpoints.

D.  

Configure a Network Load Balancer in each Region to address the EC2 endpoints. Configure a Network Load Balancer in each Region that routes to the on-premises endpoints.

E.  

Configure a Network Load Balancer in each Region to address the EC2 endpoints. Configure an Application Load Balancer in each Region that routes to the on-premises endpoints.

A.  

Configure an S3 bucket policy to accept only requests that come from the AWS WAF Amazon Resource Name (ARN).

B.  

Configure CloudFront to forward all incoming requests to AWS WAF before CloudFront requests content from the S3 origin.

C.  

Configure a security group that allows only CloudFront IP addresses to access Amazon S3. Associate AWS WAF to the CloudFront distribution.

D.  

Configure CloudFront and Amazon S3 to use an origin access control (OAC) to secure the origin S3 bucket. Associate AWS WAF to the CloudFront distribution.

A.  

Use Amazon Elastic Container Service (Amazon ECS) to host the report generation code. Use an Amazon API Gateway HTTP API to invoke the code. Use Amazon Simple Email Service (Amazon SES) to send the reports to admin users.

B.  

Use Amazon EventBridge to invoke a scheduled AWS Lambda function to generate the reports. Use Amazon Simple Notification Service (Amazon SNS) to send the reports to admin users.

C.  

Use Amazon Elastic Kubernetes Service (Amazon EKS) to host the report generation code. Use an Amazon API Gateway REST API to invoke the code. Use Amazon Simple Notification Service (Amazon SNS) to send the reports to admin users.

D.  

Create an AWS Lambda function to generate the reports. Use a function URL to invoke the function. Use Amazon Simple Email Service (Amazon SES) to send the reports to admin users.

A.  

Create an API Gateway REST API. Configure an AWS WAF firewall in the same Region. Implement AWS WAF rules to deny requests that originate from Regions outside the United States. Associate the AWS WAF firewall with the API Gateway REST API.

B.  

Create an API Gateway HTTP API. Configure an AWS WAF firewall in a different Region. Implement AWS WAF rules to deny requests that originate from Regions outside the United States. Associate the AWS WAF firewall with the API Gateway HTTP API.

C.  

Create an API Gateway REST API. Configure an AWS WAF firewall in a different Region. Implement AWS WAF rules to deny requests that originate from Regions outside the United States. Associate the AWS WAF firewall with the API Gateway REST API.

D.  

Create an API Gateway HTTP API. Configure an AWS WAF firewall in the same Region. Implement AWS WAF rules to deny requests that originate from Regions outside the United States. Associate the AWS WAF firewall with the API Gateway HTTP API.

A.  

Use an Amazon Simple Notification Service (Amazon SNS) topic to receive orders. Use an AWS Lambda function to process the orders.

B.  

Use an Amazon Simple Queue Service (Amazon SQS) FIFO queue to receive orders. Use an AWS Lambda function to process the orders.

C.  

Use an Amazon Simple Queue Service (Amazon SQS) standard queue to receive orders. Use AWS Batch jobs to process the orders.

D.  

Use an Amazon Simple Notification Service (Amazon SNS) topic to receive orders. Use AWS Batch jobs to process the orders.

A.  

Attach service control policies (SCPs) to the root of the organization to identify the failed login attempts.

B.  

Enable the Amazon RDS Protection feature in Amazon GuardDuty for the member accounts of the organization.

C.  

Publish the Aurora general logs to a log group in Amazon CloudWatch Logs. Export the log data to a central Amazon S3 bucket.

D.  

Publish all the Aurora PostgreSQL database events in AWS CloudTrail to a central Amazon S3 bucket.

A.  

Create a new S3 bucket that is configured to host a public static website. Migrate the operations data to the new S3 bucket. Share the S3 website URL with the external consultant.

B.  

Enable public access to the S3 bucket for 7 days. Remove access to the S3 bucket when the external consultant completes the audit.

C.  

Create a new IAM user that has access to the report in the S3 bucket. Provide the access keys to the external consultant. Revoke the access keys after 7 days.

D.  

Generate a presigned URL that has the required access to the location of the report on the S3 bucket. Share the presigned URL with the external consultant.

A.  

Deploy a Gateway Load Balancer (GWLB) in front of an Amazon Elastic Container Service (Amazon ECS) container instance. Store the data in an Amazon Elastic File System (Amazon EFS) file system. Configure the applications to pass an authorization header to the GWLB.

B.  

Deploy an Amazon API Gateway endpoint in front of an Amazon Kinesis data stream. Store the data in an Amazon S3 bucket. Use an AWS Lambda function to handle authorization.

C.  

Deploy an Amazon API Gateway endpoint in front of an Amazon Data Firehose delivery stream. Store the data in an Amazon S3 bucket. Use an API Gateway Lambda authorizer to handle authorization.

D.  

Deploy a Gateway Load Balancer (GWLB) in front of an Amazon Elastic Container Service (Amazon ECS) container instance. Store the data in an Amazon Elastic File System (Amazon EFS) file system. Use an AWS Lambda function to handle authorization.

A.  

Edit the default network ACL to block IP addresses from outside of the allowed countries.

B.  

Create a geographic match rule in AWS WAF. Attach the rule to the AL

B.  

C.  

Configure the ALB security group to allow the IP addresses of company employees. Edit the default network ACL to block IP addresses from outside of the allowed countries.

D.  

Use a host-based firewall on the EC2 instances to block IP addresses from outside of the allowed countries. Configure the ALB security group to allow the IP addresses of company employees.

A.  

Create an RDS manual snapshot. Upgrade to the new version of Amazon RDS for MySQL.

B.  

Use native backup and restore. Restore the data to the upgraded new version of Amazon RDS for MySQL.

C.  

Use AWS Database Migration Service (AWS DMS) to replicate the data to the upgraded new version of Amazon RDS for MySQL.

D.  

Use Amazon RDS Blue/Green Deployments to deploy and test production changes.

A.  

Create a staging Aurora cluster based on the existing cluster. Test schema changes on the staging cluster.

B.  

Create a read replica, modify its schema, and then promote it to primary.

C.  

Create an Aurora MySQL blue/green deployment. Make schema changes in the staging environment and switch traffic after testing.

D.  

Replicate the Aurora database to DynamoDB, apply schema changes, and switch the application to DynamoDB.

A.  

Configure AWS Direct Connect to connect to the VPC. Configure the VPC route tables to allow and deny traffic between AWS and on premises as required.

B.  

Create an IAM policy to allow access to the AWS Management Console only from a defined set of corporate IP addresses Restrict user access based on job responsibility by using an IAM policy and roles

C.  

Configure AWS Site-to-Site VPN to connect to the VP

C.  

C.  

D.  

Configure AWS Transit Gateway to connect to the VPC. Configure route table entries to direct traffic from on premises to the VPC. Configure instance security groups and network ACLs to allow only required traffic from on premises.

A.  

Use Amazon DynamoDB Streams to capture the trade data changes. Configure DynamoDB Streams to invoke a Lambda function that writes the data to Amazon S3.

B.  

Use Amazon DynamoDB Streams to capture the trade data changes. Configure DynamoDB Streams to invoke a Lambda function that writes the data to Amazon Data Firehose. Write the data from Data Firehose to Amazon S3.

C.  

Enable Amazon Kinesis Data Streams on the DynamoDB table to capture the trade data changes. Configure Kinesis Data Streams to invoke a Lambda function that writes the data to Amazon S3.

D.  

Enable Amazon Kinesis Data Streams on the DynamoDB table to capture the trade data changes. Configure a data stream to be the input for Amazon Data Firehose. Write the data from Data Firehose to Amazon S3.

A.  

Use an Amazon Simple Queue Service {Amazon SQS) FIFO queue between the web application server tier and the worker tier to store and forward form data.

B.  

Use an Amazon API Gateway HTTP API between the web application server tier and the worker tier to store and forward form data.

C.  

Use an Amazon Simple Queue Service (Amazon SQS) standard queue between the web application server tier and the worker tier to store and forward form data.

D.  

Use an AWS Step Functions workflow. Create a synchronous workflow between the web application server tier and the worker tier that stores and forwards form data.

A.  

Use Amazon DynamoDB with auto scaling. Use on-demand backups and Amazon DynamoDB Streams.

B.  

Use Amazon Redshift. Configure concurrency scaling. Activate audit logging. Perform database snapshots every 4 hours.

C.  

Use Amazon RDS with Provisioned IOPS. Activate the database auditing parameter. Perform database snapshots every 5 hours.

D.  

Use Amazon Aurora MySQL with auto scaling. Activate the database auditing parameter.

A.  

Resize the Redshift cluster by using the classic resize capability of Amazon Redshift before every monthly surge. Reduce the cluster to its original size after each surge.

B.  

Resize the Redshift cluster by using the elastic resize capability of Amazon Redshift before every monthly surge. Reduce the cluster to its original size after each surge.

C.  

Enable the concurrency scaling feature for the Redshift cluster for specific workload management (WLM) queues.

D.  

Enable Amazon Redshift Spectrum for the Redshift cluster before every monthly surge.

A.  

Use EC2 instances in an Auto Scaling group. Configure the ALB and Auto Scaling group to use a target tracking scaling policy.

B.  

Use EC2 Reserved Instances in an Auto Scaling group. Configure the Auto Scaling group to use a scheduled scaling policy based on peak traffic hours.

C.  

Use EC2 Spot Instances in an Auto Scaling group. Configure the Auto Scaling group to use a scheduled scaling policy based on peak traffic hours.

D.  

Use EC2 Reserved Instances in an Auto Scaling group. Replace the ALB with a Network Load Balancer (NLB).

A.  

Use Amazon EMR to ingest the data directly from the database to the QuickSight SPICE engine. Include only the required columns.

B.  

Use AWS Glue Studio to ingest the data from the database to the S3 data lake. Attach an IAM policy to the QuickSight users to enforce column-level access control. Use Amazon S3 as the data source in QuickSight.

C.  

Use AWS Glue Elastic Views to create a materialized view for the database in Amazon S3. Create an S3 bucket policy to enforce column-level access control for the QuickSight users. Use Amazon S3 as the data source in QuickSight.

D.  

Use a Lake Formation blueprint to ingest the data from the database to the S3 data lake. Use Lake Formation to enforce column-level access control for the QuickSight users. Use Amazon Athena as the data source in QuickSight.

A.  

Do not change the production environment workload. For each non-production workload, remove one NAT gateway and update the route tables for private subnets to target the remaining NAT gateway for the destination 0.0.0.0/0.

B.  

Reduce the number of Availability Zones that all workloads in all environments use.

C.  

Replace every NAT gateway with a t4g.large NAT instance. Update the route tables for each private subnet to target the NAT instance that is in the same Availability Zone for the destination 0.0.0.0/0.

D.  

In each environment, create one transit gateway and remove one NAT gateway. Configure routing on the transit gateway to forward traffic for the destination 0.0.0.0/0 to the remaining NAT gateway. Update private subnet route tables to target the transit gateway for the destination 0.0.0.0/0.

A.  

Add a global secondary index to the Orders table. Include the product-ID attribute.

B.  

Set the batch size attribute of the DynamoDB streams to be based on the size of items in the Orders table.

C.  

Increase the DynamoDB table provisioned capacity by 1,000 write capacity units (WCUs).

D.  

Increase the DynamoDB table provisioned capacity by 1,000 read capacity units (RCUs).

E.  

Increase the timeout of the Lambda function to 15 minutes.

A.  

Set up a backup administrator account that the company can use to log in if the company loses the MFA device.

B.  

Add multiple MFA devices for the root user account to handle the disaster scenario.

C.  

Create a new administrator account when the company cannot access the root account.

D.  

Attach the administrator policy to another IAM user when the company cannot access the root account.

A.  

Configure VPC Flow Logs to write to a new S3 bucket. Run monthly queries on the flow logs to identify customer usage and calculate cost. Add the charges to the customers' monthly bills.

B.  

Each month, use AWS Cost Explorer to examine the costs for Transfer for SFTP and obtain a breakdown by customer. Add the charges to the customers' monthly bills.

C.  

Enable requester pays on the S3 bucket that hosts the software. Allocate the charges to each customer based on the customer's requests.

D.  

Run Amazon Athena queries on the logging S3 bucket monthly to identify customer usage and calculate costs. Add the charges to the customers' monthly bills.

A.  

Create a new AWS Key Management Service (AWS KMS) key. Use AWS Secrets Manager to manage, rotate, and store all secrets in Amazon EKS.

B.  

Create a new AWS Key Management Service (AWS KMS) key. Enable Amazon EKS KMS secrets encryption on the Amazon EKS cluster.

C.  

Create the Amazon EKS cluster with default options. Use the Amazon Elastic Block Store (Amazon EBS) Container Storage Interface (CSI) driver as an add-on.

D.  

Create a new AWS Key Management Service (AWS KMS) key with the alias/aws/ebs alias. Enable default Amazon Elastic Block Store (Amazon EBS) volume encryption for the account.

A.  

Use Site-to-Site VPN to access on-prem HDFS. Use Amazon EMR to process the data.

B.  

Use AWS DataSync to connect to on-prem HDFS. Use Amazon EMR to process the data.

C.  

Migrate to Amazon EMR on AWS Outposts.

D.  

Use AWS Snowball to migrate data to S3. Use EMR to process.

A.  

Increase the maximum capacity of the Auto Scaling group by 50%.

B.  

Create a warm pool for the Auto Scaling group. Use the default specification for the warm pool size.

C.  

Increase the health check grace period for the Auto Scaling group by 50%.

D.  

Create a scheduled scaling action. Set the desired capacity equal to the maximum capacity of the Auto Scaling group.

A.  

Create an IAM identity provider for Active Directory in each AWS account. Ensure that Active Directory users and groups access AWS accounts directly through IAM roles. Use IAM Identity Center to enforce MFA in each account for all users.

B.  

Use AWS Directory Service to create a new AWS Managed Microsoft AD Active Directory. Configure IAM Identity Center in each account to use the new AWS Managed Microsoft AD Active Directory as the identity source. Use IAM Identity Center to enforce MFA for all users.

C.  

Use IAM Identity Center with the existing Active Directory as the identity source. Enforce MFA for all users. Use AWS Organizations and Active Directory groups to manage access permissions for AWS accounts and application access.

D.  

Use AWS Lambda functions to periodically synchronize Active Directory users and groups with IAM users and groups in each AWS account. Use IAM roles and policies to manage application access. Create a second Lambda function to enforce MFA.

A.  

Use Amazon Redshift query editor v2 to analyze data stored in Amazon Redshift. Use Amazon Athena to analyze data stored in Amazon S3. Use Amazon QuickSight to access Amazon Redshift and Athena, visualize the data analyses, and create business intelligence reports.

B.  

Use Amazon Redshift Serverless to analyze data stored in Amazon Redshift. Use Amazon S3 Object Lambda to analyze data stored in Amazon S3. Use Amazon Managed Grafana to access Amazon Redshift and Object Lambda, visualize the data analyses, and create business intelligence reports.

C.  

Use Amazon Redshift Spectrum to analyze data stored in Amazon Redshift. Use Amazon Athena to analyze data stored in Amazon S3. Use Amazon QuickSight to access Amazon Redshift and Athena, visualize the data analyses, and create business intelligence reports.

D.  

Use Amazon OpenSearch Service to analyze data stored in Amazon Redshift and Amazon S3. Use Amazon Managed Grafana to access OpenSearch Service, visualize the data analyses, and create business intelligence reports.

A.  

Create an Amazon Machine Image (AMI) of the web application instance. Use the AMI to create an Auto Scaling group of EC2 instances that has a minimum capacity of two. Create an Application Load Balancer. Set the Auto Scaling group as the target group.

B.  

Create a Docker image of the application. Use Amazon Elastic Container Service (Amazon ECS) to create an Auto Scaling ECS cluster. Enable managed scaling. Create a Network Load Balancer. Set the ECS cluster as the target group.

C.  

Create an Amazon Machine Image (AMI) of the web application instance. Use the AMI to create two more web application instances in separate Availability Zones. Update the website DNS record to refer to all three instances.

D.  

Create an Application Load Balancer (ALB). Set the web application instance as the target. Create an Amazon CloudWatch alarm based on ALB traffic metrics. Configure the alert to activate when traffic spikes.

A.  

Use the AWS account root user access keys.

B.  

Use the AWS access key ID and the EC2 secret access key.

C.  

Use an IAM role to grant the necessary permissions to the applications.

D.  

Activate multi-factor authentication (MFA) and versioning on the S3 bucket.

A.  

Store the database credentials as a parameter in AWS Systems Manager Parameter Store. Configure Parameter Store to automatically rotate the secrets every 30 days. Update the Lambda function to retrieve the credentials from the parameter.

B.  

Store the database credentials as a secret in AWS Secrets Manager. Configure Secrets Manager to automatically rotate the credentials every 30 days Update the Lambda function to retrieve the credentials from the secret.

C.  

Store the database credentials as an encrypted Lambda environment variable. Write a custom Lambda function to rotate the credentials. Schedule the Lambda function to run every 30 days.

D.  

Store the database credentials as a key in AWS Key Management Service (AWS KMS). Configure automatic rotation for the key. Update the Lambda function to retrieve the credentials from the KMS key.

A.  

Create a new instance of the database in RDS for PostgreSQL to test the new features. When the testing is finished, take a backup of the test database, and restore the test database to the production database.

B.  

Create new database tables in the production database to test the new features. When the testing is finished, copy the data from the older tables to the new tables. Delete the older tables, and rename the new tables accordingly.

C.  

Create an Amazon RDS read replica to deploy a new instance of the database. Make updates to the database tables in the replica instance. When the testing is finished, promote the replica instance to become the new production instance.

D.  

Use an Amazon RDS blue/green deployment to deploy a new test instance of the database. Make database table updates in the test instance. When the testing is finished, promote the test instance to become the new production instance.

A.  

ECS with Fargate, RDS, and SQS for decoupling.

B.  

ECS with Fargate, RDS, and SNS for decoupling.

C.  

DynamoDB, Lambda, DynamoDB Streams, and Step Functions.

D.  

Elastic Beanstalk, RDS, and SNS for decoupling.

A.  

Create an Amazon S3 bucket and call the service APIs from each instance's application.

B.  

Create an Amazon S3 bucket and configure all instances to access it as a mounted volume.

C.  

Configure an Amazon Elastic Block Store (Amazon EBS) volume and mount it across all instances.

D.  

Configure an Amazon Elastic File System (Amazon EFS) file system and mount It across all instances.

A.  

Use only Spot Instances to handle the maximum capacity required.

B.  

Use only Reserved Instances to handle the maximum capacity required.

C.  

Use Reserved Instances to handle the baseline capacity. Use Spot Instances to provide additional capacity when required.

D.  

Use Reserved Instances in an EC2 Auto Scaling group to handle the minimum capacity. Configure an auto scaling policy that is based on the SQS queue backlog.

A.  

Create a fleet of Amazon EC2 instances in an Auto Scaling group to handle the Windows batch job processing.

B.  

Implement an AWS Lambda function to process the Windows batch job. Use an Amazon EventBridge rule to invoke the Lambda function.

C.  

Use AWS Fargate to deploy the Windows batch job as a container. Use AWS Batch to manage the batch job processing.

D.  

Use Amazon Elastic Kubernetes Service (Amazon EKS) on Amazon EC2 instances to orchestrate Windows containers for the batch job processing.

A.  

Use Amazon GuardDuty. Configure an AWS Lambda function to route alerts to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team to the SNS topic.

B.  

Use Amazon GuardDuty. Configure an AWS Lambda function to route alerts to an Amazon Simple Queue Service (Amazon SQS) queue. Configure a second Lambda function to periodically poll the SQS queue and to send emails to the security team by using Amazon Simple Email Service (Amazon SES).

C.  

Use Amazon Macie. Integrate Amazon EventBridge with Macie, and configure EventBridge to send alerts to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team to the SNS topic.

D.  

Use Amazon Macie. Integrate Amazon EventBridge with Macie, and configure EventBridge to route alerts to an Amazon Simple Queue Service (Amazon SQS) queue. Configure an AWS Lambda function to periodically poll the SQS queue and to send alerts to the security team by using Amazon Simple Email Service (Amazon SES).

A.  

Send incoming orders to an Amazon Simple Notification Service (Amazon SNS) topic. Start an AWS Step Functions workflow for each order that orchestrates the microservices. Use AWS Lambda functions for each microservice.

B.  

Send incoming orders to an Amazon Simple Queue Service (Amazon SQS) queue. Start an AWS Step Functions workflow for each order that orchestrates the microservices. Use AWS Lambda functions for each microservice.

C.  

Send incoming orders to an Amazon Simple Queue Service (Amazon SQS) queue. Use Amazon EventBridge to distribute events among the microservices. Use AWS Lambda functions for each microservice.

D.  

Send incoming orders to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe Amazon EventBridge to the topic to distribute events among the microservices. Use AWS Lambda functions for each microservice.

A.  

Add the new ALB to the Shield Advanced protection group. Select Sum as the aggregation type for the volume of traffic for the whole group.

B.  

Add the new ALB to the Shield Advanced protection group. Select Mean as the aggregation type for the volume of traffic for the whole group.

C.  

Create a new Shield Advanced protection group. Add the new ALB to the new protection group. Select Sum as the aggregation type for the volume of traffic.

D.  

Set up an Amazon CloudFront distribution. Add the CloudFront distribution and the new ALB to the Shield Advanced protection group. Select Max as the aggregation type for the volume of traffic for the whole group.

A.  

Use AWS Snowball to migrate data out of the on-premises solution to Amazon S3. Configure on-premises systems to mount the Snowball S3 endpoint to provide local access to the data.

B.  

Use AWS Snowball Edge to migrate data out of the on-premises solution to Amazon S3. Use the Snowball Edge file interface to provide on-premises systems with local access to the data.

C.  

Use AWS Storage Gateway and configure a cached volume gateway. Run the Storage Gateway software appliance on premises and configure a percentage of data to cache locally. Mount the gateway storage volumes to provide local access to the data.

D.  

Use AWS Storage Gateway and configure a stored volume gateway. Run the Storage Gateway software appliance on premises and map the gateway storage volumes to on-premises storage. Mount the gateway storage volumes to provide local access to the data.

A.  

Create a proxy in RDS Proxy. Configure the users' applications to use the DB instance through RDS Proxy.

B.  

Deploy Amazon ElastiCache (Memcached) between the users' applications and the DB instance.

C.  

Migrate the DB instance to a different instance class that has higher I/O capacity. Configure the users' applications to use the new DB instance.

D.  

Configure Multi-AZ for the DB instance. Configure the users' applications to switch between the DB instances.

A.  

Create two additional EC2 instances spread across two separate Availability Zones. Create an Application Load Balancer (ALB). Configure the ALB to route traffic to a target group that contains all three instances. Create an Amazon CloudWatch alarm to scale the EC2 instances vertically to handle the application traffic.

B.  

Create eight additional EC2 instances spread across three separate Availability Zones. Create an Application Load Balancer (ALB). Configure the ALB to route traffic to a target group that contains all nine instances. Create an Amazon CloudWatch alarm to scale the EC2 instances horizontally to handle the application traffic.

C.  

Create an EC2 Auto Scaling group that contains a minimum of three EC2 instances in the same Availability Zone. Create an Application Load Balancer (ALB). Configure the ALB to route traffic to a target group that contains all the instances. Configure scheduled scaling for the Auto Scaling group.

D.  

Create an EC2 Auto Scaling group that contains a minimum of three EC2 instances spread across Availability Zones. Create an Application Load Balancer (ALB). Configure the ALB to route traffic to a target group that contains all the instances. Create an Amazon CloudWatch alarm to scale the EC2 instances horizontally to handle the application traffic.

A.  

Configure Amazon Athena to read the encrypted files. Run SQL queries on the data directly in Amazon S3.

B.  

Use Amazon S3 Select to run SQL queries on the data directly in Amazon S3.

C.  

Configure Amazon Redshift to read the encrypted files Use Redshift Spectrum and Redshift query editor v2 to run SQL queries on the data directly in Amazon S3.

D.  

Configure Amazon EMR Serverless to read the encrypted files. Use Apache SparkSQL to run SQL queries on the data directly in Amazon S3.

A.  

Configure DynamoDB incremental exports to Amazon S3.

B.  

Configure Amazon DynamoDB Streams to write records to Amazon S3.

C.  

Configure Amazon EMR to copy DynamoDB data to Amazon S3.

D.  

Configure Amazon EMR to copy DynamoDB data to Hadoop Distributed File System (HDFS).

A.  

Use S3 Event Notifications to publish events to an Amazon Simple Notification Service (Amazon SNS) topic. Deploy a web application on the Amazon ECS cluster to subscribe to the SNS topic and listen for events to orchestrate the processing workflow.

B.  

Use S3 Event Notifications to publish events to an Amazon Simple Queue Service (Amazon SQS) queue. Configure long polling. Deploy an Amazon EC2 instance that runs a script to orchestrate the processing workflow.

C.  

Use S3 Event Notifications to publish events to an Amazon Simple Queue Service (Amazon SQS) queue. Create an ECS cluster that scales based on the number of messages in the queue. Configure the cluster to orchestrate the processing workflow.

D.  

Use S3 Event Notifications to invoke an Amazon EventBridge rule. Configure the rule to initiate an AWS Step Functions workflow that orchestrates the processing workflow.

A.  

Ensure that point-in-time recovery is enabled on the DynamoDB tables.

B.  

Ensure that the target S3 bucket is in the same AWS Region as the DynamoDB table.

C.  

Ensure that DynamoDB streaming is enabled for the tables.

D.  

Ensure that DynamoDB Accelerator (DAX) is enabled.

A.  

Move the website to an Amazon S3 bucket. Configure an Amazon CloudFront distribution for the S3 bucket.

B.  

Move the website to an Amazon S3 bucket. Configure an Amazon ElastiCache cluster for the S3 bucket.

C.  

Move the website to AWS Amplify. Configure an ALB to resolve to the Amplify website.

D.  

Move the website to AWS Amplify. Configure EC2 instances to cache the website.

A.  

Send the requests from the REST API to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe multiple Amazon Simple Queue Service (Amazon SQS) queues to the SNS topic. Configure the target Lambda functions to poll the SQS queues.

B.  

Send the requests from the REST API to a set of Amazon EC2 instances that are configured to process messages. Configure the instances to filter messages and to invoke the target Lambda functions.

C.  

Send the requests from the REST API to Amazon Managed Streaming for Apache Kafka (Amazon MSK). Configure Amazon MSK to publish the messages to the target Lambda functions.

D.  

Send the requests from the REST API to multiple Amazon Simple Queue Service (Amazon SQS) queues. Configure the target Lambda functions to poll the SQS queues.

A.  

Use a data stream in Amazon Kinesis Data Streams in on-demand mode to capture the clickstream data. Use AWS Lambda to process the data in real time.

B.  

Use Amazon Data Firehose to capture the clickstream data. Use AWS Glue to process the data in real time.

C.  

Use Amazon Kinesis Video Streams to capture the clickstream data. Use AWS Glue to process the data in real time.

D.  

Use Amazon Managed Service for Apache Flink (previously known as Amazon Kinesis Data Analytics) to capture the clickstream data. Use AWS Lambda to process the data in real time.

A.  

Convert the database to DynamoDB using AWS SCT. Store the password in Parameter Store. Use CloudWatch and Lambda for rotation.

B.  

Migrate the database to Amazon RDS for Oracle. Store the password in AWS Secrets Manager. Turn on automatic rotation with a yearly rotation schedule.

C.  

Migrate the database to an EC2 instance. Use Parameter Store to keep and rotate the connection string using a Lambda function with a yearly schedule.

D.  

Migrate the database to Amazon Neptune using AWS SCT. Use CloudWatch and Lambda for yearly rotation.

A.  

Replicate S3 objects to a second AWS Region. Create a second ALB and a minimum set of EC2 instances in the second Region. Ensure that the EC2 instances are shut down until they are needed. Configure Amazon Route 53 to fail over to the second Region by using an IP-based routing policy.

B.  

Use AWS Backup to take hourly backups of the EC2 instances. Back up the S3 data to a second AWS Region. Use AWS CloudFormation to deploy the entire infrastructure in the second Region when needed.

C.  

Create daily snapshots of the EC2 instances in a second AWS Region. Use the snapshots to recreate the instances in the second Region. Back up the S3 data to the second Region. Perform a failover by modifying the application DNS record when needed.

D.  

Replicate S3 objects to a second AWS Region. Create a second ALB and a minimum set of EC2 instances in the second Region. Ensure that the EC2 instances in the second Region are running. Configure Amazon Route 53 to fail over to the secondary Region based on health checks.

A.  

In the Organizations management account, configure an Amazon Macie administrator IAM user as the delegated administrator for the global organization. Use the Macie administrator user to configure Macie settings to scan for PII.

B.  

For each Region in the Organizations management account, designate a delegated Amazon Macie administrator account. In the Macie administrator account, add all accounts in the organization. Use the Macie administrator account to enable Macie. Configure automated sensitive data discovery for all accounts in the organization.

C.  

For each Region in the Organizations management account, configure a service control policy (SCP) to identify PII. Apply the SCP to the organization root.

D.  

In the Organizations management account, configure AWS Lambda functions to scan for PII in each Region.

A.  

Create an Amazon RDS DB instance in Multi-AZ mode.

B.  

Create an Amazon RDS DB instance and one or more replicas in another Availability Zone.

C.  

Create an Amazon EC2 instance-based Docker cluster to handle the dynamic application load.

D.  

Create an Amazon Elastic Container Service (Amazon ECS) cluster with a Fargate launch type to handle the dynamic application load.

E.  

Create an Amazon Elastic Container Service (Amazon ECS) cluster with an Amazon EC2 launch type to handle the dynamic application load.

A.  

Set up an API Gateway private integration to restrict access to a predefined set ot IP addresses.

B.  

Create a resource policy for the API that denies access to any IP address that is not specifically allowed.

C.  

Directly deploy the API in a private subnet. Create a network ACL. Set up rules to allow the traffic from specific IP addresses.

D.  

Modify the security group that is attached to API Gateway to allow inbound traffic from only the trusted IP addresses.

A.  

Add a DynamoDB Accelerator (DAX) cluster in front of the DynamoDB database.

B.  

Add an Amazon API Gateway API in front of the web application that accepts the appointment requests.

C.  

Add an Amazon CloudFront distribution. Set the origin as the web application that accepts the appointment requests.

D.  

Add an Auto Scaling group for the application that sends meeting invitations. Configure the Auto Scaling group to scale based on the depth of the SQS queue.

A.  

Store the images and geographic codes in a database table. Use Oracle running on an Amazon RDS Multi-AZ DB instance.

B.  

Store the images in Amazon S3 buckets. Use Amazon DynamoDB with the geographic code as the key and the image S3 URL as the value.

C.  

Store the images and geographic codes in an Amazon DynamoDB table. Configure DynamoDB Accelerator (DAX) during times of high load.

D.  

Store the images in Amazon S3 buckets. Store geographic codes and image S3 URLs in a database table. Use Oracle running on an Amazon RDS Multi-AZ DB instance.

A.  

Configure the DB instance for public access. Allow Lambda public address space.

B.  

Deploy Lambda inside the VPC. Attach a network ACL allowing outbound access to the VPC CIDR. Update the DB security group to allow traffic from 0.0.0.0/0.

C.  

Deploy Lambda inside the VP

C.  

D.  

Peer the Lambda default VPC with the DB VPC and avoid security groups.

A.  

Migrate the frontend to Amazon EC2 instances. Deploy an Application Load Balancer (ALB) in front of the instances. Use the instances to invoke the on-premises APIs. Associate AWS WAF rules with the instances.

B.  

Deploy the frontend as an Amazon CloudFront distribution that has multiple origins. Configure one origin to be an Amazon S3 bucket that serves the static web content. Configure a second origin to route traffic to the on-premises APIs based on the URL pattern. Associate AWS WAF rules with the distribution.

C.  

Migrate the frontend to Amazon EC2 instances. Deploy a Network Load Balancer (NLB) in front of the instances. Use the instances to invoke the on-premises APIs. Create an AWS Network Firewall instance. Route all traffic through the Network Firewall instance.

D.  

Deploy the frontend as a static website based on an Amazon S3 bucket. Use an Amazon API Gateway REST API and a set of Amazon EC2 instances to invoke the on-premises APIs. AssociateAWS WAF rules with the REST API and the S3 bucket.

A.  

Use a Spot Fleet with Auto Scaling of EC2 instances that run the most recent Amazon Linux operating system.

B.  

Use an AWS Elastic Beanstalk web server environment that has high availability configured.

C.  

Use Amazon Elastic Kubernetes Service (Amazon EKS). Launch Auto Scaling groups of self-managed EC2 instances.

D.  

Use an AWS Lambda function that runs custom-developed code.

A.  

Use an Amazon Simple Notification Service (Amazon SNS) topic to receive orders. Use an AWS Lambda function to process the orders.

B.  

Use an Amazon Simple Queue Service (Amazon SQS) FIFO queue to receive orders. Use an AWS Lambda function to process the orders.

C.  

Use an Amazon Simple Queue Service (Amazon SQS) standard queue to receive orders. Use AWS Batch jobs to process the orders.

D.  

Use an Amazon Simple Notification Service (Amazon SNS) topic to receive orders. Use AWS Batch jobs to process the orders.

A.  

Create an AWS Lambda function that processes AWS Config events. Configure the Lambda function to query AWS Config for backup-related data and to generate daily reports.

B.  

Check the backup status of the EC2 instances daily by reviewing the backup configurations in AWS Backup and Amazon Elastic Block Store (Amazon EBS) snapshots.

C.  

Use an AWS Lambda function to query Amazon EBS snapshots, Amazon RDS snapshots, and AWS Backup jobs. Configure the Lambda function to process and report on the data. Schedule the function to run daily.

D.  

Use AWS Config and AWS Backup Audit Manager to ensure compliance. Review generated reports daily.

A.  

Create a bucket policy with Deny and a Condition using "StringNotEquals": {"aws:SourceVpc": "vpc-11aabb22"}.

B.  

Create a bucket policy with Allow and Resource "arn:aws:ec2:us-west-2:123456789012:vpc/vpc-11aabb22".

C.  

Create a bucket policy with Allow and a Condition using "StringNotEquals": {"aws:SourceVpc": "vpc-11aabb22"}.

D.  

Create a bucket policy with Deny and "StringNotEquals": {"aws:PrincipalAccount": "123456789012"}.

A.  

Use an AWS Glue ML job to transform the data and create forecasts. Use Amazon QuickSight to visualize the data.

B.  

Use Amazon QuickSight to visualize the data. Use ML-powered forecasting in QuickSight to create forecasts.

C.  

Use a prebuilt ML AMI from the AWS Marketplace to create forecasts. Use Amazon QuickSight to visualize the data.

D.  

Use Amazon SageMaker AI inference pipelines to create and update forecasts. Use Amazon QuickSight to visualize the combined data.

A.  

Use an Amazon DynamoDB table to store the session data. Enable point-in-time recovery (PITR) and TTL.

B.  

Use Amazon MemoryDB and enable PITR and TTL.

C.  

Store session data in S3 Standard. Enable Versioning and a Lifecycle rule to expire objects after 48 hours.

D.  

Store data in S3 Intelligent-Tiering with Versioning and a Lifecycle rule to expire after 48 hours.

A.  

VPC endpoints

B.  

AWS Transit Gateway

C.  

Amazon Route 53

D.  

AWS Secrets Manager

A.  

Double the number of frontend and backend EC2 instances to handle the increased traffic during the product launch event. Create a dead-letter queue to retain unprocessed sales requests when the demand exceeds the system capacity.

B.  

Place the frontend EC2 instances into an Auto Scaling group. Create an Auto Scaling policy to launch new instances to handle the incoming network traffic.

C.  

Place the frontend EC2 instances into an Auto Scaling group. Add an Amazon ElastiCache cluster in front of the ALB to reduce the amount of traffic the API needs to handle.

D.  

Place the frontend and backend EC2 instances into separate Auto Scaling groups. Create a policy for the frontend Auto Scaling group to launch instances based on incoming network traffic. Create a policy for the backend Auto Scaling group to launch instances based on the SQS queue backlog.

A.  

Deploy an Outpost in AWS Outposts to the on-premises location where the legacy application is stored. Configure the legacy application and the web application to store and retrieve the files in Amazon S3 on the Outpost.

B.  

Deploy an AWS Storage Gateway Volume Gateway on premises. Point the legacy application to the Volume Gateway. Configure the web application to use the Amazon S3 bucket that the Volume Gateway uses.

C.  

Deploy an Amazon S3 interface endpoint on AWS. Reconfigure the legacy application to store the files directly on an Amazon S3 endpoint. Configure the web application to retrieve the files from Amazon S3.

D.  

Deploy an Amazon S3 File Gateway on premises. Point the legacy application to the File Gateway. Configure the web application to retrieve the files from the S3 bucket that the File Gateway uses.

A.  

Enable AWS CloudTrail across all accounts by using AWS Control Tower.

B.  

Enable AWS X-Ray across all accounts by using AWS Control Tower.

C.  

Enable Amazon CloudWatch in the CloudFormation templates.

D.  

Enable AWS X-Ray in the CloudFormation templates.

A.  

Create an Amazon Simple Notification Service (Amazon SNS) topic in a fanout configuration that pushes data to an HTTPS endpoint. Configure the order processing application to publish messages to the SNS topic.

B.  

Create an Amazon Simple Notification Service (Amazon SNS) topic in a fanout configuration that pushes data to an Amazon Data Firehose delivery stream that has a HTTP destination. Configure the order processing application to publish messages to the SNS topic.

C.  

Create an Amazon EventBridge rule and configure an Amazon EventBridge API destination partner Configure the order processing application to publish messages to Amazon EventBridge.

D.  

Create an Amazon Managed Streaming for Apache Kafka (Amazon MSK) topic that has an outbound MSK Connect connector. Configure the order processing application to publish messages to the MSK topic.

A.  

Amazon GuardDuty

B.  

AWS Shield

C.  

AWS Certificate Manager (ACM)

D.  

AWS Secrets Manager

E.  

AWS Key Management Service (AWS KMS)

A.  

Deploy an Amazon OpenSearch Service cluster in the primary Region and in a second Region. Enable OpenSearch Service cluster replication. Configure the clusters to expire data after 30 days. Modify the application to use OpenSearch Service to store the data.

B.  

Deploy an Amazon S3 bucket in the primary Region and in a second Region. Enable versioning on both buckets. Use the Standard storage class. Configure S3 Lifecycle policies to expire objects after 30 days. Configure S3 Cross-Region Replication from the bucket in the primary bucket to the backup bucket.

C.  

Deploy an Amazon Aurora PostgreSQL global database. Configure cluster replication between the primary Region and a second Region. Use a replicated cluster endpoint during outages in the primary Region.

D.  

Deploy an Amazon RDS for PostgreSQL cluster in the same Region where the application is deployed. Configure a read replica in a second Region as a backup.

A.  

Create an S3 bucket policy that denies delete operations for 7 years. Create an S3 Lifecycle policy to delete the data after 7 years.

B.  

Create an S3 Object Lock default retention policy that retains data for 7 years in governance mode. Create an S3 Lifecycle policy to delete the data after 7 years.

C.  

Create an S3 Object Lock default retention policy that retains data for 7 years in compliance mode. Create an S3 Lifecycle policy to delete the data after 7 years.

D.  

Create an S3 Batch Operations job to set a legal hold on each object for 7 years. Create an S3 Lifecycle policy to delete the data after 7 years.

A.  

Create a read replica. Move reporting queries to the read replica.

B.  

Create a read replica. Distribute the ordering application to the primary DB instance and the read replica.

C.  

Migrate the ordering application to Amazon DynamoDB with on-demand capacity.

D.  

Schedule the reporting queries for non-peak hours.

A.  

Publish messages to an Amazon Kinesis Data Streams data stream. Enable enhanced fan-out. Ensure that consumers ingest the data stream by using dedicated throughput.

B.  

Publish messages to an Amazon Simple Notification Service (Amazon SNS) topic. Ensure that consumers use an Amazon Simple Queue Service (Amazon SQS) FIFO queue to subscribe to the topic.

C.  

Publish messages to Amazon EventBridge. Allow each consumer to create rules to deliver messages to the consumer's own target.

D.  

Publish messages to an Amazon Simple Notification Service (Amazon SNS) topic. Ensure that consumers use Amazon Data Firehose to subscribe to the topic.

A.  

Configure the EC2 instances to be part of a cluster placement group

B.  

Launch the EC2 instances with Dedicated Instance tenancy.

C.  

Launch the EC2 instances as Spot Instances.

D.  

Configure an On-Demand Capacity Reservation when the EC2 instances are launched.

A.  

Invoke an AWS Lambda function for each incoming work item. Configure each function to handle the work item completely. Store states in DynamoDB.

B.  

Invoke an AWS Step Functions workflow to process incoming work items. Use Lambda functions for business logic. Store work item states in DynamoD

B.  

C.  

Set up an API Gateway REST API to receive work items. Configure the API to invoke a Lambda function for each work item.

D.  

Deploy two EC2 Reserved Instances behind an ALB and send requests to an SQS queue.

E.  

Set up an API Gateway REST API to receive work items. Send the work items to an SQS queue.

A.  

Use Lambda@Edge to compress the files as they are sent to users.

B.  

Enable Amazon S3 Transfer Acceleration to reduce the response times.

C.  

Enable caching on the CloudFront distribution to store generated files at the edge.

D.  

Use Amazon S3 multipart uploads to move the files to Amazon S3 before returning them to users.

A.  

Use AWS CloudTrail to configure one trail for all accounts. Create an Amazon S3 bucket in the audit account. Configure the trail to send logs related to access activity to the new S3 bucket in the audit account.

B.  

Configure a delegated administrator account for IAM Access Analyzer in the AWS Control Tower management account. In the delegated administrator account for IAM Access Analyzer, specify the AWS account ID of the audit account.

C.  

Create an Amazon S3 bucket in the audit account. Generate a new permissions policy, and add a service role to the policy to give IAM Access Analyzer access to AWS CloudTrail and the S3 bucket in the audit account.

D.  

Add a new trust policy that includes permissions to allow IAM Access Analyzer to perform sts:AssumeRole actions. Modify the permissions policy to allow IAM Access Analyzer to generate policies.

A.  

Use Reserved Instances for the frontend nodes. Use AWS Fargate for the backend nodes.

B.  

Use Reserved Instances for the frontend nodes. Use Spot Instances for the backend nodes.

C.  

Use Spot Instances for the frontend nodes. Use Reserved Instances for the backend nodes.

D.  

Use Spot Instances for the frontend nodes. Use AWS Fargate for the backend nodes.

A.  

Create an IAM user. Assign the IAM user to the application. Create programmatic access keys for the IAM user. Embed the access keys in the application code.

B.  

Create an IAM user that has programmatic access keys. Store the access keys in AWS Secrets Manager. Configure the application to retrieve the keys from Secrets Manager when the application runs.

C.  

Create an IAM role that can access AWS Systems Manager Parameter Store. Associate the role with each EC2 instance profile. Create IAM access keys for the AWS services, and store the keys in Parameter Store. Configure the application to retrieve the keys from Parameter Store when the application runs.

D.  

Create an IAM role that has permissions to access the required AWS services. Associate the IAM role with each EC2 instance profile.

A.  

Use an Amazon S3 bucket to store the datasets. Use Amazon Athena to perform SQL JOIN queries to find connections.

B.  

Use Amazon Neptune to store the datasets with edges and vertices. Query the data to find connections.

C.  

Use an Amazon S3 bucket to store the datasets. Use Amazon QuickSight to visualize connections.

D.  

Use Amazon RDS to store the datasets with multiple tables. Perform SQL JOIN queries to find connections.

A.  

Tag all resources that belong to each team with the user-defined CostCenter tag.

B.  

Create a tag for each team, and set the value to CostCenter.

C.  

Activate the CostCenter tag to track cost allocation.

D.  

Configure AWS Billing and Cost Management to send monthly invoices to the company through email messages.

E.  

Set up consolidated billing in the existing AWS account.

A.  

Use AWS Trusted Advisor to set up budget notifications. Configure Amazon CloudWatch to monitor costs. Export CloudWatch data to Amazon S3. Use machine learning (ML) to estimate future trends based on the CloudWatch data.

B.  

Create a budget in AWS Budgets that has a specified cost threshold. Create an AWS Lambda function that sends a notification to the company when costs reach the specified threshold. Use AWS Billing and Cost Management reports to monitor costs.

C.  

Use AWS Cost Explorer to set a specified budget threshold. Create an AWS Lambda function to calculate cost estimates. Configure the Lambda function to send a notification to an Amazon Simple Notification Service (Amazon SNS) topic if estimated costs exceed the specified threshold.

D.  

Create a budget in AWS Budgets that has a specified cost threshold. Configure AWS Budgets to send budget alerts to an Amazon Simple Notification Service (Amazon SNS) topic. Use AWS Cost Explorer to monitor costs.

A.  

Amazon CloudFront

B.  

Amazon DynamoDB

C.  

Amazon Kinesis

D.  

Amazon RDS

E.  

AWS Global Accelerator

A.  

In Organizations, create a new tag policy that specifies the data sensitivity tag key and the required values. Enforce the tag values for the EC2 instances Attach the tag policy to the appropriate OU.

B.  

In Organizations, create a new service control policy (SCP) that specifies the data sensitivity tag key and the required tag values Enforce the tag values for the EC2 instances. Attach the SCP to the appropriate OU.

C.  

Create a tag policy to deny running instances when a tag key is not specified. Create another tag policy that prevents identities from deleting tags Attach the tag policies to the appropriate OU.

D.  

Create a service control policy (SCP) to deny creating instances when a tag key is not specified. Create another SCP that prevents identities from deleting tags Attach the SCPs to the appropriate OU.

E.  

Create an AWS Config rule to check if EC2 instances use the data sensitivity tag and the specified values. Configure an AWS Lambda function to delete the resource if a noncompliant resource is found.

A.  

Use AWS Organizations to set up the infrastructure. Use AWS Config to track changes

B.  

Use AWS Cloud Formation to set up the infrastructure. Use AWS Config to track changes.

C.  

Use AWS Organizations to set up the infrastructure. Use AWS Service Catalog to track changes.

D.  

Use AWS Cloud Formation to set up the infrastructure. Use AWS Service Catalog to track changes.

A.  

Run Amazon EC2 On-Demand Instances in an Auto Scaling group for the web portal. Use an AWS Lambda function to run the document extract program. Invoke the Lambda function when an employee uploads a new reimbursement document.

B.  

Run Amazon EC2 Spot Instances in an Auto Scaling group for the web portal. Run the document extract program on EC2 Spot Instances Start document extract program instances when an employee uploads a new reimbursement document.

C.  

Purchase a Savings Plan to run the web portal and the document extract program. Run the web portal and the document extract program in an Auto Scaling group.

D.  

Create an Amazon S3 bucket to host the web portal. Use Amazon API Gateway and an AWS Lambda function for the existing functionalities. Use the Lambda function to run the document extract program. Invoke the Lambda function when the API that is associated with a new document upload is called.

A.  

Create IAM users for the employees in the required AWS accounts. Connect IAM users to the existing IdP. Configure federated authentication for the IAM users.

B.  

Set up AWS account root users with user email addresses and passwords that are synchronized from the existing IdP.

C.  

Configure AWS IAM Identity Center Connect IAM Identity Center to the existing IdP Provision users and groups from the existing IdP

D.  

Use AWS Resource Access Manager (AWS RAM) to share access to the AWS accounts with the users in the existing IdP.

A.  

Create a customer managed key Use the key to encrypt the EBS volumes.

B.  

Use an AWS managed key to encrypt the EBS volumes. Use the key to configure automatic key rotation.

C.  

Create an external KMS key with imported key material. Use the key to encrypt the EBS volumes.

D.  

Use an AWS owned key to encrypt the EBS volumes.

A.  

Enable read replicas in ElastiCache (Redis OSS). Promote the read replica when necessary.

B.  

Enable Multi-AZ in ElastiCache (Redis OSS). Fail over to a second node when necessary.

C.  

Export a backup of the ElastiCache (Redis OSS) cache to an Amazon S3 bucket. Restore the cache to a second cluster when necessary.

D.  

Export a backup of the ElastiCache (Redis OSS) cache by using AWS Backup. Restore the cache to a second cluster when necessary.

A.  

Configure AWS CloudTrail trails to log Amazon S3 API calls. Use AWS AppSync to process the files.

B.  

Configure a new object created S3 event notification within the bucket to invoke an AWS Lambda function to process the files.

C.  

Configure Amazon Kinesis Data Streams to deliver the files to the S3 bucket. Invoke an AWS Lambda function to process the files.

D.  

Deploy an Amazon EC2 instance. Create a script that lists all files in the S3 bucket and processes new files. Use a cron job that runs every minute to run the script.

A.  

Use an Amazon API Gateway REST API to invoke an AWS Lambda function to send transaction data to the Aurora database. Send transaction data to an Amazon Simple Queue Service (Amazon SQS) queue that has a dead-letter queue. Use a second Lambda function to read from the SQS queue and to update the Aurora database.

B.  

Use an Amazon API Gateway HTTP API to send transaction data to an Application Load Balancer (ALB). Use the ALB to send the transaction data to Amazon Elastic Container Service (Amazon ECS) on Amazon EC2. Use ECS tasks to store the data in Aurora database.

C.  

Use an Application Load Balancer (ALB) to route transaction data to Amazon Elastic Kubernetes Service (Amazon EKS). Use Amazon EKS to send the data to the Aurora database.

D.  

Use Amazon Data Firehose to send transaction data to Amazon S3. Use AWS Database Migration Service (AWS DMS) to migrate the data from Amazon S3 to the Aurora database.

A.  

Create a private virtual interface (VIF) with a gateway type of virtual private gateway. Configure the private VIF to use a virtual private gateway that is associated with one of the VPCs.

B.  

Create a private virtual interface (VIF) to a new Direct Connect gateway. Associate the new Direct Connect gateway with a virtual private gateway in each VPC.

C.  

Create a transit virtual interface (VIF) with a gateway association to a new Direct Connect gateway. Associate each transit gateway with the new Direct Connect gateway.

D.  

Create an AWS Site-to-Site VPN connection that uses a public virtual interface (VIF) for the Direct Connect connection. Attach the Site-to-Site VPN connection to the transit gateways.

A.  

Enable AWS Config. Configure an AWS Config managed rule that detects DDoS attacks.

B.  

Enable AWS WAF on the ALB Create an AWS WAF web ACL with rules to detect and prevent DDoS attacks. Associate the web ACL with the AL

B.  

C.  

Store the ALB access logs in an Amazon S3 bucket. Configure Amazon GuardDuty to detect and take automated preventative actions for DDoS attacks.

D.  

Subscribe to AWS Shield Advanced. Configure hosted zones in Route 53 Add ALB resources as protected resources.

A.  

Deploy the REST API as an edge-optimized API endpoint. Enable caching. Enable content encoding in the API definition to compress the application data in transit.

B.  

Deploy the REST API as a Regional API endpoint. Enable caching. Enable content encoding in the API definition to compress the application data in transit.

C.  

Deploy the REST API as an edge-optimized API endpoint. Enable caching. Configure reserved concurrency for the Lambda functions.

D.  

Deploy the REST API as a Regional API endpoint. Enable caching. Configure reserved concurrency for the Lambda functions.

A.  

Place the ALB, EC2 instances, and RDS database in private subnets.

B.  

Place the ALB in public subnets. Place the EC2 instances and RDS database in private subnets.

C.  

Place the ALB and EC2 instances in public subnets. Place the RDS database in private subnets.

D.  

Place the ALB outside the VPC. Place the EC2 instances and RDS database in private subnets.

A.  

Use a storage optimized instance for the primary node. Use compute optimized instances for core nodes and task nodes.

B.  

Use a memory optimized instance for the primary node. Use storage optimized instances for core nodes and task nodes.

C.  

Use a general purpose instance for the primary node. Use memory optimized instances for core nodes and task nodes.

D.  

Use general purpose instances for the primary, core, and task nodes.

A.  

Use Amazon EFS as a high-performance file system.

B.  

Use Amazon FSx for Lustre as a high-performance file system.

C.  

Create an Auto Scaling group of EC2 instances. Use Reserved Instances. Configure a spread placement group. Use AWS Batch for analytics.

D.  

Use Mountpoint for Amazon S3 as a high-performance file system.

E.  

Create an Auto Scaling group of EC2 instances. Use mixed instance types and a cluster placement group. Use Amazon EMR for analytics.

A.  

Create a peering connection between the VPCs. Create a VPN connection between the VPCs and the on-premises locations.

B.  

Launch an Amazon EC2 instance. On the instance, include VPN software that uses a VPN connection to connect all VPCs and on-premises locations.

C.  

Create a transit gateway. Create VPC attachments for the VPC connections. Create VPNattachments for the on-premises connections.

D.  

Create an AWS Direct Connect connection between the on-premises locations and a central VPC. Connect the central VPC to other VPCs by using peering connections.

A.  

Create an IAM user that has a policy that grants administrative permissions. Use the IAM user's access keys on the EC2 instances to access the RDS database.

B.  

Create an IAM user that has a policy that grants the minimum required permissions to access the RDS database. Embed the IAM user's access keys on the EC2 instances to access the RDS database.

C.  

Create an IAM role that has a policy that grants the minimum required permissions to access the RDS database. Attach the IAM role access key and the IAM role secret key to the EC2 instance profile.

D.  

Create an IAM role that has a policy that grants the minimum required permissions to access the RDS database. Attach the IAM role to an EC2 instance profile. Associate the instance profile with the instances.

A.  

Create an IAM policy that includes a statement that has the Effect "Allow" and the Action "rds:". Attach the IAM policy to the IAM group.

B.  

Create an IAM policy that includes two statements. Configure the first statement to have the Effect "Allow" and the Action "rds:". Configure the second statement to have the Effect "Deny" and the Action "". Attach the IAM policy to the IAM group.

C.  

Create an IAM policy that includes a statement that has the Effect "Deny" and the NotAction "rds:". Attach the IAM policy to the IAM group.

D.  

Create an IAM policy with a statement that includes the Effect "Allow" and the Action "rds:". Include a permissions boundary that has the Effect "Allow" and the Action "rds:". Attach the IAM policy to the IAM group.

A.  

Modify the ECS cluster properties to use privileged mode. Enable host-based logging.

B.  

Use the AWS Config conformance pack for Amazon ECS. Use AWS Config to notify administrators if any security vulnerabilities are detected.

C.  

Configure AWS WAF to invoke an Amazon CloudWatch alarm when a new security vulnerability is detected.

D.  

Use Amazon Inspector to scan container images in Amazon Elastic Container Registry (Amazon ECR).

E.  

Use AWS Systems Manager Parameter Store to encrypt container images.

A.  

Create an Amazon RDS for MySQL instance. Purchase a Reserved Instance.

B.  

Create an Amazon RDS for MySQL instance. Use the instance on an on-demand basis.

C.  

Create an Amazon Aurora MySQL cluster with writer and reader nodes. Use the cluster on an on-demand basis.

D.  

Create an Amazon EC2 instance. Manually install and configure MySQL Server on the instance.

A.  

Set up an Amazon CloudFront distribution. Use the S3 bucket as the origin.

B.  

Make the S3 bucket public for a limited time. Inform only the agencies that the bucket is publicly accessible.

C.  

Configure cross-account access for the S3 bucket to the accounts that the agencies own.

D.  

Set up an IAM user for each agency in the source data account. Grant each agency IAM user access to the company's S3 bucket.

A.  

Create an Amazon ElastiCache for Redis cluster in the Region where the application is deployed. Create read replicas in Regions where the company offices are located. Ensure the company offices read from the read replica instances.

B.  

Create Amazon DynamoDB global tables. Deploy the tables to the Regions where the company offices are located and to the Region where the application is deployed. Ensure that each company office reads from the tables that are in the same Region as the office.

C.  

Create an Amazon Aurora global database. Configure the primary cluster to be in the Region where the application is deployed. Configure the secondary Aurora replicas to be in the Regions where the company offices are located. Ensure the company offices read from the Aurora replicas.

D.  

Create an Amazon RDS Multi-AZ DB cluster deployment in the Region where the application is deployed. Ensure the company offices read from read replica instances.

A.  

Set up automatic key rotation in AWS Key Management Service (AWS KMS) for the encryption keys.

B.  

Configure AWS Key Management Service (AWS KMS) to alert the company to rotate the encryption keys annually.

C.  

Schedule an AWS Lambda function to rotate the encryption keys annually.

D.  

Create an AWS CloudFormation stack to run an AWS Lambda function that deploys new encryption keys once each year.

A.  

Amazon Aurora

B.  

Amazon DynamoDB

C.  

Amazon RDS

D.  

Amazon Redshift

A.  

Use EC2 to ingest/process data to S3 → Athena + Managed Grafana

B.  

Use EMR to ingest/process to Redshift → Redshift Spectrum + QuickSight

C.  

Use EKS to ingest/process to DynamoDB → CloudWatch Dashboards

D.  

Use Kinesis Data Streams → Amazon OpenSearch Service → Amazon QuickSight

A.  

Deploy RDS read replicas to process the business reporting queries.

B.  

Scale out the DB instance horizontally by placing the instance behind an Elastic Load Balancing (ELB) load balancer.

C.  

Scale up the DB instance to a larger instance type to handle write operations and reporting queries.

D.  

Configure Amazon CloudWatch to monitor the DB instance. Deploy standby DB instances when a latency metric threshold is exceeded.

A.  

Enable S3 Transfer Acceleration to provide Account B access to the centralized S3 bucket in Account

A.  

B.  

Enable cross-Region replication between Account A and Account B to share the S3 bucket data.

C.  

Use Amazon CloudFront to distribute the S3 bucket contents. Grant Account B access to the bucket contents through a signed URL.

D.  

Create a bucket policy that grants Account B permission to access the centralized S3 bucket in Account A.

A.  

Use AWS Identity and Access Management (IAM) to manage IAM users and IAM roles in each account. Implement MFA for the root user in each account. Enforce service restrictions by using AWS managed prefix lists.

B.  

Use AWS Control Tower to establish a multi-account environment. Use service control policies (SCPs) to enforce service restrictions in AWS Organizations. Configure MFA for the root user across all accounts.

C.  

Use AWS Systems Manager to enforce service restrictions across multiple accounts. Use IAM policies to enforce MFA for the root user across all accounts.

D.  

Use AWS IAM Identity Center to manage user access and to enforce service restrictions by using permissions boundaries in each account.

A.  

Create a public Network Load Balancer. Specify the application target group.

B.  

Create a Gateway Load Balancer. Specify the application target group.

C.  

Create a public Application Load Balancer. Specify the application target group.

D.  

Create a second target group. Add Elastic IP addresses to the EC2 instances.

E.  

Create a web ACL in AWS WAF. Associate the web ACL with the endpoint.

A.  

Move the files to Amazon S3. Set up a lifecycle policy to move the files to S3 Glacier Flexible Retrieval.

B.  

Apply a lifecycle policy to the EFS files to move the files to EFS Infrequent Access.

C.  

Move the files to Amazon Elastic Block Store (Amazon EBS) Cold HDD Volumes (sc1).

D.  

Move the files to Amazon S3. Set up a lifecycle policy to move the rarely-used files to S3 Glacier Deep Archive.

A.  

Create an Amazon Simple Queue Service (Amazon SQS) queue. Send user requests to the SQS queue. Configure the Lambda function with provisioned concurrency. Set the SQS queue as the event source trigger.

B.  

Use AWS Step Functions to orchestrate and process user requests. Configure Step Functions to invoke the Lambda functions and to manage the request flow.

C.  

Create an Amazon Simple Notification Service (Amazon SNS) topic. Send user requests to the SNS topic. Configure the Lambda functions with provisioned concurrency. Subscribe the functions to the SNS topic.

D.  

Create an Amazon Simple Queue Service (Amazon SQS) queue. Send user requests to the SQS queue. Configure the Lambda functions with reserved concurrency. Set the SQS queue as the event source trigger for the functions.

A.  

An Amazon Route 53 simple routing policy

B.  

An Amazon Route 53 multivalue answer routing policy

C.  

An Application Load Balancer in one Region with a target group that specifies the EC2 instance IDs from both Regions

D.  

An Application Load Balancer in one Region with a target group that specifies the IP addresses of the EC2 instances from both Regions

A.  

Create an Amazon Elastic File System (Amazon EFS) volume that uses EFS Intelligent-Tiering. Use AWS DataSync to migrate the data to the EFS volume.

B.  

Create an Amazon FSx for ONTAP instance. Create an FSx for ONTAP file system with a root volume that uses the auto tiering policy. Migrate the data to the FSx for ONTAP volume.

C.  

Create an Amazon S3 bucket that uses S3 Intelligent-Tiering. Migrate the data to the S3 bucket by using an AWS Storage Gateway Amazon S3 File Gateway.

D.  

Create an Amazon FSx for OpenZFS file system. Migrate the data to the new volume.

A.  

Ingest the shipment updates from the mobile app into Amazon Simple Queue Service (Amazon SQS). Publish the updates to the SNS topic. Apply a filter policy to rewrite the body of each message.

B.  

Ingest the shipment updates from the mobile app into Amazon Simple Queue Service (Amazon SQS). Use an AWS Lambda function to consume the updates from Amazon SQS and rewrite the body of each message. Publish the updates to the SNS topic.

C.  

Ingest the shipment updates from the mobile app into a second SNS topic. Publish the updates to the shipper SNS topic. Apply a filter policy to rewrite the body of each message.

D.  

Ingest the shipment updates from the mobile app into Amazon Simple Queue Service (Amazon SQS). Filter and rewrite the messages in Amazon EventBridge Pipes. Publish the updates to the SNS topic.

A.  

Deploy an Amazon API Gateway HTTP API as the frontend to direct traffic to an Amazon Simple Queue Service (Amazon SQS) queue. Use AWS Lambda functions as the backend to read from the queue.

B.  

Deploy an Amazon API Gateway REST API as the frontend to direct traffic to an Amazon Simple Queue Service (Amazon SQS) queue. Use Amazon Elastic Container Service (Amazon ECS) on AWS Fargate as the backend to read from the queue.

C.  

Deploy an Amazon API Gateway REST API as the frontend to direct traffic to an Amazon Simple Notification Service (Amazon SNS) topic. Use AWS Lambda functions as the backend. Subscribe the Lambda functions to the topic.

D.  

Deploy an Amazon API Gateway HTTP API as the frontend to direct traffic to an Amazon Simple Notification Service (Amazon SNS) topic. Use Amazon Elastic Kubernetes Service (Amazon EKS) on AWS Fargate as the backend. Subscribe Amazon EKS to the topic.

A.  

Deploy the database on Amazon RDS. Use Provisioned IOPS SSD storage to ensure consistent performance for read and write operations.

B.  

Deploy the database on Amazon Aurora Serveriess to automatically scale the database capacity based on actual usage to accommodate the workload.

C.  

Deploy the database on Amazon DynamoDB. Use on-demand capacity mode to automatically scale throughput to accommodate the workload.

D.  

Deploy the database on Amazon RDS Use magnetic storage and use read replicas to accommodate the workload

A.  

Assign an IAM user to each micro-service. Use access keys stored within the application code to authenticate AWS service requests.

B.  

Create a single IAM role that has permission to access all AWS services. Associate the IAM role with all EC2 instances that run the microservices

C.  

Use AWS Organizations to create a separate account for each microservice. Manage permissions at the account level.

D.  

Create individual IAM roles based on the specific needs of each microservice. Associate the IAM roles with the appropriate EC2 instances.

A.  

Decrease the minimum number of EC2 instances for both Auto Scaling groups. Increase the desired number of instances to meet the peak demand requirement.

B.  

Configure the maximum number of instances for both Auto Scaling groups to be the number required to meet the peak demand. Create a warm pool.

C.  

Increase the maximum number of EC2 instances for both Auto Scaling groups to meet the normal demand requirement. Create a warm pool.

D.  

Reconfigure both Auto Scaling groups to use a scheduled scaling policy. Increase the size of the EC2 instance types and the RDS instance types.

A.  

Use Amazon Kinesis Data Streams to ingest the data. Process the data using AWS Lambda functions.

B.  

Use Amazon API Gateway on top of the existing application. Create a usage plan with a quota limit for the third-party vendor.

C.  

Use Amazon Simple Notification Service (Amazon SNS) to ingest the data. Put the EC2 instances in an Auto Scaling group behind an Application Load Balancer.

D.  

Repackage the application as a container. Deploy the application using Amazon Elastic Container Service (Amazon ECS) using the EC2 launch type with an Auto Scaling group.

A.  

Deploy an Amazon Route 53 Resolver with rules pointing to the on-premises and AWS IP addresses.

B.  

Deploy a Network Load Balancer on AWS. Create target groups for the on-premises and AWS IP addresses.

C.  

Deploy an Application Load Balancer on AWS. Register the on-premises and AWS IP addresses with the target group.

D.  

Deploy Amazon API Gateway to direct traffic to the on-premises and AWS IP addresses based on the header of the request.

A.  

Use EMR to ingest database data into SPICE with only required columns.

B.  

Use AWS Glue Studio to ingest database data into S3 and use IAM policies for column control.

C.  

Use AWS Glue Elastic Views to create materialized S3 views with column restrictions.

D.  

Use a Lake Formation blueprint to ingest database data to S3. Use Lake Formation for column-level access control. Use Athena as the QuickSight data source.

A.  

Add an Application Load Balancer.

B.  

Add Amazon ElastiCache for Redis or Memcached to the database layer of the web application.

C.  

Invalidate the CloudFront cache.

D.  

Use AWS Certificate Manager (ACM) to validate the website's SSL certificate.

A.  

Use Amazon EventBridge Scheduler to schedule an AWS Lambda function to process the videos. Save the processed videos to the S3 bucket. Use Amazon Simple Notification Service (Amazon SNS) to send push notifications to customers when processing is finished.

B.  

Use Amazon EventBridge Scheduler to schedule AWS Fargate to process the videos. Save the processed videos to the S3 bucket. Use Amazon Simple Notification Service (Amazon SNS) to send push notifications to customers when processing is finished.

C.  

Use an S3 trigger to invoke an AWS Lambda function to process the videos. Save the processed videos to the S3 bucket. Use Amazon Simple Notification Service (Amazon SNS) to send push notifications to customers when processing is finished.

D.  

Use an S3 trigger to invoke an AWS Lambda function to process the videos. Save the processed videos to the S3 bucket. Use AWS Amplify to send push notifications to customers when processing is finished.

A.  

Mount an Amazon Elastic File System (Amazon EFS) file system to the training cluster. Use AWS DataSync to migrate data from Amazon S3 to the EFS file system to train the FM.

B.  

Use an Amazon FSx for Lustre file system and Amazon S3 with Data Repository Association (DRA). Preload the data from Amazon S3 to the Lustre file system to train the FM.

C.  

Attach Amazon Block Store (Amazon EBS) volumes to the training cluster. Load the data from Amazon S3 to the EBS volumes to train the FM.

D.  

Use AWS DataSync to migrate the data from Amazon S3 to the training cluster as files. Train the FM on the local file-based data.

A.  

Launch a second EC2 instance in a second AWS Region. Use a Route 53 failover routing policy to redirect the traffic to the second EC2 instance.

B.  

Create and configure an Auto Scaling group to launch private EC2 instances in multiple Availability Zones. Add the instances to a target group behind a new Application Load Balancer.

C.  

Migrate the database to an Amazon Aurora MySQL cluster. Create the primary DB instance and reader DB instance in separate Availability Zones.

D.  

Create and configure an Auto Scaling group to launch private EC2 instances in multiple AWS Regions. Add the instances to a target group behind a new Application Load Balancer.

E.  

Migrate the database to an Amazon Aurora MySQL cluster with cross-Region read replicas.

A.  

Configure the EC2 account attributes to always encrypt new EBS volumes.

B.  

Use AWS Config. Configure the encrypted-volumes identifier Apply the default AWS Key Management Service (AWS KMS) key.

C.  

Configure AWS Systems Manager to create encrypted copies of the EBS volumes. Reconfigure the EC2 instances to use the encrypted volumes

D.  

Create a customer managed key in AWS Key Management Service (AWS KMS) Configure AWS Migration Hub to use the key when the company migrates workloads.

A.  

Configure AWS Directory Service to create an Active Directory in AWS Managed Microsoft AD. Establish a trust relationship with the on-premises Active Directory. Configure IAM roles and trust policies to give the employees access to the AWS resources.

B.  

Use LDAP to directly integrate the on-premises Active Directory with IAM. Map Active Directory groups to IAM roles to control access to AWS resources.

C.  

Implement a custom identity broker to authenticate users into the on-premises Active Directory. Configure the identity broker to use AWS STS to grant authorized users IAM role-based access to the AWS resources.

D.  

Configure Amazon Cognito to federate users into the on-premises Active Directory. Use Cognito user pools to manage user identities and to manage user access to the AWS resources.

A.  

Create a resource policy for the SNS topic that allows the Lambda function to publish messages to the topic.

B.  

Use server-side encryption with AWS KMS keys (SSE-KMS) for the SNS topic instead of customer-managed keys.

C.  

Create a resource policy for the encryption key that the SNS topic uses that has the necessary AWS KMS permissions.

D.  

Specify the Lambda function's Amazon Resource Name (ARN) in the SNS topic's resourcepolicy.

E.  

Associate an Amazon API Gateway HTTP API with the SNS topic to control access to the topic by using API Gateway resource policies.

F.  

Configure a Lambda execution role that has the necessary IAM permissions to use a customer-managed key in AWS KMS.

A.  

Configure AWS Shield.

B.  

Configure AWS WAR

C.  

Set up API Gateway with an Amazon CloudFront distribution Configure AWS Shield in CloudFront.

D.  

Set up API Gateway with an Amazon CloudFront distribution. Configure AWS WAF in CloudFront

A.  

Activate the aws:createdBy cost allocation tag and the department cost allocation tag in the management account.

B.  

Create a new cost and usage report in Cost Explorer. Group by the department cost allocation tag. Apply a filter to see all linked accounts and services.

C.  

Activate only the department cost allocation tag in the management account.

D.  

Create a new cost and usage report in Cost Explorer. Group by the department cost allocation tag without any other filters.

E.  

Activate only the aws:createdBy cost allocation tag in the management account.

A.  

Server-side encryption with customer-provided encryption keys

B.  

Client-side encryption with Amazon S3 managed encryption keys

C.  

Server-side encryption with keys stored in AWS Key Management Service (AWS KMS)

D.  

Client-side encryption with a key stored in AWS Key Management Service (AWS KMS)

A.  

Configure an export in AWS Data Exports. Use Amazon QuickSight to create a cost and usage dashboard. View the data in QuickSight.

B.  

Configure one custom budget in AWS Budgets for costs. Configure a second custom budget for usage. Schedule daily AWS Budgets reports by using the two budgets as sources.

C.  

Configure AWS Cost Explorer to use user-defined cost allocation tags with hourly granularity to generate detailed data.

D.  

Configure an export in AWS Data Exports. Use the standard export option. View the data in Amazon Athena.

A.  

Create an AWS Lambda function to detect and mask PII. Invoke the function from Kinesis Data Firehose.

B.  

Use Amazon Macie to scan the S3 bucket. Configure Macie to detect and mask PII.

C.  

Enable server-side encryption (SSE) on the S3 bucket.

D.  

Create an AWS Lambda function that integrates with AWS CloudHSM. Configure the function to detect and mask PII.

A.  

Create an Amazon EFS VPC endpoint for the original EFS file system in the second Region. Mount both the original and the new EFS file system to the new set of EC2 instances in the second Region. Configure an rsync cron job to run every 5 minutes.

B.  

Set up EFS replication between the two EFS file systems. Set the new file system as the source. Set the original file system in the first Region as the destination. Turn off overwrite protection for the destination file system.

C.  

Set up one AWS DataSync agent in each Region. Configure Amazon EFS VPC endpoints, EFS transfer locations, and EFS transfer tasks with opposite directions on the two DataSync agents.

D.  

Mount the EFS file system in the second Region to the new set of EC2 instances in the second Region. Use AWS Transfer Family to establish SFTP access to the EFS file system in the original Region. Configure an rsync cron job to run every 5 minutes.

A.  

Purchase a 1-year EC2 Instance Savings Plan with the All Upfront option.

B.  

Purchase a 1-year Compute Savings Plan with the No Upfront option.

C.  

Purchase a 1-year Compute Savings Plan with the Partial Upfront option.

D.  

Purchase a 1-year Compute Savings Plan with the All Upfront option.

A.  

Deploy Amazon EC2 instances to supply compute capacity. Configure Auto Scaling groups to achieve dynamic scaling based on player count. Use Amazon RDS for MySQL as the database.

B.  

Refactor the game logic into small, stateless functions. Use AWS Lambda to process the game logic. Use Amazon DynamoDB as the database.

C.  

Deploy an Amazon Elastic Container Service (Amazon ECS) cluster on AWS Fargate to supply compute capacity. Scale the ECS tasks based on player demand. Use Amazon Aurora Serverless v2 as the database.

D.  

Use AWS ParallelCluster for high performance computing (HPC). Provision compute nodes that have GPU instances to process the game logic and player interactions. Use Amazon RDS for MySQL as the database.

A.  

Create an Amazon CloudFront distribution. Configure the existing ALB as the origin.

B.  

Use Amazon Route 53 to serve traffic to the ALB and EC2 instances based on the geographic location of each customer.

C.  

Create an Amazon S3 bucket with public read access enabled. Migrate the web application to the S3 bucket. Configure the S3 bucket for website hosting.

D.  

Use AWS Direct Connect to directly serve content from the web application to the location of each customer.

A.  

Create a read replica for the DB instance. Query the replica DB instance instead of the primary DB instance.

B.  

Migrate the data to an Amazon DynamoDB database.

C.  

Configure the Amazon Aurora MySQL DB instance for Multi-AZ deployment.

D.  

Create a proxy in Amazon RDS Proxy. Query the proxy instead of the DB instance.

A.  

Configure Amazon RDS for MySQL in a Multi-AZ DB instance deployment with one standby instance. Point the transactional queries to the primary DB instance. Point the analytical queries to a secondary DB instance that runs in a different Availability Zone.

B.  

Configure Amazon RDS for MySQL in a Multi-AZ DB cluster deployment with two standby instances. Point the transactional queries to the primary DB instance. Point the analytical queries to the reader endpoint.

C.  

Configure Amazon RDS for MySQL to use multiple read replicas across multiple Availability Zones. Point the transactional queries to the primary DB instance. Point the analytical queries to one of the replicas in a different Availability Zone.

D.  

Configure Amazon RDS for MySQL as the primary database for the transactional queries with automated backups enabled. Configure automated backups. Each night, create a read-only database from the most recent snapshot to support the analytical queries. Terminate the previously created database.

A.  

Write the payment messages to an Amazon DynamoDB table that uses the payment ID as the partition key.

B.  

Write the payment messages to an Amazon Kinesis data stream that uses the payment ID as the partition key.

C.  

Write the payment messages to an Amazon ElastiCache for Memcached cluster that uses the payment ID as the key

D.  

Write the payment messages to an Amazon Simple Queue Service (Amazon SQS) queue. Set the message attribute to use the payment I

D.  

E.  

Write the payment messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queue Set the message group to use the payment ID.

A.  

Implement S3 Intelligent-Tiering.

B.  

Implement S3 storage class analysis.

C.  

Implement an S3 Lifecycle policy to move data to S3 Standard-Infrequent Access (S3 Standard-IA).

D.  

Implement an S3 Lifecycle policy to move data to S3 One Zone-Infrequent Access (S3 One Zone-IA).

A.  

Create an A record with a latency policy.

B.  

Create an A record with a geolocation policy.

C.  

Create a CNAME record with a failover policy.

D.  

Create a CNAME record with a geoproximity policy.

A.  

Deploy AWS WAF and set up logging. Use Amazon Data Firehose to deliver the log files to an Amazon S3 bucket for analysis.

B.  

Deploy Amazon API Gateway and set up logging. Use Amazon Kinesis Data Streams to deliver the log files to an Amazon S3 bucket for analysis.

C.  

Deploy a Network Load Balancer and set up logging. Use Amazon Data Firehose to deliver the log files to an Amazon S3 bucket for analysis.

D.  

Deploy an Application Load Balancer and set up logging. Use Amazon Kinesis Data Streams to deliver the log files to an Amazon S3 bucket for analysis.

A.  

Implement AWS WAF custom rules to limit the length of query requests. Configure CloudFront to work with AWS WAF.

B.  

Enable AWS Shield Advanced. Configure CloudFront to work with Shield Advanced.

C.  

Use Amazon Inspector to scan the EC2 instances. Enable Amazon GuardDuty.

D.  

Enable Amazon Macie. Configure CloudFront Origin Shield.

A.  

Create a portfolio by using AWS Service Catalog that includes only EC2 instances launched with approved AMIs. Ensure that all required software is preinstalled on the AMIs. Create the necessary permissions for developers to use the portfolio.

B.  

Create an AMI that contains the approved operating system and software by using EC2 Image Builder. Give developers access to that AMI to launch the EC2 instances.

C.  

Create an AMI that contains the approved operating system Tell the developers to use the approved AMI Create an Amazon EventBridge rule to run an AWS Systems Manager script when a new EC2 instance is launched. Configure the script to install the required software from a repository.

D.  

Create an AWS Config rule to detect the launch of EC2 instances with an AMI that is not approved. Associate a remediation rule to terminate those instances and launch the instances again with the approved AMI. Use AWS Systems Manager to automatically install the approved software on the launch of an EC2 instance.

A.  

Migrate the database to Amazon Aurora Serverless.

B.  

Migrate the database to Amazon RDS for SQL Server.

C.  

Migrate the database to Amazon EC2 instances that run SQL Server.

D.  

Migrate the database to Amazon Redshift.

A.  

Configure an AWS Storage Gateway Amazon S3 File Gateway to cache frequently accessed files locally. Store older files in Amazon S3.

B.  

Move the files from Amazon EFS, and store the files locally on each EC2 instance.

C.  

Configure a lifecycle policy to move the files to the EFS Infrequent Access (IA) storage class after 7 days.

D.  

Deploy AWS DataSync to automatically move files older than 7 days to Amazon S3 Glacier Deep Archive.

A.  

Create an Amazon FSx File Gateway. Create a file share that uses the existing custom protocol. Connect the EC2 instances that host the application to the file share.

B.  

Create an Amazon EC2 Windows instance. Install and configure a Windows file share role on the instance. Connect the EC2 instances that host the application to the file share.

C.  

Create an Amazon Elastic File System (Amazon EFS) file system. Configure the file system to support Lustre. Connect the EC2 instances that host the application to the file system.

D.  

Create an Amazon FSx for Lustre file system. Connect the EC2 instances that host the application to the file system.

A.  

Create a mount target for the EFS file system in the VPC. Use the mount target to mount the file system on each of the instances.

B.  

Create a mount target for the EFS file system in one Availability Zone of the VPC. Use the mount target to mount the file system on the instances in that Availability Zone. Share the directory with the other instances.

C.  

Create a mount target for each instance. Use each mount target to mount the EFS file system on each respective instance.

D.  

Create a mount target in each Availability Zone of the VPC. Use the mount target to mount the EFS file system on the instances in the respective Availability Zone.

A.  

Use AWS Fargate to run the simulator. Serve requests through an Application Load Balancer (ALB).

B.  

Use Amazon EC2 instances to run the simulator. Serve requests through an Application Load Balancer (ALB).

C.  

Use AWS Batch to run the simulator. Serve requests through a Network Load Balancer (NLB).

D.  

Use Lambda provisioned concurrency for the simulator functions.

A.  

Use AWS App2Container (A2C) to containerize the job. Run the job as an Amazon Elastic Container Service (Amazon ECS) task on AWS Fargate with 0.5 virtual CPU (vCPU) and 1 GB of memory.

B.  

Copy the code into an AWS Lambda function that has 1 GB of memory. Create an Amazon EventBridge scheduled rule to run the code each hour.

C.  

Use AWS App2Container (A2C) to containerize the job. Install the container in the existing Amazon Machine Image (AMI). Ensure that the schedule stops the container when the task finishes.

D.  

Configure the existing schedule to stop the EC2 instance at the completion of the job and restart the EC2 instance when the next job starts.

A.  

Deploy a NAT gateway in public subnets in both Availability Zones. Create and configure one route table for each private subnet.

B.  

Deploy an internet gateway in public subnets in both Availability Zones. Create and configure a shared route table for the private subnets.

C.  

Deploy a NAT gateway in public subnets in both Availability Zones. Create and configure a shared route table for the private subnets.

D.  

Deploy an egress-only internet gateway in public subnets in both Availability Zones. Create and configure one route table for each private subnet.

A.  

Host the application on EC2 instances that have Provisioned IOPS SSD (io2) Block Express Amazon Elastic Block Store (Amazon EBS) volumes attached.

B.  

Install the application on an Amazon EMR cluster. Use Hadoop Distributed File System (HDFS) with General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volumes.

C.  

Use Amazon FSx for Lustre as shared storage across the EC2 instances that run the application.

D.  

Host the application on EC2 instances that have SSD instance store volumes and General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volumes attached.

A.  

Create a single S3 Lifecycle configuration that has two rules. Configure the first rule to expire objects after 48 hours with a filter of ObjectSizeGreaterThan and a value of 1 TB. Configure the second rule to expire objects after 7 days.

B.  

Create two S3 Lifecycle configurations. Include a rule in the first configuration to expire objects after 48 hours by using a Prefix filter of LargeFiles. Include a rule in the second configuration to expire objects after 7 days.

C.  

Create a single S3 Lifecycle configuration that has two rules. Configure the first rule to expire objects after 48 hours. Configure the second rule to expire objects after 7 days.

D.  

Create two S3 Lifecycle configurations. Include a rule in the first configuration to expire objects after 48 hours. Include a rule in the second configuration to expire objects after 7 days by using a filter of ObjectSizeLessThan and a value of 1 TB.

A.  

Use Amazon RDS Proxy for connection pooling. Modify the application to use the RDS Proxy for connections to the DB instance.

B.  

Create a new RDS instance for connection pooling. Modify the application to use the new RDS instance for connectivity.

C.  

Create read replicas to distribute the load of the DB instance. Create a Network Load Balancer to distribute the load across the read replicas.

D.  

Migrate the RDS for MySQL DB instance to Amazon Aurora MySQL to increase DB instance performance.

A.  

Deploy the application in multiple Regions. Use Amazon Route 53 DNS health checks to route traffic to a healthy Region.

B.  

Deploy the application in multiple Availability Zones within a single Region. Use Amazon Route 53 DNS health checks to route traffic to healthy application resources.

C.  

Deploy the application in multiple Regions. Use an Amazon Route 53 simple routing record to route traffic to a healthy Region.

D.  

Deploy the application in multiple Availability Zones within a single Region. Use an Amazon Route 53 latency record in each Availability Zone to route traffic to a healthy Availability Zone.

A.  

Store the files in an Amazon S3 bucket. Use the Standard storage class. Enable server-side encryption with Amazon S3 managed keys (SSE-S3) on the bucket. Configure cross-Region replication on the bucket.

B.  

Store the files in an Amazon Elastic File System (Amazon EFS) volume. Use an AWS KMS managed key to encrypt the EFS volume. Use AWS DataSync to replicate the EFS volume to a second AWS Region.

C.  

Store the files in an Amazon Elastic Block Store (Amazon EBS) volume. Configure AWS Backup to back up the volume on a regular schedule. Use an AWS KMS key to encrypt the backups.

D.  

Store the files in an Amazon S3 bucket. Use the S3 Glacier Flexible Retrieval storage class. Ensure that all PDF files are encrypted by using client-side encryption before the files are uploaded. Configure cross-Region replication on the bucket.

A.  

Use Amazon RDS to store the data. Use IAM roles and permissions for data governance and access control.

B.  

Use Amazon Redshift to store the data. Use IAM roles and permissions for data governance and access control.

C.  

Use Amazon S3 to store the data. Use AWS Lake Formation for data governance and access control.

D.  

Use AWS Glue Catalog to store the data. Use AWS Glue DataBrew for data governance and access control.

A.  

Allow HTTPS inbound traffic from 0.0.0.0/0 for port 443.

B.  

Allow all outbound traffic to 0.0.0.0/0 for port 443.

C.  

Allow HTTPS outbound traffic to the web application instances for port 443.

D.  

Allow HTTPS inbound traffic from the web application instances for port 443.

E.  

Allow HTTPS outbound traffic to the web application instances for the health check on port 8443.

F.  

Allow HTTPS inbound traffic from the web application instances for the health check on port 8443.

A.  

Create a transit gateway to connect the VPC to the on-premises network. Use the transit gateway to route API calls from the private subnets to the on-premises data center.

B.  

Create a NAT gateway in the public subnet of the VPC. Use the NAT gateway to allow the private subnets to access the API over the internet.

C.  

Establish an AWS PrivateLink connection to connect the VPC to the on-premises network. Use PrivateLink to make API calls from the private subnets to the on-premises data center.

D.  

Implement an AWS Site-to-Site VPN connection between the VPC and the on-premises data center. Use the VPN connection to make API calls from the private subnets to the on-premises data center.

A.  

Create an Amazon RDS for PostgreSQL database in a VPC. Create an interface VPC endpoint to connect the on-premises PostgreSQL database to the RDS for PostgreSQL database.

B.  

Create Amazon EC2 instances in an Auto Scaling group on AWS Outposts. Install PostgreSQL data analytics software on the instances.

C.  

Create an Amazon EMR cluster on AWS Outposts. Connect the EMR cluster to the on-premises PostgreSQL database to perform data processing locally.

D.  

Create an Amazon EMR cluster in a VPC. Connect the EMR cluster to Amazon RDS for SQL Server with a linked server to connect to the company's data processing platform.

A.  

Select a specific AWS generated tag in the AWS Billing console.

B.  

Select a specific user-defined tag in the AWS Billing console.

C.  

Select a specific user-defined tag in the AWS Resource Groups console.

D.  

Activate the selected tag from each AWS account.

E.  

Activate the selected tag from the Organizations management account.

A.  

Use an archive tool lo group the files into large objects. Use DataSync to migrate the objects. Store the objects in S3 Glacier Instant Retrieval for the first year. Use a lifecycle configuration to transition the files to S3 Glacier Deep Archive after 1 year with a retention period of 7 years.

B.  

Use an archive tool to group the files into large objects. Use DataSync to copy the objects to S3 Standard-Infrequent Access (S3 Standard-IA). Use a lifecycle configuration to transition the files to S3 Glacier Instant Retrieval after 1 year with a retention period of 7 years.

C.  

Configure the destination storage class for the files as S3 Glacier Instant. Retrieval Use a lifecycle policy to transition the files to S3 Glacier Flexible Retrieval after 1 year with a retention period of 7 years.

D.  

Configure a DataSync task to transfer the files to S3 Standard-Infrequent Access (S3 Standard-IA) Use a lifecycle configuration to transition the files to S3. Deep Archive after 1 year with a retention period of 7 years.

A.  

Deploy AWS CloudHSM. Import a third-party certificate into CloudHSM. Configure the EC2 instances and the ALB to use the CloudHSM imported certificate.

B.  

Import a third-party certificate bundle into AWS Certificate Manager (ACM). Generate a self-signed certificate on the EC2 instances. Associate the ACM imported third-party certificate with the AL

B.  

C.  

Import a third-party SSL certificate into AWS Certificate Manager (ACM). Install the third-party certificate on the EC2 instances. Associate the ACM imported third-party certificate with the ALB.

D.  

Use Amazon-issued AWS Certificate Manager (ACM) certificates on the EC2 instances and the ALB.

A.  

Use Amazon Timestream for LiveAnalytics to store the data points. Grant Amazon SageMaker permission to access the data for processing. Use Amazon QuickSight to visualize the data.

B.  

Use Amazon DynamoDB to store the data points. Use DynamoDB Connector to ingest data from DynamoDB into Amazon EMR for processing. Use Amazon QuickSight to visualize the data.

C.  

Use Amazon Neptune to store the data points. Use Amazon Kinesis Data Streams to ingest data from Neptune into an AWS Lambda function for processing. Use Amazon QuickSight to visualize the data.

D.  

Use Amazon Timestream to for LiveAnalytics to store the data points. Grant Amazon SageMaker permission to access the data for processing. Use Amazon Athena to visualize the data.

A.  

Use a cluster of Amazon EC2 instances. Use AWS Systems Manager to manage the workload.

B.  

Implement a serverless architecture that uses AWS Lambda functions.

C.  

Use AWS ParallelCluster to deploy a dedicated high-performance cluster.

D.  

Implement vertical scaling for each workload task.

A.  

Create an AWS Lambda function to delete items from the first DynamoDB table that have a delivery date more than 28 days in the past. Use a scheduled Amazon EventBridge rule to run the Lambda function every day.

B.  

Update the application to store PII in an Amazon S3 bucket. Create an S3 Lifecycle rule to expire the objects after 28 days. Move the data to DynamoDB when a user creates an account.

C.  

Launch an Amazon EC2 instance. Configure a daily cron job to run on the instance. Configure the cron job to use AWS CLI commands to delete items from DynamoDB.

D.  

Use a createdAt timestamp to set TTL for data in the first DynamoDB table to 28 days.

A.  

Set up a gateway endpoint to the EMR cluster.

B.  

Set up interface VPC endpoints to connect to the EMR cluster.

C.  

Set up a private NAT gateway to connect to the EMR cluster.

D.  

Set up IAM roles for the developers to use to connect to the Amazon EMR API.

E.  

Set up AWS Systems Manager Parameter Store to store access keys for each developer.

A.  

Use Amazon Elastic Container Service (Amazon ECS) on Amazon EC2 to host each microservice. Use Amazon API Gateway to manage the RESTful API requests.

B.  

Deploy each microservice as a set of AWS Lambda functions. Use Amazon API Gateway to manage the RESTful API requests.

C.  

Host each microservice on Amazon EC2 instances in Auto Scaling groups behind an Elastic Load Balancing (ELB) load balancer. Use the ELB to manage the RESTful API requests.

D.  

Deploy each microservice on Amazon Elastic Beanstalk. Use Amazon CloudFront to manage the RESTful API requests.

A.  

Export the required data from the DynamoDB table to an Amazon S3 bucket as multiple JSON files. Provide the analytics team with the necessary IAM permissions to access the S3 bucket.

B.  

Allow public access to the DynamoDB table. Create an IAM user that has permission to access DynamoD

B.  

C.  

Allow public access to the DynamoDB table. Create an IAM user that has read-only permission for DynamoDB. Share the IAM user with the analytics team.

D.  

Create a cross-account IAM role. Create an IAM policy that allows the AWS account ID of the analytics team to access the DynamoDB table. Attach the IAM policy to the IAM role. Establish a trust relationship between accounts.

A.  

Build out the workflow in AWS Glue. Use AWS Glue to invoke AWS Lambda functions to process the workflow steps.

B.  

Build out the workflow in AWS Step Functions. Deploy the application on Amazon EC2 instances. Use Step Functions to invoke the workflow steps on the EC2 instances.

C.  

Build out the workflow in Amazon EventBridge. Use EventBridge to invoke AWS Lambda functions on a schedule to process the workflow steps.

D.  

Build out the workflow in AWS Step Functions. Use Step Functions to create a state machine. Use the state machine to invoke AWS Lambda functions to process the workflow steps.

A.  

Create an AWS Database Migration Service (AWS DMS) instance to replicate data from the storage of the vendors that use legacy applications to Amazon S3. Provide the vendors with the credentials to access the AWS DMS instance.

B.  

Create an AWS Transfer Family endpoint for vendors that use legacy applications.

C.  

Configure an Amazon EC2 instance to run an SFTP server. Instruct the vendors that use legacy applications to use the SFTP server to upload data.

D.  

Configure an Amazon S3 File Gateway for vendors that use legacy applications to upload files to an SMB file share.

A.  

Configure auto scaling for the EBS volumes to automatically increase or decrease IOPS based on the EC2 instance CPU utilization metric.

B.  

Deploy the application on an EC2 instance type that supports the highest possible IOPS.

C.  

Create a custom AWS Config rule to monitor the provisioned IOPS for the EBS volumes that are attached to the EC2 instances and to send notifications.

D.  

Adjust the IOPS of each EBS volume daily based on Amazon CloudWatch metrics for IOPS utilization.

A.  

Create an Amazon RDS Proxy. Assign the proxy to the DB instance.

B.  

Create a read replica for the DB instance Move the read traffic to the read replica.

C.  

Enable Performance Insights. Monitor the CPU load to identify the timeouts.

D.  

Take regular automatic snapshots Copy the automatic snapshots to multiple AWS Regions

A.  

AWS WAF

B.  

AWS Shield Standard

C.  

Amazon Macie

D.  

AWS Shield Advanced

A.  

Deploy Amazon EC2 instances in an Auto Scaling group for the application tier and web tier in a single AWS Region. Use an Application Load Balancer to distribute web traffic. Use an Amazon RDS database and Multi-AZ deployments for the database tier.

B.  

Set up an Amazon CloudFront distribution that uses an Amazon S3 bucket as the origin. Use Amazon Elastic Container Service (Amazon ECS) containers on AWS Fargate to deploy the application tier to each AWS Region where the company operates. Use an Amazon Aurora global database for the database tier.

C.  

Use an Amazon S3 bucket to store the static web content. Use Amazon EC2 Auto Scaling and EC2 Spot Instances for the application tier. Use Amazon RDS for MySQL with read replicas for the database tier. Use AWS Database Migration Service (AWS DMS) to replicate data to secondary AWS Regions.

D.  

Use an Amazon S3 bucket to store static web content. Use AWS Lambda functions to handle serverless backend logic in the application tier. Use Amazon API Gateway to invoke the Lambda functions for web requests. Use an Amazon DynamoDB database for the database tier. Deploy the DynamoDB database across multiple AWS Regions.

A.  

Create a new S3 bucket as a destination bucket. Enable versioning on the new bucket.

B.  

Use S3 batch operations to copy objects from the specified prefixes to the destination bucket.

C.  

Use the S3 CopyObject API, and create a script to copy data to the destination S3 bucket.

D.  

Configure S3 Same-Region Replication (SRR) to replicate existing data from the specified prefixes in the source bucket to the destination bucket.

E.  

Configure AWS DataSync to migrate data from the specified prefixes in the source bucket to the destination bucket.

F.  

Use an S3 Lifecycle policy to delete objects from the source bucket after the data is migrated to the destination bucket.

A.  

Use Network Access Analyzer to review all access permissions in the company's AWS accounts.

B.  

Create an AWS CloudWatch alarm that activates when an IAM user creates or modifies resources in an AWS account.

C.  

Use AWS Identity and Access Management (IAM) Access Analyzer to review all the company's resources and accounts.

D.  

Use Amazon Inspector to find vulnerabilities in existing IAM policies.

A.  

Create an S3 Lifecycle configuration rule to transition data that is older than 6 months to the S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Create another S3 Lifecycle configuration rule to transition data that is older than 2 years to the S3 Glacier Deep Archive storage class.

B.  

Create an S3 Lifecycle configuration rule to transition data that is older than 6 months to the S3 One Zone-Infrequent Access (S3 One Zone-IA) storage class. Create another S3 Lifecycle configuration rule to transition data that is older than 2 years to the S3 Glacier Flexible Retrieval storage class.

C.  

Use the S3 Intelligent-Tiering storage class to store data instead of the S3 Standard storage class.

D.  

Create an S3 Lifecycle expiration rule to delete data that is older than 7 years.

E.  

Create an S3 Lifecycle configuration rule to transition data that is older than 7 years to the S3 Glacier Deep Archive storage class.

A.  

Use Amazon ElastiCache to cache videos in all the required bitrates. Use AWS Lambda functions to process the videos and to convert the videos to the required bitrates.

B.  

Create an Auto Scaling group that includes Amazon EC2 instances that are sized to meet peak loads. Use the Auto Scaling group to serve videos. Use the Auto Scaling group to convert the videos to the required bitrates.

C.  

Store a copy of every video in every required bitrate in an Amazon S3 bucket. Use a single Amazon EC2 instance to serve the videos.

D.  

Use Amazon Kinesis Video Streams to store and serve the videos. Use AWS Lambda functions to process the videos and to convert the videos to the required bitrates.

A.  

Change the capacity mode from provisioned to on-demand.

B.  

Double the number of shards until the throttling errors stop occurring.

C.  

Change the partition key from service name to creation timestamp.

D.  

Use a separate Kinesis stream for each service to generate the logs.

A.  

Create an AWS Cloud Format ion template for the web server EC2 instances. Save an IAM access key in the UserData section of the AWS;:EC2::lnstance entity in the CloudFormation template.

B.  

Create a file that contains an IAM secret access key and access key ID. Store the file in a new S3 bucket. Create an AWS CloudFormation template. In the template, create a parameter to specify the location of the S3 object that contains the access key and access key ID.

C.  

Create an IAM role and an IAM access policy that allows the web server EC2 instances to access the S3 bucket. Create an AWS CloudFormation template for the web server EC2 instances that contains an IAM instance profile entity that references the IAM role and the IAM access policy.

D.  

Create a script that retrieves an IAM secret access key and access key ID from IAM and stores them on the web server EC2 instances. Include the script in the UserData section of the AWS::EC2::lnstance entity in an AWS CloudFormation template.

A.  

Require users to access the files by using CloudFront signed URLs.

B.  

Configure geographic restrictions in CloudFront.

C.  

Require users to access the files by using CloudFront signed cookies.

D.  

Configure an origin access control (OAC) between CloudFront and the S3 bucket.

A.  

Create an Amazon CloudFront distribution in front of the ALB.

B.  

Deploy an Amazon API Gateway regional API endpoint. Integrate the API endpoint with the AL

B.  

C.  

Create an accelerator in AWS Global Accelerator. Add a listener. Configure the endpoint to point to the ALB.

D.  

Deploy the ALB and the fleet of EC2 instances to another Region. Use Amazon Route 53 with geolocation routing.

A.  

Scale out the nodes by tracking the memory usage.

B.  

Use the Kubernetes Cluster Autoscaler to manage the number of nodes in the cluster.

C.  

Use an AWS Lambda function to resize the EKS cluster automatically.

D.  

Use an Amazon EC2 Auto Scaling group to distribute the workload.

A.  

Create a new EFS file system in the primary account. Use AWS DataSync to copy the contents of the original EFS file system to the new EFS file system.

B.  

Create a VPC peering connection between the VPCs that are in the primary account and the secondary account.

C.  

Create a second Lambda function in the secondary account that has a mount that is configured for the file system. Use the primary account's Lambda function to invoke the secondary account's Lambda function.

D.  

Move the contents of the file system to a Lambda layer. Configure the Lambda layer's permissions to allow the company's secondary account to use the Lambda layer.

A.  

Create a help desk application to generate an Amazon S3 presigned URL for each employee. Configure the presigned URLs to have short expirations. Instruct employees to contact the company help desk to receive a presigned URL to access the S3 bucket.

B.  

Create a group for Amazon S3 access in IAM Identity Center. Add the employees who require access to the S3 bucket to the group. Create an IAM policy to allow Amazon S3 access from the group. Instruct employees to use the AWS access portal to access the AWS Management Console and navigate to the S3 bucket.

C.  

Create an Amazon S3 File Gateway. Create one share for data uploads and a second share for data downloads. Set up an SFTP service on an Amazon EC2 instance. Mount the shares to the EC2 instance. Instruct employees to use the SFTP server.

D.  

Configure AWS Transfer Family SFTP endpoints. Select the custom identity provider option. Use AWS Secrets Manager to manage the user credentials. Instruct employees to use Transfer Family SFTP.

A.  

Use AWS Systems Manager templates to control which AWS services each department can use

B.  

Create organization units (OUs) for each department in AWS Organizations. Attach service control policies (SCPs) to the OUs.

C.  

Use AWS CloudFormation to automatically provision only the AWS services that each department can use.

D.  

Set up a list of products in AWS Service Catalog in the AWS accounts to manage and control the usage of specific AWS services

A.  

Use Amazon EC2 instances for the application tier. Use an Amazon DynamoDB table for the database tier. Create a VPC endpoint for DynamoDB. Assign the instances an instance profile that has permission to access DynamoDB.

B.  

Use AWS Lambda functions for the application tier. Use an Amazon DynamoDB table for the database tier. Assign a Lambda function an appropriate IAM role to access the table.

C.  

Use AWS Fargate for the application tier. Create an Amazon Aurora PostgreSQL instance inside a private subnet for the database tier.

D.  

Use Amazon EC2 instances for the application tier. Use an Amazon S3 bucket to store the data in JSON format. Configure the application to use Amazon Athena to read and write the data to and from the S3 bucket.

A.  

Implement an AWS Site-to-Site VPN to establish a secure connection with the third-party SaaS provider.

B.  

Deploy AWS Transit Gateway to manage and route traffic between the application's VPC and the third-party SaaS provider.

C.  

Configure AWS PrivateLink to allow only outbound traffic from the VPC without enabling the third-party SaaS provider to establish a return path to the network.

D.  

Use AWS PrivateLink to create a private connection between the application's VPC and the third-party SaaS provider.

A.  

Assign public IP addresses to the EC2 instances in the private subnets. Configure security groups to allow outbound internet access.

B.  

Configure a NAT gateway in the public subnets. Update the route table for the private subnets to route traffic to the NAT gateway.

C.  

Configure a VPC peering connection between the private subnets and a public subnet that has access to the external API.

D.  

Deploy an interface VPC endpoint to securely connect to the external API.

A.  

Deploy the application to EC2 instances that run in an Auto Scaling group behind an Application Load Balancer. Create an Amazon Redshift cluster that has multiple MySQL-compatible nodes.

B.  

Deploy the application to EC2 instances that are configured as a target group behind an Application Load Balancer. Create an Amazon RDS for MySQL cluster that has multiple instances.

C.  

Deploy the application to EC2 instances that run in an Auto Scaling group behind an Application Load Balancer. Create an Amazon Aurora Serverless MySQL cluster for the database layer.

D.  

Deploy the application to EC2 instances that are configured as a target group behind an Application Load Balancer. Create an Amazon ElastiCache (Redis OSS) cluster that uses the MySQL connector.

A.  

Use cost allocation tags on AWS resources to label owners. Create usage budgets in AWS Budgets. Add an alert threshold to receive notification when spending exceeds 60% of the budget.

B.  

Use AWS Cost Explorer forecasts to determine resource owners. Use AWS Cost Anomaly Detection to create alert threshold notifications when spending exceeds 60% of the budget.

C.  

Use cost allocation tags on AWS resources to label owners. Use AWS Support API on AWS Trusted Advisor to create alert threshold notifications when spending exceeds 60% of the budget.

D.  

Use AWS Cost Explorer forecasts to determine resource owners. Create usage budgets in AWS Budgets. Add an alert threshold to receive notification when spending exceeds 60% of the budget.