A.  

Use AWS Storage Gateway for files to store and process the video content

B.  

Use AWS Storage Gateway for volumes to store and process the video content

C.  

Use Amazon EFS for storing the video content Once processing is complete transfer the files to Amazon Elastic Block Store (Amazon EBS)

D.  

Use Amazon S3 for storing the video content Move the files temporarily over to an Amazon Elastic Block Store (Amazon EBS) volume attached to the server for processing

A.  

Configure S3 Transfer Acceleration on the existing S3 bucket Direct customer requests to the S3 Transfer Acceleration endpoint Continue to use S3 signed URLs for access control

B.  

Deploy an Amazon CloudFront distribution with the existing S3 bucket as the origin Direct customer requests to the CloudFront URL Switch to CloudFront signed URLs for access control

C.  

Set up a second S3 bucket in the eu-central-1 Region with S3 Cross-Region Replication between the buckets Direct customer requests to the closest Region Continue to use S3 signed URLs for access control

D.  

Modify the web application to enable streaming of the datasets to end users. Configure the web application to read the data from the existing S3 bucket Implement access control directly in the application

A.  

Upload and store content in Amazon S3. Use Amazon CloudFront for the uploads.

B.  

Upload and store content in Amazon S3. Use S3 Transfer Acceleration for the uploads.

C.  

Upload content to Amazon EC2 instances in the Region that is closest to the user. Copy the data to Amazon S3.

D.  

Upload and store content in Amazon S3 in the Region that is closest to the user. Use multiple distributions of Amazon CloudFront.

A.  

Migrate all the files to an Amazon S3 bucket. Instruct the employees to access the files from the S3 bucket.

B.  

Take a snapshot of the existing EBS volume. Mount the snapshot as an EBS volume across the EC2 instances. Instruct the employees to access the files from the EC2 instances.

C.  

Mount an Amazon Elastic File System (Amazon EFS) file system across all the EC2 instances. Instruct the employees to access the files from the EC2 instances.

D.  

Create an Amazon Machine Image (AMI) from the EC2 instances. Configure new EC2 instances from the AMI that use an instance store volume. Instruct the employees to access the files from the EC2 instances

A.  

Create an encryption key and store the key in AWS Secrets Manager Use the key to encrypt the DB instances

B.  

Generate a certificate in AWS Certificate Manager (ACM). Enable SSL/TLS on the DB instances by using the certificate

C.  

Create a customer master key (CMK) in AWS Key Management Service (AWS KMS) Enable encryption for the DB instances

D.  

Generate a certificate in AWS Identity and Access Management {IAM) Enable SSUTLS on the DB instances by using the certificate

A.  

Amazon GuardDuty

B.  

Amazon Inspector

C.  

AWS CloudTrail

D.  

AWS Config

A.  

Write a custom AWS Lambda function to generate the thumbnail and alert the user. Use the image upload process as an event source to invoke the Lambda function.

B.  

Create an AWS Step Functions workflow Configure Step Functions to handle the orchestration between the application tiers and alert the user when thumbnail generation is complete

C.  

Create an Amazon Simple Queue Service (Amazon SQS) message queue. As images are uploaded, place a message on the SQS queue for thumbnail generation. Alert the user through an application message that the image was received

D.  

Create Amazon Simple Notification Service (Amazon SNS) notification topics and subscriptions Use one subscription with the application to generate the thumbnail after the image upload is complete. Use a second subscription to message the user's mobile app by way of a push notification after thumbnail generation is complete.

A.  

Enable a Multi-AZ deployment for the DB Instance

B.  

Enable auto scaling for the OB instance m one Availability Zone.

C.  

Configure the 06 instance in one Availability Zone and create multiple read replicas in a separate Availability Zone

D.  

Configure the 06 instance in one Availability Zone, and configure AWS Database Migration Service (AWS DMS) change data capture (CDC) tasks

A.  

Provide an API hosted on an Amazon EC2 instance. The EC2 instance performs the required computations when the API request is made.

B.  

Design a REST API using Amazon API Gateway that accepts the item names. API Gateway passes item names to AWS Lambda for tax computations.

C.  

Create an Application Load Balancer that has two Amazon EC2 instances behind it. The EC2 instances will compute the tax on the received item names.

D.  

Design a REST API using Amazon API Gateway that connects with an API hosted on an Amazon EC2 instance. API Gateway accepts and passes the item names to the EC2 instance for tax computations.

A.  

Use AWS Lambda with functional scaling

B.  

Use Amazon Elastic Container Service (Amazon ECS) with AWS Fargate

C.  

Use Amazon Lightsail with AWS Auto Scaling

D.  

Use AWS Batch on Amazon EC2

A.  

Create a database snapshot Copy the snapshot to a new unencrypted snapshot Share the new snapshot with the acquiring company's AWS account

B.  

Create a database snapshot Add the acquiring company's AWS account to the KMS key policy Share the snapshot with the acquiring company's AWS account

C.  

Create a database snapshot that uses a different AWS managed KMS key Add the acquiring company's AWS account to the KMS key alias. Share the snapshot with the acquiring company's AWS account.

D.  

Create a database snapshot Download the database snapshot Upload the database snapshot to an Amazon S3 bucket Update the S3 bucket policy to allow access from the acquiring company's AWS account

A.  

Implement Amazon SNS to store the database calls.

B.  

Implement Amazon ElasticCache to cache the large database.

C.  

Implement an RDS for MySQL read replica to cache database calls.

D.  

Implement Amazon Kinesis Data Firehose to stream the calls to the database.

A.  

Update the Amazon Cognito identity pool to assume the proper IAM role for access to the protected consent.

B.  

Update the S3 ACL to allow the application to access the protected content

C.  

Redeploy the application to Amazon 33 to prevent eventually consistent reads m the S3 bucket from affecting the ability of users to access the protected content.

D.  

Update the Amazon Cognito pool to use custom attribute mappings within tie Identity pool and grant users the proper permissions to access the protected content

A.  

Use Amazon ElastiCache to manage and store session data.

B.  

Use session affinity (sticky sessions) of the ALB to manage session data.

C.  

Use Session Manager from AWS Systems Manager to manage the session.

D.  

Use the GetSessionToken API operation in AWS Security Token Service (AWS STS) to manage the session

A.  

Create multiple Amazon Kinesis data streams based on the quote type Configure the web application to send messages to the proper data stream Configure each backend group of application servers to use the Kinesis Client Library (KCL) to pool messages from its own data stream

B.  

Create an AWS Lambda function and an Amazon Simple Notification Service (Amazon SNS) topic for each quote type Subscribe the Lambda function to its associated SNS topic Configure the application to publish requests tot quotes to the appropriate SNS topic

C.  

Create a single Amazon Simple Notification Service (Amazon SNS) topic Subscribe Amazon Simple Queue Service (Amazon SQS) queues to the SNS topic Configure SNS message filtering to publish messages to the proper SQS queue based on the quote type Configure each backend application server to use its own SQS queue

D.  

Create multiple Amazon Kinesis Data Firehose delivery streams based on the quote type to deliver data streams to an Amazon Elasucsearch Service (Amazon ES) cluster Configure the application to send messages to the proper delivery stream Configure each backend group of application servers to search for the messages from Amazon ES and process them accordingly

A.  

Use AWS DataSync.

B.  

Use AWS Snowball devices

C.  

Set up an SFTP server on Amazon EC2

D.  

Use AWS Database Migration Service (AWS DMS)

A.  

Set the Lambda function's runtime timeout value to 15 minutes

B.  

Configure an S3 bucket replication policy Stage the documents m the S3 bucket for later processing

C.  

Deploy an additional Lambda function Load balance the processing of the documents across the two Lambda functions

D.  

Create an Amazon Simple Queue Service (Amazon SOS) queue Send the requests to the queue Configure the queue as an event source for Lambda.

A.  

Migrate the file server to an Amazon EC2 instance in a public subnet. Configure the security group to limit inbound traffic to the employees ‚IP addresses.

B.  

Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the Amazon FSx file system with the on-premises Active Directory Configure AWS Client VPN.

C.  

Migrate the files to Amazon S3, and create a private VPC endpoint. Create a signed URL to allow download.

D.  

Migrate the files to Amazon S3, and create a public VPC endpoint Allow employees to sign on with AWS IAM identity Center (AWS Sing-On).

A.  

Configure the security group tor the web servers lo allow inbound traffic on port 443 from 0.0.0. 0/0) Configure the security group for the DB instance to allow inbound traffic on port 3306 from the security group of the web servers

B.  

Configure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers Configure the security group for the DB instance lo allow inbound traffic on port 3306 from the security group of the web servers

C.  

Configure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers Configure the security group for the DB instance to allow inbound traffic on port 3306 from the IP addresses of the customers

D.  

Configure the security group for the web servers to allow inbound traffic on port 443 from 0.0.0.0.0 Configure the security group for the DB instance to allow inbound traffic on port 3306 from 0.0.0.0/0)

A.  

Subscribe to AWS Shield Advanced Add the accelerator as a resource to protect

B.  

Subscribe to AWS Shield Advanced Add the EC2 instances as resources to protect

C.  

Create an AWS WAF web ACL that includes a rate-based rule Associate the web ACL with the accelerator

D.  

Create an AWS WAF web ACL that includes a rate-based rule Associate the web ACL with the EC2 instances

A.  

Amazon Aurora MySQL

B.  

Amazon Aurora Serverless tor MySQL

C.  

Amazon Redshift Spectrum

D.  

Amazon RDS for MySQL

A.  

Create a proxy in RDS Proxy Configure the users' applications to use the DB instance through RDS Proxy

B.  

Deploy Amazon ElastCache for Memcached between the users' application and the DB instance

C.  

Migrate the DB instance to a different instance class that has higher I/O capacity. Configure the users' applications to use the new DB instance.

D.  

Configure Multi-AZ for the DB instance Configure the users' application to switch between the DB instances.

A.  

Create an Amazon API Gateway REST API. Configure the method to use the Lambda function. Enable IAM authentication on the API.

B.  

Create a Lambda function URL for the function. Specify AWS_IAM as the authentication type.

C.  

Create an Amazon CloudFront distribution. Deploy the function to Lambda@Edge. Integrate IAM authentication logic into the Lambda@Edge function.

D.  

Create an Amazon CloudFront distribuion. Deploy the function to CloudFront Functions. Specify AWS_IAM as the authentication type.

A.  

Create an AWS DataSync task that shares the data as a mountable file system Mount the file system to the application server

B.  

Create an Amazon EC2 Windows instance Install and configure a Windows file share role on the instance Connect the application server to the file share

C.  

Create an Amazon FSx for Windows File Server file system Attach the file system to the origin server Connect the application server to the file system

D.  

Create an Amazon S3 bucket Assign an IAM role to the application to grant access to the S3 bucket Mount the S3 bucket to the application server

A.  

Add an explicit rule to the private subnet's network ACL to allow traffic from the web tier's EC2 instances.

B.  

Add a route in the VPC route table to allow traffic between the web tier's EC2 instances and Ihe database tier.

C.  

Deploy the web tier's EC2 instances and the database tier's RDS instance into two separate VPCs. and configure VPC peering.

D.  

Add an inbound rule to the security group of the database tier's RDS instance to allow traffic from the web tier's security group.

A.  

Store the images and geographic codes in a database table Use Oracle running on an Amazon RDS Multi-AZ DB instance

B.  

Store the images in Amazon S3 buckets Use Amazon DynamoDB with the geographic code as the key and the image S3 URL as the value

C.  

Store the images and geographic codes in an Amazon DynamoDB table Configure DynamoDB Accelerator (DAX) during times of high load

D.  

Store the images in Amazon S3 buckets Store geographic codes and image S3 URLs in a database table Use Oracle running on an Amazon RDS Multi-AZ DB instance.

A.  

Use Amazon S3 multi-part upload functionality to transfer the fees over HTTPS

B.  

Create a VPN connection between the on-premises NAS system and the nearest AWS Region Transfer the data over the VPN connection

C.  

Use the AWS Snow Family console to order several AWS Snowball Edge Storage Optimized devices Use the devices to transfer the data to Amazon S3.

D.  

Set up a 10 Gbps AWS Direct Connect connection between the company location and (he nearest AWS Region Transfer the data over a VPN connection into the Region to store the data in Amazon S3

A.  

Use the Amazon S3 Standard storage class Create an S3 Lifecycle policy to move infrequently accessed data to S3 Glacier

B.  

Use the Amazon S3 Standard storage class. Create an S3 Lifecycle policy to move infrequently accessed data to S3 Standard-Infrequent Access (EF3 Standard-IA).

C.  

Use the Amazon Elastic File System (Amazon EFS) Standard storage class. Create a Lifecycle management policy to move infrequently accessed data to EFS Standard-Infrequent Access (EFS Standard-IA)

D.  

Use the Amazon Elastic File System (Amazon EFS) One Zone storage class. Create a Lifecycle management policy to move infrequently accessed data to EFS One Zone-Infrequent Access (EFS One Zone-IA).

A.  

10.0.1.0/32

B.  

192.168.0.0/24

C.  

192.168.1.0/32

D.  

10.0.1.0/24

A.  

Use a scheduled AWS Lambda function and run a script remotely on all EC2 instances to send data to the audit system.

B.  

Use EC2 Auto Scaling lifecycle hooks to run a custom script to send data to the audit system when instances are launched and terminated

C.  

Use an EC2 Auto Scaling launch configuration to run a custom script through user data to send data to the audit system when instances are launched and terminated

D.  

Run a custom script on the instance operating system to send data to the audit system Configure the script to be invoked by the EC2 Auto Scaling group when the instance starts and is terminated

A.  

Enable API caching and throttling on the API Gateway API

B.  

Set up AWS WAF on the API Gateway API Create a rule to filter users who have a subscription

C.  

Apply fine-grained IAM permissions to the premium content in the DynamoDB table

D.  

Implement API usage plans and API keys to limit the access of users who do not have a subscription.

A.  

Add required IAM permissions in the resource policy of the Lambda function

B.  

Create a signed request using the existing IAM credentials n the Lambda function

C.  

Create a new IAM user and use the existing IAM credentials in the Lambda function.

D.  

Create an IAM execution role with the required permissions and attach the IAM rote to the Lambda function

A.  

Use AWS Glue to process the raw data in Amazon S3.

B.  

Use Amazon Route 53 to route traffic to different EC2 instances.

C.  

Add more EC2 instances to accommodate the increasing amount of incoming data.

D.  

Send the raw data to Amazon Simple Queue Service (Amazon SOS). Use EC2 instances to process the data.

E.  

Use Amazon API Gateway to send the raw data to an Amazon Kinesis data stream. Configure Amazon Kinesis Data Firehose to use the data stream as a source to deliver the data to Amazon S3.

A.  

Create an S3 bucket in each Region Configure the S3 buckets to use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) Configure replication between the S3 buckets.

B.  

Create a customer managed multi-Region KMS key. Create an S3 bucket in each Region. Configure replication between the S3 buckets. Configure the application to use the KMS key with client-side encryption.

C.  

Create a customer managed KMS key and an S3 bucket in each Region Configure the S3 buckets to use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) Configure replication between the S3 buckets.

D.  

Create a customer managed KMS key and an S3 bucket m each Region Configure the S3 buckets to use server-side encryption with AWS KMS keys (SSE-KMS) Configure replication between the S3 buckets.

A.  

Implement client-side encryption and store the images in an Amazon S3 Glacier vault Set a vault lock to prevent accidental deletion

B.  

Store the images in an Amazon S3 bucket in the S3 Standard-Infrequent Access (S3 Standard-IA) storage class Enable versioning default encryption and MFA Delete on the S3 bucket.

C.  

Store the images in an Amazon FSx for Windows File Server file share Configure the Amazon FSx file share to use an AWS Key Management Service (AWS KMS) customer master key (CMK) to encrypt the images in the file share Use NTFS permission sets on the images to prevent accidental deletion

D.  

Store the images in an Amazon Elastic File System (Amazon EFS) file share in the Infrequent Access storage class Configure the EFS file share to use an AWS Key Management Service (AWS KMS) customer master key (CMK) to encrypt the images in the file share. Use NFS permission sets on the images to prevent accidental deletion

A.  

Use Amazon Athena with Amazon S3

B.  

Use Amazon API Gateway with AWS Lambda

C.  

Use Amazon QuickSight with Amazon Redshift.

D.  

Use Amazon API Gateway with Amazon Kinesis Data Analytics

A.  

Launch the EC2 instance into the same Avalability Zone as the EFS fie system

B.  

install an AWS DataSync agent m the on-premises data center

C.  

Create a secondary Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instance tor the data

D.  

Manually use an operating system copy command to push the data to the EC2 instance

E.  

Use AWS DataSync to create a suitable location configuration for the onprermises SFTP server

A.  

Save the pdf files to Amazon S3 Configure an S3 PUT event to invoke an AWS Lambda function to convert the files to jpg format and store them back in Amazon S3

B.  

Save the pdf files to Amazon DynamoD

B.  

C.  

Upload the pdf files to an AWS Elastic Beanstalk application that includes Amazon EC2 instances. Amazon Elastic Block Store (Amazon EBS) storage and an Auto Scaling group. Use a program In the EC2 instances to convert the files to jpg format Save the .pdf files and the .jpg files In the EBS store.

D.  

Upload the .pdf files to an AWS Elastic Beanstalk application that includes Amazon EC2 instances, Amazon Elastic File System (Amazon EPS) storage, and an Auto Scaling group. Use a program in the EC2 instances to convert the file to jpg format Save the pdf files and the jpg files in the EBS store.

A.  

Persist the messages to Amazon Kinesis Data Analytics. All the applications will read and process the messages.

B.  

Deploy the application on Amazon EC2 instances in an Auto Scaling group, which scales the number of EC2 instances based on CPU metrics.

C.  

Write the messages to Amazon Kinesis Data Streams with a single shard. All applications will read from the stream and process the messages.

D.  

Publish the messages to an Amazon Simple Notification Service (Amazon SNS) topic with one or more Amazon Simple Queue Service (Amazon SQS) subscriptions. All applications then process the messages from the queues.

A.  

Migrate the application to run as containers on Amazon Elastic Container Service (Amazon ECS) Use Amazon S3 for storage

B.  

Migrate the application to run as containers on Amazon Elastic Kubernetes Service (Amazon EKS) Use Amazon Elastic Block Store (Amazon EBS) for storage

C.  

Migrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling group. Use Amazon Elastic File System (Amazon EFS) for storage.

D.  

Migrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling group. Use Amazon Elastic Block Store (Amazon EBS) for storage.

A.  

Use AWS DataSync to move the data Create a custom transformation job by using AWS Glue

B.  

Order an AWS Snowcone device to move the data Deploy the transformation application to the device

C.  

Order an AWS Snowball Edge Storage Optimized device. Copy the data to the device. Create a custom transformation job by using AWS Glue

D.  

Order an AWS

D.  

A.  

Store the uploaded documents in an Amazon S3 bucket with S3 Versioning and S3 Object Lock enabled

B.  

Store the uploaded documents in an Amazon S3 bucket. Configure an S3 Lifecycle policy to archive the documents periodically.

C.  

Store the uploaded documents in an Amazon S3 bucket with S3 Versioning enabled Configure an ACL to restrict all access to read-only.

D.  

Store the uploaded documents on an Amazon Elastic File System (Amazon EFS) volume. Access the data by mounting the volume in read-only mode.

A.  

Configure an S3 interface endpoint.

B.  

Configure an S3 gateway endpoint.

C.  

Create an S3 bucket in a private subnet.

D.  

Create an S3 bucket in the same Region as the EC2 instance.

A.  

Launch the NAT gateway in each Availability Zone

B.  

Replace the NAT gateway with a NAT instance

C.  

Deploy a gateway VPC endpoint for Amazon S3

D.  

Provision an EC2 Dedicated Host to run the EC2 instances

A.  

Use Spot Instances for the production EC2 instances. Use Reserved Instances for the development and test EC2 instances.

B.  

Use Reserved Instances for the production EC2 instances. Use On-Demand Instances for the development and test EC2 instances.

C.  

Use Spot blocks for the production EC2 instances. Use Reserved Instances for the development and test EC2 instances.

D.  

Use On-Demand Instances for the production EC2 instances. Use Spot blocks for the development and test EC2 instances.

A.  

Create an Amazon SNS topic to send the jobs that need to be processed Create an Amazon Machine Image (AMI) that consists of the processor application Create a launch configuration that uses the AMI Create an Auto Scaling group using the launch configuration Set the scaling policy for the Auto Scaling group to add and remove nodes based on CPU usage

B.  

Create an Amazon SQS queue to hold the jobs that need to be processed Create an Amazon Machine image (AMI) that consists of the processor application Create a launch configuration that uses the AM' Create an Auto Scaling group using the launch configuration Set the scaling policy for the Auto Scaling group to add and remove nodes based on network usage

C.  

Create an Amazon SQS queue to hold the jobs that needs to be processed Create an Amazon Machine image (AMI) that consists of the processor application Create a launch template that uses the AMI Create an Auto Scaling group using the launch template Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue

D.  

Create an Amazon SNS topic to send the jobs that need to be processed Create an Amazon Machine Image (AMI) that consists of the processor application Create a launch template that uses the AMI Create an Auto Scaling group using the launch template Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of messages published to the SNS topic

A.  

Deploy an Amazon EC2 instance to host an API that sends data to an Amazon Kinesis data stream. Create an Amazon Kinesis Data Firehose delivery stream that uses the Kinesis data stream as a data source. Use AWS Lambda functions to transform the data. Use the Kinesis Data Firehose delivery stream to send the data to Amazon S3.

B.  

Deploy an Amazon EC2 instance to host an API that sends data to AWS Glue. Stop source/destination checking on the EC2 instance. Use AWS Glue to transform the data and to send the data to Amazon S3.

C.  

Configure an Amazon API Gateway API to send data to an Amazon Kinesis data stream. Create an Amazon Kinesis Data Firehose delivery stream that uses the Kinesis data stream as a data source. Use AWS Lambda functions to transform the data. Use the Kinesis Data Firehose delivery stream to send the data to Amazon S3.

D.  

Configure an Amazon API Gateway API to send data to AWS Glue. Use AWS Lambda functions to transform the data. Use AWS Glue to send the data to Amazon S3.

A.  

Create a now route table that excludes the route to the public subnets' CIDR blocks. Associate the route table to the database subnets.

B.  

Create a security group that denies ingress from the security group used by instances in the public subnets. Attach the security group to an Amazon RDS DB instance.

C.  

Create a security group that allows ingress from the security group used by instances in the private subnets. Attach the security group to an Amazon RDS DB instance.

D.  

Create a new peering connection between the public subnets and the private subnets. Create a different peering connection between the private subnets and the database subnets.

A.  

Enable Amazon S3 Transfer Acceleration on the destination bucket. Use multipart uploads to directly upload site data to the destination bucket.

B.  

Upload site data to an Amazon S3 bucket in the closest AWS Region. Use S3 cross-Region replication to copy objects to the destination bucket.

C.  

Schedule AWS Snowball jobs daily to transfer data to the closest AWS Region. Use S3 cross-Region replication to copy objects to the destination bucket.

D.  

Upload the data to an Amazon EC2 instance in the closest Region. Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. Once a day take an EBS snapshot and copy it to the centralized Region. Restore the EBS volume in the centralized Region and run an analysis on the data daily.

A.  

Enable versioning on the S3 bucket.

B.  

Enable MFA Delete on the S3 bucket.

C.  

Create a bucket policy on the S3 bucket.

D.  

Enable default encryption on the S3 bucket.

E.  

Create a lifecycle policy for the objects in the S3 bucket.

A.  

Use Amazon RDS for data that is frequently accessed. Run a periodic custom script to export the data to an Amazon S3 bucket.

B.  

Store the data directly in an Amazon S3 bucket. Implement an S3 Lifecycle policy to move older data to S3 Glacier Deep Archive for long-term storage. Run one-time queries on the data in Amazon S3 by using Amazon Athena

C.  

Use Amazon DynamoDB with DynamoDB Accelerator (DAX) for data that is frequently accessed. Export the data to an Amazon S3 bucket by using DynamoDB table export. Run one-time queries on the data in Amazon S3 by using Amazon Athena.

D.  

Use Amazon DynamoDB for data that is frequently accessed Turn on streaming to Amazon Kinesis Data Streams. Use Amazon Kinesis Data Firehose to read the data from Kinesis Data Streams. Store the records in an Amazon S3 bucket.

A.  

Amazon FSx for Lustre integrated with Amazon S3

B.  

Amazon FSx for Windows File Server integrated with Amazon S3

C.  

Amazon S3 Glacier integrated with Amazon Elastic Block Store (Amazon EBS)

D.  

Amazon S3 bucket with a VPC endpoint integrated with an Amazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp2) volume

A.  

Apply an S3 bucket pokey that grants road access to the S3 bucket

B.  

Apply an IAM role to the Lambda function Apply an IAM policy to the role to grant read access to the S3 bucket

C.  

Embed an access key and a secret key In the Lambda function's coda to grant the required IAM permissions for read access to the S3 bucket

D.  

Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to all S3 buckets In the account

A.  

Create a AWS Glue extract, transform, and load (ETL) job that runs on a schedule. Configure the ETL job to process the .csv files and store the processed data in Amazon Redshit.

B.  

Develop a Python script that runs on Amazon EC2 instances to convert the. csv files to sql files invoke the Python script on cron schedule to store the output files in Amazon S3.

C.  

Create an AWS Lambda function and an Amazon DynamoDB table. Use an S3 event to invoke the Lambda function. Configure the Lambda function to perform an extract transform, and load (ETL) job to process the .csv files and store the processed data in the DynamoDB table.

D.  

Use Amazon EventBridge (Amazon CloudWatch Events) to launch an Amazon EMR cluster on a weekly schedule. Configure the EMR cluster to perform an extract, tractform, and load (ETL) job to process the .csv files and store the processed data in an Amazon Redshift table.

A.  

S3 Intelligent-Tiering

B.  

S3 Glacier Instant Retrieval

C.  

S3 Standard

D.  

S3 Standard-Infrequent Access (S3 Standard-IA)

A.  

Migrate the file share to Amazon RDS

B.  

Migrate the file share to AWS Storage Gateway

C.  

Migrate the file share to Amazon FSx for Windows File Server

D.  

Migrate the file share to Amazon Elastic File System (Amazon EFS)

A.  

Enable AWS Single Sign-On (AWS SSO) from the AWS SSO console. Create a one-way forest trust or a one-way domain trust to connect the company's self-managed Microsoft Active Directory with AWS SSO by using AWS Directory Service for Microsoft Active Directory.

B.  

Enable AWS Single Sign-On (AWS SSO) from the AWS SSO console. Create a two-way forest trust to connect the company's self-managed Microsoft Active Directory with AWS SSO by using AWS Directory Service for Microsoft Active Directory.

C.  

Use AWS Directory Service. Create a two-way trust relationship with the company's self-managed Microsoft Active Directory.

D.  

Deploy an identity provider (IdP) on premises. Enable AWS Single Sign-On (AWS SSO) from the AWS SSO console.

A.  

Store the records in S3 Glacier for the entire 10-year period. Use an access control policy to deny deletion of the records for a period of 10 years.

B.  

Store the records by using S3 Intelligent-Tiering. Use an IAM policy to deny deletion of the records. After 10 years, change the IAM policy to allow deletion.

C.  

Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 year. Use S3 Object Lock in compliance mode for a period of 10 years.

D.  

Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 1 year. Use S3 Object Lock in governance mode for a period of 10 years.

A.  

Store the database user credentials in AWS Secrets Manager Grant the necessary IAM permissions to allow the web servers to access AWS Secrets Manager

B.  

Store the database user credentials in AWS Systems Manager OpsCenter Grant the necessary IAM permissions to allow the web servers to access OpsCenter

C.  

Store the database user credentials in a secure Amazon S3 bucket Grant the necessary IAM permissions to allow the web servers to retrieve credentials and access the database.

D.  

Store the database user credentials in files encrypted with AWS Key Management Service (AWS KMS) on the web server file system. The web server should be able to decrypt the files and access the database

A.  

Make the encrypted AMI and snapshots publicly available. Modify the CMK's key policy to allow the MSP Partner's AWS account to use the key

B.  

Modify the launchPermission property of the AMI. Share the AMI with the MSP Partner's AWS account only. Modify the CMK's key policy to allow the MSP Partner's AWS account to use the key.

C.  

Modify the launchPermission property of the AMI Share the AMI with the MSP Partner's AWS account only. Modify the CMK's key policy to trust a new CMK that is owned by the MSP Partner for encryption.

D.  

Export the AMI from the source account to an Amazon S3 bucket in the MSP Partner's AWS account. Encrypt the S3 bucket with a CMK that is owned by the MSP Partner Copy and launch the AMI in the MSP Partner's AWS account.

A.  

Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificate. Apply the certificate to the ALB. Use the managed renewal feature to automatically rotate the certificate.

B.  

Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificate. Import the key material from the certificate. Apply the certificate to the AL

B.  

C.  

Use AWS Certificate Manager (ACM) Private Certificate Authority to issue an SSL/TLS certificate from the root CA. Apply the certificate to the ALB. Use the managed renewal feature to automatically rotate the certificate.

D.  

Use AWS Certificate Manager (ACM) to import an SSL/TLS certificate. Apply the certificate to the ALB. Use Amazon EventBridge (Amazon CloudWatch Events) to send a notification when the certificate is nearing expiration. Rotate the certificate manually.

A.  

Add a rule m ACM to publish a custom message to an Amazon Simple Notification Service (Amazon SNS) topic every day beginning 30 days before any certificate will expire.

B.  

Create an AWS Config rule that checks for certificates that will expire within 30 days. Configure Amazon EventBridge (Amazon CloudWatch Events) to invoke a custom alert by way of Amazon Simple Notification Service (Amazon SNS) when AWS Config reports a noncompliant resource

C.  

Use AWS trusted Advisor to check for certificates that will expire within to days. Create an Amazon CloudWatch alarm that is based on Trusted Advisor metrics for check status changes Configure the alarm to send a custom alert by way of Amazon Simple rectification Service (Amazon SNS)

D.  

Create an Amazon EventBridge (Amazon CloudWatch Events) rule to detect any certificates that will expire within 30 days. Configure the rule to invoke an AWS Lambda function. Configure the Lambda function to send a custom alert by way of Amazon Simple Notification Service (Amazon SNS).

A.  

Change the existing database to a Multi-AZ deployment. Serve the read requests from the primary Availability Zone.

B.  

Change the existing database to a Multi-AZ deployment. Serve the read requests from the secondary Availability Zone.

C.  

Create read replicas for the database. Configure the read replicas with half of the compute and storage resources as the source database.

D.  

Create read replicas for the database. Configure the read replicas with the same compute and storage resources as the source database.

A.  

Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS> queue for the targets to consume

B.  

Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) FIFO queue for the targets to consume

C.  

Subscribe to an RDS event notification and send an Amazon Simple Queue Service (Amazon SQS) queue fanned out to multiple Amazon Simple Notification Service (Amazon SNS) topics Use AWS Lambda functions to update the targets

D.  

Subscribe to an RDS event notification and send an Amazon Simple Notification Service (Amazon SNS) topic fanned out to multiple Amazon Simple Queue Service (Amazon SQS) queues Use AWS Lambda functions to update the targets

A.  

Configure DynamoDB global tables. For RPO recovery, point the application to a different AWS Region.

B.  

Configure DynamoDB point-in-time recovery. For RPO recovery, restore to the desired point in time.

C.  

Export the DynamoDB data to Amazon S3 Glacier on a daily basis. For RPO recovery, import the data from S3 Glacier to DynamoDB.

D.  

Schedule Amazon Elastic Block Store (Amazon EBS) snapshots for the DynamoDB table every 15 minutes. For RPO recovery, restore the DynamoDB table by using the EBS snapshot.

A.  

Copy the data so both EBS volumes contain all the documents.

B.  

Configure the Application Load Balancer to direct a user to the server with the documents

C.  

Copy the data from both EBS volumes to Amazon EFS Modify the application to save new documents to Amazon EFS

D.  

Configure the Application Load Balancer to send the request to both servers Return each document from the correct server.

A.  

Enable Amazon GuardDuty on the account.

B.  

Enable Amazon Inspector on the EC2 instances.

C.  

Enable AWS Shield and assign Amazon Route 53 to it.

D.  

Enable AWS Shield Advanced and assign the ELB to it.

A.  

Enable HTTP health checks on the NLB. supplying the URL of the company's application.

B.  

Add a cron job to the EC2 instances to check the local application's logs once each minute. If HTTP errors are detected, the application will restart.

C.  

Replace the NLB with an Application Load Balancer. Enable HTTP health checks by supplying the URL of the company's application. Configure an Auto Scaling action to replace unhealthy instances.

D.  

Create an Amazon Cloud Watch alarm that monitors the UnhealthyHostCount metric for the NLB. Configure an Auto Scaling action to replace unhealthy instances when the alarm is in the ALARM state.

A.  

Configure the Lambda function In multiple Availability Zones.

B.  

Create an Amazon Simple Queue Service (Amazon SQS) queue, and subscribe It to me SNS topic.

C.  

Increase the CPU and memory that are allocated to the Lambda function.

D.  

Increase provisioned throughput for the Lambda function.

E.  

Modify the Lambda function to read from an Amazon Simple Queue Service (Amazon SQS) queue

A.  

Use AWS Shield Advanced to stop the DDoS attack.

B.  

Configure Amazon GuardDuty to automatically block the attackers.

C.  

Configure the website to use Amazon CloudFront for both static and dynamic content.

D.  

Use an AWS Lambda function to automatically add attacker IP addresses to VPC network ACLs.

E.  

Use EC2 Spot Instances in an Auto Scaling group with a target tracking scaling policy that is set to 80% CPU utilization

A.  

Create an Amazon Simple Queue Service (Amazon SQS) queue Configure the S3 bucket to send a notification to the SQS queue when an image is uploaded to the S3 bucket

B.  

Configure the Lambda function to use the Amazon Simple Queue Service (Amazon SQS) queue as the invocation source When the SQS message is successfully processed, delete the message in the queue

C.  

Configure the Lambda function to monitor the S3 bucket for new uploads When an uploaded image is detected write the file name to a text file in memory and use the text file to keep track of the images that were processed

D.  

Launch an Amazon EC2 instance to monitor an Amazon Simple Queue Service (Amazon SQS) queue When items are added to the queue log the file name in a text file on the EC2 instance and invoke the Lambda function

E.  

Configure an Amazon EventBridge (Amazon CloudWatch Events) event to monitor the S3 bucket When an image is uploaded. send an alert to an Amazon Simple Notification Service (Amazon SNS) topic with the application owner's email address for further processing

A.  

Create an Amazon CloudFront distribution that has the S3 bucket and the ALB as origins Configure Route 53 to route traffic to the CloudFront distribution.

B.  

Create an Amazon CloudFront distribution that has the ALB as an origin Create an AWS Global Accelerator standard accelerator that has the S3 bucket as an endpoint. Configure Route 53 to route traffic to the CloudFront distribution.

C.  

Create an Amazon CloudFront distribution that has the S3 bucket as an origin Create an AWS Global Accelerator standard accelerator that has the ALB and the CloudFront distribution as endpoints Create a custom domain name that points to the accelerator DNS name Use the custom domain name as an endpoint for the web application.

D.  

Create an Amazon CloudFront distribution that has the ALB as an origin C. Create an AWS Global Accelerator standard accelerator that has the S3 bucket as an endpoint Create two domain names. Point one domain name to the CloudFront DNS name for dynamic content, Point the other domain name to the accelerator DNS name for static content Use the domain names as endpoints for the web application.

A.  

Use Amazon S3 to host the full website in different S3 buckets Add Amazon CloudFront distributions Set the S3 buckets as origins for the distributions Store the order data in Amazon S3

B.  

Deploy the full website on Amazon EC2 instances that run in Auto Scaling groups across multiple Availability Zones Add an Application Load Balancer (ALB) to distribute the website traffic Add another ALB for the backend APIs Store the data in Amazon RDS for MySQL

C.  

Migrate the full application to run in containers Host the containers on Amazon Elastic Kubernetes Service (Amazon EKS) Use the Kubernetes Cluster Autoscaler to increase and decrease the number of pods to process bursts in traffic Store the data in Amazon RDS for MySQL

D.  

Use an Amazon S3 bucket to host the website's static content Deploy an Amazon CloudFront distribution. Set the S3 bucket as the origin Use Amazon API Gateway and AWS Lambda functions for the backend APIs Store the data in Amazon DynamoDB

A.  

Use Amazon Aurora MySQL with Multi-AZ Aurora Replicas for production. Populate the staging database by implementing a backup and restore process that uses the mysqldump utility.

B.  

Use Amazon Aurora MySQL with Multi-AZ Aurora Replicas for production Use database cloning to create the staging database on-demand

C.  

Use Amazon RDS for MySQL with a Mufti AZ deployment and read replicas for production Use the standby instance tor the staging database.

D.  

Use Amazon RDS for MySQL with a Multi-AZ deployment and read replicas for production. Populate the staging database by implementing a backup and restore process that uses the mysqldump utility.

A.  

Create an S3 Glacier vault Apply a write-once, read-many (WORM) vault lock policy to the objects

B.  

Create an S3 bucket with S3 Object Lock enabled Enable versioning Set a retention period of 100 years Use governance mode as the S3 bucket's default retention mode for new objects

C.  

Create an S3 bucket Use AWS CloudTrail to (rack any S3 API events that modify the objects Upon notification, restore the modified objects from any backup versions that the company has

D.  

Create an S3 bucket with S3 Object Lock enabled Enable versioning Add a legal hold to the objects Add the s3 PutObjectLegalHold permission to the IAM policies of users who need to delete the objects

A.  

Store individual files with tags in Amazon S3 Glacier Instant Retrieval. Query the tags to retrieve the files from S3 Glacier Instant Retrieval.

B.  

Store individual files in Amazon S3 Intelligent-Tiering. Use S3 Lifecycle policies to move the files to S3 Glacier Flexible Retrieval after 1 year. Query and retrieve the files that are in Amazon S3 by using Amazon Athena. Query and retrieve the files that are in S3 Glacier by using S3 Glacier Select.

C.  

Store individual files with tags in Amazon S3 Standard storage. Store search metadata for each archive in Amazon S3 Standard storage. Use S3 Lifecycle policies to move the files to S3 Glacier Instant Retrieval after 1 year. Query and retrieve the files by searching for metadata from Amazon S3.

D.  

Store individual files in Amazon S3 Standard storage. Use S3 Lifecycle policies to move the files to S3 Glacier Deep Archive after 1 year. Store search metadata in Amazon RDS. Query the files from Amazon RDS. Retrieve the files from S3 Glacier Deep Archive.

A.  

Create an analysis in Amazon QuickSight. Connect all the data sources and create new datasets. Publish dashboards to visualize the data. Share the dashboards with the appropriate IAM roles.

B.  

Create an analysis in Amazon OuickSighl. Connect all the data sources and create new datasets. Publish dashboards to visualize the data. Share the dashboards with the appropriate users and groups.

C.  

Create an AWS Glue table and crawler for the data in Amazon S3. Create an AWS Glue extract, transform, and load (ETL) job to produce reports. Publish the reports to Amazon S3. Use S3 bucket policies to limit access to the reports.

D.  

Create an AWS Glue table and crawler for the data in Amazon S3. Use Amazon Athena Federated Query to access data within Amazon RDS for PoslgreSQL. Generate reports by using Amazon Athena. Publish the reports to Amazon S3. Use S3 bucket policies to limit access to the reports.

A.  

Use Amazon Redshift to load all the content into one place and run the SQL queries as needed

B.  

Use Amazon CloudWatch Logs to store the logs Run SQL queries as needed from the Amazon CloudWatch console

C.  

Use Amazon Athena directly with Amazon S3 to run the queries as needed

D.  

Use AWS Glue to catalog the logs Use a transient Apache Spark cluster on Amazon EMR to run the SQL queries as needed

A.  

Configure the Requester Pays feature on the company's S3 bucket

B.  

Configure S3 Cross-Region Replication from the company’s S3 bucket to one of the marketing firm's S3 buckets.

C.  

Configure cross-account access for the marketing firm so that the marketing firm has access to the company’s S3 bucket.

D.  

Configure the company’s S3 bucket to use S3 Intelligent-Tiering Sync the S3 bucket to one of the marketing firm’s S3 buckets

A.  

Create three NAT gateways, one for each public subnet in each AZ. Create a private route table for each AZ that forwards non-VPC traffic to the NAT gateway in its AZ.

B.  

Create three NAT instances, one for each private subnet in each AZ. Create a private route table for each AZ that forwards non-VPC traffic to the NAT instance in its AZ.

C.  

Create a second internet gateway on one of the private subnets. Update the route table for the private subnets that forward non-VPC traffic to the private internet gateway.

D.  

Create an egress-only internet gateway on one of the public subnets. Update the route table for the private subnets that forward non-VPC traffic to the egress- only internet gateway.

A.  

Store the transactions data into Amazon DynamoDB Set up a rule in DynamoDB to remove sensitive data from every transaction upon write Use DynamoDB Streams to share the transactions data with other applications

B.  

Stream the transactions data into Amazon Kinesis Data Firehose to store data in Amazon DynamoDB and Amazon S3 Use AWS Lambda integration with Kinesis Data Firehose to remove sensitive data. Other applications can consume the data stored in Amazon S3

C.  

Stream the transactions data into Amazon Kinesis Data Streams Use AWS Lambda integration to remove sensitive data from every transaction and then store the transactions data in Amazon DynamoDB Other applications can consume the transactions data off the Kinesis data stream.

D.  

Store the batched transactions data in Amazon S3 as files. Use AWS Lambda to process every file and remove sensitive data before updating the files in Amazon S3 The Lambda function then stores the data in Amazon DynamoDB Other applications can consume transaction files stored in Amazon S3.

A.  

Use an Amazon S3 bucket as a secure transfer point. Use Amazon Inspector to scan me objects in the bucket. If objects contain Pll. trigger an S3 Lifecycle policy to remove the objects that contain Pll.

B.  

Use an Amazon S3 bucket as a secure transfer point. Use Amazon Macie to scan the objects in the bucket. If objects contain Pll. Use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects mat contain Pll.

C.  

Implement custom scanning algorithms in an AWS Lambda function. Trigger the function when objects are loaded into the bucket. It objects contain Rll. use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects that contain Pll.

D.  

Implement custom scanning algorithms in an AWS Lambda function. Trigger the function when objects are loaded into the bucket. If objects contain Pll. use Amazon Simple Email Service (Amazon STS) to trigger a notification to the administrators and trigger on S3 Lifecycle policy to remove the objects mot contain PII.

A.  

Configure the application to upload images to S3 Glacier.

B.  

Configure the web server to upload the original images to Amazon S3.

C.  

Configure the application to upload images directly from each user's browser to Amazon S3 through the use of a presigned URL.

D.  

Configure S3 Event Notifications to invoke an AWS Lambda function when an image is uploaded. Use the function to resize the image

E.  

Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function on a schedule to resize uploaded images.

A.  

Share the dashboard from the CloudWatch console. Enter the product manager’s email address, and complete the sharing steps. Provide a shareable link for the dashboard to the product manager.

B.  

Create an IAM user specifically for the product manager. Attach the CloudWatch Read Only Access managed policy to the user. Share the new login credential with the product manager. Share the browser URL of the correct dashboard with the product manager.

C.  

Create an IAM user for the company’s employees, Attach the View Only Access AWS managed policy to the IAM user. Share the new login credentials with the product manager. Ask the product manager to navigate to the CloudWatch console and locate the dashboard by name in the Dashboards section.

D.  

Deploy a bastion server in a public subnet. When the product manager requires access to the dashboard, start the server and share the RDP credentials. On the bastion server, ensure that the browser is configured to open the dashboard URL with cached AWS credentials that have appropriate permissions to view the dashboard.

A.  

Take EBS snapshots of the production EBS volumes. Restore the snapshots onto EC2 instance store volumes in the test environment.

B.  

Configure the production EBS volumes to use the EBS Multi-Attach feature. Take EBS snapshots of the production EBS volumes. Attach the production EBS volumes to the EC2 instances in the test environment.

C.  

Take EBS snapshots of the production EBS volumes. Create and initialize new EBS volumes. Attach the new EBS volumes to EC2 instances in the test environment before restoring the volumes from the production EBS snapshots.

D.  

Take EBS snapshots of the production EBS volumes. Turn on the EBS fast snapshot restore feature on the EBS snapshots. Restore the snapshots into new EBS volumes. Attach the new EBS volumes to EC2 instances in the test environment.

A.  

Store the database credentials in the instance metadata. Use Amazon EventBridge (Amazon CloudWatch Events) rules to run a scheduled AWS Lambda function that updates the RDS credentials and instance metadata at the same time.

B.  

Store the database credentials in a configuration file in an encrypted Amazon S3 bucket. Use Amazon EventBridge (Amazon CloudWatch Events) rules to run a scheduled AWS Lambda function that updates the RDS credentials and the credentials in the configuration file at the same time. Use S3 Versioning to ensure the ability to fall back to previous values.

C.  

Store the database credentials as a secret in AWS Secrets Manager. Turn on automatic rotation for the secret. Attach the required permission to the EC2 role to grant access to the secret.

D.  

Store the database credentials as encrypted parameters in AWS Systems Manager Parameter Store. Turn on automatic rotation for the encrypted parameters. Attach the required permission to the EC2 role to grant access to the encrypted parameters.

A.  

Use AWS DataSync to copy data that is older than 7 days from the SMB file server to AWS.

B.  

Create an Amazon S3 File Gateway to extend the company's storage space. Create an S3 Lifecycle policy to transition the data to S3 Glacier Deep Archive after 7 days.

C.  

Create an Amazon FSx for Windows File Server file system to extend the company's storage space.

D.  

Install a utility on each user's computer to access Amazon S3. Create an S3 Lifecycle policy to transition the data to S3 Glacier Flexible Retrieval after 7 days.

A.  

Use AWS Budgets to create a budget report and compare EC2 costs based on instance types

B.  

Use Cost Explorer's granular filtering feature to perform an in-depth analysis of EC2 costs based on instance types

C.  

Use graphs from the AWS Billing and Cost Management dashboard to compare EC2 costs based on instance types for the last 2 months

D.  

Use AWS Cost and Usage Reports to create a report and send it to an Amazon S3 bucket Use Amazon QuickSight with Amazon S3 as a source to generate an interactive graph based on instance types.

A.  

Replace the EC2 Instances with T3 EC2 instances that run in an Auto Scaling group. Made the changes by using the AWS Management Console.

B.  

Modify the CloudFormation templates to run the EC2 instances in an Auto Scaling group. Increase the desired capacity and the maximum capacity of the Auto Scaling group manually when an increase is necessary

C.  

Modify the CloudFormation templates. Replace the EC2 instances with R5 EC2 instances. Use Amazon CloudWatch built-in EC2 memory metrics to track the application performance for future capacity planning.

D.  

Modify the CloudFormation templates. Replace the EC2 instances with R5 EC2 instances. Deploy the Amazon CloudWatch agent on the EC2 instances to generate custom application latency metrics for future capacity planning.

A.  

Add throttling on the API Gateway with server-side throttling limits.

B.  

Use DynamoDB Accelerator (DAX) and Lambda to buffer writes to DynamoD

B.  

C.  

Create a secondary index in DynamoDB for the table with the user requests.

D.  

Use the Amazon Simple Queue Service (Amazon SQS) queue and Lambda to buffer writes to DynamoDB.

A.  

Users can terminate an EC2 instance in any AWS Region except us-east-1.

B.  

Users can terminate an EC2 instance with the IP address 10 100 100 1 in the us-east-1 Region

C.  

Users can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254.

D.  

Users cannot terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100 100 254

A.  

Use Amazon EC2 Instances, and Install Docker on the Instances

B.  

Use Amazon Elastic Container Service (Amazon ECS) on Amazon EC2 worker nodes

C.  

Use Amazon Elastic Container Service (Amazon ECS) on AWS Fargate

D.  

Use Amazon EC2 instances from an Amazon Elastic Container Service (Amazon ECS)-op6mized Amazon Machine Image (AMI).

A.  

Use Spot Instances for the entire workload.

B.  

Use Reserved instances for the baseline level of usage Use Spot Instances for any additional capacity that the application needs.

C.  

Use On-Demand Instances for the baseline level of usage. Use Spot Instances for any additional capacity that the application needs

D.  

Use Dedicated Instances for the baseline level of usage. Use On-Demand Instances for any additional capacity that the application needs

A.  

Create an Auto Scaling group so that EC2 instances can scale out. Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.

B.  

Create an Amazon AppFlow flow to transfer data between each SaaS source and the S3 bucket. Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.

C.  

Create an Amazon EventBridge (Amazon CloudWatch Events) rule for each SaaS source to send output data. Configure the S3 bucket as the rule's target. Create a second EventBridge (CloudWatch Events) rule to send events when the upload to the S3 bucket is complete. Configure an Amazon Simple Notification Service (Amazon SNS) topic as the second rule's target.

D.  

Create a Docker container to use instead of an EC2 instance. Host the containerized application on Amazon Elastic Container Service (Amazon ECS). Configure Amazon CloudWatch Container Insights to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.

A.  

Use a simple scaling policy to dynamically scale the Auto Scaling group

B.  

Use a target tracking policy to dynamically scale the Auto Scaling group

C.  

Use an AWS Lambda function to update the desired Auto Scaling group capacity.

D.  

Use scheduled scaling actions to scale up and scale down the Auto Scaling group

A.  

Add an Amazon Inspector agent to the ALB.

B.  

Configure Amazon Macie to prevent attacks.

C.  

Enable AWS Shield Advanced to prevent attacks.

D.  

Configure Amazon GuardDuty to monitor the ALB.

A.  

Store the Iogs in Amazon S3 Use AWS Backup lo move logs more than 1 month old to S3 Glacier Deep Archive

B.  

Store the logs in Amazon S3 Use S3 Lifecycle policies to move logs more than 1 month old to S3 Glacier Deep Archive

C.  

Store the logs in Amazon CloudWatch Logs Use AWS Backup to move logs more then 1 month old to S3 Glacier Deep Archive

D.  

Store the logs in Amazon CloudWatch Logs Use Amazon S3 Lifecycle policies to move logs more than 1 month old to S3 Glacier Deep Archive

A.  

Encrypt a copy of the latest DB snapshot. Replace existing DB instance by restoring the encrypted snapshot

B.  

Create a new encrypted Amazon Elastic Block Store (Amazon EBS) volume and copy the snapshots to it Enable encryption on the DB instance

C.  

Copy the snapshots and enable encryption using AWS Key Management Service (AWS KMS) Restore encrypted snapshot to an existing DB instance

D.  

Copy the snapshots to an Amazon S3 bucket that is encrypted using server-side encryption with AWS Key Management Service (AWS KMS) managed keys (SSE-KMS)

A.  

Update the Route 53 records to use a latency routing policy. Add a static error page that is hosted in an Amazon S3

bucket to the records so that the traffic is sent to the most responsive endpoints.

B.  

Set up a Route 53 active-passive failover configuration. Direct traffic to a static error page that is hosted in an

Amazon S3 bucket when Route 53 health checks determine that the ALB endpoint is unhealthy.

C.  

Set up a Route 53 active-active configuration with the ALB and an Amazon EC2 instance that hosts a static error

page as endpoints. Configure Route 53 to send requests to the instance only if the health checks fail for the ALB.

D.  

Update the Route 53 records to use a multivalue answer routing policy. Create a health check. Direct traffic to the

website if the health check passes. Direct traffic to a static error page that is hosted in Amazon S3 if the health check does not pass.

A.  

Configure three AWS Site-to-Site VPN connections from the data center to AWS Establish connectivity by configuring one VPN connection for each VPC

B.  

Launch a third-party virtual network appliance in each VPC Establish an iPsec VPN tunnel between the Data center and each virtual appliance

C.  

Set up three AWS Direct Connect connections from the data center to a Direct Connect gateway in us-east-1 Establish connectivity by configuring each VPC to use one of the Direct Connect connections

D.  

Set up one AWS Direct Connect connection from the data center to AWS. Create a transit gateway, and attach each VPC to the transit gateway. Establish connectivity between the Direct Connect connection and the transit gateway.

A.  

Update the route table for the private subnet to route the outbound traffic to an AWS Network Firewall. Configure domain list rule groups

B.  

Set up an AWS WAF web ACL. Create a custom set of rules that filter traffic requests based on source and destination IP address range sets.

C.  

Implement strict inbound security group roles Configure an outbound rule that allows traffic only to the authorized software repositories on the internet by specifying the URLs

D.  

Configure an Application Load Balancer (ALB) in front of the EC2 instances. Direct an outbound traffic to the ALB Use a URL-based rule listener in the ALB's target group for outbound access to the internet

A.  

Deploy the application with the required infrastructure elements in place Use Amazon Route 53 to configure active-passive failover Create an Aurora Replica in a second AWS Region

B.  

Host a scaled-down deployment of the application in a second AWS Region Use Amazon Route 53 to configure active-active failover Create an Aurora Replica in the second Region

C.  

Replicate the primary infrastructure in a second AWS Region Use Amazon Route 53 to configure active-active failover Create an Aurora database that is restored from the latest snapshot

D.  

Back up data with AWS Backup Use the backup to create the required infrastructure in a second AWS Region Use Amazon Route 53 to configure active-passive failover Create an Aurora second primary instance in the second Region

A.  

Set up an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive immediately.

B.  

Set up an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive after 2 years.

C.  

Use S3 Intelligent-Tiering. Activate the archiving option to ensure that data is archived in S3 Glacier Deep Archive.

D.  

Set up an S3 Lifecycle policy to transition objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) immediately and to S3 Glacier Deep Archive after 2 years.

A.  

Set up AWS WAF in both Regions. Associate Regional web ACLs with an API stage.

B.  

Set up AWS Firewall Manager in both Regions. Centrally configure AWS WAF rules.

C.  

Set up AWS Shield in bath Regions. Associate Regional web ACLs with an API stage.

D.  

Set up AWS Shield in one of the Regions. Associate Regional web ACLs with an API stage.

A.  

Migrate the queue to a redundant pair (active/standby) of RabbitMQ instances on Amazon MQ. Create a Multi-AZ Auto Scaling group (or EC2 instances that host the application. Create another Multi-AZ

Auto Scaling group for EC2 instances that host the PostgreSQL database.

B.  

Migrate the queue to a redundant pair (active/standby) of RabbitMQ instances on Amazon MQ. Create a Multi-AZ Auto Scaling group for EC2 instances that host the application. Migrate the database to run on a Multi-AZ deployment of Amazon RDS for PostgreSQL.

C.  

Create a Multi-AZ Auto Scaling group for EC2 instances that host the RabbitMQ queue. Create another Multi-AZ Auto Scaling group for EC2 instances that host the application. Migrate the database to run

on a Multi-AZ deployment of Amazon RDS fqjPostgreSQL.

D.  

Create a Multi-AZ Auto Scaling group for EC2 instances that host the RabbitMQ queue. Create another Multi-AZ Auto Scaling group for EC2 instances that host the application. Create a third Multi-AZ Auto

Scaling group for EC2 instances that host the PostgreSQL database.

A.  

Implement EC2 Spot Instances

B.  

Purchase EC2 Reserved Instances

C.  

Implement EC2 On-Demand Instances

D.  

Implement the processing on AWS Lambda

A.  

Move the data to the S3 bucket. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Use the built-in key rotation behavior of SSE-S3 encryption keys.

B.  

Create an AWS Key Management Service {AWS KMS) customer managed key. Enable automatic key rotation. Set the S3 bucket's default encryption behavior to use the customer managed KMS key. Move the data to the S3 bucket.

C.  

Create an AWS Key Management Service (AWS KMS) customer managed key. Set the S3 bucket's default encryption behavior to use the customer managed KMS key. Move the data to the S3 bucket. Manually rotate the KMS key every year.

D.  

Encrypt the data with customer key material before moving the data to the S3 bucket. Create an AWS Key Management Service (AWS KMS) key without key material. Import the customer key material into the KMS key. Enable automatic key rotation.

A.  

Store container images In an Amazon Elastic Container Registry (Amazon ECR) repository. Use an Amazon Elastic Container Service (Amazon ECS) cluster with the AWS Fargate launch type to run the containers. Use target tracking to scale automatically based on demand.

B.  

Store container images in an Amazon Elastic Container Registry (Amazon ECR) repository. Use an Amazon Elastic Container Service (Amazon ECS) cluster with the Amazon EC2 launch type to run the containers. Use target tracking to scale automatically based on demand.

C.  

Store container images in a repository that runs on an Amazon EC2 instance. Run the containers on EC2 instances that are spread across multiple Availability Zones. Monitor the average CPU utilization in Amazon CloudWatch. Launch new EC2 instances as needed

D.  

Create an Amazon EC2 Amazon Machine Image (AMI) that contains the container image Launch EC2 Instances in an Auto Scaling group across multiple Availability Zones. Use an Amazon CloudWatch alarm to scale out EC2 instances when the average CPU utilization threshold is breached.

A.  

Create an AWS Lambda function to query AWS CloudTrail logs and to send an alert when a Createlmage API call is detected.

B.  

Configure AWS CloudTrail with an Amazon Simple Notification Service {Amazon SNS) notification that occurs when updated logs are sent to Amazon S3. Use Amazon Athena to create a new table and to query on Createlmage when an API call is detected.

C.  

Create an Amazon EventBridge (Amazon CloudWatch Events) rule for the Createlmage API call. Configure the target as an Amazon Simple Notification Service (Amazon SNS) topic to send an alert when a Createlmage API call is detected.

D.  

Configure an Amazon Simple Queue Service (Amazon SQS) FIFO queue as a target for AWS CloudTrail logs. Create an AWS Lambda function to send an alert to an Amazon Simple Notification Service (Amazon SNS) topic when a Createlmage API call is detected.

A.  

Write individual policies for each S3 bucket to grant read permission for only CloudFront access.

B.  

Create an IAM user. Grant the user read permission to objects in the S3 bucket. Assign the user to CloudFront.

C.  

Write an S3 bucket policy that assigns the CloudFront distribution ID as the Principal and assigns the target S3 bucket as the Amazon Resource Name (ARN).

D.  

Create an origin access identity (OAI). Assign the OAI to the CloudFront distribution. Configure the S3 bucket permissions so that only the OAI has read permission.

A.  

Configure a CloudWatch Logs subscription to stream the logs to Amazon OpenSearch Service (Amazon Elasticsearch Service).

B.  

Create an AWS Lambda function. Use the log group to invoke the function to write the logs to Amazon OpenSearch Service (Amazon Elasticsearch Service).

C.  

Create an Amazon Kinesis Data Firehose delivery stream. Configure the log group as the delivery stream's source. Configure Amazon OpenSearch Service (Amazon Elasticsearch Service) as the delivery stream's destination.

D.  

Install and configure Amazon Kinesis Agent on each application server to deliver the logs to Amazon Kinesis Data Streams. Configure Kinesis Data Streams to deliver the logs to Amazon OpenSearch Service (Amazon Elasticsearch Service)

A.  

Create an Auto Scaling group that uses three Instances across each of tv/o Regions.

B.  

Modify the Auto Scaling group to use three instances across each of two Availability Zones.

C.  

Create an Auto Scaling template that can be used to quickly create more instances in another Region.

D.  

Change the ALB in front of the Amazon EC2 instances in a round-robin configuration to balance traffic to the web tier.

A.  

Create a NAT gateway. Configure the route table for the public subnets to send traffic to Amazon S3 through the NAT gateway.

B.  

Configure the security group for the EC2 instances to restrict outbound traffic so that only traffic to the S3 prefix list is permitted.

C.  

Move the EC2 instances to private subnets. Create a VPC endpoint for Amazon S3, and link the endpoint to the route table for the private subnets

D.  

Remove the internet gateway from the VPC. Set up an AWS Direct Connect connection, and route traffic to Amazon S3 over the Direct Connect connection.

A.  

Use Amazon Athena foe one-time queries Use Amazon QuickSight to create dashboards for KPIs

B.  

Use Amazon Kinesis Data Analytics for one-time queries Use Amazon QuickSight to create dashboards for KPIs

C.  

Create custom AWS Lambda functions to move the individual records from me databases to an Amazon Redshift duster

D.  

Use an AWS Glue extract transform, and toad (ETL) job to convert the data into JSON format Load the data into multiple Amazon OpenSearch Service (Amazon Elasticsearch Service) dusters

E.  

Use blueprints in AWS Lake Formation to identify the data that can be ingested into a data lake Use AWS Glue to crawl the source extract the data and load the data into Amazon S3 in Apache Parquet format

A.  

Migrate the Oracle database to an Amazon EC2 instance. Set up database replication to a different AWS Region.

B.  

Migrate the Oracle database to Amazon RDS for Oracle. Activate Cross-Region automated backups to replicate the snapshots to another AWS Region.

C.  

Migrate the Oracle database to Amazon RDS Custom for Oracle. Create a read replica for the database in another AWS Region.

D.  

Migrate the Oracle database to Amazon RDS for Oracle. Create a standby database in another Availability Zone.

A.  

Use Amazon ElastiCache for Redis.

B.  

Use Amazon DynamoDB Accelerator (DAX).

C.  

Replicate data by using DynamoDB global tables.

D.  

Use Amazon ElastiCache for Memcached with Auto Discovery enabled.

A.  

Create a new S3 bucket. Load the data into the new S3 bucket. Use S3 Cross-Region Replication (CRR) to replicate encrypted objects to an S3 bucket in another Region. Use server-side encryption with AWS KMS multi-Region kays (SSE-KMS). Use Amazon Athena to query the data.

B.  

Create a new S3 bucket. Load the data into the new S3 bucket. Use S3 Cross-Region Replication (CRR) to replicate encrypted objects to an S3 bucket in another Region. Use server-side encryption with AWS KMS multi-Region keys (SSE-KMS). Use Amazon RDS to query the data.

C.  

Load the data into the existing S3 bucket. Use S3 Cross-Region Replication (CRR) to replicate encrypted objects to an S3 bucket in another Region. Use server-side encryption with Amazon S3

managed encryption keys (SSE-S3). Use Amazon Athena to query the data.

D.  

Load the data into the existing S3 bucket. Use S3 Cross-Region Replication (CRR) to replicate encrypted objects to an S3 bucket in another Region. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Use Amazon RDS to query the data.

A.  

Use multifactor authentication (MFA) to protect the encryption keys.

B.  

Use AWS Key Management Service (AWS KMS) to protect the encryption keys

C.  

Use AWS Certificate Manager (ACM) to create, store, and assign the encryption keys

D.  

Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys

A.  

Configure Amazon Route 53 to forward requests to an Application Load Balancer. Use AWS Lambda for the application in AWS Application Auto Scaling.

B.  

Configure Amazon CloudFront to forward requests to a Network Load Balancer. Use AWS Lambda for the application in an AWS Application Auto Scaling group.

C.  

Configure AWS Global Accelerator to forward requests to a Network Load Balancer. Use Amazon EC2 instances for the application in an EC2 Auto Scaling group.

D.  

Configure Amazon API Gateway to forward requests to an Application Load Balancer. Use Amazon EC2 instances for the application in an EC2 Auto Scaling group.

A.  

Use AWS Control Tower to implement data residency guardrails to deny internet access and deny access to all AWS Regions except ap-northeast-3.

B.  

Use rules in AWS WAF to prevent internet access. Deny access to all AWS Regions except ap-northeast-3 in the AWS account settings.

C.  

Use AWS Organizations to configure service control policies (SCPS) that prevent VPCs from gaining internet access. Deny access to all AWS Regions except ap-northeast-3.

D.  

Create an outbound rule for the network ACL in each VPC to deny all traffic from 0.0.0.0/0. Create an IAM policy for each user to prevent the use of any AWS Region other than ap-northeast-3.

E.  

Use AWS Config to activate managed rules to detect and alert for internet gateways and to detect and alert for new resources deployed outside of ap-northeast-3.

A.  

Generate presigned URLs for the files.

B.  

Use cross-Region replication to all Regions.

C.  

Use the geoproximtty feature of Amazon Route 53.

D.  

Use Amazon CloudFront with the S3 bucket as its origin.

A.  

Configure a CloudFront signed URL.

B.  

Configure a CloudFront signed cookie.

C.  

Configure a CloudFront field-level encryption profile.

D.  

Configure CloudFront and set the Origin Protocol Policy setting to HTTPS Only for the Viewer Protocol Policy.

A.  

Use a duster placement group. Attach a single Provisioned IOPS SSD Amazon Elastic Block Store (Amazon E BS) volume to all the instances by using Amazon EBS Multi-Attach

B.  

Use a cluster placement group. Create shared 'lie systems across the instances by using Amazon Elastic File System (Amazon EFS)

C.  

Use a partition placement group. Create shared tile systems across the instances by using Amazon Elastic File System (Amazon EFS).

D.  

Use a spread placement group. Attach a single Provisioned IOPS SSD Amazon Elastic Block Store (Amazon EBS) volume to all the instances by using Amazon EBS Multi-Attach

A.  

Create a VPC peering connection between the company's VPC and the provider's VPC. Update the route table to connect to the target service.

B.  

Ask the provider to create a virtual private gateway in its VPC. Use AWS PrivateLink to connect to the target service.

C.  

Create a NAT gateway in a public subnet of the company's VP

C.  

D.  

Ask the provider to create a VPC endpoint for the target service. Use AWS PrivateLink to connect to the target service.

A.  

Configure provisioned concurrency for the Lambda function Modify the database to be a global database in multiple AWS Regions

B.  

Use Amazon RDS Proxy to create a proxy for the database Modify the Lambda function to use the RDS Proxy endpoint instead of the database endpoint

C.  

Create a read replica for the database in a different AWS Region Use query string parameters in API Gateway to route traffic to the read replica

D.  

Migrate the data from Aurora PostgreSQL to Amazon DynamoDB by using AWS Database Migration Service (AWS DMS| Modify the Lambda function to use the OynamoDB table

A.  

Attach a Network Load Balancer to the Auto Scaling group

B.  

Attach an Application Load Balancer to the Auto Scaling group.

C.  

Deploy an Amazon Route 53 record set with a weighted policy to route traffic appropriately

D.  

Deploy a NAT instance that is configured with port forwarding to the EC2 instances in the Auto Scaling group.

A.  

Deploy an AWS WAF web ACL in front of the website to provide HTTPS functionality

B.  

Create and deploy an AWS Lambda function to manage and serve the website content

C.  

Create the new website and an Amazon S3 bucket Deploy the website on the S3 bucket with static website hosting enabled

D.  

Create the new website. Deploy the website by using an Auto Scaling group of Amazon EC2 instances behind an Application Load Balancer.

A.  

Configure AWS Storage Gateway in volume gateway mode. Mount the volume to each Windows instance.

B.  

Configure Amazon FSx for Windows File Server. Mount the Amazon FSx file system to each Windows instance.

C.  

Configure a file system by using Amazon Elastic File System (Amazon EFS). Mount the EFS file system to each Windows instance.

D.  

Configure an Amazon Elastic Block Store (Amazon EBS) volume with the required size. Attach each EC2 instance to the volume. Mount the file system within the volume to each Windows instance.

A.  

Migrate the database to an Amazon RDS for MySQL DB instance. Create an AMI of the web application. Use the AMI to launch a second EC2 On-Demand Instance. Use an Application Load Balancer to distribute the load to each EC2 instance.

B.  

Migrate the database to an Amazon RDS for MySQL DB instance. Create an AMI of the web application. Use the AMI to launch a second EC2 On-Demand Instance. Use Amazon Route 53 weighted routing to distribute the load across the two EC2 instances.

C.  

Migrate the database to an Amazon Aurora MySQL DB instance. Create an AWS Lambda function to stop the EC2 instance and change the instance type. Create an Amazon CloudWatch alarm to invoke the Lambda function when CPU utilization surpasses 75%.

D.  

Migrate the database to an Amazon Aurora MySQL DB instance. Create an AMI of the web application. Apply the AMI to a launch template. Create an Auto Scaling group with the launch template Configure the launch template to use a Spot Fleet. Attach an Application Load Balancer to the Auto Scaling group.

A.  

Configure the web application to send an order message to Amazon Kinesis Data Firehose. Set the payment service to retrieve the message from Kinesis Data Firehose and process the order.

B.  

Create a rule in AWS CloudTrail to invoke an AWS Lambda function based on the logged application path request Use Lambda to query the database, call the payment service, and pass in the order information.

C.  

Store the order in the database. Send a message that includes the order number to Amazon Simple Notification Service (Amazon SNS). Set the payment service to poll Amazon SNS. retrieve the message, and process the order.

D.  

Store the order in the database. Send a message that includes the order number to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the payment service to retrieve the message and process the order. Delete the message from the queue.

A.  

Create an ACL to provide access to the services or actions.

B.  

Create a security group to allow accounts and attach it to user groups.

C.  

Create cross-account roles in each account to deny access to the services or actions.

D.  

Create a service control policy in the root organizational unit to deny access to the services or actions.

A.  

Amazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage

B.  

Amazon EBS for maximum performance, Amazon EFS for durable data storage and Amazon S3 Glacier for archival storage

C.  

Amazon EC2 instance store for maximum performance. Amazon EFS for durable data storage and Amazon S3 for archival storage

D.  

Amazon EC2 Instance store for maximum performance. Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage

A.  

Reduce the S3 object sizes to less than 126 MB

B.  

Partition the data by date and region n Amazon S3

C.  

Store the files as large, single objects in Amazon S3.

D.  

Use Amazon Kinosis Data Analytics to run the Queries as pan of the batch processing operation

E.  

Use an AWS duo extract, transform, and load (ETL) process to convert the csv files into Apache Parquet format.

A.  

Amazon OpenSearch Service (Amazon Elasticsearch Service)

B.  

Amazon S3 Glacier

C.  

Amazon S3 Standard

D.  

Amazon RDS for PostgreSQL

A.  

Deploy the application stack in a single AWS Region. Use Amazon CloudFront to serve all static and dynamic content by specifying the ALB as an origin.

B.  

Deploy the application stack in two AWS Regions. Use an Amazon Route 53 latency routing policy to serve all content from the ALB in the closest Region.

C.  

Deploy the application stack in a single AWS Region. Use Amazon CloudFront to serve the static content. Serve the dynamic content directly from the ALB.

D.  

Deploy the application stack in two AWS Regions. Use an Amazon Route 53 geolocation routing policy to serve all content from the ALB in the closest Region.

A.  

Deploy the application servers by using Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones. Use an Amazon RDS DB instance in a Multi-AZ configuration.

B.  

Deploy the application servers by using Amazon EC2 instances in an Auto Scaling group in a single Availability Zone. Deploy the database

on an EC2 instance. Enable EC2 Auto Recovery.

C.  

Deploy the application servers by using Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones. Use an Amazon RDS DB instance with a read replica in a single Availability Zone. Promote the read replica to replace the primary DB instance if the primary DB instance fails.

D.  

Deploy the application servers by using Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones Deploy the primary and secondary database servers on EC2 instances across multiple Availability Zones Use Amazon Elastic Block Store (Amazon EBS) Multi-Attach to create shared storage between the instances.

A.  

Create an Amazon RDS DB instance with synchronous replication to three nodes in three Availability Zones.

B.  

Create an Amazon RDS MySQL DB instance with Multi-AZ functionality enabled to synchronously replicate the data.

C.  

Create an Amazon RDS MySQL DB instance and then create a read replica in a separate AWS Region that synchronously replicates the data.

D.  

Create an Amazon EC2 instance with a MySQL engine installed that triggers an AWS Lambda function to synchronously replicate the data to an Amazon RDS MySQL DB instance.

A.  

Configure the company's email server to forward notification email messages that are sent to the AWS account root user email address to all users in the organization.

B.  

Configure all AWS account root user email addresses as distribution lists that go to a few administrators who can respond to alerts. Configure AWS account alternate contacts in the AWS Organizations console or programmatically.

C.  

Configure all AWS account root user email messages to be sent to one administrator who is responsible for monitoring alerts and forwarding those alerts to the appropriate groups.

D.  

Configure all existing AWS accounts and all newly created accounts to use the same root user email address. Configure AWS account alternate contacts in the AWS Organizations console or programmatically.

A.  

Create an IAM role that has read access to the Parameter Store parameter. Allow Decrypt access to an AWS Key Management Service (AWS KMS) key that is used to encrypt the parameter. Assign this IAM role to the EC2 instance.

B.  

Create an IAM policy that allows read access to the Parameter Store parameter. Allow Decrypt access to an AWS Key Management Service (AWS KMS) key that is used to encrypt the parameter. Assign this IAM policy to the EC2 instance.

C.  

Create an IAM trust relationship between the Parameter Store parameter and the EC2 instance. Specify Amazon RDS as a principal in the trust policy.

D.  

Create an IAM trust relationship between the DB instance and the EC2 instance. Specify Systems Manager as a principal in the trust policy.

A.  

Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets.

B.  

Configure a VPC with two private subnets and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the private subnets.

C.  

Use an Auto Scaling group to launch the EC2 instances in public subnets across two Availability Zones. Deploy an RDS Multi-AZ DB instance in private subnets.

D.  

Configure a VPC with one public subnet, one private subnet, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnet.

E.  

Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnets.

A.  

Configure the Lambda function (or deployment across multiple Availability Zones

B.  

Modify me Lambda functions configuration to increase the CPU and memory allocations tor the (unction

C.  

Configure the SNS topic's retry strategy to increase both the number of retries and the wait time between retries

D.  

Configure an Amazon Simple Queue Service (Amazon SQS) queue as the on failure destination Modify the Lambda function to process messages in the queue

A.  

Use Spot Instances in an Amazon EC2 Auto Scaling group to run the application containers.

B.  

Use Spot Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group.

C.  

Use On-Demand Instances in an Amazon EC2 Auto Scaling group to run the application containers.

D.  

Use On-Demand Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group.

A.  

Amazon Elastic Block Store (Amazon EBS)

B.  

Amazon Elastic File System (Amazon EFS)

C.  

Amazon Elasticsearch Service (Amazon ES)

D.  

Amazon S3

A.  

Create a read replica of the database. Configure IAM standard database authentication to grant the auditor access.

B.  

Export the database contents to text files. Store the files in an Amazon S3 bucket. Create a new IAM user for the auditor. Grant the user access to the S3 bucket.

C.  

Copy a snapshot of the database to an Amazon S3 bucket. Create an IAM user. Share the user's keys with the auditor to grant access to the object in the $3 bucket.

D.  

Create an encrypted snapshot of the database. Share the snapshot with the auditor. Allow access to the AWS Key Management Service (AWS KMS) encryption key.

A.  

Use the s3 sync command in the AWS CLI to move the data directly to an S3 bucket.

B.  

Use AWS DataSync to migrate the data from the on-premises location to an S3 bucket.

C.  

Use AWS Snowball to move the data to an S3 bucket.

D.  

Set up an IPsec VPN from the on-premises location to AWS. Use the s3 cp command in the AWS CLI to move the data directly to an S3 bucket.

A.  

Develop AWS Systems Manager templates that use an approved EC2 creation process. Use the approved Systems Manager templates to provision EC2 instances.

B.  

Use AWS Organizations to organize the accounts into organizational units (OUs). Define and attach a service control policy (SCP) to control the usage of EC2 instance types.

C.  

Configure an Amazon EventBridge rule that invokes an AWS Lambda function when an EC2 instance is created. Stop disallowed EC2 instance types.

D.  

Set up AWS Service Catalog products for the staff to create the allowed EC2 instance types Ensure that staff can deploy EC2 instances only by using the Service Catalog products.

A.  

Create an Amazon Simple Queue Service (Amazon SQS) queue Integrate the queue with an Amazon EventBndge rule to receive payment notifications from mobile devices Configure the rule to validate payment notifications and send the notifications to the backend application Deploy the backend application on Amazon Elastic Kubernetes Service (Amazon EKS) Anywhere Create a standalone cluster

B.  

Create an Amazon API Gateway API Integrate the API with anAWS Step Functions state machine to receive payment notifications from mobile devices Invoke the state

machine to validate payment notifications and send the notifications to the backend application Deploy the backend application on Amazon Elastic Kubernetes Sen/ice (Amazon EKS). Configure an EKS cluster with self-managed nodes.

C.  

Create an Amazon Simple Queue Sen/ice (Amazon SQS) queue Integrate the queue with an Amazon EventBridge rule to receive payment notifications from mobile devices Configure the rule to validate payment notifications and send the notifications to the backend application Deploy the backend application on Amazon EC2 Spot Instances Configure a Spot Fleet with a default allocation strategy.

D.  

Create an Amazon API Gateway API Integrate the API with AWS Lambda to receive payment notifications from mobile devices Invoke a Lambda function to validate payment notifications and send the notifications to the backend application Deploy the backend application on Amazon Elastic Container Service (Amazon ECS). Configure Amazon ECS with an AWS Fargate launch type.

A.  

Create an Amazon CloudFront distribution to cache static files at edge locations.

B.  

Create an Amazon ElastiCache cluster Connect the ALB to the ElastiCache cluster to serve cached files.

C.  

Create an AWS WAF web ACL and associate it with the ALB. Add a rule to the web ACL to cache static files.

D.  

Create a second ALB in an alternative AWS Region Route user traffic to the closest Region to minimize data transfer costs

A.  

Ensure that the customers create an 1AM role in their account with read-only EC2 and CloudWatch permissions and a trust policy to the company's account.

B.  

Create a serverless API that implements a token vending machine to provide temporary AWS credentials for a role with read-only EC2 and CloudWatch permissions.

C.  

Ensure that the customers create an 1AM user in their account with read-only EC2 and CloudWatch permissions. Encrypt and store customer access and secret keys in a secrets management system.

D.  

Ensure that the customers create an Amazon Cognito user in their account to use an 1AM role with read-only EC2 and CloudWatch permissions. Encrypt and store the Amazon Cognito user and password in a secrets management system.

A.  

Run the EC2 instances in a spread placement group.

B.  

Group the EC2 instances in separate accounts.

C.  

Configure the EC2 instances with dedicated tenancy.

D.  

Configure the EC2 instances with shared tenancy.

A.  

Deploy AWS DataSync agents on premises. Schedule DataSync tasks to transfer the data to the FSx for Windows File Server file system.

B.  

Copy the shares on each file server into Amazon S3 buckets by using the AWS CLI Schedule AWS DataSync tasks to transfer the data to the FSx for Windows File Server file system.

C.  

Remove the drives from each file server Ship the drives to AWS for import into Amazon S3. Schedule AWS DataSync tasks to transfer the data to the FSx for Windows File Server file system

D.  

Order an AWS Snowcone device. Connect the device to the on-premises network. Launch AWS DataSync agents on the device. Schedule DataSync tasks to transfer the data to the FSx for Windows File Server file system,

E.  

Order an AWS Snowball Edge Storage Optimized device. Connect the device to the on-premises network. Copy data to the device by using the AWS CLI. Ship the device back to AWS for import into Amazon S3. Schedule AWS DataSync tasks to transfer the data to the FSx for Windows File Server file system.

A.  

Create an Amazon EC2-backed Amazon Machine Image (AMI) lifecycle policy to create a backup based on tags. Schedule the backup to run twice daily. Copy the image on demand.

B.  

Create an Amazon EC2-backed Amazon Machine Image (AMI) lifecycle policy to create a backup based on tags. Schedule the backup to run twice daily. Configure the copy to the us-west-2 Region.

C.  

Create backup vaults in us-west-1 and in us-west-2 by using AWS Backup. Create a backup plan for the EC2 instances based on tag values. Create an AWS Lambda function to run as a scheduled job to copy the backup data to us-west-2.

D.  

Create a backup vault by using AWS Backup. Use AWS Backup to create a backup plan for the EC2 instances based on tag values. Define the destination for the copy as us-west-2. Specify the backup schedule to run twice daily.

E.  

Create a backup vault by using AWS Backup. Use AWS Backup to create a backup plan for the EC2 instances based on tag values. Specify the backup schedule to run twice daily. Copy on demand to us-west-2.

A.  

Configure the application to use Amazon ElastiCache to reduce the number of requests that are sent to the microservices.

B.  

Configure Amazon CloudWatch Container Insights to collect metrics from the EKS clusters Configure AWS X-Ray to trace the requests between the microservices.

C.  

Configure AWS CloudTrail to review the API calls. Build an Amazon QuickSight dashboard to observe the microservice interactions.

D.  

Use AWS Trusted Advisor to understand the performance of the application.

A.  

Use AWS Global Accelerator to create an accelerator. Create an Application Load Balancer (ALB) behind an accelerator endpoint that uses Global Accelerator integration and listening on the TCP and UDP ports. Update the Auto Scaling group to register instances on the ALB.

B.  

Use AWS Global Accelerator to create an accelerator. Create a Network Load Balancer (NLB) behind an accelerator endpoint that uses Global Accelerator integration and listening on the TCP and UDP ports. Update the Auto Scaling group to register instances on the NLB

C.  

Create an Amazon CloudFront content delivery network (CDN) endpoint. Create a Network Load Balancer (NLB) behind the endpoint and listening on the TCP and UDP ports. Update the Auto Scaling group to register instances on the NLB. Update CloudFront to use the NLB as the origin.

D.  

Create an Amazon Cloudfront content delivery network (CDN) endpoint. Create an Application Load Balancer (ALB) behind the endpoint and listening on the TCP and UDP ports. Update the Auto Scaling group to register instances on the ALB. Update CloudFront to use the ALB as the origin

A.  

Add an Amazon CloudFront distribution in front of the NLBs. Increase the Cache-Control: max-age parameter.

B.  

Replace the NLBs with Application Load Balancers (ALBs). Configure Route 53 to use latency-based routing.

C.  

Add AWS Global Accelerator in front of the NLBs. Configure a Global Accelerator endpoint to use the correct listener ports.

D.  

‘Add an Amazon API Gateway endpoint behind the NLBs. Enable API caching. Override method caching for the different stages.

A.  

Use the Trusted Advisor recommendations from the account where the RDS instances are running.

B.  

Use the Trusted Advisor recommendations from the consolidated billing account to see all RDS instance checks at the same time.

C.  

Review the Trusted Advisor check for Amazon RDS Reserved Instance Optimization.

D.  

Review the Trusted Advisor check for Amazon RDS Idle DB Instances.

E.  

Review the Trusted Advisor check for Amazon Redshift Reserved Node Optimization.

A.  

Provision an AWS Certificate Manager (ACM) certificate for each customer. Encrypt the data client-side. In the private certificate policy, deny access to the certificate for all principals except an 1AM role that the customer provides.

B.  

Provision a separate AWS Key Management Service (AWS KMS) key for each customer. Encrypt the data server-side. In the S3 bucket policy, deny decryption of data for all principals except an 1AM role that the customer provides.

C.  

Provision a separate AWS Key Management Service (AWS KMS) key for each customer. Encrypt the data server-side. In each KMS key policy, deny decryption of data for all principals except an 1AM role that the customer provides.

D.  

Provision an AWS Certificate Manager (ACM) certificate for each customer. Encrypt the data client-side. In the public certificate policy, deny access to the certificate for all principals except an 1AM role that the customer provides.

A.  

Create Amazon Kinesis data streams for data ingestion. Create Amazon Kinesis Data Firehose delivery streams to consume the Kinesis data streams. Specify the S3 bucket as the destination of the delivery streams.

B.  

Create database migration tasks in AWS Database Migration Service (AWS DMS). Specify replication instances of the EC2 instances as the source endpoints. Specify the S3 bucket as the target endpoint. Set the migration type to migrate existing data and replicate ongoing changes.

C.  

Create and configure AWS DataSync agents on the EC2 instances. Configure DataSync tasks to transfer data from the EC2 instances to the S3 bucket.

D.  

Create an AWS Direct Connect connection to the application for data ingestion. Create Amazon Kinesis Data Firehose delivery streams to consume direct PUT operations from the application. Specify the S3 bucket as the destination of the delivery streams.

A.  

Create a new organization in AWS Organizations with all features turned on. Create the new AWS accounts in the organization.

B.  

Set up an Amazon Cognito identity pool. Configure AWS 1AM Identity Center (AWS Single Sign-On) to accept Amazon Cognito authentication.

C.  

Configure a service control policy (SCP) to manage the AWS accounts. Add AWS 1AM Identity Center (AWS Single Sign-On) to AWS Directory Service.

D.  

Create a new organization in AWS Organizations. Configure the organization's authentication mechanism to use AWS Directory Service directly.

E.  

Set up AWS 1AM Identity Center (AWS Single Sign-On) in the organization. Configure 1AM Identity Center, and integrate it with the company's corporate directory service.

A.  

Use Amazon Elastic Kubernetes Service (Amazon EKS) and multiple containers.

B.  

Use AWS ParallelCluster and the Message Passing Interface (MPI) libraries.

C.  

Use an Application Load Balancer and Amazon EC2 instances.

D.  

Use AWS Lambda functions.

A.  

Create an AWS Transfer Family SFTP internet-facing server in two Availability Zones. Use Amazon S3 storage. Create an AWS Lambda function to process order files. Use S3 Event Notifications to send s3: ObjectCreated: * events to the Lambda function.

B.  

Create an AWS Transfer Family SFTP internet-facing server in one Availability Zone. Use Amazon Elastic File System (Amazon EFS) storage. Create an AWS Lambda function to process order files. Use a Transfer Family managed workflow to invoke the Lambda function.

C.  

Create an AWS Transfer Family SFTP internal server in two Availability Zones. Use Amazon Elastic File System (Amazon EFS) storage. Create an AWS Step Functions state machine to process order files. Use Amazon EventBridge Scheduler to invoke the state machine to periodically check Amazon EFS for order files.

D.  

Create an AWS Transfer Family SFTP internal server in two Availability Zones. Use Amazon S3 storage. Create an AWS Lambda function to process order files. Use a Transfer Family managed workflow to invoke the Lambda function.

A.  

Use AWS Snowball to migrate data out of the on-premises solution to Amazon S3. Configure on-premises systems to mount the Snowball S3 endpoint to provide local access to the data.

B.  

Use AWS Snowball Edge to migrate data out of the on-premises solution to Amazon S3.Use the Snowball Edge file interface to provide on-premises systems with local access to the data.

C.  

Use AWS Storage Gateway and configure a cached volume gateway. Run the Storage Gateway software application on premises and configure a percentage of data to cache locally. Mount the gateway storage volumes to provide local access to the data.

D.  

Use AWS Storage Gateway and configure a stored volume gateway. Run the Storage software application on premises and map the gateway storage volumes to on-premises storage. Mount the gateway storage volumes to provide local access to the data.

A.  

Use Amazon API Gateway with AWS Lambda functions to receive the data from the sensors, process the data, and store the data in an Amazon DynamoDB table.

B.  

Use an Elastic Load Balancer that is supported by an Auto Scaling group of Amazon EC2 instances to receive and process the data from the sensors. Use an Amazon S3 bucket to store the processed data.

C.  

Use Amazon API Gateway with AWS Lambda functions to receive the data from the sensors, process the data, and store the data in a Microsoft SQL Server Express database on an Amazon EC2 instance.

D.  

Use an Elastic Load Balancer that is supported by an Auto Scaling group of Amazon EC2 instances to receive and process the data from the sensors. Use an Amazon Elastic File System (Amazon EFS) shared file system to store the processed data.

A.  

Reduce the Lambda concurrency rate.

B.  

Enable RDS Proxy on the RDS DB instance.

C.  

Resize the RDS DB instance class to accept more connections.

D.  

Migrate the database to Amazon DynamoDB with on-demand scaling.

A.  

Enable S3 Intelligent-Tiering for the S3 bucket.

B.  

Enable S3 Transfer Acceleration for the S3 bucket.

C.  

Create a gateway VPC endpoint for Amazon S3. Associate this endpoint with all route tables in the VP

C.  

D.  

Create an interface endpoint for Amazon S3 in the VPC. Associate this endpoint with all route tables in the VPC.

A.  

Use AWS Systems Manager to replicate and provision the prototype infrastructure in two Availability Zones.

B.  

Define the infrastructure as a template by using the prototype infrastructure as a guide. Deploy the infrastructure with AWS CloudFormation

C.  

Use AWS Config to record the inventory of resources that are used in the prototype infrastructure. Use AWS Config to deploy the prototype infrastructure into two Availability Zones.

D.  

Use AWS Elastic Beanstalk and configure it to use an automated reference to the prototype infrastructure to automatically deploy new environments in two Availability Zones

A.  

Enable 1AM database authentication on the database.

B.  

Provide self-signed certificates. Use the certificates in all connections to the RDS instance.

C.  

Take a snapshot of the RDS instance. Restore the snapshot to a new instance with encryption enabled.

D.  

Download AWS-provided root certificates. Provide the certificates in all connections to the RDS instance.

A.  

Create a function URL for the Lambda function. Provide the Lambda function URL to the third party for the webhook.

B.  

Deploy an Application Load Balancer (ALB) in front of the Lambda function. Provide the ALB URL to the third party for the webhook

C.  

Create an Amazon Simple Notification Service (Amazon SNS) topic. Attach the topic to the Lambda function. Provide the public hostname of the SNS topic to the third party for the webhook.

D.  

Create an Amazon Simple Queue Service (Amazon SQS) queue. Attach the queue to the Lambda function. Provide the public hostname of the SQS queue to the third party for the webhook.

A.  

Use AWS Transfer Family to configure an SFTP-enabled server with a publicly accessible endpoint Choose the S3 data lake as the destination

B.  

Use Amazon S3 File Gateway as an SFTP server Expose the S3 File Gateway endpoint URL to the new partner Share the S3 File Gateway endpoint with the new

partner

C.  

Launch an Amazon EC2 instance in a private subnet in a VP

C.  

D.  

Launch Amazon EC2 instances in a private subnet in a VPC. Place a Network Load Balancer (NLB) in front of the EC2 instances. Create an SFTP listener port for the NLB Share the NLB hostname with the new partner Run a cron job script on the EC2 instances to upload files to the S3 data lake.

A.  

Create a Route 53 Resolver outbound endpoint. Create a resolver rule. Associate the resolver rule with the VPC

B.  

Create a Route 53 Resolver inbound endpoint. Create a resolver rule. Associate the resolver rule with the VPC.

C.  

Create a Route 53 private hosted zone. Associate the private hosted zone with the VP

C.  

D.  

Create a Route 53 public hosted zone. Create a record for each service to allow service communication.

A.  

Create a table in Amazon Athena for AWS CloudTrail logs. Create a query for the relevant information.

B.  

Enable ALB access logging to Amazon S3. Create a table in Amazon Athena, and query the logs.

C.  

Enable ALB access logging to Amazon S3 Open each file in a text editor, and search each line for the relevant information

D.  

Use Amazon EMR on a dedicated Amazon EC2 instance to directly query the ALB to acquire traffic access log information.

A.  

Deploy an AWS Storage Gateway file gateway as a virtual machine (VM) on premises at each clinic

B.  

Migrate the files to each clinic’s on-premises applications by using AWS DataSync for processing.

C.  

Deploy an AWS Storage Gateway volume gateway as a virtual machine (VM) on premises at each clinic.

D.  

Attach an Amazon Elastic File System (Amazon EFS) file system to each clinic’s on-premises servers.

A.  

Use an Amazon Aurora global database with a pilot light deployment

B.  

Use an Amazon Aurora global database with a warm standby deployment

C.  

Use an Amazon RDS Multi-AZ DB instance with a pilot light deployment

D.  

Use an Amazon RDS Multi-AZ DB instance with a warm standby deployment

A.  

Create a new 1AM role. Attach the AmazonSSMManagedlnstanceCore policy to the new 1AM role. Attach the new 1AM role to the EC2 instances and the existing 1AM role.

B.  

Create an 1AM user. Attach the AmazonSSMManagedlnstanceCore policy to the 1AM user. Configure Systems Manager to use the 1AM user to manage the EC2 instances.

C.  

Enable Default Host Configuration Management in Systems Manager to manage the EC2 instances.

D.  

Remove the existing policies from the existing 1AM role. Add the AmazonSSMManagedlnstanceCore policy to the existing 1AM role.

A.  

Upload all files to an Amazon S3 bucket that is configured for static website hosting. Grant read-only 1AM permissions to any AWS principals that access the S3 bucket until the designated date.

B.  

Create a new Amazon S3 bucket with S3 Versioning enabled Use S3 Object Lock with a retention period in accordance with the designated date Configure the S3 bucket for static website hosting. Set an S3 bucket policy to allow read-only access to the objrcts.

C.  

Create a new Amazon S3 bucket with S3 Versioning enabled Configure an event trigger to run an AWS Lambda function in case of object modification or deletion. Configure the Lambda function to replace the objects with the original versions from a private S3 bucket.

D.  

Upload all files to an Amazon S3 bucket that is configured for static website hosting. Select the folder that contains the files. Use S3 Object Lock with a retention period in accordance with the designated date. Grant read-only 1AM permissions to any AWS principals that access the S3 bucket.

A.  

Increase the API Gateway throttling limit.

B.  

Set up a scheduled scaling to increase Lambda provisioned concurrency before employees begin to use the application each day.

C.  

Create an Amazon CloudWatch alarm to initiate a Lambda function as a target for the alarm at the beginning of each day.

D.  

Increase the Lambda function memory.

A.  

Store the photos in Amazon DynamoDB. Turn on DynamoDB Accelerator (DAX) to cache frequently viewed items.

B.  

Store the photos in the Amazon S3 Intelligent-Tiering storage class. Store the photo metadata and its S3 location in DynamoD

B.  

C.  

Store the photos in the Amazon S3 Standard storage class. Set up an S3 Lifecycle policy to move photos older than 30 days to the S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Use the object tags to keep track of metadata.

D.  

Store the photos in the Amazon S3 Glacier storage class. Set up an S3 Lifecycle policy to move photos older than 30 days to the S3 Glacier Deep Archive storage class. Store the photo metadata and its S3 location in Amazon OpenSearch Service.

A.  

Attach the SCP to the root OU for the organization.

B.  

Attach the SCP to the three nonproduction Organizations member accounts.

C.  

Attach the SCP to the Organizations management account.

D.  

Create an OU for the production account. Attach the SCP to the OU. Move the production member account into the new OU.

E.  

Create an OU for the required accounts. Attach the SCP to the OU. Move the nonproduction member accounts into the new OU.

A.  

Scale out the nodes by tracking the memory usage

B.  

Use the Kubernetes Cluster Autoscaler to manage the number of nodes in the cluster.

C.  

Use an AWS Lambda function to resize the EKS cluster automatically.

D.  

Use an Amazon EC2 Auto Scaling group to distribute the workload.

A.  

Use the AWS Trusted Advisor API at the start of each deployment. Pause all new deployments if the API returns any issues.

B.  

Use the AWS Health API at the start of each deployment. Pause all new deployments if the API returns any issues.

C.  

Query the AWS Support API at the start of each deployment. Pause all new deployments if the API returns any open issues.

D.  

Send an API call to each workload ahead of deployment. Pause the deployments if the API call fails.

A.  

Create an Amazon Route 53 public hosted zone for the domain name. Import the zone file containing the domain records hosted by the previous provider

B.  

Create an Amazon Route 53 private hosted zone for the domain name Import the zone file containing the domain records hosted by the previous provider.

C.  

Create a Simple AD directory in AWS. Enable zone transfer between the DNS provider and AWS Directory Service for Microsoft Active Directory for the domain records.

D.  

Create an Amazon Route 53 Resolver inbound endpomt in the VPC. Specify the IP addresses that the provider's DNS will forward DNS queries to. Configure the provider's DNS to forward DNS queries for the domain to the IP addresses that are specified in the inbound endpoint.

A.  

Group members are permitted any Amazon EC2 action within the us-east-1 Region. Statements after the Allow permission are not applied.

B.  

Group members are denied any Amazon EC2 permissions in the us-east-1 Region unless they are logged in with multi-factor authentication (MFA).

C.  

Group members are allowed the ec2:Stoplnstances and ec2:Terminatelnstances permissions for all Regions when logged in with multi-factor authentication (MFA). Group members are

permitted any other Amazon EC2 action.

D.  

Group members are allowed the ec2:Stoplnstances and ec2:Terminatelnstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA). Group members are permitted any other Amazon EC2 action within the us-east-1 Region.

A.  

Create a new EPS file system in the primary account Use AWS DataSync to copy the contents of the original EPS file system to the new EPS file system

B.  

Create a VPC peering connection between the VPCs that are in the primary account and the secondary account

C.  

Create a second Lambda function In the secondary account that has a mount that is configured for the file system. Use the primary account's Lambda function to invoke the secondary account's Lambda function

D.  

Move the contents of the file system to a Lambda Layer’s Configure the Lambda layer's permissions to allow the company's secondary account to use the Lambda layer.

A.  

Use an AWS Budgets template to create a zero spend budget

B.  

Create an AWS Cost Anomaly Detection monitor in the AWS Billing and Cost Management console.

C.  

CreateAWS Pricing Calculator estimates for the current running workload pricing details_

D.  

Use Amazon CloudWatch to monitor costs and to identify unusual spending

A.  

Create a VPC peering connection between the eu-west-1 VPC and the ap-southeast-2 VPC. Create an inbound rule in the eu-west-1 application security group that allows traffic from the database server IP addresses in the ap-southeast-2 security group.

B.  

Configure a VPC peering connection between the ap-southeast-2 VPC and the eu-west-1 VPC. Update the subnet route tables. Create an inbound rule in the ap-southeast-2 database security group that references the security group ID of the application servers in eu-west-1.

C.  

Configure a VPC peering connection between the ap-southeast-2 VPC and the eu-west-1 VP

C.  

D.  

Create a transit gateway with a peering attachment between the eu-west-1 VPC and the ap-southeast-2 VPC. After the transit gateways are properly peered and routing is configured, create an inbound rule in the database security group that references the security group ID of the application servers in eu-west-1.

A.  

Set the home AWS Region in AWS Migration Hub. Use AWS Systems Manager to collect data about the on-premises servers.

B.  

Set the home AWS Region in AWS Migration Hub. Use AWS Application Discovery Service to collect data about the on-premises servers.

C.  

Use the AWS Schema Conversion Tool (AWS SCT) to create the relevant templates. Use AWS Trusted Advisor to collect data about the on-premises servers.

D.  

Use the AWS Schema Conversion Tool (AWS SCT) to create the relevant templates. Use AWS Database Migration Service (AWS DMS) to collect data about the on-premises servers.

A.  

Create a canary release deployment stage for API Gateway. Deploy the latest API version. Point an appropriate percentage of traffic to the canary stage. After API verification, promote the canary stage to the production stage.

B.  

Create a new API Gateway endpoint with a new version of the API in OpenAPI YAML file format. Use the import-to-update operation in merge mode into the API in API Gateway. Deploy the new version of the API to the production stage.

C.  

Create a new API Gateway endpoint with a new version of the API in OpenAPI JSON file format. Use the import-to-update operation in overwrite mode into the API in API Gateway. Deploy the new version of the API to the production stage.

D.  

Create a new API Gateway endpoint with new versions of the API definitions. Create a custom domain name for the new API Gateway API. Point the Route 53 alias record to the new API Gateway API custom domain name.

A.  

In the Amazon EC2 console, select the EBS encryption account attribute and define a default encryption key.

B.  

Create an 1AM permission boundary. Attach the permission boundary to the root organizational unit (OU). Define the boundary to deny the ec2:CreateVolume action when the ec2:Encrypted condition equals false.

C.  

Create an SCR Attach the SCP to the root organizational unit (OU). Define the SCP to deny the ec2:CreateVolume action when the ec2:Encrypted condition equals false.

D.  

Update the 1AM policies for each account to deny the ec2:CreateVolume action when the ec2:Encrypted condition equals false.

E.  

In the Organizations management account, specify the Default EBS volume encryption setting.

A.  

Create an AWS Lambda function that uses the Docker container image with an Amazon S3 mounted volume that has more than 50 GB of space

B.  

Create an AWS Lambda function that uses the Docker container image with an Amazon Elastic Block Store (Amazon EBS) volume that has more than 50 GB of space

C.  

Create an Amazon Elastic Container Service (Amazon ECS) cluster that uses the AWS Fargate launch type Create a task definition for the container image with an Amazon Elastic File System (Amazon EFS) volume. Create a service with that task definition.

D.  

Create an Amazon Elastic Container Service (Amazon ECS) cluster that uses the Amazon EC2 launch type with an Amazon Elastic Block Store (Amazon EBS) volume that has more than 50 GB of space Create a task definition for the container image. Create a service with that task definition.

A.  

Create a public SSL/TLS certificate in AWS Certificate Manager (ACM). Associate the certificate with Amazon S3. Configure default encryption for each S3 bucket to use server-side encryption with AWS KMS keys (SSE-KMS). Assign the compliance team to manage the KMS keys.

B.  

Use the aws:SecureTransport condition on S3 bucket policies to allow only encrypted connections over HTTPS (TLS). Configure default encryption for each S3 bucket to use server-side encryption with S3 managed encryption keys (SSE-S3). Assign the compliance team to manage the SSE-S3 keys.

C.  

Use the aws:SecureTransport condition on S3 bucket policies to allow only encrypted connections over HTTPS (TLS). Configure default encryption for each S3 bucket to use server-side encryption with AWS KMS keys (SSE-KMS). Assign the compliance team to manage the KMS keys.

D.  

Use the aws:SecureTransport condition on S3 bucket policies to allow only encrypted connections over HTTPS (TLS). Use Amazon Macie to protect the sensitive data that is stored in Amazon S3. Assign the compliance team to manage Macie.

A.  

Have the R&D AWS account be part of both organizations during the transition.

B.  

Invite the R&D AWS account to be part of the new organization after the R&D AWS account has left the prior organization.

C.  

Create a new R&D AWS account in the new organization. Migrate resources from the prior R&D AWS account to the new R&D AWS account.

D.  

Have the R&D AWS account join the new organization. Make the new management account a member of the prior organization.

A.  

Configure Lambda provisioned concurrency.

B.  

Increase the timeout of the Lambda functions.

C.  

Increase the memory of the Lambda functions.

D.  

Configure Lambda SnapStart.

A.  

Convert the application to use Amazon DynamoDB. Use a global table for the center reservation table. Use the correct Regional endpoint in each Regional deployment.

B.  

Migrate the database to an Amazon Aurora MySQL database. Deploy Aurora Read Replicas in each Region. Use the correct Regional endpoint in each Regional deployment for access to the database.

C.  

Migrate the database to an Amazon RDS for MySQL database Deploy MySQL read replicas in each Region. Use the correct Regional endpoint in each Regional deployment for access to the database.

D.  

Migrate the application to an Amazon Aurora Serverless database. Deploy instances of the database to each Region. Use the correct Regional endpoint in each Regional deployment to access the database. Use AWS Lambda functions to process event streams in each Region to synchronize the databases.

A.  

Use AWS App2Container (A2C) to containerize the job. Run the job as an Amazon Elastic Container Service (Amazon ECS) task on AWS Fargate with 0.5 virtual CPU (vCPU) and 1 GB of memory.

B.  

Copy the code into an AWS Lambda function that has 1 GB of memory. Create an Amazon EventBridge scheduled rule to run the code each hour.

C.  

Use AWS App2Container (A2C) to containerize the job. Install the container in the existing Amazon Machine Image (AMI). Ensure that the schedule stops the container when the task finishes.

D.  

Configure the existing schedule to stop the EC2 instance at the completion of the job and restart the EC2 instance when the next job starts.

A.  

Amazon Elastic File System (Amazon EFS)

B.  

Amazon Elastic Block Store (Amazon EBS)

C.  

Amazon S3 Glacier Deep Archive

D.  

AWS Backup

A.  

Store the static files on Amazon S3. Use Amazon CloudFront to cache objects at the edge.

B.  

Store the static files on Amazon S3. Use Amazon ElastiCache to cache objects at the edge.

C.  

Store the server-side code on Amazon Elastic File System (Amazon EFS). Mount the EFS volume on each EC2 instance to share the files.

D.  

Store the server-side code on Amazon FSx for Windows File Server. Mount the FSx for Windows File Server volume on each EC2 instance to share the files.

E.  

Store the server-side code on a General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volume. Mount the EBS volume on each EC2 instance to share the files.

A.  

Create an IAM role that includes permissions to access Lake Formation tables.

B.  

Create data filters to implement row-level security and cell-level security.

C.  

Create an AWS Lambda function that removes sensitive information before Lake Formation ingests re data.

D.  

Create an AWS Lambda function that perodically Queries and removes sensitive information from Lake Formation tables.

A.  

Use AWS WAF in front of the ALB Associate the appropriate web ACLs with AWS WAF.

B.  

Create an ALB listener rule to reply to SQL injection with a fixed response

C.  

Subscribe to AWS Shield Advanced to block all SQL injection attempts automatically.

D.  

Set up Amazon Inspector to block all SOL injection attempts automatically

A.  

Dedicated Instances only

B.  

On-Demand Instances only

C.  

A mix of On-Demand instances and Spot Instances

D.  

A mix of On-Demand instances and Reserved instances

A.  

Use an AWS CloudFormation template to deploy the complete solution. Redeploy the CloudFormation stack every 30 days, and delete the original stack.

B.  

Use an EC2 instance that runs a monitoring application from AWS Marketplace. Configure the monitoring application to use Amazon DynamoDB Streams to store the timestamp when a new item is created in the table. Use a script that runs on the EC2 instance to delete items that have a timestamp that is older than 30 days.

C.  

Configure Amazon DynamoDB Streams to invoke an AWS Lambda function when a new item is created in the table. Configure the Lambda function to delete items in the table that are older than 30 days.

D.  

Extend the application to add an attribute that has a value of the current timestamp plus 30 days to each new item that is created in the table. Configure DynamoDB to use the attribute as the TTL attribute.

A.  

Publish data to Amazon Kinesis Data Streams Use Kinesis data Analytics to query the data.

B.  

Publish data to Amazon Kinesis Data Firehose with Amazon Redshift as the destination Use Amazon Redshift to query the data

C.  

Store ingested data m an EC2 Instance store Publish data to Amazon Kinesis Data Firehose with Amazon S3 as the destination. Use Amazon Athena to query the data.

D.  

Store ingested data m an Amazon Elastic Block Store (Amazon EBS) volume Publish data to Amazon ElastiCache tor Red Subscribe to the Redis channel to query the data

A.  

Move the data objects to S3 Glacier Deep Archive after 30 days.

B.  

Move the data objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.

C.  

Move the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.

D.  

Move the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) immediately.

A.  

Read replicas

B.  

Manual snapshots

C.  

Automated backups

D.  

Multi-AZ deployments