A.  

Write a script to continue backing up the RDS instance every five minutes.

B.  

Create an AWS Lambda function to take a snapshot of the RDS instance, and manually invoke the function before deleting the stack.

C.  

Use the Snapshot Deletion Policy in the CloudFormation template definition of the RDS instance.

D.  

Create a new CloudFormation template to perform backups of the RDS instance, and run this template before deleting the stack.

A.  

Create AWS KMS symmetric customer managed keys. Enable automatic key rotation.

B.  

Use AWS owned AWS KMS keys across the company ' s AWS environment.

C.  

Create AWS KMS asymmetric customer managed keys. Enable automatic key rotation.

D.  

Create AWS KMS symmetric customer managed keys by using imported key material. Rotate the keys on a yearly basis.

A.  

Add a DependsOn attribute to the custom resource. Specify the EC2 instance in the DependsOn attribute.

B.  

Update the custom resource ' s service token to point to a valid Lambda function.

C.  

Update the Lambda function to use the cfn-response module to send a response to the custom resource.

D.  

Use the Fn::If intrinsic function to check for the EC2 instance before the custom resource runs.

A.  

Create an Aurora Replica node. Create an Auto Scaling policy to scale replicas based on CPU utilization. Ensure that all reporting requests use the read-only connection string.

B.  

Create a second Aurora MySQL single-node DB cluster in a second Availability Zone. Ensure that all reporting requests use the connection string for this additional node.

C.  

Create an AWS Lambda function that caches reporting requests. Ensure that all reporting requests call the Lambda function.

D.  

Create a multi-node Amazon ElastiCache cluster. Ensure that all reporting requests use the ElastiCache cluster. Use the database if the data is not in the cache.

A.  

Create a Systems Manager association with the AWS-GatherSoftwareInventory document. Schedule the association to run every day on all EC2 instances.

B.  

Configure Systems Manager Distributor to package inventory collection software. Use Systems Manager Hybrid Activations to scan the inventory every day.

C.  

Configure Systems Manager Patch Manager to deploy inventory collection agents. Configure Systems Manager Compliance to validate inventory data.

D.  

Set up Systems Manager Session Manager to connect to EC2 instances. Use Systems Manager Fleet Manager to aggregate inventory results across the environment.

A.  

Create a custom AWS Lambda function to evaluate and remediate all DynamoDB tables. Create an Amazon EventBridge scheduled rule to invoke the Lambda function.

B.  

Create a custom AWS Lambda function to evaluate and remediate all DynamoDB tables. Create an AWS Config custom rule to invoke the Lambda function.

C.  

Use the required-tags AWS Config managed rule to evaluate all DynamoDB tables for the appropriate tags. Configure an automatic remediation action that uses an AWS Systems Manager Automation custom runbook.

D.  

Create an Amazon EventBridge managed rule to evaluate all DynamoDB tables for the appropriate tags. Configure the EventBridge rule to run an AWS Systems Manager Automation custom runbook for remediation.

A.  

Set up the AWS X-Ray daemon as a sidecar container. Instrument the application code by using the X-Ray SDK. Use the service map to visualize request flows to identify latency.

B.  

Configure an Amazon CloudWatch agent on ECS containers as a sidecar container. Create custom metrics for each service. Set up CloudWatch dashboards to monitor response times.

C.  

Use Amazon VPC Flow Logs to collect logs for microservices that run on the ECS container. Monitor network traffic, and use the service map to identify latency between microservices.

D.  

Use Amazon CloudWatch Container Insights as a sidecar container to collect container metrics. Monitor response times, and visualize request flows to identify latency.

A.  

Enable Cross-Region Replication (CRR) on the source bucket. Specify the destination bucket in the us-west-2 Region. Enable versioning on the source bucket.

B.  

Enable Cross-Origin Resource Sharing (CORS) on both the us-east-1 bucket and the us-west-2 bucket.

C.  

Create an AWS Lambda function that copies the object to the destination bucket. Configure an Amazon EventBridge rule to run the Lambda function for each object that is created.

D.  

Enable S3 Lifecycle policies to transition objects to a different storage class in the us-west-2 Region.

A.  

Modify the replication configuration to change object ownership to the destination S3 bucket owner.

B.  

Ensure that the replication rule applies to all objects in the source S3 bucket and is not scoped to a single prefix.

C.  

Retry the request when the S3 Replication Time Control (S3 RTC) has elapsed.

D.  

Verify that the storage class for the replicated objects did not change between the source S3 bucket and the destination S3 bucket.

A.  

VPC Flow Logs

B.  

AWS CloudTrail logs

C.  

ALB access logs

D.  

CloudFront access logs

E.  

RDS logs

A.  

Place all the EC2 instances into a cluster placement group.

B.  

Configure and assign two Elastic IP addresses for each EC2 instance.

C.  

Configure jumbo frames on all the EC2 instances in the cluster.

D.  

Place all the EC2 instances into a spread placement group in the same AWS Region.

A.  

Increase the read capacity units (RCUs) and the write capacity units (WCUs) on the database.

B.  

Configure RDS Proxy. Update the application with the RDS Proxy endpoint.

C.  

Turn on enhanced networking for the DB instances.

D.  

Modify the DB cluster to use a burstable instance type.

A.  

Add an inbound rule to the database ' s security group. Reference 111122223333/sg-1234abcd as the source.

B.  

Add an inbound rule to the database ' s security group. Reference pcx-b04deed9/sg-1234abcd as the source.

C.  

Add an inbound rule to the database ' s security group. Reference sg-1234abcd as the source.

D.  

Add an inbound rule to the database ' s security group. Reference 444455556666/sg-1234abcd as the source.

A.  

The Expires header has been set to 3 hours.

B.  

Cached assets are not expiring in the edge location.

C.  

Cache invalidation is missing in the CloudFront configuration.

D.  

Cache-duration settings conflict with each other.

A.  

Configure command session logging on each EC2 instance. Configure the unified Amazon CloudWatch agent to send session logs to Amazon CloudWatch Logs. Set up query filters and alerts by using Amazon Athena.

B.  

Require all users to use a central bastion host when they need command line access to an EC2 instance. Configure the unified Amazon CloudWatch agent on the bastion host to send session logs to Amazon CloudWatch Logs. Set up a metric filter and a metric alarm for relevant security findings in CloudWatch Logs.

C.  

Require all users to use AWS Systems Manager Session Manager when they need command line access to an EC2 instance. Configure Session Manager to stream session logs to Amazon CloudWatch Logs. Set up a metric filter and a metric alarm for relevant security findings in CloudWatch Logs.

D.  

Configure command session logging on each EC2 instance. Require all users to use AWS Systems Manager Run Command documents when they need command line access to an EC2 instance. Configure the unified Amazon CloudWatch agent to send session logs to Amazon CloudWatch Logs. Set up CloudWatch alarms that are based on Amazon Athena query results.

A.  

Deploy an outbound-only internet gateway to allow traffic from private subnets to the internet. Edit the route tables to direct outbound traffic through the outbound-only internet gateway.

B.  

Create and configure an Amazon API Gateway HTTP API as a proxy for the external API. Edit the route tables to direct outbound traffic to the HTTP API.

C.  

Deploy a new NAT gateway that has an Elastic IP address in each public subnet. Edit the route tables to direct outbound traffic through the NAT gateways.

D.  

Create a VPC interface endpoint. Edit the route tables to direct outbound traffic through the endpoint.

A.  

Configure an Amazon EventBridge rule that sends a notification to the company when any resource is created by CloudFormation. Audit the event notifications for any incorrect configurations.

B.  

Audit code repositories where CloudFormation code is stored to look for any deviations from the expected configuration.

C.  

Use the AWS CLI to check all resources to ensure consistency with the intended configuration.

D.  

Use Amazon EventBridge to schedule periodic invocations of CloudFormation drift detection. Capture findings for review.

A.  

Configure S3 bucket metrics to record object access logs.

B.  

Create an AWS CloudTrail trail to log data events for all S3 objects.

C.  

Enable S3 server access logging for each S3 bucket.

D.  

Use AWS IAM Access Analyzer for Amazon S3 to store object access logs.

A.  

Create a script by using the AWS CLI to run the aws cloudformation put-dashboard command with the name of the dashboard. Run the command each time a new CloudFormation stack is created.

B.  

Export the existing CloudWatch dashboard as JSON. Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Include the exported JSON in the resource ' s DashboardBody property.

C.  

Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Use the intrinsic Ref function to reference the ID of the existing CloudWatch dashboard.

D.  

Update the CloudFormation template to define an AWS::CloudWatch::Dashboard resource. Specify the name of the existing dashboard in the DashboardName property.

A.  

Whether at least one Amazon EC2 instance is in the running state

B.  

The AWS Support plan

C.  

An AWS Organizations service control policy (SCP)

D.  

Whether the AWS account root user has multi-factor authentication (MFA) enabled

A.  

Create an Amazon CloudWatch Contributor Insights rule on the log data.

B.  

Create a metric filter on the log data.

C.  

Create a subscription filter on the log data.

D.  

Create an Amazon CloudWatch Application Insights rule for the workload.

A.  

Create a backup plan in AWS Backup. Specify the second account and the second Region as the destination.

B.  

Create an Amazon EventBridge rule that runs on a schedule. Create an AWS Lambda function that runs an automation script to copy the database to the second account and the second Region. Use the EventBridge rule to invoke the Lambda function.

C.  

Configure Amazon EventBridge Scheduler with a recurring rule. Add the RDS StartExportTask API operation as a target. Specify the relevant details about the database and an Amazon S3 bucket to store the exported data. Create a replication rule for the S3 bucket to replicate data to the second account and the second Region.

D.  

Configure AWS Application Migration Service to replicate the Aurora database. Specify the second account and the second Region as the destination.

A.  

Add a route table entry in the public subnet for the CloudOps engineer’s IP address.

B.  

Add an outbound network ACL rule to allow TCP port 22 for the CloudOps engineer’s IP address.

C.  

Modify the instance security group to allow inbound SSH traffic from the CloudOps engineer’s IP address.

D.  

Modify the instance security group to allow outbound SSH traffic to the CloudOps engineer’s IP address.

A.  

Use AWS Systems Manager Automation to create a patched Amazon Machine Image (AMI). Update the Auto Scaling group launch template. Initiate an instance refresh.

B.  

Use AWS CloudFormation to provision and patch a new EC2 instance. Create an AMI of the new instance. Update the Auto Scaling group launch template to use the new AMI. Use AWS Config to replace the existing instances.

C.  

Use AWS Lambda functions to launch and patch a new EC2 instance. Create an AMI of the new instance. Update the Auto Scaling group launch template to use the new AMI. Manually initiate a rolling update.

D.  

Use AWS Systems Manager Automation to create a patched AMI. Update the Auto Scaling group launch template to use the new AMI. Use AWS Config to replace the existing instances.

A.  

Create an Amazon CloudWatch alarm to monitor application latency and increase the size of each EC2 instance if the desired threshold is reached.

B.  

Create an Amazon EventBridge rule to monitor application latency and add an EC2 instance to the ALB if the desired threshold is reached.

C.  

Deploy the application to an Auto Scaling group of EC2 instances with a target tracking scaling policy. Attach the ALB to the Auto Scaling group.

D.  

Deploy the application to an Auto Scaling group of EC2 instances with a scheduled scaling policy. Attach the ALB to the Auto Scaling group.

A.  

Add the accounts to AWS Organizations. Use a service control policy (SCP) to tag all the untagged resources.

B.  

Use an AWS Config rule to find the untagged resources. Set the remediation action to terminate the resources.

C.  

Use Cost Explorer to find and tag all the untagged resources.

D.  

Use Tag Editor to find and tag all the untagged resources.

A.  

Add a NAT gateway in the public subnet of each Availability Zone. Make the NAT gateway the default route of all private subnets in those Availability Zones.

B.  

Allocate one Elastic IP address in each Availability Zone. Associate the Elastic IP address with all the instances in the Availability Zone.

C.  

Place the instances behind a Network Load Balancer (NLB). Send the traffic to the internet through the private IP address of the NLB.

D.  

Update the main route table to send the traffic to the internet through an Elastic IP address that is assigned to each instance.

A.  

Create an AWS Lambda function to delete data that is older than 30 days. Use an Amazon EventBridge cron expression to invoke the function monthly.

B.  

Use S3 Storage Lens to identify objects that are older than 30 days across all S3 buckets.

C.  

Modify the object creation lifecycle to check for and delete any objects that were created more than 30 days ago.

D.  

Configure an S3 Lifecycle policy to expire any object that was created more than 30 days ago.

A.  

Create Amazon CloudWatch alarms that monitor the health of the ALB in each Region. Configure Route 53 DNS failover by using a health check that monitors the alarms.

B.  

Create Amazon CloudWatch alarms that monitor the health of the EC2 instances in each Region. Configure Route 53 DNS failover by using a health check that monitors the alarms.

C.  

Configure Route 53 DNS failover by using a health check that monitors the private IP address of an EC2 instance in each Region.

D.  

Configure Route 53 geoproximity routing. Specify the Regions that are used for the infrastructure.

E.  

Configure Route 53 simple routing. Specify the continent, country, and state or province that are used for the infrastructure.

A.  

Deploy and configure the Amazon CloudWatch agent on the EC2 instances to log to a CloudWatch log group. Create a metric filter on the target CloudWatch log group. Create a CloudWatch alarm that publishes to an Amazon Simple Notification Service (Amazon SNS) topic that has an email subscription.

B.  

Create a cron job on the EC2 instances to identify errors and push the errors to an Amazon CloudWatch metric filter. Configure the filter to publish to an Amazon Simple Notification Service (Amazon SNS) topic that has an SMS subscription.

C.  

Deploy an AWS Lambda function that pushes the errors directly to Amazon CloudWatch Logs. Configure the Lambda function to run every time the log file is updated on disk.

D.  

Create an Auto Scaling lifecycle hook that invokes an EC2-based script to identify errors. Configure the script to push the error messages to an Amazon CloudWatch log group when the EC2 instances scale in. Create a CloudWatch alarm that publishes to an Amazon Simple Notification Service (Amazon SNS) topic that has an email subscription when the number of error messages exceeds a threshold.

A.  

Modify the DB cluster by increasing the Aurora Replica instance size.

B.  

Modify the DB cluster by changing to serverless mode whenever the number of user connections exceeds 200.

C.  

Migrate to a new Aurora DB cluster that has multiple writer instances. Modify the application’s database connection string.

D.  

Create an auto scaling policy that has a target value of 195 for the DatabaseConnections metric.

A.  

Define a patch baseline in Systems Manager Patch Manager. Run a scan to identify affected instances and use Patch Now in each Region.

B.  

Use AWS Config to identify affected instances and then patch them.

C.  

Use EventBridge to trigger patching automatically.

D.  

Update the AMIs and manually replace instances.

A.  

Configure encryption on the existing DB instance.

B.  

Take a snapshot of the DB instance. Encrypt the snapshot. Restore the snapshot to the same DB instance.

C.  

Encrypt the standby replica in a secondary Availability Zone. Promote the standby replica to the primary DB instance.

D.  

Take a snapshot of the DB instance. Copy and encrypt the snapshot. Create a new DB instance by restoring the encrypted copy.

A.  

Implement a pilot light architecture that provides real-time data replication in the second Region. Configure Amazon Route 53 health checks and automated DNS failover.

B.  

Implement a warm standby architecture that provides regular data replication in a second Region. Configure Amazon Route 53 health checks and automated DNS failover.

C.  

Implement an active-active architecture that provides real-time data replication across two Regions. Use Amazon Route 53 health checks and a weighted routing policy.

D.  

Implement a custom script to generate a regular backup of the data and store it in an S3 bucket that is in a second Region. Use the backup to launch the application in the second Region in the event of a workload failure.

A.  

An A record

B.  

An AAAA record

C.  

An alias record

D.  

A CNAME record

A.  

Configure an IAM policy that denies the s3:DeleteObject action for all users. Remove the policy after three months.

B.  

Enable S3 Object Lock on a new S3 bucket in compliance mode. Place all backups in the new S3 bucket with a retention period of 3 months.

C.  

Enable S3 Versioning on the existing S3 bucket. Configure S3 Lifecycle rules to protect the backups.

D.  

Enable S3 Object Lock on a new S3 bucket in governance mode. Place all backups in the new S3 bucket with a retention period of 3 months.

A.  

In Account A, create a Lambda execution role to assume the role in Account B. In Account B, create a role that the function can assume to gain access to the S3 bucket.

B.  

In Account A, create a Lambda execution role that provides access to the S3 bucket. In Account B, create a role that the function can assume.

C.  

In Account A, create a role that the function can assume. In Account B, create a Lambda execution role that provides access to the S3 bucket.

D.  

In Account A, create a role that the function can assume to gain access to the S3 bucket. In Account B, create a Lambda execution role to assume the role in Account A.

A.  

Use Amazon EBS fast snapshot restore (FSR) to create a new General Purpose SSD volume from the production snapshot.

B.  

Use Amazon EBS fast snapshot restore (FSR) to create a new Provisioned IOPS SSD volume from the production snapshot.

C.  

Use Amazon EBS standard snapshot restore to create a new General Purpose SSD volume from the production snapshot.

D.  

Use Amazon EBS standard snapshot restore to create a new Provisioned IOPS SSD volume from the production snapshot.

A.  

Create a Route 53 multivalue answer routing record. Associate a health check with the record.

B.  

Configure latency-based routing with a health check in Route 53.

C.  

Configure weighted routing in Route 53.

D.  

Create another public subnet in the same Availability Zone for one of the instances.

A.  

Configure detailed monitoring for the EC2 instances. Configure the Amazon CloudWatch agent on the EC2 instances. Create an EC2 Auto Scaling group and Auto Scaling policy that is based on the mem_active metric.

B.  

Configure detailed monitoring for the EC2 instances. Use the mem_used_percent metric that the detailed monitoring feature provides. Create an IAM role that allows the CloudWatch agent to upload data. Create an EC2 Auto Scaling group and Auto Scaling policy that is based on the mem_used_percent metric.

C.  

Configure basic monitoring for the EC2 instances. Configure the Amazon CloudWatch agent on the EC2 instances. Create an IAM role that allows the CloudWatch agent to upload data. Create an EC2 Auto Scaling group and Auto Scaling policy that is based on the mem_used_percent metric.

D.  

Configure basic monitoring for the EC2 instances. Use the standard mem_used_percent metric for monitoring. Create an EC2 Auto Scaling group and Auto Scaling policy that is based on the mem_used_percent metric.

A.  

Migrate the EC2 instance to a compute optimized instance by using AWS VM Import/Export.

B.  

Enable hibernation on the EC2 instance. Change the instance type to a compute optimized instance. Disable hibernation on the EC2 instance.

C.  

Stop the EC2 instance. Change the instance type to a compute optimized instance. Start the EC2 instance.

D.  

Change the instance type to a compute optimized instance while the EC2 instance is running.

A.  

Configure the CloudFront distribution to add a custom Cache-Control header to requests for content from the S3 bucket.

B.  

Modify the distribution settings to specify the protocol as HTTPS only.

C.  

Attach the CachingOptimized managed cache policy to the distribution.

D.  

Create a CloudFront invalidation.

A.  

Create a copy of the AMI. Specify the destination S3 bucket. Set the launch permissions to implicit.

B.  

Archive the snapshot that is associated with the AMI. Specify the S3 bucket as the archive destination.

C.  

Create a store image task. Specify the image ID and the destination S3 bucket.

D.  

Use the AWS CLI copy-image command. Specify the image ID and the destination S3 bucket.

A.  

Modify the DB instance to be a Multi-AZ DB instance deployment.

B.  

Add a read replica in the same Availability Zone where the DB instance is deployed.

C.  

Add the DB instance to an Auto Scaling group that has a minimum capacity of 2 and a desired capacity of 2.

D.  

Use RDS Proxy to configure a proxy in front of the DB instance.

A.  

Replace ElastiCache (Redis OSS) with ElastiCache (Memcached).

B.  

Create an Amazon EventBridge rule to initiate a backup every hour.

C.  

Create a read replica in a second Availability Zone and enable Multi-AZ for the Redis replication group.

D.  

Enable automatic backups and restore the backups when necessary.

A.  

Configure an Amazon CloudWatch event rule that triggers on S3 PUT events and invokes an AWS Lambda function.

B.  

Create a pipeline in AWS CodePipeline with a source stage that monitors the S3 bucket for new files and invokes an AWS Lambda function.

C.  

Configure an S3 event notification to invoke an AWS Lambda function to process the new log files.

D.  

Create an AWS Step Functions state machine with a wait state that monitors the S3 bucket for new files and invokes an AWS Lambda function.

A.  

Create an AWS Lambda function that polls the objects by using the ListObjectsV2 command and detects new objects when the objects are added. Configure the Lambda function to add a message to the SQS queue when new objects are detected.

B.  

Create an event notification on the S3 bucket. Use the FIFO delivery option. Route the notifications to the existing SQS queue.

C.  

Create an Amazon SNS FIFO topic. Create an event notification on the S3 bucket. Configure the event to send messages to the SNS topic. Subscribe the existing SQS queue to the SNS topic.

D.  

Create an access point in Amazon S3 Access Points. Configure the access point to send new items to the existing SQS queue.

A.  

Configure an Auto Scaling group warm pool with stopped instances that are pre-initialized through user data. Enable instance reuse. Set a target tracking policy with an instance warmup value. Run instance refresh in batches so the replacements pull from the warm pool.

B.  

Double the health-check grace period. Disable connection draining. Use step scaling to absorb spikes during each wave. Move to more and smaller instances.

C.  

Place a Network Load Balancer in front of the ALB to absorb burst connections. Keep the Auto Scaling group maximum unchanged. Configure zero-surge rolling replacements. Disable instance reuse.

D.  

Enable predictive scaling with a 7-day forecast on the Auto Scaling group. Overlay a CPU target-tracking policy with a 300-second instance warmup. Add scheduled actions for the rollout window. Maintain zero-surge instance refresh with standard ALB health checks.

A.  

Add another node to the ElastiCache cluster.

B.  

Increase the ElastiCache TTL value.

C.  

Decrease the ElastiCache TTL value.

D.  

Migrate to a new ElastiCache cluster with larger nodes.

A.  

Create an Amazon CloudWatch alarm that is based on the website’s logs that are published to a CloudWatch Logs log group. Configure the alarm to publish an SNS notification if the number of HTTP 4xx and 5xx errors exceeds a specified threshold.

B.  

Create an Amazon CloudWatch alarm that is based on the website ' s published metrics in CloudWatch. Configure the alarm to publish an SNS notification based on anomaly detection.

C.  

Create an Amazon CloudWatch Synthetics heartbeat monitoring canary. Associate the canary with the website’s URL. Create a CloudWatch alarm for the canary. Configure the alarm to publish an SNS notification if the value of the SuccessPercent metric is less than 99%.

D.  

Create an Amazon CloudWatch Synthetics broken link checker monitoring canary. Associate the canary with the website’s URL. Create a CloudWatch alarm for the canary. Configure the alarm to publish an SNS notification if the value of the SuccessPercent metric is less than 99%.

A.  

Replace the ALB with a Network Load Balancer.

B.  

Add Elastic Load Balancing (ELB) health checks to the Auto Scaling group.

C.  

Update the target group configuration on the ALB. Enable session affinity (sticky sessions).

D.  

Install the Amazon CloudWatch agent on all instances. Configure the agent to reboot the instances.

A.  

Create an additional CloudWatch agent configuration file to capture the DHCP logs. Use AWS Systems Manager Run Command to restart the CloudWatch agent on each EC2 instance with the append-config option.

B.  

Log in to each EC2 instance with administrator rights and create a PowerShell script to push logs to CloudWatch.

C.  

Run the CloudWatch agent configuration wizard on each EC2 instance and add DHCP logs manually.

D.  

Run the CloudWatch agent configuration wizard on each EC2 instance and select the advanced detail level.

A.  

Deploy additional instances outside the Auto Scaling group. Create a new target group that includes the existing instances and the additional instances as targets. Reconfigure the ALB to direct traffic to the new target group.

B.  

Increase the maximum capacity of the Auto Scaling group. Change the instances to a burstable instance type.

C.  

Increase the maximum capacity of the Auto Scaling group. Configure a scaling policy to add instances when instance CPU utilization is greater than 80%.

D.  

Increase the desired capacity of the Auto Scaling group. Configure a scaling policy to add instances when instance CPU utilization is greater than 80%.

A.  

Enable S3 Transfer Acceleration for the S3 bucket. Create an S3 access point for the bucket. Update the application to use the access point.

B.  

Create an S3 Lifecycle configuration for the S3 bucket to move all objects to the S3 Express One Zone storage class. Update the application to use an S3 Regional endpoint.

C.  

Create a second general purpose S3 bucket in the same Region. Copy the objects from the original bucket to the new bucket. Use the S3 Express One Zone storage class to store the objects in the new bucket. Update the application to use an S3 Regional endpoint.

D.  

Create an S3 directory bucket in the same Availability Zone. Import objects from the original bucket to the new bucket. Use the S3 Express One Zone storage class to store the objects in the new bucket. Update the application to use an S3 Zonal endpoint.

A.  

Reconfigure the Lambda function so that the function is not connected to the VPC.

B.  

Deploy an RDS proxy. Configure the Lambda function to connect to the DB instance through the proxy.

C.  

Deploy a NAT gateway. Update the private subnet ' s route table to route all traffic to the NAT gateway.

D.  

Create an interface VPC endpoint for Amazon SQS in the VPC.

E.  

Create a gateway endpoint for Amazon SQS in the VPC.

A.  

Create a pipeline in AWS CodePipeline with GitHub as the source provider. Configure a CloudFormation deploy action to create change sets. Use Amazon SNS to send approval notifications.

B.  

Use CloudFormation Git sync to automatically deploy changes when developers push commits to the repository. Configure Amazon EventBridge to trigger an Amazon SNS notification after each deployment is complete.

C.  

Create an AWS Lambda function that creates the CloudFormation change sets, runs the change sets, and waits for approval. Set up an Amazon EventBridge rule to invoke the Lambda function when developers commit code to the Git repository.

D.  

Use AWS Systems Manager Automation to scan the Git repository for changes. Create a change set and deploy the CloudFormation stack.

A.  

Create an Amazon CloudWatch custom metric to monitor certificate expiration for all ACM certificates. Create an Amazon EventBridge rule that has an event source of aws.cloudwatch. Configure the rule to send an event to a target Amazon SNS topic if the DaysToExpiry metric is less than 14. Subscribe the appropriate email addresses to the SNS topic.

B.  

Create an Amazon EventBridge rule that has an event source of aws.acm. Configure the rule to evaluate the DaysToExpiry metric for all ACM certificates. Configure the rule to send an event to a target Amazon SNS topic if DaysToExpiry is less than 14. Subscribe the appropriate email addresses to the SNS topic.

C.  

Create an Amazon CloudWatch dashboard that displays the DaysToExpiry metric for all ACM certificates. If DaysToExpiry is less than 14, send an email message to the appropriate email addresses. Send the email message by running a predefined CLI command to publish to an Amazon SNS topic.

D.  

Create an Amazon EventBridge rule that has an event source of aws.acm. Configure the rule to evaluate the DaysToExpiry metric for all ACM certificates. Configure a target SMS identity that uses a predefined email template. Configure the rule to send an event to the target SMS identity if DaysToExpiry is less than 14.

A.  

Add an export field to the outputs of the first template and import the values in the second template.

B.  

Create a custom resource that queries the stack created by the first template and retrieves the required values.

C.  

Create a mapping in the first template that is referenced by the second template.

D.  

Input the names of resources in the first template and refer to those names in the second template as a parameter.

A.  

Create an Application Load Balancer (ALB) in front of the application servers with health checks for the application servers.

B.  

Create an Amazon Route 53 health check for the application servers. Attach a Network Load Balancer (NLB) in front of the application servers.

C.  

Create an AWS Lambda function that restarts an application server. Configure an Amazon CloudWatch alarm to monitor the health of the application servers. Run the function when an application is unhealthy.

D.  

Create an Amazon CloudWatch metric to monitor the health of the application servers. Route traffic by using a Network Load Balancer (NLB).

A.  

Configure an Amazon Simple Notification Service (Amazon SNS) topic to invoke the Lambda function when a user uploads a new image to the S3 bucket.

B.  

Configure an Amazon CloudWatch alarm to invoke the Lambda function when a user uploads a new image to the S3 bucket.

C.  

Configure S3 Event Notifications to invoke the Lambda function when a user uploads a new image to the S3 bucket.

D.  

Configure an Amazon Simple Queue Service (Amazon SQS) queue to invoke the Lambda function when a user uploads a new image to the S3 bucket.

A.  

Assume the OrganizationAccountAccessRole IAM role from the management account. Deploy the template in each of the accounts.

B.  

Create an AWS Lambda function to assume a role in each account. Deploy the template by using the AWS CloudFormation CreateStack API call.

C.  

Create an AWS Lambda function to query for a list of accounts. Deploy the template by using the AWS CloudFormation CreateStack API call.

D.  

Use AWS CloudFormation StackSets from the management account to deploy the template in each of the accounts.

A.  

Create an S3 access point in eu-west-2 to use as the destination for S3 replication from ap-southeast-2. Ensure all users switch to the new S3 access point.

B.  

Create an Amazon Route 53 hosted zone with a geolocation routing policy. Choose the Alias to S3 website endpoint option. Specify the S3 bucket that is in ap-southeast-2 as the source bucket.

C.  

Create a new S3 bucket in eu-west-2. Copy all contents from ap-southeast-2 to the new bucket in eu-west-2. Create an S3 access point, and associate it with both buckets. Ensure users use the new S3 access point.

D.  

Configure and activate S3 Transfer Acceleration on the S3 bucket. Use the new S3 acceleration endpoint ' s domain name for access.

A.  

Create an Amazon EventBridge rule to match AWS CloudTrail events for the RotateSecret API call with a RotationSucceeded result. Configure the rule to route matching events to the SNS topic.

B.  

Enable notifications for secret rotation in AWS Secrets Manager. Configure Secrets Manager to publish notifications to the SNS topic when secrets are rotated.

C.  

Use Amazon EventBridge to filter Amazon CloudWatch Logs for RotationSucceeded events. Route notifications for all matches to the SNS topic.

D.  

Use Amazon CloudWatch Logs to filter for RotationSucceeded events. Route notifications for all matches to the SNS topic.

A.  

Create an AWS Lambda function to change the RDS master user password. Create an Amazon EventBridge scheduled rule to invoke the Lambda function.

B.  

Create a new SecureString parameter in AWS Systems Manager Parameter Store. Encrypt the parameter with an AWS Key Management Service (AWS KMS) key. Configure automatic rotation.

C.  

Create a new String parameter in AWS Systems Manager Parameter Store. Configure automatic rotation.

D.  

Create a new RDS database secret in AWS Secrets Manager. Apply the secret to the RDS DB instance. Configure automatic rotation.

A.  

A record

B.  

Alias record

C.  

CNAME record

D.  

Pointer (PTR) record