Question: 1
A solutions architect has created a new AWS account and must secure AWS account root user access
Which combination of actions will accomplish this? (Select TWO.)
A. Ensure the root user uses a strong password
B. Enable multi-factor authentication to the root user
C. Store root user access keys in an encrypted Amazon S3 bucket
D. Add the root user to a group containing administrative permissions.
F. Apply the required permissions to the root user with an inline policy document
Answer: BC
Explanation:
Question: 2
A company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB)
The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones On the first day of every month at midnight the application becomes much slower when the month-end financial calculation batch executes This causes the CPU utilization of the EC2 instances to immediately peak to 100%. which disrupts the application What should a solutions architect recommend to ensure the application is able to handle the workload and avoid downtime?
A. Configure an Amazon CloudFront distribution in front of the ALB
B. Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization
C. Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule.
D. Configure Amazon ElastiCache to remove some of the workload from the EC2 instances
Answer: C
Question: 3
A company is migrating from an on-premises infrastructure to the AWS Cloud One of the company's
applications stores files on a Windows file server farm that uses Distributed File System Replication
(DFSR) to keep data in sync A solutions architect needs to replace the file server farm
Which service should the solutions architect use?
A. Amazon EFS
B. Amazon FSx
C. Amazon S3
D. AWS Storage Gateway
Answer: A
Question: 4
A company's website is used to sell products to the public The site runs on Amazon EC2 instances in
an Auto Scaling group behind an Application Load Balancer (ALB) There is also an Amazon CloudFront distribution and AWS WAF is being used to protect against SQL injection attacks The ALB is the origin for the CloudFront distribution A recent review of security logs revealed an external malicious IP that needs to be blocked from accessing the website What should a solutions architect do to protect the application"?
A. Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP
address
B. Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP
address
C. Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the
malicious IP address
D. Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the
malicious IP address
Answer: D
Question: 5
A marketing company is storing CSV files in an Amazon S3 bucket for statistical analysis An
application on an Amazon EC2 instance needs permission to efficiently process the CSV data stored in
the S3 bucket. Which action will MOST securely grant the EC2 instance access to the S3 bucket?
A. Attach a resource-based policy to the S3 bucket
B. Create an 1AM user for the application with specific permissions to the S3 bucket
C. Associate an 1AM role with least privilege permissions to the EC2 instance profile
D. Store AWS credentials directly on the EC2 instance for applications on the instance to use for API
calls
Answer: C
Source Link:
No comments:
Post a Comment