Secure Architecture III

Equip yourself with the necessary understanding to confidently tackle exam questions by reviewing assessment questions and explanations against all options.

We'll cover the following

Question 24

A company has multiple AWS accounts maintained using AWS Organizations. The company wants to restrict the usage of services to different teams. As a solutions architect provide a scalable solution to maintain permissions at a single point.

A. Configure an ACL to provide access to services.

B. Configure the Security group to limit access to services.

C. Create cross-account roles to limit access to services.

D. Configure a service control policy to deny services in the AWS Organizations account.

Question 25

A company has multiple EC2 instances running in the private subnet of a VPC behind an ALB under an Auto Scaling group. The company plans to add an Amazon DynamoDB table; the EC2 instances must communicate securely with the DynamoDB table.

A. Configure a VPC endpoint for the DynamoDB.

B. Configure a NAT gateway in the private subnet.

C. Configure a NAT gateway in the public subnet.

D. Configure an internet gateway in the public subnet.

Question 26

A company is migrating its on-premises application to AWS Cloud. The company compliance policy requires protection against cross-site encryption and SQL injection. The company has a minimal team and is required to reduce the share of responsibility in managing, updating, and securing servers in the cloud.

As a solutions architect, provide a solution to meet these requirements.

A. Configure AWS WAF rules and attach them to ALB.

B. Configure AWS Shield and attach it to the ALB.

C. Deploy and Configure AWS Shield Advanced and attach it to ALB.

D. Configure AWS CloudFront and attach it in front of ALB.

Question 27

A company is hosting an application on EC2 instances behind an Application load balancer. The Application Load Balancer is configured to separately handle HTTP and HTTPS requests. The company’s new compliance policy requires that requests forwarded to the instances are HTTPS only.

As a solutions architect, provide a solution to meet these requirements.

A. Configure a listener rule on ALB to redirect HTTP to HTTPS.

B. Configure a listener rule on ALB to redirect HTTPS to HTTP.

C. Configure a Web Application Firewall (WAF) rule that blocks all incoming HTTP requests to the ALB.

D. Configure EC2 instances to reject any incoming HTTP requests directly.

Question 28

A company is migrating its application from on-premises to AWS Cloud. The application consists of multiple EC2 instances in an Auto Scaling group behind an Application Load Balancer. The application performs financial transactions using a third-party API. The company compliance policy requires active monitoring of resources to help avoid malicious attempts.

As a solutions architect, provide a solution to meet these requirements. 

A. Configure AWS Macie to continuously monitor and analyze log data from various AWS services.

B. Configure AWS Audit Manager to continuously monitor and analyze log data from various AWS services. 

C. Configure AWS Resource Access Manager to continuously monitor and analyze log data from various AWS services.

D. Configure Amazon GuardDuty to continuously monitor and analyze log data from various AWS services.

Get hands-on with 1300+ tech skills courses.