Secure Architecture II

Equip yourself with the necessary understanding to confidently tackle exam questions by reviewing assessment questions and explanations against all options.

We'll cover the following

Question 19
Question 20
Question 21
Question 22
Question 23

Question 20

A company has a web application deployed on the AWS Cloud. The web application is designed to use Application Load Balancer (ALB) to use certificates imported into Amazon Certificate Manager (ACM). The team must be notified 45 days before the expiration of each certificate.

As a Solution Architect, provide a solution to meet these requirements with the least operational overhead.

A. Configure a rule in ACM to publish a message to the Simple Notification Service topic (SNS) once 45 days are left before certificate expiration.

B. Configure an AWS Config rule to check for certificates that expire within 45 days and publish the message using the Simple Notification Service topic (SNS).

C. Configure Amazon EventBridge to listen for the ACM Certificate Approaching Expiration event in 45 days. Configure the rule to invoke the Lambda function to send a custom message/alert using a Simple Notification Service topic (SNS).

D. Configure Amazon EventBridge to listen for the ACM Certificate Approaching Expiration event in 45 days. Configure the rule to invoke the Lambda function to send a custom message/alert using a Simple Queue Service topic (SQS).

Question 21

A company has different three-tier applications on the AWS Cloud. Per the company’s new policies, the company must track configuration changes on each application independently and maintain API calls to each resource.

As a solution architect, provide a solution to meet these requirements.

A. Configure AWS CloudTrail to track configuration changes and AWS Config to record API calls.

B. Configure AWS CloudWatch to track configuration changes and AWS Config to record API calls.

C. Configure AWS Config to track configuration changes and AWS CloudTrail to record API calls.

D. Configure AWS Config to track configuration changes and AWS CloudWatch to record API calls.

Question 22

A company plans to develop REST API for its loyal club application in the ap-south-1 and us-east-2 regions. The company compliance policy requires the protection of these APIs across multiple accounts from SQL injection and cross-site scripting.

As a solution architect, provide a solution to meet these requirements with the least operational overhead.

A. Configure WAF in both regions and associate web ACLs with an API stage.

B. Configure the AWS Firewall manager in both regions and set AWS WAF rules.

C. Configure AWS Sheild in both regions and associate web ACLs with an API stage.

D. Configure AWS Sheild Advance in both regions and associate web ACLs with an API stage.

Question 23

A company plans to develop a file-sharing application. The application will use an S3 bucket for storage. The company wants to serve the files through Amazon CloudFront and does not want the files to be accessed directly through the S3 URL.

A. Configure S3 policies to grant read permissions to CloudFront only.

B. Configure an IAM role with S3 read permissions and assign the role to CloudFront.

C. Create an S3 policy and set CloudFront as the principal. Set the target as the S3 Amazon Resource Name (ARN).

D. Configure an Origin Access Control. Assign the OAC to CloudFront and restrict S3 bucket permissions to OAC only.

Get hands-on with 1300+ tech skills courses.

Introduction

AWS Fundamentals

Understanding Cloud Computing Essentials— From Zero to Hero

Identity and Access Management

Securing AWS Resources: Managing Access with IAM

AWS IAM Permission Boundaries

Using AWS IAM Access Analyzer

Compute Services

Understanding AWS Compute Services — From Zero to Hero

Amazon EC2: Elastic Compute Cloud

Working with Instances: An Amazon EC2 Walkthrough

Managing Instance Volumes Using EBS

Networking

Understanding Networking Services in AWS—From Zero to Hero

Controlling VPC Traffic Using Network ACLs

Managing Peer Connections between Amazon Virtual Private Clouds

Accessing AWS Services over AWS PrivateLink Using VPC Endpoints

Monitoring IP Traffic Using VPC Flow Logs

Route 53

Serverless Computing

Getting to Know AWS Lambda

Building and Deploying Serverless Applications with AWS SAM

Developing RESTful Microservices with API Gateway and DynamoDB

Building a WebSocket-Based Chat Application Using API Gateway

Mastering AWS AppSync Lambda Resolvers

Application Integration

Getting Started with Amazon Simple Queue Service (SQS)

Handling Amazon SNS Notifications with AWS Lambda

Build a Fanout Serverless Architecture using SNS, SQS, and Lambda

Decoupling Serverless Applications with Amazon EventBridge

Getting Started with AWS Step Functions

Containers

Getting Started with Amazon ECS

Create an EKS Cluster and Deploy an Application

High Availability and Scalability

Managing Application Traffic Using Elastic Load Balancers

Understanding Auto Scaling Group (ASG) in AWS

Mastering Amazon EC2 Dynamic Scaling Policies

Storage

Understanding AWS Storage Options—From Zero to Hero

Simple Storage Service (S3)

Working with AWS S3 Cross-Region Replication

Resizing Images with S3 Batch Operations and AWS Lambda

Managing Data Access with Amazon S3 Access Points

File Storage and Transfer

Getting Started with Amazon FSx for Windows File Server

Databases

Working with Relational Databases: A Beginner's Guide to AWS RDS

Getting Started with Amazon Aurora Database Engine

Working with NoSQL Databases: A Beginner's Guide to AWS DynamoDB

Exploring Graphs with Amazon Neptune

Getting Started with Amazon Keyspaces

Achieving Ultra-Fast Performance Using Amazon MemoryDB for Redis

Improving Database Performance with Amazon ElastiCache for Redis

Migration and Transfer

Use of AWS Database Migration Service from Aurora MySQL to S3

Security and Compliance

Getting Started with AWS Key Management Service (KMS)

Encrypting S3 Buckets and EBS Volumes Using KMS

Protecting Web Applications Using AWS WAF

Managing Aurora DB Credentials and API Keys Using Secrets Manager

Finding Vulnerabilities on EC2 Instances Using AWS Inspector

Deployment Services

Mastering AWS Deployment Services—From Zero to Hero

CloudFormation

Getting to Know AWS CloudFormation

AWS CloudFormation Updates: Change Sets and Stack Policies

Mastering AWS CloudFormation Helper Scripts

Machine Learning

Understanding Machine Learning Services on AWS—From Zero to Hero

Deploying a Machine Learning Model with Amazon SageMaker

Getting Started with Amazon Fraud Detector

Build an Educative Chatbot with Conversational AI Using AWS Lex

Content Delivery and Optimization

Analytics

Analyzing S3 Data and CloudTrail Logs Using Amazon Athena

Getting Started with Amazon EMR

Getting Started with Amazon Redshift

Building ETL Pipelines on AWS

Create a Data Lake with Lake Formation and Analyze It with Athena