Secure Architecture IV

Equip yourself with the necessary understanding to confidently tackle exam questions by reviewing assessment questions and explanations against all options.

We'll cover the following

Question 29
Question 30
Question 31
Question 32
Question 33
Question 34

Question 29

A company’s application performs financial transactions using a third-party API. The application consists of multiple EC2 instances in an Auto Scaling group behind an Application Load Balancer. Application data is stored on the S3 bucket. The company must share the data with the partnered company for research purposes. The partnered company has a different AWS account that requires access to the S3 bucket.

As a solutions architect, provide a solution to meet these requirements.

A. Configure AWS Macie to securely share AWS resources, such as S3 bucket.

B. Configure AWS Audit Manager to securely share AWS resources, such as S3 bucket.

C. Configure AWS Resource Access Manager to securely share AWS resources, such as S3 bucket.

D. Configure Amazon Detective to securely share AWS resources, such as S3 bucket.

Question 30

A company has multiple applications on the AWS Cloud. The applications are integrated with different AWS services performing different tasks. The company’s updated security policy requires a comprehensive AWS account and applications overview. The company is also required to automate the security assessment of its resources.

As a solutions architect, provide a solution to meet these requirements.

A. Configure AWS Security Hub for application and account overview and use AWS Inspector for security analysis of resources.

B. Configure AWS Security Hub for application and account overview and use AWS Secret Manager for security analysis of resources.

C. Configure AWS Inspector for application and account overview and use AWS Secret Manager for security analysis of resources.

D. Configure AWS Inspector for application and account overview and use AWS Security Hub for security analysis of resources.

Question 31

A company plans to host the AI image editor application on the AWS Cloud with a private connection to the on-premises network to ensure low latency and high bandwidth access. The company also wants to improve the application in segments and requires it to be highly reliable.

As a solutions architect provide a solution to meet these requirements.

A. Deploy an ECS cluster on Fargate and configure the application load balancer. Use AWS Site-to-Site VPN to only allow access from on premises only.

B. Deploy a lambda function to host the application and configure the application load balancer. Use AWS Site-to-Site VPN to allow access from on-premises only.

C. Deploy an EC2 instance to host the application and configure the application load balancer. Use AWS Direct Connect to allow access from on-premises only.

D. Deploy an ECS cluster on Fargate and configure the application load balancer. Use AWS Direct Connect to only allow access from on-premises.

Question 32

A company is migrating its on-premises application to the AWS Cloud. The application uses a large storage of 10TB files. The files are frequently accessed in the first 30 days. The company’s compliance requires maintaining a log of each action performed on the files.

As a solutions architect, provide a solution to meet these requirements.

A. Use an S3 bucket to store files and maintain versioning to keep history. Configure AWS CloudWatch to track S3 object logs.

B. Use Elastic File Storage files and maintain versioning to keep history. Configure AWS CloudWatch to track S3 object logs.

C. Use Elastic File Storage files and maintain versioning to keep history. Configure AWS CloudTrail to track S3 object logs.

D. Use an S3 bucket to store files and maintain versioning to keep history. Configure AWS CloudTrail to track S3 object logs.

Question 33

A company hosting multiple EC2 instances in a private subnet needs to access the contents of an S3 bucket in the same region. The connection between the EC2 instances and S3 must not be conducted over the internet.

How must the solutions architect configure the connection to meet these requirements?

A. Create an AWS Site-to-Site VPN connection between the EC2 instances and S3.

B. Configure EC2 instance to use NAT gateway to connect to the S3 bucket.

C. Create a gateway VPC endpoint for Amazon S3 in the VPC.

D. Create a private hosted zone using Route 53.

Question 34

A social media company wants to expand its reach to millions of users. The company wants to build a platform so that only authorized users can watch content on the social media app.

As a solutions architect, recommend a solution that meets all the requirements.

A. Use Amazon CloudFront with Signed URLs to stream content.

B. Set up an AWS Direct connection between the mobile application and AWS environment to stream content.

C. Publish content in the S3 bucket and use KMS to stream content to authorized users only.

D. Set up a VPN connection between the mobile app and the AWS environment to stream content.

Get hands-on with 1300+ tech skills courses.

Introduction

AWS Fundamentals

Understanding Cloud Computing Essentials— From Zero to Hero

Identity and Access Management

Securing AWS Resources: Managing Access with IAM

AWS IAM Permission Boundaries

Using AWS IAM Access Analyzer

Compute Services

Understanding AWS Compute Services — From Zero to Hero

Amazon EC2: Elastic Compute Cloud

Working with Instances: An Amazon EC2 Walkthrough

Managing Instance Volumes Using EBS

Networking

Understanding Networking Services in AWS—From Zero to Hero

Controlling VPC Traffic Using Network ACLs

Managing Peer Connections between Amazon Virtual Private Clouds

Accessing AWS Services over AWS PrivateLink Using VPC Endpoints

Monitoring IP Traffic Using VPC Flow Logs

Route 53

Serverless Computing

Getting to Know AWS Lambda

Building and Deploying Serverless Applications with AWS SAM

Developing RESTful Microservices with API Gateway and DynamoDB

Building a WebSocket-Based Chat Application Using API Gateway

Mastering AWS AppSync Lambda Resolvers

Application Integration

Getting Started with Amazon Simple Queue Service (SQS)

Handling Amazon SNS Notifications with AWS Lambda

Build a Fanout Serverless Architecture using SNS, SQS, and Lambda

Decoupling Serverless Applications with Amazon EventBridge

Getting Started with AWS Step Functions

Containers

Getting Started with Amazon ECS

Create an EKS Cluster and Deploy an Application

High Availability and Scalability

Managing Application Traffic Using Elastic Load Balancers

Understanding Auto Scaling Group (ASG) in AWS

Mastering Amazon EC2 Dynamic Scaling Policies

Storage

Understanding AWS Storage Options—From Zero to Hero

Simple Storage Service (S3)

Working with AWS S3 Cross-Region Replication

Resizing Images with S3 Batch Operations and AWS Lambda

Managing Data Access with Amazon S3 Access Points

File Storage and Transfer

Getting Started with Amazon FSx for Windows File Server

Databases

Working with Relational Databases: A Beginner's Guide to AWS RDS

Getting Started with Amazon Aurora Database Engine

Working with NoSQL Databases: A Beginner's Guide to AWS DynamoDB

Exploring Graphs with Amazon Neptune

Getting Started with Amazon Keyspaces

Achieving Ultra-Fast Performance Using Amazon MemoryDB for Redis

Improving Database Performance with Amazon ElastiCache for Redis

Migration and Transfer

Use of AWS Database Migration Service from Aurora MySQL to S3

Security and Compliance

Getting Started with AWS Key Management Service (KMS)

Encrypting S3 Buckets and EBS Volumes Using KMS

Protecting Web Applications Using AWS WAF

Managing Aurora DB Credentials and API Keys Using Secrets Manager

Finding Vulnerabilities on EC2 Instances Using AWS Inspector

Deployment Services

Mastering AWS Deployment Services—From Zero to Hero

CloudFormation

Getting to Know AWS CloudFormation

AWS CloudFormation Updates: Change Sets and Stack Policies

Mastering AWS CloudFormation Helper Scripts

Machine Learning

Understanding Machine Learning Services on AWS—From Zero to Hero

Deploying a Machine Learning Model with Amazon SageMaker

Getting Started with Amazon Fraud Detector

Build an Educative Chatbot with Conversational AI Using AWS Lex

Content Delivery and Optimization

Analytics

Analyzing S3 Data and CloudTrail Logs Using Amazon Athena

Getting Started with Amazon EMR

Getting Started with Amazon Redshift

Building ETL Pipelines on AWS

Create a Data Lake with Lake Formation and Analyze It with Athena