A healthcare provider is planning to store patient data on AWS as PDF files. To comply with regulations, the company must encrypt the data and store the files in multiple locations. The data must be available for immediate access from any environment.
A. Store the files in an Amazon S3 bucket. Use the Standard storage class. Enable serverside
encryption with Amazon S3 managed keys (SSE-S3) on the bucket. Configure cross-
Region replication on the bucket.
B. Store the files in an Amazon Elastic File System (Amazon EFS) volume. Use an AWS
KMS managed key to encrypt the EFS volume. Use AWS DataSync to replicate the EFS
volume to a second AWS Region.
C. Store the files in an Amazon Elastic Block Store (Amazon EBS) volume. Configure AWS Backup to back up the volume on a regular schedule. Use an AWS KMS key to encrypt the backups.
D. Store the files in an Amazon S3 bucket. Use the S3 Glacier Flexible Retrieval storage class. Ensure that all PDF files are encrypted by using client-side encryption before the files are uploaded. Configure cross-Region replication on the bucket.
A company is developing a rating system for its ecommerce web application. The company needs a solution to save ratings that users submit in an Amazon DynamoDB table. The company wants to ensure that developers do not need to interact directly with the DynamoDB table. The solution must be scalable and reusable. Which solution will meet these requirements with the LEAST operational overhead?
A. Create an Application Load Balancer (ALB). Create an AWS Lambda function, and set
the function as a target group in the ALB. Invoke the Lambda function by using the
put_item method through the ALB.
B. Create an AWS Lambda function. Configure the Lambda function to interact with the
DynamoDB table by using the put-item method from Boto3. Invoke the Lambda function
from the web application.
C. Create an Amazon Simple Queue Service (Amazon SQS) queue and an AWS Lambda
function that has an SQS trigger type. Instruct the developers to add customer ratings to
the SQS queue as JSON messages. Configure the Lambda function to fetch the ratings
from the queue and store the ratings in DynamoDB.
D. Create an Amazon API Gateway REST API Define a resource and create a new POST
method Choose AWS as the integration type, and select DynamoDB as the service. Set the
action to PutItem.
A company is designing a new application that uploads files to an Amazon S3 bucket. The uploaded files are processed to extract metadata. Processing must take less than 5 seconds. The volume and frequency of the uploads vary from a few files each hour to hundreds of concurrent uploads. Which solution will meet these requirements MOST cost-effectively?
A. Configure AWS CloudTrail trails to log Amazon S3 API calls. Use AWS AppSync to
process the files.
B. Configure a new object created S3 event notification within the bucket to invoke an AWS Lambda function to process the files.
C. Configure Amazon Kinesis Data Streams to deliver the files to the S3 bucket. Invoke an AWS Lambda function to process the files.
D. Deploy an Amazon EC2 instance. Create a script that lists all files in the S3 bucket and processes new files. Use a cron job that runs every minute to run the script.
A company runs an application on EC2 instances that need access to RDS credentials stored in AWS Secrets Manager. Which solution meets this requirement?
A. Create an IAM role, and attach the role to each EC2 instance profile. Use an identitybased
policy to grant the role access to the secret.
B. Create an IAM user, and attach the user to each EC2 instance profile. Use a resourcebased
policy to grant the user access to the secret.
C. Create a resource-based policy for the secret. Use EC2 Instance Connect to access the
secret.
D. Create an identity-based policy for the secret. Grant direct access to the EC2 instances.
A company is developing a new application that will run on Amazon EC2 instances. The application needs to access multiple AWS services. The company needs to ensure that the application will not use long-term access keys to access AWS services.
A. Create an IAM user. Assign the IAM user to the application. Create programmatic access keys for the IAM user. Embed the access keys in the application code.
B. Create an IAM user that has programmatic access keys. Store the access keys in AWS Secrets Manager. Configure the application to retrieve the keys from Secrets Manager when the application runs.
C. Create an IAM role that can access AWS Systems Manager Parameter Store. Associate the role with each EC2 instance profile. Create IAM access keys for the AWS services, and store the keys in Parameter Store. Configure the application to retrieve the keys from Parameter Store when the application runs.
D. Create an IAM role that has permissions to access the required AWS services. Associate the IAM role with each EC2 instance profile.
A company stores petabytes of historical medical information on premises. The company has a process to manage encryption of the data to comply with regulations. The company needs a cloud-based solution for data backup, recovery, and archiving. The company must retain control over the encryption key material. Which combination of solutions will meet these requirements? (Select TWO.)
A. Create an AWS Key Management Service (AWS KMS) key without key material. Import
the company's key material into the KMS key.
B. Create an AWS Key Management Service (AWS KMS) encryption key that contains key
material generated by AWS KMS.
C. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA) storage. Use S3 Bucket Keys with AWS Key Management Service (AWS KMS) keys.
D. Store the data in an Amazon S3 Glacier storage class. Use server-side encryption with customer-provided keys (SSE-C).
E. Store the data in AWS Snowball devices. Use server-side encryption with AWS KMS keys (SSE-KMS).
A media company is launching a new product platform that artists from around the world can use to upload videos and images directly to an Amazon S3 bucket. The company owns and maintains the S3 bucket. The artists must be able to upload files from personal devices without the need for AWS credentials or an AWS account. Which solution will meet these requirements MOST securely?
A. Enable cross-origin resource sharing (CORS) on the S3 bucket.
B. Turn off block public access for the S3 bucket. Share the bucket URL to the artists to
enable uploads without credentials.
C. Use an IAM role that has upload permissions for the S3 bucket to generate presigned
URLs for S3 prefixes that are specific to each artist. Share the URLs to the artists.
D. Create a web interface that uses an IAM role that has permission to upload and view objects in the S3 bucket. Share the web interface URL to the artists.
A company needs to ingest and analyze telemetry data from vehicles at scale for machine learning and reporting. Which solution will meet these requirements?
A. Use Amazon Timestream for LiveAnalytics to store data points. Grant Amazon
SageMaker permission to access the data. Use Amazon QuickSight to visualize the data.
B. Use Amazon DynamoDB to store data points. Use DynamoDB Connector to ingest data into Amazon EMR for processing. Use Amazon QuickSight to visualize the data.
C. Use Amazon Neptune to store data points. Use Amazon Kinesis Data Streams to ingest data into a Lambda function for processing. Use Amazon QuickSight to visualize the data.
D. Use Amazon Timestream for LiveAnalytics to store data points. Grant Amazon SageMaker permission to access the data. Use Amazon Athena to visualize the data.
A company is creating a low-latency payment processing application that supports TLS connections from IPv4 clients. The application requires outbound access to the public internet. Users must access the application from a single entry point. The bank wants to use Amazon Elastic Container Service (Amazon ECS) tasks to deploy the application. The company wants to enable AWSVPC network mode. Which solution will meet these requirements MOST securely?
A. Create a VPC that has an internet gateway, public subnets, and private subnets. Deploy
a Network Load Balancer and a NAT gateway in the public subnets. Deploy the ECS tasks
in the private subnets.
B. Create a VPC that has an outbound-only internet gateway, public subnets, and private
subnets. Deploy an Application Load Balancer and a NAT gateway in the public subnets.
Deploy the ECS tasks in the private subnets.
C. Create a VPC that has an internet gateway, public subnets, and private subnets. Deploy
an Application Load Balancer in the public subnets. Deploy the ECS tasks in the public
subnets.
D. Create a VPC that has an outbound-only internet gateway, public subnets, and private
subnets. Deploy a Network Load Balancer in the public subnets. Deploy the ECS tasks in
the public subnets.
A company has developed an API using an Amazon API Gateway REST API and AWS Lambda functions. The API serves static and dynamic content to users worldwide. The company wants to decrease the latency of transferring content for API requests. Options:
A. Deploy the REST API as an edge-optimized API endpoint. Enable caching. Enable content encoding in the API definition to compress the application data in transit.
B. Deploy the REST API as a Regional API endpoint. Enable caching. Enable content
encoding in the API definition to compress the application data in transit.
C. Deploy the REST API as an edge-optimized API endpoint. Enable caching. Configure
reserved concurrency for the Lambda functions.
D. Deploy the REST API as a Regional API endpoint. Enable caching. Configure reserved
concurrency for the Lambda functions.