You have private video content in S3 that you want to serve to subscribed users on the Internet. User IDs, credentials, and subscriptions are stored in an Amazon
RDS database.
Which configuration will allow you to securely serve private content to your users?
A
ג€You can optionally secure the content in your Amazon S3 bucket so users can access it through CloudFront but cannot access it directly by using Amazon S3
URLs. This prevents anyone from bypassing CloudFront and using the Amazon S3 URL to get content that you want to restrict access to. This step isn't required to use signed URLs, but we recommend it.ג€
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html
In AWS, which security aspects are the customer's responsibility? (Choose four.)
BCDF
An application you maintain consists of multiple EC2 instances in a default tenancy VPC. This application has undergone an internal audit and has been determined to require dedicated hardware for one instance. Your compliance team has given you a week to move this instance to single-tenant hardware.
Which process will have minimal impact on your application while complying with this requirement?
D
You cannot change the tenancy of a default instance after you've launched it.
You can change the tenancy of an instance from ג€dedicatedג€ to ג€hostג€ after you've launched it, and vice versa.
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/dedicated-instance.html#dedicated-apichanges
A .NET application that you manage is running in Elastic Beanstalk. Your developers tell you they will need access to application log files to debug issues that arise. The infrastructure will scale up and down.
How can you ensure the developers will be able to access only the log files?
D
Reference:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.loggingS3.title.html
Your mission is to create a lights-out datacenter environment, and you plan to use AWS OpsWorks to accomplish this. First you created a stack and added an App
Server layer with an instance running in it. Next you added an application to the instance, and now you need to deploy a MySQL RDS database instance.
Which of the following answers accurately describe how to add a backend database server to an OpsWorks stack? (Choose three.)
ACE
A user needs to put sensitive data in an Amazon S3 bucket that can be accessed through an S3 VPC endpoint only. The user must ensure that resources in the
VPC can only access the single S3 bucket.
Which combination of actions will meet the requirements? (Choose two.)
BD
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies-vpc-endpoint.html
A corporate website is hosted on several Amazon EC2 instances across multiple regions around the globe.
How should an Administrator configure the website to maintain high availability with minimal downtime if one of the regions has network connectivity congestion for an extended period of time?
D
Reference:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-complex-configs.html
A database running on Amazon EC2 requires sustained IOPS performance.
Which kind of Amazon EBS volume should an Administrator choose for this solution?
C
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html
What does the `configure` command allow an Administrator to do when setting up the AWS CLI? (Choose two.)
BE
An Administrator has an Amazon EC2 instance with an IPv6 address. The Administrator needs to prevent direct access to this instance from the Internet.
The Administrator should place the EC2 instance in a:
B
