AWS Certified Solutions Architect - Associate SAA-C03 證照考古題
AWS 架構師證照考古題大全20241118
Amazon Web Service(AWS 亞馬遜)全系列考古題,2024年最新題庫,持續更新,全網最完整。AWS 證照含金量高,自我進修、跨足雲端產業必備近期版本更新,隨時追蹤最新趨勢變化。
QUESTION 681
A media company stores movies in Amazon S3. Each movie is stored in a single video file that ranges from 1 GB to 10 GB in size.
The company must be able to provide the streaming content of a movie within 5 minutes of a user purchase. There is higherdemand for movies that are less than 20 years old than for movies that are more than 20 years old. The company wants to minimize hosting service costs based on demand.
Which solution will meet these requirements?
A. Store all media content in Amazon S3. Use S3 Lifecycle policies to move media data into the Infrequent Access tier when the demand for a movie decreases
B. Store newer movie video files in S3 Standard. Store older movie video files in S3 Standard-Infrequent Access (S3Standard-IA). When a user orders an older movie, retrieve the video file by using standard retrieval
C. Store newer movie video files in S3 Intelligent-Tiering. Store older movie video files in S3 Glacier Flexible Retrieval. When auser orders an older movie, retrieve the video file by using expedited retrieval
D. Store newer movie video files in S3 Standard. Store older movie video files in S3 Glacier Flexible Retrieval. When a user orders an older movie. retrieve the video file by using bulk retrieval
Correct Answer: B
Section: (none)
QUESTION 682
A company wants to analyze and generate reports to track the usage of its mobile app. The app is popular and has a global user base. The company uses a custom report building program to analyze application usage.
The program generates multiple reports during the last week of each month. The program takes less than 10 minutes to produce each report. The company rarely uses the program to generate reports outside of the last week of each month. Thecompany wants to generate reports in the least amount of time when the reports are requested.
Which solution will meet these requirements MOST cost-effectively?
A. Run the program by using Amazon EC2 On-Demand Instances. Create an Amazon EventBridge rule to start the EC2instances when reports are requested. Run the EC2 instances continuously during the last week of each month
B. Run the program in AWS Lambda. Create an Amazon EventBridge rule to run a Lambda function when reports are requested
C. Run the program in Amazon Elastic Container Service (Amazon ECS). Schedule Amazon ECS to run the program when reports are requested
D. Run the program by using Amazon EC2 Spot Instances. Create an Amazon EventBridge rule to start the EC2 instanceswhen reports are requested. Run the EC2 instances continuously during the last week of each month
Correct Answer: B
Section: (none)
QUESTION 683
A company's software development team needs an Amazon RDS Multi-AZ cluster. The RDS cluster will serve as a backendfor a desktop client that is deployed on premises. The desktop client requires direct connectivity to the RDS cluster.
The company must give the development team the ability to connect to the cluster by using the client when the team is in the office.
Which solution provides the required connectivity MOST securely?
A. Create a VPC and two public subnets. Create the RDS cluster in the public subnets. Use AWS Site-to- Site VPN with a customer gateway in the company's office
B. Create a VPC and two private subnets. Create the RDS cluster in the private subnets. Use AWS Site-to- Site VPN with a customer gateway in the company's office
C. Create a VPC and two private subnets. Create the RDS cluster in the private subnets. Use RDS security groups to allow the company's office IP ranges to access the cluster.
D. Create a VPC and two public subnets. Create the RDS cluster in the public subnets. Create a cluster user for each developer. Use RDS security groups to allow the users to access the cluster
Correct Answer: C
Section: (none)
QUESTION 684
A company wants to migrate an on-premises legacy application to AWS.The application ingests customer order files from an on-premises enterprise resource planning (ERP) system.The application then uploads the files to an SFTP server. The application uses a scheduled job that checks for order files every hour. The company already has an AWS account that has connectivity to the on-premises network. The new application on AWS must support integration with the existing ERP system. The new application must be secure and resilient and must use the SFTP protocol to process orders from the ERP system immediately. Which solution will meet these requirements?
A. Create an AWS Transfer Family SFTP internet-facing server in two Availability Zones. Use Amazon S3 storage. Create an AWS Lambda function to process order files. Use S3 Event Notifications to send s3:ObjectCreated:* events to the Lambda function
B. Create an AWS Transfer Family SFTP internet-facing server in one Availability Zone. Use Amazon Elastic File System (Amazon EFS) storage. Create an AWS Lambda function to process order files. Use a Transfer Family managed workflow to invoke the Lambda function
C. Create an AWS Transfer Family SFTP internal server in two Availability Zones. Use Amazon Elastic File
System (Amazon EFS) storage. Create an AWS Step Functions state machine to process order files. Use AmazonEventBridge Scheduler to invoke the state machine to periodically check Amazon EFS for order files
D. Create an AWS Transfer Family SFTP internal server in two Availability Zones. Use Amazon S3 storage. Create anAWS Lambda function to process order files. Use a Transfer Family managed workflow to invoke the Lambda function
Correct Answer: B
Section: (none)
QUESTION 685
A company is building a microservices-based application that will be deployed on Amazon Elastic Kubernetes Service(Amazon EKS). The microservices will interact with each other. The company wants to ensure that the application is observable to identify performance issues in the future.
Which solution will meet these requirements?
A. Configure the application to use Amazon ElastiCache to reduce the number of requests that are sent to the microservices
B. Configure Amazon CloudWatch Container Insights to collect metrics from the EKS clusters. Configure AWS X-Ray to trace the requests between the microservices
C. Configure AWS CloudTrail to review the API calls. Build an Amazon QuickSight dashboard to observe the microservice interactions
D. Use AWS Trusted Advisor to understand the performance of the application
Correct Answer: B
Section: (none)
QUESTION 686
A company has deployed its application on Amazon EC2 instances with an Amazon RDS database. The company used the principle of least privilege to configure the database access credentials.
The company's security team wants to protect the application and the database from SQL injection and other web-based attacks.
Which solution will meet these requirements with the LEAST operational overhead?
A. Use security groups and network ACLs to secure the database and application servers
B. Use AWS WAF to protect the application. Use RDS parameter groups to configure the security settings
C. Use AWS Network Firewall to protect the application and the database
D. Use different database accounts in the application code for different functions. Avoid granting excessive privileges to the database users
Correct Answer: D
Section: (none)
QUESTION 687
A company has deployed an application in an AWS account. The application consists of microservices that run on AWS Lambda and Amazon Elastic Kubernetes Service (Amazon EKS). A separate team supports each microservice. The company has multipleAWS accounts and wants to give each team its own account for its microservices.
A solutions architect needs to design a solution that will provide service-to-service communication over HTTPS (port 443). The solution also must provide a service registry for service discovery.
Which solution will meet these requirements with the LEAST administrative overhead?
A. Create an inspection VPC. Deploy an AWS Network Firewall firewall to the inspection VPC. Attach the inspection VPC to anew transit gateway. Route VPC-to-VPC traffic to the inspection VPC. Apply firewall rules to allow only HTTPS communication
B. Create a VPC Lattice service network. Associate the microservices with the service network. Define HTTPS listeners foreach service. Register microservice compute resources as targets. Identify VPCs that need to communicate with the services. Associate those VPCs with the service network
C. Create a Network Load Balancer (NLB) with an HTTPS listener and target groups for each microservice. Create an AWSPrivateLink endpoint service for each microservice. Create an interface VPC endpoint in each VPC that needs to consume that microservice
D. Create peering connections between VPCs that contain microservices. Create a prefix list for each service that requires aconnection to a client. Create route tables to route traffic to the appropriate VPC Create security groups to allow only HTTPS communication
Correct Answer: C
Section: (none)
QUESTION 688
A company needs to use its on-premises LDAP directory service to authenticate its users to the AWS Management Console. Thedirectory service is not compatible with Security Assertion Markup Language (SAML).
Which solution meets these requirements?
A. Enable AWS IAM Identity Center (AWS Single Sign-On) between AWS and the on-premises LDAP
B. Create an IAM policy that uses AWS credentials. and integrate the policy into LDAP
C. Set up a process that rotates the IAM credentials whenever LDAP credentials are updated
D. Develop an on-premises custom identity broker application or process that uses AWS Security Token Service (AWS STS) to get short-lived credentials
Correct Answer: D
Section: (none)
QUESTION 689
A company's ecommerce website has unpredictable traffic and uses AWS Lambda functions to directly access a privateAmazon RDS for PostgreSQL DB instance. The company wants to maintain predictable database performance and ensure that the Lambda invocations do not overload the database with too many connections.
What should a solutions architect do to meet these requirements?
A. Point the client driver at an RDS custom endpoint. Deploy the Lambda functions inside a VPC
B. Point the client driver at an RDS proxy endpoint. Deploy the Lambda functions inside a VPC
C. Point the client driver at an RDS custom endpoint. Deploy the Lambda functions outside a VPC
D. Point the client driver at an RDS proxy endpoint. Deploy the Lambda functions outside a VPC
Correct Answer: B
Section: (none)
QUESTION 690
A company has a nightly batch processing routine that analyzes report files that an on-premises file system receives dailythrough SFTP. The company wants to move the solution to the AWS Cloud. The solution must be highly available and resilient. The solution also must minimize operational effort.
Which solution meets these requirements?
A. Deploy AWS Transfer for SFTP and an Amazon Elastic File System (Amazon EFS) file system for storage. Use anAmazon EC2 instance in an Auto Scaling group with a scheduled scaling policy to run the batch operation
B. Deploy an Amazon EC2 instance that runs Linux and an SFTP service. Use an Amazon Elastic Block Store (Amazon EBS) volume for storage. Use an Auto Scaling group with the minimum number of instances and desired number of instances set to 1
C. Deploy an Amazon EC2 instance that runs Linux and an SFTP service. Use an Amazon Elastic File System (AmazonEFS) file system for storage. Use an Auto Scaling group with the minimum number of instances and desired number of instances set to
D. Deploy AWS Transfer for SFTP and an Amazon S3 bucket for storage. Modify the application to pull the batch files from Amazon S3 to an Amazon EC2 instance for processing. Use an EC2 instance in an Auto Scaling group with a scheduled scaling policy to run the batch operation
Correct Answer: D
Section: (none)
QUESTION 691
To meet security requirements,a company needs to encrypt all of its application data in transit while communicating with anAmazon RDS MySQL DB instance.A recent security audit revealed that encryption at rest is enabled using AWS KeyManagement Service (AWS KMS), but data in transit is not enabled.
What should a solutions architect do to satisfy the security requirements?
A. Enable IAM database authentication on the database
B. Provide self-signed certificates. Use the certificates in all connections to the RDS instance
C. Take a snapshot of the RDS instance. Restore the snapshot to a new instance with encryption enabled
D. Download AWS-provided root certificates. Provide the certificates in all connections to the RDS instance.
Correct Answer: D
Section: (none)
QUESTION 692
A solutions architect must provide an automated solution for a company's compliance policy that states security groups cannotinclude a rule that allows SSH from 0.0.0.0/0. The company needs to be notified if there is any breach in the policy. A solution is needed as soon as possible.
What should the solutions architect do to meet these requirements with the LEAST operational overhead?
A. Write an AWS Lambda script that monitors security groups for SSH being open to 0.0.0.0/0 addresses and creates a notification every time it finds one
B. Enable the restricted-ssh AWS Config managed rule and generate an Amazon Simple Notification Service (Amazon SNS) notification when a noncompliant rule is created
C. Create an IAM role with permissions to globally open security groups and network ACLs. Create an Amazon SimpleNotification Service (Amazon SNS) topic to generate a notification every time the role is assumed by a use
D. Configure a service control policy (SCP) that prevents non-administrative users from creating or editing security groups. Create a notification in the ticketing system when a user requests a rule that needs administrator permissions
Correct Answer: B
Section: (none)
QUESTION 693
A company has users all around the world accessing its HTTP-based application deployed on Amazon EC2 instances in multiple AWS Regions.The company wants to improve the availability and performance of the application. The company also wants to protect the application against common web exploits that may affect availability, compromise security, or consume excessiveresources. Static IP addresses are required. What should a solutions architect recommend to accomplish this?
A. Put the EC2 instances behind Network Load Balancers (NLBs) in each Region. Deploy AWS WAF on the NLBs. Create an accelerator using AWS Global Accelerator and register the NLBs as endpoints
B. Put the EC2 instances behind Application Load Balancers (ALBs) in each Region. Deploy AWS WAF on the ALBs. Create an accelerator using AWS Global Accelerator and register the ALBs as
endpoints
C. Put the EC2 instances behind Network Load Balancers (NLBs) in each Region. Deploy AWS WAF on the NLBs. Create an Amazon CloudFront distribution with an origin that uses Amazon Route
latency-based routing to route requests to the NLBs
D. Put the EC2 instances behind Application Load Balancers (ALBs) in each Region. Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the ALBs. Deploy AWS WAF on the CloudFront distribution
Correct Answer: B
Section: (none) QUESTION 694
A company is designing the architecture for a new mobile app that uses the AWS Cloud. The company uses organizationalunits (OUs) in AWS Organizations to manage its accounts. The company wants to tag Amazon EC2 instances with data sensitivity by using values of sensitive and nonsensitive. IAM identities must not be able to delete a tag or create instances without a tag.
Which combination of steps will meet these requirements? (Select TWO.)
A. In Organizations, create a new tag policy that specifies the data sensitivity tag key and the required values. Enforce the tag values for the EC2 instances. Attach the tag policy to the appropriate OU
B. In Organizations, create a new service control policy(SCP) that specifies the data sensitivity tag key and the required tagvalues. Enforce the tag values for the EC2 instances. Attach the SCP to the appropriate OU
C. Create a tag policy to deny running instances when a tag key is not specified. Create another tag policy that prevents identities from deleting tags. Attach the tag policies to the appropriate OU
D. Create a service control policy(SCP) to deny creating instances when a tag key is not specified. Create another SCP that prevents identities from deleting tags. Attach the SCPs to the appropriate OU
E. Create an AWS Config rule to check if EC2 instances use the data sensitivity tag and the specified values. Configure anAWS Lambda function to delete the resource if a noncompliant resource is found
Correct Answer: AD
Section: (none)
QUESTION 695
A company sets up an organization in AWS Organizations that contains 10 AWS accounts. A solutions architect must design asolution to provide access to the accounts for several thousand employees. The company has an existing identity provider (IdP). The company wants to use the existing IdP for authentication to AWS.
Which solution will meet these requirements?
A. Create IAM users for the employees in the required AWS accounts. Connect IAM users to the existing IdP. Configure federated authentication for the IAM users
B. Set up AWS account root users with user email addresses and passwords that are synchronized from the existing IdP
C. Configure AWS IAM Identity Center (AWS Single Sign-On). Connect IAM Identity Center to the existing IdP. Provision users and groups from the existing IdP
D. Use AWS Resource Access Manager (AWS RAM) to share access to the AWS accounts with the users in the existing IdP
Correct Answer: C
Section: (none)
QUESTION 696
A company plans to migrate to AWS and use Amazon EC2 On-Demand Instances for its application. During the migrationtesting phase, a technical team observes that the application takes a long time to launch and load memory to become fully productive.
Which solution will reduce the launch time of the application during the next testing phase?
A. Launch two or more EC2 On-Demand Instances. Turn on auto scaling features and make the EC2 On- Demand Instances available during the next testing phase
B. Launch EC2 Spot Instances to support the application and to scale the application so it is available during the next testing phase
C. Launch the EC2 On-Demand Instances with hibernation turned on. Configure EC2 Auto Scaling warm pools during the next testing phase
D. Launch EC2 On-Demand Instances with Capacity Reservations. Start additional EC2 instances during the next testing phase
Correct Answer: C
Section: (none)
QUESTION 697
A city has deployed a web application running on Amazon EC2 instances behind an Application Load
Balancer (ALB). The application's users have reported sporadic performance which appears to be related to DDoS attacks originating from random IP addresses. The city needs a solution that requires minimal configuration changes and provides an audit trail for the DDoS sources.
Which solution meets these requirements?
A. Enable an AWS WAF web ACL on the ALB, and configure rules to block traffic from unknown sources
B. Subscribe to Amazon Inspector. Engage the AWS DDoS Response Team (DRT) to integrate mitigating controls into the service
C. Subscribe to AWS Shield Advanced. Engage the AWS DDoS Response Team (DRT) to integrate mitigating controls into the service
D. Create an Amazon CloudFront distribution for the application, and set the ALB as the origin. Enable an AWS WAF web ACL on the distribution, and configure rules to block traffic from unknown sources
Correct Answer: C
Section: (none)
QUESTION 698
A marketing team wants to build a campaign for an upcoming multi-sport event. The team has news reports from the past fiveyears in PDF format. The team needs a solution to extract insights about the content and the sentiment of the news reports. The solution must use Amazon Textract to process the news reports.
Which solution will meet these requirements with the LEAST operational overhead?
A. Provide the extracted insights to Amazon Athena for analysis. Store the extracted insights and analysis in an Amazon S3 bucket
B. Store the extracted insights in an Amazon DynamoDB table. Use Amazon SageMaker to build a sentiment model
C. Provide the extracted insights to Amazon Comprehend for analysis. Save the analysis to an Amazon S3 bucket
D. Store the extracted insights in an Amazon S3 bucket. Use Amazon QuickSight to visualize and analyze the data
Correct Answer: C
Section: (none)
QUESTION 699
A company has an application that uses an Amazon DynamoDB table for storage. A solutions architect discovers that manyrequests to the table are not returning the latest data The company's users have not reported any other issues with database performance. Latency is in an acceptable range.
Which design change should the solutions architect recommend?
A. Add read replicas to the table
B. Use a global secondary index(GSl)
C. Request strongly consistent reads for the table
D. Request eventually consistent reads for the table
Correct Answer: C
Section: (none)
QUESTION 700
A company's website is used to sell products to the public. The site runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). There is also an Amazon CloudFront distribution and AWS WAF is being used to protect against SQL injection attacks.
The ALB is the origin for the CloudFront distribution. A recent review of security logs revealed an external malicious IP that needsto be blocked from accessing the website. What should a solutions architect do to protect the application?
A. Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP address
B. Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address
C. Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the malicious
IP address
D. Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the malicious IP address
Correct Answer: B
Section: (none)
QUESTION 701
A company has an on-premises data center that is running out of storage capacity. The company wants to migrate its storage infrastructure to AWS while minimizing bandwidth costs. The solution must allow for immediate retrieval of data at no additional cost.
How can these requirements be met?
A. Deploy Amazon S3 Glacier Vault and enable expedited retrieval. Enable provisioned retrieval capacity for the workload
B. Deploy AWS Storage Gateway using cached volumes.
Use Storage Gateway to store data in Amazon S3 while retaining copies of frequently accessed data subsets locally.
C. Deploy AWS Storage Gateway using stored volumes to store data locally.
Use Storage Gateway to asynchronously back up point-in-time snapshots of the data to Amazon S3
D. Deploy AWS Direct Connect to connect with the on-premises data center. Configure AWS Storage Gateway to store data locally.
Use Storage Gateway to asynchronously bacK up potnt-tn-time snapshots of the data to Amazon S3.
Correct Answer: B
Section: (none)
QUESTION 702
A development team is collaborating with another company to create an integrated product. The other company needs to accessan Amazon Simple Queue Service (Amazon SQS) queue that is contained in the development team's account. The othercompany wants to poll the queue without giving up its own account permissions to do so.
How should a solutions architect provide access to the SQS queue?
A. Create an instance profile that provides the other company access to the SQS queue.
B. Create an IAM policy that provides the other company access to the SQS queue.
C. Create an SQS access policy that provides the other company access to the SQS queue.
D. Create an Amazon Simple Notification Service (Amazon SNS) access policy that provides the other company access to the SQS queue.
Correct Answer: C
Section: (none)
QUESTION 703
A company has NFS servers in an on-premises data center that need to periodically back up small amounts of data to Amazon S3.
Which solution meets these requirements and is MOST cost-effective?
A. Set up AWS Glue to copy the data from the on-premises servers to Amazon S3.
B. Set up an AWS DataSync agent on the on-premises servers, and sync the data to Amazon S3.
C. Set up an SFTP sync using AWS Transfer for SFTP to sync data from on premises to Amazon S3.
D. Set up an AWS Direct Connect connection between the on-premises data center and a VPC, and copy the data to Amazon S3.
Correct Answer: B
Section: (none)
QUESTION 704
A company designed a stateless two-tier that uses Amazon EC2 in a single Availability Zone and an Amazon RDS multi-AZ DB instance.
New company management wants to ensure the application is highly available. What should a solutions architect do to meet this requirement?
A. Configure the application to use Multi-AZ EC2 Auto Scaling and create an Application Load Balancer.
B. Configure the application to take snapshots of the EC2 instances and sends them to a different AWS Region.
C. Configure the application to use Amazon Route 53 latency-based routing to feed requests to the application.
D. Configure Amazon Route 53 rules to handle incoming requests and create a multi-AZ Application Load Balancer.
Correct Answer: A
Section: (none)
QUESTION 705
A company has deployed a multiplayer game for mobile devices. The game requires live location tracking of players based on latitude and longitude. The data store for the game must support rapid updates and retrieval of locations.
The game uses an Amazon RDS for PostgresQL DB instance with read replicas to store the location data During peak usageperiods the database is unable to maintain the performance that is needed for reading and writing updates. The game's user base is increasing rapidly. What should a solutions architect do to improve the performance of the data tier?
A. Take a snapshot of the existing DB instance. Restore the snapshot with Multi-AZ enabled
B. Migrate from Amazon RDS to Amazon Elasticsearch Service (Amazon ES) with Kibana
C. Deploy Amazon DynamoDB Accelerator (DAX) in front of the existing DB instance. Modify the game to use DAX
D. Deploy an Amazon ElastiCache for Redis cluster in front of the existing DB instance. Modify the game to use Redis.
Correct Answer: C
Section: (none)
QUESTION 706
A company is deploying a new application to Amazon Elastic Kubermetes Service (Amazon EKS) with an AWS Fargate cluster. The application needs a storage solution for data persistence. The solution must be highly available and fault tolerant Thesolution also must be shared between multiple application containers. Which solution will meet these requirements with the LEAST operational overhead?
A. Create Amazon Elastic Block Store (Amazon EBS) volumes in the same Availability Zones where EKS worker nodes are placed. Register the volumes in a StorageClass object on an EKS cluster Use EBS Multi-Attach to share the data between containers.
B. Create an Amazon Elastic File System (Amazon EFS) file system. Register the file system in a StorageClass object on an EKS cluster Use the same file system for all containers.
C. Create an Amazon Elastic Block Store (Amazon EBS) volume. Register the volume in a StorageClass object on an EKS cluster. Use the same volume for all containers.
D. Create Amazon Elastic File System (Amazon EFS) file systems in the same Availability Zones where EKS worker nodes are placed. Register the file systems in a StorageClass object on an EKS cluster Create an AWS Lambda function to synchronize the data between file systems.
Correct Answer: B
Section: (none)
QUESTION 707
A company has a new mobile app Anywhere in the world, users can see local news on topics they choose. Users also can postphotos and videos from inside the app. Users access content often in the first minutes after the content is posted. New content quickly replaces older content, and then the older content disappears. The local nature of the news means that users consume 90% of the content within the AWS Region where it is uploaded. Which solution will optimize the user experience by providing the LOWEST latency for content uploads?
A. Upload and store content in Amazon S3 Use Amazon CloudFront for the uploads.
B. Upload and store content in Amazon S3 Use S3 Transfer Acceleration for the uploads.
C. Upload content to Amazon EC2 instances in the Region that is closest to the user. Copy the data to Amazon S3
D. Upload and store content in Amazon S3 in the Region that is closest to the user. Use multiple distributions of Amazon CloudFront.
Correct Answer: B
Section: (none)
QUESTION 708
A solutions architect is designing a user authentication solution for a company. The solution must invoke two-factor authentication for users that log in from inconsistent geographical locations, IP addresses. or devices. The solution must also be able to scale up to accommodate millions of users.
Which solution will meet these requirements?
A. Configure Amazon Cognito user pools for user authentication. Enable the risk-based adaptive authentication feature with multi-factor authentication (MFA)
B. Configure Amazon Cognito identity pools for user authentication. Enable multi-factor authentication (MFA)
C. Configure AWS Identity and Access Management (IAM) users for user authentication. Attach an IAM policy that allows the AllowManageOwnUserMFA action
D. Configure AWS IAM Identity Center (AWS Single Sign-On) authentication for user authentication. Configure the permission sets to require multi-factor authentication (MFA)
Correct Answer: A
Section: (none)
QUESTION 709
A company uses AWS Organizations for its multi-account AWS setup. The security organizational unit (OU) of the companyneeds to share approved Amazon Machine Images (AMIs) with the development OU. The AMls are created by using AWS Key Management Service (AWS KMS) encrypted snapshots.
Which solution will meet these requirements? (Select TWO.)
A. Add the development team's OU Amazon Resource Name (ARN) to the launch permission list for the AMls
B. Add the Organizations root Amazon Resource Name (ARN) to the launch permission list for the AMls
C. Update the key policy to allow the development team's OU to use the AWS KMS keys that are used to decrypt the snapshots
D. Add the development team's account Amazon Resource Name (ARN) to the launch permission list for the AMls
E. Recreate the AWS KMS key. Add a key policy to allow the Organizations root Amazon Resource Name (ARN) to use the AWS KMS key
Correct Answer: AD
Section: (none)
QUESTION 710
A company stores text files in Amazon S3. The text files include customer chat messages, date and time information, and customer personally identifiable information (Pll).
The company needs a solution to provide samples of the conversations to an external service provider for quality control. Theexternal service provider needs to randomly pick sample conversations up to the most recent conversation.The company mustnot share the customer Pll with the external service provider. The solution must scale when the number of customer conversations increases
Which solution will meet these requirements with the LEAST operational overhead?
A. Create an Object Lambda Access Point. Create an AWS Lambda function that redacts the Pll when the function reads the file. Instruct the external service provider to access the Obiect Lambda Access Point
B. Create a batch process on an Amazon EC2 instance that regularly reads all new files, redacts the Pll from the files. andwrites the redacted files to a different S3 bucket. Instruct the external service provider to access the bucket that does not contain the Pll
C. Create a web application on an Amazon EC2 instance that presents a list of the files. redacts the Pll from the files, andallows the external service provider to download new versions of the files that have the Pll redacted
D. Create an Amazon DynamoDB table. Create an AWS Lambda function that reads only the data in the files that does notcontain Pll. Configure the Lambda function to store the non-Pll data in the DynamoDB table when a new file is written to Amazon S3. Grant the external service provider access to the DynamoDB table
Correct Answer: A
Section: (none)
你可能也想看
