QUESTION NO: 1 A.
Store individual files in Amazon S3 Use S3 Lifecycle policies to move the files to S3 Glacier after QUESTION NO: 2 A. Use AWS Database Migration Service (AWS DMS) to migrate the database to Amazon Aurora Turn on Aurora Auto Scaling. B. Migrate the database to Amazon Redshift by using the mysqldump utility Turn on Auto Scaling for the Amazon Redshift cluster C. Use native MySQL tools to migrate the database to Amazon RDS for MySQL Configure elastic storage scaling D. Use AWS Database Migration Service (AWS DMS) to migrate the database to Amazon DynamoDB Configure an Auto Scaling policy. QUESTION NO: 3 A. Take a snapshot of the existing DB instance. Restore the snapshot with Multi-AZ enabled. B. Deploy an Amazon ElastiCache for Redis cluster in front of the existing DB instance. Modify the game to use Redis. C. Deploy Amazon DynamoDB Accelerator (DAX) in front of the existing DB instance. Modify the game to use DAX. D. Migrate from Amazon RDS to Amazon Elasticsearch Service (Amazon ES) with Kibana. QUESTION NO: 4 A. Deploy an Amazon Route 53 Resolver with rules pointing to the on-premises and AWS IP addresses B. Deploy an Application Load Balancer on AWS Register the on-premises and AWS IP addresses with the target group C. Deploy a Network Load Balancer on AWS Create target groups for the on-premises and AWS IP addresses D. Deploy Amazon API Gateway to direct traffic to the on-premises and AWS IP addresses based on the header of the request QUESTION
NO: 5 A. AWS Storage Gateway B. AWS DataSync C. AWS Snowball Edge D. Amazon S3 Glacier QUESTION NO: 6 A. Place all the EC2 Instances in private subnets in multiple Availability Zones B. Place ail the EC2 instances in the same Availability Zone C. Place ail the EC2 instances in an Auto Scaling group D. Place all the EC2 instances in the same AWS Region QUESTION NO: 7 A. Create a NAT gateway. Configure the route table for the public subnets to send traffic to Amazon S3 through the NAT gateway. B. Remove the internet gateway from the VPC. Set up an AWS Direct Connect connection, and route traffic to Amazon S3 over the Direct Connect connection. C. Configure the security group for the EC2 instances to restrict outbound traffic so that only traffic to the S3 prefix list is permitted. D. Move the EC2 instances to private subnets. Create a VPC endpoint for Amazon S3, and link the endpoint to the route table for the private subnets QUESTION NO: 8 A. Use AWS CloudFormation to deploy the application stack to AWS Regions near countries where the game is popular Use ACM to create a new certificate for each application instance Use Amazon Route 53 with a geolocation routing policy to direct traffic to the local application instance. B. Use Amazon S3 and create an S3 bucket in AWS Regions near countries where the game is popular Deploy the HTML and JavaScript files to each S3 bucket Use ACM to create a new certificate for each S3 bucket Use Amazon Route 53 with a geolocation routing policy to direct traffic to the local S3 bucket C. Use Amazon CloudFront and create a global distribution that points to the ALB. Reuse the existing certificate from ACM for the CloudFront distribution Use Amazon Route 53 to update the application alias to point to the distribution D. Use Amazon S3 and create an S3 bucket in us-west-2 Deploy the HTML and JavaScript files to the S3 bucket Use Correct Answer: C Explanation: (Only visible for Pass4Test members) QUESTION NO: 9 A. Create a multivalue answer routing policy that uses health checks for each Region B. Create a geoproximity routing policy with a health check bias of 99 for each Region C. Create a weighted routing policy with a health check weight of 100 for each Region D. Create a simple routing policy that uses health checks for each Region QUESTION NO: 10 A. Enable S3 Event Notifications tor new objects to an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon Simple Queue Service (Amazon SOS) queue for each application, and subscribe each queue to the topic for processing B. Enable S3 Event Notifications for new objects to separate Amazon Simple Queue Service (Amazon SOS) FIFO queues Create an additional SOS queue (or each application and subscribe each queue to the initial topic for processing C. Enable S3 Event Notifications for new objects to an Amazon Simple Queue Service (Amazon SOS) standard queue Create an additional SOS queue for all applications, and subscribe all applications to the meal queue for processing. D. Enable S3 Event Notifications for new objects to an Amazon Simple Queue Service (Amazon SOS) FIFO queue Subscribe al applications to the queue for processing. QUESTION NO: 11 A. Prevent the developers from attaching any policies and duties to the security option team. B. Create an Amazon SNS topic to send an alert every time a developer create a new policy. C. Use service control policies to disable IAM across all account in the organizational unit. D. Set an IAM permission boundary on the developer IAM role that explicitly denies of attaching the administrator policy QUESTION NO: 12 A. Choose a failover priority for the source DB instance. B. Enable binlog replication on the RDS primary node. C. Allow long-running transactions to complete on the source DB instance. D. Enable automatic backups on the source instance by setting the backup retention period to a value other than 0. E. Create a global table and specify the AWS Regions where the table will be available. QUESTION NO: 13 A. Create a resource-based 1AM policy to grant write access to only the specific DynamoDB tables. Attach the policy to the DynamoDB tables. B. Create a gateway VPC endpoint for DynamoDB that is associated with the Lambda VPC. Ensure that the Lambda execution role can access the gateway VPC endpoint. C. Attach a security group to the interface VPC endpoint to allow write access to only the specific DynamoDB tables. D. Create an interface VPC endpoint for DynamoDB that is associated with the Lambda VPC. Ensure that the Lambda execution role can access the interface VPC endpoint. E. Attach a VPC endpoint policy for DynamoDB to allow write access to only the specific DynamoDB tables. QUESTION NO: 14 A. Implement a step scaling action triggered at a lower CPU threshold, and decrease the cooldown period. B. Implement a scheduled action that sets the desired capacity to 20 shortly before the office opens C. Implement a scheduled action that sets the minimum and maximum capacity to 20 shortly before the office opens D. Implement a target tracking action triggered at a lower CPU threshold, and decrease the cooldown period. QUESTION NO: 15 A. Use an Amazon S3 bucket as a secure transfer point. Use Amazon Macie to scan the objects in the bucket. If objects contain Pll. Use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects mat contain Pll. B. Implement custom scanning algorithms in an AWS Lambda function. Trigger the function when objects are loaded into the bucket. If objects contain Pll. use Amazon Simple Email Service (Amazon STS) to trigger a notification to the administrators and trigger on S3 Lifecycle policy to remove the objects mot contain PII. C. Use an Amazon S3 bucket as a secure transfer point. Use Amazon Inspector to scan me objects in the bucket. If objects contain Pll. trigger an S3 Lifecycle policy to remove the objects that contain Pll. D. Implement custom scanning algorithms in an AWS Lambda function. Trigger the function when objects are loaded into the bucket. It objects contain Rll. use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects that contain Pll. QUESTION NO: 16 A. AWS Storage Gateway Volume Gateway stored volumes B. AWS Storage Gateway Tape Gateway C. AWS Storage Gateway Volume Gateway cached volumes D. Amazon S3 File Gateway QUESTION NO: 17 A. Run the nslookup toot from inside the EC2 instance to obtain the private IP address of the S3 bucket's service API endpoint Create a route in the VPC route table to provide the EC2 instance with access to the S3 bucket Attach a resource policy to the S3 bucket to only allow the EC2 instance's AM role for access B. Use the AWS provided publicly available ip-ranges |son file to obtam the pnvate IP address of the S3 bucket's service API endpoint Create a route in the VPC route table to provide the EC2 instance with access to the S3 bucket Attach a resource policy to the S3 bucket to only allow the EC2 instance's 1AM role for access C. Create a gateway VPC endpoinl for Amazon S3 in the Availability Zone where the EC2 instance is located Attach appropriate security groups to the endpoint Attach a resource policy to the S3 bucket to only allow the EC2 instance's lAM tote for access D. Create an interlace VPC endpoinl for Amazon S3 in the subnet where the EC2 instance is located Attach a resource policy to the S3 bucket to only allow the EC2 instance's 1AM rote for access QUESTION NO: 18 A. Store the password in AWS Secrets Manager . A associate the Lambda function with a role that can retrieve the password from secrets Manager given its secret ID. B. Store the password in AWS Key Management Service (AWS KMS). Associate the Lambda function with a role that can retrieve the password from AWS KMS given its key ID. C. Store the password in AWS CloudHSM. Associate the Lambda function with a role that can review the password from CloudHSM given key ID. D. Move the database password to an environment variable associate the Lambda function Retrieve the password from the environment variable upon execution. QUESTION NO: 19 A. Increase the size of the EC2 NAT instance in the VPC to a network optimized instance type B. Provision a gateway endpoint for Amazon S3 in the VPC Update the route tables of the subnets accordingly C. Replace the fcC2 NAT instance with an AWS managed NAT gateway D. Provision a transit gateway Place transit gateway attachments in the private subnets where the Lambda function is running QUESTION NO: 20 A. Configure the security group on the Application Load Balancer B. Configure the network ACL for the subnet that contains the EC2 instances C. Configure the security group for the EC2 Instances D. Configure AWS WAF on the Application Load Balancer in a VPC QUESTION NO: 21 A. Configure the Lambda function to receive API Gateway requests and write relevant items to Amazon ElastiCache Configure ElastiCache to save the data into Aurora B. Split the existing Lambda function into two Lambda functions Configure one function to receive API Gateway requests and put relevant items into Amazon Simple Notification Service (Amazon SNS) Configure the other function to read items from Amazon SNS and save the data into Aurora C. Increase the memory for the Lambda function Configure Aurora to use the Multi-AZ feature D. Split the existing Lambda function into two Lambda functions Configure one function to receive API Gateway requests and put relevant items into Amazon Simple Queue Service (Amazon SQS) Configure the other function to read items from Amazon SQS and save the data into Aurora QUESTION NO: 22 A. Modify a cost budget in AWS Budgets to alert with Amazon Simple Email Service (Amazon SES). B. Access the bill details from me tuning dashboard and download Via bill. C. Run a query with Amazon Athena to generate the report. D. Create a report in Cost Explorer and download the report QUESTION NO: 23 A. Use Amazon EC2 instances in an Auto Scaling group with an Application Load Balancer across multiple Availability Zones B. Use Amazon EC2 instances in a cluster placement group and include the cluster placement group within a new Auto Scaling group C. Use an Amazon Route 53 routing policy to distribute requests to two AWS Regions each with one Amazon EC2 instance D. Use Amazon EC2 instances in a cluster placement group with an Application Load Balancer across multiple Availability Zones QUESTION NO: 24 A. Write a custom AWS Lambda function to generate the thumbnail and alert the user. Use the image upload process as an event source to invoke the Lambda function. B. Create an AWS Step Functions workflow Configure Step Functions to handle the orchestration between the application tiers and alert the user when thumbnail generation is complete C. Create Amazon Simple Notification Service (Amazon SNS) notification topics and subscriptions Use one subscription with the application to generate the thumbnail after the image upload is complete. Use a second subscription to message the user's mobile app by way of a push notification after thumbnail generation is complete. D. Create an Amazon Simple Queue Service (Amazon SQS) message queue. As images are uploaded, place a message on the SQS queue for thumbnail generation. Alert the user through an application message that the image was received QUESTION NO: 25 A. Use an EC2 instance that runs a monitoring application from AWS Marketplace Configure the monitoring application to use Amazon DynamoOB Streams to store the timestamp when a new item is created in the table Use a script that runs on the EC2 instance to delete items that have a timestamp that is older than 30 days B. Configure Amazon DynamoDB Streams to invoke an AWS Lambda function when a new item is created in the table Configure the Lambda function to delete items m the table that are older than 30 days C. Use an AWS CloudFormation template to deploy the complete solution Redeploy the Cloud Formation stack every 30 days, and delete the original stack D. Extend the application to add an attribute that has a value of the current timestamp plus 30 days to each new item that is created in the table Configure DynamoDB to use the attribute as the TTL attribute QUESTION NO: 26 A. Use Amazon API Gateway with AWS Lambda B. Use Amazon API Gateway with Amazon Kinesis Data Analytics C. Use Amazon QuickSight with Amazon Redshift. D. Use Amazon Athena with Amazon S3 QUESTION NO: 27 A. Configure an Amazon Route record with Amazon ECS as the target. Apply a server certificate to Route 53 from AWS Certificate Manager (ACM) for SSL offloading. B. Configure a gateway endpoint for Amazon ECS. Modify the route table to include an entry pointing to the ECS cluster. C. Create a Network Load Balancer and AWS PrivateLink endpoint for Amazon ECS in the same VPC that is hosting the ECS cluster. D. Create a Network Load Balancer in one VPC and an AWS PrivateLink endpoint for Amazon ECS in another VPC. Connect the two by using VPC peering. QUESTION NO: 28 A. Set up Amazon ElastrCachertor Memcached between the DynamoDB table and the web application Route all read requests through Memcached. B. Set up Amazon DynamoDB streams on the table and have AWS Lambda read from the table and populate Amazon ElastiCache Route all read requests through ElastiCache C. Set up a DynamoDB Accelerator (DAX) cluster Route all read requests through DAX. D. Set up Amazon ElastiCache for Redis between the DynamoDB table and the web application Route all read requests through Redis. QUESTION NO: 29 A. An Amazon API Gateway REST API invokes an AWS Lambda function. The Lambda function accesses DynamoDB. B. An Amazon Route 53 hosted zone routes requests to an AWS Lambda endpoint to invoke a Lambda function that accesses DynamoDB. C. An Elastic Load Balancer forwards requests to a target group with DynamoDB set up as the target. D. An Amazon API Gateway REST API accesses the project information that is in DynamoDB. E. An Elastic Load Balancer forwards requests to a target group of Amazon EC2 instances The EC2 instances run an application that accesses DynamoDB. QUESTION NO: 30 A. Create an Amazon FSx for Windows File Server tile system Attach the fie system to the origin server. Connect the application server to the tile system B. Create an Amazon EC2 Windows instance Install and configure a Windows file share role on the instance. Connect the application server to the file share. C. Create an AWS Storage Gateway volume gateway. Create a file share that uses the required client protocol Connect the application server to the tile share. D. Create an AWS Storage Gateway tape gateway Configure (apes to use Amazon S3 Connect the application server lo the tape gateway QUESTION NO: 31 A. Copy the tasks into AWS Lambda functions. Schedule the Lambda functions by using Amazon EventBridge (Amazon CloudWatch Events). B. Create an Amazon Machine Image (AMI) of the EC2 instance that runs the tasks. Create an Auto Scaling group with the AMI to run multiple copies of the instance. C. Use AWS Batch to run the tasks as jobs. Schedule the jobs by using Amazon EventBridge (Amazon CloudWatch Events). D. Convert the EC2 instance to a container. Use AWS App Runner to create the container on demand to run the tasks as jobs. QUESTION NO: 32 A. Use Auto Scaling with the suspend-resume feature. B. Use Auto Scaling with Reserved Instances C. Use Auto Scaling with a target tracking scaling policy D. Use Auto Scaling with a scheduled scaling policy QUESTION NO: 33 A. Copy the snapshots to an Amazon S3 bucket that is encrypted using server-side encryption with AWS Key Management Service (AWS KMS) managed keys (SSE-KMS) B. Encrypt a copy of the latest DB snapshot. Replace existing DB instance by restoring the encrypted snapshot C. Create a new encrypted Amazon Elastic Block Store (Amazon EBS) volume and copy the snapshots to it Enable encryption on the DB instance D. Copy the snapshots and enable encryption using AWS Key Management Service (AWS KMS) Restore encrypted snapshot to an existing DB instance QUESTION NO: 34 A. Create a CloudWatch Logs fitter to extract the S3 write API calls against the S3 bucket B. Use AWS Trusted Advisor to perform security checks for S3 writ API calls that deleted the content C. Query the CloudTrail togs with Amazon Athena to identify the S3 write API calls against the S3 bucket D. Use AWS Config to track configuration changes on the S3 bucket Use these details to track the S3 write API calls that deleted the content QUESTION NO: 35 A. Create an Amazon Redshift cluster import the data Perform the queries B. Create an Amazon Aurora PostgreSQL DB cluster Import the data Perform the queries C. Create an Amazon Athena database Associate the data in Amazon S3 Perform the queries D. Create an Amazon EMR cluster Load the data Perform the queries Correct Answer: C Explanation: (Only visible for Pass4Test members) QUESTION NO: 36 A. Deploy a bastion server in a public subnet. When the product manager requires access to the dashboard, start the server and share the RDP credentials. On the bastion server, ensure that the browser is configured to open the dashboard URL with cached AWS credentials that have appropriate permissions to view the dashboard. B. Create an IAM user specifically for the product manager. Attach the CloudWatch Read Only Access managed policy to the user. Share the new login credential with the product manager. Share the browser URL of the correct dashboard with the product manager. C. Create an IAM user for the company's employees, Attach the View Only Access AWS managed policy to the IAM user. Share the new login credentials with the product manager. Ask the product manager to navigate to the CloudWatch console and locate the dashboard by name in the Dashboards section. D. Share the dashboard from the CloudWatch console. Enter the product manager's email address, and complete the sharing steps. Provide a shareable link for the dashboard to the product manager. QUESTION NO: 37 A. Create an internet gateway in the route table for the private subnet, add a route to the internet gateway Attach the Lambda function to the private subnet Create an IAM role that includes the AWSLambdaVPCAccessExecutionRole permissions policy Attach the role to the Lambda function B. Create an internet gateway In the route table for the private subnet, add a route to the internet gateway Attach the Lambda function to the private subnet Create an IAM role that includes me AWSLambdaBasicExecutionRole permissions policy Attach the role to the Lambda function C. Create a NAT gateway. In the route table for the private subnet, add a route to the NAT gateway. Attach the Lambda function to the private subnet. Create an IAM role that includes the AWSLambdaBasicExecutionRole permissions policy Attach the role to the Lambda function D. Create a NAT gateway In the route table for the private subnet add a route to the NAT gateway Attach the Lambda function to the private subnet. Create an IAM role that includes the AWS LambdaVPCAccessExecutionRole permissions policy Attach the role to the Lambda function QUESTION NO: 38 A. Make the S3 bucket public for a limited time Inform only the agencies B. Configure cross-account access for the S3 bucket to the accounts that the agencies own. C. Configure S3 global tables to replicate data tor each agency D. Set up an IAM user for each analyst In the source data account Grant each user access to the S3 bucket QUESTION NO: 39 A. Launch EC2 instances as Dedicated Instances in a cluster placement group B. Launch EC2 instances as Dedicated Instances in a partition placement group C. Launch EC2 instances as Dedicated Hosts in a partition placement group D. Launch EC2 instances as Dedicated Hosts in a cluster placement group QUESTION NO: 40 A. Ensure that the Lambda function has an IAM role that allows Lambda to invoke functions on the DB cluster B. Modify the DB cluster to allow outbound communication to the DynamoDB table C. Modify the Lambda function to allow outbound communication to the DB cluster D. Modify the DB cluster to allow outbound communication to the Lambda function. E. Ensure that the DB cluster has an IAM role that allows the DB cluster to invoke Lambda functions. QUESTION NO: 41 A. Build a database cache using Amazon ElastiCache B. Build Amazon RDS read replicas. C. Build a database cache using Amazon Elasticsearch Service (Amazon ES). D. Build the database as a larger instance type. QUESTION NO: 42 A. Store the data in Amazon S3. Use AWS Glue. Amazon Athena. IDBC and COBC drivers to query the data. B. Store a subnet of the data in Amazon Redshift, and store the remaining data in Amazon S3. Use Amazon Redshift Spectrum to query the S3 data. C. Store the data in Amazon Aurora Serverles with MySQL . Use an SQL client to query the data. D. Store the data in an Amazon EMR cluster with EMR File System (EMRFS) as the storage layer use Apache Presto to query the data. |