You have an application running on an EC2 Instance which will allow users to download flies from a private S3
bucket using a pre-assigned URL. Before generating the URL the application should verify the existence of the
file in S3.
How should the application use AWS credentials to access the S3 bucket securely?

You are designing a photo sharing mobile app the application will store all pictures in a single Amazon S3
bucket.
Users will upload pictures from their mobile device directly to Amazon S3 and will be able to view and download
their own pictures directly from Amazon S3.
You want to configure security to handle potentially millions of users in the most secure manner possible. What
should your server-side application do when a new user registers on the photo-sharing mobile application?

You are designing an intrusion detection prevention (IDS/IPS) solution for a customer web application in a
single VPC. You are considering the options for implementing IOS IPS protection for traffic coming from the
Internet.
Which of the following options would you consider? (Choose two.)

You are designing a connectivity solution between on-premises infrastructure and Amazon VPC Your server’s
on-premises will De communicating with your VPC instances You will De establishing IPSec tunnels over the
internet You will be using VPN gateways and terminating the IPsec tunnels on AWS-supported customer
gateways.
Which of the following objectives would you achieve by implementing an IPSec tunnel as outlined above?
(Choose four.)

You are designing an SSUTLS solution that requires HTTPS clients to be authenticated by the Web server
using client certificate authentication. The solution must be resilient.
Which of the following options would you consider for configuring the web server infrastructure? (Choose two.)

Your company has recently extended its datacenter into a VPC on AVVS to add burst computing capacity as
needed Members of your Network Operations Center need to be able to go to the AWS Management Console
and administer Amazon EC2 instances as necessary You don’t want to create new IAM users for each NOC
member and make those users sign in again to the AWS Management Console Which option below will meet
the needs for your NOC members?

An AWS customer is deploying an application mat is composed of an AutoScaling group of EC2 Instances.
The customers security policy requires that every outbound connection from these instances to any other
service within the customers
Virtual Private Cloud must be authenticated using a unique x 509 certificate that contains the specific instanceid.
In addition an x 509 certificates must Designed by the customer’s Key management service in order to be
trusted for authentication.
Which of the following configurations will support these requirements?

An administrator is using Amazon CloudFormation to deploy a three tier web application that consists of a web
tier and application tier that will utilize Amazon DynamoDB for storage when creating the CloudFormation
template which of the following would allow the application instance access to the DynamoDB tables without
exposing API credentials?

You are designing a data leak prevention solution for your VPC environment. You want your VPC Instances to
be able to access software depots and distributions on the Internet for product updates. The depots and
distributions are accessible via third party CONs by their URLs. You want to explicitly deny any other outbound
connections from your VPC instances to hosts on the internet.
Which of the following options would you consider?

An enterprise wants to use a third-party SaaS application. The SaaS application needs to have access to issue
several API commands to discover Amazon EC2 resources running within the enterprise’s account Theenterprise has internal security policies that require any outside access to their environment must conform to
the principles of least privilege and there must be controls in place to ensure that the credentials used by the
SaaS vendor cannot be used by any other third party. Which of the following would meet all of these
conditions?