A company is building software on AWS that requires access to various AWS services. Which
configuration should be used to ensure mat AWS credentials (i.e., Access Key ID/Secret
Access Key combination) are not compromised?

Which of the following services natively encrypts data at rest within an AWS region? Choose 2 answers

You need to pass a custom script to new Amazon Linux instances created in your Auto
Scaling group.
Which feature allows you to accomplish this?

You are building an automated transcription service in which Amazon EC2 worker instances
process an uploaded audio file and generate a text file. You must store both of these files in
the same durable storage until the text file is retrieved. You do not know what the storage
capacity requirements are. Which storage option is both cost-efficient and scalable?

A customer has a single 3-TB volume on-premises that is used to hold a large repository of
images and print layout files. This repository is growing at 500 GB a year and must be
presented as a single logical volume. The customer is becoming increasingly constrained with
their local storage capacity and wants an off-site backup of this data, while maintaining lowlatency access to their frequently accessed data.
Which AWS Storage Gateway configuration meets the customer requirements?

A customer is running a multi-tier web application farm in a virtual private cloud (VPC) that is
not connected to their corporate network. They are connecting to the VPC over the Internet to
manage all of their Amazon EC2 instances running in both the public and private subnets.
They have only authorized the bastion-security-group with Microsoft Remote Desktop
Protocol (RDP) access to the application instance security groups, but the company wants to
further limit administrative access to all of the instances in the VPC.
Which of the following Bastion deployment scenarios will meet this requirement?

You try to connect via SSH to a newly created Amazon EC2 instance and get one of the
following error messages:
“Network error: Connection timed out” or “Error connecting to [instance], reason: ->
Connection timed out: connect,”
You have confirmed that the network and security group rules are configured correctly and
the instance is passing status checks. What steps should you take to identify the source of
the behavior? Choose 2 answers

A customer is hosting their company website on a cluster of web servers that are behind a
public-facing load balancer. The customer also uses Amazon Route 53 to manage their public
DNS. How should the customer configure the DNS zone apex record to point to the load
balancer?

Which of the following instance types are available as Amazon EBS-backed only? Choose 2
answers

A company has an AWS account that contains three VPCs (Dev, Test, and Prod) in the same
region. Test is peered to both Prod and Dev. All VPCs have non-overlapping CIDR blocks.
The company wants to push minor code releases from Dev to Prod to speed up time to
market.
Which of the following options helps the company accomplish this?