You have an application running on an EC2 instance which will allow users to download files from a private S3
bucket using a pre-signed URL. Before generating the URL, the application should verify the existence of the
file in S3. How should the application use AWS credentials to access the S3 bucket securely?
You are designing a data leak prevention solution for your VPC environment. You want your VPC Instances to
be able to access software depots and distributions on the Internet for product updates. The depots and
distributions are accessible via third party CDNs by their URLs. You want to explicitly deny any other outbound
connections from your VPC instances to hosts on the internet.
Which of the following options would you consider?
You are running a successful multitier web application on AWS and your marketing department has asked you
to add a reporting tier to the application. The reporting tier will aggregate and publish status reports every 30
minutes from user-generated information that is being stored in your web application s database. You are
currently running a Multi-AZ RDS MySQL instance for the database tier. You also have implemented
Elasticache as a database caching layer between the application tier and database tier. Please select the
answer that will allow you to successfully implement the reporting tier with as little impact as possible to your
A company is running a batch analysis every hour on their main transactional DB, running
on an RDS MySQL instance, to populate their central Data Warehouse running on Redshift. During the
execution of the batch, their transactional applications are very slow. When the batch completes they need to
update the top management dashboard with the new dat
Your fortune 500 company has under taken a TCO analysis evaluating the use of Amazon S3 versus acquiring
more hardware The outcome was that ail employees would be granted access to use Amazon S3 for storage of
their personal documents.
Which of the following will you need to consider so you can set up a solution that incorporates single sign-on
from your corporate AD or LDAP directory and restricts access for each user to a designated user folder in a
bucket? (Choose 3 Answers)
Which is a valid Amazon Resource name (ARN) for IAM?
You are responsible for a web application that consists of an Elastic Load Balancing (ELB) load balancer in
front of an Auto Scaling group of Amazon Elastic Compute Cloud (EC2) instances. For a recent deployment of
a new version of the application, a new Amazon Machine Image (AMI) was created, and the Auto Scaling group
was updated with a new launch configuration that refers to this new AMI. During the deployment, you received
complaints from users that the website was responding with errors. All instances passed the ELB health
What should you do in order to avoid errors for future deployments? (Choose 2 answer)
You are designing a connectivity solution between on-premises infrastructure and Amazon VPC. Your servers
on-premises will be communicating with your VPC instances. You will be establishing IPSec tunnels over the
Internet You will be using VPN gateways, and terminating the IPSec tunnels on AWS supported customer
Which of the following objectives would you achieve by implementing an IPSec tunnel as outlined above?
Choose 4 answers
A company is building a voting system for a popular TV show, viewers win watch the performances then visit
the show’s website to vote for their favorite performer. It is expected that in a short period of time after the
show has finished the site will receive millions of visitors. The visitors will first login to the site using their
Amazon.com credentials and then submit their vote. After the voting is completed the page will display the vote
totals. The company needs to build the site such that can handle the rapid influx of traffic while maintaining
good performance but also wants to keep costs to a minimum. Which of the design patterns below should they
You are designing a personal document-archiving solution for your global enterprise with thousands of
employee. Each employee has potentially gigabytes of data to be backed up in this archiving solution. The
solution will be exposed to the employees as an application, where they can just drag and drop their files to the
archiving system. Employees can retrieve their archives through a web interface. The corporate network has
high bandwidth AWS Direct Connect connectivity to AWS.
You have a regulatory requirement that all data needs to be encrypted before being uploaded to the cloud.
How do you implement this in a highly available and cost-efficient way?