A company has an application that stores data in a single Amazon S3 bucket.The company must keep all data for 1 year.The company’s security team is concerned that an attacker could gain access to the AWS account through leaked long-term credentials.Which solution will ensure that existing and future objects in the S3 bucket are protected?Read More →
A company is running a web application that is using Amazon Cognito for authentication.The company does not want to use multi-factor authentication (MFA) for all the visitors every time, but the company’s security team has concerns about compromised credentials.The development team needs to configure mandatoryMFA only when suspicious sign-in attempts are detected.Which Amazon Cognito feature will meet these requirements?Read More →
Which AWS service is a relational database compatible with MySQL and PostgreSQL?Read More →
A company has an application that is running on an Amazon EC2 instance in one Availability Zone.A SysOps administrator needs to make the application highly available.The SysOps administrator has created a launch configuration from the running EC2 instance.The SysOps administrator also has properly configured a load balancer.What should the SysOps administrator do next to make the application highly available?Read More →
A company will use Amazon SageMaker to train and host a machine learning (ML) model for a marketing campaign.The majority of data is sensitive customer data.The data must be encrypted at rest.The company wants AWS to maintain the root of trust for the master keys and wants encryption key usage to be logged.Which implementation will meet these requirements?Read More →
A user wants to list the IAM role that is attached to their Amazon EC2 instance.The user has login access to the EC2 instance but does not have IAM permissions.What should a solutions architect do to retrieve this information?Read More →
A company developed a new application that is deployed on Amazon EC2 instances behind an Application Load Balancer.The EC2 instances use the security group named sg-application-servers.The company needs a database to store the data from the application and decides to use an Amazon RDS for MySQL DB instance.The DB instance is deployed in a private DB subnet.What is the MOST restrictive configuration for the DB instance security group?Read More →
A company is using AWS Database Migration Service (AWS DMS) to replicate data from a source database in a data center to a target Amazon Aurora PostgreSQL database.The company has created a DMS replication task with change data capture (CDC).The replication instance sometimes gets interrupted and affects critical functionality.The company must improve the replication instance’s resiliency and receive notifications about interruptions.Which solution will meet these requirements with the LEAST operational overhead?Read More →
A SysOps administrator is configuring AWS Client VPN to connect users on a corporate network to AWS resources that are running in a VPC.According to compliance requirements, only traffic that is destined for the VPC can travel across the VPN tunnel.How should the SysOps administrator configure Client VPN to meet these requirements?Read More →
A user has created a VPC with CIDR 20.0.0.0/16.The user has created one subnet with CIDR 20.0.0.0/16 in this VPC.The user is trying to create another subnet with the same VPC for CIDR 20.0.0.1/24.What will happen in this scenario?Read More →
© 2026. Tip2Cloud doesn't offer any real exam questions. All questions & answers were supported by AI.