A company has a compliance requirement that no security groups can allow SSH ports to be open to all IP addresses.A SysOps administrator must implement a solution that will notify the company’s SysOps team when a security group rule violates this requirement.The solution also must remediate the security group rule automatically.Which solution will meet these requirements?Read More →
A company is running a legacy application on Amazon EC2 instances in multiple Availability Zones behind a software load balancer that runs on an active/standby set of EC2 instances.For disaster recovery, the company has created a warm standby version of the application environment that is deployed in another AWSRegion.The domain for the application uses a hosted zone from Amazon Route 53.The company needs the application to use static IP addresses, even in the case of a failover event to the secondary Region.The company also requires the client’s source IP address to be available for auditing purposes.Which solution meets these requirements with the LEAST amount of operational overhead?Read More →
A company has decided to use AWS Key Management Service (AWS KMS) for all of its encryption keys.The company plans to create all of its keys as customer managed CMKs and will not import any encryption keys.The company must rotate its encryption keys once every 12 months.Which solution will meet these requirements?Read More →
A solutions architect is designing a multi-tier application for a company.The application’s users upload images from a mobile device.The application generates a thumbnail of each image and returns a message to the user to confirm that the image was uploaded successfully.The thumbnail generation can take up to 60 seconds, but the company wants to provide a faster response time to its users to notify them that the original image was received.The solutions architect must design the application to asynchronously dispatch requests to the different application tiers.What should the solutions architect do to meet these requirements?Read More →
A company has Linux-based Amazon EC2 instances.Users must access the instances by using SSH with EC2 SSH key pairs.Each machine requires a unique EC2 key pair.The company wants to implement a key rotation policy that will, upon request, automatically rotate all the EC2 key pairs and keep the keys in a securely encrypted place.The company will accept less than 1 minute of downtime during key rotation.Which solution will meet these requirements?Read More →
A company wants to migrate its web application to AWS and leverage auto scaling to handle peak workloads.The solutions architect determined that the best metric for an auto scaling event is the number of concurrent users.Based on this information, what should the developer use to auto scale based on concurrent users?Read More →
A company is running workloads for multiple departments within a single VPC.The company needs to be able to bill each department for its resource usage.Which action should the company take to accomplish this goal with the LEAST operational overhead?Read More →
A company wants to store sensitive data in Amazon S3.The S3 bucket and its contents must be accessible only from the on-premises corporate network.What should a SysOps administrator do to configure the S3 bucket policy statement?Read More →
A Machine Learning Specialist is designing a scalable data storage solution for Amazon SageMaker.There is an existing TensorFlow-based model implemented as a train.py script that relies on static training data that is currently stored as TFRecords.Which method of providing training data to Amazon SageMaker would meet the business requirements with the LEAST development overhead?Read More →
A company currently operates a web application backed by an Amazon RDS MySQL database.It has automated backups that are run daily and are not encrypted.A security audit requires future backups to be encrypted and the unencrypted backups to be destroyed.The company will make at least one encrypted backup before destroying the old backups.What should be done to enable encryption for future backups?Read More →
© 2026. Tip2Cloud doesn't offer any real exam questions. All questions & answers were supported by AI.