In AWS, which security aspects are the customer’s responsibility?
2026-03-25
In AWS, which security aspects are the customer’s responsibility? (Choose four.)Read More →
Which combination of steps will ensure that all network traffic that originates from the VPC will not use the public internet to communicate with the data cantor?
2026-03-25
A company has a VPC that contains a publicly accessible subnet and a privately accessible subnet.Both subnets send network traffic that is destined for the company’s data center through the public internet.The public subnet uses Route Table A, which has a default route for network traffic to travel through the internet gateway of the VPC.The private subnet uses Route Table B, which has a default route for network traffic to travel through a NAT gateway within the VPC.Recently, the company created an AWS Site-to-Site VPN connection to the VPC from one of is data centers.The tunnel s active and is working property between the customer gateway and the virtual private gateway.The CIDR blocks of the VPC and the data center do not overlap.According to a new security policy, all network traffic that originates from the VPC and travels to the data center must not travel across the public internet.A security engineer determines that resources in the public subnet and private subnet are still sending traffic across the public internet to the data center.Which combination of steps will ensure that all network traffic that originates from the VPC will not use the public internet to communicate with the data cantor? (Choose two.)Read More →
Which solution will meet these requirements?
2026-03-25
A company stores sensitive data in Amazon S3.A solutions architect needs to create an encryption solution.The company needs to fully control the ability of users to create, rotate, and disable encryption keys with minimal effort for any data that must be encrypted.Which solution will meet these requirements?Read More →
Which solutions will meet these requirements?
2026-03-25
A financial services company receives a regular data feed from its credit card servicing partner.Approximately 5,000 records are sent every 15 minutes in plaintext, delivered over HTTPS directly into an Amazon S3 bucket with server-side encryption.This feed contains sensitive credit card primary account number (PAN) data.The company needs to automatically mask the PAN before sending the data to another S3 bucket for additional internal processing.The company also needs to remove and merge specific fields, and then transform the record into JSON format.Additionally, extra feeds are likely to be added in the future, so any design needs to be easily expandable.Which solutions will meet these requirements?Read More →
Which AWS service can be used to securely store these logs?
2026-03-25
While developing an application that runs on Amazon EC2 in an Amazon VPC, a Developer identifies the need for centralized storage of application-level logs.Which AWS service can be used to securely store these logs?Read More →
Which Amazon EC2 pricing model should the company choose for its application to reduce cost?
2026-03-25
A company has an application workload that is stateless by design and can sustain occasional downtime.The application performs massively parallel computations.Which Amazon EC2 pricing model should the company choose for its application to reduce cost?Read More →
What should a solutions architect do to accomplish this goal?
2026-03-25
A software vendor is deploying a new software-as-a-service (SaaS) solution that will be utilized by many AWS users.The service is hosted in a VPC behind aNetwork Load Balancer.The software vendor wants to provide access to this service to users with the least amount of administrative overhead and without exposing the service to the public internet.What should a solutions architect do to accomplish this goal?Read More →
Which solution should a database specialist provide for the user to authenticate?
2026-03-25
A company has an on-premises SQL Server database.The users access the database using Active Directory authentication.The company successfully migrated its database to Amazon RDS for SQL Server.However, the company is concerned about user authentication in the AWS Cloud environment.Which solution should a database specialist provide for the user to authenticate?Read More →
Which component must be attached to a VPC to enable inbound internet access?
2026-03-25
Which component must be attached to a VPC to enable inbound internet access?Read More →
Which solution will meet this requirement?
2026-03-25
A developer is setting up AWS CodePipeline for a new application.During each build, the developer must generate a test report.Which solution will meet this requirement?Read More →