A company wants to generate a list of IAM users.The company also wants to view the status of various credentials that are associated with the users, such as password, access keys, and multi-factor authentication (MFA) devices.Which AWS service or feature will meet these requirements?Read More →
A company has multiple Amazon VPC endpoints in the same VPC.A developer needs to configure an Amazon S3 bucket policy so users can access an S3 bucket only by using these VPC endpoints.Which solution will meet these requirements?Read More →
A DevOps engineer has implemented a CI/CD pipeline to deploy an AWS CloudFormation template that provisions a web application.The web application consists of an Application Load Balancer (ALB), a target group, a launch template that uses an Amazon Linux 2 AMI, an Auto Scaling group of Amazon EC2 instances, a security group, and an Amazon RDS for MySQL database.The launch template includes user data that specifies a script to install and start the application.The initial deployment of the application was successful.The DevOps engineer made changes to update the version of the application with the user data.The CI/CD pipeline has deployed a new version of the template.However, the health checks on the ALB are now failing.The health checks have marked all targets as unhealthy.During investigation, the DevOps engineer notices that the CloudFormation stack has a status of UPDATE_COMPLETE.However, when the DevOps engineer connects to one of the EC2 instances and checks /var/log/messages, the DevOps engineer notices that the Apache web server failed to start successfully because of a configuration error.How can the DevOps engineer ensure that the CloudFormation deployment will fail if the user data fails to successfully finish running?Read More →
A company has an application that uses a scheduled AWS Lambda function to retrieve datasets from external sources over the internet.The function is not associated with a VPC.The company is modifying the application to store the information that the Lambda function retrieves on an Amazon RDS DB instance in a private subnet.The VPC has two public subnets and two private subnets.A SysOps administrator must deploy a solution that allows the Lambda function to access the new database and continue to access the internet.Which solution meets these requirements?Read More →
To abide by industry regulations, a Solutions Architect must design a solution that will store a company’s critical data in multiple public AWS Regions, including in the United States, where the company’s headquarters is located.The Solutions Architect is required to provide access to the data stored in AWS to the company’s global WAN network.The Security team mandates that no traffic accessing this data should traverse the public internet.How should the Solutions Architect design a highly available solution that meets the requirements and is cost-effective?Read More →
A company’s policy requires that all API keys be encrypted and stored separately from source code in a centralized security account.This security account is managed by the company’s security team.However, an audit revealed that an API key is stored with the source code of an AWS Lambda function in an AWSCodeCommit repository in the DevOps account.How should the security team securely store the API key?Read More →
A company’s website is used to sell products to the public.The site runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB).There is also an Amazon CloudFront distribution, and AWS WAF is being used to protect against SQL injection attacks.The ALB is the origin for the CloudFront distribution.A recent review of security logs revealed an external malicious IP that needs to be blocked from accessing the website.What should a solutions architect do to protect the application?Read More →
A company has developed a web application.The company is hosting the application on a group of Amazon EC2 instances behind an Application Load Balancer.The company wants to improve the security posture of the application and plans to use AWS WAF web ACLs.The solution must not adversely affect legitimate traffic to the application.How should a solutions architect configure the web ACLs to meet these requirements?Read More →
A new mobile app uses Amazon Cognito web identity federation.Immediately after a user logs in, the following error occurs:AccessDenied — Not authorized to perform sts:AssumeRoleWithWebIdentityA developer determines that the Amazon Cognito configuration appears to be correct.Which of the following could be the cause of the error?Read More →
A company needs to report on events that involve the specific AWS services that the company uses.Which AWS service or resource can the company use with Amazon CloudWatch to meet this requirement?Read More →
© 2026. Tip2Cloud doesn't offer any real exam questions. All questions & answers were supported by AI.