Podcast
Questions and Answers
Which solution allows the product manager to access the Amazon CloudWatch dashboard while following the principle of least privilege?
Which solution allows the product manager to access the Amazon CloudWatch dashboard while following the principle of least privilege?
- Deploy a bastion server for accessing the dashboard remotely.
- Share the dashboard from the CloudWatch console. (correct)
- Create a direct link for the product manager to view the dashboard without an account.
- Allow the product manager to create an AWS account for access.
What is the main role of the IAM user created for the product manager in this situation?
What is the main role of the IAM user created for the product manager in this situation?
- To grant permission for altering the AWS account settings.
- To enable the execution of AWS Lambda functions.
- To provide read-only access to CloudWatch metrics and dashboards. (correct)
- To allow full administrative access to AWS services.
Which of the following actions does NOT follow the principle of least privilege when providing access to the product manager?
Which of the following actions does NOT follow the principle of least privilege when providing access to the product manager?
- Sharing a direct link to the CloudWatch dashboard.
- Creating a generic IAM user for all employees with broad access. (correct)
- Deploying a bastion server with RDP credentials to access the dashboard.
- Creating a specific IAM user for the product manager with limited permissions.
What is the purpose of attaching the CloudWatchReadOnlyAccess AWS managed policy to the IAM user?
What is the purpose of attaching the CloudWatchReadOnlyAccess AWS managed policy to the IAM user?
Which of the following is the least secure solution for granting access while still allowing the product manager to view the dashboard?
Which of the following is the least secure solution for granting access while still allowing the product manager to view the dashboard?
What architecture design maximizes resiliency and scalability for a modernized application?
What architecture design maximizes resiliency and scalability for a modernized application?
Which option provides the best solution for file lifecycle management for an SMB file server?
Which option provides the best solution for file lifecycle management for an SMB file server?
What configuration would not optimize the existing data storage for frequently accessed files?
What configuration would not optimize the existing data storage for frequently accessed files?
To avoid future storage issues while maintaining low latency for the latest files, what should be implemented?
To avoid future storage issues while maintaining low latency for the latest files, what should be implemented?
What is the main advantage of using Amazon SQS in the proposed architecture?
What is the main advantage of using Amazon SQS in the proposed architecture?
What is a potential issue with configuring EC2 Auto Scaling based solely on scheduled scaling?
What is a potential issue with configuring EC2 Auto Scaling based solely on scheduled scaling?
Which configuration would not effectively increase available storage space for the SMB file server?
Which configuration would not effectively increase available storage space for the SMB file server?
In which scenario would you prefer to choose Auto Scaling based on queue size instead of server load?
In which scenario would you prefer to choose Auto Scaling based on queue size instead of server load?
Which action will ensure that the Lambda function ingests all data in the future?
Which action will ensure that the Lambda function ingests all data in the future?
What is the recommended way to monitor the upload of files containing personally identifiable information (PII)?
What is the recommended way to monitor the upload of files containing personally identifiable information (PII)?
Which combination of actions should a solutions architect take to reduce manual remediation after detecting PII?
Which combination of actions should a solutions architect take to reduce manual remediation after detecting PII?
Which method would provide the least development effort to alert administrators about files containing PII?
Which method would provide the least development effort to alert administrators about files containing PII?
What should a solutions architect implement to ensure files larger than 200 GB are handled efficiently when uploaded?
What should a solutions architect implement to ensure files larger than 200 GB are handled efficiently when uploaded?
If a solutions architect wants to improve data reliability when ingesting data from stores, which action is likely to help?
If a solutions architect wants to improve data reliability when ingesting data from stores, which action is likely to help?
What should a solutions architect consider to automate the removal of PII while minimizing development efforts?
What should a solutions architect consider to automate the removal of PII while minimizing development efforts?
To ensure optimal performance for the Lambda function, what configuration should be avoided?
To ensure optimal performance for the Lambda function, what configuration should be avoided?
What solution allows an EC2 instance in a VPC to access an S3 bucket without internet connectivity?
What solution allows an EC2 instance in a VPC to access an S3 bucket without internet connectivity?
What configuration allows both EC2 instances to access the same set of user-uploaded documents?
What configuration allows both EC2 instances to access the same set of user-uploaded documents?
Which approach would help eliminate document visibility discrepancies across EC2 instances?
Which approach would help eliminate document visibility discrepancies across EC2 instances?
What is the main purpose of creating an instance profile on Amazon EC2 regarding S3 access?
What is the main purpose of creating an instance profile on Amazon EC2 regarding S3 access?
Which service can be used to streamline the processing of logs stored in S3 while maintaining availability?
Which service can be used to streamline the processing of logs stored in S3 while maintaining availability?
Which method would enable updates to documents stored across two separate EBS volumes?
Which method would enable updates to documents stored across two separate EBS volumes?
What is a key benefit of placing EC2 instances behind an Application Load Balancer?
What is a key benefit of placing EC2 instances behind an Application Load Balancer?
What does creating an Amazon API Gateway API with a private link accomplish?
What does creating an Amazon API Gateway API with a private link accomplish?
What is the main requirement for the company's accounting records in relation to deletion?
What is the main requirement for the company's accounting records in relation to deletion?
Which Amazon S3 storage solution provides maximum resiliency for long-term storage?
Which Amazon S3 storage solution provides maximum resiliency for long-term storage?
What feature should be used to prevent deletion of the records for 10 years?
What feature should be used to prevent deletion of the records for 10 years?
After how long should the records be transitioned to S3 Glacier Deep Archive according to the requirements?
After how long should the records be transitioned to S3 Glacier Deep Archive according to the requirements?
What is the purpose of the S3 Lifecycle policy in this scenario?
What is the purpose of the S3 Lifecycle policy in this scenario?
Which storage class would NOT be suitable for the company's requirement of keeping records accessible for 1 year?
Which storage class would NOT be suitable for the company's requirement of keeping records accessible for 1 year?
What happens to the records after the 10-year retention period under the proposed solution?
What happens to the records after the 10-year retention period under the proposed solution?
Which option best meets the requirement to prevent record deletion after 1 year?
Which option best meets the requirement to prevent record deletion after 1 year?
Study Notes
VPC Endpoint for Private Network Connectivity
- An application running on an EC2 instance in a VPC needs to access an S3 bucket without internet connectivity
- The solution is to create a gateway VPC endpoint to the S3 bucket
Duplicated EC2 Instances and EBS Volumes with Load Balancer
- A web application hosted on AWS using two EC2 instances and EBS volumes in different Availability Zones behind an Application Load Balancer experiences an issue where users see only a subset of their documents, never all at once.
- The proposed solution is to copy the data from both EBS volumes to Amazon EFS (Elastic File System) and modify the application to save new documents to EFS, ensuring users see all their documents.
Modernizing Legacy Architecture with Scalability and Resiliency
- A company is modernizing their application with a primary server coordinating jobs across multiple compute nodes.
- The solution is to implement both the primary server and compute nodes with EC2 instances managed in an Auto Scaling group.
- Configure AWS CloudTrail as a destination for the jobs and configure EC2 Auto Scaling based on the load on the primary server.
Increasing Storage Space with Low Latency Access for Recently Accessed Files
- A company is running an SMB file server storing large files frequently accessed for the first few days after creation, and the files are rarely accessed after 7 days.
- The total data size is increasing and approaching the company's storage capacity.
- The solutions architect wants to increase available storage space without losing low-latency access to the most recently accessed files.
- The solution is to use an Amazon S3 bucket for file storage along with an Amazon S3 Lifecycle policy to move files to a less expensive storage tier after 7 days when access is infrequent. This ensures low-latency access to recently accessed files while optimizing for cost on older, less accessed files.
Providing Access to CloudWatch Dashboard to a User Without AWS Account
- A company is launching a new application and wants to provide access to the CloudWatch dashboard to a user who does not have an AWS account.
- The principle of least privilege should be followed.
- The solution is to create an IAM user specifically for the user, attach the CloudWatchReadOnlyAccess AWS managed policy to the user, and share the login credentials and the browser URL of the dashboard with the user.
Ensuring Lambda Function Ingests All Data From an SNS Topic
- A Lambda function is triggered by an SNS topic, but not ingesting all data.
- Two solutions are required:
- Create an Amazon SQS queue and subscribe it to the SNS topic, making the Lambda function read from the SQS queue.
- Increase provisioned throughput for the Lambda function to handle the incoming data volume.
Automating Remediation for Personally Identifiable Information (PII) in Files Uploaded via SFTP
- A company is receiving files uploaded via SFTP, some containing PII, and wants to automate the process of detecting and remediating PII in these files.
- The solution is to utilize an AWS Lambda function and trigger it when objects are loaded into the S3 bucket. The Lambda function should implement custom scanning algorithms to detect PII and use Amazon SNS to notify administrators if PII is found.
Storing Accounting Records in Amazon S3 with Long-Term Retention and Deletion Prevention
- A company needs to store accounting records in Amazon S3 with immediate access for 1 year followed by archiving for 9 years, ensuring no deletion is possible by anyone, including administrative or root users.
- The solution is to use an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 year. Use S3 Object Lock in compliance mode for a period of 10 years, preventing deletion even by administrative users.
Synchronizing Windows File Shares between Amazon EC2 Instances
- A company runs multiple Windows workloads on AWS, with employees using Windows file shares hosted on two Amazon EC2 instances.
- The file shares need to synchronize data and maintain duplicate copies.
- The solution is to use a dedicated file server (like Amazon WorkSpaces) for synchronization and utilize centralized user authentication and authorization.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz covers essential solutions for AWS networking and application architecture. It includes topics like VPC endpoints for S3 access, managing EC2 instances with Load Balancers, and modernizing legacy systems for scalability and resiliency. Test your knowledge on these critical AWS concepts.