Practice Exam - SAP

Questions and Answers

A company is using AWS Control Tower to manage AWS accounts in an organization in AWS Organizations. The company has OU that contains accounts. The company must prevent any new or existing Amazon EC2 instances in the OU's accounts from gaining a public IP address. Which solution will meet these requirements?

Configure all instances in each account in the OU to use AWS Systems Manager. Use a Systems Manager Automation runbook to prevent public IP addresses from being attached to the instances.

Implement the AWS Control Tower proactive control to check whether instances in the OU's accounts have a public IP address. Set the AssociatePublicIPAddress property to False. Attach the proactive control to the OU.

Create an SCP that prevents the launch of instances that have a public IP address. Additionally, configure the SCP to prevent the attachment of public IP address to existing instances. Attach the SCP to the OU. (correct)

Create an AWS Config custom rule that detects instance that have a public IP address. Configure a remediation action that uses an AWS Lambda function to detest the public IP addresses from the instances.

A company is deploying AWS Lambda functions that access an Amazon RDS for PostgreSQL database. The company need to launch the Lambda functions in a QA environment and in a production environment. The company must not expose credentials within application code and must rotate passwords automatically. Which solution will meet these requirements?

Store the database credentials for both environments in AWS Systems Manager Parameter Store. Encrypt the credentials by using an AWS Key Management Service (AWS KMS) key. Within the application code of the Lambda function, pull the credentials from the Parameter Store parameter by using the AWS SDK for Python (Boto3). Add a role to the Lambda functions to provide access to the Parameter Store parameter.

Store the database credentials for both environments in AWS Secrets Manager with distinct key entry for the QA environment and the production environment. Turn on rotation. Provide a reference to the Secret Manager key as an environment variable for the Lambda functions. (correct)

Store the database credentials for both environments in AWS Key Management Service (AWS KMS). Turn on rotation. Provide a reference to the credentials that are stored in AWS KMS as an environment variable for the Lambda functions.

Create separate S3 buckets for the QA environment and the production environment. Turn on server-side encryption with AWS KMS keys (SSE-KMS) for the S# buckets. Use an object naming pattern that gives each Lambda function's application code the ability to pull the correct credentials for the function's corresponding environment. Grant each Lambda function's execution role access to Amazon S3.

An e-commerce company is revamping its IT infrastructure and is planning to use AWS services. The company's CIO has asked a solutions architect to design a simple, highly available, and loosely coupled order processing application. The application is responsible for receiving and processing orders before storing them in an Amazon DynamoDB table. The application has a sporadic traffic pattern and should be able to scale during marketing campaigns to process the orders with minimal delays. Which of the following is the MOST reliable approach to meet the requirements?

Receive the orders in an Amazon EC2-hosted database and use EC2 instances to process them.

Receive the orders in an Amazon SQS queue and invoke an AWS Lambda function to process them. (correct)

Receive the orders using the AWS Step Functions program and launch an Amazon ECS container to process them.

Receive the orders in Amazon Kinesis Data Streams and use Amazon EC2 instances to process them.

Study Notes

hisdvsf

Description

Test your knowledge about the meaning and possible representations of the term 'hisdvsf' in computer and linguistic contexts, and its potential specific meaning in a particular field.