A company is using an AWS CodeBuild project to build and package an application. The packages are copied to a shared Amazon S3 bucket before being deployed across multiple AWS accounts.
The buildspec.yml file contains the following:

The DevOps Engineer has noticed that anybody with an AWS account is able to download the artifacts. What steps should the DevOps Engineer take to stop this?

1. A. Modify the post_build to command to use ""-acl public-read and configure a bucket policy that grants read access to the relevant AWS accounts only.
2. B. Configure a default ACL for the S3 bucket that defines the set of authenticated users as the relevant AWS accounts only and grants read-only access.
3. C. Create an S3 bucket policy that grants read access to the relevant AWS accounts and denies read access to the principal "*"
4. D. Modify the post_build command to remove ""-acl authenticated-read and configure a bucket policy that allows read access to the relevant AWS accounts only.

Correct Answer: D

A company is migrating its public-facing software to AWS. The company plans to use Amazon EC2 to run application code and Amazon RDS to store all application data. The company wants to primarily use one Region with failover capabilities to a secondary Region and Amazon Route 53 to route traffic. The RPO is 2 hours and the RTO is 4 hours.
Which combination of steps should be used to meet these requirements while MINIMIZING cost? {Select THREE.)

1. A. Create an AWS CloudFormation template to provision the application server and database instance in a single Region.
2. B. Create an AWS CloudFormation template to provision the application tier of the application and a multi-Region database instance.
3. C. Configure Amazon CloudWatch Events rules to run every hou
4. D. Trigger AWS Lambda functions to create an RDS snapshot and copy it to the secondary Region.
5. E. Configure Amazon CloudWatch Events rules to run every 3 hour
6. F. Trigger AWS Lambda functions to create an RDS snapshot and copy it to the secondary Region.
7. G. In the event of a failure, deploy a new AWS CloudFormation stack in a secondary region to provision the application resources and a new RDS instance using the copied snapshot and a Route 53 failover routing policy.
8. H. In the event of a failure, deploy a new AWS CloudFormation stack in a secondary region to provision the application resources and a replica of the RDS database using the copied snapshot and a Route 53 latency-based routing policy.

Correct Answer: CDE

A company has multiple development groups working in a single shared AWS account. The Senior Manager of the groups wants to be alerted via a third-party API call when the creation of resources approaches the service limits for the account.
Which solution will accomplish this with the LEAST amount of development effort?

1. A. Create an Amazon CloudWatch Event rule that runs periodically and targets an AWS Lambda function.Within the Lambda function, evaluate the current state of the AWS environment and compare deployed resource values to resource limits on the accoun
2. B. Notify the Senior Manager if the account is approaching a service limit.
3. C. Deploy an AWS Lambda function that refreshes AWS Trusted Advisor checks, and configure an Amazon CloudWatch Events rule to run the Lambda function periodicall
4. D. Create another CloudWatch Events rule with an event pattern matching Trusted Advisor events and a target Lambda functio
5. E. In the target Lambda function, notify the Senior Manager.
6. F. Deploy an AWS Lambda function that refreshes AWS Personal Health Dashboard checks, and configure an Amazon CloudWatch Events rule to run the Lambda function periodicall
7. G. Create another CloudWatch Events rule with an event pattern matching Personal Health Dashboard events and a target Lambda functio
8. H. In the target Lambda function, notify the Senior Manager.
9. I. Add an AWS Config custom rule that runs periodically, checks the AWS service limit status, and streams notifications to an Amazon SNS topi
10. J. Deploy an AWS Lambda function that notifies the Senior Manager, and subscribe the Lambda function to the SNS topic.

Correct Answer: B

A company wants to use Amazon DynamoDB for maintaining metadata on its forums. See the sample data set in the image below.

A DevOps Engineer is required to define the table schema with the partition key, the sort key, the local secondary index, projected attributes, and fetch operations.
The schema should support the following example searches using the least provisioned read capacity units to minimize cost.
-Search within ForumName for items where the subject starts with "˜a'.
-Search forums within the given LastPostDateTime time frame.
-Return the thread value where LastPostDateTime is within the last three months. Which schema meets the requirements?

1. A. Use Subject as the primary key and ForumName as the sort ke
2. B. Have LSI with LastPostDateTime as the sort key and fetch operations for thread.
3. C. Use ForumName as the primary key and Subject as the sort ke
4. D. Have LSI with LastPostDateTime as the sort key and the projected attribute thread.
5. E. Use ForumName as the primary key and Subject as the sort ke
6. F. Have LSI with Thread as the sort key and the projected attribute LastPostDateTime.
7. G. Use Subject as the primary key and ForumName as the sort ke
8. H. Have LSI with Thread as the sort key and fetch operations for LastPostDateTime.

Correct Answer: B
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/LSI.html

A company has 100 GB of log data in an Amazon S3 bucket stored in .csv format. SQL developers want to query this data and generate graphs to visualize it. They also need an efficient, automated way to store metadata from the .csv file.
Which combination of steps should be taken to meet these requirements with the LEAST amount of effort? (Select THREE.)

1. A. Filter the data through AWS X-Ray to visualize the data.
2. B. Filter the data through Amazon QuickSight to visualize the data.
3. C. Query the data with Amazon Athena.
4. D. Query the data with Amazon Redshift.
5. E. Use AWS Glue as the persistent metadata store.
6. F. Use Amazon S3 as the persistent metadata store.

Correct Answer: BCE