- (Exam Topic 4)
A developer is creating a new batch application that will run on an Amazon EC2 instance. The application requires read access to an Amazon S3 bucket. The developer needs to follow security best practices to grant S3 read access to the application.
Which solution meets these requirements?

1. A. Add the permissions to an 1AM polic
2. B. Attach the policy to a role Attach the role to the EC2 instance profile.
3. C. Add the permissions inline to an 1AM grou
4. D. Attach the group to the EC2 instance profile.
5. E. Add the permissions to an 1AM polic
6. F. Attach the policy to a user Attach the user to the EC2 instance profile.
7. G. Add the permissions to an 1AM polic
8. H. Use 1AM web identity federation to access the S3 bucket with the policy

Correct Answer: A

- (Exam Topic 1)
A company has an internet-facing application that uses Web Identity Federation to obtain a temporary credential from AWS Security Token Service (AWS STS). The app then uses the token to access AWS services.
Review the following response:

Based on the response displayed what permissions are associated with the call from the application?

1. A. Permissions associated with the role AROACLKWSDQRAOEXAMPLE:app1
2. B. Permissions associated with the default role used when the AWS service was built
3. C. Permission associated with the IAM principal that owns the AccessKeyID ASgeIAIOSFODNN7EXAMPLE
4. D. Permissions associated with the account that owns the AWS service

Correct Answer: C

- (Exam Topic 1)
A Developer uses AWS CodeDeploy to automate application deployment that connects to an external MySQL database. The Developer wants to securely access the encrypted secrets, such as API keys and database passwords.
Which of the following solutions would involve the LEAST administrative effort?

1. A. Save the secrets in Amazon S3 with AWS KMS server-side encryption, and use a signed URL to access them by using the IAM role from Amazon EC2 instances.
2. B. Use the instance metadata to store the secrets and to programmatically access the secrets from EC2 instances.
3. C. Use the Amazon DynamoDB client-side encryption library to save the secrets in DynamoDB and to programmatically access the secrets from EC2 instances.
4. D. Use AWS SSM Parameter Store to store the secrets and to programmatically access them by using the IAM role from EC2 instances.

Correct Answer: D
https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html

- (Exam Topic 3)
A company has an application that is based on Amazon EC2 The company provides API access to the application through Amazon API Gateway and uses Amazon DynamoDB to store the application's data A developer is investigating performance issues that are affecting the application. During peak usage, the application is overwhelmed by a large number of identical data read requests that come through APIs
What is the MOST operationally efficient way for the developer to improve the application's performance''

1. A. Use DynamoDB Accelerator (DAX) to cache database responses
2. B. Configure Amazon EC2 Auto Scaling policies to meet fluctuating demand
3. C. Enable API Gateway caching to cache API responses
4. D. Use Amazon ElastiCache to cache application responses.

Correct Answer: D

- (Exam Topic 3)
A company is running a custom application on a set of on-premises Linux servers that are accessed using Amazon API Gateway. AWS X-Ray tracing has been enabled on the API test stage
How can a developer enable X-Ray tracing on the on-premises servers with the LEAST amount of configuration''

1. A. Install and run the X-Ray SDK on the on-premises servers to capture and relay the data to the X-Ray service.
2. B. Install and run the X-Ray daemon on the on-premises servers to capture and relay the data to the X-Ray service
3. C. Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTraceSegments API call
4. D. Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant data to X-Ray using the PutTelemetryRecords API call.

Correct Answer: B