- (Exam Topic 1)
A company has an AWS Cloud Formation template that creates an Amazon S3 bucket. A user authenticates to the corporate AWS account with their Active Directory credentials and attempts to deploy the Cloud Formation template. However, the stack creation fails.
Which factors could cause this failure? (Select TWO.)

1. A. The user's IAM policy does not allow the cloudformation:CreateStack action.
2. B. The user's IAM policy does not allow the cloudformation:CreateStackSet action.
3. C. The user's IAM policy does not allow the s3:CreateBucket action.
4. D. The user's IAM policy explicitly denies the s3:ListBucket action.
5. E. The user's IAM policy explicitly denies the s3:PutObject action

Correct Answer: AC

- (Exam Topic 1)
A company needs to deploy a new workload on AWS. The company must encrypt all data at rest and must rotate the encryption keys once each year. The workload uses an Amazon RDS for MySQL Multi-AZ database for data storage.
Which configuration approach will meet these requirements?

1. A. Enable Transparent Data Encryption (TDE) in the MySQL configuration fil
2. B. Manually rotate the key every 12 months.
3. C. Enable RDS encryption on the database at creation time by using the AWS managed key for Amazon RDS.
4. D. Create a new AWS Key Management Service (AWS KMS) customer managed ke
5. E. Enable automatic key rotatio
6. F. Enable RDS encryption on the database at creation time by using the KMS key.
7. G. Create a new AWS Key Management Service (AWS KMS) customer managed ke
8. H. Enable automatic key rotatio
9. I. Enable encryption on the Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the RDS DB instance.

Correct Answer: C
This configuration approach will meet the requirement of encrypting all data at rest and rotating the encryption keys once each year. By creating a new AWS KMS customer managed key and enabling automatic key rotation, the encryption keys will be rotated automatically every year. By enabling RDS encryption on the database at creation time using the KMS key, all data stored in the RDS for MySQL Multi-AZ database will be encrypted at rest. This approach provide more control over key management and rotation and provide additional security benefits.

- (Exam Topic 1)
A company uses AWS Cloud Formation templates to deploy cloud infrastructure. An analysis of all the company's templates shows that the company has declared the same components in multiple templates. A SysOps administrator needs to create dedicated templates that have their own parameters and conditions for these common components.
Which solution will meet this requirement?

1. A. Develop a CloudFormaiion change set.
2. B. Develop CloudFormation macros.
3. C. Develop CloudFormation nested stacks.
4. D. Develop CloudFormation stack sets.

Correct Answer: C

- (Exam Topic 1)
A SysOps administrator is unable to authenticate an AWS CLI call to an AWS service Which of the following is the cause of this issue?

1. A. The IAM password is incorrect
2. B. The server certificate is missing
3. C. The SSH key pair is incorrect
4. D. There is no access key

Correct Answer: C

- (Exam Topic 1)
A company plans to run a public web application on Amazon EC2 instances behind an Elastic Load Balancer (ELB). The company's security team wants to protect the website by using AWS Certificate Manager (ACM) certificates The ELB must automatically redirect any HTTP requests to HTTPS
Which solution will meet these requirements?

1. A. Create an Application Load Balancer that has one HTTPS listener on port 80 Attach an SSLTLS certificate to listener port 80 Create a rule to redirect requests from HTTP to HTTPS
2. B. Create an Application Load Balancer that has one HTTP listener on port 80 and one HTTPS protocol listener on port 443 Attach an SSL TLS certificate to listener port 443 Create a rule to redirect requests from port 80 to port 443
3. C. Create an Application Load Balancer that has two TCP listeners on port 80 and port 443 Attach an SSLTLS certificate to listener port 443 Create a rule to redirect requests from port 80 to port 443
4. D. Create a Network Load Balancer that has two TCP listeners on port 80 and port 443 Attach an SSLTLS certificate to listener port 443 Create a rule to redirect requests from port 80 to port 443

Correct Answer: B