- (Exam Topic 3)
Which AWS service or feature can a company use to determine which business unit is using specific AWS resources?
Correct Answer:
A
- (Exam Topic 1)
Which AWS service can help a company detect an outage of its website servers and redirect users to alternate servers?
Correct Answer:
D
Amazon Route 53 with DNS Failover, Amazon Route 53 can help detect an outage of your website and redirect your end users to alternate locations where your application is operating properly.
- (Exam Topic 2)
Which pillar of the AWS Well-Architected Framework refers to the ability of a system to recover from infrastructure or service disruptions and dynamically acquire computing resources to meet demand?
Correct Answer:
B
- (Exam Topic 1)
A company needs to schedule the rotation of database credentials in the AWS Cloud. Which AWS service should the company use to perform this task?
Correct Answer:
D
AWS Secrets Manager makes it easier to rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. The key features of this service include the ability to:
* 1. Secure and manage secrets centrally. You can store, view, and manage all your secrets centrally. By default,
Secrets Manager encrypts these secrets with encryption keys that you own and control. You can use
fine-grained IAM policies or resource-based policies to control access to your secrets. You can also tag secrets to help you discover, organize, and control access to secrets used throughout your organization.
* 2. Rotate secrets safely. You can configure Secrets Manager to rotate secrets automatically without disrupting your applications. Secrets Manager offers built-in integrations for rotating credentials for all Amazon RDS databases (MySQL, PostgreSQL, Oracle, Microsoft SQL Server, MariaDB, and Amazon Aurora.) You can also extend Secrets Manager to meet your custom rotation requirements by creating an AWS Lambda function to rotate other types of secrets.
* 3. Transmit securely. Secrets are transmitted securely over Transport Layer Security (TLS) protocol 1.2. You can also use Secrets Manager with Amazon Virtual Private Cloud (Amazon VPC) endpoints powered by AWS Privatelink to keep this communication within the AWS network and help meet your compliance and regulatory requirements to limit public internet connectivity.
* 4. Pay as you go. Pay for the secrets you store in Secrets Manager and for the use of these secrets; there are no long-term contracts, licensing fees, or infrastructure and personnel costs. For example, a typical
production-scale web application will generate an estimated monthly bill of $6. If you follow along the
instructions in this blog post, your estimated monthly bill for Secrets Manager will be $1. Note: you may incur additional charges for using Amazon RDS and Amazon Lambda, if you’ve already consumed the free tier for these services.
Now that you’re familiar with Secrets Manager features, I’ll show you how to store and automatically rotate credentials for an Oracle database hosted on Amazon RDS. I divided these instructions into three phases:
* 1. Phase 1: Store and configure rotation for the superuser credential
* 2. Phase 2: Store and configure rotation for the application credential
* 3. Phase 3: Retrieve the credential from Secrets Manager programmatically
- (Exam Topic 3)
A company needs an AWS service that will continuously monitor the company's AWS account for suspicious activity. The service must have the ability to initiate automated actions against threats that are identified in the security findings.
Which service will meet these requirements?
Correct Answer:
D
Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.
https://aws.amazon.com/guardduty/