A company has an Amazon S3 bucket that contains sensitive data. The data must be encrypted in transit and at rest. The company encrypts the data in the S3 bucket by using an AWS Key Management Service (AWS KMS) key. A developer needs to grant several other AWS accounts the permission to use the S3 GetObject operation to retrieve the data from the S3 bucket.
How can the developer enforce that all requests to retrieve the data provide encryption in transit?

1. A. Define a resource-based policy on the S3 bucket to deny access when a request meets the condition “aws:SecureTransport”: “false”.
2. B. Define a resource-based policy on the S3 bucket to allow access when a request meets the condition “aws:SecureTransport”: “false”.
3. C. Define a role-based policy on the other accounts' roles to deny access when a request meets the condition of “aws:SecureTransport”: “false”.
4. D. Define a resource-based policy on the KMS key to deny access when a request meets the condition of “aws:SecureTransport”: “false”.

Correct Answer: A

A developer is creating a mobile app that calls a backend service by using an Amazon API Gateway REST API. For integration testing during the development phase, the developer wants to simulate different backend responses without invoking the backend service.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Create an AWS Lambda functio
2. B. Use API Gateway proxy integration to return constant HTTP responses.
3. C. Create an Amazon EC2 instance that serves the backend REST API by using an AWS CloudFormation template.
4. D. Customize the API Gateway stage to select a response type based on the request.
5. E. Use a request mapping template to select the mock integration response.

Correct Answer: B

An ecommerce company is using an AWS Lambda function behind Amazon API Gateway as its application tier. To process orders during checkout, the application calls a POST API from the frontend. The POST API invokes the Lambda function asynchronously. In rare situations, the application has not processed orders. The Lambda application logs show no errors or failures.
What should a developer do to solve this problem?

1. A. Inspect the frontend logs for API failure
2. B. Call the POST API manually by using the requests from the log file.
3. C. Create and inspect the Lambda dead-letter queu
4. D. Troubleshoot the failed function
5. E. Reprocess the events.
6. F. Inspect the Lambda logs in Amazon CloudWatch for possible error
7. G. Fix the errors.
8. H. Make sure that caching is disabled for the POST API in API Gateway.

Correct Answer: B

A company has a multi-node Windows legacy application that runs on premises. The application uses a network shared folder as a centralized configuration repository to store configuration files in .xml format. The company is migrating the application to Amazon EC2 instances. As part of the migration to AWS, a developer must identify a solution that provides high availability for the repository.
Which solution will meet this requirement MOST cost-effectively?

1. A. Mount an Amazon Elastic Block Store (Amazon EBS) volume onto one of the EC2 instance
2. B. Deploy a file system on the EBS volum
3. C. Use the host operating system to share a folde
4. D. Update the application code to read and write configuration files from the shared folder.
5. E. Deploy a micro EC2 instance with an instance store volum
6. F. Use the host operating system to share a folde
7. G. Update the application code to read and write configuration files from the shared folder.
8. H. Create an Amazon S3 bucket to host the repositor
9. I. Migrate the existing .xml files to the S3 bucket.Update the application code to use the AWS SDK to read and write configuration files from Amazon S3.
10. J. Create an Amazon S3 bucket to host the repositor
11. K. Migrate the existing .xml files to the S3 bucket.Mount the S3 bucket to the EC2 instances as a local volum
12. L. Update the application code to read andwrite configuration files from the disk.

Correct Answer: C

A developer has written the following IAM policy to provide access to an Amazon S3 bucket:

Which access does the policy allow regarding the s3:GetObject and s3:PutObject actions?

1. A. Access on all buckets except the “DOC-EXAMPLE-BUCKET” bucket
2. B. Access on all buckets that start with “DOC-EXAMPLE-BUCKET” except the “DOC-EXAMPLE-BUCKET/secrets” bucket
3. C. Access on all objects in the “DOC-EXAMPLE-BUCKET” bucket along with access to all S3 actions for objects in the “DOC-EXAMPLE-BUCKET” bucket that start with “secrets”
4. D. Access on all objects in the “DOC-EXAMPLE-BUCKET” bucket except on objects that start with “secrets”

Correct Answer: D