Amazon AWS Certified Solutions Architect - Professional SAP-C01
Prev

There are 579 results

Next
#1 (Accuracy: 91% / 13 votes)
Your company policies require encryption of sensitive data at rest. You are considering the possible options for protecting data while storing it at rest on an EBS data volume, attached to an EC2 instance.
Which of these options would allow you to encrypt your data at rest? (Choose three.)
  • A. Implement third party volume encryption tools
  • B. Implement SSL/TLS for all services running on the server
  • C. Encrypt data inside your applications before storing it on EBS
  • D. Encrypt data using native data encryption drivers at the file system level
  • E. Do nothing as EBS volumes are encrypted by default
#2 (Accuracy: 100% / 4 votes)
A customer is deploying an SSL enabled web application to AWS and would like to implement a separation of roles between the EC2 service administrators that are entitled to login to instances as well as making API calls and the security officers who will maintain and have exclusive access to the application's X.509 certificate that contains the private key.
  • A. Upload the certificate on an S3 bucket owned by the security officers and accessible only by EC2 Role of the web servers.
  • B. Configure the web servers to retrieve the certificate upon boot from an CloudHSM is managed by the security officers.
  • C. Configure system permissions on the web servers to restrict access to the certificate only to the authority security officers
  • D. Configure IAM policies authorizing access to the certificate store only to the security officers and terminate SSL on an ELB.
#3 (Accuracy: 100% / 8 votes)
A company is storing data on Amazon Simple Storage Service (S3). The company's security policy mandates that data is encrypted at rest.
Which of the following methods can achieve this? (Choose three.)
  • A. Use Amazon S3 server-side encryption with AWS Key Management Service managed keys.
  • B. Use Amazon S3 server-side encryption with customer-provided keys.
  • C. Use Amazon S3 server-side encryption with EC2 key pair.
  • D. Use Amazon S3 bucket policies to restrict access to the data at rest.
  • E. Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key.
  • F. Use SSL to encrypt the data while in transit to Amazon S3.
#4 (Accuracy: 100% / 2 votes)
Your company is in the process of developing a next generation pet collar that collects biometric information to assist families with promoting healthy lifestyles for their pets. Each collar will push 30kb of biometric data in JSON format every 2 seconds to a collection platform that will process and analyze the data providing health trending information back to the pet owners and veterinarians via a web portal. Management has tasked you to architect the collection platform ensuring the following requirements are met.
✑ Provide the ability for real-time analytics of the inbound biometric data
✑ Ensure processing of the biometric data is highly durable. Elastic and parallel
✑ The results of the analytic processing should be persisted for data mining
Which architecture outlined below win meet the initial requirements for the collection platform?
  • A. Utilize S3 to collect the inbound sensor data analyze the data from S3 with a daily scheduled Data Pipeline and save the results to a Redshift Cluster.
  • B. Utilize Amazon Kinesis to collect the inbound sensor data, analyze the data with Kinesis clients and save the results to a Redshift cluster using EMR.
  • C. Utilize SQS to collect the inbound sensor data analyze the data from SQS with Amazon Kinesis and save the results to a Microsoft SQL Server RDS instance.
  • D. Utilize EMR to collect the inbound sensor data, analyze the data from EUR with Amazon Kinesis and save me results to DynamoDB.
#5 (Accuracy: 100% / 1 votes)
You are implementing AWS Direct Connect.  You intend to use AWS public service end points such as Amazon S3, across the AWS Direct Connect link. You want other Internet traffic to use your existing link to an Internet Service Provider.
What is the correct way to configure AWS Direct connect for access to services such as Amazon S3?
  • A. Configure a public Interface on your AWS Direct Connect link. Configure a static route via your AWS Direct Connect link that points to Amazon S3 Advertise a default route to AWS using BGP.
  • B. Create a private interface on your AWS Direct Connect link. Configure a static route via your AWS Direct connect link that points to Amazon S3 Configure specific routes to your network in your VPC.
  • C. Create a public interface on your AWS Direct Connect link. Redistribute BGP routes into your existing routing infrastructure; advertise specific routes for your network to AWS.
  • D. Create a private interface on your AWS Direct connect link. Redistribute BGP routes into your existing routing infrastructure and advertise a default route to AWS.
#6 (Accuracy: 100% / 3 votes)
You control access to S3 buckets and objects with:
  • A. Identity and Access Management (IAM) Policies.
  • B. Access Control Lists (ACLs).
  • C. Bucket Policies.
  • D. All of the above
#7 (Accuracy: 100% / 3 votes)
Auto Scaling requests are signed with a _________ signature calculated from the request and the user's private key.
  • A. SSL
  • B. AES-256
  • C. HMAC-SHA1
  • D. X.509
#8 (Accuracy: 100% / 2 votes)
The following policy can be attached to an IAM group. It lets an IAM user in that group access a "home directory" in AWS S3 that matches their user name using the console.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": ["s3:*"],
            "Effect": "Allow",
            "Resource": ["arn:aws:s3:::bucket-name"],
            "Condition":{"StringLike":{"s3:prefix":["home/${aws:username}/*"]}}
        },
        {
            "Action":["s3:*"],
            "Effect":"Allow",
            "Resource": ["arn:aws:s3:::bucket-name/home/${aws:username}/*"]
        }
    ]
}
  • A. True
  • B. False
#9 (Accuracy: 100% / 2 votes)
What does elasticity mean to AWS?
  • A. The ability to scale computing resources up easily, with minimal friction and down with latency.
  • B. The ability to scale computing resources up and down easily, with minimal friction.
  • C. The ability to provision cloud computing resources in expectation of future demand.
  • D. The ability to recover from business continuity events with minimal friction.
#10 (Accuracy: 100% / 2 votes)
How is AWS readily distinguished from other vendors in the traditional IT computing landscape?
  • A. Experienced. Scalable and elastic. Secure. Cost-effective. Reliable
  • B. Secure. Flexible. Cost-effective. Scalable and elastic. Global
  • C. Secure. Flexible. Cost-effective. Scalable and elastic. Experienced
  • D. Flexible. Cost-effective. Dynamic. Secure. Experienced.