When attached to an Amazon VPC, which two components provide connectivity with external networks? (Choose two.)

A. Elastic IPS (EIP)

B. NAT Gateway (NAT)

C. Internet Gateway {IGW)

D. Virtual Private Gateway (VGW)

A user has created a photo editing software and hosted it on EC2. The software accepts requests from the user about the photo format and resolution and sends a message to S3 to enhance the picture accordingly. Which of the below mentioned AWS services will help make a scalable software with the AWS infrastructure in this scenario?

A. AWS Glacier

B. AWS Elastic Transcoder

C. AWS Simple Notification Service

D. AWS Simple Queue Service

A user is checking the CloudWatch metrics from the AWS console. The user notices that the CloudWatch data is coming in UTC. The user wants to convert the data to a local time zone. How can the user perform this?

A. In the CloudWatch dashboard the user should set the local time zone so that CloudWatch shows the data only in the local time zone

B. In the CloudWatch console select the local time zone under the Time Range tab to view the data as per the local timezone

C. The CloudWatch data is always in UTC; the user has to manually convert the data

D. The user should have send the local time zone while uploading the data so that CloudWatch will show the data only in the local time zone

A user is configuring a CloudWatch alarm on RDS to receive a notification when the CPU utilization of RDS is higher than 50%. The user has setup an alarm when there is some inactivity on RDS, such as RDS unavailability. How can the user configure this?

A. Setup the notification when the CPU is more than 75% on RDS

B. Setup the notification when the state is Insufficient Data

C. Setup the notification when the CPU utilization is less than 10%

D. It is not possible to setup the alarm on RDS

The CFO of a company wants to allow one of his employees to view only the AWS usage report page. Which of the below mentioned IAM policy statements allows the user to have access to the AWS usage report page?

A. "Effect": "Allow", "Action": [“Describe”], "Resource": "Billing"

B. "Effect": "Allow", "Action": ["AccountUsage], "Resource": "*"

C. "Effect": "Allow", "Action": ["aws-portal:ViewUsage"], "Resource": "*"

D. "Effect": "Allow", "Action": ["aws-portal: ViewBilling"], "Resource": "*"

A sys admin has enabled a log on ELB. Which of the below mentioned activities are not captured by the log?

A. Response processing time

B. Front end processing time

C. Backend processing time

D. Request processing time

A company's IT Security team is performing an audit of the AWS environment to determine which servers need to be patched and where additional security controls need to be added.

The company is responsible for which of the following? (Choose two.)

A. Patching the OS on Amazon RDS instances

B. Patching the OS on Amazon EC2 instances

C. Enabling server-side encryption with Amazon S3-Managed Keys (SSE-S3) on S3 objects

D. Patching the database engine on RDS instances

E. Patching PHP in an AWS Elastic Beanstalk managed EC2 application

Malicious traffic is reaching company web servers. A SysOps Administrator is tasked with blocking this traffic. The malicious traffic is distributed over many IP addresses and represents much higher traffic than is typically seen from legitimate users.

How should the Administrator protect the web servers?

A. Create a security group for the web servers and add deny rules for malicious sources.

B. Set the network access control list for the web servers’ subnet and add deny entries.

C. Place web servers behind AWS WAF and establish the rate limit to create a blacklist.

D. Use Amazon CloudFront to cache all pages and remove the traffic from the web servers.

A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket.

Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket.

A. Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.

B. Enable log file integrity validation and use digest files to verify the hash value of the log file.

C. Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.

D. Enable S3 server access logging to track requests made to the log bucket for security audits.

An application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Auto Scaling group across multiple Availability Zones. The Information Security team wants to track application requests by the originating IP and the EC2 instance that processes the request.

Which of the following tools or services provides this information?

A. Amazon CloudWatch

B. AWS CloudTrail

C. Elastic Load Balancing access logs

D. VPC Flow Logs