Scribd
Upload
49 views19 pages

Aws CCP

The document describes modifications to IAM and S3 policies. The correct answer is to add a condition to the first statement in the S3 policy to deny access from a specific IP address.

Uploaded by

DDDD
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
49 views19 pages

Aws CCP

The document describes modifications to IAM and S3 policies. The correct answer is to add a condition to the first statement in the S3 policy to deny access from a specific IP address.

Uploaded by

DDDD
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 19

You want to modify the S3 bucket policy to allow access from any IP address for

reading objects (s3:GetObject) in the bucket, but deny access from a specific IP
address (192.168.1.1). Which modification should be made?
{

"Version": "2012-10-17",

"Statement": [

"Effect": "Allow",

"Principal": "*",

"Action": [

"s3:GetObject",

"s3:PutObject",

"s3:ListBucket"

],

"Resource": [

"arn:aws:s3:::your-bucket-name",

"arn:aws:s3:::your-bucket-name/*"

],

"Condition": {

"IpAddress": {

"aws:SourceIp": "203.0.113.0/24"

},

"NotIpAddress": {

"aws:SourceIp": "203.0.113.128/32"

},

"Effect": "Deny",

"Principal": "*",

"Action": "s3:*",
"Resource": [

"arn:aws:s3:::your-bucket-name",

"arn:aws:s3:::your-bucket-name/*"

],

"Condition": {

"Bool": {

"aws:SecureTransport": "false"

}
A. Add "Condition": { "IpAddress": { "aws:SourceIp": "192.168.1.1" } } to the first
statement.
B. Remove the "Condition" block from the first statement.
C. Add "NotIpAddress": { "aws:SourceIp": "192.168.1.1" } to the first statement.
D. Add "Action": "s3:PutObject" to the first statement.
-----------------------------------------------------------------------------------
---------------------------

After uploading a file to the S3 bucket created with the script below, you want to
generate a pre-signed URL for temporary access to the file. Which AWS CLI command
should you use?

s3api create-bucket --bucket my-s3-bucket --region us-east-1

s3 cp ./local-file.txt s3://my-s3-bucket/

iam create-user --user-name my-iam-user

iam attach-user-policy --user-name my-iam-user --policy-arn


arn:aws:iam::aws:policy/AmazonS3FullAccess

ec2 run-instances --image-id ami-12345678 --instance-type t2.micro --key-name my-


key-pair
A. aws s3 presign s3://my-s3-bucket/local-file.txt
B. aws s3 generate-presigned-url --bucket my-s3-bucket --key local-file.txt --
expires-in 3600
C. aws s3 generate-presigned-url --bucket my-s3-bucket --object local-file.txt --
expires 3600
D. aws s3 pre-sign s3://my-s3-bucket/local-file.txt

-----------------------------------------------------------------------------------
----------------------------------------
You want to allow IAM users to change their own passwords but only for their own
accounts. What modification should be made to the IAM policy?

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::example-bucket",
"arn:aws:s3:::example-bucket/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/Environment": "Production"
}
}
},
{
"Effect": "Deny",
"Action": "s3:DeleteObject",
"Resource": "arn:aws:s3:::example-bucket/important-data.txt",
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "false"
}
}
},
{
"Effect": "Allow",
"Action": "iam:ChangePassword",
"Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}"
}
]
}
A. Remove the entire fourth statement.
B. Change "Action": "iam:ChangePassword" to "Action": "iam:*" in the fourth
statement.
C. Change "Resource": "arn:aws:iam::account-id-without-hyphens:user/$
{aws:username}" to "Resource": "*" in the fourth statement.
D. Add "Effect": "Deny" with "Action": "iam:ChangePassword" to the policy.

-----------------------------------------------------------------------------------
---------------------------

In the provided IAM policy, what actions are allowed for the example-bucket in
Amazon S3?

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::example-bucket",
"arn:aws:s3:::example-bucket/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/Environment": "Production"
}
}
},
{
"Effect": "Deny",
"Action": "s3:DeleteObject",
"Resource": "arn:aws:s3:::example-bucket/important-data.txt",
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "false"
}
}
},
{
"Effect": "Allow",
"Action": "iam:ChangePassword",
"Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}"
}
]
}
A. s3:PutBucketAcl and s3:DeleteBucket
B. s3:GetObject, s3:PutObject, and s3:ListBucket
C. s3:ListAllMyBuckets and s3:GetBucketLocation
D. s3:PutObjectAcl and s3:DeleteObject

-----------------------------------------------------------------------------------
--------

You want to modify the IAM policy to deny the deletion of a specific object
(important-data.txt) within the S3 bucket. However, deletion should be allowed if
Multi-Factor Authentication (MFA) is present. What modification should be made?

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::example-bucket",
"arn:aws:s3:::example-bucket/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/Environment": "Production"
}
}
},
{
"Effect": "Deny",
"Action": "s3:DeleteObject",
"Resource": "arn:aws:s3:::example-bucket/important-data.txt",
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "false"
}
}
},
{
"Effect": "Allow",
"Action": "iam:ChangePassword",
"Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}"
}
]
}
A. Change "Effect": "Deny" to "Effect": "Allow" in the third statement.
B. Add "Bool": { "aws:MultiFactorAuthPresent": "true" } to the third statement.
C. Add "Action": "s3:PutObject" to the third statement.
D. Remove the "Condition" block from the third statement.

-----------------------------------------------------------------------------------
--------------------------

A new IAM user has been created, and you want to ensure that this user can only
start and stop EC2 instances with the tag Environment: Production. What
modification should be made to the IAM policy?

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::example-bucket",
"arn:aws:s3:::example-bucket/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/Environment": "Production"
}
}
},
{
"Effect": "Deny",
"Action": "s3:DeleteObject",
"Resource": "arn:aws:s3:::example-bucket/important-data.txt",
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "false"
}
}
},
{
"Effect": "Allow",
"Action": "iam:ChangePassword",
"Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}"
}
]
}
A. Add "Resource": "arn:aws:ec2:::instance/*" to the second statement.
B. Add "Condition": { "StringEquals": { "ec2:ResourceTag/Environment": "Production"
} } to the second statement.
C. Remove the "Resource": "*" line from the second statement.
D. Add "Action": "ec2:RunInstances" to the second statement.

-----------------------------------------------------------------------------------
----------------------------------

In the S3 bucket policy below, what is the purpose of the "IpAddress" condition in
the first statement?

{
"Version": "2012-10-17",

"Statement": [

"Effect": "Allow",

"Principal": "*",

"Action": [

"s3:GetObject",

"s3:PutObject",

"s3:ListBucket"

],

"Resource": [

"arn:aws:s3:::your-bucket-name",

"arn:aws:s3:::your-bucket-name/*"

],

"Condition": {

"IpAddress": {

"aws:SourceIp": "203.0.113.0/24"

},

"NotIpAddress": {

"aws:SourceIp": "203.0.113.128/32"

},

"Effect": "Deny",

"Principal": "*",

"Action": "s3:*",

"Resource": [

"arn:aws:s3:::your-bucket-name",

"arn:aws:s3:::your-bucket-name/*"
],

"Condition": {

"Bool": {

"aws:SecureTransport": "false"

}
A. It restricts access based on the user's IAM policy.
B. It ensures requests are allowed only from a specific IP range (203.0.113.0/24).
C. It enforces a requirement for requests to be made over a secure connection.
D. It specifies the IP address of the bucket owner.
-----------------------------------------------------------------------------------

An enterprise is using Amazon EBS volumes for its storage needs and wants to
optimize costs by ensuring that the volumes are not over-provisioned. Which AWS
feature allows them to modify the size and performance of their EBS volumes based
on actual usage?
A. Amazon EBS Snapshots
B. Amazon EBS Volumes Scaling
C. Amazon EBS Elastic Volumes
D. Amazon EBS Reserved Volumes

-----------------------------------------------------------------------------------
---------------------------------------

A media streaming platform is using Amazon EventBridge to manage and process


streaming events from millions of users. The platform wants to ensure that events
related to user engagement are efficiently processed by downstream services.
According to AWS best practices, which feature of Amazon EventBridge allows the
platform to selectively route events to different targets based on their content?
A. Event Replay
B. Dead Letter Queue
C. Event Filters
D. Event Bus

-----------------------------------------------------------------------------------
------
A company is hosting a web application on AWS and wants to control access to its
resources based on IP addresses. Which AWS service should they configure to
effectively manage inbound and outbound traffic at the instance level?
A. AWS Web Application Firewall (WAF)
B. Amazon Route 53
C. Amazon VPC Security Groups
D. AWS Network ACLs (Access Control Lists)
-----------------------------------------------------------------------------------
-----------------

You want to allow only specific IP addresses (192.168.2.0/24) to connect to an EC2


instance via SSH. Which modification should be made to the security group rules?
Security Group Rules:

Rule 1:
Type: SSH (TCP/22)
Source: 203.0.113.0/24
Rule 2:
Type: HTTP (TCP/80) and HTTPS (TCP/443)
Destination: 0.0.0.0/0

Network ACL Rules:

Rule 100:
Rule Number: 100
Type: ICMP
Source: 203.0.113.0/24
Allow
Rule 200:
Rule Number: 200
Source: 192.168.1.1/32
Deny

A. Add an inbound rule allowing SSH from 192.168.2.0/24.


B. Add an outbound rule allowing SSH to 192.168.2.0/24.
C. Update Rule 1 to allow SSH from 192.168.2.0/24.
D. Add an outbound rule allowing all traffic to 192.168.2.0/24.
-----------------------------------------------------------------------------

A high-performance database application running on Amazon EC2 instances requires


persistent and low-latency block storage. The application demands the ability to
scale storage capacity and performance independently. Which Amazon EBS volume type
is most suitable for this scenario?
A. Amazon EBS General Purpose (gp2)
B. Amazon EBS Provisioned IOPS (io1)
C. Amazon EBS Throughput Optimized HDD (st1)
D. Amazon EBS Cold HDD (sc1)

-----------------------------------------------------------------------------------
---------------------

A large enterprise with multiple departments wants to allocate costs to individual


teams based on their AWS resource consumption. Which AWS Budgets capability can
assist the enterprise in achieving this cost allocation goal?
A. Cost Forecasting
B. Cost Anomaly Detection
C. Tag-Based Budgets
D. Budget Actions
----------------------------------------------------------------------------------

A development team is working on a critical project that requires 24/7 access to


Cloud Support Engineers and a dedicated Technical Account Manager (TAM) for faster
issue resolution. Which AWS Support plan provides these features to meet the high-
availability needs of the project?
A. Basic Support
B. Developer Support
C. Business Support
D. Enterprise Support
-----------------------------------------------------------------------------------
-----
A development team is working on a project that involves managing and sharing
software packages securely across different AWS accounts and regions. The team is
looking for a service that acts as a scalable and fully managed artifact
repository. Which AWS service would be the most suitable for storing, sharing, and
managing software artifacts such as dependencies, libraries, and packages across
multiple accounts and regions?
A. AWS CodeBuild
B. AWS CodeDeploy
C. AWS CodePipeline
D. AWS CodeArtifact
----------------------------------------------------------------

A financial services company wants to enhance the security of its applications by


ensuring that traffic is inspected and filtered before reaching its AWS resources.
Which AWS Global Accelerator feature allows the company to achieve this security
goal?
A. Anycast IP addresses
B. Accelerator DNS name
C. Health checks
D. AWS Web Application Firewall (WAF) integration
--------------------------------------------------------------------

A large enterprise is planning to migrate its on-premises Oracle database to AWS to


leverage cloud benefits. The database contains critical financial data, and
downtime must be minimized during the migration. Which AWS service is best suited
for this scenario?
A. AWS Database Migration Service (DMS)
B. Amazon RDS
C. AWS Snowball
D. AWS Server Migration Service (SMS)

------------------------------------------------------

A multinational corporation with geographically dispersed offices is planning to


implement a disaster recovery solution. They need a solution that ensures minimal
downtime and data loss. Which AWS Cloud benefit aligns best with their
requirements?
A. Security
B. Durability
C. High Availability
D. Scalability

---------------------------------------------------------

A multinational organization with various business units is using AWS for its cloud
infrastructure. Each business unit has its own set of resources, and the finance
department needs a detailed breakdown of costs for each unit. Which AWS feature
allows the organization to achieve this level of granular cost allocation?
A. AWS Cost Explorer
B. AWS Budgets
C. AWS Resource Groups
D. AWS Cost Allocation Tags
--------------------------------------------------

A development team is working on an AWS-hosted application, and the security team


wants to continuously monitor for potential security threats and vulnerabilities.
Which AWS service can help automate the detection of security issues in the
application code and dependencies?
A. AWS Trusted Advisor
B. AWS Inspector
C. AWS GuardDuty
D. AWS Security Hub

--------------------------------------------------------

A retail company is looking to enhance its customer experience by implementing a


recommendation engine that suggests personalized product recommendations on its e-
commerce platform. Which AWS machine learning service is best suited for building
and deploying a recommendation engine based on user behavior and preferences?
A. Amazon SageMaker
B. Amazon Comprehend
C. Amazon Polly
D. Amazon Lex
----------------------------------------------

A company is running a data analytics workload on AWS using Amazon Redshift, and
the volume of data processed each month varies significantly. The company wants to
optimize costs for its analytics processing. Which AWS pricing option allows the
company to pay for the actual amount of data processed rather than a fixed
capacity?
A. On-Demand Instances
B. Reserved Instances
C. Amazon Redshift Spectrum
D. AWS Savings Plans
------------------------------------------------

A company is migrating its existing Kubernetes workloads to AWS and needs a service
that provides secure and reliable communication between containers across multiple
Availability Zones. Which AWS service ensures secure communication between
containers in a Kubernetes cluster?
A. Amazon Elastic Container Service (Amazon ECS)
B. AWS Key Management Service (AWS KMS)
C. AWS Secrets Manager
D. AWS PrivateLink for Amazon EKS
-------------------------------------------------------------

A financial institution has multiple AWS accounts for different business units,
each requiring access to a shared database with sensitive financial data. The
institution wants to ensure that database credentials are securely shared among the
accounts while maintaining proper access controls. Which AWS service facilitates
the secure sharing of secrets across accounts?
A. AWS Organizations
B. AWS Resource Access Manager (AWS RAM)
C. AWS Identity and Access Management (IAM)
D. AWS Secrets Manager
-------------------------------------------------------------

A company is hosting a web application that involves frequent, small updates to


individual functions. Which AWS compute service is suitable for executing small,
frequent updates to functions without managing the entire application
infrastructure?
A. Amazon EC2
B. AWS Lambda
C. Amazon ECS
D. AWS Fargate

-----------------------------------------------------------------
A media streaming company is looking for a compute service to host its backend
services and APIs. The development team prefers a serverless architecture to
minimize operational overhead. Which AWS service is a serverless compute option
that automatically scales and manages the backend infrastructure?
A. Amazon EC2
B. AWS Elastic Beanstalk
C. AWS Lambda
D. Amazon Lightsail
--------------------------------------------------------------------

A Cloud Administrator is tasked with discovering and tracking the software deployed
across the organization's AWS environment. Which AWS Marketplace service can assist
the administrator in automatically discovering and cataloging software assets
deployed on AWS?
A. AWS Marketplace Discovery API
B. AWS Marketplace Metering Service
C. AWS Marketplace Private Marketplace
D. AWS Marketplace Seller Private Offers
---------------------------------------------------------

You have created an IAM user named my-iam-user and attached the AmazonS3FullAccess
policy. However, the user should only be allowed to delete objects within a
specific S3 bucket. What modification should be made to the IAM policy?
A. Attach a custom policy with "Action": "s3:DeleteObject" to the user.
B. Update the existing policy by adding "Resource": "arn:aws:s3:::my-s3-bucket/*"
to each S3 action.
C. Create a bucket policy for my-s3-bucket allowing s3:DeleteObject for the IAM
user.
D. Attach the AmazonS3ReadOnlyAccess policy and create a new policy allowing
s3:DeleteObject for the user.

-----------------------------------------------------------------------------------
----------------------
A medium-sized enterprise is looking for ongoing support and guidance to optimize
their AWS usage, reduce costs, and ensure best practices. They want a service that
offers a mix of technical support, infrastructure monitoring, and regular check-
ins. Which AWS service aligns with these requirements?
A. AWS Activate for Startups
B. AWS IQ
C. AWS Managed Services (AMS)
D. AWS Support
-----------------------------------------------------------------------------------
---
A multinational company has a web application with users distributed globally. The
company wants to improve the performance of the application by delivering content
to users with lower latency. Which AWS service should they use to achieve this goal
by caching content at edge locations around the world?
A. AWS Direct Connect
B. Amazon CloudFront
C. Amazon VPC
D. AWS Global Accelerator
-----------------------------------------------------------------------------------
------------

A media streaming company is looking for a compute service to host its backend
services and APIs. The development team prefers a serverless architecture to
minimize operational overhead. Which AWS service is a serverless compute option
that automatically scales and manages the backend infrastructure?
A. Amazon EC2
B. AWS Elastic Beanstalk
C. AWS Lambda
D. Amazon Lightsail
-----------------------------------------------------------------------------------
------------------

A small business owner wants to quickly set up a web server to host their company
website without worrying about the complexities of managing infrastructure. Cost
efficiency is crucial for the business. Which AWS service is the most suitable for
this scenario?
A. Amazon EC2
B. AWS Lightsail
C. AWS Elastic Beanstalk
D. Amazon S3
-----------------------------------------------------------------------------------
---------------------

A manufacturing company is deploying IoT devices across its production floor to


monitor equipment health and performance. They want to ensure real-time
communication between devices and minimize latency. Which AWS IoT Core feature
should they leverage to enable low-latency, bi-directional communication between
devices?
A. Device Shadows
B. Just-in-Time Registration (JITR)
C. Message Queues
D. MQTT Protocol
-----------------------------------------------------------------------------------

A media company relies on AWS Lambda for serverless video processing. In the
shared responsibility model, what security aspect is shared between the customer
and AWS?
A. Monitoring and responding to security incidents in Lambda functions
B. Ensuring physical security of AWS Lambda data centers
C. Configuring security groups and network ACLs for Lambda
D. Patching the underlying operating system of Lambda servers
-----------------------------------------------------------------------------------
-

What action will be denied by the S3 bucket policy below?

"Version": "2012-10-17",

"Statement": [

"Effect": "Allow",

"Principal": "*",

"Action": [

"s3:GetObject",
"s3:PutObject",

"s3:ListBucket"

],

"Resource": [

"arn:aws:s3:::your-bucket-name",

"arn:aws:s3:::your-bucket-name/*"

],

"Condition": {

"IpAddress": {

"aws:SourceIp": "203.0.113.0/24"

},

"NotIpAddress": {

"aws:SourceIp": "203.0.113.128/32"

},

"Effect": "Deny",

"Principal": "*",

"Action": "s3:*",

"Resource": [

"arn:aws:s3:::your-bucket-name",

"arn:aws:s3:::your-bucket-name/*"

],

"Condition": {

"Bool": {

"aws:SecureTransport": "false"

}
]

}
A. Listing objects within the bucket.
B. Uploading objects to the bucket.
C. Deleting the entire bucket.
D. Any S3 action if the request is not made over a secure transport.
-----------------------------------------------------------------------------------
---------
A healthcare organization is dealing with large volumes of patient records stored
in various databases. The organization needs a fully-managed extract, transform,
and load (ETL) service to prepare and load this data for analytics. Which AWS
service is best suited for this ETL scenario?
A. Amazon Athena
B. Amazon Kinesis
C. AWS Glue
D. Amazon QuickSight
-----------------------------------------------------------------------------------
--------------
A large e-commerce company is dealing with vast amounts of unstructured data,
including customer reviews, product descriptions, and images. The company wants to
transform and clean this data for analytics purposes. Which AWS Glue feature can
the company leverage to automatically discover and catalog the metadata of its
unstructured data stored in Amazon S3?
A. AWS Glue Crawler
B. AWS Glue ETL Jobs
C. AWS Glue DataBrew
D. AWS Glue Schema Evolution
-----------------------------------------------------------------------------------
-------------

A video production company is looking for a file storage solution that supports
high-performance file-based workflows for editing and rendering large video files.
The organization needs a fully-managed service with Windows-based compatibility.
Which AWS file service is the most suitable for this requirement?
A. Amazon S3
B. Amazon EBS
C. Amazon FSx for Lustre
D. Amazon FSx for Windows File Server
-----------------------------------------------------------------------------------
------------

You have an EC2 instance in a public subnet of a VPC that needs to communicate with
a database server in a private subnet. What modification should be made to the
sample network ACL rules?
Security Group Rules:

Rule 1:
Type: SSH (TCP/22)
Source: 203.0.113.0/24
Rule 2:
Type: HTTP (TCP/80) and HTTPS (TCP/443)
Destination: 0.0.0.0/0

Network ACL Rules:

Rule 100:
Rule Number: 100
Type: ICMP
Source: 203.0.113.0/24
Allow
Rule 200:
Rule Number: 200
Source: 192.168.1.1/32
Deny

A. Add an inbound rule allowing TCP/3306 from the private subnet's IP range.
B. Add an outbound rule allowing all traffic to the private subnet's IP range.
C. Remove Rule 200 to allow all inbound traffic from any IP address.
D. Add an inbound rule allowing all traffic from the database server's IP address.
-----------------------------------------------------------------------------------
---------------------
You have an application server in a VPC, and you want to ensure that it can
communicate with a third-party API server over HTTPS (TCP/443). What modification
should be made to the network ACL rules below?
Security Group Rules:

Rule 1:
Type: SSH (TCP/22)
Source: 203.0.113.0/24
Rule 2:
Type: HTTP (TCP/80) and HTTPS (TCP/443)
Destination: 0.0.0.0/0

Network ACL Rules:

Rule 100:
Rule Number: 100
Type: ICMP
Source: 203.0.113.0/24
Allow
Rule 200:
Rule Number: 200
Source: 192.168.1.1/32
Deny

A. Add an inbound rule allowing TCP/443 from the API server's IP range.
B. Add an outbound rule allowing TCP/443 to the API server's IP range.
C. Update Rule 200 to deny inbound traffic from the API server's IP range.
D. Add an outbound rule allowing all traffic to the API server's IP range.
-----------------------------------------------------------------------------------
-------------
A retail company is looking to enhance its customer experience by implementing a
recommendation engine that suggests personalized product recommendations on its e-
commerce platform. Which AWS machine learning service is best suited for building
and deploying a recommendation engine based on user behavior and preferences?
A. Amazon SageMaker
B. Amazon Comprehend
C. Amazon Polly
D. Amazon Lex
-----------------------------------------------------------------------
An organization has a significant amount of data stored in on-premises servers, and
the available network bandwidth for data transfer to AWS is limited. Which
migration strategy would be most efficient in overcoming bandwidth limitations and
securely transferring large volumes of data to the AWS Cloud?
A. AWS Snowball
B. Database Replication
C. Rehosting (Lift and Shift)
D. Data Archive
------------------------------------------------------------------------------
You want to modify the provided S3 bucket policy to grant access to a new IAM user
(new-user) for performing all S3 actions on objects within the bucket. Which part
of the policy should you update?

"Version": "2012-10-17",

"Statement": [

"Effect": "Allow",

"Principal": "*",

"Action": [

"s3:GetObject",

"s3:PutObject",

"s3:ListBucket"

],

"Resource": [

"arn:aws:s3:::your-bucket-name",

"arn:aws:s3:::your-bucket-name/*"

],

"Condition": {

"IpAddress": {

"aws:SourceIp": "203.0.113.0/24"

},

"NotIpAddress": {

"aws:SourceIp": "203.0.113.128/32"

},

{
"Effect": "Deny",

"Principal": "*",

"Action": "s3:*",

"Resource": [

"arn:aws:s3:::your-bucket-name",

"arn:aws:s3:::your-bucket-name/*"

],

"Condition": {

"Bool": {

"aws:SecureTransport": "false"

}
A. "Principal": "*"
B. "Action": ["s3:GetObject", "s3:PutObject", "s3:ListBucket"]
C. "Resource": ["arn:aws:s3:::your-bucket-name", "arn:aws:s3:::your-bucket-name/*"]
D. Adding a new statement with "Effect": "Allow", "Principal": { "AWS":
"arn:aws:iam::NEW-USER-ACCOUNT-ID:user/new-user" }
--------------------------------------------------------------------
A gaming company is developing a multiplayer online game that requires real-time
leaderboards to display player rankings. They need a caching solution that can
handle frequent updates and retrievals of player scores with sub-millisecond
latency. Which AWS service is the most suitable for implementing the leaderboards?
A. Amazon RDS with MySQL
B. Amazon ElastiCache for Redis
C. Amazon Redshift
D. Amazon MemoryDB for Redis
-----------------------------------------
An organization wants to implement a solution that allows users to securely access
a desktop environment with applications that have high graphical requirements, such
as graphic design software. They need a service that provides a smooth and
responsive user experience. Which AWS service is designed for delivering high-
performance graphical applications?
A. Amazon RDS
B. Amazon WorkSpaces
C. Amazon EC2
D. Amazon AppStream 2.0
--------------------------------
A financial institution is implementing a hybrid cloud strategy and needs to ensure
high availability for its on-premises applications using AWS Storage Gateway. The
institution wants to maintain a full copy of its on-premises data in Amazon S3 for
disaster recovery purposes. Which type of AWS Storage Gateway deployment would meet
the institution's requirements?
A. Gateway-Cached Volumes
B. Gateway-Stored Volumes
C. Gateway-Virtual Tape Library (VTL)
D. Gateway-VTL Cached

You might also like