Question 1

A healthcare organization is looking to store highly confidential patient records in an Amazon S3 bucket. The storage solution must comply with regulatory standards that require not only encryption of data at rest but also stringent control and auditing over who can access the encryption keys. Since their IT team lacks the resources to manage encryption processes manually, they need an encryption method that is both secure and manageable within their AWS environment.

What encryption method should they use for their S3 bucket to ensure compliance with these standards?

Options :

A : Implement Server-Side Encryption with AWS Key Management Service (SSE-KMS) for encryption at rest and to maintain control over encryption keys

B : Enable Amazon S3 managed keys (SSE-S3) for server-side encryption to ensure data is encrypted at rest with Amazon-managed keys

C : Use Amazon S3 default encryption with an Amazon-managed key for automatic encryption of all stored data.

D : Opt for client-side encryption with a client-managed key for encrypting data before uploading it to the S3 bucket

Answer: A

Question 2

A digital media company processes large volumes of image and video files daily. These files are stored in an Amazon S3 bucket. The company needs to analyze metadata extracted from these files (such as file size, type, creation date) and store this information for quick retrieval and analysis. The solution should automatically handle new files as they are uploaded and be scalable to handle increasing data volumes.

Which AWS service should the company implement to extract, store, and manage the metadata efficiently?

Options :

A : Use AWS Glue to run ETL jobs on new files in S3, extract metadata, and store it in Amazon RDS for querying.

B : Configure Amazon S3 Event Notifications to trigger AWS Lambda functions for metadata extraction and storage in Amazon DynamoDB.

C : Utilize Amazon Athena to query S3 metadata directly and store the query results in Amazon ElastiCache for quick access.

D : Implement Amazon Kinesis Data Firehose to capture file metadata and load it into Amazon Redshift for analysis.

Answer: B

Question 3

A retail company uses Amazon Aurora to manage inventory data. The company's Aurora DB cluster resides in a private subnet. A team member has created an AWS Lambda function to manage inventory levels within the Aurora DB cluster. To maintain data security, the company wants to ensure that this Lambda function can access the Aurora DB cluster only through the private network.

What steps should be taken to enable private connectivity from the Lambda function to the Aurora DB cluster with minimal administrative effort? (Select TWO.)

Options :

A : Implement VPC peering between the VPC containing the Lambda function and the VPC containing the Aurora DB cluster.

B : Modify the security group of the Aurora DB cluster to allow incoming connections on the appropriate port from the Lambda function.

C : Enable the private DNS name feature for the Aurora DB cluster endpoint.

D : Deploy the Lambda function within a public subnet and configure a NAT Gateway for outbound connections.

E : Ensure the Lambda function is configured to run in the same VPC as the Aurora DB cluster, within a private subnet.

Answer: B,E

Question 4

A healthcare application hosted on AWS uses Amazon EC2 instances to manage sensitive patient data that must comply with regulatory security standards. The data is stored on EBS volumes attached to the EC2 instances. The company's security policy mandates that all data at rest be encrypted to protect against unauthorized access.

Which action should the IT department take to secure the EBS volumes in accordance with the company's security policy?

Options :

A : Use AWS Certificate Manager to apply SSL/TLS certificates to the EBS volumes.

B : Encrypt the EBS volumes with Amazon S3 server-side encryption.

C : Enable EBS encryption with AWS Key Management Service (KMS) keys.

D : Run a third-party encryption tool to encrypt data on the EBS volumes before storage.

Answer: C

Question 5

Your company's Cloud Data Engineering team is using Amazon Kinesis Data Streams to process real-time streaming data from IoT devices. The stream is configured with 4 shards. Lately, the team observes that during peak operational hours, there are intermittent delays in data processing and some records appear to be dropped. The team is using a custom Kinesis consumer application for data processing.

What initial step should the team take to begin troubleshooting these performance issues?

Options :

A : Inspect the Kinesis Data Streams monitoring metrics in Amazon CloudWatch for incoming record rate and backend processing latencies.

B : Change the data record format to a more compact serialization format like Avro or Protocol Buffers.

C : Adjust the retention period of the data in the stream to allow more time for processing.

D : Increase the shard count in the Kinesis Data Stream to handle higher throughput.

Answer: A