Questions regarding S3/EBS/Lambda/bastion


#1

Hi,

I have some doubts about the answers I’m thinking… Can you please correct me if I’m wrong and make understand ?

  1. Designing a web application that is running on an Amazon EC2 instance. The application stores data in DynamoDB. The Architect needs to secure access to the DynamoDB table.What combination of steps does AWS recommend to achieve secure authorization? (Select two.)

A. Attach an IAM user to the Amazon EC2 instance.
B. Create an IAM role with permissions to write to the DynamoDB table.
C. Attach an IAM policy to the Amazon EC2 instance.
D. Attach an IAM role to the Amazon EC2 instance.
E. Store an access key on the Amazon EC2 instance with rights to the Dynamo DB table.

I’m thinking it is B and D or E. Please let me know!

  1. An AWS workload in a VPC is running a legacy database on an Amazon EC2 instance. Data is stored on a 200GB Amazon EBS (gp2) volume. At peak load times, logs show excessive wait time. What solution should be implemented to improve database performance using persistent storage?

A. Change the EC2 instance type to one with burstable performance.
B. Migrate the data on the EBS volume to provisioned lOPS SSD (io1).
C. Migrate the data on the Amazon EBS volume to an SSD-backed volume.
D. Change the EC2 instance type to one with EC2 instance store volumes.

Is this the A?

  1. A Solution Architect is designing a three-tier web application. The Architect wants to restrict access to the database tier to accept traffic from the applicaton servers only. However, these application servers are in the Auto Scaling group and may vary in quantity. How should the Architect configure the database servers to meet the requirements?

A. Configure the database security group to allow database traffic from the application server IP addresses.
B. Configure the database subnet network ACL to allow inbound database traffic from the application-tier subnet.
C. Configure the database subnet network ACL to deny all inbound non-database traffic from the application-tier subnet
D. Configure the database security group to allow database traffic from the applicaton server security group.

Confused between C and D…

  1. Applications in the VPC must have private connectivity to Amazon DynamoDB in the same AWS Region. The design should route DynamoDB traffic through:

A. VPC peering connection.
B. NAT gateway
C. VPC endpoint
D. AWS Direct Connect

Is this C?

  1. A Solutions Architect is building a new feature using a Lambda to create metadata when a user uploads a picture to Amazon S3. All metadata must be indexed.

Which AWS service should the Architect use to store this metadata?

A. Amazon S3
B. Amazon DynamoDB
C. Amazon Kinesis
D. Amazon EFC

A?

Thanks!