Master AWS Certifications with Confidence

Which AWS service or feature can be used to monitor network throughput spikes on a system running on Amazon EC2?

When a user needs to maintain compliance with existing per-socket, per-core, or per-virtual machine software licenses for an Oracle Database environment hosted on AWS, which Amazon EC2 instance type must be selected?

A security audit identifies that EC2 instances are missing critical operating system updates. A solutions architect must design a solution to automate vulnerability assessments and apply necessary patches across hundreds of EC2 instances. The solution must also generate compliance reports detailing each instance’s patch status. Which approach fulfills these requirements?

A company operates a REST-based application on Amazon EC2 instances that processes real-time data from an external provider. The provider reports frequent 503 errors during peak data transmission periods, as the EC2 instances become overwhelmed and cannot handle the request volume.

Which solution will allow the application to scale efficiently during high data traffic?

A solutions architect is evaluating the high availability of an application running on Amazon EC2 instances within a private subnet of a VPC. The EC2 instances are managed by an Auto Scaling group configured with a minimum and maximum capacity of 1. The application uses an Amazon RDS for PostgreSQL DB instance. The VPC includes subnets in three Availability Zones and uses a single NAT gateway. The solutions architect must propose a solution to ensure the application operates reliably across multiple Availability Zones. Which solution meets this requirement?

A company is using AWS Organizations to restrict its developers to only use Amazon RDS, AWS Lambda, and AWS CloudFormation. The developers' account is placed in a separate organizational unit (OU). The solutions architect has applied the following SCP to the developers' OU:

json<br>{<br> "Version": "2012-10-17",<br> "Statement": [<br> {<br> "Sid": "AllowRDS",<br> "Effect": "Allow",<br> "Action": "rds:*",<br> "Resource": "*"<br> },<br> {<br> "Sid": "AllowLambda",<br> "Effect": "Allow",<br> "Action": "lambda:*",<br> "Resource": "*"<br> },<br> {<br> "Sid": "AllowCloudFormation",<br> "Effect": "Allow",<br> "Action": "cloudformation:*",<br> "Resource": "*"<br> }<br> ]<br>}<br>

Despite this policy, IAM users in the developers' account can still access AWS services not listed in the SCP. What should the solutions architect do to enforce the restriction?

A. Add explicit deny statements for all AWS services except RDS, Lambda, and CloudFormation.
B. Detach the FullAWSAccess SCP from the developers' OU.
C. Update the FullAWSAccess SCP to explicitly deny all services not listed.
D. Include a wildcard deny statement at the end of the existing SCP.

A developer is configuring an Amazon CloudFront distribution in front of an internet-facing Application Load Balancer (ALB) serving a web application on EC2 instances. The developer needs to ensure that all data transmitted between users and the application is encrypted in transit.

Which two CloudFront settings must be configured to meet this requirement? (Choose two.)

A company processes payment transactions from multiple vendors through an API Gateway integrated with AWS Lambda. Each vendor submits transactions via a dedicated API. The Lambda function processes these transactions. Vendors must receive confirmation messages only for their transactions, and adding new vendors should require minimal code changes. What is the MOST scalable solution?