1. A company currently stores symmetric encryption keys in a hardware security module (HSM). A solution architect must design a solution to migrate key management to AWS. The solution should allow for key rotation and support the use of customer provided keys.Where should the key material be stored to meet these requirements?

A) Amazon S3
B) AWS Key Management Service (AWS KMS)
C) AWS Systems Manager Parameter store
D) AWS Secrets Manager



2. A solutions architect has configured the following IAM policy.{ 'Version': '2012-10-17'' 'Statement': [ { 'Effect': 'Allow', 'Action':[ 'lambda:*' ], 'Resource': '*' }, { 'Effect': 'Deny', 'Action':[ 'lambda:CreateFunction', 'lambda:DeleteFunction' ], 'Resource': '*', 'Condition': { 'IpAddress': { 'aws:SourceIP: '220.100.16.0/26' } } } ]}Which action will be allowed by the policy?

A) An AWS Lambda function can be deleted from the 220.100.16.0/20 network
B) An AWS Lambda function can be deleted from the 100.220.0.0/20 network
C) An AWS Lambda function can be deleted from any network
D) An AWS Lambda function can be created from any network



3. A company hosts its website on Amazon S3. The website serves petabytes of outbound traffic monthly, which account for most of the company's AWS costs.What should a solutions architect do to reduce costs?

A) Move the website to Amazon EC2 with Amazon EBS volumes for storage
B) Configure Amazon CloudFront with the existing website as the origin
C) Use AWS Global Accelerator and specify the existing website as the endpoint
D) Rearchitect the website to run on a combination of Amazon API Gateway and AWS Lambda



4. A company runs multiple Amazon EC2 Linux instances in a VPC with applications that use a hierarchical directory structure. The applications need to rapidly and concurrently read and write to shared storage.How can this be achieved?

A) Create an Amazon S3 bucket and permit access from all the EC2 instances in the VPC.
B) Create a file system on an Amazon EBS Provisioned IOPS SSD (101) volume. Attach the volume to all the EC2 instances.
C) Create file systems on Amazon EBS volumes attached to each EC2 instance. Synchronize the Amazon EBS volumes across the different EC2 instances.
D) Create an Amazon EFS file system and mount it from each EC2 instance.



5. A company needs to share an Amazon S3 bucket with an external vendor . The bucket owner must be able to access all objects.Which action should be taken to share the S3 bucket?

A) Create an IAM policy to require users to grant bucket-owner-full-control when uploading objects
B) Update the bucket to enable cross-origin resource sharing (CORS)
C) Update the bucket to be a Requester Pays bucket
D) Create a bucket policy to require users to grant bucket-owner-full-control when uploading objects.