1. A company's operations team has an existing Amazon S3 bucket configured to notify an Amazon SQS queue when new objects are created within the bucket. The development team also wants to receive events when new objects are created. The existing operation team workflow must remain intact.Which solution would satisfy these requirements?

A) Create an Amazon SNS topic and SQS queue for the bucket updates. Update the bucket to send events to the new topic. Update both queue to poll Amazon SNS.
B) Create a new SQS queue that only allows Amazon S3 to access the queue. Update Amazon S3 to update this queue when a new object is created
C) Create another SQS queue. Update the S3 events in the bucket to also update the new queue when a new object is created.
D) Create an Amazon SNS topic and SQS queue for the bucket updates. Update the bucket to send events to the new topic. Add subscriptions for both queue in the topic



2. A company plans to store sensitive user data on Amazon S3. Internal security compliance requirement mandate encryption of data before sending it to Amazon S3.What should a solution architect recommend to satisfy these requirements?

A) Server-side encryption with customer-provided encryption keys
B) Client-side encryption with Amazon S3 managed encryption keys
C) Client-side encryption with a master key stored in AWS Key Management Service (AWS KMS)
D) Server-side encryption with keys stored in AWS key Management Service (AWS KMS)



3. A Solutions Architect must design a web application that will be hosted on AWS, allowing users to purchase access to premium, shared content that is stored in an S3 bucket. Upon payment, content will be available for download for 14 days before the user is denied access.Which of the following would be the LEAST complicated implementation?

A) Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to sot an expiration of 14 days for the URL.
B) Use an Amazon CloudFront distribution with an origin access identity (OAI). Configure the distribution with an Amazon S3 origin to provide access to the file through signed URL's. Design a Lambda function to remove data that is older than 14 days.
C) Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 60 minutes for the URL and recreate the URL as necessary.
D) Use an S3 bucket and provide direct access to the tile Design the application to track purchases in a DynamoDH table. Configure a Lambda function to remove data that is older than 14 days based on a query to Amazon DynamoDB.



4. A company delivers files in Amazon S3 to certain users who do not have AWS credentials. These users must be given access for a limited time.What should a solutions architect do to securely meet these requirements?

A) Generate a presigned URL to share with the users.
B) Encrypt file using AWS KMS and provide keys to the users.
C) Create and assign IAM roles that will gran GetObject permission to the users.
D) Enable public access on an Amazon S3 bucket



5. A company has 150 TB of archived image data stored on-premises that needs to be mowed to the AWS Cloud within the next month. The company's current network connection allows up to 100 Mbps uploads for this purpose during the night only.What is the MOST cost-effective mechanism to move this data and meet the migration deadline?

A) Create an Amazon S3 VPC endpoint and establish a VPN to upload the data.
B) Use AWS Snowmobile to ship the data to AWS.
C) Order multiple AWS Snowball devices to ship the data to AWS.
D) Enable Amazon S3 Transfer Acceleration and securely upload the data.