Question : An application you maintain consists of multiple EC instances in a default tenancy VPC. This application has undergone an internal audit and has been determined to require dedicated hardware for one instance. Your compliance team has given you a week to move this instance to single-tenant hardware. Which process will have minimal impact on your application while complying with this requirement?
1. Create a new VPC with tenancy=dedicated and migrate to the new VPC 2. Use ec2-reboot-instances command line and set the parameter "dedicated=true" 3. Access Mostly Uused Products by 50000+ Subscribers 4. Stop the instance, create an AMI, launch a new instance with tenancy=dedicated, and terminate the old instance
Explanation: You cannot change the tenancy of a default instance after you've launched it. You can change the tenancy of an instance from "dedicated" to "host" after you've launched it, and vice versa. This question states that dedicated tenancy is needed for one instance, not the entire VPC
Question : You have private video content in S that you want to serve to subscribed users on the Internet. User IDs, credentials, and subscriptions are stored in an Amazon RDS database. Which configuration will allow you to securely serve private content to your users? 1. Generate pre-signed URLs for each user as they request access to protected S3 content 2. Create an IAM user for each subscribed user and assign the GetObject permission to each IAM user 3. Access Mostly Uused Products by 50000+ Subscribers 4. Create a CloudFront Origin Identity user for your subscribed users and assign the GetObject permission to this user
Explanation: You can optionally secure the content in your Amazon S3 bucket so users can access it through CloudFront but cannot access it directly by using Amazon S3 URLs. This prevents anyone from bypassing CloudFront and using the Amazon S3 URL to get content that you want to restrict access to. This step isn't required to use signed URLs, but we recommend it
Question : The compliance department within your multi-national organization requires that all data for your customers that reside in the European Union (EU) must not leave the EU and also data for customers that reside in the US must not leave the US without explicit authorization. What must you do to comply with this requirement for a web based profile management application running on EC2? 1. Run EC2 instances in multiple AWS Availability Zones in single Region and leverage an Elastic Load Balancer with session stickiness to route traffic to the appropriate zone to create their profile 2. Run EC2 instances in multiple Regions and leverage Route 53's Latency Based Routing capabilities to route traffic to the appropriate region to create their profile 3. Access Mostly Uused Products by 50000+ Subscribers determine if a user needs to be redirect to the appropriate region to create their profile 4. Run EC2 instances in multiple AWS Availability Zones in a single Region and leverage a third party data provider to determine if a user needs to be redirect to the appropriate zone to create their profile
1. Use cost allocation reports and AWS Opsworks to deploy and manage your infrastructure. 2. Use AWS CloudWatch metrics and alerts along with resource tagging to deploy and manage your infrastructure. 3. Access Mostly Uused Products by 50000+ Subscribers 4. Use AWS CloudFormation and a version control system like GIT to deploy and manage your infrastructure.