[100% Free] Fantastic Valid Amazon Exam Dumps! Latest Amazon Exam Questions

Here is how to start preparing for Amazon exams (ANS-C00, CLF-C01, DAS-C01, DVA-C01, MLS-C01, SAA-C02, SCS-C01), and where to get the latest Amazon exams (ANS-C01) C00, CLF-C01, DAS-C01, DVA-C01, MLS-C01, SAA-C02, SCS-C01). Reliable Amazon exam dump, please choose https://www.pass4itsure.com/amazon.html You can easily get it. This resource can provide you with the latest Amazon exam dumps and verified answers. Share with you for free below

Updated Amazon ANS-C00 exam dumps (pdf) and effective practice questions

[Drive] Amazon ANS-C00 exam dumps (pdf) download

Free Amazon ANS-C00 exam dumps pdf https://drive.google.com/file/d/1LmTq-EL7XwgqdJ6Fb9i3wqT7VBmoNl7_/view?usp=sharing

Amazon AWS Certified Specialty ANS-C00 exam effective practice questions 1-5

QUESTION 1
You have a three-tier web application with separate subnets for Web, Applications, and Database tiers. Your CISO
suspects your application will be the target of malicious activity. You are tasked with notifying the security team in the
event your application is port scanned by external systems.
Which two AWS Services cloud you leverage to build an automated notification system? (Choose two.)
A. Internet gateway
B. VPC Flow Logs
C. AWS CloudTrail
D. Lambda
E. AWS Inspector
Correct Answer: CD
References: https://aws.amazon.com/blogs/security/how-to-receive-alerts-when-specific-apis-are-called-by-using-awscloudtrail-amazon-sns-and-aws-lambda/


QUESTION 2
A company uses a single connection to the internet when connecting its on-premises location to AWS. It has selected
an AWS Partner Network (APN) Partner to provide a point-to-point circuit for its first-ever 10 Gbps AWS Direct Connect
connection.
What steps must be taken to order the cross-connect at the Direct Connect location?
A. Obtain the LOA/CFA from the APN Partner when ordering connectivity. Upload it to the AWS Management Console
when creating a new Direct Connect connection. AWS will ensure that the cross-connect is installed.
B. Obtain the LOA/CFA from the AWS Management Console when ordering the Direct Connect connection. Provide it to
the APN Partner when ordering connectivity. The Direct Connect partner will ensure that the cross-connect is installed.
C. Obtain the LOA/CFA each from the AWS Management Console and the APN Partner. Provide both to the Facility
Operator of the Direct Connect location. The Facility Operatir will ensure that the cross-connect is installed.
D. Identify the APN Partner in the AWS Management Console when creating the Direct Connect connection. Provide
the resulting Connection ID to the APN Partner, who will ensure that the cross-connect is installed.
Correct Answer: B
  

QUESTION 3
A company has a hybrid IT architecture with two AWS Direct Connect connections to provide high availability. The
services hosted on-premises are accessible using public IPs, and are also on the 172.16.0.0/16 range. The AWS resources are on the 192.168.0.0/18 range. The company wants to use Amazon Elastic Load Balancing for SSL
offloading, health checks, and sticky sessions.
What should be done to meet these requirements?
A. Create a Network Load Balancer pointing to the on-premises server\\’s private IP address.
B. Create an Amazon CloudFront distribution for the on-premises service and use the public IPs of the on-premises
servers as the origin.
C. Create a Network Load Balancer pointing to the on-premises server\\’s public IP address.
D. Create an Application Load Balancer pointing to the on-premises server\\’s private IP address.
Correct Answer: A


QUESTION 4
A network engineer deploys an application in a private subnet in a VPC that connects to many external video feed
providers using RTMP over the internet. A NAT gateway has been deployed in a public subnet and is working as
expected. From the Amazon EC2 instance, the application is able to connect to all feed providers except one, which
hangs when connecting. Manually testing a connection from an Amazon EC2 instance in the public subnet to the
problem feed indicates that the feed works as expected.
What is causing this issue?
A. The NAT gateway does not support fragmented packets.
B. The internet gateway only supports an MTU of 1500 bytes.
C. An Amazon EC2 instance expects to communicate with an MTU of 9001.
D. The security group on the instances does not allow PMTUD.
Correct Answer: D


QUESTION 5
A company is about to migrate an application from its on-premises data center to AWS. As part of the planning process,
the following requirements involving DNS have been identified.
On-premises systems must be able to resolve the entries in an Amazon Route 53 private hosted zone.
Amazon EC2 instances running in the organization\\’s VPC must be able to resolve the DNS names of on-premises
systems
The organization\\’s VPC uses the CIDR block 172.16.0.0/16.
Assuming that there is no DNS namespace overlap, how can these requirements be met?
A. Change the DHCP options set for the VPC to use both the Amazon-provided DNS server and the on-premises DNS
systems. Configure the on-premises DNS systems with a stub-zone, delegating the name server 172.16.0.2 as
authoritative for the Route 53 private hosted zone.
B. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to
forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to
172.16.0.2. Change the DHCP options set for the VPC to use the new DNS proxies. Configure the on-premises DNS
systems with a stub-zone, delegating the name server 172.16.0.2 as authoritative for the Route 53 private hosted zone.
C. Deploy and configure a set of EC2 instances into the company VPC to act as DNS proxies. Configure the proxies to
forward queries for the on-premises domain to the on-premises DNS systems, and forward all other queries to the
Amazon-provided DNS server (172.16.0.2). Change the DHCP options set for the VPC to use the new DNS proxies.
Configure the on-premises DNS systems with a stub-zone, delegating the proxies as authoritative for the Route 53
private hosted zone.
D. Change the DHCP options set for the VPC to use both the on-premises DNS systems. Configure the on-premises
DNS systems with a stub-zone, delegating the Route 53 private hosted zone\\’s name servers as authoritative for the
Route 53 private hosted zone.
Correct Answer: C

More complete Pass4itsure Amazon ANS-C00 exam dumps: https://www.pass4itsure.com/aws-certified-advanced-networking-specialty.html

Amazon ANS-C00 exam video

Updated Amazon CLF-C01 exam dumps (pdf) and effective practice questions

[Drive] Amazon CLF-C01 exam dumps (pdf) download

Free Amazon CLF-C01 exam dumps pdf https://drive.google.com/file/d/1SzrQo59Eyu4bdUDXNZaKQEM1eHq9UFQo/view?usp=sharing

Amazon AWS Certified Foundational CLF-C01 exam effective practice questions 1-5

QUESTION 1
Which AWS hybrid storage service enables your on-premises applications to seamlessly use AWS Cloud storage
through standard file-storage protocols?
A. AWS Direct Connect
B. AWS Snowball
C. AWS Storage Gateway
D. AWS Snowball Edge
Correct Answer: C
The AWS Storage Gateway service enables hybrid cloud storage between on-premises environments and the AWS
Cloud. It seamlessly integrates on-premises enterprise applications and workflows with Amazon\\’s block and object
cloud storage services through industry-standard storage protocols. It provides low-latency performance by caching
frequently accessed data on-premises while storing data securely and durably in Amazon cloud storage services. It
provides an optimized data transfer mechanism and bandwidth management, which tolerates unreliable networks and
minimizes the amount of data being transferred. It brings the security, manageability, durability, and scalability of AWS
to existing enterprise environments through native integration with AWS encryption, identity management, monitoring,
and storage services. Typical use cases include backup and archiving, disaster recovery, moving data to S3 for in-cloud
workloads, and tiered storage.
Reference: https://aws.amazon.com/storagegateway/faqs/


QUESTION 2
What can AWS edge locations be used for? (Choose two.)
A. Hosting applications
B. Delivering content closer to users
C. Running NoSQL database caching services
D. Reducing traffic on the server by caching responses
E. Sending notification messages to end-users
Correct Answer: BD
CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user
requests content that you\\’re serving with CloudFront, the user is routed to the edge location that provides the lowest
latency (time delay), so that content is delivered with the best possible performance.
Reference: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html

QUESTION 3
Which AWS service of feature can be used to monitor CPU usage?
A. AWS CloudTrail
B. VPC Flow Logs
C. Amazon CloudWatch
D. AWSConfig
Correct Answer: C


QUESTION 4
A company is releasing a business-critical application Before the release the company needs strategic planning
assistance from AWS. During the release, it needs infrastructure event management and real-time Suppor.
How can these requirements be met?
A. Access AWS Trusted Advisor
B. Contact the AWS Partner Network (APN).
C. Sign up for AWS Enterprise Support
D. Contact AWS Professional Services
Correct Answer: D


QUESTION 5
What is an example of agility in the AWS Cloud?
A. Access to multiple instance types
B. Access to managed services
C. Using Consolidated Billing to produce one bill
D. Decreased acquisition time for new compute resources
Correct Answer: D
Reference: https://aws.amazon.com/blogs/enterprise-strategy/risk-is-lack-of-agility/

More complete Pass4itsure Amazon CLF-C01 exam dumps: https://www.pass4itsure.com/aws-certified-cloud-practitioner.html

Amazon CLF-C01 exam video

Updated Amazon DAS-C01 exam dumps (pdf) and effective practice questions

[Drive] Amazon DAS-C01 exam dumps (pdf) download

Free Amazon DAS-C01 exam dumps pdf https://drive.google.com/file/d/1W74vC9fIOz324qmxpGm-c5ZnPEoq1_B0/view?usp=sharing

Amazon AWS Certified Specialty DAS-C01 exam effective practice questions 1-5

QUESTION 1
A media analytics company consumes a stream of social media posts. The posts are sent to an Amazon Kinesis data
stream partitioned on user_id. An AWS Lambda function retrieves the records and validates the content before loading
the posts into an Amazon Elasticsearch cluster. The validation process needs to receive the posts for a given user in the
order they were received. A data analyst has noticed that, during peak hours, the social media platform posts take more
than an hour to appear in the Elasticsearch cluster.
What should the data analyst do reduce this latency?
A. Migrate the validation process to Amazon Kinesis Data Firehose.
B. Migrate the Lambda consumers from standard data stream iterators to an HTTP/2 stream consumer.
C. Increase the number of shards in the stream.
D. Configure multiple Lambda functions to process the stream.
Correct Answer: C


QUESTION 2
A media company has been performing analytics on log data generated by its applications. There has been a recent
increase in the number of concurrent analytics jobs running, and the overall performance of existing jobs is decreasing
as the number of new jobs is increasing. The partitioned data is stored in Amazon S3 One Zone-Infrequent Access (S3
One Zone-IA) and the analytic processing is performed on Amazon EMR clusters using the EMR File System (EMRFS)
with consistent view enabled. A data analyst has determined that it is taking longer for the EMR task nodes to list
objects in Amazon S3.
Which action would MOST likely increase the performance of accessing log data in Amazon S3?
A. Use a hash function to create a random string and add that to the beginning of the object prefixes when storing the
log data in Amazon S3.
B. Use a lifecycle policy to change the S3 storage class to S3 Standard for the log data.
C. Increase the read capacity units (RCUs) for the shared Amazon DynamoDB table.
D. Redeploy the EMR clusters that are running slowly to a different Availability Zone.
Correct Answer: D

QUESTION 3
An insurance company has raw data in JSON format that is sent without a predefined schedule through an Amazon
Kinesis Data Firehose delivery stream to an Amazon S3 bucket. An AWS Glue crawler is scheduled to run every 8
hours to update the schema in the data catalog of the tables stored in the S3 bucket. Data analysts analyze the data
using Apache Spark SQL on Amazon EMR set up with AWS Glue Data Catalog as the metastore. Data analysts say
that, occasionally, the data they receive is stale. A data engineer needs to provide access to the most up-to-date data.
Which solution meets these requirements?
A. Create an external schema based on the AWS Glue Data Catalog on the existing Amazon Redshift cluster to query
new data in Amazon S3 with Amazon Redshift Spectrum.
B. Use Amazon CloudWatch Events with the rate (1 hour) expression to execute the AWS Glue crawler every hour.
C. Using the AWS CLI, modify the execution schedule of the AWS Glue crawler from 8 hours to 1 minute.
D. Run the AWS Glue crawler from an AWS Lambda function triggered by an S3:ObjectCreated:* event notification on
the S3 bucket.
Correct Answer: A


QUESTION 4
A company has 1 million scanned documents stored as image files in Amazon S3. The documents contain typewritten
application forms with information including the applicant first name, applicant last name, application date, application
type, and application text. The company has developed a machine learning algorithm to extract the metadata values
from the scanned documents. The company wants to allow internal data analysts to analyze and find applications using
the applicant name, application date, or application text. The original images should also be downloadable. Cost control
is secondary to query performance.
Which solution organizes the images and metadata to drive insights while meeting the requirements?
A. For each image, use object tags to add the metadata. Use Amazon S3 Select to retrieve the files based on the
applicant name and application date.
B. Index the metadata and the Amazon S3 location of the image file in Amazon Elasticsearch Service. Allow the data
analysts to use Kibana to submit queries to the Elasticsearch cluster.
C. Store the metadata and the Amazon S3 location of the image file in an Amazon Redshift table. Allow the data
analysts to run ad-hoc queries on the table.
D. Store the metadata and the Amazon S3 location of the image files in an Apache Parquet file in Amazon S3, and
define a table in the AWS Glue Data Catalog. Allow data analysts to use Amazon Athena to submit custom queries.
Correct Answer: A

QUESTION 5
A media content company has a streaming playback application. The company wants to collect and analyze the data to
provide near-real-time feedback on playback issues. The company needs to consume this data and return results within
30 seconds according to the service-level agreement (SLA). The company needs the consumer to identify playback
issues, such as quality during a specified timeframe. The data will be emitted as JSON and may change schemas over
time.
Which solution will allow the company to collect data for processing while meeting these requirements?
A. Send the data to Amazon Kinesis Data Firehose with delivery to Amazon S3. Configure an S3 event trigger an AWS
Lambda function to process the data. The Lambda function will consume the data and process it to identify potential
playback issues. Persist the raw data to Amazon S3.
B. Send the data to Amazon Managed Streaming for Kafka and configure an Amazon Kinesis Analytics for Java
application as the consumer. The application will consume the data and process it to identify potential playback issues.

More complete Pass4itsure Amazon DAS-C01 exam dumps: https://www.pass4itsure.com/das-c01.html

Amazon DAS-C01 exam video

Updated Amazon DVA-C01 exam dumps (pdf) and effective practice questions

[Drive] Amazon DVA-C01 exam dumps (pdf) download

Free Amazon DVA-C01 exam dumps pdf https://drive.google.com/file/d/1Kgf7HGKt58TXDY4asjRZUKmVEH5RpuBZ/view?usp=sharing

Amazon AWS Certified Associate DVA-C01 exam effective practice questions 1-5

QUESTION 1
A company is running a custom application on a set of on-premises Linux servers that are accessed using Amazon API
Gateway AWS X-Ray tracing has been enabled on the API test stage. How can a developer enable X-Ray tracing on
the on-premises servers with the LEAST amount of configuration?
A. Install and run the X-Ray SDK on the on-premises servers to capture and relay the data to the X-Ray service.
B. Install and run the X-Ray daemon on the on-premises servers to capture and relay the data to the X-Ray service.
C. Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant
data to X-Ray using the PutTraceSegments API call.
D. Capture incoming requests on-premises and configure an AWS Lambda function to pull, process, and relay relevant
data to X-Ray using the PutTelemetryRecords API call.
Correct Answer: A


QUESTION 2
A Developer is building a serverless application using AWS Lambda and must create a REST API using an HTTP GET
method. What needs to be defined to meet this requirement? (Choose two.)
A. A [email protected] function
B. An Amazon API Gateway with a Lambda function
C. An exposed GET method in an Amazon API Gateway
D. An exposed GET method in the Lambda function
E. An exposed GET method in Amazon Route 53
Correct Answer: BC
Reference: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-getting-started-with-restapis.html

QUESTION 3
A website\\’s page load times are gradually increasing as more users access the system at the same time. Analysis
indicates that a user profile is being loaded from a database in all the web pages being visited by each user and this is
increasing the database load and the page load latency. To address this issue the Developer decides to cache the user
profile data.
Which caching strategy will address this situation MOST efficiently?
A. Create a new Amazon EC2 Instance and run a NoSQL database on it. Cache the profile data within this database
using the write-through caching strategy.
B. Create an Amazon ElastiCache cluster to cache the user profile data. Use a cache-aside caching strategy.
C. Use a dedicated Amazon RDS instance for caching profile data. Use a write-through caching strategy.
D. Create an ElastiCache cluster to cache the user profile data. Use a write-through caching strategy.
Correct Answer: B
https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/Strategies.html


QUESTION 4
A Developer created a dashboard for an application using Amazon API Gateway, Amazon S3, AWS Lambda, and
Amazon RDS. The Developer needs an authentication mechanism allowing a user to sign in and view the dashboard. It
must be accessible from mobile applications, desktops, and tablets, and must remember user preferences across
platforms.
Which AWS service should the Developer use to support this authentication scenario?
A. AWS KMS
B. Amazon Cognito
C. AWS Directory Service
D. Amazon IAM
Correct Answer: B
Cognito user pool provides sign up and sign in functionality along with identity pool which provides temp credentials for
using AWS services.


QUESTION 5
A developer is writing an AWS Lambda function. The developer wants to log key events that occur during the Lambda
function and include a unique identifier to associate the events with a specific function invocation. Which of the following
will help the developer accomplish this objective?
A. Obtain the request identifier from the Lambda context object. Architect the application to write logs to the console.
B. Obtain the request identifier from the Lambda event object. Architect the application to write logs to a file.
C. Obtain the request identifier from the Lambda event object. Architect the application to write logs to the console.
D. Obtain the request identifier from the Lambda context object. Architect the application to write logs to a file.
Correct Answer: A

More complete Pass4itsure Amazon DVA-C01 exam dumps: https://www.pass4itsure.com/aws-certified-developer-associate.html

Amazon DVA-C01 exam video

Updated Amazon MLS-C01 exam dumps (pdf) and effective practice questions

[Drive] Amazon MLS-C01 exam dumps (pdf) download

Free Amazon MLS-C01 exam dumps pdf https://drive.google.com/file/d/1i_3qI0v9zdzhQXE4IKNl-ONBALnpt-Pc/view?usp=sharing

Amazon AWS Certified Specialty MLS-C01 exam effective practice questions 1-5

QUESTION 1
A Data Scientist is developing a machine learning model to predict future patient outcomes based on information
collected about each patient and their treatment plans. The model should output a continuous value as its prediction.
The data
available includes labeled outcomes for a set of 4,000 patients. The study was conducted on a group of individuals over
the age of 65 who have a particular disease that is known to worsen with age.
Initial models have performed poorly. While reviewing the underlying data, the Data Scientist notices that, out of 4,000
patient observations, there are 450 where the patient age has been input as 0. The other features for these
observations
appear normal compared to the rest of the sample population.
How should the Data Scientist correct this issue?
A. Drop all records from the dataset where age has been set to 0.
B. Replace the age field value for records with a value of 0 with the mean or median value from the dataset.
C. Drop the age feature from the dataset and train the model using the rest of the features.
D. Use k-means clustering to handle missing features.
Correct Answer: A

QUESTION 2
For the given confusion matrix, what is the recall and precision of the model?

Easyhometraining MLS-C01 exam questions-q2

A. Recall = 0.92 Precision = 0.84
B. Recall = 0.84 Precision = 0.8
C. Recall = 0.92 Precision = 0.8
D. Recall = 0.8 Precision = 0.92
Correct Answer: A

QUESTION 3
A large mobile network operating company is building a machine learning model to predict customers who are likely to
unsubscribe from the service. The company plans to offer an incentive for these customers as the cost of churn is far
greater than the cost of the incentive.
The model produces the following confusion matrix after evaluating on a test dataset of 100 customers:

Easyhometraining MLS-C01 exam questions-q3

Based on the model evaluation results, why is this a viable model for production?
A. The model is 86% accurate and the cost incurred by the company as a result of false negatives is less than the false
positives.
B. The precision of the model is 86%, which is less than the accuracy of the model.
C. The model is 86% accurate and the cost incurred by the company as a result of false positives is less than the false
negatives.
D. The precision of the model is 86%, which is greater than the accuracy of the model.
Correct Answer: B

QUESTION 4
A city wants to monitor its air quality to address the consequences of air pollution A Machine Learning Specialist needs
to forecast the air quality in parts per million of contaminates for the next 2 days in the city As this is a prototype, only
daily data from the last year is available
Which model is MOST likely to provide the best results in Amazon SageMaker?
A. Use the Amazon SageMaker k-Nearest-Neighbors (kNN) algorithm on the single time series consisting of the full year
of data with a predictor_type of the regressor.
B. Use Amazon SageMaker Random Cut Forest (RCF) on the single time series consisting of the full year of data.
C. Use the Amazon SageMaker Linear Learner algorithm on the single time series consisting of the full year of data with
a predictor_type of the regressor.
D. Use the Amazon SageMaker Linear Learner algorithm on the single time series consisting of the full year of data with QUESTION 4
A city wants to monitor its air quality to address the consequences of air pollution A Machine Learning Specialist needs
to forecast the air quality in parts per million of contaminates for the next 2 days in the city As this is a prototype, only
daily data from the last year is available
Which model is MOST likely to provide the best results in Amazon SageMaker?
A. Use the Amazon SageMaker k-Nearest-Neighbors (kNN) algorithm on the single time series consisting of the full year
of data with a predictor_type of the regressor.
B. Use Amazon SageMaker Random Cut Forest (RCF) on the single time series consisting of the full year of data.
C. Use the Amazon SageMaker Linear Learner algorithm on the single time series consisting of the full year of data with
a predictor_type of the regressor.
D. Use the Amazon SageMaker Linear Learner algorithm on the single time series consisting of the full year of data with a predictor_type of the classifier.
Correct Answer: C
Reference: https://aws.amazon.com/blogs/machine-learning/build-a-model-to-predict-the-impact-of-weather-on-urbanair-quality-using-amazon-sagemaker/?ref=Welcome.AI

QUESTION 5
A Machine Learning Specialist is building a logistic regression model that will predict whether or not a person will order a
pizza. The Specialist is trying to build the optimal model with an ideal classification threshold. What model evaluation
the technique should the Specialist use to understand how different classification thresholds will impact the model\\’s
performance?
A. Receiver operating characteristic (ROC) curve
B. Misclassification rate
C. Root Mean Square Error (RMand)
D. L1 norm
Correct Answer: A
Reference: https://docs.aws.amazon.com/machine-learning/latest/dg/binary-model-insights.html

More complete Pass4itsure Amazon MLS-C01 exam dumps: https://www.pass4itsure.com/aws-certified-machine-learning-specialty.html

Amazon MLS-C01 exam video

Updated Amazon SAA-C02 exam dumps (pdf) and effective practice questions

[Drive] Amazon SAA-C02 exam dumps (pdf) download

Free Amazon SAA-C02 exam dumps pdf https://drive.google.com/file/d/1meWQ_ZpHLabijM52oHyCUn9AnKWZvdKl/view?usp=sharing

Amazon AWS Certified Associate SAA-C02 exam effective practice questions 1-5

QUESTION 1
Organizers for a global event want to put daily reports online as static HTML pages The pages are expected to generate
millions of views from users around the world The files are stored in an Amazon S3 bucket A solutions architect has
been asked to design an efficient and effective solution Which action should the solutions architect take to accomplish
this?
A. Generate pre-signed URLs for the files
B. Use cross-Region replication to all Regions
C. Use the geo proximity feature of Amazon Route 53
D. Use Amazon CloudFront with the S3 bucket as its origin
Correct Answer: D
Using Amazon S3 Origins, MediaPackage Channels, and Custom Origins for Web Distributions
Using Amazon S3 Buckets for Your Origin
When you use Amazon S3 as an origin for your distribution, you place any objects that you want CloudFront to deliver in
an Amazon S3 bucket. You can use any method that is supported by Amazon S3 to get your objects into Amazon S3,
for
example, the Amazon S3 console or API, or a third-party tool. You can create a hierarchy in your bucket to store the
objects, just as you would with any other Amazon S3 bucket.
Using an existing Amazon S3 bucket as your CloudFront origin server doesn\\’t change the bucket in any way; you can
still use it as you normally would store and access Amazon S3 objects at the standard Amazon S3 price. You incur
regular Amazon S3 charges for storing the objects in the bucket.
Using Amazon S3 Buckets Configured as Website Endpoints for Your Origin
You can set up an Amazon S3 bucket that is configured as a website endpoint as the custom origin with CloudFront.
When you configure your CloudFront distribution, for the origin, enter the Amazon S3 static website hosting endpoint for
your bucket. This value appears in the Amazon S3 console, on the Properties tab, in the Static website hosting pane.
For
example: http://bucket-name.s3-website-region.amazonaws.com
For more information about specifying Amazon S3 static website endpoints, see Website endpoints in the Amazon
Simple Storage Service Developer Guide.
When you specify the bucket name in this format as your origin, you can use Amazon S3 redirects and Amazon S3
custom error documents. For more information about Amazon S3 features, see the Amazon S3 documentation.
Using an Amazon S3 bucket as your CloudFront origin server doesn\\’t change it in any way. You can still use it as you
normally would and you incur regular Amazon S3 charges.
Reference:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.html

QUESTION 2
A company is managing health records on-premises. The company must keep these records indefinitely, disable any
modifications to the records once they are stored, and granularly audit access at all levels. The chief technology officer
(CTO) is concerned because there are already millions of records not being used by any application, and the current
infrastructure is running out of space. The CTO has requested a solutions architect to design a solution to move existing
data and support future records.
Which services can the solutions architect recommend to meet these requirements?
A. Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data Enable Amazon
S3 object lock and enable AWS CloudTrail with data events.
B. Use AWS Storage Gateway to move existing data to AWS Use Amazon S3 to store existing and new data. Enable
Amazon S3 object locks and enables AWS CloudTrail with management events.
C. Use AWS DataSync to move existing data to AWS Use Amazon S3 to store existing and new data Enable Amazon
S3 object locks and enables AWS CloudTrail with management events.
D. Use AWS Storage Gateway to move existing data to AWS Use Amazon Elastic Block Store (Amazon EBS) to store
existing and new data Enable Amazon S3 object lock and enable Amazon S3 server access logging
Correct Answer: A

QUESTION 3
A solutions architect is designing the storage architecture for a new web application used for storing and viewing
engineering drawings. All application components will be deployed on the AWS infrastructure. The application design
must
support caching to minimize the amount of time that users wait for the engineering drawings to load. The application
must be able to store petabytes of data.
Which combination of storage and caching should the solutions architect use?
A. Amazon S3 with Amazon CloudFront
B. Amazon S3 Glacier with Amazon ElastiCache
C. Amazon Elastic Block Store (Amazon EBS) volumes with Amazon CloudFront
D. AWS Storage Gateway with Amazon ElastiCache
Correct Answer: B

QUESTION 4
A company has 150 TB of archived image data stored on-premises that need to be mowed to the AWS Cloud within
the next month. The company\\’s current network connection allows up to 100 Mbps uploads for this purpose during the night only.
What is the MOST cost-effective mechanism to move this data and meet the migration deadline?
A. Use AWS Snowmobile to ship the data to AWS.
B. Order multiple AWS Snowball devices to ship the data to AWS.
C. Enable Amazon S3 Transfer Acceleration and securely upload the data.
D. Create an Amazon S3 VPC endpoint and establish a VPN to upload the data.
Correct Answer: B


QUESTION 5
A company is reviewing its AWS Cloud deployment to ensure its data is not accessed by anyone without appropriate
authorization. A solutions architect is tasked with identifying all open Amazon S3 buckets and recording any S3 bucket
configuration changes.
What should the solutions architect do to accomplish this?
A. Enable AWS Config service with the appropriate rules
B. Enable AWS Trusted Advisor with the appropriate checks.
C. Write a script using an AWS SDK to generate a bucket report
D. Enable Amazon S3 server access logging and configure Amazon CloudWatch Events.
Correct Answer: A

More complete Pass4itsure Amazon SAA-C02 exam dumps: https://www.pass4itsure.com/saa-c02.html

Amazon SAA-C02 exam video

Updated Amazon SCS-C01 exam dumps (pdf) and effective practice questions

[Drive] Amazon SCS-C01 exam dumps (pdf) download

Free Amazon SCS-C01 exam dumps pdf https://drive.google.com/file/d/1fWBhawP1yg036jwuwbR1bPb7UTQSV_WX/view?usp=sharing

Amazon AWS Certified Specialty SCS-C01 exam effective practice questions 1-5

QUESTION 1
Which of the following is not a best practice for carrying out a security audit? Please select:
A. Conduct an audit on a yearly basis
B. Conduct an audit if application instances have been added to your account
C. Conduct an audit if you ever suspect that an unauthorized person might have accessed your account
D. Whenever there are changes in your organization
Correct Answer: A
A year\\’s time is generally too long a gap for conducting security audits
The AWS Documentation mentions the following
You should audit your security configuration in the following situations:
On a periodic basis.
If there are changes in your organization, such as people leaving.
If you have stopped using one or more individual AWS services. This is important for removing permissions that users in
your account no longer need.
If you\\’ve added or removed software in your accounts, such as applications on Amazon EC2 instances, AWS OpsWor
stacks, AWS CloudFormation templates, etc.
If you ever suspect that an unauthorized person might have accessed your account.
Option B, C and D are all the right ways and recommended best practices when it comes to conducting audits For more
information on Security Audit guideline, please visit the below URL:
https://docs.aws.amazon.com/eeneral/latest/gr/aws-security-audit-euide.html
The correct answer is: Conduct an audit on a yearly basis Submit your Feedback/Queries to our Experts

QUESTION 2
Your company has a hybrid environment, with on-premise servers and servers hosted in the AWS cloud. They are
planning to use the Systems Manager for patching servers. Which of the following is a pre-requisite for this to work;
Please select:
A. Ensure that the on-premise servers are running on Hyper-V.
B. Ensure that an 1AM service role is created
C. Ensure that an 1AM User is created
D. Ensure that an 1AM Group is created for the on-premise servers
Correct Answer: B
You need to ensure that an 1AM service role is created for allowing the on-premise servers to communicate with the
AWS Systems Manager. Option A is incorrect since it is not necessary that servers should only be running Hyper-V
Options C and D are incorrect since it is not necessary that 1AM users and groups are created For more information on
the Systems Manager role please refer to the below URL: com/systems-rnanaeer/latest/usereuide/sysman-! The correct
answer is: Ensure that an 1AM service role is created Submit your Feedback/Queries to our Experts

QUESTION 3
A Security Administrator is configuring an Amazon S3 bucket and must meet the following security requirements:
Encryption in transit Encryption at rest Logging of all object retrievals in AWS CloudTrail
Which of the following meet these security requirements? (Choose three.)
A. Specify “aws: SecureTransport”: “true” within a condition in the S3 bucket policy.
B. Enable a security group for the S3 bucket that allows port 443, but not port 80.
C. Set up default encryption for the S3 bucket.
D. Enable Amazon CloudWatch Logs for the AWS account.
E. Enable API logging of data events for all S3 objects.
F. Enable S3 object versioning for the S3 bucket.
Correct Answer: ACD


QUESTION 4
A Development team has asked for help configuring the IAM roles and policies in a new AWS account. The team using
the account expects to have hundreds of master keys and therefore does not want to manage access control for
customer master keys (CMKs).
Which of the following will allow the team to manage AWS KMS permissions in IAM without the complexity of editing
individual key policies?
A. The account\\’s CMK key policy must allow the account\\’s IAM roles to perform KMS EnableKey.
B. Newly created CMKs must have a key policy that allows the root principal to perform all actions.
C. Newly created CMKs must allow the root principal to perform the KMS CreateGrant API operation.
D. Newly created CMKs must mirror the IAM policy of the KMS key administrator.
Correct Answer: D

QUESTION 5
During a security event, it is discovered that some Amazon EC2 instances have not been sending Amazon CloudWatch
logs.
Which steps can the Security Engineer take to troubleshoot this issue? (Select two.)
A. Connect to the EC2 instances that are not sending the appropriate logs and verify that the CloudWatch Logs agent is
running.
B. Log in to the AWS account and select CloudWatch Logs. Check for any monitored EC2 instances that are in the
“Alerting” state and restart them using the EC2 console.
C. Verify that the EC2 instances have a route to the public AWS API endpoints.
D. Connect to the EC2 instances that are not sending logs. Use the command prompt to verify that the right permissions
have been set for the Amazon SNS topic.
E. Verify that the network access control lists and security groups of the EC2 instances have the access to send logs
over SNMP.
Correct Answer: AB

More complete Pass4itsure Amazon SCS-C01 exam dumps: https://www.pass4itsure.com/aws-certified-security-specialty.html

Amazon SCS-C01 exam video

You may be interested in other Amazon exam dumps!

P.S.

Pass4itsure provides the latest Amazon exam dumps, Amazon exam pdf, Amazon exam video, Amazon exam free practice questions to help you improve your skills! Improve test scores!

1.2020 Latest Pass4itsure ANS-C00 Exam Dumps (PDF & VCE) Free Share: https://drive.google.com/file/d/1LmTq-EL7XwgqdJ6Fb9i3wqT7VBmoNl7_/view?usp=sharing

2.2020 Latest Pass4itsure CLF-C01 Exam Dumps (PDF & VCE) Free Share: https://drive.google.com/file/d/1SzrQo59Eyu4bdUDXNZaKQEM1eHq9UFQo/view?usp=sharing

3.2020 Latest Pass4itsure DAS-C01 Exam Dumps (PDF & VCE) Free Share: https://drive.google.com/file/d/1W74vC9fIOz324qmxpGm-c5ZnPEoq1_B0/view?usp=sharing

4.2020 Latest Pass4itsure DVA-C01 Exam Dumps (PDF & VCE) Free Share: https://drive.google.com/file/d/1Kgf7HGKt58TXDY4asjRZUKmVEH5RpuBZ/view?usp=sharing

5.2020 Latest Pass4itsure MLS-C01 Exam Dumps (PDF & VCE) Free Share: https://drive.google.com/file/d/1i_3qI0v9zdzhQXE4IKNl-ONBALnpt-Pc/view?usp=sharing

6.2020 Latest Pass4itsure SAA-C02 Exam Dumps (PDF & VCE) Free Share: https://drive.google.com/file/d/1meWQ_ZpHLabijM52oHyCUn9AnKWZvdKl/view?usp=sharing

7.2020 Latest Pass4itsure SCS-C01 Exam Dumps (PDF & VCE) Free Share: https://drive.google.com/file/d/1fWBhawP1yg036jwuwbR1bPb7UTQSV_WX/view?usp=sharing

Latest Pass4itsure Full Amazon Series Exam Dumps Free Share: https://www.actual4tests.com/?s=Amazon

Free resources from https://www.pass4itsure.com/amazon.html helping you 100% pass all Amazon exams!