A company wants to implement threat detection on its AWS infrastructure. However, the company does not want to deploy additional software.
Which AWS service should the company use to meet these requirements?
Amazon VPC
Amazon EC2
Amazon GuardDuty
AWS Direct Connect
Answer is Amazon GuardDuty
1. Continuously monitor your AWS accounts, instances, container workloads, users, and storage for potential threats.
2. Expose threats quickly using anomaly detection, machine learning, behavioral modeling, and threat intelligence feeds from AWS and leading third-parties.
3. Mitigate threats early by initiating automated responses.
In which situations should a company create an IAM user instead of an IAM role? (Choose two.)
When an application that runs on Amazon EC2 instances requires access to other AWS services
When the company creates AWS access credentials for individuals
When the company creates an application that runs on a mobile phone that makes requests to AWS
When the company needs to add users to IAM groups
When users are authenticated in the corporate network and want to be able to use AWS without having to sign in a second time
Answers are;
B. When the company creates AWS access credentials for individuals
D. When the company needs to add users to IAM groups
An AWS Identity and Access Management (IAM) user is an entity that you create in AWS to represent the person or application that uses it to interact with AWS. A user in AWS consists of a name and credentials.
A company is designing its AWS workloads so that components can be updated regularly and so that changes can be made in small, reversible increments.
Which pillar of the AWS Well-Architected Framework does this design support?
Security
Performance efficiency
Operational excellence
Reliability
Answer is
The operational excellence pillar focuses on running and monitoring systems, and continually improving processes and procedures. Key topics include automating changes, responding to events, and defining standards to manage daily operations.
Which AWS service helps protect against DDoS attacks?
AWS Shield
Amazon Inspector
Amazon GuardDuty
Amazon Detective
Answer is AWS Shield
Question 127
Using AWS Config to record, audit, and evaluate changes to AWS resources to enable traceability is an example of which AWS Well-Architected Framework pillar?
Security
Operational excellence
Performance efficiency
Cost optimization
Answer is Security
Enable traceability: Monitor, alert, and audit actions and changes to your environment in real time. Integrate log and metric collection with systems to automatically
investigate and take action.
Which AWS service can be used to decouple applications?
AWS Config
Amazon Simple Queue Service (Amazon SQS)
AWS Batch
Amazon Simple Email Service (Amazon SES)
Answer is Amazon Simple Queue Service (Amazon SQS)
Amazon Simple Queue Service (Amazon SQS) is a fully managed message queuing service that makes it easy to decouple and scale microservices, distributed systems, and serverless applications. Amazon SQS moves data between distributed application components and helps you decouple these components.