What should be done to ensure that the incoming traffic to the host instances is from the ALB only? A. Create network ACL rules for the private subnet to allow incoming traffic on ports 32768 through 61000 from the IP address of the ALB only. B. Update the ECS cluster security group to allow incoming access from the IP address of the ALB only. C. Modify the security group used by the ECS cluster to allow incoming traffic from the security group used by the ALB only. D. Enable AWS WAF on the ALB and enable the ECS rule. QUESTION 266 A company wants to improve latency by hosting images within a public Amazon S3 bucket fronted by an Amazon CloudFront distribution. The company wants to restrict access to the S3 bucket to include the CloudFront distribution only, while also allowing CloudFront to continue proper functionality. What should be done after making the bucket private to restrict access with the LEAST operational overhead? A. Create a CloudFront origin access identity and create a security group that allows access from CloudFront. B. Create a CloudFront origin access identity and update the bucket policy to grant access to it. C. Create a bucket policy restricting all access to the bucket to include CloudFront IPs only. D. Enable the CloudFront option to restrict viewer access and update the bucket policy to allow the distribution. QUESTION 267 A Solutions Architect is designing a new architecture that will use an Amazon EC2 Auto Scaling group. Which of the following factors determine the health check grace period? (Select TWO.) A. How frequently the Auto Scaling group scales up or down. B. How many Amazon CloudWatch alarms are configured for status checks. C. How much of the application code is embedded in the AMI. D. How long it takes for the Auto Scaling group to detect a failure. E. How long the bootstrap script takes to run. QUESTION 268 A company plans to deploy a new application in AWS that reads and writes information to a database. The company wants to deploy the application in two different AWS Regions in an active-active configuration. The databases need to replicate to keep information in sync.
What should be used to meet these requirements? A. Amazon Athena with Amazon S3 cross-region replication B. AWS Database Migration Service with change data capture C. Amazon DynamoDB with global tables D. Amazon RDS for PostgreSQL with a cross-region Read Replica QUESTION 269 A company is developing a data lake solution in Amazon S3 to analyze large-scale datasets. The solution makes infrequent SQL queries only. In addition, the company wants to minimize infrastructure costs. Which AWS service should be used to meet these requirements? A. Amazon Athena B. Amazon Redshift Spectrum C. Amazon RDS for PostgreSQL D. Amazon Aurora QUESTION 270 A company needs to store data for 5 years. The company will need to have immediate and highly available access to the data at any point in time, but will not require frequent access.
You've reached the end of your free preview.
Want to read all 83 pages?
- Fall '19
- Amazon Web Services, Amazon Elastic Compute Cloud, Solutions Architect