1. A Developer is leveraging a Border Gateway Protocol (BGP)-based AWS VPN connection to connect from on-premises to Amazon EC2 instances in the Developer's account. The Developer is able to access an EC2 instance in subnet A, but is unable to access an EC2 instance in subnet B in the same VPC. Which logs can the Developer use to verify whether the traffic is reaching subnet B?

A) BGP logs
B) VPC Flow Logs
C) AWS CloudTrail logs
D) VPN logs



2. A company is using AWS CodePipeline to deliver one of its applications. The delivery pipeline is triggered by changes to the master branch of an AWS CodeCommit repository and uses AWS CodeBuild to implement the test and build stages of the process and AWS CodeDeploy to deploy the application. The pipeline has been operating successfully for several months and there have been no modifications. Following a recent change to the application's source code, AWS CodeDeploy has not deployed the updates application as expected. What are the possible causes? (Choose two.)(Select 2answers)

A) AWS CodePipeline does not have permissions to access AWS CodeCommit.
B) One of the Amazon EC2 instances in the company - s AWS CodePipeline cluster is inactive.
C) The change was not made in the master branch of the AWS CodeCommit repository.
D) The AWS CodePipeline is incorrectly configured and is not executing AWS CodeDeploy.
E) One of the earlier stages in the pipeline failed and the pipeline has terminated.


3. A Developer has created a software package to be deployed on multiple EC2 instances using IAM roles. What actions could be performed to verify IAM access to get records from Amazon Kinesis Streams? (Select TWO.)

A) Validate the IAM role policy with the IAM policy simulator.
B) Query Amazon EC2 metadata for in-line IAM policies.
C) Perform a get action using the
D) Request a token from AWS STS, and perform a describe action.
E) Use the AWS CLI to retrieve the IAM group.


4. A Developer is writing transactions into a DynamoDB table called 'SystemUpdates that has 5 write capacity units. Which option has the highest read throughput?

A) Eventually consistent reads of 5 read capacity units reading items that are 4 KB in size
B) Eventually consistent reads of 15 read capacity units reading items that are 1 KB in size
C) Strongly consistent reads of 15 read capacity units reading items that are 1 KB in size
D) Strongly consistent reads of 5 read capacity units reading items that are 4 KB in size



5. A deployment package uses the AWS CLI to copy files into any S3 bucket in the account, using access keys stored in environment variables. The package is running on EC2 instances, and the instances have been modified to run with an assumed IAM role and a more restrictive policy that allows access to only one bucket. After the change, the Developer logs into the host and still has the ability to write into all of the S3 buckets in that account. What is the MOST likely cause of this situation?

A) The AWS CLI is corrupt and needs to be reinstalled
B) An IAM managed policy is being used on the IAM role
C) The AWS credential provider looks for instance profile credentials last
D) An IAM inline policy is being used on the IAM role