1. You have a 2 tier application hosted in AWS. It consists of a web server and database server (SQL Server) hosted on separate EC2 Instances. You are devising the security groups for these EC2 Instances. The Web tier needs to be accessed by users across the Internet. You have created a web security group(wg-1 23) and database security group(db.345). Which combination of the following security group rules will allow the application to be secure and functional. Choose 2 answers from the options given below. Please select:(Select 2answers)

A) db-345 - Allow ports 1433 from 0.0.0.0/0
B) db-345 - Allow port 1433 from wg-1 23 1
C) wg-1 23 - Allow ports 80 and 443 from 0.0.0.0/0
D) wg-1 23 - Allow port 1433 from wg-1 23



2. Your company has a set of resources defined in the AWS(Amazon Web Service) Cloud. Their IT audit department has requested to get a list of resource have been defined across the account. How can this be achieved in the easiest manner?

A) Use AWS(Amazon Web Service) Configure to get the list of all resources
B) Create a power shell script using the AWS(Amazon Web Service) CLI. Query for all resources with the tag of production.
C) Use Cloud Trail to get the list of all resources
D) Create a bash shell script with the AWS(Amazon Web Service) CLI. Query for all resources in all regions. Store the results in an 53 bucket.



3. Your application currently uses customer keys which are generated via AWS(Amazon Web Service) KMS in the US east region. You now want to use the same set of keys from the EU-Central region. How can this be accomplished?

A) Use key rotation and rotate the existing keys to the EU-Central region
B) This is not possible since keys from KMS are region specific
C) Export the key from the US east region and import them into the EU-Central region
D) Use the backing key from the US east region and use it in the EU-Central region



4. An auditor needs access to logs that record all API events on AWS. The auditor only needs read-only access to the log files and does not need access to each AWS(Amazon Web Service) account. The company has multiple AWS(Amazon Web Service) accounts, and the auditor needs access to all the logs for all the accounts. What Is the best way to configure access for the auditor to view event logs from all accounts? Choose the correct answer from the options below

A) Configure the CloudTrail service in each AWS(Amazon Web Service) account and have the logs delivered to a single AWS(Amazon Web Service) bucket in the primary account and grant the auditor access to that single bucket in the primary account.
B) Configure the Cloud Trail service In each AWS(Amazon Web Service) account. and have the logs delivered to an AWS(Amazon Web Service) bucket on each account, while granting the auditor permissions to the bucket via roles In the secondary accounts and a single primary lAM account that can assume a read-only role in the secondary AWS(Amazon Web Service) accounts.
C) Configure the Cloud Trail service in the primary AWS(Amazon Web Service) account and configure consolidated billing for all the secondary accounts. Then grant the auditor access to the 53 bucket that receives the Cloud Trail log files.
D) Configure the Cloud Trail service In each AWS(Amazon Web Service) account and enable consolidated logging inside of CloudTrail.



5. Your company has a hybrid environment, with on-premise servers and servers hosted in the AWS(Amazon Web Service) cloud. They are planning to use the Systems Manager for patching servers. Which of the following is a pre-requisite for this to work?

A) Ensure that the on-premise servers are running on Hyper-V.
B) Ensure that an lAM service role Is created
C) Ensure that an lAM User is created
D) Ensure that an lAM Group is created for the on-premise servers