A development team is designing a mobile app that requires multi-factor authentication.
Which steps should be taken to achieve this? (Choose two.)

A. Use Amazon Cognito to create a user pool and create users in the user pool.
B. Send multi-factor authentication text codes to users with the Amazon SNS Publish API call in the app code.
C. Enable multi-factor authentication for the Amazon Cognito user pool.
D. Use AWS IAM to create IAM users.
E. Enable multi-factor authentication for the users created in AWS IAM.

A company's social media application stores image files in an Amazon S3 bucket. All the images are stored in S3 Standard storage. Users access images frequently during the first week after images are uploaded. Users rarely access images that were uploaded more than 1 week ago.
The company needs a solution to reduce the application's storage cost. Users must be able to access all images in the same amount of time, regardless of when the images were uploaded.
Which solution will meet these requirements with the LEAST amount of effort?

A. Modify the application to use S3 Intelligent-Tiering for all the images.
B. Modify the application to use S3 One Zone-Infrequent Access (S3 One Zone-IA) for all the images.
C. Use an S3 Lifecycle policy to move images that were uploaded more than 1 week ago to S3 Glacier Deep Archive.
D. Use an S3 Lifecycle policy to move images that were uploaded more than 1 week ago to S3 Glacier Flexible Retrieval.

A developer is building an application integrating an Amazon API Gateway with an AWS Lambda function.
When calling the API. the developer receives the following error:
Wed Nov 08 01:13:00 UTC 2017 : Method completed with status: 502
What should the developer do to resolve the error?

A. Change the HTTP endpoint of the API to an HTTPS endpoint.
B. Change the format of the payload sent to the API Gateway.
C. Change the format of the Lambda function response to the API call.
D. Change the authorization header in the API call to access the Lambda function.

A company is using AWS CloudFormation templates to deploy AWS resources. The company needs to update one of its AWS CloudFormation stacks.
What can the company do to find out how the changes will impact the resources that are running?

A. Investigate the change sets.
B. Investigate the stack policies.
C. Investigate the Metadata section.
D. Investigate the Resources section.

A developer is working on an AWS Lambda function that accesses Amazon DynamoDB. The Lambda function must retrieve an item and update some of its attributes, or create the item if it does not exist. The Lambda function has access to the primary key.
Which IAM permissions should the developer request for the Lambda function to achieve this functionality?

A.

B.

C.

D.

A developer is deploying an application on Amazon EC2 instances that run in Account A. The application needs to read data from an existing Amazon Kinesis data stream in Account B.
Which actions should the developer take to provide the application with access to the stream? (Choose two.)

A. Update the instance profile role in Account A with stream read permissions.
B. Create an IAM role with stream read permissions in Account B.
C. Add a trust policy to the instance profile role and IAM role in Account B to allow the instance profile role to assume the IAM role.
D. Add a trust policy to the instance profile role and IAM role in Account B to allow reads from the stream.
E. Add a resource-based policy in Account B to allow read access from the instance profile role.

A developer is building a new complex application on AWS. The application consists of multiple microservices hosted on Amazon EC2. The developer wants to determine which microservice adds the most latency while handling a request.
Which method should the developer use to make this determination?

A. Instrument each microservice request using the AWS X-Ray SDK. Examine the annotations associated with the requests.
B. Instrument each microservice request using the AWS X-Ray SDK. Examine the subsegments associated with the requests.
C. Instrument each microservice request using the AWS X-Ray SDK. Examine the Amazon CloudWatch EC2 instance metrics associated with the requests.
D. Instrument each microservice request using the Amazon CloudWatch SDK. Examine the CloudWatch EC2 instance metrics associated with the requests.

A developer is deploying an application in the AWS Cloud by using AWS CloudFormation. The application will connect to an existing Amazon RDS database. The hostname of the RDS database is stored in AWS Systems Manager Parameter Store as a plaintext value. The developer needs to incorporate the database hostname into the CloudFormation template to initialize the application when the stack is created.
How should the developer reference the parameter that contains the database hostname?

A. Use the ssm dynamic reference.
B. Use the Ref intrinsic function.
C. Use the Fn::ImportValue intrinsic function.
D. Use the ssm-secure dynamic reference.

A company has an Amazon S3 bucket that contains sensitive data. The data must be encrypted in transit and at rest. The company encrypts the data in the S3 bucket by using an AWS Key Management Service (AWS KMS) key. A developer needs to grant several other AWS accounts the permission to use the S3 GetObject operation to retrieve the data from the S3 bucket.
How can the developer enforce that all requests to retrieve the data provide encryption in transit?

A. Define a resource-based policy on the S3 bucket to deny access when a request meets the condition "aws:SecureTransport": "false".
B. Define a resource-based policy on the S3 bucket to allow access when a request meets the condition "aws:SecureTransport": "false".
C. Define a role-based policy on the other accounts' roles to deny access when a request meets the condition of "aws:SecureTransport": "false".
D. Define a resource-based policy on the KMS key to deny access when a request meets the condition of "aws:SecureTransport": "false".

A developer is creating a Ruby application and needs to automate the deployment, scaling, and management of an environment without requiring knowledge of the underlying infrastructure.
Which service would best accomplish this task?

A. AWS CodeDeploy
B. AWS CloudFormation
C. AWS OpsWorks
D. AWS Elastic Beanstalk