A developer is building various microservices for an application that will run on Amazon EC2 instances. The developer needs to monitor the end-to-end view of the requests between the microservices and debug any issues in the various microservices.
What should the developer do to accomplish these tasks?

A. Use Amazon CloudWatch to aggregate the microservices' logs and metrics, and build the monitoring dashboard.
B. Use AWS CloudTrail to aggregate the microservices' logs and metrics, and build the monitoring dashboard.
C. Use the AWS X-Ray SDK to add instrumentation in all the microservices, and monitor using the X-Ray service map.
D. Use AWS Health to monitor the health of all the microservices.

A developer has written the following IAM policy to provide access to an Amazon S3 bucket:

Which access does the policy allow regarding the s3:GetObject and s3:PutObject actions?

A. Access on all buckets except the "DOC-EXAMPLE-BUCKET" bucket
B. Access on all buckets that start with "DOC-EXAMPLE-BUCKET" except the "DOC-EXAMPLE-BUCKET/ secrets" bucket
C. Access on all objects in the "DOC-EXAMPLE-BUCKET" bucket along with access to all S3 actions for objects in the "DOC-EXAMPLE-BUCKET" bucket that start with "secrets"
D. Access on all objects in the "DOC-EXAMPLE-BUCKET" bucket except on objects that start with "secrets"

A developer is building a web application that processes and tracks votes. A voting device submits the votes to an Amazon S3 bucket named DOC-EXAMPLE-BUCKET. The application needs to record the votes to an Amazon DynamoDB table named Example. The developer writes an AWS Lambda function to process the objects. The developer writes the following policy for the execution role of the Lambda function:

The developer ran a successful test on the Lambda function. However, the developer could not find a record of the invocation in the logs.
What should the developer do to record invocations of this function in the logs?

A. Modify the Lambda function resource configuration in the AWS Management Console to log Lambda function invocations to Amazon CloudWatch Logs.
B. Modify the Lambda code to produce event log output. Send the event log output to stdout. Redirect the stdout to Amazon CloudWatch Logs.
C. Modify the Lambda execution role to have permissions to a create log groups, log streams, and log events in Amazon CloudWatch Logs.
D. Modify the Lambda invocation permissions to allow DynamoDB and Amazon S3 to log Lambda actions to Amazon CloudWatch Logs.

A company is preparing to migrate an application to the company's first AWS environment. Before this migration, a developer is creating a proof-of-concept application to validate a model for building and deploying container-based applications on AWS.
Which combination of steps should the developer take to deploy the containerized proof-of-concept application with the LEAST operational effort? (Choose two.)

A. Package the application into a .zip file by using a command line tool. Upload the package to Amazon S3.
B. Package the application into a container image by using the Docker CLI. Upload the image to Amazon Elastic Container Registry (Amazon ECR).
C. Deploy the application to an Amazon EC2 instance by using AWS CodeDeploy.
D. Deploy the application to Amazon Elastic Kubernetes Service (Amazon EKS) on AWS Fargate.
E. Deploy the application to Amazon Elastic Container Service (Amazon ECS) on AWS Fargate.

An application on AWS is using third-party APIs. A developer needs to monitor API errors in the code. The developer needs to receive notifications if failures reach a set threshold value.
How can the developer meet these requirements?

A. Publish a custom metric to Amazon CloudWatch. Create a metric alarm. Use Amazon Simple Email Service (Amazon SES) for notification.
B. Use an Amazon CloudWatch API error metric. Use Amazon Simple Notification Service (Amazon SNS) for notification.
C. Use an Amazon CloudWatch API error metric. Use Amazon Simple Email Service (Amazon SES) for notification.
D. Publish a custom metric to Amazon CloudWatch. Create a metric alarm. Use Amazon Simple Notification Service (Amazon SNS) for notification.

A company uses the AWS SDK for JavaScript in the Browser to build a web application and then hosts the application on Amazon S3. The company wants the application to support 10,000 users concurrently. The company selects Amazon DynamoDB to store user preferences in a table. There is a requirement to uniquely identify users at any scale.
Which solution will meet these requirements?

A. Create a user cookie. Attach an IAM role to the S3 bucket that hosts the application.
B. Deploy an Amazon CloudFront distribution with an origin access identity (OAI) to access the S3 bucket.
C. Configure and use Amazon Cognito. Access DynamoDB with the authenticated users.
D. Create an IAM user for each user. Use fine-grained access control on the DynamoDB table to control access.

An application stores financial statements in an Amazon S3 bucket. A recent security audit found that the bucket does not comply with company standards. Currently, several IAM policies allow encrypted calls and unencrypted calls to the bucket. The company needs to create a bucket policy that forces all requests to the bucket to use encrypted connections.
Which solution will meet this requirement?

A. Add a bucket policy with a condition of "aws:SecureTransport": "true" and an effect of "Allow."
B. Add a bucket policy with a resource of "am:aws:s3:::https/bucketname" and an effect of "Allow."
C. Add a bucket policy with a condition of "aws:SecureTransport": "false" and an effect of "Deny."
D. Add a bucket policy with a resource of "arn:aws:s3:::http/bucketname" and an effect of "Deny."

A developer deploys an ecommerce application on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group. The EC2 instances are based on an Amazon Machine Image (AMI) that uses an Amazon Elastic Block Store (Amazon EBS) root volume. After deployment, the developer notices that a third of the instances seem to be idle. These instances are not receiving requests from the load balancer. The developer verifies that all the instances are registered with the load balancer. The developer must implement a solution to allow the EC2 instances to receive requests from the load balancer.
Which action will meet this requirement?

A. Reregister the failed instances with the ALB.
B. Enable all Availability Zones for the ALB.
C. Use the instance refresh feature to redeploy the EC2 Auto Scaling group.
D. Restart the EC2 instances that are not receiving traffic.

A company is developing a microservice that will manage customer account data in an Amazon DynamoDB table. Insert, update, and delete requests will be rare. Read traffic will be heavy. The company must have the ability to access customer data quickly by using a customer ID. The microservice can tolerate stale data.
Which solution will meet these requirements with the FEWEST possible read capacity units (RCUs)?

A. Read the table by using eventually consistent reads.
B. Read the table by using strongly consistent reads.
C. Read the table by using transactional reads.
D. Read the table by using strongly consistent PartiQL queries.

A developer is managing an application that uploads user files to an Amazon S3 bucket named companybucket. The company wants to maintain copies of all the files uploaded by users for compliance purposes, while ensuring users still have access to the data through the application.
Which IAM permissions should be applied to users to ensure they can create but not remove files from the bucket?

A.

B.

C.

D.