1. Which of the following will you need to consider so you can set up a solution that incorporates single sign-on from your corporate AD or LDAP directory and restricts access for each user to a designated user folder in a bucket? Choose 3 Answers from the options below(Select 2answers)

A) Setting up a matching lAM user for every user in your corporate directory that needs access to a folder in the bucket
B) Tagging each folder in the bucket
C) Configuring lAM role
D) Using AWS(Amazon Web Service) Security Token Service to generate temporary tokens
E) Setting up a federation proxy or Identity provider


2. Explain what the following resource in a Cloud Formation template does? - Show all Choose the best possible answer. 'SNSTopic' : { Show all I 'Type' : 'AWS::SNS::Topic', Finish 'Properties' : { 'Subscription': Protocol' : 'sqs', 'Endpoint' : { 'Fn::GetAtt': ['SQSQueue', 'Am']) / I Please select:

A) Creates an SNS topic that allow SQS subscription endpoints
B) Creates an SNS topic which allows SQS subscription endpoints to be added as a parameter on the template
C) Creates an SNS topic and adds a subscription ARN endpoint for the SQS resource created under the logical name SQS Queue
D) Creates an SNS topic and then invokes the call to create an SQS queue with a logical resource name of SQS Queue



3. Your company has an e-commerce platform which is expanding all over the globe, you have EC2 instances deployed in multiple regions you want to monitor performance of all of these EC2 instances. How will you setup Cloud Watch to monitor EC2 instances In multiple regions?

A) Create separate dash boards in every region.
B) This Is not possible
C) Register instances running on different regions to Cloud Watch
D) Have one single dashboard to report metrics to Cloud Watch from different region



4. Which of the following are Lifecycle events available in Qps work? Choose 3 answers from the options below?(Select 2answers)

A) Shutdown
B) Setup
C) Deploy
D) Decommission N



5. Your company owns multiple AWS(Amazon Web Service) accounts. There is currently one development and one production account. You need to grant access to the development team to an 53 bucket in the production account. How can you achieve this?

A) Create an LAM cross account role in the Production account that allows users from the Development account to access the S3 bucket in the Production account.
B) Create an lAM user in the Production account that allows users from the Development account (the trusted account) to access the 53 bucket in the Production account.
C) Use web identity federation with a third-party identity provider with AWS(Amazon Web Service) STS to grant temporary credentials and membership into the production lAM user.
D) When creating the role, define the Development account as a trusted entity and specify a permissions poli that allows trusted users to update the 53 bucket.