[2020.4] Amazon Certification Tips and Latest Exam Practice Questions and Answers

Get the latest Amazon exam certification exercise questions and tips
exam, AWS-DEVOPS-ENGINEER-PROFESSIONAL exam, AWS-SYSOPS exam)(First: Amazon exam questions and answer,
Second: Lead4Pass Amazon expert.) Get some of the latest Amazon exam questions for free. Or choose:
https://www.lead4pass.com/amazon.html High pass rate! Cost-effective!

Table of Contents:


AWS Certified Alexa Skill Builder – Specialty: https://aws.amazon.com/cn/certification/certified-alexa-skill-builder-specialty/

[2020.4] Amazon AWS-CERTIFIED-ALEXA-SKILL-BUILDER-SPECIALTY exam practice questions(1-5)

An Alexa Skill Builder published a skill and now wants to update it.
Which of the following changes will make it necessary to have the skill re-certified? (Choose two.)
A. Adding a new intent in the interaction model
B. Changing the text of a skill response
C. Adding a sentence to the skill description
D. Changing the URL of the image on a skill card
E. Updating the backend to point to a new database
Correct Answer: DE


An Alexa Skill Builder is developing a custom skill and needs to verify that the correct slot values are being passed into
the AWS Lambda function. According to best practices, what is the MOST efficient way to capture this information?
A. Add a logging statement to write the event request to Amazon CloudWatch Logs.
B. Add an API call to write the environment variables to an Amazon S3 bucket when the function is invoked.
C. Add an API call to read the event information from AWS Cloud Trail logs and add a PutObject API call to write to an
Amazon S3 bucket.
D. Add a statement to parse the JSON request and save to the local disk for the Lambda function
Correct Answer: D
Reference: https://developer.amazon.com/en-US/docs/alexa/custom-skills/validate-slot-values.html


What are the prerequisites for implementing account linking for Amazon Alexa smart home skills?
A. OAuth 2.0 with either implicit grant flow or authorization code grant flow
B. OAuth 2.0 with authorization code grant flow
C. OpenID Connect with JSON.Web Token (JWT)
D. OAuth 1.0/2.0 with implicit grant flow
Correct Answer: B
Reference: https://developer.amazon.com/en-US/docs/alexa/account-linking/account-linking-for-sh-and-other.html#prerequisites


An Alexa Skill Builder is creating a skill that will identify an actor who spoke a famous piece of movie dialog, given just
the dialog text and an optional movie name. The Builder created the FindActorIntent as shown below, but Amazon Alexa
returns an error when it builds the model.pursue4pass AWS-CERTIFIED-ALEXA-SKILL-BUILDER-SPECIALTY exam questions q4

Why is Alexa failing to build the model?
A. Intents can have one built-in slot type only
B. All sample utterances within an intent should have both slots
C. SearchQuery is combined with another intent slot in an utterance.
D. “Dialog” is a reserved keyword in the Alexa Interaction Model schema.
Correct Answer: C
Reference: https://forums.developer.amazon.com/questions/112932/got-error-code-invalidintentsamplephraseslot.html

An Alexa Skill Builder implemented the built-in intent AMAZON.HelpIntent. In some cases, users are asking for help
using phrases that are specific to a skill\\’s terminology. Amazon Alexa does not understand these phrases are help
requests, and they are not being routed to AMAZON.HelpIntent.
According to best practices, how can this situation be corrected?
A. Create custom intents using the help utterances that are specific to the skill, and remove AMAZON.HelpIntent.
B. Use AMAZON.FallbackIntent to capture spoken phrases that do not match AMAZON.HelpIntent, then determine if
the user needs help.
C. Define custom slots for AMAZON.HelpIntent to capture the additional details in the users\\’ help requests
D. Extend the standard built-in AMAZON.HelpIntent using additional samples in the skill\\’s interaction model
Correct Answer: D

[PDF q1 – q13] Free Amazon AWS-CERTIFIED-ALEXA-SKILL-BUILDER-SPECIALTY pdf dumps download from Google Drive: https://drive.google.com/open?id=1DMQ5fyeUub2y033xpzVJz4JZWr73dUsQ

Full Amazon AWS-CERTIFIED-ALEXA-SKILL-BUILDER-SPECIALTY exam practice questions: https://www.lead4pass.com/aws-certified-alexa-skill-builder-specialty.html (Total Questions: 65 Q&A)


AWS Certified Cloud Practitioner:https://aws.amazon.com/certification/certified-cloud-practitioner/?nc1=h_ls

[2020.4] Amazon AWS-CERTIFIED-CLOUD-PRACTITIONER exam practice questions (1-5)

Which of the following are benefits of hosting infrastructure in the AWS Cloud? (Choose two.)
A. There are no upfront commitments.
B. AWS manages all security in the cloud.
C. Users have the ability to provision resources on demand.
D. Users have access to free and unlimited storage.
E. Users have control over the physical infrastructure.
Correct Answer: BC


What is the AWS customer responsible for according to the AWS shared responsibility model?
A. Physical access controls
B. Data encryption
C. Secure disposal of storage devices
D. Environmental risk management
Correct Answer: B


What approach to transcoding a large number of individual video files adheres to AWS architecture principles?
A. Using many instances in parallel
B. Using a single large instance during off-peak hours
C. Using dedicated hardware
D. Using a large GPU instance type
Correct Answer: A
Reference: https://aws.amazon.com/solutions/case-studies/encoding/


Which of the following allows users to provision a dedicated network connection from their internal network to AWS?
B. AWS Direct Connect
D. Amazon Connect
Correct Answer: B
AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS
Direct Connect locations. Using industry standard 802.1q VLANs, this dedicated connection can be partitioned into
multiple virtual interfaces. This allows you to use the same connection to access public resources such as objects
stored in Amazon S3 using public IP address space, and private resources such as Amazon EC2 instances running
within an Amazon Virtual Private Cloud (VPC) using private IP space while maintaining network separation between the
public and private environments. Virtual interfaces can be reconfigured at any time to meet your changing needs.
Reference: https://aws.amazon.com/directconnect/


Which of the following are valid ways for a customer to interact with AWS services? (Choose two.)
A. Command-line interface
B. On-premises
C. Software Development Kits
D. Software-as-a-service
E. Hybrid
Correct Answer: AC

[PDF q1 – q13] Free Amazon AWS-CERTIFIED-CLOUD-PRACTITIONER pdf dumps download from Google Drive: https://drive.google.com/open?id=1a7ze2ZHR46JY9AG5bw-SKKf48LkiNjPT

Full Amazon AWS-CERTIFIED-CLOUD-PRACTITIONER exam practice questions: https://www.lead4pass.com/aws-certified-cloud-practitioner.html (Total Questions: 351 Q&A)


AWS Certified Developer – Associate Certification:https://aws.amazon.com/certification/certified-developer-associate/

[2020.4] Amazon AWS-CERTIFIED-DEVELOPER-ASSOCIATE exam practice questions (1-5)

A company has three different environments: Development, QA, and Production. The company wants to deploy its code
first in the Development environment, then QA, and then Production. Which AWS service can be used to meet this
A. Use AWS CodeCommit to create multiple repositories to deploy the application.
B. Use AWS CodeBuild to create, configure, and deploy multiple build application projects.
C. Use the AWS Data Pipeline to create multiple data pipeline provisions to deploy the application.
D. Use AWS CodeDeploy to create multiple deployment groups.
Correct Answer: C


An application running on Amazon EC2 instances must access objects within an Amazon S3 bucket that are encrypted
using server-side encryption using AWS KMS encryption keys (SSE-KMS). The application must have access to the
customer master key (CMK) to decrypt the objects.
Which combination of steps will grant the application access? (Select TWO.)
A. Write an S3 bucket policy that grants the bucket access to the key.
B. Grant access to the key in the IAM EC2 role attached to the application\\’s EC2 instances.
C. Write a key policy that enables IAM policies to grant access to the key.
D. Grant access to the key in the S3 bucket\\’s ACL
E. Create a Systems Manager parameter that exposes the KMS key to the EC2 instances.
Correct Answer: AE


A company is using Amazon RDS MySQL instances for its application database tier and Apache Tomcat servers for its
web tier. Most of the database queries from web applications are repeated read requests. Use of which AWS service
would increase in performance by adding in-memory store for repeated read queries?
A. Amazon RDS Multi-AZ
B. Amazon SQS
C. Amazon ElastiCache
D. Amazon RDS read replica
Correct Answer: A

A Developer must build an application that uses Amazon DynamoDB. The requirements state that items being stored in
the DynamoDB table will be 7KB in size and that reads must be strongly consistent. The maximum read rate is 3 items
per second, and the maximum write rate is 10 items per second.
How should the Developer size the DynamoDB table to meet these requirements?
A. Read: 3 read capacity units Write: 70 write capacity units
B. Read: 6 read capacity units Write: 70 write capacity units
C. Read: 6 read capacity units Write: 10 write capacity units
D. Read: 3 read capacity units Write: 10 write capacity units
Correct Answer: B


An AWS Elastic Beanstalk application needs to be deployed in multiple regions and requires a different Amazon
Machine Image (AMI) in each region. Which AWS CloudFormation template key can be used to specify the correct AMI
for each region?
A. Parameters
B. Outputs
C. Mappings
D. Resources
Correct Answer: C
Reference: https://docs.aws.amazon.com/marketplace/latest/userguide/cloudformation.html

[PDF q1 – q13] Free Amazon AWS-CERTIFIED-DEVELOPER-ASSOCIATE pdf dumps download from Google Drive: https://drive.google.com/open?id=1D3KdNZQkn_cFeu9SaB1oD9wCMDlKeAwD

Full Amazon AWS-CERTIFIED-DEVELOPER-ASSOCIATE exam practice questions: https://www.lead4pass.com/aws-certified-developer-associate.html (Total Questions: 224 Q&A)


AWS Certified Security – Specialty:https://aws.amazon.com/certification/certified-security-specialty/

[2020.4] Amazon AWS-CERTIFIED-SECURITY-SPECIALTY exam practice questions (1-5)

An auditor needs access to logs that record all API events on AWS. The auditor only needs read-only access to the log
files and does not need access to each AWS account. The company has multiple AWS accounts, and the auditor needs
access to all the logs for all the accounts. What is the best way to configure access for the auditor to view event logs
from all accounts? Choose the correct answer from the options below
Please select:
A. Configure the CloudTrail service in each AWS account, and have the logs delivered to an AWS bucket on each
account, while granting the auditor permissions to the bucket via roles in the secondary accounts and a single primary
1AM account that can assume a read-only role in the secondary AWS accounts.
B. Configure the CloudTrail service in the primary AWS account and configure consolidated billing for all the secondary
accounts. Then grant the auditor access to the S3 bucket that receives the CloudTrail log files.
C. Configure the CloudTrail service in each AWS account and enable consolidated logging inside of CloudTrail.
D. Configure the CloudTrail service in each AWS account and have the logs delivered to a single AWS bucket in the
primary account and erant the auditor access to that single bucket in the orimarv account.
Correct Answer: D
Given the current requirements, assume the method of “least privilege” security design and only allow the auditor
access to the minimum amount of AWS resources as possibli AWS CloudTrail is a service that enables governance,
compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously
monitor, and retain events related to API calls across your AWS
infrastructure. CloudTrail provides a history of AWS API calls for your account including API calls made through the
AWS Management Console, AWS SDKs, command line tools, and other AWS services. This history simplifies security
analysis, resource change tracking, and troubleshooting only be granted access in one location Option Option A is
incorrect since the auditor should B is incorrect since consolidated billing is not a key requirement as part of the
question Option C is incorrect since there is not consolidated logging For more information on Cloudtrail please refer to
the below URL: https://aws.amazon.com/cloudtraiL ( The correct answer is: Configure the CloudTrail service in each
AWS account and have the logs delivered to a single AWS bud in the primary account and grant the auditor access to
that single bucket in the primary account. Submit your Feedback/Queries to our Experts


Your company has defined a number of EC2 Instances over a period of 6 months. They want to know if any of the
security groups allow unrestricted access to a resource. What is the best option to accomplish this requirement? Please
A. Use AWS Inspector to inspect all the security Groups
B. Use the AWS Trusted Advisor to see which security groups have compromised access.
C. Use AWS Config to see which security groups have compromised access.
D. Use the AWS CLI to query the security groups and then filter for the rules which have unrestricted accessd
Correct Answer: B

Which option for the use of the AWS Key Management Service (KMS) supports key management best practices that
focus on minimizing the potential scope of data exposed by a possible future key compromise?
A. Use KMS automatic key rotation to replace the master key, and use this new master key for future encryption
operations without re-encrypting previously encrypted data.
B. Generate a new Customer Master Key (CMK), re-encrypt all existing data with the new CMK, and use it for all future
encryption operations.
C. Change the CMK alias every 90 days, and update key-calling applications with the new key alias.
D. Change the CMK permissions to ensure that individuals who can provision keys are not the same individuals who
can use the keys.
Correct Answer: A


There is a set of Ec2 Instances in a private subnet. The application hosted on these EC2 Instances need to access a
DynamoDB table. It needs to be ensured that traffic does not flow out to the internet. How can this be achieved? Please
A. Use a VPC endpoint to the DynamoDB table
B. Use a VPN connection from the VPC
C. Use a VPC gateway from the VPC
D. Use a VPC Peering connection to the DynamoDB table
Correct Answer: A


Your company has a requirement to monitor all root user activity by notification. How can this best be achieved? Choose
2 answers from the options given below. Each answer forms part of the solution Please select:
A. Create a Cloudwatch Events Rule s
B. Create a Cloudwatch Logs Rule
C. Use a Lambda function
D. Use Cloudtrail API call
Correct Answer: AC
Option B is invalid because you need to create a Cloudwatch Events Rule and there is such thing as a Cloudwatch Logs
Rule Option D is invalid because Cloud Trail API calls can be recorded but cannot be used to send across notifications
For more information on this blog article, please visit the following URL: https://aws.amazon.com/blogs/mt/monitor-andnotify-on-aws-account-root-user-activityy The correct answers are: Create a Cloudwatch Events Rule, Use a Lambda function Submit your Feedback/Queries to our Experts

[PDF q1 – q13] Free Amazon AWS-CERTIFIED-SECURITY-SPECIALTY pdf dumps download from Google Drive: https://drive.google.com/open?id=14eP2lYE7_qCUoK_dYJ_gojLfWJrvEgGI

Full Amazon AWS-CERTIFIED-SECURITY-SPECIALTY exam practice questions: https://www.lead4pass.com/aws-certified-security-specialty.html (Total Questions: 332 Q&A)


AWS Certified DevOps Engineer – Professional:https://aws.amazon.com/certification/certified-devops-engineer-professional/

[2020.4] Amazon AWS-DEVOPS-ENGINEER-PROFESSIONAL exam practice questions (1-5)

A company is adopting AWS CodeDeploy to automate its application deployments for a Java-Apache Tomcat
application with an Apache webserver. The Development team started with a proof of concept, created a deployment
group for a developer environment, and performed functional tests within the application. After completion, the team will
create additional deployment groups for staging and production The current log level is configured within the Apache
settings, but the team wants to change this configuration dynamically when the deployment occurs so that they can set
different log level configurations depending on the deployment group without having a different application revision for
each group. How can these requirements be met with the LEAST management overhead and without requiring different
script versions for each deployment group?
A. Tag the Amazon EC2 instances depending on the deployment group. Then place a script into the application revision
that calls the metadata service and the EC2 API to identify which deployment group the instance is part of. Use this
information to configure the log level settings. Reference the script as part of the Afterinstall lifecycle hook in the
app spec YAML file.
B. Create a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_NAME to identify which
deployment group the instances is part of. Use this information to configure the log level settings. Reference this script
as part of the Beforelnstall lifecycle hook in the appspec.yml file
C. Create a CodeDeploy custom environment variable for each environment. Then place a script into the application
revision that checks this environment variable to identify which deployment group the instance is part of. Use this
information to configure the log level settings. Reference this script as part of the ValidateService lifecycle hook in the
app spec YAML file.
D. Create a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_ID to identify which
deployment group the instance is part of to configure the log level settings. Reference this script as part of the Install
lifecycle hook in the app spec YAML file.
Correct Answer: C


A company has developed a static website hosted on an Amazon S3 bucket. The website is deployed using AWS
CloudFormation. The CloudFormation template defines an S3 bucket and a custom resource that copies content into
the bucket from a source location.
The company has decided that it needs to move the website to a new location, so the existing CloudFormation stack
must be deleted and re-created. However, CloudFormation reports that the stack could not be deleted cleanly. What is
MOST likely cause and how can the DevOps Engineer mitigate this problem for this and future versions of the website?
A. Deletion has failed because the S3 bucket has an active website configuration. Modify the CloudFormation template
to remove the Website Configuration properly from the S3 bucket resource.
B. Deletion has failed because the S3 bucket is not empty. Modify the custom resource\\’s AWS Lambda function code
to recursively empty the bucket when RequestType is Delete.
C. Deletion has failed because the custom resource does not define a deletion policy. Add a DeletionPolicy property to
the custom resource definition with a value of RemoveOnDeletion.
D. Deletion has failed because the S3 bucket is not empty. Modify the S3 bucket resource in the CloudFormation
template to add a DeletionPolicy property with a value of Empty.
Correct Answer: D


A company is beginning to move to the AWS Cloud. Internal customers are classified into two groups according to their
AWS skills: beginners and experts. The DevOps Engineer needs to build a solution to allow beginners to deploy a
restricted set of AWS architecture blueprints expresses as AWS CloudFormation templates. The deployment should only be
possible on predetermined Virtual Private Clouds (VPCs). However, expert users should be able to deploy blueprints
without constraints. Experts should also be able to access other AWS services, as needed.
How can the Engineer implement a solution to meet these requirements with the LEAST amount of overhead?
A. Apply constraints to the parameters in the templates, limiting the VPCs available for deployments. Store the
templates on Amazon S3. Create an IAM group for beginners and give them access to the templates and
CloudFormation. Create a separate group for experts, giving them access to the templates, CloudFormation, and other
AWS services.
B. Store the templates on Amazon S3. Use the AWS Service Catalog to create a portfolio of products based on those
templates. Apply template constraints to the products with rules limiting VPCs available for deployments. Create an IAM
group for beginners giving them access to the portfolio. Create a separate group for experts giving them access to the
templates, CloudFormation, and other AWS services.
C. Store the templates on Amazon S3. Use the AWS Service Catalog to create a portfolio of products based on those
templates. Create an IAM role restricting VPCs available for the creation of AWS resources. Apply a launch constraint to the
products using this role. Create an IAM group for beginners giving them access to the portfolio. Create a separate group
for experts giving them access to the portfolio and other AWS services.
D. Create two templates for each architecture blueprint where only one of them limits the VPC available for
deployments. Store the templates in Amazon DynamoDB. Create an IAM group for beginners giving them access to the
constrained templates and CloudFormation. Create a separate group for experts giving them access to the
unconstrained templates, CloudFormation, and other AWS services.
Correct Answer: B


You are building a mobile app for consumers to post cat pictures online. You will be storing the images in AWS S3. You
want to run the system very cheaply and simply. Which one of these options allows you to build a photo-sharing
application without needing to worry about scaling expensive uploads processes, authentication/authorization and so
A. Build the application out using AWS Cognito and web identity federation to allow users to log in using Facebook or
Google Accounts. Once they are logged in, the secret token passed to that user is used to directly access resources on
AWS, like AWS S3.
B. Use JWT or SAML compliant systems to build authorization policies. Users log in with a username and password
and are given a token they can use indefinitely to make calls against the photo infrastructure.
C. Use AWS API Gateway with a constantly rotating API Key to allow access from the client-side. Construct a custom
build of the SDK and include S3 access in it.
D. Create an AWS oAuth Service Domain ad grant public signup and access to the domain. During setup, add at least
one major social media site as a trusted Identity Provider for users.
Correct Answer: A
The short answer is that Amazon Cognito is a superset of the functionality provided by web identity federation. It
supports the same providers, and you configure your app and authenticate it with those providers in the same way. But
Cognito includes a variety of additional features. For example, it enables your users to start using the app as a guest
user and later sign in using one of the supported identity providers.


Your team wants to begin practicing continuous delivery using CloudFormation, to enable automated builds and deploys
of the whole, versioned stacks or stack layers. You have a 3-tier, mission-critical system. Which of the following is NOT a
best practice for using CloudFormation in a continuous delivery environment?
A. Use the AWS CloudFormation ValidateTemplate call before publishing changes to AWS.
B. Model your stack in one template, so you can leverage CloudFormation\\’s state management and dependency
resolution to propagate all changes.
C. Use CloudFormation to create brand new infrastructure for all stateless resources on each push, and run integration
tests on that set of infrastructure.
D. Parametrize the template and use Mappings to ensure your template works in multiple Regions.
Correct Answer: B
Putting all resources in one stack is a bad idea since different tiers have different life cycles and frequencies of change.
For additional guidance about organizing your stacks, you can use two common frameworks: a multi-layered
and service-oriented architecture (SOA).

[PDF q1 – q13] Free Amazon AWS-DEVOPS-ENGINEER-PROFESSIONAL pdf dumps download from Google Drive: https://drive.google.com/open?id=1lTXPV0t0g56Rs61RQbzsWFXtEz9RMXfb

Full Amazon AWS-DEVOPS-ENGINEER-PROFESSIONAL exam practice questions: https://www.lead4pass.com/aws-devops-engineer-professional.html (Total Questions: 266 Q&A)

Latest Amazon AWS-SYSOPS exam List

AWS Certified Sysops Administrator – Associate Certification:https://aws.amazon.com/certification/certified-sysops-admin-associate/

[2020.4] Amazon AWS-SYSOPS exam practice questions (1-5)

What does Amazon SWF stand for?
A. Simple Waveflow Service
B. Simple WebFactor Service
C. Simple Workflow Service
D. Simple WebForm Service
Correct Answer: C
Amazon Simple Workflow Service (SWF) provides the glue needed by your application to coordinate several tasks.
These tasks are tackled by several instances coordinating aspects like the dependencies between them. Reference:


An organization has added 3 of his AWS accounts to consolidated billing. One of the AWS accounts has purchased a
Reserved Instance (RI. of a small instance size in the US-East-1a zone. All other AWS accounts are running instances
of small size in the same zone. What will happen in this case for the RI pricing?
A. Only the account that has purchased the RI will get the advantage of RI pricing
B. One instance of small size and running in the US-East-1a zone of each AWS account will get the benefit of RI
C. Any single instance from all the three accounts can get the benefit of AWS RI pricing if they are running in the same
zone and are of the same size
D. If there are more than one instances of a small size running across multiple accounts in the same zone no one will
get the benefit of RI
Correct Answer: C
AWS consolidated billing enables the organization to consolidate payments for multiple Amazon Web Services (AWS.
accounts within a single organization by making a single paying account. For billing purposes, consolidated billing treats
all the accounts on the consolidated bill as one account. This means that all accounts on a consolidated bill can receive
the hourly cost-benefit of the Amazon EC2 Reserved Instances purchased by any other account. In this case only one
Reserved Instance has been purchased by one account. Thus, only a single instance from any of the accounts will get
the advantage of RI. AWS will implement the blended rate for each instance if more than one instance is running


A company has centralized all its logs into one Amazon CloudWatch Logs log group. The SysOps Administrator is to
alert different teams of any issues relevant to them. What is the MOST efficient approach to accomplish this?
A. Write an AWS lambda function that will query the logs every minute and contain the logic of which team to notify on
which patterns and issues.
B. Set up different metric filters for each team based on patterns and alerts. Each alarm will notify the appropriate
notification list.
C. Redesign the aggregation of logs so that each team\\’s relevant parts are sent to a separate log group, then
subscribe each team to its respective log group.
D. Create an AWS Auto Scaling group of Amazon EC2 instances that will scale based on the amount of ingested log
entries. This group will pull streams, look for patterns, and send notifications to relevant teams.
Correct Answer: C


A root account owner has created an S3 bucket testmycloud. The account owner wants to allow everyone to upload the
objects as well as enforce that the person who uploaded the object should manage the permission of those objects.
Which is the easiest way to achieve this?
A. The root account owner should create a bucket policy which allows the IAM users to upload the object
B. The root account owner should create the bucket policy which allows the other account owners to set the object
the policy of that bucket
C. The root account should use ACL with the bucket to allow everyone to upload the object
D. The root account should create the IAM users and provide them the permission to upload content to the bucket
Correct Answer: C
Each AWS S3 bucket and object have an ACL (Access Control List. associated with it. An ACL is a list of grants
identifying the grantee and the permission granted. The user can use ACLs to grant basic read/write permissions to
other AWS accounts. ACLs use an Amazon S3?pecific XML schema. The user cannot grant permissions to other users
in his account. ACLs are suitable for specific scenarios. For example, if a bucket owner allows other AWS accounts to
upload objects, permissions to these objects can only be managed using the object ACL by the AWS account that owns
the object.


A user needs to put sensitive data in an Amazon S3 bucket that can be accessed through an S3 VPC endpoint only.
The user must ensure that resources in the VPC can only access the single S3 bucket.
Which combination of actions will meet the requirements? (select TWO.)
A. Configure the bucket policy to only allow access through the S3 Private Endpoint.
B. Modify the VPC endpoint policy on the bucket to only allow the VPC to access it.
C. Modify the VPC peering configuration to only allow access to the S3 private Endpoint.
D. Configure the VPC endpoint policy to only allow the VPC to access the specific S3 bucket.
E. Configure the IAM policy attached to the S3 bucket to only allow access from the specific VPC.
Correct Answer: BD
Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies-vpc-endpoint.html

[PDF q1 – q13] Free Amazon AWS-SYSOPS pdf dumps download from Google Drive: https://drive.google.com/open?id=1HEGFV0FZqEozSe92zmnKrbmrSlEgzpCE

Full Amazon AWS-SYSOPS exam practice questions: https://www.lead4pass.com/aws-sysops.html (Total Questions: 828 Q&A)

Lead4Pass Amazon Discount Code

lead4pass coupon code:lead4pass2020

About Lead4pass Brand Advantage

Lead4pass employs the most authoritative exam specialists from Amazon, Cisco, EMC, CompTIA, etc. We update exam data throughout the year. Highest pass rate! We have a large user base. We are an industry leader!
Choose Lead4Pass to pass the exam with ease!

about lead4pass


It’s not easy to pass the Amazon exam, but with accurate learning materials and proper practice, you can crack the exam with excellent results. https://www.lead4pass.com/amazon.html provides you with the most relevant learning materials that you can use to help you prepare.