Welcome to the 5 Minute AWS Test1. Question:A company currently stores symmetric encryption keys in a hardware security module (HSM). A solution architect must design a solution to migrate key management to AWS. The solution should allow for key rotation and support the use of customer provided keys.Where should the key material be stored to meet these requirements?Select 1 option(s):Amazon S3AWS Secrets ManagerAWS Systems Manager Parameter storeAWS Key Management Service (AWS KMS)2. Question:A company wants to build a scalable key management infrastructure to support developers who need to encrypt data in their applications. What should a solutions architect do to reduce the operational burden?Select 1 option(s):Use multi-factor authentication (MFA) to protect the encryption keysUse AWS Key Management Service (AWS KMS) to protect the encryption keysUse AWS Certificate Manager (ACM) to create, store and assign the encryption keysUse an 1AM policy to limit the scope of users who have access permissions to protect the encryption keys3. Question:A company hosts its core network services, including directory services and DNS. in its on-premises data center. The data center is connected to the AWS Cloud using AWS Direct Connect (DX) Additional AWS accounts are planned that will require quick, cost-effective, and consistent access to these network servicesWhat should a solutions architect implement to meet these requirements with the LEAST amount of operational overhead?Select 1 option(s):Create a DX connection in each new account Route the network traffic to the on-premises serversConfigure VPC endpoints in the DX VPC for all required services Route the network traffic to the on-premises servers.Create a VPN connection between each new account and the DX VPp, Route the network traffic to the on-premises serversConfigure AWS Transit Gateway between the accounts Assign DX to the transit gateway and route network traffic to the on-premises servers4. Question:A solutions architect is designing an application for a two-step order process The first step is synchronous and must return to the user with little latency The second step takes longer, so it will be implemented in a separate component Orders must be processed exactly once and in the order in which they are receivedHow should the solutions architect integrate these components?Select 1 option(s):Use an Amazon SQS FIFO queuesUse an AWS Lambda function along with Amazon SQS standard queuesCreate an SNS topic and subscribe an Amazon SQS FIFO queue to that topicCreate an SNS topic and subscribe an Amazon SQS Standard queue to that topic.5. Question:A company has established a new AWS account. The account is newly provisioned and no changed have been made to the default settings. The company is concerned about the security of the AWS account root user.What should be done to secure the root user?Select 1 option(s):Create IAM users for daily administrative tasks Disable the root user.Create IAM users for daily administrative tasks Enable multi-factor authentication on the root user.Generate an access key for the root user. Use the access key for daily administration tasks instead of the AWS Management Console.Provide the root user credentials to the most senior solution architect. Have the solution architect use the root user for daily administration tasks.6. Question:What should a solutions architect do to ensure that all objects uploaded to an Amazon S3 bucket are encrypted?Select 1 option(s):Update the bucket policy to deny if the PutObject does not have an s3 x-amz-acl header setUpdate the bucket policy to deny if the PutObject does not have an s3 x-amz-acl header set to privateUpdate the bucket policy to deny if the PutObject does not have an aws SecureTransport header set to trueUpdate the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header setTime is Up!
