A solutions architect is designing a two-tier web application The application consists of a public-facing web tier hosted on Amazon EC2 in public subnets The database tier consists of Microsoft SQL Server running on Amazon EC2 in a private subnet Security is a high priority for the company
How should security groups be configured in this situation? (Select TWO )
A. Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0.
B. Configure the security group for the web tier to allow outbound traffic on port 443 from 0.0.0.0/0.
C. Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier.
D. Configure the security group for the database tier to allow outbound traffic on ports 443 and 1433 to the security group for the web tier.
E. Configure the security group for the database tier to allow inbound traffic on ports 443 and 1433 from the security group for the web tier.
A company stores data in PDF format in an Amazon S3 bucket The company must follow a legal requirement to retain all new and existing data in Amazon S3 for 7 years.
Which solution will meet these requirements with the LEAST operational overhead?
A. Turn on the S3 Versionmg feature for the S3 bucket Configure S3 Lifecycle to delete the data after 7 years. Configure multi-factor authentication (MFA) delete for all S3 objects.
B. Turn on S3 Object Lock with governance retention mode for the S3 bucket Set the retention period to expire after 7 years. Recopy all existing objects to bring the existing data into compliance
C. Turn on S3 Object Lock with compliance retention mode for the S3 bucket. Set the retention period to expire after 7 years. Recopy all existing objects to bring the existing data into compliance
D. Turn on S3 Object Lock with compliance retention mode for the S3 bucket. Set the retention period to expire after 7 years. Use S3 Batch Operations to bring the existing data into compliance
La opción A el problema es que cualquier usuario aunque sea con MFA tiene permisos para eliminar el bucket por lo que no es lo mas seguro. La opciónes con Object lock son las correctas ya que el object lock solo deja eliminar si eres usuario root. Luego como pone LEAST operational overhead realmente la opción correcta podría ser la D aunque sale la C ya que en la opción C tiene que recopiar todos los objetos para cumplir las políticas y con Batch Operations tu podrías procesar miles o millones de objetos con una sola solicitud para aplicar configuraciones. Se crea una lista de objetos que quieres modificar, configuras una tarea, y lo ejecutas.
Según lo de Alejandro sería la opción C porque dice que Batch operations no deja usar el compliance mode pero según este artículo si deja (https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops-compliance-mode.html) el compliance mode es para aplicar lo del tiempo de expiración y los permisos.
A company has 150 TB of archived image data stored on-premises that needs to be moved to the AWS Cloud within the next month. The company's current network connection allows up to 100 Mbps uploads for this purpose during the night only.
What is the MOST cost-effective mechanism to move this data and meet the migration deadline?