You have created a solution that requires Internet facing web services that you host on an EC2 instance. The users are complaining that they cannot access your service with a connection time out issue. You have confirmed the EC2 instance can access and ping to Internet hostnames and addresses. Which EC2 component should you check first? Security Groups User Data Subnet Route Tables Internet Gateway What are the required components of an IAM policy? effect, api, resource action, principal, resource source, destination, resource effect, action, resource Examine the policy below. A firewall administrator needs to only be able to modify ingress and egress rules of SecurityGroups within a VPC. From a security context, classify the policy based on the answer selections. { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1624564156721", "Action": "ec2:*", "Effect": "Allow", "Resource": }, { ] H*" "Sid": "Stmt1624564217778", "Action":[ } "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2: DescribeSecurity Group References", "ec2: DescribeSecurity Groups", "ec2: DescribeVpcs" ], "Effect": "Allow", "Resource": "* Not enough permissions Not the correct permissions The correct permissions Overly Permissive Examine the reference architecture below. What are the disadvantages from an availability and scalability perspective that you see? VPC Cluster Private Subnet Availability Zone Single AZ, Using Public Subnet Single AZ, No ELB Single AZ, Using S3 instead of EBS Instance Public Subnet Using Private Subnet, NAT instance NAT Instance Internet Gateway S3 What AWS service or credential types should I use if I wish to have on premise corporate users connect to AWS services from Active Directory? AWS IAM User AWS Cognito AWS SSO AWS Access and Secret Key You have a requirement to have Internet connectivity for an EC2 instance. You do not need the Internet to access services on the instance; only for updating patching and downloading software. The update repositories you download packages from are hosted only on IPv6 addresses. Which pattern is required to meet the needs above? Egress Only Gateway in the Private Subnet NAT Gateway in the Public Subnet Egress Only Gateway in the Public Subnet NAT Gateway in the Private Subnet For VPC-A, VPC-B, VPC-C, VPC-D VPC-A has a peering connection with VPC-B VPC-B has a peering connection with VPC-C VPC-C has a peering connection with VPC-D Does VPC-A have network connectivity with VPC-D? Yes, but you have to change the routing table Yes, but you have to create a transitive gateway No, you will to create another peering connection No, because peering connections are not network connectivity