A. Use AWS Application Migration Service (CloudEnsure Migration) to migrate the Windows servers to AW

B. Create a Replication Settings templat

C. Install the AWS Replication Agent on the source servers

D. Use AWS DataSync to migrate the Windows servers to AW

E. Install the DataSync agent on the source server

F. Configure a blueprint for the target server

G. Begin the replication process.

H. Use AWS Server Migration Service (AWS SMS) to migrate the Windows servers to AW

I. Install the SMS Connector on the source server

J. Replicate the source servers to AW

K. Convert the replicated volumes to AMIs to launch EC2 instances.

L. Use AWS Migration Hub to migrate the Windows servers to AW

M. Create a project in Migration Hub.Track the progress of server migration by using the built-in dashboard.

A. Create an AW5 Transit Gatewa

B. Attach the shared VPC and the authorized business unit VPCs to the transit gatewa

C. Create a single transit gateway route table and associate it with all of the attached VPC

D. Allow automatic propagation of routes from the attachments into the route tabl

E. Configure VPC routing tables to send traffic to the transit gateway.

F. Create a VPC endpoint service using the centralized application NLB and enable (he option to require endpoint acceptanc

G. Create a VPC endpoint in each of the business unit VPCs using the service name of the endpoint servic

H. Accept authorized endpoint requests from the endpoint service console.

I. Create a VPC peering connection from each business unit VPC to Ihe shared VP

J. Accept the VPC peering connections from the shared VPC consol

K. Configure VPC routing tables to send traffic to the VPC peering connection.

L. Configure a virtual private gateway for the shared VPC and create customer gateways for each of theauthorized business unit VPC

M. Establish a Sile-to-Site VPN connection from the business unit VPCs to the shared VP

N. Configure VPC routing tables to send traffic to the VPN connection.

A. Upload the AWS CloudFormation template to Amazon S3. Give users in the QA department permission to assume the manager's role and add a policy that restricts the permissions to the template and the resources it creates Train users to launch the template from the CloudFormation console

B. Create an AWS Service Catalog product from the environment template Add a launch constraint to the product with the existing role Give users in the QA department permission to use AWS Service Catalog APIs only_ Train users to launch the template from the AWS Service Catalog console.

C. Upload the AWS CloudFormation template to Amazon S3 Give users in the QA department permission to use CloudFormation and S3 APIs, with conditions that restrict the permissions to the template and the resources it creates Train users to launch the template from the CloudFormation console.

D. Create an AWS Elastic Beanstalk application from the environment template Give users in the QA department permission to use Elastic Beanstalk permissions only Train users to launch Elastic Beanstalk environments with the Elastic Beanstalk CLI, passing the existing role to the environment as a service role

A. Store the data in a single Amazon S3 bucket Create an IAM role for every combination of job type and business unit that allows for appropriate read/write access based on object prefixes in the S3 bucket The roles should have trust policies that allow the business unit's AWS accounts to assume their roles UseIAM in each business unit's AWS account to prevent them from assuming roles for a different job type Users get credentials to access the data by using AssumeRole from their business unit's AWS account Users can then use those credentials with an S3 client

B. Store the data in a single Amazon S3 bucket Write a bucket policy that uses conditions to grant read and write access where appropriate based on each user's business unit and job typ

C. Determine the business unit with the AWS account accessing the bucket and the job type with a prefix in the IAM user's name Users can access data by using IAM credentials from their business unit's AWS account with an S3 client

D. Store the data in a series of Amazon S3 buckets Create an application running m Amazon EC2 that is integrated with the company's identity provider (IdP) thatauthenticates users and allows them to download or upload data through the application The application uses the business unit and job type information in the IdP to control what users can upload and download through the application The users can access the data through the application's API

E. Store the data in a series of Amazon S3 buckets Create an AWS STS token vending machine that is integrated with the company's identity provider (IdP) When a user logs in: have the token vending machine attach an IAM policy that assumes the role that limits the user's access and/or upload only the data the user is authorized to access Users can get credentials by authenticating to the token vending machine's website or API and then use those credentials with an S3 client

F. D

A. Create a DynamoDB global table to replicate data between us-east-1 and eu-west-1. Enable continuous backup on the DynamoDB table in us-east-1. Enable versioning on the S3 bucket

B. Create an AWS Lambda function triggered by Amazon CloudWatch Events to make regular backups of the DynamoDB table Set up S3 cross-region replication from us-east-1 to eu-west-1 Set up MFA delete on the S3 bucket in us-east-1.

C. Create a DynamoDB global table to replicate data between us-east-1 and eu-west-1. Enable versioning on the S3 bucket Implement strict ACLs on the S3 bucket

D. Create a DynamoDB global table to replicate data between us-east-1 and eu-west-1. Enable continuous backup on the DynamoDB table in us-east-1. Set up S3 cross-region replication from us-east-1 toeu-west-1.