A business has implemented an API in a Virtual Private Cloud (VPC) behind an internet-facing Application Load Balancer (ALB). In a second account, an application that uses the API as a client is installed in private subnets behind a NAT gateway. When the number of requests to the client application increases, the NAT gateway expenses exceed expectations. The ALB has been set to be internal by a solutions architect.
Which architectural improvements will result in the lowest NAT gateway costs? (Select two.) Configure a VPC peering connection between the two VPCs. Access the API using the private address. Configure an AWS Direct Connect connection between the two VPCs. Access the API using the private address. Configure a ClassicLink connection for the API into the client VPC. Access the API using the ClassicLink address. Configure a PrivateLink connection for the API into the client VPC. Access the API using the PrivateLink address. Configure an AWS Resource Access Manager connection between the two accounts. Access the API using the private address.
Recently, a corporation built Linux-based application instances on Amazon EC2 in a private subnet and a Linux-based bastion host on an Amazon EC2 instance in a VPC's public subnet. A solutions architect must establish connections from the on-premises network to the bastion host and application servers through the company's internet connection. The solutions architect must ensure that all EC2 instances' security groups permit this access.
Which measures should the solutions architect do in combination to satisfy these requirements? (Select two.) Replace the current security group of the bastion host with one that only allows inbound access from the application instances. Replace the current security group of the bastion host with one that only allows inbound access from the internal IP range for the company. Replace the current security group of the bastion host with one that only allows inbound access from the external IP range for the company. Replace the current security group of the application instances with one that allows inbound SSH access from only the private IP address of the bastion host. Replace the current security group of the application instances with one that allows inbound SSH access from only the public IP address of the bastion host.
A company's security policy mandates that all AWS API activity in its AWS accounts be tracked and audited on a regular basis. The firm must activate AWS CloudTrail on all existing and future AWS accounts that use AWS Organizations.
Which of the following solutions is the MOST SECURE? At the organizationג€™s root, define and attach a service control policy (SCP) that permits enabling CloudTrail only. Create IAM groups in the organizationג€™s management account as needed. Define and attach an IAM policy to the groups that prevents users from disabling CloudTrail. Organize accounts into organizational units (OUs). At the organizationג€™s root, define and attach a service control policy (SCP) that prevents users from disabling CloudTrail. Add all existing accounts under the organizationג€™s root. Define and attach a service control policy (SCP) to every account that prevents users from disabling CloudTrail.
A solutions architect is tasked with the responsibility of building a shared storage solution for a web application that is distributed across various Availability Zones. The web application is hosted on Amazon EC2 instances that are automatically scaled. The firm intends to update the information on a regular basis. The solution must be very consistent in providing the updated material as soon as it is modified.
Which solutions satisfy these criteria? (Select two.) Use AWS Storage Gateway Volume Gateway Internet Small Computer Systems Interface (iSCSI) block storage that is mounted to the individual EC2 instances. Create an Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system on the individual EC2 instances. Create a shared Amazon Elastic Block Store (Amazon EBS) volume. Mount the EBS volume on the individual EC2 instances. Use AWS DataSync to perform continuous synchronization of data between EC2 hosts in the Auto Scaling group. Create an Amazon S3 bucket to store the web content. Set the metadata for the Cache-Control header to no-cache. Use Amazon CloudFront to deliver the content.
On AWS, a business want to develop an online marketplace application as a collection of loosely linked microservices. When a client places a new order, two microservices should process the event concurrently in this application. A confirmation email will be sent via the Email microservice, and the OrderProcessing microservice will initiate the order delivery procedure. When a client cancels an order, the OrderCancellation and Email microservices should process the cancellation concurrently.
A solutions architect want to build the communications between microservices using Amazon Simple Queue Service (Amazon SQS) and Amazon Simple Notification Service (Amazon SNS).
What approach should the solutions architect use while designing the solution? Create a single SQS queue and publish order events to it. The Email OrderProcessing and OrderCancellation microservices can then consume messages of the queue. Create three SNS topics for each microservice. Publish order events to the three topics. Subscribe each of the Email OrderProcessing and OrderCancellation microservices to its own topic. Create an SNS topic and publish order events to it. Create three SQS queues for the Email OrderProcessing and OrderCancellation microservices. Subscribe all SQS queues to the SNS topic with message filtering. Create two SQS queues and publish order events to both queues simultaneously. One queue is for the Email and OrderProcessing microservices. The second queue is for the Email and OrderCancellation microservices.
A business is developing a website that will read from and write to an Amazon DynamoDB database. The website's traffic is predictable in that it peaks during business hours on weekdays and falls overnight and on weekends. A solutions architect must create a solution that is both cost efficient and capable of handling the demand.
What actions should the solutions architect take to ensure that these criteria are met? Enable DynamoDB Accelerator (DAX) to cache the data. Enable Multi-AZ replication for the DynamoDB database. Enable DynamoDB auto scaling when creating the tables. Enable DynamoDB On-Demand capacity allocation when creating the tables.
A business maintains a static website through its on-premises data center. Although the firm has many servers that manage all of its traffic, services are sometimes disrupted and the website goes inaccessible on busy days. The corporation wants to have a worldwide footprint and intends to treble its online traffic.
What recommendations should a solutions architect make to satisfy these requirements? Migrate the website content to Amazon S3 and host the website on Amazon CloudFront. Migrate the website content to Amazon EC2 instances with public Elastic IP addresses in multiple AWS Regions. Migrate the website content to Amazon EC2 instances and vertically scale as the load increases. Use Amazon Route 53 to distribute the loads across multiple Amazon CloudFront distributions for each AWS Region that exists globally.
The website of a business is hosted on Amazon EC2 instances behind an Application Load Balancer (ALB). There is a combination of dynamic and static information on the website. Users from all around the world are complaining about the website's slowness.
Which set of activities will result in an increase in website performance for global users? Create an Amazon CloudFront distribution and configure the ALB as an origin. Then update the Amazon Route 53 record to point to the CloudFront distribution. Create a latency-based Amazon Route 53 record for the ALB. Then launch new EC2 instances with larger instance sizes and register the instances with the ALB. Launch new EC2 instances hosting the same web application in different Regions closer to the users. Then register instances with the same ALB using cross- Region VPC peering. Host the website in an Amazon S3 bucket in the Regions closest to the users and delete the ALB and EC2 instances. Then update an Amazon Route 53 record to point to the S3 buckets.
A business has a web application that receives occasional use. Each month, there is a spike in use at the beginning, a minor spike at the start of each week, and an unexpected spike throughout the week. The program is made up of a web server and a MySQL database server that are both located inside the data center. The firm want to migrate the application to the AWS Cloud and needs to choose an affordable database platform that does not need database adjustments.
Which solution will satisfy these criteria? Amazon DynamoDB Amazon RDS for MySQL MySQL-compatible Amazon Aurora Serverless MySQL deployed on Amazon EC2 in an Auto Scaling group.
A business is developing an application that will allow customers to upload tiny files to Amazon S3. After a user uploads a file, it undergoes one-time basic processing to change the data and store it in JSON format for further analysis.
Each file must be handled immediately upon upload. Demand will fluctuate. On some days, people will upload an unusually large amount of files. On other days, people will upload a small number of files or none at all.
Which method satisfies these criteria with the LEAST amount of operational overhead? Configure Amazon EMR to read text files from Amazon S3. Run processing scripts to transform the data. Store the resulting JSON file in an Amazon Aurora DB cluster. Configure Amazon S3 to send an event notification to an Amazon Simple Queue Service (Amazon SQS) queue. Use Amazon EC2 instances to read from the queue and process the data. Store the resulting JSON file in Amazon DynamoDB. Configure Amazon S3 to send an event notification to an Amazon Simple Queue Service (Amazon SQS) queue. Use an AWS Lambda function to read from the queue and process the data. Store the resulting JSON file in Amazon DynamoDB. Configure Amazon EventBridge (Amazon CloudWatch Events) to send an event to Amazon Kinesis Data Streams when a new file is uploaded. Use an AWS Lambda function to consume the event from the stream and process the data. Store the resulting JSON file in Amazon Aurora DB cluster.
A business has built a microservices application. It processes user queries using a client-facing API integrated with Amazon API Gateway and several internal services deployed on Amazon EC2 instances. Although the API is built to handle unforeseen traffic spikes, internal services may become overloaded and unavailable for a brief period during surges. A solutions architect must provide a more dependable solution that minimizes mistakes when internal services become unavailable or unresponsive.
Which solution satisfies these criteria? Use AWS Auto Scaling to scale up internal services when there is a surge in traffic. Use different Availability Zones to host internal services. Send a notification to a system administrator when an internal service becomes unresponsive. Use an Elastic Load Balancer to distribute the traffic between internal services. Configure Amazon CloudWatch metrics to monitor traffic to internal services. Use Amazon Simple Queue Service (Amazon SQS) to store user requests as they arrive. Change the internal services to retrieve the requests from the queue for processing.
A business wishes to transfer an on-premises high performance computing (HPC) application and data to the AWS Cloud. On-premises storage is tiered, with hot high-performance parallel storage supporting the program during periodic runs and more cost-effective cold storage storing data while the application is not actively operating.
Which solution combination should a solutions architect propose to meet the application's storage requirements? (Select two.) Amazon S3 for cold data storage Amazon Elastic File System (Amazon EFS) for cold data storage Amazon S3 for high-performance parallel storage Amazon FSx for Lustre for high-performance parallel storage Amazon FSx for Windows for high-performance parallel storage.
A business hosts apps on Amazon EC2 instances equipped with IPv6 addresses. Through the internet, the apps must begin communications with other external applications. However, according to the company's security policy, no external service is permitted to start a connection to the EC2 instances.
What should a solutions architect suggest as a remedy to this problem? Create a NAT gateway and make it the destination of the subnetג€™s route table. Create an internet gateway and make it the destination of the subnetג€™s route table. Create a virtual private gateway and make it the destination of the subnetג€™s route table. Create an egress-only internet gateway and make it the destination of the subnetג€™s route table.
A solutions architect is tasked with the responsibility of developing a mission-critical online application. It will be comprised of Amazon EC2 instances connected to a relational database through an Application Load Balancer. The database should have a high degree of availability and should be fault tolerant.
Which database implementations will be able to fulfill these criteria? (Select two.) Amazon Redshift Amazon DynamoDB Amazon RDS for MySQL MySQL-compatible Amazon Aurora Multi-AZ Amazon RDS for SQL Server Standard Edition Multi-AZ.
A business is developing a web application that will interface with a content management system. The content management system is hosted on Amazon EC2 instances, which are routed via an Application Load Balancer (ALB). The EC2 instances are distributed across several Availability Zones in an Auto Scaling group. The content management system's users are continually adding and modifying files, blogs, and other website assets.
A solutions architect must design a solution that enables all EC2 instances to exchange current website content with the least amount of lag time feasible.
Which solution satisfies these criteria? Update the EC2 user data in the Auto Scaling group lifecycle policy to copy the website assets from the EC2 instance that was launched most recently. Configure the ALB to make changes to the website assets only in the newest EC2 instance. Copy the website assets to an Amazon Elastic File System (Amazon EFS) file system. Configure each EC2 instance to mount the EFS file system locally. Configure the website hosting application to reference the website assets that are stored in the EFS file system. Copy the website assets to an Amazon S3 bucket. Ensure that each EC2 instance downloads the website assets from the S3 bucket to the attached Amazon Elastic Block Store (Amazon EBS) volume. Run the S3 sync command once each hour to keep files up to date. Restore an Amazon Elastic Block Store (Amazon EBS) snapshot with the website assets. Attach the EBS snapshot as a secondary EBS volume when a new EC2 instance is launched. Configure the website hosting application to reference the website assets that are stored in the secondary EBS volume.
A single AWS account allows a business to host its internet-facing containerized web application on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster.
The EKS cluster is located inside a VPC's private subnet. The EKS cluster is accessed by system administrators through a bastion server on a public network.
The company's new security policy prohibits the usage of bastion hosts. Additionally, the organization must prohibit internet access to the EKS cluster.
Which option best fits these criteria in terms of cost-effectiveness? Set up an AWS Direct Connect connection. Create a transit gateway. Establish a VPN connection. Use AWS Storage Gateway.
A business has a highly dynamic batch processing operation that requires the utilization of a large number of Amazon EC2 instances to finish. The work is stateless in nature, meaning it may be started and stopped at any moment without causing any damage, and normally takes up to 60 minutes to finish. The organization has engaged a solutions architect to develop a scalable and cost-effective solution that satisfies the job's needs.
What recommendations should the solutions architect make? Implement EC2 Spot Instances. Purchase EC2 Reserved Instances. Implement EC2 On-Demand Instances. Implement the processing on AWS Lambda.
A business has multiple web servers that regularly need access to a shared Amazon RDS MySQL Multi-AZ database instance. The organization requires a safe means for web servers to connect to the database while also adhering to a security requirement that user credentials be rotated on a regular basis.
Which solution satisfies these criteria? Store the database user credentials in AWS Secrets Manager. Grant the necessary IAM permissions to allow the web servers to access AWS Secrets Manager. Store the database user credentials in AWS Systems Manager OpsCenter. Grant the necessary IAM permissions to allow the web servers to access OpsCenter. Store the database user credentials in a secure Amazon S3 bucket. Grant the necessary IAM permissions to allow the web servers to retrieve credentials and access the database. Store the database user credentials in files encrypted with AWS Key Management Service (AWS KMS) on the web server file system. The web server should be able to decrypt the files and access the database.
A corporation is considering migrating a mission-critical dataset to Amazon S3. The present solution architecture stores the dataset in a single S3 bucket in the us-east-1 Region with versioning enabled. According to the company's disaster recovery strategy, all data is replicated across various AWS Regions.
How should the S3 solution be designed by a solutions architect? Create an additional S3 bucket in another Region and configure cross-Region replication. Create an additional S3 bucket in another Region and configure cross-origin resource sharing (CORS). Create an additional S3 bucket with versioning in another Region and configure cross-Region replication. Create an additional S3 bucket with versioning in another Region and configure cross-origin resource (CORS).
A solutions architect is tasked with the responsibility of developing the cloud architecture for a new application being deployed on AWS. The application's users will be able to download and upload files interactively. Over 90-day-old files will be visited less often than fresher ones, but all files must be promptly accessible. The solutions architect must guarantee that the application scales to securely store petabytes of data.
Which solution satisfies these criteria? Store the files in Amazon S3 Standard. Create an S3 Lifecycle policy that moves objects that are more than 90 days old to S3 Glacier. Store the files in Amazon S3 Standard. Create an S3 Lifecycle policy that moves objects that are more than 90 days old to S3 Standard-Infrequent Access (S3 Standard-IA). Store the files in Amazon Elastic Block Store (Amazon EBS) volumes. Schedule snapshots of the volumes. Use the snapshots to archive data that is more than 90 days old. Store the files in RAID-striped Amazon Elastic Block Store (Amazon EBS) volumes. Schedule snapshots of the volumes. Use the snapshots to archive data that is more than 90 days old.
An ecommerce company's solutions architect want to back up application log data to Amazon S3. The solutions architect has no idea how often or which logs will be accessed. The organization wishes to save expenses by using the suitable S3 storage class.
Which S3 storage type should be used to satisfy these requirements? S3 Glacier S3 Intelligent-Tiering S3 Standard-Infrequent Access (S3 Standard-IA) S3 One Zone-Infrequent Access (S3 One Zone-IA).
A business operates an application on Amazon EC2 instances contained inside a private subnet within a VPC. The instances have access to data stored in the same AWS Region's Amazon S3 bucket. To access the S3 bucket, the VPC comprises a NAT gateway on a public subnet. The organization wishes to save money by replacing the NAT gateway without sacrificing security or redundancy.
Which solution satisfies these criteria? Replace the NAT gateway with a NAT instance. Replace the NAT gateway with an internet gateway. Replace the NAT gateway with a gateway VPC endpoint. Replace the NAT gateway with an AWS Direct Connect connection.
The organizers of a worldwide event want to publish daily reports as static HTML pages online. The pages are anticipated to get millions of views from visitors worldwide. The files are stored in a bucket on Amazon S3. A solutions architect has been tasked with the responsibility of designing a solution that is both efficient and effective.
How should the solutions architect go in order to do this? Generate presigned URLs for the files. Use cross-Region replication to all Regions. Use the geoproximity feature of Amazon Route 53. Use Amazon CloudFront with the S3 bucket as its origin.
An ecommerce firm is developing an application that will handle payments through a third-party payment provider. The payment provider must expressly permit access to the public IP address of the server making the payment request. However, the company's security regulations prohibit the direct connection of any server to the public internet.
Which solution will satisfy these criteria? Provision an Elastic IP address. Host the application servers on Amazon EC2 instances in a private subnet. Assign the public IP address to the application servers. Create a NAT gateway in a public subnet. Host the application servers on Amazon EC2 instances in a private subnet. Route payment requests through the NAT gateway. Deploy an Application Load Balancer (ALB). Host the application servers on Amazon EC2 instances in a private subnet. Route the payment requests through the ALB. Set up an AWS Client VPN connection to the payment service. Host the application servers on Amazon EC2 instances in a private subnet. Route the payment requests through the VPN.
A business uses Amazon S3 to provide files to select customers who do not have AWS credentials. These users must be granted access for a certain period of time.
What steps should a solutions architect take to ensure that these criteria are met securely? Enable public access on an Amazon S3 bucket. Generate a presigned URL to share with the users. Encrypt files using AWS KMS and provide keys to the users. Create and assign IAM roles that will grant GetObject permissions to the users.
A business wishes to run its web application on Amazon Web Services (AWS) utilizing numerous Amazon EC2 instances spread across various AWS Regions. Due to the fact that the application content will be region-specific, client requests must be directed to the server that hosts the content for that client location.
What actions should a solutions architect take to achieve this? Configure Amazon Route 53 with a latency routing policy. Configure Amazon Route 53 with a weighted routing policy. Configure Amazon Route 53 with a geolocation routing policy. Configure Amazon Route 53 with a multivalue answer routing policy.
A solutions architect is tasked with the responsibility of designing a low-latency solution for a static single-page application that users access through a custom domain name. Serverless, encrypted in transit, and cost-effective are all requirements for the solution.
Which AWS services and functionalities should the solutions architect utilize in combination? (Select two.) Amazon S3 Amazon EC2 AWS Fargate Amazon CloudFront Elastic Load Balancer.
A solutions architect must create a network that enables many Amazon EC2 instances to share a single data source for mission-critical data that all EC2 instances may access concurrently. The solution must be highly scalable, simple to install, and compliant with the NFS standard.
Which solution satisfies these criteria? Create an Amazon Elastic File System (Amazon EFS) file system. Configure a mount target in each Availability Zone. Attach each instance to the appropriate mount target. Create an additional EC2 instance and configure it as a file server. Create a security group that allows communication between the Instances and apply that to the additional instance. Create an Amazon S3 bucket with the appropriate permissions. Create a role in AWS IAM that grants the correct permissions to the S3 bucket. Attach the role to the EC2 Instances that need access to the data. Create an Amazon Elastic Block Store (Amazon EBS) volume with the appropriate permissions. Create a role in AWS IAM that grants the correct permissions to the EBS volume. Attach the role to the EC2 instances that need access to the data.
A business installs an application on Amazon Web Services Lambda functions that are called using the Amazon API Gateway API. Customer data is stored in an Amazon Aurora MySQL database using Lambda functions. When a corporation updates its database, Lambda functions are prevented from establishing database connections until the upgrade is complete. As a consequence, client data is not captured for some events.
A solutions architect must provide a solution that securely maintains customer data generated during database updates.
Which solution will satisfy these criteria? Provision an Amazon RDS proxy to sit between the Lambda functions and the database. Configure the Lambda functions to connect to the RDS proxy. Increase the run time of the Lambda functions to the maximum. Create a retry mechanism in the code that stores the customer data in the database. Persist the customer data to Lambda local storage. Configure new Lambda functions to scan the local storage to save the customer data to the database. Store the customer data in an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Create a new Lambda function that polls the queue and stores the customer data in the database.
An ecommerce firm realized that the performance of their Amazon RDS-based web application had degraded. The reduction in performance is being ascribed to an increase in the amount of read-only SQL queries initiated by business analysts. A solutions architect must resolve the issue with the least amount of modification to the current web application.
What recommendations should the solutions architect make? Export the data to Amazon DynamoDB and have the business analysts run their queries. Load the data into Amazon ElastiCache and have the business analysts run their queries. Create a read replica of the primary database and have the business analysts run their queries. Copy the data into an Amazon Redshift cluster and have the business analysts run their queries.
A solutions architect is refactoring a monolithic application into two microservices: Microservice A and Microservice B.
Microservice A queues messages for consumption by Microservice B in a central Amazon Simple Queue Service (Amazon SQS) queue. When Microservice B is unable to process a message after four attempts, the message must be withdrawn from the queue and archived for later study.
What actions should the solutions architect take to ensure that these criteria are met? Create an SQS dead-letter queue. Microservice B adds failed messages to that queue after it receives and fails to process the message four times. Create an SQS dead-letter queue. Configure the main SQS queue to deliver messages to the dead-letter queue after the message has been received four times. Create an SQS queue for failed messages. Microservice A adds failed messages to that queue after Microservice B receives and fails to process the message four times. Create an SQS queue for failed messages. Configure the SQS queue for failed messages to pull messages from the main SQS queue after the original message has been received four times.
Amazon EC2 is being used by a business to host its big data analytics workloads. Each night, these variable workloads run, and it is vital that they be completed before the start of business the following day. A solutions architect has been assigned with the responsibility of developing the MOST cost-effective solution possible.
Which approach is most likely to do this? Spot Fleet Spot Instances Reserved Instances On-Demand Instances.
A business want to utilize an AWS Region as a backup site for its on-premises infrastructure. The organization now contains ten terabytes of data and the on-premise data center has a one gigabit per second internet connection. A solutions architect must devise a strategy that enables the organization to migrate its existing data to AWS in 72 hours without utilizing an unencrypted connection.
Which option should the architect choose? Send the initial 10 TB of data to AWS using FTP. Send the initial 10 TB of data to AWS using AWS Snowball. Establish a VPN connection between Amazon VPC and the company's data center. Establish an AWS Direct Connect connection between Amazon VPC and the company's data center.
A team has developed an application that monitors the upload of new items to an Amazon S3 bucket. The uploads cause an AWS Lambda function to send object information to an Amazon DynamoDB table and a PostgreSQL database hosted by Amazon RDS.
Which of the following actions should the team do to achieve high availability? Enable Cross-Region Replication in the S3 bucket. Create a Lambda function for each Availability Zone the application is deployed in. Enable Multi-AZ on the RDS for PostgreSQL database. Create a DynamoDB stream for the DynamoDB table.
A business collects and analyzes clickstream data from many websites using batch processing. The data is imported into Amazon Redshift on a nightly basis and is then consumed by business analysts. The organization wishes to transition to near-real-time data processing in order to provide timely insights. The solution should handle streaming data efficiently and with low operational overhead.
Which AWS service combination is the MOST cost-effective for this solution? (Select two.) Amazon EC2 AWS Lambda Amazon Kinesis Data Streams Amazon Kinesis Data Firehose Amazon Kinesis Data Analytics.
A business is examining a recent transfer of a three-tier application to a virtual private cloud (VPC). The security team detects that the concept of least privilege is not being applied to the entrance and egress rules for Amazon EC2 security groups between application layers.
What actions should a solutions architect take to rectify this situation? Create security group rules using the instance ID as the source or destination. Create security group rules using the security group ID as the source or destination. Create security group rules using the VPC CIDR blocks as the source or destination. Create security group rules using the subnet CIDR blocks as the source or destination.
A corporation that provides live video streaming captures and saves real-time data in a disk-optimized database system. The organization is experiencing lower-than-expected throughput and is looking for an in-memory database storage solution that is speedier and delivers high availability via data replication.
Which database should be recommended by a solutions architect? Amazon RDS for MySQL Amazon RDS for PostgreSQL. Amazon ElastiCache for Redis Amazon ElastiCache for Memcached.
A web application operating on an Amazon EC2 instance in VPC-A requires access to files located on another Amazon EC2 instance in VPC-B. Both are distinct. AWS credentials. The network administrator must build a solution that enables safe access from VPC-A to an EC2 instance in VPC-B. There should be no single point of failure or issues about bandwidth.
Which solution will satisfy these criteria? Set up a VPC peering connection between VPC-A and VPC-B. Set up VPC gateway endpoints for the EC2 instance running in VPC-B. Attach a virtual private gateway to VPC-B and enable routing from VPC-A. Create a private virtual interface (VIF) for the EC2 instance running in VPC-B and add appropriate routes from VPC-B.
A business is offering an application that makes use of an Amazon RDS MySQL database. The database must be designed in such a way that it maintains high availability across Availability Zones and AWS Regions with the least amount of downtime possible.
What is the best way for a solutions architect to fulfill this requirement? Set up an RDS MySQL Multi-AZ DB instance. Configure an appropriate backup window. Set up an RDS MySQL Multi-AZ DB instance. Configure a read replica in a different Region. Set up an RDS MySQL Single-AZ DB instance. Configure a read replica in a different Region. Set up an RDS MySQL Single-AZ DB instance. Copy automated snapshots to at least one other Region.
On Amazon EC2, a business application is hosted and secured object storage is provided by Amazon S3. According to the chief information security officer, no application communication between the two services should pass over the public internet.
Which capabilities should the solution architect use to ensure compliance? AWS Key Management Service (AWS KMS) VPC endpoint Private subnet Virtual private gateway.
A solutions architect is responsible for designing the architecture of an application that is delivered as a Docker container image by a vendor. The container requires 50 GB of temporary file storage. Serverless infrastructure is required.
Which method satisfies these criteria with the LEAST amount of operational overhead? Create an AWS Lambda function that uses the Docker container image with an Amazon S3 mounted volume that has more than 50 GB of space. Create an AWS Lambda function that uses the Docker container image with an Amazon Elastic Block Store (Amazon EBS) volume that has more than 50 GB of space. Create an Amazon Elastic Container Service (Amazon ECS) cluster that uses the AWS Fargate launch type. Create a task definition for the container image with an Amazon Elastic File System (Amazon EFS) volume. Create a service with that task definition. Create an Amazon Elastic Container Service (Amazon ECS) cluster that uses the Amazon EC2 launch type with an Amazon Elastic Block Store (Amazon EBS) volume that has more than 50 GB of space. Create a task definition for the container image. Create a service with that task definition.
A corporation has an AWS Lambda function that requires read access to an Amazon S3 bucket hosted in the same AWS account as the Lambda function.
Which solution satisfies these criteria the SAFEST way possible? Apply an S3 bucket policy that grants read access to the S3 bucket. Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to the S3 bucket. Embed an access key and a secret key in the Lambda functionג€™s code to grant the required IAM permissions for read access to the S3 bucket. Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to all S3 buckets in the account.
A business runs a multi-tier web application that stores data on an Amazon Aurora MySQL DB cluster. Amazon EC2 instances are used to host the application tier. The company's information technology security policies require that database credentials be encrypted and changed every 14 days.
What should a solutions architect do in order to satisfy this demand with the LEAST amount of operational work possible? Create a new AWS Key Management Service (AWS KMS) encryption key. Use AWS Secrets Manager to create a new secret that uses the KMS key with the appropriate credentials. Associate the secret with the Aurora DB cluster. Configure a custom rotation period of 14 days. Create two parameters in AWS Systems Manager Parameter Store: one for the user name as a string parameter and one that uses the SecureString type for the password. Select AWS Key Management Service (AWS KMS) encryption for the password parameter, and load these parameters in the application tier. Implement an AWS Lambda function that rotates the password every 14 days. Store a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system in all EC2 instances of the application tier. Restrict the access to the file on the file system so that the application can read the file and that only super users can modify the file. Implement an AWS Lambda function that rotates the key in Aurora every 14 days and writes new credentials into the file. Store a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon S3 bucket that the application uses to load the credentials. Download the file to the application regularly to ensure that the correct credentials are used. Implement an AWS Lambda function that rotates the Aurora credentials every 14 days and uploads these credentials to the file in the S3 bucket.
A business operates a website that is protected by numerous Application Load Balancers. The corporation has a variety of distribution rights to its material in several countries. A solutions architect must verify that the proper material is given to users without infringing on distribution rights.
Which configuration should the solution architect use in order to satisfy these requirements? Configure Amazon CloudFront with AWS WAF. Configure Application Load Balancers with AWS WAF. Configure Amazon Route 53 with a geolocation policy. Configure Amazon Route 53 with a geoproximity routing policy.
A user requests a list of the IAM roles associated with their Amazon EC2 instance. The user has access to the EC2 instance through the login interface but does not have IAM rights.
How might a solutions architect go about retrieving this data? Run the following EC2 command: curl http://169.254.169.254/latest/meta-data/iam/info Run the following EC2 command: curl http://169.254.169.254/latest/user-data/iam/info Run the following EC2 command: http://169.254.169.254/latest/dynamic/instance-identity/ Run the following AWS CLI command: aws iam get-instance-profile --instance-profile-name ExampleInstanceProfile.
A business is expanding as demand for its goods increases. When traffic increases, the company's current purchase application is sluggish. The application is a three-layer monolith that employs synchronous transactions and sometimes has bottlenecks at the application tier. A solutions architect must build a solution that satisfies application response time requirements while allowing for surges in traffic flow.
Which solution will satisfy these criteria? Vertically scale the application instance using a larger Amazon EC2 instance size. Scale the applicationג€™s persistence layer horizontally by introducing Oracle RAC on AWS. Scale the web and application tiers horizontally using Auto Scaling groups and an Application Load Balancer. Decouple the application and data tiers using Amazon Simple Queue Service (Amazon SQS) with asynchronous AWS Lambda calls.
A solutions architect has established a new AWS account and is responsible for securing root user access to the account.
Which action(s) will do this? (Select two.) Ensure the root user uses a strong password. Enable multi-factor authentication to the root user. Store root user access keys in an encrypted Amazon S3 bucket. Add the root user to a group containing administrative permissions. Apply the required permissions to the root user with an inline policy document.
A business is developing containerized apps. The firm wishes to shift its on-premises development and operational services to AWS. According to management, production systems must be cloud agnostic and share configuration and administrator tools. A solutions architect must provide a managed solution that ensures the alignment of open-source software.
Which solution satisfies these criteria? Launch the containers on Amazon EC2 with EC2 instance worker nodes. Launch the containers on Amazon Elastic Kubernetes Service (Amazon EKS) and EKS worker nodes. Launch the containers on Amazon Elastic Containers service (Amazon ECS) with AWS Fargate instances. Launch the containers on Amazon Elastic Container Service (Amazon ECS) with Amazon EC2 instance worker nodes.
A bicycle sharing firm is building a multi-tier architecture to monitor the position of its bicycles during peak hours of operation. The business intends to incorporate these data points into its current analytics platform. A solutions architect must decide on the most suitable multi-tier architectural support choice. The REST API must be able to access the data points.
Which action satisfies these storage and retrieval criteria for location data? Use Amazon Athena with Amazon S3. Use Amazon API Gateway with AWS Lambda. Use Amazon QuickSight with Amazon Redshift. Use Amazon API Gateway with Amazon Kinesis Data Analytics.
A solutions architect is tasked with developing the storage architecture for a new online application that will be used to store and display engineering drawings. All application components will be hosted on AWS.
The application's architecture must use caching in order to decrease the time users spend waiting for engineering drawings to load. Petabytes of data must be able to be stored in the program.
Which storage and caching mix should the solutions architect use? Amazon S3 with Amazon CloudFront Amazon S3 Glacier with Amazon ElastiCache Amazon Elastic Block Store (Amazon EBS) volumes with Amazon CloudFront AWS Storage Gateway with Amazon ElastiCache.
A media business is considering migrating its operations to the AWS Cloud. The organization requires at least ten terabytes of storage with the highest feasible I/O performance for video processing, 300 terabytes of very durable storage for media content storage, and 900 terabytes of storage to satisfy standards for archiving material that is no longer in use.
Which services should a solutions architect propose in order to satisfy these requirements? Amazon Elastic Block Store (Amazon EBS) for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage Amazon Elastic Block Store (Amazon EBS) for maximum performance, Amazon Elastic File System (Amazon EFS) for durable data storage, and Amazon S3 Glacier for archival storage Amazon EC2 instance store for maximum performance, Amazon Elastic File System (Amazon EFS) for durable data storage, and Amazon S3 for archival storage Amazon EC2 instance store for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage.
A business is implementing an application that handles massive amounts of data concurrently. The workload will be run on Amazon EC2 instances. The network architecture must be configured in such a way that groups of nodes do not share the same underlying hardware.
Which networking solution satisfies these criteria? Run the EC2 instances in a spread placement group. Group the EC2 instances in separate accounts. Configure the EC2 instances with dedicated tenancy. Configure the EC2 instances with shared tenancy.
A trucking firm is installing an application that will monitor all of the company's vehicles' GPS positions. The organization requires a solution that generates real-time statistics based on metadata lookups with a high read throughput and low latency in the microsecond range. The database must be fault-tolerant and have a low operating and development overhead.
Which actions should a solutions architect do in combination to achieve these requirements? (Select two.) Use Amazon DynamoDB as the database. Use Amazon Aurora MySQL as the database. Use Amazon RDS for MySQL as the database Use Amazon ElastiCache as the caching layer. Use Amazon DynamoDB Accelerator (DAX) as the caching layer.
A business seeks a storage solution that allows its data science team to study data both on-premises and on the Amazon Web Services (AWS) Cloud. The team must be able to conduct statistical studies on-premises and through a fleet of Amazon EC2 instances distributed across several Availability Zones.
What actions should a solutions architect take to ensure that these criteria are met? Use an AWS Storage Gateway tape gateway to copy the on-premises files into Amazon S3. Use an AWS Storage Gateway volume gateway to copy the on-premises files into Amazon S3. Use an AWS Storage Gateway file gateway to copy the on-premises files to Amazon Elastic Block Store (Amazon EBS). Attach an Amazon Elastic File System (Amazon EFS) file system to the on-premises servers. Copy the files to Amazon EFS.
A business wishes to transfer its MySQL database from its on-premises location to AWS. The organization recently had a database outage, which had a substantial effect on business operations. To prevent this from happening again, the organization need a scalable database solution on AWS that minimizes data loss and replicates each transaction over at least two nodes.
Which solution satisfies these criteria? Create an Amazon RDS DB instance with synchronous replication to three nodes in three Availability Zones. Create an Amazon RDS MySQL DB instance with Multi-AZ functionality enabled to synchronously replicate the data. Create an Amazon RDS MySQL DB instance and then create a read replica in a separate AWS Region that synchronously replicates the data. Create an Amazon EC2 instance with a MySQL engine installed that triggers an AWS Lambda function to synchronously replicate the data to an Amazon RDS MySQL DB instance.
The application of a business is hosted on Amazon EC2 instances in a single Region. In the case of a catastrophe, a solutions architect must guarantee that resources are also available for deployment to a secondary Region.
Which activities should the solutions architect take in conjunction to achieve this? (Select two.) Detach a volume on an EC2 instance and copy it to Amazon S3. Launch a new EC2 instance from an Amazon Machine Image (AMI) in a new Region. Launch a new EC2 instance in a new Region and copy a volume from Amazon S3 to the new instance. Copy an Amazon Machine Image (AMI) of an EC2 instance and specify a different Region for the destination. Copy an Amazon Elastic Block Store (Amazon EBS) volume from Amazon S3 and launch an EC2 instance in the destination Region using that EBS volume.
A business is auditing its AWS Cloud deployment to guarantee that no one may access its data without the proper authorisation. A solutions architect is responsible for identifying all open Amazon S3 buckets and documenting any modifications to their setup.
What is the solution architect's role in achieving this? Enable AWS Config service with the appropriate rules Enable AWS Trusted Advisor with the appropriate checks. Write a script using an AWS SDK to generate a bucket report Enable Amazon S3 server access logging and configure Amazon CloudWatch Events.
A business owns an asynchronous API that is used to ingest user requests and route them to the appropriate microservice for processing depending on the request type. The firm is deploying the API front end using Amazon API Gateway, as well as an AWS Lambda function that calls Amazon DynamoDB to store user requests before routing them to the processing microservices.
The firm supplied as much DynamoDB capacity as possible within its budget constraints, yet the company continues to have availability difficulties and is losing user requests.
What should a solutions architect do to handle this problem in a way that does not negatively effect current users? Add throttling on the API Gateway with server-side throttling limits. Use DynamoDB Accelerator (DAX) and Lambda to buffer writes to DynamoDB. Create a secondary index in DynamoDB for the table with the user requests. Use the Amazon Simple Queue Service (Amazon SQS) queue and Lambda to buffer writes to DynamoDB.
A start-up business in the us-east-1 Region has a web application operating on several Amazon EC2 instances behind an Application Load Balancer across different Availability Zones. As the company's user base expands in the us-west-1 Region, it requires a low-latency, high-availability solution.
What actions should a solutions architect take to achieve this? Provision EC2 instances in us-west-1. Switch the Application Load Balancer to a Network Load Balancer to achieve cross-Region load balancing. Provision EC2 instances and an Application Load Balancer in us-west-1. Make the load balancer distribute the traffic based on the location of the request. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Create an accelerator in AWS Global Accelerator that uses an endpoint group that includes the load balancer endpoints in both Regions. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Configure Amazon Route 53 with a weighted routing policy. Create alias records in Route 53 that point to the Application Load Balancer.
A business has 150 TB of on-premises archival picture data that must be migrated to the AWS Cloud within the next month. The company's present network connection supports uploads of up to 100 Mbps for this purpose only at night.
What is the MOST COST-EFFECTIVE method for moving this data and adhering to the migration deadline? Use AWS Snowmobile to ship the data to AWS. Order multiple AWS Snowball devices to ship the data to AWS. Enable Amazon S3 Transfer Acceleration and securely upload the data. Create an Amazon S3 VPC endpoint and establish a VPN to upload the data.
A solutions architect must develop an automated solution to a company's compliance policy that prohibits security groups from including a rule allowing SSH from 0.0.0.0/0. If there is a violation of the policy, the business must be informed. A solution is required immediately.
What actions should the solutions architect take to ensure that these criteria are met with the LEAST amount of operational overhead possible? Write an AWS Lambda script that monitors security groups for SSH being open to 0.0.0.0/0 addresses and creates a notification every time it finds one. Enable the restricted-ssh AWS Config managed rule and generate an Amazon Simple Notification Service (Amazon SNS) notification when a noncompliant rule is created. Create an IAM role with permissions to globally open security groups and network ACLs. Create an Amazon Simple Notification Service (Amazon SNS) topic to generate a notification every time the role is assumed by a user. Configure a service control policy (SCP) that prevents non-administrative users from creating or editing security groups. Create a notification in the ticketing system when a user requests a rule that needs administrator permissions.
A Solutions Architect is responsible for developing a web application that will be hosted on AWS and will enable customers to pay access to premium, shared content stored in an S3 bucket. After purchase, users will have 14 days to download material before being banned access.
Which of the following would require the LEAST amount of effort to implement? Use an Amazon CloudFront distribution with an origin access identity (OAI). Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design a Lambda function to remove data that is older than 14 days. Use an S3 bucket and provide direct access to the file. Design the application to track purchases in a DynamoDB table. Configure a Lambda function to remove data that is older than 14 days based on a query to Amazon DynamoDB. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URL. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 60 minutes for the URL and recreate the URL as necessary.
A web application that is accessible to the public queries a database that is housed on an Amazon EC2 instance in a private subnet. Numerous queries have numerous database joins, and the application's performance has deteriorated as a result of the growth in complicated queries. The application team will be making performance enhancements.
What recommendations should a solutions architect provide to the application team? (Select two.) Cache query data in Amazon SQS Create a read replica to offload queries Migrate the database to Amazon Athena Implement Amazon DynamoDB Accelerator to cache data. Migrate the database to Amazon RDS.
On-premises, a business runs a multi-tier web application. The web application is containerized and operates on a distributed network of Linux computers that are linked to a PostgreSQL database that stores user records. The operational costs associated with infrastructure maintenance and capacity planning are impeding the company's expansion. A solutions architect is responsible for enhancing the application's infrastructure.
Which activities should the solutions architect take in conjunction to achieve this? (Select two.) Migrate the PostgreSQL database to Amazon Aurora. Migrate the web application to be hosted on Amazon EC2 instances. Set up an Amazon CloudFront distribution for the web application content. Set up Amazon ElastiCache between the web application and the PostgreSQL database. Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container Service (Amazon ECS).
A firm is developing a media sharing service and has chosen to store it on Amazon S3. When a media file is uploaded, the firm initiates a multi-step process that includes creating thumbnails, identifying objects within the photos, transcoding films into standard formats and resolutions, and extracting and storing information in an Amazon DynamoDB database. Metadata is used to facilitate search and navigation.
The volume of traffic varies. The system must be scalable to accommodate surges in traffic without incurring additional costs.
What solutions architect recommendations should be made to accommodate this workload? Build the processing into the website or mobile app used to upload the content to Amazon S3. Save the required data to the DynamoDB table when the objects are uploaded. Trigger AWS Step Functions when an object is stored in the S3 bucket. Have the Step Functions perform the steps needed to process the object and then write the metadata to the DynamoDB table. Trigger an AWS Lambda function when an object is stored in the S3 bucket. Have the Lambda function start AWS Batch to perform the steps to process the object. Place the object data in the DynamoDB table when complete. Trigger an AWS Lambda function to store an initial entry in the DynamoDB table when an object is uploaded to Amazon S3. Use a program running on an Amazon EC2 instance in an Auto Scaling group to poll the index for unprocessed items, and use the program to perform the processing.
A business want to employ Amazon Web Services' (AWS) high performance computing (HPC) infrastructure for financial risk modeling. Linux is used to execute the company's HPC workloads. Each HPC process is short-lived, operates on hundreds of AmazonEC2 Spot Instances, and creates thousands of output files that are eventually kept in persistent storage for analytics and long-term future usage.
The organization is looking for a cloud storage solution that enables the transfer of on-premises data to long-term persistent storage, making it accessible to all EC2 instances for processing. Additionally, the solution should provide a fast file system coupled with persistent storage for reading and writing datasets and output files.
Which AWS service combination satisfies these requirements? Amazon FSx for Lustre integrated with Amazon S3 Amazon FSx for Windows File Server integrated with Amazon S3 Amazon S3 Glacier integrated with Amazon Elastic Block Store (Amazon EBS) Amazon S3 bucket with a VPC endpoint integrated with an Amazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp2) volume.
A solutions architect is tasked with the responsibility of building the cloud architecture for a new application that will be deployed on AWS. The program enables users to download and upload files interactively. Files older than two years will get limited access. The architect of the solution must guarantee that the application scales to any number of files while ensuring excellent availability and durability.
Which scalable solutions should be recommended by the solutions architect? (Select two.) Store the files on Amazon S3 with a lifecycle policy that moves objects older than 2 years to S3 Glacier. Store the files on Amazon S3 with a lifecycle policy that moves objects older than 2 years to S3 Standard-Infrequent Access (S3 Standard-IA) Store the files on Amazon Elastic File System (Amazon EFS) with a lifecycle policy that moves objects older than 2 years to EFS Infrequent Access (EFS IA). Store the files in Amazon Elastic Block Store (Amazon EBS) volumes. Schedule snapshots of the volumes. Use the snapshots to archive data older than 2 years. Store the files in RAID-striped Amazon Elastic Block Store (Amazon EBS) volumes. Schedule snapshots of the volumes. Use the snapshots to archive data older than 2 years.
Multiple production apps are hosted by a business. One of the apps utilizes Amazon EC2, AWS Lambda, Amazon RDS, Amazon Simple Notification Service (Amazon SNS), and Amazon Simple Queue Service (Amazon SQS) resources distributed across various AWS Regions. All business resources are marked with the tag 'application' and a value unique to each application. A solutions architect's job is to offer the simplest method for recognizing all labeled components.
Which solution satisfies these criteria? Use AWS CloudTrail to generate a list of resources with the application tag. Use the AWS CLI to query each service across all Regions to report the tagged components. Run a query in Amazon CloudWatch Logs Insights to report on the components with the application tag. Run a query with the AWS Resource Groups Tag Editor to report on the resources globally with the application tag.
A business intends to utilize Amazon S3 to store user-uploaded photos. At rest, the photos must be secured in Amazon S3. The business does not want to spend time maintaining and rotating the keys, but does wish to regulate who has access to them.
What tools and techniques should a solutions architect use to do this? Server-Side Encryption with keys stored in an S3 bucket Server-Side Encryption with Customer-Provided Keys (SSE-C) Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3) Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS).
A business is transferring a huge, mission-critical database to Amazon Web Services (AWS). A solutions architect has chosen to utilize an Amazon RDS for MySQL Multi-AZ DB instance with storage capacity of 80,000 Provisioned IOPS. The data transfer is being carried out by the solutions architect utilizing AWS Database Migration Service (AWS DMS). The relocation process is taking longer than anticipated, and the corporation want to expedite it. The network staff at the corporation has ruled out bandwidth as a limiting constraint.
How should the solutions architect proceed to expedite the migration? (Select two.) Disable Multi-AZ on the target DB instance. Create a new DMS instance that has a larger instance size. Turn off logging on the target DB instance until the initial load is complete. Restart the DMS task on a new DMS instance with transfer acceleration enabled. Change the storage type on the target DB instance to Amazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp2).
A solutions architect is responsible for developing the cloud architecture for a business that requires hosting hundreds of machine learning models for its customers. The models need up to 10 GB of data from Amazon S3 to be loaded into memory on launch, but do not require disk access. Although the majority of models are used seldom, customers want them to be highly available, accessible, and with minimal latency.
Which option satisfies the specifications and is the MOST cost-effective? Deploy models as AWS Lambda functions behind an Amazon API Gateway for each model. Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind an Application Load Balancer for each model. Deploy models as AWS Lambda functions behind a single Amazon API Gateway with path-based routing where one path corresponds to each model. Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind a single Application Load Balancer with path-based routing where one path corresponds to each model.
A meteorological startup business has developed a bespoke web application with the purpose of selling weather data online to its subscribers. The firm now stores its data in Amazon DynamoDB and want to develop a new service that notifies the managers of four internal teams whenever a new weather event is recorded. The firm does not want for this new service to have an adverse effect on the functioning of the existing application.
What actions should a solutions architect take to ensure that these criteria are met with the LEAST amount of operational overhead possible? Use DynamoDB transactions to write new event data to the table. Configure the transactions to notify internal teams. Have the current application publish a message to four Amazon Simple Notification Service (Amazon SNS) topics. Have each team subscribe to one topic. Enable Amazon DynamoDB Streams on the table. Use triggers to write to a single Amazon Simple Notification Service (Amazon SNS) topic to which the teams can subscribe. Add a custom attribute to each record to flag new items. Write a cron job that scans the table every minute for items that are new and notifies an Amazon Simple Queue Service (Amazon SQS) queue to which the teams can subscribe.
A business uses a VPC peering plan to link all of its VPCs inside a same Region in order to facilitate cross-communication. Recent growth in account creation and VPCs has made it more difficult to sustain the VPC peering strategy, and the business anticipates reaching hundreds of VPCs. Additionally, there are fresh demands for the creation of site-to-site VPNs with some of the VPCs. A solutions architect has been charged with the responsibility of establishing a centrally controlled networking infrastructure for various accounts, virtual private clouds, and VPNs.
Which networking solution satisfies these criteria? Configure shared VPCs and VPNs and share to each other. Configure a hub-and-spoke VPC and route all traffic through VPC peering. Configure an AWS Direct Connect connection between all VPCs and VPNs. Configure a transit gateway with AWS Transit Gateway and connect all VPCs and VPNs.
A solutions architect is developing a program that will record the hourly energy use of a building's commercial tenants. The sensors will feed a database through HTTP requests, which will keep track of each tenant's consumption. When feasible, the solutions architect should use managed services. The workload will continue to gain functionality as the solutions architect incorporates independent components.
Which method satisfies these criteria with the LEAST amount of operational overhead? Use Amazon API Gateway with AWS Lambda functions to receive the data from the sensors, process the data, and store the data in an Amazon DynamoDB table. Use an Elastic Load Balancer that is supported by an Auto Scaling group of Amazon EC2 instances to receive and process the data from the sensors. Use an Amazon S3 bucket to store the processed data. Use Amazon API Gateway with AWS Lambda functions to receive the data from the sensors, process the data, and store the data in a Microsoft SQL Server Express database on an Amazon EC2 instance. Use an Elastic Load Balancer that is supported by an Auto Scaling group of Amazon EC2 instances to receive and process the data from the sensors. Use an Amazon Elastic File System (Amazon EFS) shared file system to store the processed data.
Two IAM policies have been written by a solutions architect: Policy1 and Policy2. Each policy is associated with an IAM group.
A cloud engineer is added to the IAM group as an IAM user.
Which of the following actions will the cloud engineer be able to carry out? Deleting IAM users Deleting directories Deleting Amazon EC2 instances Deleting logs from Amazon CloudWatch Logs.
A solutions architect is responsible for building an architecture that will support the operation of a third-party database server. The database software is memory heavy and is licensed on a CPU-based basis, with the cost increasing in direct proportion to the number of virtual CPU cores in the operating system. The solutions architect must choose an Amazon EC2 instance with adequate RAM to operate the database software, yet with a high number of vCPUs. The solutions architect must guarantee that the virtual CPUs are not underutilized and must keep expenditures to a minimum.
Which solution satisfies these criteria? Select and launch a smaller EC2 instance with an appropriate number of vCPUs. Configure the CPU cores and threads on the selected EC2 instance during instance launch. Create a new EC2 instance and ensure multithreading is enabled when configuring the instance details. Create a new Capacity Reservation and select the appropriate instance type. Launch the instance into this new Capacity Reservation.
A workload is executing on an Amazon EC2 instance and requires millisecond latency. The program does many little file system reads and writes, yet the file system itself is small.
Which volume type of Amazon Elastic Block Store (Amazon EBS) should a solutions architect connect to an EC2 instance? Cold HDD (sc1) General Purpose SSD (gp2) Provisioned IOPS SSD (io1) Throughput Optimized HDD (st1).
A solutions architect is creating a two-tiered architecture with distinct private subnets for compute and database resources. AWS Lambda functions deployed in compute subnets need database connection.
Which option would provide the MOST SECURE connectivity? Configure the Lambda function to use Amazon RDS Proxy outside the VPC. Associate a security group with the Lambda function. Authorize this security group in the database's security group. Authorize the compute subnetג€™s CIDR ranges in the database's security group. During the initialization phase, authorize all IP addresses in the database's security group temporarily. Remove the rule after the initialization is complete.
A development team is building an event-driven application using AWS Lambda. When files are added to an Amazon S3 bucket, events will be created. Amazon Simple Notification Service (Amazon SNS) is presently specified as the event target for Amazon S3 events.
What should a solutions architect do to scale the processing of events from Amazon S3? Create an SNS subscription that processes the event in Amazon Elastic Container Service (Amazon ECS) before the event runs in Lambda. Create an SNS subscription that processes the event in Amazon Elastic Kubernetes Service (Amazon EKS) before the event runs in Lambda. Create an SNS subscription that sends the event to Amazon Simple Queue Service (Amazon SQS). Configure the SQS queue to trigger a Lambda function. Create an SNS subscription that sends the event to AWS Server Migration Service (AWS SMS). Configure the Lambda function to poll from the SMS event.
A business has deployed a multi-tier application on many Amazon EC2 instances in an Auto Scaling group. Amazon RDS for Oracle instances serve as the application's data layer, using Oracle-native PL/SQL operations. The application's traffic has been continuously rising. This overloads the EC2 instances and causes the RDS instance to run out of storage. The Auto Scaling group lacks scaling metrics and instead specifies the minimal healthy instance count. According to the corporation, traffic will continue to grow at a constant but unpredictable pace until it reaches a plateau.
What should a solutions architect do to guarantee that the system can grow automatically as traffic increases? (Select two.) Configure storage Auto Scaling on the RDS for Oracle instance. Migrate the database to Amazon Aurora to use Auto Scaling storage. Configure an alarm on the RDS for Oracle instance for low free storage space. Configure the Auto Scaling group to use the average CPU as the scaling metric. Configure the Auto Scaling group to use the average free memory as the scaling metric.
A business just established hybrid cloud access with AWS Direct Connect and is now moving data to Amazon S3. The organization is seeking a fully managed solution that would automate and expedite data replication between on-premises storage systems and Amazon Web Services (AWS) storage services.
Which solution should a solutions architect propose for maintaining the confidentiality of the data? Deploy an AWS DataSync agent for the on-premises environment. Configure a sync job to replicate the data and connect it with an AWS service endpoint. Deploy an AWS DataSync agent for the on-premises environment. Schedule a batch job to replicate point-in-time snapshots to AWS. Deploy an AWS Storage Gateway volume gateway for the on-premises environment. Configure it to store data locally, and asynchronously back up point-in- time snapshots to AWS. Deploy an AWS Storage Gateway file gateway for the on-premises environment. Configure it to store data locally, and asynchronously back up point-in-time snapshots to AWS.
A solutions architect is assisting a developer with the design of a new ecommerce shopping cart application utilizing Amazon Web Capabilities (AWS) services. The developer is unclear about the database schema in use and anticipates changing it as the ecommerce site expands. The solution must be very durable and capable of scaling read and write capacity automatically.
Which database solution satisfies these criteria? Amazon Aurora PostgreSQL Amazon DynamoDB with on-demand enabled Amazon DynamoDB with DynamoDB Streams enabled Amazon SQS and Amazon Aurora PostgreSQL.
A business has an aging application that handles data in two distinct stages. Because the second stage of the process takes longer than the first, the firm opted to redesign the application as two distinct microservices running on Amazon ECS.
What is the best way for a solutions architect to incorporate microservices? Implement code in microservice 1 to send data to an Amazon S3 bucket. Use S3 event notifications to invoke microservice 2. Implement code in microservice 1 to publish data to an Amazon SNS topic. Implement code in microservice 2 to subscribe to this topic. Implement code in microservice 1 to send data to Amazon Kinesis Data Firehose. Implement code in microservice 2 to read from Kinesis Data Firehose. Implement code in microservice 1 to send data to an Amazon SQS queue. Implement code in microservice 2 to process messages from the queue.
A business's website is hosted on Amazon S3. Monthly, the website provides petabytes of outbound traffic, accounting for the majority of the company's AWS charges.
What actions should a solutions architect do to save money? Configure Amazon CloudFront with the existing website as the origin. Move the website to Amazon EC2 with Amazon Elastic Block Store (Amazon EBS) volumes for storage. Use AWS Global Accelerator and specify the existing website as the endpoint. Rearchitect the website to run on a combination of Amazon API Gateway and AWS Lambda.
A business wishes to use a customized distributed program for the purpose of calculating numerous profit and loss situations. To do this, the business must establish a network connection between its Amazon EC2 instances. The connection must have a low latency and a high throughput.
Which solution will satisfy these criteria? Provision the application to use EC2 Dedicated Hosts of the same instance type. Configure a placement group for EC2 instances that have the same instance type. Use multiple AWS elastic network interfaces and link aggregation. Configure AWS PrivateLink for the EC2 instances.
A corporation is building a real-time multiplier game that communicates with clients and servers through UDP in an Auto Scaling group. Daytime demand spikes are predicted, and the game server platform must respond appropriately. Developers wish to store gamer scores and other non-relational data in a scalable database system.
Which solution, if any, should a solutions architect suggest? Use Amazon Route 53 for traffic distribution and Amazon Aurora Serverless for data storage. Use a Network Load Balancer for traffic distribution and Amazon DynamoDB on-demand for data storage. Use a Network Load Balancer for traffic distribution and Amazon Aurora Global Database for data storage. Use an Application Load Balancer for traffic distribution and Amazon DynamoDB global tables for data storage.
A standard established by an operations team says that IAM policies should not be implemented directly to users. Certain new team members have failed to adhere to this norm. The operations manager need a simple method for identifying users who have attached policies.
What actions should a solutions architect take to achieve this? Monitor using AWS CloudTrail. Create an AWS Config rule to run daily. Publish IAM user changes to Amazon SNS. Run AWS Lambda when a user is modified.
On Amazon EC2, a solutions architect is developing a high performance computing (HPC) workload. The EC2 instances must connect regularly with one another, necessitating network performance with low latency and high throughput.
Which EC2 setup satisfies these criteria? Launch the EC2 instances in a cluster placement group in one Availability Zone. Launch the EC2 instances in a spread placement group in one Availability Zone. Launch the EC2 instances in an Auto Scaling group in two Regions and peer the VPCs. Launch the EC2 instances in an Auto Scaling group spanning multiple Availability Zones.
A business owns a mobile game that derives the majority of its information from an Amazon RDS database instance. As the game gained popularity, the creators observed performance issues relating to the game's metadata loading times. According to performance metrics, merely scaling the database will not assist. A solutions architect must consider all available choices, which may include snapshot replication and sub-millisecond response times.
What recommendations should the solutions architect make to resolve these issues? Migrate the database to Amazon Aurora with Aurora Replicas. Migrate the database to Amazon DyramoDB with global tables. Add an Amazon ElastiCache for Redis layer in front of the database. Add an Amazon ElastiCache for Memcached layer in front of the database.
A business is transferring its data center and need a safe data transfer of 50 TB to AWS within two weeks. The present data center has a 90 percent used Site-to-Site VPN connection to AWS.
Which Amazon Web Services offering could a solutions architect use to achieve these requirements? AWS DataSync with a VPC endpoint AWS Direct Connect AWS Snowball Edge Storage Optimized AWS Storage Gateway.
A solutions architect must create a solution that stores a static website using Amazon CloudFront and an Amazon S3 origin. According to the company's security policy, every website traffic must be reviewed by AWS WAF.
How should the solutions architect adhere to these specifications? Configure an S3 bucket policy to accept requests coming from the AWS WAF Amazon Resource Name (ARN) only. Configure Amazon CloudFront to forward all incoming requests to AWS WAF before requesting content from the S3 origin. Configure a security group that allows Amazon CloudFront IP addresses to access Amazon S3 only. Associate AWS WAF to CloudFront. Configure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucket. Enable AWS WAF on the distribution.
A business wishes to lower the cost of Amazon S3 storage in its production environment while maintaining the durability and performance of the stored items.
What is the FIRST move that the business should take to accomplish these goals? Enable Amazon Macie on the business-critical S3 buckets to classify the sensitivity of the objects. Enable S3 analytics to identify S3 buckets that are candidates for transitioning to S3 Standard-Infrequent Access (S3 Standard-IA). Enable versioning on all business-critical S3 buckets. Migrate the objects in all S3 buckets to S3 Intelligent-Tiering.
A business hosts its static website in an Amazon S3 bucket, which is where Amazon CloudFront gets its start. The business serves customers in the United States, Canada, and Europe and is looking to cut expenses.
What recommendations should a solutions architect make? Adjust the CloudFront caching time to live (TTL) from the default to a longer timeframe. Implement CloudFront events with Lambda@Edge to run the websiteג€™s data processing. Modify the CloudFront price class to include only the locations of the countries that are served. Implement a CloudFront Secure Sockets Layer (SSL) certificate to push security closer to the locations of the countries that are served.
A solution architect is tasked with the responsibility of designing a highly available program that consists of web, application, and database layers. HTTPS content delivery should occur as near to the edge as practicable, with the least amount of time required for delivery.
Which solution satisfies these criteria and is the MOST SECURE? Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in public subnets. Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin. Amazon EC2 instances in private subnets Configure. Configure a public Application Load Balancer with multiple redundant Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin. Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in private subnets. Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin. Configure a public Application Load Balancer with multiple redundant Amazon EC2 instances in public subnets. Configure Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin.
A new AWS customer creates a Site-to-Site VPN between its on-premises datacenter and AWS. According to the firm's security policy, traffic originating on-premises shall remain inside the private IP space of the company while talking with an Amazon Elastic Container Service (Amazon ECS) cluster containing a sample web application.
Which solution satisfies this criterion? Configure a gateway endpoint for Amazon ECS. Modify the route table to include an entry pointing to the ECS cluster. Create a Network Load Balancer and AWS PrivateLink endpoint for Amazon ECS in the same VPC that is hosting the ECS cluster. Create a Network Load Balancer in one VPC and an AWS PrivateLink endpoint for Amazon ECS in another VPC. Connect the two VPCs by using VPC peering. Configure an Amazon Route 53 record with Amazon ECS as the target. Apply a server certificate to Route 53 from AWS Certificate Manager (ACM) for SSL offloading.
A firm that hosts its web application on Amazon Web Services (AWS) needs to verify that all Amazon EC2 instances, Amazon RDS database instances, and Amazon Redshift clusters are tagged. The organization wishes to reduce the time and effort required to configure and operate this check.
What actions should a solutions architect take to achieve this? Use AWS Config rules to define and detect resources that are not properly tagged. Use Cost Explorer to display resources that are not properly tagged. Tag those resources manually. Write API calls to check all resources for proper tag allocation. Periodically run the code on an EC2 instance. Write API calls to check all resources for proper tag allocation. Schedule an AWS Lambda function through Amazon CloudWatch to periodically run the code.
A business depends on an application that requires at least four Amazon EC2 instances for normal traffic and up to twelve EC2 instances for peak loads.
The application is mission-critical to the company and must maintain a high level of availability.
Which solution will satisfy these criteria? Deploy the EC2 instances in an Auto Scaling group. Set the minimum to 4 and the maximum to 12, with 2 in Availability Zone A and 2 in Availability Zone B. Deploy the EC2 instances in an Auto Scaling group. Set the minimum to 4 and the maximum to 12, with all 4 in Availability Zone A. Deploy the EC2 instances in an Auto Scaling group. Set the minimum to 8 and the maximum to 12, with 4 in Availability Zone A and 4 in Availability Zone B. Deploy the EC2 instances in an Auto Scaling group. Set the minimum to 8 and the maximum to 12, with all 8 in Availability Zone A.
A business seeks to construct a scalable key management infrastructure to assist developers in encrypting data inside their apps.
How might a solutions architect alleviate operational burdens? Use multi-factor authentication (MFA) to protect the encryption keys. Use AWS Key Management Service (AWS KMS) to protect the encryption keys. Use AWS Certificate Manager (ACM) to create, store, and assign the encryption keys. Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys.
A solutions architect is entrusted with the responsibility of moving 750 TB of data from an on-premises network-attached file system to an Amazon S3 Glacier at a branch office.
The migration must not exceed the 1 Mbps internet connection on-premises.
Which solution will satisfy these criteria? Create an AWS site-to-site VPN tunnel to an Amazon S3 bucket and transfer the files directly. Transfer the files directly by using the AWS CLI. Order 10 AWS Snowball Edge Storage Optimized devices, and select an S3 Glacier vault as the destination. Mount the network-attached file system to an S3 bucket, and copy the files directly. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier. Order 10 AWS Snowball Edge Storage Optimized devices, and select an Amazon S3 bucket as the destination. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier.
A solutions architect notices that a nightly batch processing operation is automatically scaled up for an additional hour prior to reaching the targeted Amazon EC2 capacity. Every night, the peak capacity is the same, and batch operations always begin at 1 a.m. The solutions architect must create a cost-effective approach that enables rapid attainment of the targeted EC2 capacity while allowing the Auto Scaling group to scale down once the batch processes are complete.
What actions should the solutions architect take to ensure that these criteria are met? Increase the minimum capacity for the Auto Scaling group. Increase the maximum capacity for the Auto Scaling group. Configure scheduled scaling to scale up to the desired compute level. Change the scaling policy to add more EC2 instances during each scaling operation.
|
