A business has implemented an API in a Virtual Private Cloud (VPC) behind an internet-facing Application Load Balancer (ALB). In a second account, an application that uses the API as a client is installed in private subnets behind a NAT gateway. When the number of requests to the client application increases, the NAT gateway expenses exceed expectations. The ALB has been set to be internal by a solutions architect.
Which architectural improvements will result in the lowest NAT gateway costs? (Select two.) Configure a VPC peering connection between the two VPCs. Access the API using the private address. Configure an AWS Direct Connect connection between the two VPCs. Access the API using the private address. Configure a ClassicLink connection for the API into the client VPC. Access the API using the ClassicLink address. Configure a PrivateLink connection for the API into the client VPC. Access the API using the PrivateLink address. Configure an AWS Resource Access Manager connection between the two accounts. Access the API using the private address.
Recently, a corporation built Linux-based application instances on Amazon EC2 in a private subnet and a Linux-based bastion host on an Amazon EC2 instance in a VPC's public subnet. A solutions architect must establish connections from the on-premises network to the bastion host and application servers through the company's internet connection. The solutions architect must ensure that all EC2 instances' security groups permit this access.
Which measures should the solutions architect do in combination to satisfy these requirements? (Select two.) Replace the current security group of the bastion host with one that only allows inbound access from the application instances. Replace the current security group of the bastion host with one that only allows inbound access from the internal IP range for the company. Replace the current security group of the bastion host with one that only allows inbound access from the external IP range for the company. Replace the current security group of the application instances with one that allows inbound SSH access from only the private IP address of the bastion host. Replace the current security group of the application instances with one that allows inbound SSH access from only the public IP address of the bastion host.
A company's security policy mandates that all AWS API activity in its AWS accounts be tracked and audited on a regular basis. The firm must activate AWS CloudTrail on all existing and future AWS accounts that use AWS Organizations.
Which of the following solutions is the MOST SECURE? At the organizationג€™s root, define and attach a service control policy (SCP) that permits enabling CloudTrail only. Create IAM groups in the organizationג€™s management account as needed. Define and attach an IAM policy to the groups that prevents users from disabling CloudTrail. Organize accounts into organizational units (OUs). At the organizationג€™s root, define and attach a service control policy (SCP) that prevents users from disabling CloudTrail. Add all existing accounts under the organizationג€™s root. Define and attach a service control policy (SCP) to every account that prevents users from disabling CloudTrail.
A solutions architect is tasked with the responsibility of building a shared storage solution for a web application that is distributed across various Availability Zones. The web application is hosted on Amazon EC2 instances that are automatically scaled. The firm intends to update the information on a regular basis. The solution must be very consistent in providing the updated material as soon as it is modified.
Which solutions satisfy these criteria? (Select two.) Use AWS Storage Gateway Volume Gateway Internet Small Computer Systems Interface (iSCSI) block storage that is mounted to the individual EC2 instances. Create an Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system on the individual EC2 instances. Create a shared Amazon Elastic Block Store (Amazon EBS) volume. Mount the EBS volume on the individual EC2 instances. Use AWS DataSync to perform continuous synchronization of data between EC2 hosts in the Auto Scaling group. Create an Amazon S3 bucket to store the web content. Set the metadata for the Cache-Control header to no-cache. Use Amazon CloudFront to deliver the content.
On AWS, a business want to develop an online marketplace application as a collection of loosely linked microservices. When a client places a new order, two microservices should process the event concurrently in this application. A confirmation email will be sent via the Email microservice, and the OrderProcessing microservice will initiate the order delivery procedure. When a client cancels an order, the OrderCancellation and Email microservices should process the cancellation concurrently.
A solutions architect want to build the communications between microservices using Amazon Simple Queue Service (Amazon SQS) and Amazon Simple Notification Service (Amazon SNS).
What approach should the solutions architect use while designing the solution? Create a single SQS queue and publish order events to it. The Email OrderProcessing and OrderCancellation microservices can then consume messages of the queue. Create three SNS topics for each microservice. Publish order events to the three topics. Subscribe each of the Email OrderProcessing and OrderCancellation microservices to its own topic. Create an SNS topic and publish order events to it. Create three SQS queues for the Email OrderProcessing and OrderCancellation microservices. Subscribe all SQS queues to the SNS topic with message filtering. Create two SQS queues and publish order events to both queues simultaneously. One queue is for the Email and OrderProcessing microservices. The second queue is for the Email and OrderCancellation microservices.
A business is developing a website that will read from and write to an Amazon DynamoDB database. The website's traffic is predictable in that it peaks during business hours on weekdays and falls overnight and on weekends. A solutions architect must create a solution that is both cost efficient and capable of handling the demand.
What actions should the solutions architect take to ensure that these criteria are met? Enable DynamoDB Accelerator (DAX) to cache the data. Enable Multi-AZ replication for the DynamoDB database. Enable DynamoDB auto scaling when creating the tables. Enable DynamoDB On-Demand capacity allocation when creating the tables.
A business maintains a static website through its on-premises data center. Although the firm has many servers that manage all of its traffic, services are sometimes disrupted and the website goes inaccessible on busy days. The corporation wants to have a worldwide footprint and intends to treble its online traffic.
What recommendations should a solutions architect make to satisfy these requirements? Migrate the website content to Amazon S3 and host the website on Amazon CloudFront. Migrate the website content to Amazon EC2 instances with public Elastic IP addresses in multiple AWS Regions. Migrate the website content to Amazon EC2 instances and vertically scale as the load increases. Use Amazon Route 53 to distribute the loads across multiple Amazon CloudFront distributions for each AWS Region that exists globally.
The website of a business is hosted on Amazon EC2 instances behind an Application Load Balancer (ALB). There is a combination of dynamic and static information on the website. Users from all around the world are complaining about the website's slowness.
Which set of activities will result in an increase in website performance for global users? Create an Amazon CloudFront distribution and configure the ALB as an origin. Then update the Amazon Route 53 record to point to the CloudFront distribution. Create a latency-based Amazon Route 53 record for the ALB. Then launch new EC2 instances with larger instance sizes and register the instances with the ALB. Launch new EC2 instances hosting the same web application in different Regions closer to the users. Then register instances with the same ALB using cross- Region VPC peering. Host the website in an Amazon S3 bucket in the Regions closest to the users and delete the ALB and EC2 instances. Then update an Amazon Route 53 record to point to the S3 buckets.
A business has a web application that receives occasional use. Each month, there is a spike in use at the beginning, a minor spike at the start of each week, and an unexpected spike throughout the week. The program is made up of a web server and a MySQL database server that are both located inside the data center. The firm want to migrate the application to the AWS Cloud and needs to choose an affordable database platform that does not need database adjustments.
Which solution will satisfy these criteria? Amazon DynamoDB Amazon RDS for MySQL MySQL-compatible Amazon Aurora Serverless MySQL deployed on Amazon EC2 in an Auto Scaling group.
A business is developing an application that will allow customers to upload tiny files to Amazon S3. After a user uploads a file, it undergoes one-time basic processing to change the data and store it in JSON format for further analysis.
Each file must be handled immediately upon upload. Demand will fluctuate. On some days, people will upload an unusually large amount of files. On other days, people will upload a small number of files or none at all.
Which method satisfies these criteria with the LEAST amount of operational overhead? Configure Amazon EMR to read text files from Amazon S3. Run processing scripts to transform the data. Store the resulting JSON file in an Amazon Aurora DB cluster. Configure Amazon S3 to send an event notification to an Amazon Simple Queue Service (Amazon SQS) queue. Use Amazon EC2 instances to read from the queue and process the data. Store the resulting JSON file in Amazon DynamoDB. Configure Amazon S3 to send an event notification to an Amazon Simple Queue Service (Amazon SQS) queue. Use an AWS Lambda function to read from the queue and process the data. Store the resulting JSON file in Amazon DynamoDB. Configure Amazon EventBridge (Amazon CloudWatch Events) to send an event to Amazon Kinesis Data Streams when a new file is uploaded. Use an AWS Lambda function to consume the event from the stream and process the data. Store the resulting JSON file in Amazon Aurora DB cluster.
A business has built a microservices application. It processes user queries using a client-facing API integrated with Amazon API Gateway and several internal services deployed on Amazon EC2 instances. Although the API is built to handle unforeseen traffic spikes, internal services may become overloaded and unavailable for a brief period during surges. A solutions architect must provide a more dependable solution that minimizes mistakes when internal services become unavailable or unresponsive.
Which solution satisfies these criteria? Use AWS Auto Scaling to scale up internal services when there is a surge in traffic. Use different Availability Zones to host internal services. Send a notification to a system administrator when an internal service becomes unresponsive. Use an Elastic Load Balancer to distribute the traffic between internal services. Configure Amazon CloudWatch metrics to monitor traffic to internal services. Use Amazon Simple Queue Service (Amazon SQS) to store user requests as they arrive. Change the internal services to retrieve the requests from the queue for processing.
A business wishes to transfer an on-premises high performance computing (HPC) application and data to the AWS Cloud. On-premises storage is tiered, with hot high-performance parallel storage supporting the program during periodic runs and more cost-effective cold storage storing data while the application is not actively operating.
Which solution combination should a solutions architect propose to meet the application's storage requirements? (Select two.) Amazon S3 for cold data storage Amazon Elastic File System (Amazon EFS) for cold data storage Amazon S3 for high-performance parallel storage Amazon FSx for Lustre for high-performance parallel storage Amazon FSx for Windows for high-performance parallel storage.
A business hosts apps on Amazon EC2 instances equipped with IPv6 addresses. Through the internet, the apps must begin communications with other external applications. However, according to the company's security policy, no external service is permitted to start a connection to the EC2 instances.
What should a solutions architect suggest as a remedy to this problem? Create a NAT gateway and make it the destination of the subnetג€™s route table. Create an internet gateway and make it the destination of the subnetג€™s route table. Create a virtual private gateway and make it the destination of the subnetג€™s route table. Create an egress-only internet gateway and make it the destination of the subnetג€™s route table.
A solutions architect is tasked with the responsibility of developing a mission-critical online application. It will be comprised of Amazon EC2 instances connected to a relational database through an Application Load Balancer. The database should have a high degree of availability and should be fault tolerant.
Which database implementations will be able to fulfill these criteria? (Select two.) Amazon Redshift Amazon DynamoDB Amazon RDS for MySQL MySQL-compatible Amazon Aurora Multi-AZ Amazon RDS for SQL Server Standard Edition Multi-AZ.
A business is developing a web application that will interface with a content management system. The content management system is hosted on Amazon EC2 instances, which are routed via an Application Load Balancer (ALB). The EC2 instances are distributed across several Availability Zones in an Auto Scaling group. The content management system's users are continually adding and modifying files, blogs, and other website assets.
A solutions architect must design a solution that enables all EC2 instances to exchange current website content with the least amount of lag time feasible.
Which solution satisfies these criteria? Update the EC2 user data in the Auto Scaling group lifecycle policy to copy the website assets from the EC2 instance that was launched most recently. Configure the ALB to make changes to the website assets only in the newest EC2 instance. Copy the website assets to an Amazon Elastic File System (Amazon EFS) file system. Configure each EC2 instance to mount the EFS file system locally. Configure the website hosting application to reference the website assets that are stored in the EFS file system. Copy the website assets to an Amazon S3 bucket. Ensure that each EC2 instance downloads the website assets from the S3 bucket to the attached Amazon Elastic Block Store (Amazon EBS) volume. Run the S3 sync command once each hour to keep files up to date. Restore an Amazon Elastic Block Store (Amazon EBS) snapshot with the website assets. Attach the EBS snapshot as a secondary EBS volume when a new EC2 instance is launched. Configure the website hosting application to reference the website assets that are stored in the secondary EBS volume.
A single AWS account allows a business to host its internet-facing containerized web application on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster.
The EKS cluster is located inside a VPC's private subnet. The EKS cluster is accessed by system administrators through a bastion server on a public network.
The company's new security policy prohibits the usage of bastion hosts. Additionally, the organization must prohibit internet access to the EKS cluster.
Which option best fits these criteria in terms of cost-effectiveness? Set up an AWS Direct Connect connection. Create a transit gateway. Establish a VPN connection. Use AWS Storage Gateway.
A business has a highly dynamic batch processing operation that requires the utilization of a large number of Amazon EC2 instances to finish. The work is stateless in nature, meaning it may be started and stopped at any moment without causing any damage, and normally takes up to 60 minutes to finish. The organization has engaged a solutions architect to develop a scalable and cost-effective solution that satisfies the job's needs.
What recommendations should the solutions architect make? Implement EC2 Spot Instances. Purchase EC2 Reserved Instances. Implement EC2 On-Demand Instances. Implement the processing on AWS Lambda.
A business has multiple web servers that regularly need access to a shared Amazon RDS MySQL Multi-AZ database instance. The organization requires a safe means for web servers to connect to the database while also adhering to a security requirement that user credentials be rotated on a regular basis.
Which solution satisfies these criteria? Store the database user credentials in AWS Secrets Manager. Grant the necessary IAM permissions to allow the web servers to access AWS Secrets Manager. Store the database user credentials in AWS Systems Manager OpsCenter. Grant the necessary IAM permissions to allow the web servers to access OpsCenter. Store the database user credentials in a secure Amazon S3 bucket. Grant the necessary IAM permissions to allow the web servers to retrieve credentials and access the database. Store the database user credentials in files encrypted with AWS Key Management Service (AWS KMS) on the web server file system. The web server should be able to decrypt the files and access the database.
A corporation is considering migrating a mission-critical dataset to Amazon S3. The present solution architecture stores the dataset in a single S3 bucket in the us-east-1 Region with versioning enabled. According to the company's disaster recovery strategy, all data is replicated across various AWS Regions.
How should the S3 solution be designed by a solutions architect? Create an additional S3 bucket in another Region and configure cross-Region replication. Create an additional S3 bucket in another Region and configure cross-origin resource sharing (CORS). Create an additional S3 bucket with versioning in another Region and configure cross-Region replication. Create an additional S3 bucket with versioning in another Region and configure cross-origin resource (CORS).
A solutions architect is tasked with the responsibility of developing the cloud architecture for a new application being deployed on AWS. The application's users will be able to download and upload files interactively. Over 90-day-old files will be visited less often than fresher ones, but all files must be promptly accessible. The solutions architect must guarantee that the application scales to securely store petabytes of data.
Which solution satisfies these criteria? Store the files in Amazon S3 Standard. Create an S3 Lifecycle policy that moves objects that are more than 90 days old to S3 Glacier. Store the files in Amazon S3 Standard. Create an S3 Lifecycle policy that moves objects that are more than 90 days old to S3 Standard-Infrequent Access (S3 Standard-IA). Store the files in Amazon Elastic Block Store (Amazon EBS) volumes. Schedule snapshots of the volumes. Use the snapshots to archive data that is more than 90 days old. Store the files in RAID-striped Amazon Elastic Block Store (Amazon EBS) volumes. Schedule snapshots of the volumes. Use the snapshots to archive data that is more than 90 days old.
An ecommerce company's solutions architect want to back up application log data to Amazon S3. The solutions architect has no idea how often or which logs will be accessed. The organization wishes to save expenses by using the suitable S3 storage class.
Which S3 storage type should be used to satisfy these requirements? S3 Glacier S3 Intelligent-Tiering S3 Standard-Infrequent Access (S3 Standard-IA) S3 One Zone-Infrequent Access (S3 One Zone-IA).
A business operates an application on Amazon EC2 instances contained inside a private subnet within a VPC. The instances have access to data stored in the same AWS Region's Amazon S3 bucket. To access the S3 bucket, the VPC comprises a NAT gateway on a public subnet. The organization wishes to save money by replacing the NAT gateway without sacrificing security or redundancy.
Which solution satisfies these criteria? Replace the NAT gateway with a NAT instance. Replace the NAT gateway with an internet gateway. Replace the NAT gateway with a gateway VPC endpoint. Replace the NAT gateway with an AWS Direct Connect connection.
The organizers of a worldwide event want to publish daily reports as static HTML pages online. The pages are anticipated to get millions of views from visitors worldwide. The files are stored in a bucket on Amazon S3. A solutions architect has been tasked with the responsibility of designing a solution that is both efficient and effective.
How should the solutions architect go in order to do this? Generate presigned URLs for the files. Use cross-Region replication to all Regions. Use the geoproximity feature of Amazon Route 53. Use Amazon CloudFront with the S3 bucket as its origin.
An ecommerce firm is developing an application that will handle payments through a third-party payment provider. The payment provider must expressly permit access to the public IP address of the server making the payment request. However, the company's security regulations prohibit the direct connection of any server to the public internet.
Which solution will satisfy these criteria? Provision an Elastic IP address. Host the application servers on Amazon EC2 instances in a private subnet. Assign the public IP address to the application servers. Create a NAT gateway in a public subnet. Host the application servers on Amazon EC2 instances in a private subnet. Route payment requests through the NAT gateway. Deploy an Application Load Balancer (ALB). Host the application servers on Amazon EC2 instances in a private subnet. Route the payment requests through the ALB. Set up an AWS Client VPN connection to the payment service. Host the application servers on Amazon EC2 instances in a private subnet. Route the payment requests through the VPN.
A business uses Amazon S3 to provide files to select customers who do not have AWS credentials. These users must be granted access for a certain period of time.
What steps should a solutions architect take to ensure that these criteria are met securely? Enable public access on an Amazon S3 bucket. Generate a presigned URL to share with the users. Encrypt files using AWS KMS and provide keys to the users. Create and assign IAM roles that will grant GetObject permissions to the users.
A business wishes to run its web application on Amazon Web Services (AWS) utilizing numerous Amazon EC2 instances spread across various AWS Regions. Due to the fact that the application content will be region-specific, client requests must be directed to the server that hosts the content for that client location.
What actions should a solutions architect take to achieve this? Configure Amazon Route 53 with a latency routing policy. Configure Amazon Route 53 with a weighted routing policy. Configure Amazon Route 53 with a geolocation routing policy. Configure Amazon Route 53 with a multivalue answer routing policy.
A solutions architect is tasked with the responsibility of designing a low-latency solution for a static single-page application that users access through a custom domain name. Serverless, encrypted in transit, and cost-effective are all requirements for the solution.
Which AWS services and functionalities should the solutions architect utilize in combination? (Select two.) Amazon S3 Amazon EC2 AWS Fargate Amazon CloudFront Elastic Load Balancer.
A solutions architect must create a network that enables many Amazon EC2 instances to share a single data source for mission-critical data that all EC2 instances may access concurrently. The solution must be highly scalable, simple to install, and compliant with the NFS standard.
Which solution satisfies these criteria? Create an Amazon Elastic File System (Amazon EFS) file system. Configure a mount target in each Availability Zone. Attach each instance to the appropriate mount target. Create an additional EC2 instance and configure it as a file server. Create a security group that allows communication between the Instances and apply that to the additional instance. Create an Amazon S3 bucket with the appropriate permissions. Create a role in AWS IAM that grants the correct permissions to the S3 bucket. Attach the role to the EC2 Instances that need access to the data. Create an Amazon Elastic Block Store (Amazon EBS) volume with the appropriate permissions. Create a role in AWS IAM that grants the correct permissions to the EBS volume. Attach the role to the EC2 instances that need access to the data.
A business installs an application on Amazon Web Services Lambda functions that are called using the Amazon API Gateway API. Customer data is stored in an Amazon Aurora MySQL database using Lambda functions. When a corporation updates its database, Lambda functions are prevented from establishing database connections until the upgrade is complete. As a consequence, client data is not captured for some events.
A solutions architect must provide a solution that securely maintains customer data generated during database updates.
Which solution will satisfy these criteria? Provision an Amazon RDS proxy to sit between the Lambda functions and the database. Configure the Lambda functions to connect to the RDS proxy. Increase the run time of the Lambda functions to the maximum. Create a retry mechanism in the code that stores the customer data in the database. Persist the customer data to Lambda local storage. Configure new Lambda functions to scan the local storage to save the customer data to the database. Store the customer data in an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Create a new Lambda function that polls the queue and stores the customer data in the database.
An ecommerce firm realized that the performance of their Amazon RDS-based web application had degraded. The reduction in performance is being ascribed to an increase in the amount of read-only SQL queries initiated by business analysts. A solutions architect must resolve the issue with the least amount of modification to the current web application.
What recommendations should the solutions architect make? Export the data to Amazon DynamoDB and have the business analysts run their queries. Load the data into Amazon ElastiCache and have the business analysts run their queries. Create a read replica of the primary database and have the business analysts run their queries. Copy the data into an Amazon Redshift cluster and have the business analysts run their queries.
A solutions architect is refactoring a monolithic application into two microservices: Microservice A and Microservice B.
Microservice A queues messages for consumption by Microservice B in a central Amazon Simple Queue Service (Amazon SQS) queue. When Microservice B is unable to process a message after four attempts, the message must be withdrawn from the queue and archived for later study.
What actions should the solutions architect take to ensure that these criteria are met? Create an SQS dead-letter queue. Microservice B adds failed messages to that queue after it receives and fails to process the message four times. Create an SQS dead-letter queue. Configure the main SQS queue to deliver messages to the dead-letter queue after the message has been received four times. Create an SQS queue for failed messages. Microservice A adds failed messages to that queue after Microservice B receives and fails to process the message four times. Create an SQS queue for failed messages. Configure the SQS queue for failed messages to pull messages from the main SQS queue after the original message has been received four times.
Amazon EC2 is being used by a business to host its big data analytics workloads. Each night, these variable workloads run, and it is vital that they be completed before the start of business the following day. A solutions architect has been assigned with the responsibility of developing the MOST cost-effective solution possible.
Which approach is most likely to do this? Spot Fleet Spot Instances Reserved Instances On-Demand Instances.
A business want to utilize an AWS Region as a backup site for its on-premises infrastructure. The organization now contains ten terabytes of data and the on-premise data center has a one gigabit per second internet connection. A solutions architect must devise a strategy that enables the organization to migrate its existing data to AWS in 72 hours without utilizing an unencrypted connection.
Which option should the architect choose? Send the initial 10 TB of data to AWS using FTP. Send the initial 10 TB of data to AWS using AWS Snowball. Establish a VPN connection between Amazon VPC and the company's data center. Establish an AWS Direct Connect connection between Amazon VPC and the company's data center.
A team has developed an application that monitors the upload of new items to an Amazon S3 bucket. The uploads cause an AWS Lambda function to send object information to an Amazon DynamoDB table and a PostgreSQL database hosted by Amazon RDS.
Which of the following actions should the team do to achieve high availability? Enable Cross-Region Replication in the S3 bucket. Create a Lambda function for each Availability Zone the application is deployed in. Enable Multi-AZ on the RDS for PostgreSQL database. Create a DynamoDB stream for the DynamoDB table.
A business collects and analyzes clickstream data from many websites using batch processing. The data is imported into Amazon Redshift on a nightly basis and is then consumed by business analysts. The organization wishes to transition to near-real-time data processing in order to provide timely insights. The solution should handle streaming data efficiently and with low operational overhead.
Which AWS service combination is the MOST cost-effective for this solution? (Select two.) Amazon EC2 AWS Lambda Amazon Kinesis Data Streams Amazon Kinesis Data Firehose Amazon Kinesis Data Analytics.
A business is examining a recent transfer of a three-tier application to a virtual private cloud (VPC). The security team detects that the concept of least privilege is not being applied to the entrance and egress rules for Amazon EC2 security groups between application layers.
What actions should a solutions architect take to rectify this situation? Create security group rules using the instance ID as the source or destination. Create security group rules using the security group ID as the source or destination. Create security group rules using the VPC CIDR blocks as the source or destination. Create security group rules using the subnet CIDR blocks as the source or destination.
A corporation that provides live video streaming captures and saves real-time data in a disk-optimized database system. The organization is experiencing lower-than-expected throughput and is looking for an in-memory database storage solution that is speedier and delivers high availability via data replication.
Which database should be recommended by a solutions architect? Amazon RDS for MySQL Amazon RDS for PostgreSQL. Amazon ElastiCache for Redis Amazon ElastiCache for Memcached.
A web application operating on an Amazon EC2 instance in VPC-A requires access to files located on another Amazon EC2 instance in VPC-B. Both are distinct. AWS credentials. The network administrator must build a solution that enables safe access from VPC-A to an EC2 instance in VPC-B. There should be no single point of failure or issues about bandwidth.
Which solution will satisfy these criteria? Set up a VPC peering connection between VPC-A and VPC-B. Set up VPC gateway endpoints for the EC2 instance running in VPC-B. Attach a virtual private gateway to VPC-B and enable routing from VPC-A. Create a private virtual interface (VIF) for the EC2 instance running in VPC-B and add appropriate routes from VPC-B.
A business is offering an application that makes use of an Amazon RDS MySQL database. The database must be designed in such a way that it maintains high availability across Availability Zones and AWS Regions with the least amount of downtime possible.
What is the best way for a solutions architect to fulfill this requirement? Set up an RDS MySQL Multi-AZ DB instance. Configure an appropriate backup window. Set up an RDS MySQL Multi-AZ DB instance. Configure a read replica in a different Region. Set up an RDS MySQL Single-AZ DB instance. Configure a read replica in a different Region. Set up an RDS MySQL Single-AZ DB instance. Copy automated snapshots to at least one other Region.
On Amazon EC2, a business application is hosted and secured object storage is provided by Amazon S3. According to the chief information security officer, no application communication between the two services should pass over the public internet.
Which capabilities should the solution architect use to ensure compliance? AWS Key Management Service (AWS KMS) VPC endpoint Private subnet Virtual private gateway.
A solutions architect is responsible for designing the architecture of an application that is delivered as a Docker container image by a vendor. The container requires 50 GB of temporary file storage. Serverless infrastructure is required.
Which method satisfies these criteria with the LEAST amount of operational overhead? Create an AWS Lambda function that uses the Docker container image with an Amazon S3 mounted volume that has more than 50 GB of space. Create an AWS Lambda function that uses the Docker container image with an Amazon Elastic Block Store (Amazon EBS) volume that has more than 50 GB of space. Create an Amazon Elastic Container Service (Amazon ECS) cluster that uses the AWS Fargate launch type. Create a task definition for the container image with an Amazon Elastic File System (Amazon EFS) volume. Create a service with that task definition. Create an Amazon Elastic Container Service (Amazon ECS) cluster that uses the Amazon EC2 launch type with an Amazon Elastic Block Store (Amazon EBS) volume that has more than 50 GB of space. Create a task definition for the container image. Create a service with that task definition.
A corporation has an AWS Lambda function that requires read access to an Amazon S3 bucket hosted in the same AWS account as the Lambda function.
Which solution satisfies these criteria the SAFEST way possible? Apply an S3 bucket policy that grants read access to the S3 bucket. Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to the S3 bucket. Embed an access key and a secret key in the Lambda functionג€™s code to grant the required IAM permissions for read access to the S3 bucket. Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read access to all S3 buckets in the account.
A business runs a multi-tier web application that stores data on an Amazon Aurora MySQL DB cluster. Amazon EC2 instances are used to host the application tier. The company's information technology security policies require that database credentials be encrypted and changed every 14 days.
What should a solutions architect do in order to satisfy this demand with the LEAST amount of operational work possible? Create a new AWS Key Management Service (AWS KMS) encryption key. Use AWS Secrets Manager to create a new secret that uses the KMS key with the appropriate credentials. Associate the secret with the Aurora DB cluster. Configure a custom rotation period of 14 days. Create two parameters in AWS Systems Manager Parameter Store: one for the user name as a string parameter and one that uses the SecureString type for the password. Select AWS Key Management Service (AWS KMS) encryption for the password parameter, and load these parameters in the application tier. Implement an AWS Lambda function that rotates the password every 14 days. Store a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system in all EC2 instances of the application tier. Restrict the access to the file on the file system so that the application can read the file and that only super users can modify the file. Implement an AWS Lambda function that rotates the key in Aurora every 14 days and writes new credentials into the file. Store a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon S3 bucket that the application uses to load the credentials. Download the file to the application regularly to ensure that the correct credentials are used. Implement an AWS Lambda function that rotates the Aurora credentials every 14 days and uploads these credentials to the file in the S3 bucket.
A business operates a website that is protected by numerous Application Load Balancers. The corporation has a variety of distribution rights to its material in several countries. A solutions architect must verify that the proper material is given to users without infringing on distribution rights.
Which configuration should the solution architect use in order to satisfy these requirements? Configure Amazon CloudFront with AWS WAF. Configure Application Load Balancers with AWS WAF. Configure Amazon Route 53 with a geolocation policy. Configure Amazon Route 53 with a geoproximity routing policy.
A user requests a list of the IAM roles associated with their Amazon EC2 instance. The user has access to the EC2 instance through the login interface but does not have IAM rights.
How might a solutions architect go about retrieving this data? Run the following EC2 command: curl http://169.254.169.254/latest/meta-data/iam/info Run the following EC2 command: curl http://169.254.169.254/latest/user-data/iam/info Run the following EC2 command: http://169.254.169.254/latest/dynamic/instance-identity/ Run the following AWS CLI command: aws iam get-instance-profile --instance-profile-name ExampleInstanceProfile.
A business is expanding as demand for its goods increases. When traffic increases, the company's current purchase application is sluggish. The application is a three-layer monolith that employs synchronous transactions and sometimes has bottlenecks at the application tier. A solutions architect must build a solution that satisfies application response time requirements while allowing for surges in traffic flow.
Which solution will satisfy these criteria? Vertically scale the application instance using a larger Amazon EC2 instance size. Scale the applicationג€™s persistence layer horizontally by introducing Oracle RAC on AWS. Scale the web and application tiers horizontally using Auto Scaling groups and an Application Load Balancer. Decouple the application and data tiers using Amazon Simple Queue Service (Amazon SQS) with asynchronous AWS Lambda calls.
A solutions architect has established a new AWS account and is responsible for securing root user access to the account.
Which action(s) will do this? (Select two.) Ensure the root user uses a strong password. Enable multi-factor authentication to the root user. Store root user access keys in an encrypted Amazon S3 bucket. Add the root user to a group containing administrative permissions. Apply the required permissions to the root user with an inline policy document.
A business is developing containerized apps. The firm wishes to shift its on-premises development and operational services to AWS. According to management, production systems must be cloud agnostic and share configuration and administrator tools. A solutions architect must provide a managed solution that ensures the alignment of open-source software.
Which solution satisfies these criteria? Launch the containers on Amazon EC2 with EC2 instance worker nodes. Launch the containers on Amazon Elastic Kubernetes Service (Amazon EKS) and EKS worker nodes. Launch the containers on Amazon Elastic Containers service (Amazon ECS) with AWS Fargate instances. Launch the containers on Amazon Elastic Container Service (Amazon ECS) with Amazon EC2 instance worker nodes.
A bicycle sharing firm is building a multi-tier architecture to monitor the position of its bicycles during peak hours of operation. The business intends to incorporate these data points into its current analytics platform. A solutions architect must decide on the most suitable multi-tier architectural support choice. The REST API must be able to access the data points.
Which action satisfies these storage and retrieval criteria for location data? Use Amazon Athena with Amazon S3. Use Amazon API Gateway with AWS Lambda. Use Amazon QuickSight with Amazon Redshift. Use Amazon API Gateway with Amazon Kinesis Data Analytics.
A solutions architect is tasked with developing the storage architecture for a new online application that will be used to store and display engineering drawings. All application components will be hosted on AWS.
The application's architecture must use caching in order to decrease the time users spend waiting for engineering drawings to load. Petabytes of data must be able to be stored in the program.
Which storage and caching mix should the solutions architect use? Amazon S3 with Amazon CloudFront Amazon S3 Glacier with Amazon ElastiCache Amazon Elastic Block Store (Amazon EBS) volumes with Amazon CloudFront AWS Storage Gateway with Amazon ElastiCache.
A media business is considering migrating its operations to the AWS Cloud. The organization requires at least ten terabytes of storage with the highest feasible I/O performance for video processing, 300 terabytes of very durable storage for media content storage, and 900 terabytes of storage to satisfy standards for archiving material that is no longer in use.
Which services should a solutions architect propose in order to satisfy these requirements? Amazon Elastic Block Store (Amazon EBS) for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage Amazon Elastic Block Store (Amazon EBS) for maximum performance, Amazon Elastic File System (Amazon EFS) for durable data storage, and Amazon S3 Glacier for archival storage Amazon EC2 instance store for maximum performance, Amazon Elastic File System (Amazon EFS) for durable data storage, and Amazon S3 for archival storage Amazon EC2 instance store for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage.
A business is implementing an application that handles massive amounts of data concurrently. The workload will be run on Amazon EC2 instances. The network architecture must be configured in such a way that groups of nodes do not share the same underlying hardware.
Which networking solution satisfies these criteria? Run the EC2 instances in a spread placement group. Group the EC2 instances in separate accounts. Configure the EC2 instances with dedicated tenancy. Configure the EC2 instances with shared tenancy.
A trucking firm is installing an application that will monitor all of the company's vehicles' GPS positions. The organization requires a solution that generates real-time statistics based on metadata lookups with a high read throughput and low latency in the microsecond range. The database must be fault-tolerant and have a low operating and development overhead.
Which actions should a solutions architect do in combination to achieve these requirements? (Select two.) Use Amazon DynamoDB as the database. Use Amazon Aurora MySQL as the database. Use Amazon RDS for MySQL as the database Use Amazon ElastiCache as the caching layer. Use Amazon DynamoDB Accelerator (DAX) as the caching layer.
A business seeks a storage solution that allows its data science team to study data both on-premises and on the Amazon Web Services (AWS) Cloud. The team must be able to conduct statistical studies on-premises and through a fleet of Amazon EC2 instances distributed across several Availability Zones.
What actions should a solutions architect take to ensure that these criteria are met? Use an AWS Storage Gateway tape gateway to copy the on-premises files into Amazon S3. Use an AWS Storage Gateway volume gateway to copy the on-premises files into Amazon S3. Use an AWS Storage Gateway file gateway to copy the on-premises files to Amazon Elastic Block Store (Amazon EBS). Attach an Amazon Elastic File System (Amazon EFS) file system to the on-premises servers. Copy the files to Amazon EFS.
A business wishes to transfer its MySQL database from its on-premises location to AWS. The organization recently had a database outage, which had a substantial effect on business operations. To prevent this from happening again, the organization need a scalable database solution on AWS that minimizes data loss and replicates each transaction over at least two nodes.
Which solution satisfies these criteria? Create an Amazon RDS DB instance with synchronous replication to three nodes in three Availability Zones. Create an Amazon RDS MySQL DB instance with Multi-AZ functionality enabled to synchronously replicate the data. Create an Amazon RDS MySQL DB instance and then create a read replica in a separate AWS Region that synchronously replicates the data. Create an Amazon EC2 instance with a MySQL engine installed that triggers an AWS Lambda function to synchronously replicate the data to an Amazon RDS MySQL DB instance.
The application of a business is hosted on Amazon EC2 instances in a single Region. In the case of a catastrophe, a solutions architect must guarantee that resources are also available for deployment to a secondary Region.
Which activities should the solutions architect take in conjunction to achieve this? (Select two.) Detach a volume on an EC2 instance and copy it to Amazon S3. Launch a new EC2 instance from an Amazon Machine Image (AMI) in a new Region. Launch a new EC2 instance in a new Region and copy a volume from Amazon S3 to the new instance. Copy an Amazon Machine Image (AMI) of an EC2 instance and specify a different Region for the destination. Copy an Amazon Elastic Block Store (Amazon EBS) volume from Amazon S3 and launch an EC2 instance in the destination Region using that EBS volume.
A business is auditing its AWS Cloud deployment to guarantee that no one may access its data without the proper authorisation. A solutions architect is responsible for identifying all open Amazon S3 buckets and documenting any modifications to their setup.
What is the solution architect's role in achieving this? Enable AWS Config service with the appropriate rules Enable AWS Trusted Advisor with the appropriate checks. Write a script using an AWS SDK to generate a bucket report Enable Amazon S3 server access logging and configure Amazon CloudWatch Events.
A business owns an asynchronous API that is used to ingest user requests and route them to the appropriate microservice for processing depending on the request type. The firm is deploying the API front end using Amazon API Gateway, as well as an AWS Lambda function that calls Amazon DynamoDB to store user requests before routing them to the processing microservices.
The firm supplied as much DynamoDB capacity as possible within its budget constraints, yet the company continues to have availability difficulties and is losing user requests.
What should a solutions architect do to handle this problem in a way that does not negatively effect current users? Add throttling on the API Gateway with server-side throttling limits. Use DynamoDB Accelerator (DAX) and Lambda to buffer writes to DynamoDB. Create a secondary index in DynamoDB for the table with the user requests. Use the Amazon Simple Queue Service (Amazon SQS) queue and Lambda to buffer writes to DynamoDB.
A start-up business in the us-east-1 Region has a web application operating on several Amazon EC2 instances behind an Application Load Balancer across different Availability Zones. As the company's user base expands in the us-west-1 Region, it requires a low-latency, high-availability solution.
What actions should a solutions architect take to achieve this? Provision EC2 instances in us-west-1. Switch the Application Load Balancer to a Network Load Balancer to achieve cross-Region load balancing. Provision EC2 instances and an Application Load Balancer in us-west-1. Make the load balancer distribute the traffic based on the location of the request. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Create an accelerator in AWS Global Accelerator that uses an endpoint group that includes the load balancer endpoints in both Regions. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Configure Amazon Route 53 with a weighted routing policy. Create alias records in Route 53 that point to the Application Load Balancer.
A business has 150 TB of on-premises archival picture data that must be migrated to the AWS Cloud within the next month. The company's present network connection supports uploads of up to 100 Mbps for this purpose only at night.
What is the MOST COST-EFFECTIVE method for moving this data and adhering to the migration deadline? Use AWS Snowmobile to ship the data to AWS. Order multiple AWS Snowball devices to ship the data to AWS. Enable Amazon S3 Transfer Acceleration and securely upload the data. Create an Amazon S3 VPC endpoint and establish a VPN to upload the data.
A solutions architect must develop an automated solution to a company's compliance policy that prohibits security groups from including a rule allowing SSH from 0.0.0.0/0. If there is a violation of the policy, the business must be informed. A solution is required immediately.
What actions should the solutions architect take to ensure that these criteria are met with the LEAST amount of operational overhead possible? Write an AWS Lambda script that monitors security groups for SSH being open to 0.0.0.0/0 addresses and creates a notification every time it finds one. Enable the restricted-ssh AWS Config managed rule and generate an Amazon Simple Notification Service (Amazon SNS) notification when a noncompliant rule is created. Create an IAM role with permissions to globally open security groups and network ACLs. Create an Amazon Simple Notification Service (Amazon SNS) topic to generate a notification every time the role is assumed by a user. Configure a service control policy (SCP) that prevents non-administrative users from creating or editing security groups. Create a notification in the ticketing system when a user requests a rule that needs administrator permissions.
A Solutions Architect is responsible for developing a web application that will be hosted on AWS and will enable customers to pay access to premium, shared content stored in an S3 bucket. After purchase, users will have 14 days to download material before being banned access.
Which of the following would require the LEAST amount of effort to implement? Use an Amazon CloudFront distribution with an origin access identity (OAI). Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design a Lambda function to remove data that is older than 14 days. Use an S3 bucket and provide direct access to the file. Design the application to track purchases in a DynamoDB table. Configure a Lambda function to remove data that is older than 14 days based on a query to Amazon DynamoDB. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URL. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 60 minutes for the URL and recreate the URL as necessary.
A web application that is accessible to the public queries a database that is housed on an Amazon EC2 instance in a private subnet. Numerous queries have numerous database joins, and the application's performance has deteriorated as a result of the growth in complicated queries. The application team will be making performance enhancements.
What recommendations should a solutions architect provide to the application team? (Select two.) Cache query data in Amazon SQS Create a read replica to offload queries Migrate the database to Amazon Athena Implement Amazon DynamoDB Accelerator to cache data. Migrate the database to Amazon RDS.
On-premises, a business runs a multi-tier web application. The web application is containerized and operates on a distributed network of Linux computers that are linked to a PostgreSQL database that stores user records. The operational costs associated with infrastructure maintenance and capacity planning are impeding the company's expansion. A solutions architect is responsible for enhancing the application's infrastructure.
Which activities should the solutions architect take in conjunction to achieve this? (Select two.) Migrate the PostgreSQL database to Amazon Aurora. Migrate the web application to be hosted on Amazon EC2 instances. Set up an Amazon CloudFront distribution for the web application content. Set up Amazon ElastiCache between the web application and the PostgreSQL database. Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container Service (Amazon ECS).
A firm is developing a media sharing service and has chosen to store it on Amazon S3. When a media file is uploaded, the firm initiates a multi-step process that includes creating thumbnails, identifying objects within the photos, transcoding films into standard formats and resolutions, and extracting and storing information in an Amazon DynamoDB database. Metadata is used to facilitate search and navigation.
The volume of traffic varies. The system must be scalable to accommodate surges in traffic without incurring additional costs.
What solutions architect recommendations should be made to accommodate this workload? Build the processing into the website or mobile app used to upload the content to Amazon S3. Save the required data to the DynamoDB table when the objects are uploaded. Trigger AWS Step Functions when an object is stored in the S3 bucket. Have the Step Functions perform the steps needed to process the object and then write the metadata to the DynamoDB table. Trigger an AWS Lambda function when an object is stored in the S3 bucket. Have the Lambda function start AWS Batch to perform the steps to process the object. Place the object data in the DynamoDB table when complete. Trigger an AWS Lambda function to store an initial entry in the DynamoDB table when an object is uploaded to Amazon S3. Use a program running on an Amazon EC2 instance in an Auto Scaling group to poll the index for unprocessed items, and use the program to perform the processing.
A business want to employ Amazon Web Services' (AWS) high performance computing (HPC) infrastructure for financial risk modeling. Linux is used to execute the company's HPC workloads. Each HPC process is short-lived, operates on hundreds of AmazonEC2 Spot Instances, and creates thousands of output files that are eventually kept in persistent storage for analytics and long-term future usage.
The organization is looking for a cloud storage solution that enables the transfer of on-premises data to long-term persistent storage, making it accessible to all EC2 instances for processing. Additionally, the solution should provide a fast file system coupled with persistent storage for reading and writing datasets and output files.
Which AWS service combination satisfies these requirements? Amazon FSx for Lustre integrated with Amazon S3 Amazon FSx for Windows File Server integrated with Amazon S3 Amazon S3 Glacier integrated with Amazon Elastic Block Store (Amazon EBS) Amazon S3 bucket with a VPC endpoint integrated with an Amazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp2) volume.
A solutions architect is tasked with the responsibility of building the cloud architecture for a new application that will be deployed on AWS. The program enables users to download and upload files interactively. Files older than two years will get limited access. The architect of the solution must guarantee that the application scales to any number of files while ensuring excellent availability and durability.
Which scalable solutions should be recommended by the solutions architect? (Select two.) Store the files on Amazon S3 with a lifecycle policy that moves objects older than 2 years to S3 Glacier. Store the files on Amazon S3 with a lifecycle policy that moves objects older than 2 years to S3 Standard-Infrequent Access (S3 Standard-IA) Store the files on Amazon Elastic File System (Amazon EFS) with a lifecycle policy that moves objects older than 2 years to EFS Infrequent Access (EFS IA). Store the files in Amazon Elastic Block Store (Amazon EBS) volumes. Schedule snapshots of the volumes. Use the snapshots to archive data older than 2 years. Store the files in RAID-striped Amazon Elastic Block Store (Amazon EBS) volumes. Schedule snapshots of the volumes. Use the snapshots to archive data older than 2 years.
Multiple production apps are hosted by a business. One of the apps utilizes Amazon EC2, AWS Lambda, Amazon RDS, Amazon Simple Notification Service (Amazon SNS), and Amazon Simple Queue Service (Amazon SQS) resources distributed across various AWS Regions. All business resources are marked with the tag 'application' and a value unique to each application. A solutions architect's job is to offer the simplest method for recognizing all labeled components.
Which solution satisfies these criteria? Use AWS CloudTrail to generate a list of resources with the application tag. Use the AWS CLI to query each service across all Regions to report the tagged components. Run a query in Amazon CloudWatch Logs Insights to report on the components with the application tag. Run a query with the AWS Resource Groups Tag Editor to report on the resources globally with the application tag.
A business intends to utilize Amazon S3 to store user-uploaded photos. At rest, the photos must be secured in Amazon S3. The business does not want to spend time maintaining and rotating the keys, but does wish to regulate who has access to them.
What tools and techniques should a solutions architect use to do this? Server-Side Encryption with keys stored in an S3 bucket Server-Side Encryption with Customer-Provided Keys (SSE-C) Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3) Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS).
A business is transferring a huge, mission-critical database to Amazon Web Services (AWS). A solutions architect has chosen to utilize an Amazon RDS for MySQL Multi-AZ DB instance with storage capacity of 80,000 Provisioned IOPS. The data transfer is being carried out by the solutions architect utilizing AWS Database Migration Service (AWS DMS). The relocation process is taking longer than anticipated, and the corporation want to expedite it. The network staff at the corporation has ruled out bandwidth as a limiting constraint.
How should the solutions architect proceed to expedite the migration? (Select two.) Disable Multi-AZ on the target DB instance. Create a new DMS instance that has a larger instance size. Turn off logging on the target DB instance until the initial load is complete. Restart the DMS task on a new DMS instance with transfer acceleration enabled. Change the storage type on the target DB instance to Amazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp2).
A solutions architect is responsible for developing the cloud architecture for a business that requires hosting hundreds of machine learning models for its customers. The models need up to 10 GB of data from Amazon S3 to be loaded into memory on launch, but do not require disk access. Although the majority of models are used seldom, customers want them to be highly available, accessible, and with minimal latency.
Which option satisfies the specifications and is the MOST cost-effective? Deploy models as AWS Lambda functions behind an Amazon API Gateway for each model. Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind an Application Load Balancer for each model. Deploy models as AWS Lambda functions behind a single Amazon API Gateway with path-based routing where one path corresponds to each model. Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind a single Application Load Balancer with path-based routing where one path corresponds to each model.
A meteorological startup business has developed a bespoke web application with the purpose of selling weather data online to its subscribers. The firm now stores its data in Amazon DynamoDB and want to develop a new service that notifies the managers of four internal teams whenever a new weather event is recorded. The firm does not want for this new service to have an adverse effect on the functioning of the existing application.
What actions should a solutions architect take to ensure that these criteria are met with the LEAST amount of operational overhead possible? Use DynamoDB transactions to write new event data to the table. Configure the transactions to notify internal teams. Have the current application publish a message to four Amazon Simple Notification Service (Amazon SNS) topics. Have each team subscribe to one topic. Enable Amazon DynamoDB Streams on the table. Use triggers to write to a single Amazon Simple Notification Service (Amazon SNS) topic to which the teams can subscribe. Add a custom attribute to each record to flag new items. Write a cron job that scans the table every minute for items that are new and notifies an Amazon Simple Queue Service (Amazon SQS) queue to which the teams can subscribe.
A business uses a VPC peering plan to link all of its VPCs inside a same Region in order to facilitate cross-communication. Recent growth in account creation and VPCs has made it more difficult to sustain the VPC peering strategy, and the business anticipates reaching hundreds of VPCs. Additionally, there are fresh demands for the creation of site-to-site VPNs with some of the VPCs. A solutions architect has been charged with the responsibility of establishing a centrally controlled networking infrastructure for various accounts, virtual private clouds, and VPNs.
Which networking solution satisfies these criteria? Configure shared VPCs and VPNs and share to each other. Configure a hub-and-spoke VPC and route all traffic through VPC peering. Configure an AWS Direct Connect connection between all VPCs and VPNs. Configure a transit gateway with AWS Transit Gateway and connect all VPCs and VPNs.
A solutions architect is developing a program that will record the hourly energy use of a building's commercial tenants. The sensors will feed a database through HTTP requests, which will keep track of each tenant's consumption. When feasible, the solutions architect should use managed services. The workload will continue to gain functionality as the solutions architect incorporates independent components.
Which method satisfies these criteria with the LEAST amount of operational overhead? Use Amazon API Gateway with AWS Lambda functions to receive the data from the sensors, process the data, and store the data in an Amazon DynamoDB table. Use an Elastic Load Balancer that is supported by an Auto Scaling group of Amazon EC2 instances to receive and process the data from the sensors. Use an Amazon S3 bucket to store the processed data. Use Amazon API Gateway with AWS Lambda functions to receive the data from the sensors, process the data, and store the data in a Microsoft SQL Server Express database on an Amazon EC2 instance. Use an Elastic Load Balancer that is supported by an Auto Scaling group of Amazon EC2 instances to receive and process the data from the sensors. Use an Amazon Elastic File System (Amazon EFS) shared file system to store the processed data.
Two IAM policies have been written by a solutions architect: Policy1 and Policy2. Each policy is associated with an IAM group.
A cloud engineer is added to the IAM group as an IAM user.
Which of the following actions will the cloud engineer be able to carry out? Deleting IAM users Deleting directories Deleting Amazon EC2 instances Deleting logs from Amazon CloudWatch Logs.
A solutions architect is responsible for building an architecture that will support the operation of a third-party database server. The database software is memory heavy and is licensed on a CPU-based basis, with the cost increasing in direct proportion to the number of virtual CPU cores in the operating system. The solutions architect must choose an Amazon EC2 instance with adequate RAM to operate the database software, yet with a high number of vCPUs. The solutions architect must guarantee that the virtual CPUs are not underutilized and must keep expenditures to a minimum.
Which solution satisfies these criteria? Select and launch a smaller EC2 instance with an appropriate number of vCPUs. Configure the CPU cores and threads on the selected EC2 instance during instance launch. Create a new EC2 instance and ensure multithreading is enabled when configuring the instance details. Create a new Capacity Reservation and select the appropriate instance type. Launch the instance into this new Capacity Reservation.
A workload is executing on an Amazon EC2 instance and requires millisecond latency. The program does many little file system reads and writes, yet the file system itself is small.
Which volume type of Amazon Elastic Block Store (Amazon EBS) should a solutions architect connect to an EC2 instance? Cold HDD (sc1) General Purpose SSD (gp2) Provisioned IOPS SSD (io1) Throughput Optimized HDD (st1).
A solutions architect is creating a two-tiered architecture with distinct private subnets for compute and database resources. AWS Lambda functions deployed in compute subnets need database connection.
Which option would provide the MOST SECURE connectivity? Configure the Lambda function to use Amazon RDS Proxy outside the VPC. Associate a security group with the Lambda function. Authorize this security group in the database's security group. Authorize the compute subnetג€™s CIDR ranges in the database's security group. During the initialization phase, authorize all IP addresses in the database's security group temporarily. Remove the rule after the initialization is complete.
A development team is building an event-driven application using AWS Lambda. When files are added to an Amazon S3 bucket, events will be created. Amazon Simple Notification Service (Amazon SNS) is presently specified as the event target for Amazon S3 events.
What should a solutions architect do to scale the processing of events from Amazon S3? Create an SNS subscription that processes the event in Amazon Elastic Container Service (Amazon ECS) before the event runs in Lambda. Create an SNS subscription that processes the event in Amazon Elastic Kubernetes Service (Amazon EKS) before the event runs in Lambda. Create an SNS subscription that sends the event to Amazon Simple Queue Service (Amazon SQS). Configure the SQS queue to trigger a Lambda function. Create an SNS subscription that sends the event to AWS Server Migration Service (AWS SMS). Configure the Lambda function to poll from the SMS event.
A business has deployed a multi-tier application on many Amazon EC2 instances in an Auto Scaling group. Amazon RDS for Oracle instances serve as the application's data layer, using Oracle-native PL/SQL operations. The application's traffic has been continuously rising. This overloads the EC2 instances and causes the RDS instance to run out of storage. The Auto Scaling group lacks scaling metrics and instead specifies the minimal healthy instance count. According to the corporation, traffic will continue to grow at a constant but unpredictable pace until it reaches a plateau.
What should a solutions architect do to guarantee that the system can grow automatically as traffic increases? (Select two.) Configure storage Auto Scaling on the RDS for Oracle instance. Migrate the database to Amazon Aurora to use Auto Scaling storage. Configure an alarm on the RDS for Oracle instance for low free storage space. Configure the Auto Scaling group to use the average CPU as the scaling metric. Configure the Auto Scaling group to use the average free memory as the scaling metric.
A business just established hybrid cloud access with AWS Direct Connect and is now moving data to Amazon S3. The organization is seeking a fully managed solution that would automate and expedite data replication between on-premises storage systems and Amazon Web Services (AWS) storage services.
Which solution should a solutions architect propose for maintaining the confidentiality of the data? Deploy an AWS DataSync agent for the on-premises environment. Configure a sync job to replicate the data and connect it with an AWS service endpoint. Deploy an AWS DataSync agent for the on-premises environment. Schedule a batch job to replicate point-in-time snapshots to AWS. Deploy an AWS Storage Gateway volume gateway for the on-premises environment. Configure it to store data locally, and asynchronously back up point-in- time snapshots to AWS. Deploy an AWS Storage Gateway file gateway for the on-premises environment. Configure it to store data locally, and asynchronously back up point-in-time snapshots to AWS.
A solutions architect is assisting a developer with the design of a new ecommerce shopping cart application utilizing Amazon Web Capabilities (AWS) services. The developer is unclear about the database schema in use and anticipates changing it as the ecommerce site expands. The solution must be very durable and capable of scaling read and write capacity automatically.
Which database solution satisfies these criteria? Amazon Aurora PostgreSQL Amazon DynamoDB with on-demand enabled Amazon DynamoDB with DynamoDB Streams enabled Amazon SQS and Amazon Aurora PostgreSQL.
A business has an aging application that handles data in two distinct stages. Because the second stage of the process takes longer than the first, the firm opted to redesign the application as two distinct microservices running on Amazon ECS.
What is the best way for a solutions architect to incorporate microservices? Implement code in microservice 1 to send data to an Amazon S3 bucket. Use S3 event notifications to invoke microservice 2. Implement code in microservice 1 to publish data to an Amazon SNS topic. Implement code in microservice 2 to subscribe to this topic. Implement code in microservice 1 to send data to Amazon Kinesis Data Firehose. Implement code in microservice 2 to read from Kinesis Data Firehose. Implement code in microservice 1 to send data to an Amazon SQS queue. Implement code in microservice 2 to process messages from the queue.
A business's website is hosted on Amazon S3. Monthly, the website provides petabytes of outbound traffic, accounting for the majority of the company's AWS charges.
What actions should a solutions architect do to save money? Configure Amazon CloudFront with the existing website as the origin. Move the website to Amazon EC2 with Amazon Elastic Block Store (Amazon EBS) volumes for storage. Use AWS Global Accelerator and specify the existing website as the endpoint. Rearchitect the website to run on a combination of Amazon API Gateway and AWS Lambda.
A business wishes to use a customized distributed program for the purpose of calculating numerous profit and loss situations. To do this, the business must establish a network connection between its Amazon EC2 instances. The connection must have a low latency and a high throughput.
Which solution will satisfy these criteria? Provision the application to use EC2 Dedicated Hosts of the same instance type. Configure a placement group for EC2 instances that have the same instance type. Use multiple AWS elastic network interfaces and link aggregation. Configure AWS PrivateLink for the EC2 instances.
A corporation is building a real-time multiplier game that communicates with clients and servers through UDP in an Auto Scaling group. Daytime demand spikes are predicted, and the game server platform must respond appropriately. Developers wish to store gamer scores and other non-relational data in a scalable database system.
Which solution, if any, should a solutions architect suggest? Use Amazon Route 53 for traffic distribution and Amazon Aurora Serverless for data storage. Use a Network Load Balancer for traffic distribution and Amazon DynamoDB on-demand for data storage. Use a Network Load Balancer for traffic distribution and Amazon Aurora Global Database for data storage. Use an Application Load Balancer for traffic distribution and Amazon DynamoDB global tables for data storage.
A standard established by an operations team says that IAM policies should not be implemented directly to users. Certain new team members have failed to adhere to this norm. The operations manager need a simple method for identifying users who have attached policies.
What actions should a solutions architect take to achieve this? Monitor using AWS CloudTrail. Create an AWS Config rule to run daily. Publish IAM user changes to Amazon SNS. Run AWS Lambda when a user is modified.
On Amazon EC2, a solutions architect is developing a high performance computing (HPC) workload. The EC2 instances must connect regularly with one another, necessitating network performance with low latency and high throughput.
Which EC2 setup satisfies these criteria? Launch the EC2 instances in a cluster placement group in one Availability Zone. Launch the EC2 instances in a spread placement group in one Availability Zone. Launch the EC2 instances in an Auto Scaling group in two Regions and peer the VPCs. Launch the EC2 instances in an Auto Scaling group spanning multiple Availability Zones.
A business owns a mobile game that derives the majority of its information from an Amazon RDS database instance. As the game gained popularity, the creators observed performance issues relating to the game's metadata loading times. According to performance metrics, merely scaling the database will not assist. A solutions architect must consider all available choices, which may include snapshot replication and sub-millisecond response times.
What recommendations should the solutions architect make to resolve these issues? Migrate the database to Amazon Aurora with Aurora Replicas. Migrate the database to Amazon DyramoDB with global tables. Add an Amazon ElastiCache for Redis layer in front of the database. Add an Amazon ElastiCache for Memcached layer in front of the database.
A business is transferring its data center and need a safe data transfer of 50 TB to AWS within two weeks. The present data center has a 90 percent used Site-to-Site VPN connection to AWS.
Which Amazon Web Services offering could a solutions architect use to achieve these requirements? AWS DataSync with a VPC endpoint AWS Direct Connect AWS Snowball Edge Storage Optimized AWS Storage Gateway.
A solutions architect must create a solution that stores a static website using Amazon CloudFront and an Amazon S3 origin. According to the company's security policy, every website traffic must be reviewed by AWS WAF.
How should the solutions architect adhere to these specifications? Configure an S3 bucket policy to accept requests coming from the AWS WAF Amazon Resource Name (ARN) only. Configure Amazon CloudFront to forward all incoming requests to AWS WAF before requesting content from the S3 origin. Configure a security group that allows Amazon CloudFront IP addresses to access Amazon S3 only. Associate AWS WAF to CloudFront. Configure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucket. Enable AWS WAF on the distribution.
A business wishes to lower the cost of Amazon S3 storage in its production environment while maintaining the durability and performance of the stored items.
What is the FIRST move that the business should take to accomplish these goals? Enable Amazon Macie on the business-critical S3 buckets to classify the sensitivity of the objects. Enable S3 analytics to identify S3 buckets that are candidates for transitioning to S3 Standard-Infrequent Access (S3 Standard-IA). Enable versioning on all business-critical S3 buckets. Migrate the objects in all S3 buckets to S3 Intelligent-Tiering.
A business hosts its static website in an Amazon S3 bucket, which is where Amazon CloudFront gets its start. The business serves customers in the United States, Canada, and Europe and is looking to cut expenses.
What recommendations should a solutions architect make? Adjust the CloudFront caching time to live (TTL) from the default to a longer timeframe. Implement CloudFront events with Lambda@Edge to run the websiteג€™s data processing. Modify the CloudFront price class to include only the locations of the countries that are served. Implement a CloudFront Secure Sockets Layer (SSL) certificate to push security closer to the locations of the countries that are served.
A solution architect is tasked with the responsibility of designing a highly available program that consists of web, application, and database layers. HTTPS content delivery should occur as near to the edge as practicable, with the least amount of time required for delivery.
Which solution satisfies these criteria and is the MOST SECURE? Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in public subnets. Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin. Amazon EC2 instances in private subnets Configure. Configure a public Application Load Balancer with multiple redundant Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin. Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in private subnets. Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin. Configure a public Application Load Balancer with multiple redundant Amazon EC2 instances in public subnets. Configure Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin.
A new AWS customer creates a Site-to-Site VPN between its on-premises datacenter and AWS. According to the firm's security policy, traffic originating on-premises shall remain inside the private IP space of the company while talking with an Amazon Elastic Container Service (Amazon ECS) cluster containing a sample web application.
Which solution satisfies this criterion? Configure a gateway endpoint for Amazon ECS. Modify the route table to include an entry pointing to the ECS cluster. Create a Network Load Balancer and AWS PrivateLink endpoint for Amazon ECS in the same VPC that is hosting the ECS cluster. Create a Network Load Balancer in one VPC and an AWS PrivateLink endpoint for Amazon ECS in another VPC. Connect the two VPCs by using VPC peering. Configure an Amazon Route 53 record with Amazon ECS as the target. Apply a server certificate to Route 53 from AWS Certificate Manager (ACM) for SSL offloading.
A firm that hosts its web application on Amazon Web Services (AWS) needs to verify that all Amazon EC2 instances, Amazon RDS database instances, and Amazon Redshift clusters are tagged. The organization wishes to reduce the time and effort required to configure and operate this check.
What actions should a solutions architect take to achieve this? Use AWS Config rules to define and detect resources that are not properly tagged. Use Cost Explorer to display resources that are not properly tagged. Tag those resources manually. Write API calls to check all resources for proper tag allocation. Periodically run the code on an EC2 instance. Write API calls to check all resources for proper tag allocation. Schedule an AWS Lambda function through Amazon CloudWatch to periodically run the code.
A business depends on an application that requires at least four Amazon EC2 instances for normal traffic and up to twelve EC2 instances for peak loads.
The application is mission-critical to the company and must maintain a high level of availability.
Which solution will satisfy these criteria? Deploy the EC2 instances in an Auto Scaling group. Set the minimum to 4 and the maximum to 12, with 2 in Availability Zone A and 2 in Availability Zone B. Deploy the EC2 instances in an Auto Scaling group. Set the minimum to 4 and the maximum to 12, with all 4 in Availability Zone A. Deploy the EC2 instances in an Auto Scaling group. Set the minimum to 8 and the maximum to 12, with 4 in Availability Zone A and 4 in Availability Zone B. Deploy the EC2 instances in an Auto Scaling group. Set the minimum to 8 and the maximum to 12, with all 8 in Availability Zone A.
A business seeks to construct a scalable key management infrastructure to assist developers in encrypting data inside their apps.
How might a solutions architect alleviate operational burdens? Use multi-factor authentication (MFA) to protect the encryption keys. Use AWS Key Management Service (AWS KMS) to protect the encryption keys. Use AWS Certificate Manager (ACM) to create, store, and assign the encryption keys. Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys.
A solutions architect is entrusted with the responsibility of moving 750 TB of data from an on-premises network-attached file system to an Amazon S3 Glacier at a branch office.
The migration must not exceed the 1 Mbps internet connection on-premises.
Which solution will satisfy these criteria? Create an AWS site-to-site VPN tunnel to an Amazon S3 bucket and transfer the files directly. Transfer the files directly by using the AWS CLI. Order 10 AWS Snowball Edge Storage Optimized devices, and select an S3 Glacier vault as the destination. Mount the network-attached file system to an S3 bucket, and copy the files directly. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier. Order 10 AWS Snowball Edge Storage Optimized devices, and select an Amazon S3 bucket as the destination. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier.
A business recently revised its internal security policies. The organization must now verify that all Amazon S3 buckets and Amazon Elastic Block Store (Amazon EBS) volumes are encrypted using keys generated and cycled on a periodic basis by internal security professionals. To do this, the organization is searching for a native, software-based AWS solution.
What solution should a solutions architect recommend? Use AWS Secrets Manager with customer master keys (CMKs) to store master key material and apply a routine to create a new CMK periodically and replace it in AWS Secrets Manager. Use AWS Key Management Service (AWS KMS) with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in AWS KMS. Use an AWS CloudHSM cluster with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in the CloudHSM cluster nodes. Use AWS Systems Manager Parameter Store with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in the Parameter Store.
A business has NFS servers in an on-premises data center that need frequent backups to Amazon S3.
Which option satisfies these criteria and is the MOST cost-effective? Set up AWS Glue to copy the data from the on-premises servers to Amazon S3. Set up an AWS DataSync agent on the on-premises servers, and sync the data to Amazon S3. Set up an SFTP sync using AWS Transfer for SFTP to sync data from on-premises to Amazon S3. Set up an AWS Direct Connect connection between the on-premises data center and a VPC, and copy the data to Amazon S3.
A solutions architect is tasked with the responsibility of building a multi-region disaster recovery solution for an application that will enable public API access. To load application code, the application will use Amazon EC2 instances with a userdata script and an Amazon RDS for MySQL database. Three hours is the Recovery Time Objective (RTO), while twenty-four hours is the Recovery Point Objective (RPO).
Which architecture would be the LEAST EXPENSIVE to achieve these requirements? Use an Application Load Balancer for Region failover. Deploy new EC2 instances with the userdata script. Deploy separate RDS instances in each Region. Use Amazon Route 53 for Region failover. Deploy new EC2 instances with the userdata script. Create a read replica of the RDS instance in a backup Region. Use Amazon API Gateway for the public APIs and Region failover. Deploy new EC2 instances with the userdata script. Create a MySQL read replica of the RDS instance in a backup Region. Use Amazon Route 53 for Region failover. Deploy new EC2 instances with the userdata script for APIs, and create a snapshot of the RDS instance daily for a backup. Replicate the snapshot to a backup Region.
A business intends to develop a new web application using AWS. The firm anticipates consistent traffic for the most of the year and very high traffic on occasion. The web application must be highly available, fault resistant, and have a low response time.
What recommendations should a solutions architect make to satisfy these requirements? Use an Amazon Route 53 routing policy to distribute requests to two AWS Regions, each with one Amazon EC2 instance. Use Amazon EC2 instances in an Auto Scaling group with an Application Load Balancer across multiple Availability Zones. Use Amazon EC2 instances in a cluster placement group with an Application Load Balancer across multiple Availability Zones. Use Amazon EC2 instances in a cluster placement group and include the cluster placement group within a new Auto Scaling group.
The web application of a business makes use of many Linux Amazon EC2 instances and data is stored on Amazon Elastic Block Store (Amazon EBS) volumes. The organization is searching for a solution that will boost the application's resilience in the event of a failure and will offer storage that adheres to the atomicity, consistency, isolation, and durability requirements (ACID).
What actions should a solutions architect take to ensure that these criteria are met? Launch the application on EC2 instances in each Availability Zone. Attach EBS volumes to each EC2 instance. Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Mount an instance store on each EC2 instance. Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Store data on Amazon Elastic File System (Amazon EFS) and mount a target on each instance. Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Store data using Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA).
A business wants to use a hybrid workload for data processing. The data must be available through an NFS protocol to on-premises applications for local data processing, as well as via the AWS Cloud for further analytics and batch processing.
Which solution will satisfy these criteria? Use an AWS Storage Gateway file gateway to provide file storage to AWS, then perform analytics on this data in the AWS Cloud. Use an AWS Storage Gateway tape gateway to copy the backup of the local data to AWS, then perform analytics on this data in the AWS cloud. Use an AWS Storage Gateway volume gateway in a stored volume configuration to regularly take snapshots of the local data, then copy the data to AWS. Use an AWS Storage Gateway volume gateway in a cached volume configuration to back up all the local storage in the AWS cloud, then perform analytics on this data in the cloud.
A business is operating a two-tier ecommerce website on AWS. The existing architecture makes use of a publish-facing Elastic Load Balancer to route traffic to Amazon EC2 instances located inside a private subnet. Static material is housed on Amazon Web Services instances, while dynamic content is accessed from a MySQL database. The application is currently only available in the United States. Recently, the corporation began selling to consumers in Europe and Australia. A solutions architect must create solutions in such a way that International users benefit from an enhanced browsing experience.
Which option is the MOST CHEAPEST? Host the entire website on Amazon S3. Use Amazon CloudFront and Amazon S3 to host static images. Increase the number of public load balancers and EC2 instances. Deploy the two-tier website in AWS Regions in Europe and Australia.
A solutions architect is tasked with the responsibility of migrating a Windows internet information Services (IIS) web application to Amazon Web Services (AWS). Currently, the program depends on a file share located on the user's network-attached storage (NAS). The solutions recommended transferring the IIS web servers to Amazon EC2 instances spread across several Availability Zones linked to the storage solution, as well as installing an Elastic Load Balancer tied to the instances.
Which on-premises file sharing alternative is the MOST resiliant and durable? Migrate the file Share to Amazon RDS. Migrate the file Share to AWS Storage Gateway Migrate the file Share to Amazon FSx for Windows File Server. Migrate the file share to Amazon Elastic File System (Amazon EFS).
At a corporation, a solutions architect is developing the architecture for a two-tiered online application. The web application is comprised of an internet-facing Application Load Balancer (ALB) that routes traffic to an Amazon EC2 Auto Scaling group of instances. The EC2 instances must be able to connect to an Amazon RDS database.
The corporation has suggested that the network layout use a defense-in-depth strategy. The business does not want to depend entirely on security groups or network access control lists.
Only the bare minimal resources required should be routeable over the internet.
Which network architecture should the solutions architect suggest in order to satisfy these requirements? Place the ALB, EC2 instances, and RDS database in private subnets. Place the ALB in public subnets. Place the EC2 instances and RDS database in private subnets. Place the ALB and EC2 instances in public subnets. Place the RDS database in private subnets. Place the ALB outside the VPC. Place the EC2 instances and RDS database in private subnets.
A corporation uses AWS to power its two-tier ecommerce website. The web tier is comprised of a load balancer that routes traffic to Amazon Elastic Compute Cloud machines. The database layer is implemented using an Amazon RDS database instance. The EC2 instances and the RDS database instance should not be made publicly accessible. Internet connectivity is required for the EC2 instances to complete payment processing of orders through a third-party web service. The application must have a high degree of availability.
Which setup alternatives will satisfy these requirements? (Select two.) Use an Auto Scaling group to launch the EC2 instances in private subnets. Deploy an RDS Multi-AZ DB instance in private subnets. Configure a VPC with two private subnets and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the private subnets. Use an Auto Scaling group to launch the EC2 instances in public subnets across two Availability Zones. Deploy an RDS Multi-AZ DB instance in private subnets. Configure a VPC with one public subnet, one private subnet, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnet. Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones. Deploy an Application Load Balancer in the public subnets.
A solutions architect must verify that any volumes recovered from unencrypted EBC snapshots are encrypted.
What is the solution architect's role in achieving this? Enable EBS encryption by default for the AWS Region. Enable EBS encryption by default for the specific volumes. Create a new volume and specify the symmetric customer master key (CMK) to use for encryption. Create a new volume and specify the asymmetric customer master key (CMK) to use for encryption.
A business runs an application that facilitates the upload of files to an Amazon S3 bucket. After files are uploaded, they are analyzed for metadata extraction, which takes less than 5 seconds. The upload volume and frequency vary between a few files per hour to hundreds of concurrent uploads. The organization has commissioned a solutions architect to create a cost-effective architecture that satisfies these needs.
What recommendations should the solutions architect make? Configure AWS CloudTrail trails to log S3 API calls. Use AWS AppSync to process the files. Configure an object-created event notification within the S3 bucket to invoke an AWS Lambda function to process the files. Configure Amazon Kinesis Data Streams to process and send data to Amazon S3. Invoke an AWS Lambda function to process the files. Configure an Amazon Simple Notification Service (Amazon SNS) topic to process the files uploaded to Amazon S3. Invoke an AWS Lambda function to process the files.
A business has a multi-tier application that is hosted on six front-end web servers in an Amazon EC2 Auto Scaling group in a single Availability Zone and is protected by an Application Load Balancer (ALB). Without affecting the application, a solutions architect must adapt the infrastructure to make it highly accessible.
Which architecture should the solutions architect use to ensure maximum availability? Create an Auto Scaling group that uses three instances across each of two Regions. Modify the Auto Scaling group to use three instances across each of two Availability Zones. Create an Auto Scaling template that can be used to quickly create more instances in another Region. Change the ALB in front of the Amazon EC2 instances in a round-robin configuration to balance traffic to the web tier.
A web application development business has deployed hundreds of Application Load Balancers (ALBs) across several regions. The firm want to build an allow list for all load balancers' IP addresses on its firewall device. A solutions architect is searching for a one-time, highly available solution to this requirement that will also assist lower the number of IPs that the firewall must accept.
What recommendations should the solutions architect make to satisfy these requirements? Create a AWS Lambda function to keep track of the IPs for all the ALBs in different Regions. Keep refreshing this list. Set up a Network Load Balancer (NLB) with Elastic IPs. Register the private IPs of all the ALBs as targets to this NLB. Launch AWS Global Accelerator and create endpoints for all the Regions. Register all the ALBs in different Regions to the corresponding endpoints. Set up an Amazon EC2 instance, assign an Elastic IP to this EC2 instance, and configure the instance as a proxy to forward traffic to all the ALBs.
A business is developing a payment application that must be very reliable even in the event of regional service outages. A solutions architect must provide a data storage solution that is readily replicable and deployable across several AWS Regions. Additionally, the application needs low-latency atomicity, consistency, isolation, and durability (ACID) transactions that must be accessible promptly for report generation. Additionally, the development team must use SQL.
Which data storage option satisfies these criteria? Amazon Aurora Global Database Amazon DynamoDB global tables Amazon S3 with cross-Region replication and Amazon Athena MySQL on Amazon EC2 instances with Amazon Elastic Block Store (Amazon EBS) snapshot replication.
A business want to run a scalable web application on Amazon Web Services. The program will be accessible by people from all around the globe.
Users of the application will be able to download and upload unique data in the gigabyte range. The development team is looking for an economical solution that minimizes upload and download latency and optimizes speed.
What actions should a solutions architect take to achieve this? Use Amazon S3 with Transfer Acceleration to host the application. Use Amazon S3 with CacheControl headers to host the application. Use Amazon EC2 with Auto Scaling and Amazon CloudFront to host the application. Use Amazon EC2 with Auto Scaling and Amazon ElastiCache to host the application.
A business's on-premises volume backup system has reached the end of its useful life. The organization wants to include AWS into a new backup solution and wishes to retain local access to all data while it is backed up on AWS. The organization want to guarantee that data backed up on AWS is moved automatically and securely.
Which solution satisfies these criteria? Use AWS Snowball to migrate data out of the on-premises solution to Amazon S3. Configure on-premises systems to mount the Snowball S3 endpoint to provide local access to the data. Use AWS Snowball Edge to migrate data out of the on-premises solution to Amazon S3. Use the Snowball Edge file interface to provide on-premises systems with local access to the data. Use AWS Storage Gateway and configure a cached volume gateway. Run the Storage Gateway software appliance on premises and configure a percentage of data to cache locally. Mount the gateway storage volumes to provide local access to the data. Use AWS Storage Gateway and configure a stored volume gateway. Run the Storage Gateway software appliance on premises and map the gateway storage volumes to on-premises storage. Mount the gateway storage volumes to provide local access to the data.
A business maintains an on-premises application that gathers and saves data on an on-premises NFS server. The firm just established a ten gigabit per second AWS Direct Connect connection. The company's on-site storage capacity is rapidly depleting. The organization wants to move application data from its on-premises environment to the AWS Cloud while preserving low-latency access to the data from the on-premises application.
What actions should a solutions architect take to ensure that these criteria are met? Deploy AWS Storage Gateway for the application data, and use the file gateway to store the data in Amazon S3. Connect the on-premises application servers to the file gateway using NFS. Attach an Amazon Elastic File System (Amazon EFS) file system to the NFS server, and copy the application data to the EFS file system. Then connect the on-premises application to Amazon EFS. Configure AWS Storage Gateway as a volume gateway. Make the application data available to the on-premises application from the NFS server and with Amazon Elastic Block Store (Amazon EBS) snapshots. Create an AWS DataSync agent with the NFS server as the source location and an Amazon Elastic File System (Amazon EFS) file system as the destination for application data transfer. Connect the on-premises application to the EFS file system.
In another Region, a business has constructed an isolated backup of its environment. The application is in warm standby mode and is protected by a load balancer (ALB). At the moment, failover is a manual operation that needs changing a DNS alias record to link to the secondary ALB in another Region.
What is the best way for a solutions architect to automate the failover process? Enable an ALB health check Enable an Amazon Route 53 health check. Crate an CNAME record on Amazon Route 53 pointing to the ALB endpoint. Create conditional forwarding rules on Amazon Route 53 pointing to an internal BIND DNS server.
A business has two AWS accounts: one for production and one for development. There are code modifications ready to be sent to the Production account from the Development account.
Only two senior developers on the development team need access to the Production account during the alpha phase. During the beta phase, more developers may need access to undertake testing.
What recommendations should a solutions architect make? Create two policy documents using the AWS Management Console in each account. Assign the policy to developers who need access. Create an IAM role in the Development account. Give one IAM role access to the Production account. Allow developers to assume the role. Create an IAM role in the Production account with the trust policy that specifies the Development account. Allow developers to assume the role. Create an IAM group in the Production account and add it as a principal in the trust policy that specifies the Production account. Add developers to the group.
A multinational conglomerate with operations in North America, Europe, and Asia is developing a new distributed application to improve its worldwide supply chain and manufacturing processes. Orders placed on a single continent should be accessible to all Regions in less than a second. The database should be capable to failover with a minimal Recovery Time Objective (RTO). The application's uptime is critical to ensuring that production does not suffer.
What recommendations should a solutions architect make? Use Amazon DynamoDB global tables. Use Amazon Aurora Global Database. Use Amazon RDS for MySQL with a cross-Region read replica. Use Amazon RDS for PostgreSQL with a cross-Region read replica.
The application of a business is hosted on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are distributed across multiple Availability Zones via an Amazon EC2 Auto Scaling group. At midnight on the first day of each month, the application becomes significantly slower as the month-end financial calculation batch executes. This causes the CPU utilization of the EC2 instances to spike to 100% immediately, causing the application to fail.
What should a solutions architect recommend to ensure that the application can handle the workload without experiencing downtime? Configure an Amazon CloudFront distribution in front of the ALB. Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization. Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule. Configure Amazon ElastiCache to remove some of the workload from the EC2 instances.
A solutions architect must host a high-performance computing (HPC) workload on Amazon Web Services (AWS). The workload will be dispersed over hundreds of Amazon EC2 instances and will need concurrent access to a shared file system in order to facilitate distributed processing of big datasets. Multiple instances of the same dataset will be accessible concurrently. The workload demands an access latency of less than 1 millisecond. Following completion of processing, engineers will need access to the dataset for manual postprocessing.
Which solution will satisfy these criteria? Use Amazon Elastic File System (Amazon EFS) as a shared file system. Access the dataset from Amazon EFS. Mount an Amazon S3 bucket to serve as the shared file system. Perform postprocessing directly from the S3 bucket. Use Amazon FSx for Lustre as a shared file system. Link the file system to an Amazon S3 bucket for postprocessing. Configure AWS Resource Access Manager to share an Amazon S3 bucket so that it can be mounted to all instances for processing and postprocessing.
A firm is building a mobile game that sends score updates to a backend processor and then publishes the results on a leaderboard. A solutions architect must develop a solution capable of handling high volumes of traffic, processing mobile game updates in the order in which they are received, and storing the processed changes in a highly accessible database. Additionally, the organization wishes to reduce the management cost associated with maintaining the solution.
What actions should the solutions architect take to ensure that these criteria are met? Push score updates to Amazon Kinesis Data Streams. Process the updates in Kinesis Data Streams with AWS Lambda. Store the processed updates in Amazon DynamoDB. Push score updates to Amazon Kinesis Data Streams. Process the updates with a fleet of Amazon EC2 instances set up for Auto Scaling. Store the processed updates in Amazon Redshift. Push score updates to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe an AWS Lambda function to the SNS topic to process the updates. Store the processed updates in a SQL database running on Amazon EC2. Push score updates to an Amazon Simple Queue Service (Amazon SQS) queue. Use a fleet of Amazon EC2 instances with Auto Scaling to process the updates in the SQS queue. Store the processed updates in an Amazon RDS Multi-AZ DB instance.
A development team is working in collaboration with another business to produce an integrated product. The other firm requires access to an Amazon Simple Queue Service (Amazon SQS) queue stored in the account of the development team. The other corporation want to poll the queue without granting access to its own account.
How should a solutions architect manage SQS queue access? Create an instance profile that provides the other company access to the SQS queue. Create an IAM policy that provides the other company access to the SQS queue. Create an SQS access policy that provides the other company access to the SQS queue. Create an Amazon Simple Notification Service (Amazon SNS) access policy that provides the other company access to the SQS queue.
The website of a business is used to offer things to the general public. The site is hosted on Amazon EC2 instances that are part of an Auto Scaling group and protected by an Application Load Balancer (ALB). Additionally, an Amazon CloudFront distribution is available, and AWS WAF is utilized to guard against SQL injection attacks. The ALB is where the CloudFront distribution originates. Recent security log analysis identified an external malicious IP address that should be prevented from visiting the website.
What steps should a solutions architect take to safeguard an application? Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP address. Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address. Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the malicious IP address. Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the malicious IP address.
An Amazon EC2 instance is created in a new VPC's private subnet. Although this subnet lacks outward internet connectivity, the EC2 instance requires the ability to obtain monthly security updates from a third-party vendor.
What actions should a solutions architect take to ensure that these criteria are met? Create an internet gateway, and attach it to the VPC. Configure the private subnet route table to use the internet gateway as the default route. Create a NAT gateway, and place it in a public subnet. Configure the private subnet route table to use the NAT gateway as the default route. Create a NAT instance, and place it in the same subnet where the EC2 instance is located. Configure the private subnet route table to use the NAT instance as the default route. Create an internet gateway, and attach it to the VPC. Create a NAT instance, and place it in the same subnet where the EC2 instance is located. Configure the private subnet route table to use the internet gateway as the default route.
A solutions architect is tasked with the responsibility of creating the architecture for a new online application. The application will be hosted on AWS Fargate containers with an Application Load Balancer (ALB) and a PostgreSQL database hosted on Amazon Aurora. The web application will largely do read-only operations on the database.
What should the solutions architect do to assure the website's scalability as traffic increases? (Select two.) Enable auto scaling on the ALB to scale the load balancer horizontally. Configure Aurora Auto Scaling to adjust the number of Aurora Replicas in the Aurora cluster dynamically. Enable cross-zone load balancing on the ALB to distribute the load evenly across containers in all Availability Zones. Configure an Amazon Elastic Container Service (Amazon ECS) cluster in each Availability Zone to distribute the load across multiple Availability Zones. Configure Amazon Elastic Container Service (Amazon ECS) Service Auto Scaling with a target tracking scaling policy that is based on CPU utilization.
A business has detected access requests from many dubious IP addresses. The security team determines that the requests originate from many IP addresses within the same CIDR range.
What recommendations should a solutions architect provide to the team? Add a rule in the inbound table of the security to deny the traffic from that CIDR range. Add a rule in the outbound table of the security group to deny the traffic from that CIDR range. Add a deny rule in the inbound table of the network ACL with a lower number than other rules. Add a deny rule in the outbound table of the network ACL with a lower rule number than other rules.
A business has a build server that is part of an Auto Scaling group and often runs numerous Linux instances. For tasks and setups, the build server needs stable and mountable shared NFS storage.
What kind of storage should a solutions architect recommend? Amazon S3 Amazon FSx Amazon Elastic Block Store (Amazon EBS)
Amazon Elastic File System (Amazon EFS).
AWS-hosted applications make advantage of an Amazon Aurora Multi-AZ deployment for their database. When analyzing performance measurements, a solutions architect observed that database reads are using a significant amount of I/O and increasing delay to write requests to the database.
What should the solutions architect do to distinguish between read and write requests? Enable read-through caching on the Amazon Aurora database. Update the application to read from the Multi-AZ standby instance. Create a read replica and modify the application to use the appropriate endpoint. Create a second Amazon Aurora database and link it to the primary database as a read replica.
A business operates an automotive sales website and keeps its listings in an Amazon RDS database. When a car is sold, the listing is deleted from the website and the data is sent to other target systems.
What kind of design should a solutions architect suggest? Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) queue for the targets to consume. Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) FIFO queue for the targets to consume. Subscribe to an RDS event notification and send an Amazon Simple Queue Service (Amazon SQS) queue fanned out to multiple Amazon Simple Notification Service (Amazon SNS) topics. Use AWS Lambda functions to update the targets. Subscribe to an RDS event notification and send an Amazon Simple Notification Service (Amazon SNS) topic fanned out to multiple Amazon Simple Queue Service (Amazon SQS) queues. Use AWS Lambda functions to update the targets.
A business wants to run a web application on AWS that communicates with a database contained inside a VPC. The application should have a high degree of availability.
What recommendations should a solutions architect make? Create two Amazon EC2 instances to host the web servers behind a load balancer, and then deploy the database on a large instance. Deploy a load balancer in multiple Availability Zones with an Auto Scaling group for the web servers, and then deploy Amazon RDS in multiple Availability Zones. Deploy a load balancer in the public subnet with an Auto Scaling group for the web servers, and then deploy the database on an Amazon EC2 instance in the private subnet. Deploy two web servers with an Auto Scaling group, configure a domain that points to the two web servers, and then deploy a database architecture in multiple Availability Zones.
A software company is launching a new software-as-a-service (SaaS) solution that will be used by a large number of Amazon Web Services (AWS) customers. The service is hosted inside a Virtual Private Cloud (VPC) behind a Network Load Balancer. The software manufacturer want to give users with access to this service with as little administrative overhead as possible and without exposing the service to the public internet.
What actions should a solutions architect take to achieve this objective? Create a peering VPC connection from each userג€™s VPC to the software vendorג€™s VPC. Deploy a transit VPC in the software vendorג€™s AWS account. Create a VPN connection with each user account. Connect the service in the VPC with an AWS Private Link endpoint. Have users subscribe to the endpoint. Deploy a transit VPC in the software vendorג€™s AWS account. Create an AWS Direct Connect connection with each user account.
The application running on Amazon EC2 instances requires access to an Amazon S3 bucket. Due to the sensitivity of the data, it cannot be sent via the internet.
What configuration should a solutions architect make for access? Create a private hosted zone using Amazon Route 53. Configure a VPC gateway endpoint for Amazon S3 in the VPC. Configure AWS PrivateLink between the EC2 instance and the S3 bucket. Set up a site-to-site VPN connection between the VPC and the S3 bucket.
A solutions architect is converting a monolithic online application for a client into a multi-tier application. The business wishes to abstain from controlling its own infrastructure. The web application's minimal requirements include high availability, scalability, and regionally low latency during peak hours. Additionally, the solution should be capable of storing and retrieving data with a millisecond latency through the application's API.
Which solution satisfies these criteria? Use AWS Fargate to host the web application with backend Amazon RDS Multi-AZ DB instances. Use Amazon API Gateway with an edge-optimized API endpoint, AWS Lambda for compute, and Amazon DynamoDB as the data store. Use an Amazon Route 53 routing policy with geolocation that points to an Amazon S3 bucket with static website hosting and Amazon DynamoDB as the data store. Use an Amazon CloudFront distribution that points to an Elastic Load Balancer with an Amazon EC2 Auto Scaling group, along with Amazon RDS Multi-AZ DB instances.
A solutions architect is tasked with the responsibility of developing a robust solution for Windows users' home directories. The solution must have fault tolerance, file-level backup and recovery, and access control, all of which must be based on the Active Directory of the business.
Which storage option satisfies these criteria? Configure Amazon S3 to store the usersג€™ home directories. Join Amazon S3 to Active Directory. Configure a Multi-AZ file system with Amazon FSx for Windows File Server. Join Amazon FSx to Active Directory. Configure Amazon Elastic File System (Amazon EFS) for the usersג€™ home directories. Configure AWS Single Sign-On with Active Directory. Configure Amazon Elastic Block Store (Amazon EBS) to store the usersג€™ home directories. Configure AWS Single Sign-On with Active Directory.
A business is collaborating with a third-party vendor who needs write access to the business's Amazon Simple Queue Service (Amazon SQS) queue. The vendor has their own Amazon Web Services account.
What actions should a solutions architect take to ensure least privilege access is implemented? Update the permission policy on the SQS queue to give write access to the vendorג€™s AWS account. Create an IAM user with write access to the SQS queue and share the credentials for the IAM user. Update AWS Resource Access Manager to provide write access to the SQS queue from the vendorג€™s AWS account. Create a cross-account role with access to all SQS queues and use the vendorג€™s AWS account in the trust document for the role.
A solutions architect is tasked with the responsibility of building an architecture for a new application that demands low network latency and high network throughput across Amazon EC2 instances.
Which component of the architectural design should be included? An Auto Scaling group with Spot Instance types. A placement group using a cluster placement strategy. A placement group using a partition placement strategy. An Auto Scaling group with On-Demand instance types.
A business operates a website that is hosted on Amazon EC2 instances spread across two Availability Zones. The organization anticipates traffic increases around certain holidays and wants to provide a consistent customer experience.
How can a solutions architect satisfy this criterion? Use step scaling. Use simple scaling. Use lifecycle hooks. Use scheduled scaling.
A business wants to enhance the availability and performance of its stateless UDP-based workload. The workload is spread across various AWS Regions using Amazon EC2 instances.
What should a solutions architect suggest as a means of achieving this? Place the EC2 instances behind Network Load Balancers (NLBs) in each Region. Create an accelerator using AWS Global Accelerator. Use the NLBs as endpoints for the accelerator. Place the EC2 instances behind Application Load Balancers (ALBs) in each Region. Create an accelerator using AWS Global Accelerator. Use the ALBs as endpoints for the accelerator. Place the EC2 instances behind Network Load Balancers (NLBs) in each Region. Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the NLBs. Place the EC2 instances behind Application Load Balancers (ALBs) in each Region. Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the ALBs.
A business has a hybrid application that is hosted on a number of on-premises servers that all have static IP addresses. There is already a VPN in place that connects the VPC to the on-premises network. The corporation want to disperse TCP traffic for internet users among its on-premises servers.
What recommendations should a solutions architect make to provide a highly accessible and scalable solution? Launch an internet-facing Network Load Balancer (NLB) and register on-premises IP addresses with the NLB. Launch an internet-facing Application Load Balancer (ALB) and register on-premises IP addresses with the ALB. Launch an Amazon EC2 instance, attach an Elastic IP address, and distribute traffic to the on-premises servers. Launch an Amazon EC2 instance with public IP addresses in an Auto Scaling group and distribute traffic to the on-premises servers.
A business requires that an Amazon S3 gateway endpoint accept traffic only from trusted buckets.
Which approach should a solutions architect use in order to fulfill this requirement? Create a bucket policy for each of the company's trusted S3 buckets that allows traffic only from the company's trusted VPCs. Create a bucket policy for each of the company's trusted S3 buckets that allows traffic only from the company's S3 gateway endpoint IDs. Create an S3 endpoint policy for each of the company's S3 gateway endpoints that blocks access from any VPC other than the company's trusted VPCs. Create an S3 endpoint policy for each of the company's S3 gateway endpoints that provides access to the Amazon Resource Name (ARN) of the trusted S3 buckets.
A business is in the process of deploying a data lake on Amazon Web Services (AWS). An architect of solutions must describe the encryption approach for data in transit and at rest. Amazon S3/ The following is stated in the company's security policy:
✑ Keys must be rotated every 90 days.
✑ Strict separation of duties between key users and key administrators must be implemented.
✑ Auditing key usage must be possible.
What solutions architect recommendations should be made? Server-side encryption with AWS KMS managed keys (SSE-KMS) with customer managed customer master keys (CMKs) Server-side encryption with AWS KMS managed keys (SSE-KMS) with AWS managed customer master keys (CMKs) Server-side encryption with Amazon S3 managed keys (SSE-S3) with customer managed customer master keys (CMKs) Server-side encryption with Amazon S3 managed keys (SSE-S3) with AWS managed customer master keys (CMKs).
A business is utilizing Amazon Elastic Container Service (Amazon ECS) to host its application and want to assure high availability. The business needs to be able to update its application even if nodes in one Availability Zone are unavailable.
The application is projected to get 100 requests per second, and each container job is capable of serving at least 60 requests per second. The organization configured Amazon ECS to use a rolling update deployment mode, with the minimum healthy percent parameter set to 50% and the maximum healthy percent parameter set to 100%.
Which task and availability zone configurations satisfy these requirements? Deploy the application across two Availability Zones, with one task in each Availability Zone. Deploy the application across two Availability Zones, with two tasks in each Availability Zone. Deploy the application across three Availability Zones, with one task in each Availability Zone. Deploy the application across three Availability Zones, with two tasks in each Availability Zone.
Every 90 days, a security team must enforce the rotation of all IAM users' access keys. If an access key is discovered to be out of date, it must be rendered inactive.
and eliminated. A solutions architect must design a solution that will detect and remediate keys that are more than 90 days old.
Which solution satisfies these criteria with the LEAST amount of operational effort? Create an AWS Config rule to check for the key age. Configure the AWS Config rule to run an AWS Batch job to remove the key. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to check for the key age. Configure the rule to run an AWS Batch job to remove the key. Create an AWS Config rule to check for the key age. Define an Amazon EventBridge (Amazon CloudWatch Events) rule to schedule an AWS Lambda function to remove the key. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to check for the key age. Define an EventBridge (CloudWatch Events) rule to run an AWS Batch job to remove the key.
A financial services organization maintains a web application that is accessible to users in the United States and Europe. The program is divided into two tiers: a database layer and a web server layer. The database tier is comprised of a MySQL database that is physically located in us-east-1. Amazon Route 53 geoproximity routing is used to route traffic to the nearest Region's instances. According to a performance analysis of the system, European users are not obtaining the same degree of query performance as users in the United States.
Which improvements to the database layer should be made to increase performance? Migrate the database to Amazon RDS for MySQL. Configure Multi-AZ in one of the European Regions. Migrate the database to Amazon DynamoDB. Use DynamoDB global tables to enable replication to additional Regions. Deploy MySQL instances in each Region. Deploy an Application Load Balancer in front of MySQL to reduce the load on the primary instance. Migrate the database to an Amazon Aurora global database in MySQL compatibility mode. Configure read replicas in one of the European Regions.
A solutions architect is developing a solution that will lead customers to a backup static error page in the event that the original website becomes inaccessible. The DNS records for the major website are housed on Amazon Route 53, with the domain referring to an Application Load Balancer (ALB).
Which configuration should the solutions architect use in order to fulfill the business's requirements while reducing modifications and infrastructure overhead? Point a Route 53 alias record to an Amazon CloudFront distribution with the ALB as one of its origins. Then, create custom error pages for the distribution. Set up a Route 53 active-passive failover configuration. Direct traffic to a static error page hosted within an Amazon S3 bucket when Route 53 health checks determine that the ALB endpoint is unhealthy. Update the Route 53 record to use a latency-based routing policy. Add the backup static error page hosted within an Amazon S3 bucket to the record so the traffic is sent to the most responsive endpoints. Set up a Route 53 active-active configuration with the ALB and an Amazon EC2 instance hosting a static error page as endpoints. Route 53 will only send requests to the instance if the health checks fail for the ALB.
A business notices a rise in the cost of Amazon EC2 in its most recent bill. The billing team observes an anomaly in the vertical scaling of instance types for a few EC2 instances. A solutions architect should build a graph comparing the previous two months' EC2 charges and conduct an in-depth study to determine the core cause of the vertical scaling.
How should the solutions architect create data with the LEAST amount of operational overhead possible? Use AWS Budgets to create a budget report and compare EC2 costs based on instance types. Use Cost Explorerג€™s granular filtering feature to perform an in-depth analysis of EC2 costs based on instance types. Use graphs from the AWS Billing and Cost Management dashboard to compare EC2 costs based on instance types for the last 2 months. Use AWS Cost and Usage Reports to create a report and send it to an Amazon S3 bucket. Use Amazon QuickSight with Amazon S3 as a source to generate an interactive graph based on instance types.
On AWS, a business hosts an online marketplace web application. During peak hours, the program serves hundreds of thousands of users. The business requires a scalable, near-real-time solution for sharing information about millions of financial transactions with various other internal systems. Additionally, transactions must be processed to remove sensitive data prior to being stored in a document database for fast retrieval.
What recommendations should a solutions architect make to satisfy these requirements? Store the transactions data into Amazon DynamoDB. Set up a rule in DynamoDB to remove sensitive data from every transaction upon write. Use DynamoDB Streams to share the transactions data with other applications. Stream the transactions data into Amazon Kinesis Data Firehose to store data in Amazon DynamoDB and Amazon S3. Use AWS Lambda integration with Kinesis Data Firehose to remove sensitive data. Other applications can consume the data stored in Amazon S3. Stream the transactions data into Amazon Kinesis Data Streams. Use AWS Lambda integration to remove sensitive data from every transaction and then store the transactions data in AmazonDynamoDB. Other applications can consume the transactions data off the Kinesis data stream. Store the batched transactions data in Amazon S3 as files. Use AWS Lambda to process every file and remove sensitive data before updating the files in Amazon S3. The Lambda function then stores the data in Amazon DynamoDB. Other applications can consume transaction files stored in Amazon S3.
A business is developing a new online service that will be hosted on Amazon EC2 instances with the assistance of an Elastic Load Balancer. However, many online service clients can only communicate with IP addresses that have been whitelisted on their firewalls.
What recommendations should a solutions architect provide to suit a client's needs? A Network Load Balancer with an associated Elastic IP address. An Application Load Balancer with an associated Elastic IP address An A record in an Amazon Route 53 hosted zone pointing to an Elastic IP address An EC2 instance with a public IP address running as a proxy in front of the load balancer.
A business may have many AWS accounts for different departments. One of the departments would want to share an Amazon S3 bucket with the rest of the organization.
Which of the following solutions requires the LEAST amount of effort? Enable cross-account S3 replication for the bucket. Create a pre-signed URL for the bucket and share it with other departments. Set the S3 bucket policy to allow cross-account access to other departments. Create IAM users for each of the departments and configure a read-only IAM policy.
A business hosts a web application on Amazon Web Services (AWS) utilizing a single Amazon EC2 instance that saves user-uploaded documents in an Amazon Elastic Block Store (Amazon EBS) volume. To improve scalability and availability, the organization replicated the architecture and deployed a second EC2 instance and EBS volume in a different Availability Zone, both of which were placed behind an Application Load Balancer. After this update was made, users claimed that each time they refreshed the page, they could view a portion of their papers but never all of them.
What should a solutions architect suggest to guarantee that users have access to all of their documents simultaneously? Copy the data so both EBS volumes contain all the documents. Configure the Application Load Balancer to direct a user to the server with the documents. Copy the data from both EBS volumes to Amazon Elastic File System (Amazon EFS). Modify the application to save new documents to Amazon Elastic File System (Amazon EFS). Configure the Application Load Balancer to send the request to both servers. Return each document from the correct server.
A solutions architect is in the process of implementing a distributed database across many Amazon EC2 instances. The database replicates all data across numerous instances to ensure that it can survive the loss of single instance. The database needs block storage that is low in latency and high in throughput in order to accommodate several million transactions per second per server.
Which storage option should the architect of solutions use? EBS Amazon Elastic Block Store (Amazon EBS) Amazon EC2 instance store Amazon Elastic File System (Amazon EFS) Amazon S3.
A three-tier web application is used to handle client orders. The web tier is made up of Amazon EC2 instances behind an Application Load Balancer, a middle tier made up of three EC2 instances that are isolated from the web layer through Amazon SQS, and an Amazon DynamoDB backend. During busy periods, consumers who place purchases through the site must wait much longer than usual for confirmations owing to prolonged processing delays. A solutions architect's objective should be to minimize these processing times.
Which course of action will be the MOST EFFECTIVE in achieving this? Replace the SQS queue with Amazon Kinesis Data Firehose. Use Amazon ElastiCache for Redis in front of the DynamoDB backend tier. Add an Amazon CloudFront distribution to cache the responses for the web tier. Use Amazon EC2 Auto Scaling to scale out the middle tier instances based on the SQS queue depth.
A solutions architect is developing a solution that will need frequent modifications to a website hosted on Amazon S3 with versioning enabled. Due to compliance requirements, older versions of the objects will be seldom accessed and will need to be removed after two years.
What should the solutions architect propose as the CHEAPEST way to achieve these requirements? Use S3 batch operations to replace object tags. Expire the objects based on the modified tags. Configure an S3 Lifecycle policy to transition older versions of objects to S3 Glacier. Expire the objects after 2 years. Enable S3 Event Notifications on the bucket that sends older objects to the Amazon Simple Queue Service (Amazon SQS) queue for further processing. Replicate older object versions to a new bucket. Use an S3 Lifecycle policy to expire the objects in the new bucket after 2 years.
A solutions architect is developing a web application that will be hosted on Amazon EC2 instances and managed by an Application Load Balancer (ALB). The organization places a high premium on the application's resilience to hostile internet activities and assaults, as well as its protection against newly discovered vulnerabilities and exposures.
What recommendations should the solutions architect make? Leverage Amazon CloudFront with the ALB endpoint as the origin. Deploy an appropriate managed rule for AWS WAF and associate it with the ALB. Subscribe to AWS Shield Advanced and ensure common vulnerabilities and exposures are blocked. Configure network ACLs and security groups to allow only ports 80 and 443 to access the EC2 instances.
A business wishes to transition its online application to Amazon Web Services (AWS). The classic web application is divided into three tiers: the web layer, the application tier, and the MySQL database. The rearchitected application must be built using technologies that eliminate the need for the administration team to manage instances or clusters.
Which service combination should a solution architect include into the overall architecture? (Select two.) Amazon Aurora Serverless Amazon EC2 Spot Instances Amazon Elasticsearch Service (Amazon ES) Amazon RDS for MySQL AWS Fargate.
A solutions architect is developing a security solution for a firm that want to deliver individual AWS accounts to developers through AWS Organizations while retaining normal security restrictions. Due to the fact that individual developers will have root user access to their own AWS accounts, the solutions architect needs to verify that the obligatory AWS CloudTrail configuration deployed to new developer accounts is not updated.
Which activity satisfies these criteria? Create an IAM policy that prohibits changes to CloudTrail, and attach it to the root user. Create a new trail in CloudTrail from within the developer accounts with the organization trails option enabled. Create a service control policy (SCP) the prohibits changes to CloudTrail, and attach it the developer accounts. Create a service-linked role for CloudTrail with a policy condition that allows changes only from an Amazon Resource Name (ARN) in the master account.
A solutions architect is reviewing the security of a newly transferred workload. The workload is a web application that is composed of Amazon EC2 instances that are part of an Auto Scaling group and are routed via an Application Load Balancer. The solutions architect must strengthen the security posture and mitigate the resource effect of a DDoS assault.
Which of the following solutions is the MOST EFFECTIVE? Configure an AWS WAF ACL with rate-based rules. Create an Amazon CloudFront distribution that points to the Application Load Balancer. Enable the WAF ACL on the CloudFront distribution. Create a custom AWS Lambda function that adds identified attacks into a common vulnerability pool to capture a potential DDoS attack. Use the identified information to modify a network ACL to block access. Enable VPC Flow Logs and store then in Amazon S3. Create a custom AWS Lambda functions that parses the logs looking for a DDoS attack. Modify a network ACL to block identified source IP addresses. Enable Amazon GuardDuty and configure findings written to Amazon CloudWatch. Create an event with CloudWatch Events for DDoS alerts that triggers Amazon Simple Notification Service (Amazon SNS). Have Amazon SNS invoke a custom AWS Lambda function that parses the logs, looking for a DDoS attack. Modify a network ACL to block identified source IP addresses.
A business is building an ecommerce solution that will have a load-balanced front end, a container-based application, and a relational database. A solutions architect must design a highly accessible system that requires little human intervention.
Which solutions satisfy these criteria? (Select two.) Create an Amazon RDS DB instance in Multi-AZ mode. Create an Amazon RDS DB instance and one or more replicas in another Availability Zone. Create an Amazon EC2 instance-based Docker cluster to handle the dynamic application load. Create an Amazon Elastic Container Service (Amazon ECS) cluster with a Fargate launch type to handle the dynamic application load. Create an Amazon Elastic Container Service (Amazon ECS) cluster with an Amazon EC2 launch type to handle the dynamic application load.
A business created a stateless two-tier application using Amazon EC2 in a single Availability Zone and an Amazon RDS Multi-AZ database instance. The new administration of the organization wants to guarantee that the application is highly accessible.
What actions should a solutions architect do in order to satisfy this requirement? Configure the application to use Multi-AZ EC2 Auto Scaling and create an Application Load Balancer. Configure the application to take snapshots of the EC2 instances and send them to a different AWS Region. Configure the application to use Amazon Route 53 latency-based routing to feed requests to the application. Configure Amazon Route 53 rules to handle incoming requests and create a Multi-AZ Application Load Balancer.
A business maintains data in an on-premises data center, which is utilized by a variety of on-premises applications. The organization wishes to preserve its current application environment while using AWS services for data analytics and future visualizations.
Which storage service should a solutions architect propose to his or her clients? Amazon Redshift AWS Storage Gateway for files Amazon Elastic Block Store (Amazon EBS) Amazon Elastic File System (Amazon EFS).
A business is considering migrating a commercial off-the-shelf application from its on-premises data center to Amazon Web Services (AWS). The software is licensed on a per-socket and per-core basis, with predictable capacity and uptime requirements. The corporation wants to continue using its current licenses, which were acquired earlier this year.
Which price option for Amazon EC2 is the MOST cost-effective? Dedicated Reserved Hosts Dedicated On-Demand Hosts Dedicated Reserved Instances Dedicated On-Demand Instances.
A firm is developing a web application that will use Amazon S3 to store a big number of photos. Users will get access to the photographs for varying durations of time. The business wishes to:
✑ Retain all the images
✑ Incur no cost for retrieval.
✑ Have minimal management overhead.
✑ Have the images available with no impact on retrieval time.
Which solution satisfies these criteria? Implement S3 Intelligent-Tiering Implement S3 storage class analysis Implement an S3 Lifecycle policy to move data to S3 Standard-Infrequent Access (S3 Standard-IA). Implement an S3 Lifecycle policy to move data to S3 One Zone-Infrequent Access (S3 One Zone-IA).
On AWS Lambda, a corporation has created one of its microservices that connects to an Amazon DynamoDB database called Books. A solutions architect is creating an IAM policy that will be tied to the Lambda function's IAM role, granting it the ability to insert, edit, and remove objects from the Books table. The IAM policy must prohibit the function from doing any more activities on the Books or any other table.
Which IAM policy would meet these requirements while requiring the LEAST amount of privileged access?
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PutUpdateDeleteOnBooks",
"Effect": "Allow",
"Action": [
"dynamodb: PutItem",
"dynamodb: UpdateItem",
"dynamodb: DeleteItem"
],
"Resource"; "arn:aws:dynamodb"us-west-w:123456789012:table/Books"
}
]
} {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PutUpdateDeleteOnBooks",
"Effect": "Allow",
"Action": [
"dynamodb: PutItem",
"dynamodb: UpdateItem",
"dynamodb: DeleteItem"
],
"Resource"; "arn:aws:dynamodb"us-west-w:123456789012:table/*"
}
]
} {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PutUpdateDeleteOnBooks",
"Effect": "Allow",
"Action": "dynamodb:*",
"Resource"; "arn:aws:dynamodb"us-west-w:123456789012:table/Books"
}
]
} {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PutUpdateDeleteOnBooks",
"Effect": "Allow",
"Action": "dynamodb:*",
"Resource"; "arn:aws:dynamodb"us-west-w:123456789012:table/Books"
}
]
}.
A business offers an online shopping application and all orders are stored in an Amazon RDS for PostgreSQL Single-AZ database instance. Management want to remove single points of failure and has requested a solutions architect to offer a method for minimizing database downtime without modifying the application code.
Which solution satisfies these criteria? Convert the existing database instance to a Multi-AZ deployment by modifying the database instance and specifying the Multi-AZ option. Create a new RDS Multi-AZ deployment. Take a snapshot of the current RDS instance and restore the new Multi-AZ deployment with the snapshot. Create a read-only replica of the PostgreSQL database in another Availability Zone. Use Amazon Route 53 weighted record sets to distribute requests across the databases. Place the RDS for PostgreSQL database in an Amazon EC2 Auto Scaling group with a minimum group size of two. Use Amazon Route 53 weighted record sets to distribute requests across instances.
A major company's administrator want to monitor for and prevent cryptocurrency-related assaults on the company's AWS accounts.
Which AWS service can the administrator use to safeguard the organization from cyberattacks? Amazon Cognito Amazon GuardDuty Amazon Inspector Amazon Macie.
A business intends to launch a freshly developed application on AWS in a default VPC. The program will be divided into two layers: a web layer and a database layer. The web server and MySQL database were constructed in public subnets, whereas the web server and MySQL database were created in private subnets. The default network ACL settings are used to build all subnets, and the default security group in the VPC is replaced with new custom security groups.
The critical criteria are as follows:
✑ The web servers must be accessible only to users on an SSL connection.
✑ The database should be accessible to the web layer, which is created in a public subnet only.
✑ All traffic to and from the IP range 182.20.0.0/16 subnet should be blocked.
Which combination of actions satisfies these criteria? (Select two.) Create a database server security group with inbound and outbound rules for MySQL port 3306 traffic to and from anywhere (0 0.0.0/0). Create a database server security group with an inbound rule for MySQL port 3306 and specify the source as a web server security group. Create a web server security group with an inbound allow rule for HTTPS port 443 traffic from anywhere (0.0.0.0/0) and an inbound deny rule for IP range 182.20.0.0/16. Create a web server security group with an inbound rule for HTTPS port 443 traffic from anywhere (0.0.0.0/0). Create network ACL inbound and outbound deny rules for IP range 182.20.0.0/16. Create a web server security group with inbound and outbound rules for HTTPS port 443 traffic to and from anywhere (0.0.0.0/0). Create a network ACL inbound deny rule for IP range 182.20.0.0/16.
A business wishes to enhance the availability and performance of a hybrid application. The application is composed of a stateful TCP-based workload that is hosted on Amazon EC2 instances across several AWS Regions, and a stateless UOP-based task that is housed on-premises.
Which activities should a solutions architect do in combination to increase availability and performance? (Select two.) Create an accelerator using AWS Global Accelerator. Add the load balancers as endpoints. Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the load balancers. Configure two Application Load Balancers in each Region. The first will route to the EC2 endpoints and the second will route to the on-premises endpoints. Configure a Network Load Balancer in each Region to address the EC2 endpoints. Configure a Network Load Balancer in each Region that routes to the on- premises endpoints. Configure a Network Load Balancer in each Region to address the EC2 endpoints. Configure an Application Load Balancer in each Region that routes to the on-premises endpoints.
A corporation has recruited a new cloud engineer who should not have access to the CompanyConfidential Amazon S3 bucket. The cloud engineer must have read and write permissions on an S3 bucket named AdminTools.
Which IAM policy will satisfy these criteria? {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::AdminTools"
},
{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:PutObject" ],
"Resource": "arn:aws:s3:::AdminTools/*"
},
{
"Effect": "Deny",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::CompanyConfidential/*",
"arn:aws:s3:::CompanyConfidential"
]
}
]
} {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": [
"arn:aws:s3:::AdminTools",
"arn:aws:s3:::CompanyConfidential/*"
]
},
{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:PutObject", "s3:DeleteObject" ],
"Resource": "arn:aws:s3:::AdminTools/*"
},
{
"Effect": "Deny",
"Action": "s3:*",
"Resource": "arn:aws:s3:::CompanyConfidential"
}
]
} {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:PutObject" ],
"Resource": "arn:aws:s3:::AdminTools/*"
},
{
"Effect": "Deny",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::CompanyConfidential/*",
"arn:aws:s3:::CompanyConfidential"
]
}
]
} {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::AdminTools/*"
},
{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:PutObject", "s3:DeleteObject" ],
"Resource": "arn:aws:s3:::AdminTools/*"
},
{
"Effect": "Deny",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::CompanyConfidential",
"arn:aws:s3:::CompanyConfidential/*",
"arn:aws:s3:::AdminTools"
]
}
]
}.
A business utilized an AWS Direct Connect connection to transfer one petabyte of data from a colocation facility to an Amazon S3 bucket in the us-east-1 Region. The business now wishes to replicate the data in another S3 bucket located in the us-west-2 Region.
Which solution will satisfy this criterion? Use an AWS Snowball Edge Storage Optimized device to copy the data from the colocation facility to us-west-2. Use the S3 console to copy the data from the source S3 bucket to the target S3 bucket. Use S3 Transfer Acceleration and the S3 copy-object command to copy the data from the source S3 bucket to the target S3 bucket. Add an S3 Cross-Region Replication configuration to copy the data from the source S3 bucket to the target S3 bucket.
A business uses AWS to host a three-tier environment that collects sensor data from its consumers' devices. The traffic is routed via a Network Load Balancer (NLB), then to Amazon EC2 instances for the web tier and then to Amazon EC2 instances for the application layer that conducts database calls.
What should a solutions architect do to enhance data security when it is being sent to the web tier? Configure a TLS listener and add the server certificate on the NLB. Configure AWS Shield Advanced and enable AWS WAF on the NLB. Change the load balancer to an Application Load Balancer and attach AWS WAF to it. Encrypt the Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instances using AWS Key Management Service (AWS KMS).
A business wishes to implement a shared file system for its.NET application servers and Microsoft SQL Server databases that are hosted on Amazon EC2 instances running Windows Server 2016. The solution must interact with the corporate Active Directory domain, be very durable, be managed by AWS, and provide high levels of throughput and IOPS.
Which solution satisfies these criteria? Use Amazon FSx for Windows File Server. Use Amazon Elastic File System (Amazon EFS). Use AWS Storage Gateway in file gateway mode. Deploy a Windows file server on two On Demand instances across two Availability Zones.
A solutions architect notices that a nightly batch processing operation is automatically scaled up for an additional hour prior to reaching the targeted Amazon EC2 capacity. Every night, the peak capacity is the same, and batch operations always begin at 1 a.m. The solutions architect must create a cost-effective approach that enables rapid attainment of the targeted EC2 capacity while allowing the Auto Scaling group to scale down once the batch processes are complete.
What actions should the solutions architect take to ensure that these criteria are met? Increase the minimum capacity for the Auto Scaling group. Increase the maximum capacity for the Auto Scaling group. Configure scheduled scaling to scale up to the desired compute level. Change the scaling policy to add more EC2 instances during each scaling operation.
|
