Questions
ayuda
option
My Daypo

ERASED TEST, YOU MAY BE INTERESTED ONgeografia africa 1

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
geografia africa 1

Description:
africa 1

Author:
Me
(Other tests from this author)

Creation Date:
04/06/2022

Category:
Geography

Number of questions: 65
Share the Test:
Facebook
Twitter
Whatsapp
Share the Test:
Facebook
Twitter
Whatsapp
Last comments
No comments about this test.
Content:
A company is preparing to deploy a new serverless workload. A solutions architect needs to configure permissions for invoking an AWS Lambda function. The function will be triggered by an Amazon EventBridge (Amazon CloudWatch Events) rule. Permissions should be configured using the principle of least privilege. Which solution will meet these requirements? Add an execution role to the function with lambda:InvokeFunction as the action and * as the principal. Add an execution role to the function with lambda:InvokeFunction as the action and Service:amazonaws.com as the principal. Add a resource-based policy to the function with lambda:'* as the action and Service:events.amazonaws.com as the principal. Add a resource-based policy to the function with lambda:InvokeFunction as the action and Service:events.amazonaws.com as the principal. .
A company is using a third-party vendor to manage its marketplace analytics. The vendor needs limited programmatic access to resources in the company’s account. All the needed policies have been created to grant appropriate access. Which additional component will provide the vendor with the MOST secure access to the account? Create an IAM user. Implement a service control policy (SCP). Use a cross-account role with an external ID. Configure a single sign-on (SSO) identity provider.
A firm seeks to migrate its accounting system from an on-premises data center to an Amazon Web Services (AWS) Region. Data security and an unalterable audit log should be prioritized. All AWS activities must be subjected to compliance audits. Despite the fact that the business has enabled AWS CloudTrail, it want to guarantee that it meets these requirements. What precautions and security procedures should a solutions architect include to protect and secure CloudTrail? (Choose TWO) Enable CloudTrail log file validation. Install the CloudTrail Processing Library. Enable logging of Insights events in CloudTrail. Enable custom logging from the on-premises resources. Create an AWS Config rule to monitor whether CloudTrail is configured to use server-side encryption with AWS KMS managed encryption keys (SSE-KMS).
A business that is currently hosting a web application on-premises is prepared to transition to AWS and launch a newer version of the application. The organization must route requests to the AWS or on-premises application based on the URL query string. The on-premises application is rendered unreachable over the internet, and a VPN connection is established between Amazon VPC and the business's data center. The company wishes to deploy this application using a load balancer (ALB). Which of the following solutions meets these criteria? Use two ALBs: one for on premises and one for the AWS resource. Add hosts to the target group of each ALB. Create a software router on an EC2 instance based on the URL query string. Use two ALBs: one for on premises and one for the AWS resource. Add hosts to each target group of each ALB. Route with Amazon Route 53 based on the URL query string. Use one ALB with two target groups: one for the AWS resource and one for on premises. Add hosts to each target group of the ALB. Configure listener rules based on the URL query string. Use one ALB with two AWS Auto Scaling groups: one for the AWS resource and one for on premises. Add hosts to each Auto Scaling group. Route with Amazon Route 53 based on the URL query string.
A company is planning to use an Amazon DynamoDB table for data storage. The company is concerned about cost optimization. The table will not be used on most mornings in the evenings, the read and write traffic will often be unpredictable When traffic spikes occur they will happen very quickly. What should a solutions architect recommend? Create a DynamoDB table in on-demand capacity mode. Create a DynamoDB table with a global secondary Index. Create a DynamoDB table with provisioned capacity and auto scaling. Create a DynamoDB table in provisioned capacity mode, and configure it as a global table.
A corporation uses an AWS application to offer content to its subscribers worldwide. Numerous Amazon EC2 instances are deployed on a private subnet behind an Application Load Balancer for the application (ALB). The chief information officer (CIO) wishes to limit access to some nations due to a recent change in copyright regulations. Which course of action will satisfy these criteria? Modify the ALB security group to deny incoming traffic from blocked countries. Modify the security group for EC2 instances to deny incoming traffic from blocked countries. Use Amazon CloudFront to serve the application and deny access to blocked countries. Use ALB listener rules to return access denied responses to incoming traffic from blocked countries.
Using seven Amazon EC2 instances, a business runs its web application on AWS. The organization needs that DNS queries provide the IP addresses of all healthy EC2 instances. Which policy should be employed to comply with this stipulation? Simple routing policy Latency routing policy Multi-value routing policy Geolocation routing policy.
A company receives data from millions of users totaling about 1 TB each flay. The company provides its use’s with usage reports gang back 12 months Al usage data must be stored tor at least 5 years to comply with regulatory and auditing requirements Which storage solution is MOST cost-effective? Store the data in Amazon S3 Standard. Set a lifecycle-rule to transition the data lo S3 Glacier Deep Archive after 1 year. Set a Recycle rule to delete the data after 5 years. Store the data in Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA). Set a lifecycle rule to transition the data to S3 Glacier after t year Set the lifecycle rule to delete the data after 5 years. Store the data in Amazon S3 Standard Set a lifecycle rule to transition the data to S3 Standard-infrequent Access (S3 Standard-IA) after i year Sol a lifecycle rule to delete the data after 5 years. Store the data in Amazon S3 Standard Set a lifecycle-rule to transition the data to S3 One Zone-infrequent Access (S3 One Zone-IA) after 1 year, Set a Lifecycle rule to delete the data after 5 years.
A company hosts its application using Amazon Elastic Container Service (Amazon ECS) and wants to ensure high availability. The company wants to be able to deploy updates to its application even if nodes in one Availability Zone are not accessible. The expected request volume for the application is 100 requests per second, and each container task is able to serve at least 60 requests pet second. The company set up Amazon ECS with a rolling update deployment type with the minimum healthy percent parameter set to 50% and the maximum percent set to 100%. Which configuration of tasks and Availability Zones meets these requirements? Deploy the application across two Availability Zones, with one task in each Availability Zone. Deploy the application across two Availability Zones, with two tasks in each Availability Zone. Deploy the application across three Availability Zones, with one task in each Availability Zone. Deploy the application across three Availability Zones, with two tasks in each Availability Zone.
A solutions architect is redesigning a monolithic application to be a loosely coupled application composed of two microservices: Microservice A and Microservice B Microservice A places messages in a mam Amazon Simple Queue Service (Amazon SOS) queue for Microservice B to consume When Microservice B fails to process a message after four retries, the message needs to be removed from the queue and stored for further investigation. What should the solutions architect do to meet these requirements? Create an SQS dead-letter queue Microservice B adds failed messages to that queue after it receives and fails to process the message four times. Create an SQS dead-letter queue Configure the main SQS queue to deliver messages to the dead-letter queue after the message has been received four times. Create an SQS queue for failed messages Microservice A adds failed messages to that queue after Microservice B receives and fails to process the message four times. Create an SQS queue for failed messages. Configure the SQS queue for failed messages to pull messages from the main SQS queue after the original message has been received four times.
A social media company is building a feature tor its website. The feature will give users the ability to upload photos. The company expects significant increases in demand during large events and must ensure that the website can handle the upload traffic from users. Which solution meets these requirements with the MOST scalability? Upload files from the user’s browser to the application servers Transfer the files to an Amazon S3 bucket. Provision an AWS Storage Gateway file gateway. Upload files directly from the user’s browser to the file gateway. Generate Amazon S3 presigned URLs in the application. Upload files directly from the user’s browser into an S3 bucket. Provision an Amazon Elastic File System (Amazon EFS) file system. Upload files directly from the user’s browser to the file system.
A company hosts its web application on AWS using seven Amazon EC2 instances. The company requires that the IP addresses of all healthy EC2 instances be returned in response to DNS queries. Which policy should be used to meet this requirement? Simple routing policy Latency routing policy Multivalue routing policy Geolocation routing policy.
A company processes images into thumbnails and returns an email confirmation to the end user upon completion. The company's existing solution is facing performance bottlenecks and scalability issues. The company wants to migrate this process to AWS and implement a solution that requires the least possible configuration Which solution meets these requirements? Use Amazon S3 to store images and send notifications to AWS Lambda Configure an AWS Lambda function to process the images into thumbnails, store the thumbnails in Amazon S3, and send an email confirmation through Amazon Simple Email Service (Amazon SES). Use Amazon S3 to store images and send notifications to Amazon Simple Queue Service (Amazon SQS) Configure an Amazon EC2 instance to poll the SQS queue to process the images into thumbnails, store the thumbnails in Amazon S3, and send an email confirmation through Amazon Simple Email Service (Amazon SES). Use Amazon S3 to store images and send notifications to Amazon Simple Notification Service (Amazon SNS) Configure Amazon SNS to invoke an AWS Lambda function to process the images into thumbnails, store the thumbnails in Amazon S3, and send an email confirmation through Amazon Simple Email Service (Amazon SES). Use Amazon S3 to store images and send notifications to Amazon Simple Queue Service (Amazon SQS) Configure an AWS Lambda function to retrieve the messages from the SQS queue process the images into thumbnails, store the thumbnails in Amazon S3, and send an email confirmation through Amazon Simple Email Service (Amazon SES).
A company runs a multi-tier web application that hosts news content. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones and use an Amazon Aurora database. A solutions architect needs to make the application more resilient to periodic increases in request rates. Which architecture should the solutions architect implement? (Select TWO) Add AWS Shield. Add Aurora Replicas. Add AWS Direct Connect. Add AWS Global Accelerator. Add an Amazon CloudFront distribution in front of the Application Load Balancer.
A company uses Amazon Redshift for to data warehouse. The company wants to ensure high durability for its data in case of any component failure. What should a solution architect recommend? Enable concurrency scaling. Enable cross-Region snapshots. Increase the data retention period. Deploy Amazon Redshift in Multi-AZ.
A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the tiles can be accessed only by authorized users. The files must be downloaded securely to the employees' devices. The files are stored in an on-premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity. Which solution will meet these requirements? Migrate the file server to an Amazon EC2 instance in a public subnet. Configure the security group to limit inbound traffic to the employees' IP addresses. Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the Amazon FSx file system with the on-premises Active Directory. Configure AWS Client VPN. Migrate the files to Amazon S3, and create a private VPC endpoint. Create a signed URL to allow download. Migrate the files to Amazon S3, and create a public VPC endpoint. Allow employees to sign on with AWS Single Sign-On.
A ride-sharing company stores historical service usage data as structured .csv data files in Amazon S3. A data analyst needs to perform SQL queries on this data. A solutions architect must recommend a solution that optimizes cost-effectiveness for the queries. Which solution meets these requirements? Create an Amazon EMR cluster. Load the data. Perform the queries. Create an Amazon Redshift cluster. Import the data. Perform the queries. Create an Amazon Aurora PostgreSQL DB cluster. Import the data. Perform the queries. Create an Amazon Athena database. Associate the data in Amazon S3. Perform the queries.
A company is running a publicly accessible serverless application that uses Amazon API Gateway and AWS Lambda. The application’s traffic recently spiked due to fraudulent requests from botnets. Which steps should a solutions architect take to block requests from unauthorized users? (Choose TWO) Create a usage plan with an API key that is shared with genuine users only. Integrate logic within the Lambda function to ignore the requests from fraudulent IP addresses. Implement an AWS WAF rule to target malicious requests and trigger actions to filter them out. Convert the existing public API to a private API. Update the DNS records to redirect users to the new API endpoint. Create an IAM role for each user attempting to access the API. A user will assume the role when making the API call.
A business has retained the services of a solutions architect to develop a dependable architecture for its application. The application is comprised of a single Amazon RDS database instance and two manually deployed Amazon EC2 instances running web servers. A single Availability Zone contains all of the EC2 instances. An employee recently removed the database instance, resulting in the application being offline for 24 hours. The firm is concerned with the environment's general dependability. What should the solutions architect do to ensure the application's infrastructure is as reliable as possible? Delete one EC2 instance and enable termination protection on the other EC2 instance. Update the DB instance to be Multi-AZ, and enable deletion protection. Update the DB instance to be Multi-AZ, and enable deletion protection. Place the EC2 instances behind an Application Load Balancer, and run them in an EC2 Auto Scaling group across multiple Availability Zones. Create an additional DB instance along with an Amazon API Gateway and an AWS Lambda function. Configure the application to invoke the Lambda function through API Gateway. Have the Lambda function write the data to the two DB instances. Place the EC2 instances in an EC2 Auto Scaling group that has multiple subnets located in multiple Availability Zones. Use Spot Instances instead of On- Demand Instances. Set up Amazon CloudWatch alarms to monitor the health of the instances. Update the DB instance to be Multi-AZ, and enable deletion protection.
An online photo-sharing company stores its photos in an Amazon S3 bucket that exists in the us-west-1 Region. The company needs to store a copy of all existing and new photos in another geographical location. Which solution will meet this requirement with the LEAST operational effort? Create an additional S3 bucket in another Region and configure cross-Region replication. Create an additional S3 bucket in another Region and configure cross-origin resource sharing (CORS). Create an additional S3 bucket with versioning in another Region and configure cross-Region replication. Create an additional S3 bucket with versioning in another Region and configure cross-origin resource (CORS).
On Amazon EC2 instances, a business is developing an application that creates transitory transactional data. Access to data storage that can deliver adjustable and consistent IOPS is required by the application. What recommendations should a solutions architect make? Provision an EC2 instance with a Throughput Optimized HDD (st1) root volume and a Cold HDD (sc1) data volume. Provision an EC2 instance with a Throughput Optimized HDD (st1) volume that will serve as the root and data volume. Provision an EC2 instance with a General Purpose SSD (gp2) root volume and Provisioned IOPS SSD (io1) data volume. Provision an EC2 instance with a General Purpose SSD (gp2) root volume. Configure the application to store its data in an Amazon S3 bucket.
Prior to implementing a new workload, a solutions architect must examine and update the company's current IAM rules. The following policy was written by the solutions architect. What is the policy's net effect? Users will be allowed all actions except s3:PutObject if multi-factor authentication (MFA) is enabled. Users will be allowed all actions except s3:PutObject if multi-factor authentication (MFA) is not enabled. Users will be denied all actions except s3:PutObject if multi-factor authentication (MFA) is enabled. Users will be denied all actions except s3:PutObject if multi-factor authentication (MFA) is not enabled. .
A company recently expanded globally and wants to make its application accessible to users in those geographic locations. The application is deployed on Amazon EC2 instances behind an Application Load Balancer in an Auto Scaling group. The company needs the ability to shift traffic from resources in one region to another. What should a solutions architect recommend? Configure an Amazon Route 53 latency routing policy. Configure an Amazon Route 53 geolocation routing policy. Configure an Amazon Route 53 geoproximity routing policy. Configure an Amazon Route 53 multivalue answer routing policy.
A solutions architect is developing a two-step order process application. The first step is synchronous and must return with minimal delay to the user. Because the second stage is more time consuming, it will be done as a distinct component. Orders must be processed precisely once and in their original sequence of receipt. How are these components to be integrated by the solutions architect? Use Amazon SQS FIFO queues. Use an AWS Lambda function along with Amazon SQS standard queues. Create an SNS topic and subscribe an Amazon SQS FIFO queue to that topic. Create an SNS topic and subscribe an Amazon SQS Standard queue to that topic.
A company has data stored in an on-premises data center that is used by several on-premises applications. The company wants to maintain its existing application environment and be able to use AWS services for data analytics and future visualizations. Which storage service should a solutions architect recommend? Amazon Redshift AWS Storage Gateway for files Amazon Elastic Block Store (Amazon EBS) Amazon Elastic File System (Amazon EFS).
A company uses a payment processing system that requires messages for particular payment ID to be received in the same order that they were sent. Otherwise, the payments might be processed incorrectly. Which actions should a solutions architect take to meet this requirement? (Select TWO) Write the messages to an Amazon DynamoDB table with the payment ID as the partition key. Write the messages to an Amazon Kinesis data stream with the payment ID as the partition key. Write the messages to an Amazon ElastiCache for Memcached cluster with the payment ID as the key. Write the messages to an Amazon Simple Queue Service (Amazon SQS) queue Set the message attribute to use the payment ID. Write the messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the message group to use the payment ID.
A company runs a public three-Tier web application in a VPC. The application runs on Amazon EC2 instances across multiple Availability Zones. The EC2 instances that run in private subnets need to sommunicate with a license server over the internet. The company needs a managed solution that minimizes operational maintenance. Which solution meets these requirements? Provision a NAT Gateway in a public subnet. Modify each private subnet's route table with a default route that points to the NAT Gateway. Provision a NAT Gateway in a private subnet. Modify each private subnet's route table with a default route that points to the NAT Gateway. Provision a NAT Instance in a private subnet. Modify each private subnet's route table with a default route that points to the NAT Instance. Provision a NAT Instance in a public subnet. Modify each private subnet's route table with a default route that points to the NAT Instance.
A firm is developing a web application on AWS utilizing containers. At any one moment, the organization needs three instances of the web application to be running. The application must be scalable in order to keep up with demand increases. While management is cost-conscious, they agree that the application should be highly accessible. What recommendations should a solutions architect make? Create an Amazon Elastic Container Service (Amazon ECS) cluster using the Fargate launch type. Create a task definition for the web application. Create an ECS service with a desired count of three tasks. Create an Amazon Elastic Container Service (Amazon ECS) cluster using the Amazon EC2 launch type with three container instances in one Availability Zone. Create a task definition for the web application. Place one task for each container instance. Create an Amazon Elastic Container Service (Amazon ECS) cluster using the Fargate launch type with one container instance in three different Availability Zones. Create a task definition for the web application. Create an ECS service with a desired count of three tasks. Create an Amazon Elastic Container Service (Amazon ECS) cluster using the Amazon EC2 launch type with one container instance in two different Availability Zones. Create a task definition for the web application. Place two tasks on one container instance and one task on the remaining container instance.
A company has a web server running on an Amazon EC2 instance in public subnet with an Elastic IP address. The default security group is assigned to the EC2 instances. The default network ACL has been modified to block all traffic. A solution architect needs to make the web server accessible from everywhere on port 443. Which combination of steps will accomplish this task? (Select TWO) Create a security group with a rule to allow TCP port 443 from source 0 0 0.0/0. Create a security group with a rule to allow TCP port 443 to destination 0 0.0.0/0. Update the network ACL to allow TCP port 443 from source 0.0.0.0/0. Update the network ACL to allow inboundoutbound TCP port 443 from source 0.0.0.0/0 and to destination 0.0.0.0/0. Update the network ACL to allow inbound TCP port 443 from source 0.0.0.0/0 and outbound TCP port 32766-65535 to destination 0.0.0.0/0.
A MySQL database is used by a business's order fulfillment service. The database must be able to handle a high volume of concurrent requests and transactions. The database is patched and tuned by developers. This results in delays in the introduction of new product features. The organization wishes to use cloud-based services in order to assist it in addressing this new difficulty. The solution must enable developers to move the database with little or no modifications to the code and must maximize performance. Which solution architect service should be used to achieve these requirements? Amazon Aurora Amazon DynamoDB Amazon ElastiCache MySQL on Amazon EC2.
A company has developed a new content-sharing application that runs on Amazon Elastic Container Service (Amazon ECS). The application runs on Amazon Linux Docker tasks that use the Amazon EC2 launch type. The application requires a storage solution that has the following characteristics: • Accessibility (or multiple ECS tasks through bind mounts • Resiliency across Availability Zones • Burstable throughput of up to 3 Gbps • Ability to be scaled up over time Which storage solution meets these requirements? Launch an Amazon FSx for Windows File Server Multi-AZ instance. Configure the ECS task definitions to mount the Amazon FSx instance volume at launch. Launch an Amazon Elastic File System (Amazon EFS) instance. Configure the ECS task definitions to mount the EFS Instance volume at launch. Create a Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volume with Multi-Attach set to enabled. Attach the EBS volume to the ECS EC2 instance Configure ECS task definitions to mount the EBS instance volume at launch. Launch an EC2 instance with several Provisioned IOPS SSD (k>2) Amazon Elastic Block Store (Amazon EBS) volumes attached m a RAID 0 configuration. Configure the EC2 instance as an NFS storage server. Configure ECS task definitions to mount the volumes at launch.
A recently created startup built a three-tier web application. The front-end has static content. The application layer is based on microservices. User data is stored as JSON documents that need to be accessed with low latency. The company expects regular traffic to be low during the first year with peaks in traffic when it publicizes new features every month. The startup team needs to minimize operational overhead costs. What should a solutions architect recommend to accomplish this? Use Amazon S3 static website hosting to store and serve the front end. Use AWS Elastic Beanstalk tor the application layer. Use Amazon DynamoDB to store user data. Use Amazon S3 static website hosting to store and serve the front end. Use Amazon Elastic Kubernetes Service (Amazon EKSJ for the application layer. Use Amazon DynamoDB lo store user data. Use Amazon S3 static website hosting to store and serve the front end. Use Amazon API Gateway and AWS Lambda function for the application layer. Use Amazon DynamoDB to store user data. Use Amazon S3 static website hosting to store and serve the front end. Use Amazon API Gateway and AWS Lambda function for the application layer. Use Amazon RDS with read replicas to store user data.
A company wants to migrate its 1 PB on-premises image repository to AWS. The images will be used by a serverless web application. Images stored in the repository are rarely accessed, but they must be immediately available. Additionally, the images must be encrypted at rest and protected from accidental deletion. Which solution meets these requirements? Implement client-side encryption and store the images in an Amazon S3 Glacier vault. Set a vault lock to prevent accidental deletion. Store the images in an Amazon S3 bucket in the S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Enable versioning, default encryption, and MFA Delete on the S3 bucket. Store the images in an Amazon FSx for Windows File Server file share. Configure the Amazon FSx file share to use an AWS Key Management Service (AWS KMS) customer master key (CMK) to encrypt the images in the file share. Use NTFS permission sets on the images to prevent accidental deletion. Store the Images in an Amazon Elastic File System (Amazon EFS) file share in the Infrequent Access storage class. Configure the EFS file share to use an AWS Key Management Service (AWS KMS) customer master key (CMK) to encrypt the images in the file share. Use NFS permission sets on the images to prevent accidental deletion.
A leasing company generates and emails PDF statements every month for all its customers. Each statement is about 400 KB in size. Customers can download their statement from the website for up to 30 days from when the statements were generated. At the end of their 3-year lease, the customers are emailed a ZIP file that contains all the statements. What is the MOST cost-effective storage solution for this situation? Store the statements using the Amazon S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 30 days. Store the statements using the Amazon S3 Standard storage class. Create a lifecucle policy to move the statements to Amazon S3 Glacier storage after 1 day. Store the statements using the Amazon S3 Standard storage class. Create a lifecycle policy to move the statements to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) storage after 30 days. Store the statements using the Amazon S3 Glacier storage class. Create a lifecycle policy to move the statements to Amazon S3 Glacier Deep Archive storage after 30 days.
A company has an image processing workload running on Amazon Elastic Container Service (Amazon ECS) in two private subnets. Each private subnet uses a NAT Instance for Internet access. All images are stored in Amazon S3 buckets. The company is concerned about the data transfer costs between Amazon ECS and Amazon S3. What should a solutions architect do to reduce costs? Configure a NAT Gateway to replace the NAT Instance. Configure Amazon CloudFront for the S3 Buckets storing the images. Configure an Interface Endpoint for traffic destined to Amazon S3. Configure a Gateway Endpoint for traffic destined to Amazon S3.
A company is building a new furniture inventory application. The company has deployed the application on a fleet of Amazon EC2 instances across multiple Availability Zones. The EC2 instances run behind an Application Load Balancer (ALB) in their VPC. A solutions architect has observed that incoming traffic seems to favor one EC2 instance resulting in latency for some requests. What should the solutions architect do to resolve this issue? Disable session affinity (sticky sessions) on the ALB. Adjust the frequency of the health checks on the ALB's target group. Replace the ALB with a Network Load Balancer. Increase the number of EC2 instances in each Availability Zone.
A company maintains about 300 TB in Amazon S3 Standard storage month after month. The S3 objects are each typically around 50 GB in size and are frequently replaced with multipart uploads by their global application. The number and size of S3 objects remain constant but the company's S3 storage costs are increasing each month. How should a solutions architect reduce costs in this situation? Configure S3 inventory to prevent objects from being archived too quickly. Switch from multipart uploads to Amazon S3 Transfer Acceleration. Configure Amazon CloudFront to reduce the number of objects stored in Amazon S3. Enable an S3 Lifecycle policy that deletes incomplete multipart uploads.
A company is migrating its application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster behind an Application Load Balancer (ALB). The disaster recovery (DR) requirements for the application include the ability to fail over to another AWS Region with minimal downtime. Which combination of actions should a solutions architect take to meet this requirement? (Select TWO) Create a scaled-down clone environment in the DR Region. Use auto scaling policies with the EKS nodes. Create an Amazon Route 53 record that points to the ALB. Configure an active-passive failover routing policy on the record. Create an AWS Resource Access Manager policy that grants the application users access to the DR environment when the DR environment is needed. Create an AWS Lambda function that monitors the availability of the main environment and deploys the DR environment when the DR environment is needed. Create an AWS CIoudFormation template that deploys the stack. Deploy the same template in the DR Region when the main environment is unavailable.
A company's website runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The website has a mix of dynamic and static content. Users around the globe are reporting that the website is slow. Which set of actions will improve website performance for users worldwide? Create an Amazon CloudFront distribution and configure the ALB as an origin. Then update the Amazon Route 53 record to point to the CloudFront distribution. Host the website in an Amazon S3 bucket in the Regions closest to the users and delete the ALB and EC2 instances. Then update an Amazon Route 53 record to point to the S3 buckets. Launch new EC2 instances hosting the same web application in different Regions closer to the users. Then register the instances with the same ALB using cross-Region VPC peering. Create a latency-based Amazon Route 53 record for the ALB. Then launch new EC2 instances with larger instance sizes and register the instances with the ALB.
A law firm needs to share information with the public. The information includes hunderds of files that must be publicly readable. Modifications or deletion of the files by anyone before a designated future date are prohibited. Which solution will meet these requirements in the MOST secure way? Upload all flies to an Amazon S3 bucket that is configured for static website hosting. Grant read-only IAM permissions to any AWS principals that access the S3 bucket until the designated date. Create a new Amazon S3 bucket with S3 Versioning enabled. Use S3 Object Lock with a retention period in accordance with the designated date. Configure the S3 bucket for static website hosting. Set an S3 bucket policy to allow read-only access to the objects. Create a new Amazon S3 bucket with S3 Versioning enabled. Configure an event trigger to run an AWS Lambda function in case of object modification or deletion. Configure the Lambda function to replace the objects with the original versions from a private S3 bucket. Upload all files to an Amazon S3 bucket that is configured for static website hosting. Select the folder that contains the files. Use S3 Object Lock with a retention period in accordance with the designated date. Grant read-only IAM permissions to any AWS principals that access the S3 bucket.
A recent analysis of a company's IT expenses highlights the need to reduce backup costs. The company's chief information officer wants to simplify the on-premises backup infrastructure and reduce costs by eliminating the use of physical backup tapes. The company must preserve the existing investment in the on-premises backup applications and workflows. What should a solutions architect recommend? Set up an Amazon EFS file system that connects with the backup applications using the NFS interface. Set up AWS Storage Gateway to connect with the backup applications using the iSCSI-virtual tape library (VTL) interface. Set up an Amazon EFS file system that connects with the backup applications using the iSCSI interface. Set up AWS Storage Gateway to connect with the backup applications using the NFS interface.
A company has several web server that need to frequently access a common Amazon RDS MySQL Multi-AZ DB instance. The company wants a secure method for the web servers to connect to the database while meeting a security requirement to rotate user credentials frequently. Which solution meets these requirements? Store the database user credentials in AWS Systems Manager OpsCenter. Grant the necessary IAM permissions to allow the web servers to access OpsCenter. Store the database user credentials in a secure Amazon S3 bucket. Grant the necessary IAM permissions to allow the web servers to retrieve credentials and access the database. Store the database user credentials in files encrypted with AWS Key Management Service (AWS KMS) on the web server file system. The web server should be able to decrypt the files and access the database. Store the database user credentials in AWS Secrets Manager. Grant the necessary IAM permissions to allow the web server to access AWS Secrets Manager.
A company recently migrated a message processing system to AWS. The system receives messages into an ActiveMQ queue running on an Amazon EC2 instance. Messages are processed by a consumer application running on Amazon EC2. The consumer application processes the messages and writes results to a MySQL database running on Amazon EC2. The company wants this application to be highly available with low operational complexity. Which architecture offers the HIGHEST availability? Add a second ActiveMQ server to another Availably Zone. Add an additional consumer EC2 instance in another Availability Zone. Replicate the MySQL database to another Availability Zone. Use Amazon MQ with active/standby brokers configured across two Availability Zones Add an additional consumer EC2 instance in another Availability Zone. Replicate the MySQL database to another Availability Zone. Use Amazon MQ with active/standby blotters configured across two Availability Zones. Add an additional consumer EC2 instance in another Availability Zone. Use Amazon RDS for MySQL with Multi-AZ enabled. Use Amazon MQ with active/standby brokers configured across two Availability Zones. Add an Auto Scaling group for the consumer EC2 instances across two Availability Zones. Use Amazon RDS for MySQL with Multi-AZ enabled.
A company's order fulfillment service uses a MySQL database. The database needs to support a large number of concurrent queries and transactions. Developers are spending time patching and tuning the database. This is causing delays in releasing new product features. The company wants to use cloud-based services to help address this new challenge. The solution must allow the developers to migrate the database with little or no code changes and must optimize performance. Which service should a solutions architect use to meet these requirements? Amazon Aurora Amazon DynamoDB Amazon ElastiCache MySQL on Amazon EC2.
A company is planning to host its compute-intensive applications on Amazon EC2 instances. The majority of the network traffic will be between these applications. The company needs a solution that minimizes latency and maximizes network throughput. The underlying hardware for the EC2 instances must not be shared with any other company. Which solution will meet these requirements? Launch EC2 instances as Dedicated Hosts in a cluster placement group. Launch EC2 instances as Dedicated Hosts in a partition placement group. Launch EC2 instances as Dedicated Instances in a cluster placement group. Launch EC2 instances as Dedicated Instances in a partition placement group.
Management need a summary of AWS billed items broken down by user as part of their budget planning process. Budgets for departments will be created using the data. A solutions architect must ascertain the most effective method of obtaining this report data. Which solution satisfies these criteria? Run a query with Amazon Athena to generate the report. Create a report in Cost Explorer and download the report. Access the bill details from the billing dashboard and download the bill. Modify a cost budget in AWS Budgets to alert with Amazon Simple Email Service (Amazon SES).
A company hosts a three-tier web application that includes a PostgreSQL database. The database stores the metadata from documents. The company searches the metadata for key terms to retrieve documents that the company reviews in a report each month. The documents are stored in Amazon S3. The documents are usually written only once, but they are updated frequency The reporting process takes a few hours with the use of relational queries. The reporting process must not affect any document modifications or the addition of new documents. What are the MOST operationally efficient solutions that meet these requirements? (Select TWO) Set up a new Amazon DocumentDB (with MongoDB compatibility) cluster that includes a read replica Scale the read replica to generate the reports. Set up a new Amazon RDS for PostgreSQL Reserved Instance and an On-Demand read replica Scale the read replica to generate the reports. Set up a new Amazon Aurora PostgreSQL DB cluster that includes a Reserved Instance and an Aurora Replica issue queries to the Aurora Replica to generate the reports. Set up a new Amazon RDS for PostgreSQL Multi-AZ Reserved Instance Configure the reporting module to query the secondary RDS node so that the reporting module does not affect the primary node. Set up a new Amazon DynamoDB table to store the documents Use a fixed write capacity to support new document entries Automatically scale the read capacity to support the reports.
A company has three VPCs named Development, Testing and Production in the us-east-1 Region. The three VPCs need to be connected to an on-premises data center and are designed to be separate to maintain security and prevent any resource sharing. A solutions architect needs to find a scalable and secure solution. What should the solutions architect recommend? Create an AWS Direct Connect connection and a VPN connection for each VPC to connect back to the data center. Create VPC peers from all the VPCs to the Production VPC Use an AWS Direct Connect connection from the Production VPC back to the data center. Connect VPN connections from all the VPCs to a VPN in the Production VPC. Use a VPN connection from the Production VPC back to the data center. Create a new VPC called Network Within the Network VPC create an AWS Transit Gateway with an AWS Direct Connect connection back to the data center Attach all the other VPCs to the Network VPC.
A company has an on-premises data center that is running out of storage capacity. The company wants to migrate its storage infrastructure to AWS while minimizing bandwidth costs. The solution must allow for immediate retrieval of data at no additional cost. How can these requirements be met? Deploy Amazon S3 Glacier Vault and enable expedited retrieval. Enable provisioned retrieval capacity for the workload. Deploy AWS Storage Gateway using cached volumes. Use Storage Gateway to store data in Amazon S3 while retaining copies of frequently accessed data subsets locally. Deploy AWS Storage Gateway using stored volumes to store data locally. Use Storage Gateway to asynchronously back up point-in-time snapshots of the data to Amazon S3. Deploy AWS Direct Connect to connect with the on-premises data center. Configure AWS Storage Gateway to store data locally. Use Storage Gateway to asynchronously back up point-in-time snapshots of the data to Amazon S3.
A company is designing an internet-facing web application. The application runs on Amazon EC2 for Linux-based instances that store sensitive user data in Amazon RDS MySQL Multi-AZ DB instances. The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against web-based attacks. What should a solutions architect recommend? Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer Configure the EC2 instance iptables rules to drop suspicious web traffic. Create a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Move DB instances to the same subnets that EC2 instances are located in. Create a security group for the DB instances Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats. Create a security group for the web application servers and a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the web application server security group. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats. Configure the Auto Scaling group to automatically create new DB instances under heavy traffic. Create a security group for the RDS DB instances. Configure the RDS security group to only allow port 3306 inbound.
A company has migrated several applications to AWS in the past 3 months. The company wants to know the breakdown of costs for each of these applications. The company wants to receive a regular report that includes this information. Which solution will meet these requirements MOST cost-effectively? Use AWS Budgets to download data for the past 3 months into a csv file. Look up the desired information. Load AWS Cost and Usage Reports into an Amazon RDS DB instance. Run SQL queries to get the desired information. Tag all the AWS resources with a key for cost and a value of the application's name. Activate cost allocation tags. Use Cost Explorer to get the desired information. Tag all the AWS resources with a key for cost and a value of the application's name. Use the AWS Billing and Cost Management console to download bills for the past 3 months. Look up the desired information.
A company's application is running on Amazon EC2 instances in a single Region. In the event of a disaster a solutions architect needs to ensure that the resources can also be deployed to a second Region. Which combination of actions should the solutions architect take to accomplish this? (Select TWO) Detach a volume on an EC2 instance and copy it to Amazon S3. Launch a new EC2 instance from an Amazon Machine Image (AMI) in a new Region. Launch a new EC2 instance in a new Region and copy a volume from Amazon S3 to the new instance. Copy an Amazon Machine Image (AMI) of an EC2 instance and specify a different Region for the destination. Copy an Amazon Elastic Block Store (Amazon EBS) volume from Amazon S3 and launch an EC2 instance in the destination Region using that EBS volume.
A company has 150 TB of archived image data stored on-premises that needs to be moved to the AWS Cloud within the next month. The company's current network connection allows up to 100 Mbps uploads for this purpose during the night only. What is the MOST cost-effective mechanism to move this data and meet the migration deadline? Enable Amazon S3 Transfer Acceleration and securely upload the data. Order multiple AWS Snowball devices to ship the data to AWS. Use AWS Snowmobile to ship the data to AWS. Create an Amazon S3 VPC endpoint and establish a VPN to upload the data.
A company's infrastructure consists of hundreds of Amazon EC2 instances that use Amazon Elastic Block Store (Amazon EBS) storage. A solutions architect must ensure that every EC2 instance can be recovered after a disaster. What should the solutions architect do to meet this requirement with the LEAST amount of effort? Take a snapshot of the EBS storage that is attached to each EC2 instance. Create an AWS CloudFormation template to launch new EC2 instances from the EBS storage. Take a snapshot of the EBS storage that is attached to each EC2 instance. Use AWS Elastic Beanstalk to set the environment based on the EC2 template and attach the EBS storage. Use AWS Backup to set up a backup plan for the entire group of EC2 instances. Use the AWS Backup API or the AWS CLI to speed up the restore process for multiple EC2 instances. Create an AWS Lambda function to take a snapshot of the EBS storage that is attached to each EC2 instance and copy the Amazon Machine Images (AMIs). Create another Lambda function to perform the restores with the copied AMIs and attach the EBS storage.
A company receives structured and semi-structured data from various sources once every day. A solutions architect needs to design a solution that leverages big data processing frameworks. The data should be accessible using SQL queries and business intelligence tools. What should the solutions architect recommend to build the MOST high-performing solution? Use AWS Glue to process data and Amazon S3 to store data. Use Amazon EMR to process data and Amazon Redshift lo store data. Use Amazon EC2 to process data and Amazon Elastic Block Store (Amazon EBS) to store data. Use Amazon Kinesis Data Analytics to process data and Amazon Elastic File System (Amazon EFS) to store data.
A company hosts a marketing website in an on-premises data center. The website consists of static documents and runs on a single server. An administrator updates the website content infrequently and uses an SFTP client to upload new documents. The company decides to host its website on AWS and to use Amazon CloudFront. The company's solutions architect creates a CloudFront distribution. The solutions architect must design the most cost-effective and resilient architecture for website hosting to serve as the CloudFront origin. Which solution will meet these requirements? Create a virtual server by using Amazon Lightsail Configure the web server in the Lightsail instance. Upload website content by using an SFTP client. Create an AWS Auto Scaling group for Amazon EC2 instances. Use an Application Load Balancer Upload website content by using an SFTP client. Create a private Amazon S3 bucket. Use an S3 bucket policy to allow access from a CloudFront origin access identity (OAI). Upload website content by using the AWS CLI. Create a public Amazon S3 bucket Configure AWS Transfer for SFTP Configure the S3 bucket for website hosting. Upload website content by using the SFTP client.
A company has two AWS accounts: Production and Development. The company needs to push code changes in the Development account to the Production account. In the alpha phase, only two developers on the development team need access to the Production account. In the beta phase, more developers will need access to perform testing. Which solution will meet these requirements? Create two policy documents by using the AWS Management Console in each account. Assign the policy to developers who need access. Create an IAM role in the Development account. Grant the IAM role access to the Production account. Allow developers to assume the role. Create an IAM role in the Production account. Define a trust policy that specifies the Development account. Allow developers to assume the role. Create an IAM group in the Production account. Add the group as a principal in a trust policy that specifies the Production account. Add developers to the group.
A company is planning to use Amazon S3 to store images uploaded by its users. The images must be encrypted at rest in Amazon S3. The company does not want to spend time managing and rotating the keys, but it does want to control who can access those keys. What should a solutions architect use to accomplish this? Server-Side Encryption with keys stored in an S3 bucket. Server-Side Encryption with Customer-Provided Keys (SSE-C). Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3). Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS).
A solutions architect is migrating a document management workload to AWS. The workload keeps 7 TiB of contract documents on a snared storage file system and tracks them on an external database. Most of the documents are stored and retrieved eventually for reference m the future. The application cannot De modified during the migration, and the storage solution must be highly available. Documents are retrieved and stored by web servers that run on Amazon EC2 instances In an Auto Scaling group. The Auto Scaling group can have up to 12 instances. Which solution meets these requirements MOST cost-effectively? Provision an enhanced networking optimized EC2 instance to serve as a shared NFS storage system. Create an Amazon S3 bucket that uses the S3 Standard-infrequent Access (S3 Standard-lA) storage class Mount the S3 bucket to the EC2 instances in the Auto Scaling group group Create an SFTP server endpoint by using AWS Transfer for SFTP and an Amazon S3 bucket Configure the EC2 instances m the Auto Scaling group to connect to the SFTP server. Create an Amazon Elastic File System (Amazon EFS) file system that uses the EFS Standard-Infrequent Access (EFS Standard-lA) storage class. Mount the file system to the EC2 instances in the Auto Scaling.
A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team IAM user credentials according to the principle of least privilege. Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution. What should a solutions architect do to secure the audit documents? Enable the versioning and MFA Delete features on the S3 bucket. Enable multi-factor authentication (MFA) on the IAM user credentials for each audit team IAM user account. Add an S3 Lifecycle policy to the audit team's IAM user accounts to deny the s3:DeleteObject action during audit dates. Use AWS Key Management Service (AWS KMS) to encrypt the S3 bucket and restrict audit team IAM user accounts from accessing the KMS key.
A company has deployed a business-critical application in the AWS Cloud. The application uses Amazon EC2 instances that run in the us-east-1 Region. The application uses Amazon S3 for storage of all critical data. To meet compliance requirements the company must create a disaster recovery (DR) plan that provides the capability of a full failover to another AWS Region. What should a solutions architect recommend for this DR plan? Deploy the application to multiple Availability Zones in us-east-1. Create a resource group in AWS Resource Groups. Turn on automatic failover for the application to use a predefined recovery Region. Perform a virtual machine (VM) export by using AWS Import/Export on the existing EC2 instances. Copy the exported instances to the destination Region in the event of a disaster provision new EC2 instances from the exported EC2 instances. Create snapshots of all Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the EC2 instances in us-east-1. Copy the snapshots to the destination Region. In the event of a disaster provision new EC2 instances from the EBS snapshots. Use S3 Cross-Region Replication for the data that is stored in Amazon S3. Create an AWS CloudFormation template for the application with an S3 bucket parameter. In the event of a disaster deploy the template to the destination Region and specify the local S3 bucket as the parameter.
A solutions architect must secure a VPC network that hosts Amazon EC2 instances. The EC2 instances contain highly sensitive data and run in a private subnet. According to company policy the EC2 instances mat run m the VPC can access only approved third-party software repositories on the internet for software product updates that use the third party's URL Other internet traffic must be blocked. Which solution meets these requirements? Update the route table for the private subnet to route the outbound traffic to an AWS Network Firewall. Configure domain list rule groups. Set up an AWS WAF web ACL. Create a custom set of rules that filter traffic requests based on source and destination IP address range sets. Implement strict inbound security group roles. Configure an outbound rule that allows traffic only to the authorized software repositories on the internet by specifying the URLs. Configure an Application Load Balancer (ALB) in front of the EC2 instances. Direct an outbound traffic to the ALB Use a URL-based rule listener in the ALB's target group for outbound access to the internet.
A company has multiple AWS accounts, for various departments. One of the departments wants to share an Amazon S3 bucket with all other department. Which solution will require the LEAST amount of effort? Enable cross-account S3 replication for the bucket. Create a pre signed URL tor the bucket and share it with other departments. Set the S3 bucket policy to allow cross-account access to other departments. Create IAM users for each of the departments and configure a read-only IAM policy.
An application that is hosted on Amazon EC2 instances needs to access an Amazon S3 bucket Traffic must not traverse the internet. How should a solutions architect configure access to meet these requirements? Create a private hosted zone by using Amazon Route 53. Set up a gateway VPC endpoint for Amazon S3 in the VPC. Configure the EC2 instances to use a NAT gateway to access the S3 bucket. Establish an AWS Site-to-Site VPN connection between the VPC and the S3 bucket.
Which of the following AWS services can be used to define alarms to trigger on a certain activity, such as activity success, failure, or delay in AWS Data Pipeline? Amazon SES Amazon CodeDepIoy Amazon SNS Amazon SQS.
Report abuse Consent Terms of use