A company runs a legacy application with a single-tier architecture on an Amazon EC2 instance Disk I/O is low, with
occasional small spikes during business hours. The company requires the instance to be stopped from 8 PM to 8 AM
daily.
Which storage option is MOST appropriate for this workload? Amazon EC2 instance storage Amazon EBS General Purpose SSD (gp2) storage Amazon S3 Amazon EBS Provisioned IOPS SSD (io2) storage.
A solutions architect is designing a security solution for a company that wants to provide developers with individual AWS
accounts through AWS Organizations, while also maintaining standard security controls. Because the individual
developers will have AWS account root user-level access to their own accounts, the solutions architect wants to ensure
that the mandatory AWS CloudTrail configuration that is applied to new developer accounts is not modified.
Which action meets these requirements? Create an IAM policy that prohibits changes to CloudTrail, and attach it to the root user. Create a new trail in CloudTrail from within the developer accounts with the organization trails option enabled. Create a service control policy (SCP) the prohibits changes to CloudTrail, and attach it the developer accounts. Create a service-linked role for CloudTrail with a policy condition that allows changes only from an Amazon Resource Name (ARN) in the master account.
A solutions architect has created a new AWS account and must secure AWS account root user access.
Which combination of actions will accomplish this? (Select TWO) Ensure the root user uses a strong password. Enable multi-factor authentication to the root user. Store root user access keys in an encrypted Amazon S3 bucket. Add the root user to a group containing administrative permissions. Apply the required permissions to the root user with an inline policy document.
A company owns an asynchronous API that is used to ingest use requests and, based on the request type, dispatch requests to the appropriate microservice for processing. The company is using Amazon API Gateway to deploy the API front end, and an AWS Lambda function that invokes Amazon DynamoDB to store user requests before dispatching
them to the processing microservices. The company provisioned as much DynamoDB throughput as its budget allows, but the company is still experiencing availability issues and is losing user requests.
What should a solutions architect do to address this Issue without impacting existing users? Add throttling on the API Gateway with server-side throttling limits. Use DynamoDB Accelerator (DAX) and Lambda to buffer writes to DynamoDB. Create a secondary index in DynamoDB for the label with the user requests. Use the Amazon Simple Queue Service (Amazon SQS) queue and Lambda to buffer writes to DynamoDB.
A company is designing a new multi-tier web application that consists of the following components:
- Web and application servers that run on Amazon EC2 instances as part of Auto Scaling groups
- An Amazon RDS DB instance for data storage
A solutions architect needs to limit access to the application servers so that only the web servers can access them.
Which solution will meet these requirements? Deploy AWS PrivateLink in front of the application servers. Configure the network ACL to allow only the web servers to access the application servers. Deploy a VPC endpoint in front of the application servers. Configure the security group to allow only the web servers to access the application servers. Deploy a Network Load Balancer with a target group that contains the application servers' Auto Scaling group. Configure the network ACL to allow only the web servers to access the application servers. Deploy an Application Load Balancer with a target group that contains the application servers' Auto Scaling group. Configure the security group to allow only the web servers to access the application servers.
A solution architect has created two IAM policies. Policy1 and Policy2. Both policies are attached to an IAM group.
A cloud engineer is added as an IAM user to the IAM group.
Which action will the cloud engineer be able to perform? Deleting IAM users Deleting directories Deleting Amazon EC2 instances Deleting logs from Amazon CloudWatch Logs.
A company is building a mobile app on AWS. The company wants to expand its reach to millions of users. The company needs to build a platform so that authorized users can watch the company's content on their mobile devices
What should a solutions architect recommend to meet these requirements? Publish content to a public Amazon S3 bucket. Use AWS Key Management Service (AWS KMS) keys to stream content. Set up IPsec VPN between the mobile app and the AWS environment to stream content. Use Amazon CloudFront Provide signed URLs to stream content. Set up AWS Client VPN between the mobile app and the AWS environment to stream content.
A company is adopting serverless architecture. The company's solutions architect wants to modernize an application that has source data in csv format. A large team of developers needs to use the application to run SQL queries and reports on demand by joining data across multiple tables
Which combination of actions will meet these requirements MOST cost-effectively? (Select TWO) Store the source data in Amazon S3. Load the source data into Amazon RDS. Run on-demand reports and queries by using Amazon Athena. Run on-demand reports and queries by using Amazon QuickSight. Run on-demand reports and queries by using Amazon DynamoDB.
A company is planning to run a group of Amazon EC2 instances that connect to an Amazon Aurora database. The company has built an AWS CloudFormation template to deploy the EC2 instances and the Aurora DB cluster. The company wants to allow the instances to authenticate to the database in a secure way. The company does not want to maintain static database credentials.
Which solution meets these requirements with the LEAST operational effort? Create a database user with a user name and password. Add parameters for the database user name and password to the CloudFormation template. Pass the parameters to the EC2 instances when the instances are launched. Create a database user with a user name and password. Store the user name and password in AWS Systems Manager Parameter Store. Configure the EC2 instances to retrieve the database credentials from Parameter Store. Configure the DB cluster to use IAM database authentication. Create a database user to use with IAM authentication. Associate a role with the EC2 instances to allow applications on the instances to access the database. Configure the DB cluster to use IAM database authentication with an IAM user. Create a database user that has a name that matches the IAM user. Associate the IAM user with the EC2 instances to allow applications on the instances to access the database.
A solutions architect is implementing a document review application using an Amazon S3 bucket for storage. The solution must prevent accidental deletion of the documents and ensure that all versions of the documents are available. Users must be able to download, modify, and upload documents.
Which combination of actions should be taken to meet these requirements? (Select TWO) Enable a read-only bucket ACL. Enable versioning on the bucket. Attach an IAM policy to the bucket. Enable MFA Delete on the bucket. Encrypt the bucket using AWS KM.
An Amazon EC2 administrator created the following policy associated with an IAM group containing several users.
What is the effect of this policy? Users can terminate an EC2 instance in any AWS Region except us-east-1. Users can terminate an EC2 instance with the IP address 10.100.100.1 in the us-east-1 Region. Users can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254. Users cannot terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254.
A media streaming company collects real-time data and stores it in a disk-optimized database system. The company is not getting the expected throughput and wants an in-memory database storage solution that performs faster and provides high availability using data replication.
Which database should a solutions architect recommend? Amazon RDS for MySQL Amazon RDS for PostgreSQL Amazon ElastiCache for Redis Amazon ElastiCache for Memcached.
A firm seeks to migrate its accounting system from an on-premises data center to an Amazon Web Services (AWS) Region. Data security and an unalterable audit log should be prioritized. All AWS activities must be subjected to compliance audits. Despite the fact that the business has enabled AWS CloudTrail, it want to guarantee that it meets these requirements.
What precautions and security procedures should a solutions architect include to protect and secure CloudTrail? (Choose TWO) Enable CloudTrail log file validation. Install the CloudTrail Processing Library. Enable logging of Insights events in CloudTrail. Enable custom logging from the on-premises resources. Create an AWS Config rule to monitor whether CloudTrail is configured to use server-side encryption with AWS KMS managed encryption keys (SSE-KMS).
A pharmaceutical company is developing a new drug. The volume of data that the company generates has grown exponentially over the past few months. The company's researchers regularly require a subset of the entire dataset to be immediately available with minimal lag. However, the entire dataset does not need to be accessed on a daily basis. All the data currently resides in on-premises storage arrays, and the company wants to reduce ongoing capital expenses.
Which storage solution should a solutions architect recommend to meet these requirements? Run AWS DataSync as a scheduled cron job to migrate the data to an Amazon S3 bucket on an ongoing basis. Deploy an AWS Storage Gateway file gateway with an Amazon S3 bucket as the target storage. Migrate the data to the Storage Gateway appliance. Deploy an AWS Storage Gateway volume gateway with cached volumes with an Amazon S3 bucket as the target storage. Migrate the data to the Storage Gateway appliance. Configure an AWS Site-to-Site VPN connection from the on-premises environment to AWS. Migrate data to an Amazon Elastic File System (Amazon EFS) file system.
An ecommerce company is running a multi-tier application on AWS. The front-end and back-end tiers run on Amazon EC2, and the database runs on Amazon RDS for MYSQL. The back-end tier communicates with the RDS instance. There are frequent calls to return identical datasets from the database that are causing performance slowdowns.
Which action should be taken to improve the performance of the back-end? Implement Amazon SNS to store the database calls. Implement Amazon ElasticCache to cache the large database. Implement an RDS for MySQL read replica to cache database calls. Implement Amazon Kinesis Data Firehose to stream the calls to the database.
An application allows users at a company's headquarters to access product data. The product data is stored in an Amazon RDS MySQL DB instance. The operations team has isolated an application performance slowdown and wants to separate read traffic from write traffic A solutions architect needs to optimize the application's performance quickly
What should the solutions architect recommend? Change the existing database to a Multi-AZ deployment. Serve the read requests from the primary Availability Zone. Change the existing database to a Multi-AZ deployment. Serve the read requests from the secondary Availability Zone. Create read replicas for the database. Configure the read replicas with half of the compute and storage resources as the source database. Create read replicas for the database. Configure the read replicas with the same compute and storage resources as the source database.
A company has a large Microsoft SharePoint deployment running on-premises that requires Microsoft Windows shared file storage. The company wants to migrate this workload to the AWS Cloud and is considering various storage options. The storage solution must be highly available and integrated with Active Directory for access control
Which solution will satisfy these requirements? Configure Amazon EFS Amazon Elastic File System (Amazon EFS) storage and set the Active Directory domain for authentication. Create an SMB file share on an AWS Storage Gateway file gateway in two Availability Zones. Create an Amazon S3 bucket and configure Microsoft Windows Server to mount it as a volume. Create an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication.
A monolithic application was recently migrated to AWS and is now running on a single Amazon EC2 instance Due to application limitations it is not possible to use automatic scaling to scale out the application. The chief technology officer (CTO) wants an automated solution to restore the EC2 instance in the unlikely event the underlying hardware fails
What would allow automatic recovery of the EC2 instance as quickly as possible? Configure an Amazon CloudWatch alarm that triggers the recovery of the EC2 instance if it becomes impaired. Configure an Amazon CloudWatch alarm to trigger an SNS message that alerts the CTO when the EC2 instance is impaired. Configure AWS CloudTrail to monitor the health of the EC2 instance, and if it becomes impaired, trigger instance recovery. Configure an Amazon EventBridge event to trigger an AWS Lambda function once an hour that checks the health of the EC2 instance and triggers instance recovery if the EC2 instance is unhealthy.
A solutions architect must design a solution that uses Amazon CloudFront with an Amazon S3 origin to store a static website. The company's security policy requires that all website traffic be inspected by AWS WAF.
How should the solutions architect comply with these requirements? Configure an S3 bucket policy to accept requests coming from the AWS WAF Amazon Resource Name (ARN) only. Configure Amazon CloudFront to forward all incoming requests to AWS WAF before requesting content from the S3 origin. Configure a security group that allows Amazon CloudFront IP addresses to access Amazon S3 only. Associate AWS WAF to CloudFront. Configure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucket. Enable AWS WAF on the distribution.
A company has a mobile chat application with a data store based in Amazon DynamoDB. UUsers would like new messages to be read with as little latency as possible. A possible architect needs design an optimal solution that requires minimal application changes.
Which method should the solution architect select? Configure amazon DynamoDB Accelerator (DAX) for the new messages table. Update the code to use DAX endpoint. Add DynamoDB read replicas to handle the increased read lead the application to point to the read endpoint for the read replicas. Double the number of read capacity units for the new messages table in DynamoDB. Continue to use the existing DynamoDB endpoint.
Add an Amazon ElastiCache for Redis cache to the application stack. Update the application to point to the Redis cache endpoint of DynamoDB.
An online learning company is migrating to the AWS Cloud. The company maintains its student records in a PostgreSQL database. The company needs a solution in which its data is available and online across multiple AWS Regions at all times.
Which solution will meet these requirements with the LEAST amount of operational overhead? Migrate the PostgreSQL database to a PostgreSQL cluster on Amazon EC2 instances. Migrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance with the Multi-AZ feature turned on. Migrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance. Create a read replica in another Region. Migrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance. Set up DB snapshots to be copied to another Region.
A company has been running a web application with an Oracle relational database in an on-premises data center for the past 15 years. The company must migrate the database to AWS. The company needs to reduce operational overhead without having to modify the application's code.
Which solution meets these requirements? Use AWS Database Migration Service (AWS DMS) to migrate the database servers to Amazon RDS. Use Amazon EC2 instances to migrate and operate the database servers. Use AWS Database Migration Service (AWS DMS) to migrate the database servers to Amazon DynamoDB. Use an AWS Snowball Edge Storage Optimized device to migrate the data from Oracle to Amazon Aurora.
A company recently started using Amazon Aurora as the data store for its global ecommerce application. When large reports are run developers report that the ecommerce application is performing poorly. After reviewing metrics in Amazon CloudWatch, a solutions architect finds that the ReadlOPS and CPU Utilization metrics are spiking when monthly reports run.
What is the MOST cost-effective solution? Migrate the monthly reporting to Amazon Redshift. Migrate the monthly reporting to an Aurora Replica. Migrate the Aurora database to a larger instance class. Increase the Provisioned IOPS on the Aurora instance.
A bicycle sharing company is developing a multi-tier architecture to track the location of its bicycles during peak operating hours. The company wants to use these data points in its existing analytics platform A solutions architect must determine the most viable multi-tier option to support this architecture. The data points must be accessible from the REST API.
Which action meets these requirements for storing and retrieving location data? Use Amazon Athena with Amazon S3. Use Amazon API Gateway with AWS Lambda. Use Amazon QuickSight with Amazon Redshift. Use Amazon API Gateway with Amazon Kinesis Data Analytics.
A company has a data ingestion workflow that consists the following:
- An Amazon Simple Notification Service (Amazon SNS) topic for notifications about new data deliveries
- An AWS Lambda function to process the data and record metadata
The company observes that the ingestion workflow fails occasionally because of network connectivity issues. When such a failure occurs, the Lambda function does not ingest the corresponding data unless the company manually reruns the job.
Which combination of actions should a solutions architect take to ensure that the Lambda function ingests all data in the future? (Select TWO) Configure the Lambda function In multiple Availability Zones. Create an Amazon Simple Queue Service (Amazon SQS) queue, and subscribe It to me SNS topic. Increase the CPU and memory that are allocated to the Lambda function. Increase provisioned throughput for the Lambda function. Modify the Lambda function to read from an Amazon Simple Queue Service (Amazon SQS) queue.
A company is building a new data analysis application that will ingest large volumes of data into an Amazon S3 bucket. The company is concerned that sensitive information, such as personally identifiable information (Pll). might be included in some of the data that is ingested. The company needs a solution that will scan for sensitive data and log the findings.
What should a solutions architect recommend to meet these requirements? Deploy Amazon Inspector to scan the ingested data Configure Amazon Inspector to log findings to Amazon CloudWatch if Amazon Inspector finds any sensitive data. Deploy Amazon QuickSight to scan the ingested data. Configure QuickSight to log findings to Amazon CloudWatch if QuickSight finds any sensitive data. Create a series of AWS Lambda functions to call Amazon GuardDuty to perform scans of the ingested data. If GuardDuty finds any sensitive data, invoke a Lambda function to write findings to Amazon CloudWatch. Create a series of AWS Lambda functions to call Amazon Macie to perform scans of the ingested data. If Macie finds any sensitive data, invoke a Lambda function to write findings to Amazon CloudWatch.
A company is creating a three-tier web application consisting of a web server an application server and a database server. The application will track GPS coordinates of packages as they are being delivered. The application will update the database every 0-5 seconds.
The tracking will need to be read as fast as possible for users to check the status of their packages. Only a few packages might be tracked on some days whereas millions of packages might be tracked on other days. Tracking will need to be searchable by tracking ID customer ID and order ID. Orders older than 1 month no longer need to be tracked.
What should a solutions architect recommend to accomplish this with minimal total cost of ownership? Use Amazon DynamoDB. Enable Auto Scaling on the DynamoDB table. Schedule an automatic deletion script for items older than 1 month. Use Amazon DynamoDB with global secondary indexes. Enable Auto Scaling on the DynamoDB table and the global secondary indexes. Enable TTL on the DynamoDB table. Use an Amazon RDS On-Demand Instance with Provisioned IOPS (PlOPS). Enable Amazon CloudWatch alarms to send notifications when PIOPS are exceeded Increase and decrease PIOPS as needed. Use an Amazon RDS Reserved Instance with Provisioned IOPS (PIOPS). Enable Amazon CloudWatch alarms to send notifications when PIOPS are exceeded. Increase and decrease PIOPS as needed.
A company is migrating to the AWS Cloud. A file server is the first workload to migrate Users must be able to access the file share using the Server Message Block (SMB) protocol.
Which AWS managed service meets these requirements? Amazon EBS Amazon EC2 Amazon FSx Amazon S3.
A company with multiple accounts and teams wants to set up a new multi-account AWS environment.
Which AWS service supports this requirement? AWS CloudFormation AWS Control Tower AWS Config Amazon Virtual Private Cloud (Amazon VPC).
A company wants its public web application to run on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The application must use a publicly trusted SSL certificate.
Which solution will meet these requirements MOST cost-effectively? Provision a public SSL/TLS certificate through AWS Certificate Manager (ACM). Configure the new certificate on the HTTPS listener for the ALB. Use AWS Certificate Manager Private Certificate Authonty to issue an SSL/TLS certificate. Configure the new certificate on the HTTPS listener for the ALB. Create a self-signed certificate on one of the EC2 instances in the Auto Scaling group. Export the certificate, and configure it on the HTTPS listener for the ALB. Deploy an EC2-hosted certificate authority (CA). Import a trusted root certificate. Issue a new SSL/TLS certificate. Configure the new certificate on the HTTPS listener for the ALB.
A company has multiple AWS accounts with applications deployed in the us-west-2 Region. Application logs are stored within Amazon S3 buckets in each account. The company wants to build a centralized log analysis solution that uses a single S3 bucket. Logs must not leave us-west-2 and the company wants to incur minimal operational overhead.
Which solution meets these requirements and is MOST cost-effective? Create an S3 Lifecycle policy that copies the objects from one of the application S3 buckets to the centralized S3 bucket. Use S3 Same-Region Replication to replicate logs from the S3 buckets to another S3 bucket in us-west-2. Use this S3 bucket for log analysis. Write a script that uses the PutObject API operation every day to copy the entire contents of the buckets to another S3 bucket in us-west-2. Use this S3 bucket for log analysis. Write AWS Lambda functions in these accounts that are triggered every time logs are delivered to the S3 buckets (s3:ObjectCreated " event).Copy the logs to another S3 bucket in us-west-2 Use this S3 bucket for log analysis.
A company has a highly dynamic batch processing job that uses many Amazon EC2 instances to complete it. The job is stateless in nature, can be started and stopped at any given time with no negative impact, and typically takes upwards of 60 minutes total to complete. The company has asked a solutions architect to design a scalable and cost-effective solution that meets the requirements of the job.
What should the solutions architect recommend? Implement EC2 Spot Instances Purchase EC2 Reserved Instances Implement EC2 On-Demand Instances Implement the processing on AWS Lambda.
A company has an API-based inventory reporting application running on Amazon EC2 instances. The application stores information in an Amazon DynamoDB table. The company's distribution centers have an on-premises shipping application that calls an API to update the inventory before printing shipping labels. The company has been experiencing application interruptions several times each day, resulting in lost transactions.
What should a solutions architect recommend to improve application resiliency? Modify the shipping application to write to a local database. Modify the application APIs to run serverless using AWS Lambda. Configure Amazon API Gateway to call the EC2 inventory application APIs. Modify the application to send inventory updates using Amazon Simple Queue Service (Amazon SQS).
Amazon EC2 instances on private subnets are used to execute an application. The application requires access to a table in Amazon DynamoDB.
What is the MOST SECURE method of accessing the table without allowing traffic to exit the AWS network? Use a VPC endpoint for DynamoDB. Use a NAT gateway in a public subnet. Use a NAT instance in a private subnet. Use the internet gateway attached to the VPC.
A company currently operates a web application backed by an Amazon RDS MySQL database. It has automated backups that are run daily and are not encrypted. A security audit requires future backups to be encrypted and the unencrypted backups to be destroyed. The company will make at least one encrypted backup before destroying the old backups.
What should be done to enable encryption for future backups? Enable default encryption for the Amazon S3 bucket where backups are stored. Modify the backup section of the database configuration to toggle the Enable encryption check box. Create a snapshot of the database. Copy it to an encrypted snapshot. Restore the database from the encrypted snapshot. Enable an encrypted read replica on RDS for MySQL. Promote the encrypted read replica to primary. Remove the original database instance.
A company has deployed a database in Amazon RDS for MySQL. Due to increased transactions, the database support team is reporting slow reads against the DB instance and recommends adding a read replica.
Which combination of actions should a solutions architect take before implementing this change? (Choose TWO) Enable binlog replication on the RDS primary node. Choose a failover priority for the source DB instance. Allow long-running transactions to complete on the source DB instance. Create a global table and specify the AWS Regions where the table will be available. Enable automatic backups on the source instance by setting the backup retention period to a value other than 0.
A news company that has reporters all over the world is hosting its broadcast system on AWS. The reporters send live broadcasts to the broadcast system. The reporters use software on their phones to send live streams through the Real Time Messaging Protocol (RTMP).
A solutions architect must design a solution that gives the reporters the ability to send the highest quality streams. The solution must provide accelerated TCP connections back to the broadcast system.
What should the solutions a use to meet these requirements? Amazon CloudFront AWS Global Accelerator AWS Client VPN Amazon EC2 Instances and AWS Elastic IP addresses.
A company uses a simple state website and wants to host it on AWS. The company already has a domain that it uses for email. The company needs a hosting solution that supports HTTPS.
Which solution will meet these requirements MOST cost-effectively? Create an Amazon S3 bucket with a name to match the website. Upload the website to the S3 bucket. Set up website hosting for the S3 bucket. Set up the DNS to point to the S3 website endpoint. Create an Amazon S3 bucket upload the website to the S3 bucket. Set up an HTTPS certificate by using AWS Certificate Manage (ACM). Create in Amazon CloudFront distribution for the S3 bucket and choose Price Class All. Set up an open-source content management system (CMS) from AWS Marketplace Deploy the CMS across two Availability Zones. Copy the website onto the CMS Set up the DNS to point to me CMS. Create an Amazon S3 bucket Upload the website to the S3 bucket. Set up an HTTPS certificate by using AWS Certifcate Manager (ACM). Create an Amazon CloudFront distribution for the S3 bucket and choose Price Class 100 Point to the CloudFront distribution.
A business application is hosted on Amazon EC2 and uses Amazon S3 for encrypted object storage. The chief information security officer has directed that no application traffic between the two services should traverse the public internet.
Which capability should the solutions architect use to meet the compliance requirements? AWS Key Management Service (AWS KMS) VPC endpoint Private subnet Virtual private gateway.
A company runs an application in a branch office within a small data closet with no virtualized compute resources. The application data is stored on an NFS volume. Compliance standards require a daily offsite backup of the NFS volume.
Which solution meet these requirements? Install an AWS Storage Gateway file gateway on premises to replicate the data to Amazon S3. Install an AWS Storage Gateway file gateway hardware appliance on premises to replicate the data to Amazon S3. Install an AWS Storage Gateway volume gateway with stored volumes on premises to replicate the data to Amazon S3. Install an AWS Storage Gateway volume gateway with cached volumes on premises to replicate the data to Amazon S3.
A company has an on-premises MySQL database used by the global tales team with infrequent access patterns. The sales team requires the database to have minimal downtime. A database administrate wants to migrate this database to AWS without selecting a particular instance type in anticipation of more users in the future.
Which service should a solutions architect recommend? Amazon Aurora MySQL Amazon Aurora Serverless tor MySQL Amazon Redshift Spectrum Amazon RDS for MySQL.
A company's web application is running on Amazon EC2 instances behind an application Load Balancer. The company changed its policy, which now requires the application to be accessed from one specific country only.
Which configuration will meet this requirement? Configure the security group for the EC2 Instances. Configure the security group on the Application Load Balancer. Configure AWS WAF on the Application Load Balancer in a VPC. Configure the network ACL for the subnet that contains the EC2 instances.
A company is running an application on AWS to process weather sensor data that is stored in an Amazon S3 bucket. Three batch jobs run hourly to process the data in the S3 bucket for different purposes. The company wants to reduce the overall processing time by running. The three applications in parallel using an event-based approach.
What should a solutions architect do to meet these requirements? Enable S3 Event Notifications for new objects to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Subscribe all applications to the queue for processing. Enable S3 Event Notifications for new objects to an Amazon Simple Queue Service (Amazon SQS) standard queue. Create an additional SQS queue for all applications, and subscribe all applications to the initial queue for processing. Enable S3 Event Notifications for new objects to separate Amazon Simple Queue Service (Amazon SQS) FIFO queues. Create an additional SQS queue for each application, and subscribe each queue to the initial topic for processing. Enable S3 Event Notifications for new objects to an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon Simple Queue Service (Amazon SQS) queue for each application, and subscribe each queue to the topic for processing.
A company is running a database on an Amazon RDS for MySQL DB instance. The company must maintain a near-real-time replica of the database on premises. The company needs to encrypt the data in transit and is using a 1 Gbps AWS Direct Connect connection.
Which solution will meet these requirements? Use AWS Data Pipeline to replicate from AWS to on premises over an IPsec VPN on top of the Direct Connect connection. Use MySQL replication to replicate from AWS to on-premises over an IPsec VPN on top of the Direct Connect connection. Use the RDS Multi-AZ feature. Choose on premises as the failover Availability Zone over an IPsec VPN on top of the Direct Connect connection. Use AWS Database Migration Service (AWS DMS) and Direct Connect with MACsec encryption to continuously replicate the data from AWS to on-premises.
An application hosted on AWS is experiencing performance problems, and the application vendor wants to perform an analysis of the log file to troubleshoot further. The log file is stored on Amazon S3 and is 10GB in size. The application owner will make the log file available to the vendor for a limited time.
What it the MOST secure way to do this? Enable public read on the S3 object and provide the link to the vendor. Upload the file to Amazon WorkDocs and share the public link with the vendor. Generate a presigned URL and have the vendor download the log file before it expires. Create an IAM user for the vendor to provide access to the S3 bucket and the application. Enforce multifactor authentication.
A company uses a combination of Amazon EC2 instances and AWS Fargate tasks to process daily transactions. The company faces unpredictable and sudden increases in transaction volume. The company needs a solution that will process the transactions immediately.
Which solution meets these requirement MOST cost-effectively? Purchase a Compute Savings Plan. Purchase an EC2 Instance Savings Plan. Purchase Reserved Instances tor existing EC2 workloads. Use Spot Instances for existing EC2 workloads. Use Fargate Spot capacity for the tasks.
Some of the company’s customers are retrieving records frequently, leading to an increase in costs for the company. The company wants to limit retrieved requests in the future. The company also wants to ensure that if one customer reaches its retrieval limit other customers will not affected.
Which solution will meet these requirements? Set up server-side throttling limits for API Gateway. Limit DynamoDB read throughput on the table lo an amount that results m the maximum cost that the company is willing to incur. Set up a usage plan for API Gateway. Implement throttling limits tor each customer, and distribute API keys to each customer. Set up AWS Budgets. Monitor the usage of API Gateway and DynamoDB Configure an alarm to provide an alert when the cost exceeds a certain threshold each month.
A company wants to host a scalable web application on AWS. The application will be accessed by users from different geographic regions of the world. Application users will be able to download and upload unique data up to gigabytes in size. The development team wants a cost-effective solution to minimize upload and download latency and maximize performance.
What should a solutions architect do to accomplish this? Use Amazon S3 with Transfer Acceleration to host the application. Use Amazon S3 with CacheControl headers to host the application. Use Amazon EC2 with Auto Scaling and Amazon CloudFront to host the application. Use Amazon EC2 with Auto Scaling and Amazon ElastiCache to host the application.
A public-facing web application queries a database hosted on a Amazon EC2 instance in a private subnet. A large number of queries involve multiple table joins, and the application performance has been degrading due to an increase in complex queries. The application team will be performing updates to improve performance.
What should a solutions architect recommend to the application team? (Select TWO) Cache query data in Amazon SQS. Create a read replica to offload queries. Migrate the database to Amazon Athena. Implement Amazon DynamoDB Accelerator to cache data. Migrate the database to Amazon RDS.
A company stores its data objects in Amazon S3 Standard storage. A solutions architect has found that 75% of the data is rarely accessed after 30 days. The company needs all the data to remain immediately accessible with the same high availability and resiliency, but the company wants to minimize storage costs.
Which storage solution will meet these requirements? Move the data objects to S3 Glacier Deep Archive after 30 days. Move the data objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days. Move the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days. Move the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) immediately.
A company needs to keep user transaction data in an Amazon DynamoDB table.
The company must retain the data for 7 years.
What is the MOST operationally efficient solution that meets these requirements? Use DynamoDB point-in-time recovery to back up the table continuously. Use AWS Backup to create backup schedules and retention policies for the table. Create an on-demand backup of the table by using the DynamoDB console. Store the backup in an Amazon S3 bucket. Set an S3 Lifecycle configuration for the S3 bucket. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function. Configure the Lambda function to back up the table and to store the backup in an Amazon S3 bucket. Set an S3 Lifecycle configuration for the S3 bucket.
A company uses Amazon S3 as its data lake. The company has a new partner that must use SFTP to upload data files. A solutions architect needs to implement a highly available SFTP solution that minimizes operational overhead.
Which solution will meet these requirements? Use AWS Transfer Family to configure an SFTP-enabled server with a publicly accessible endpoint Choose the S3 data lake as the destination. Use Amazon S3 File Gateway as an SFTP server Expose the S3 File Gateway endpoint URL to the new partner Share the S3 File Gateway endpoint with the new partner. Launch an Amazon EC2 instance in a private subnet in a VPC Instruct the new partner to upload files to the EC2 instance by using a VPN. Run a cron job script on the EC2 instance to upload files to the S3 data lake. Launch Amazon EC2 instances in a private subnet in a VPC. Place a Network Load Balancer (NLB) in front of the EC2 instances. Create an SFTP listener port for the NLB Share the NLB hostname with the new partner. Run a cron job script on the EC2 instances to upload files to the S3 data lake.
A company is deploying a web portal. The company wants to ensure that only the web portion of the application is publicly accessible. To accomplish this, the VPC was designed with two public subnets and two private subnets. The application will run on several Amazon EC2 instances in an Auto Scaling group. SSL termination must be offloaded from the EC2 instances.
What should a solutions architect do to ensure these requirements are met? Configure the Network Load Balancer in the public subnets. Configure the Auto Scaling group in the private subnets and associate it with the Application Load Balancer. Configure the Network Load Balancer in the public subnets. Configure the Auto Scaling group in the public subnets and associate it with the Application Load Balancer. Configure the Application Load Balancer in the public subnets. Configure the Auto Scaling group in the private subnets and associate it with the Application Load Balancer. Configure the Application Load Balancer in the private subnets. Configure the Auto Scaling group in the private subnets and associate it with the Application Load Balancer.
A solutions architect is using Amazon S3 to design the storage architecture of a new digital media application. The media files must be resilient to the loss of an Availability Zone. Some files are accessed frequently while other files are rarely accessed in an unpredictable pattern. The solutions architect must minimize the costs of storing and retrieving the media files.
Which storage option meets these requirements? S3 Standard S3 Intelligent-Tiering S3 Standard-Infrequent Access (S3 Standard-IA) S3 One Zone-Infrequent Access (S3 One Zone-IA).
A company's web application consists of an Amazon API Gateway API in front of an AWS Lambda function and an Amazon DynamoDB database. The Lambda function handles the business logic, and the DynamoDB table hosts the data. The application uses Amazon Cognito user pools to identify the individual users of the application.
A solutions architect needs to update the application so that only users who have a subscription can access premium content. How to accomplish this? Enable API caching and throttling on the API Gateway API. Set up AWS WAF on the API Gateway API Create a rule to filter users who have a subscription. Apply fine-grained 1AM permissions to the premium content in the DynamoDB table. Implement API usage plans and API keys to limit the access of users who do not have a subscription.
A company wants to experiment with individual AWS accounts tor its engineer team. The company wants to be notified as soon as the Amazon EC2 instance usage for a given month exceeds a specific threshold for each account.
What should a solutions architect do to meet this requirement MOST cost-effectively? Use Cost Explorer to create a daily report of costs by service. Filter the report by EC2 instances. Configure Cost Explorer to send an Amazon Simple Email Service (Amazon SES) notification when a threshold is exceeded. Use Cost Explorer to create a monthly report of costs by service. Filter the report by EC2 instances. Configure Cost Explorer to send an Amazon Simple Email Service (Amazon SES) notification when a threshold is exceeded. Use AWS Budgets to create a cost budget for each account. Set the period to monthly Set the scope to EC2 instances. Set an alert threshold for the budget. Configure an Amazon Simple Notification Service (Amazon SNS) topic to receive a notification when a threshold is exceeded. Use AWS Cost and Usage Reports to create a report with hourly granularity. Integrate the report data with Amazon Athena. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule an Athena query. Configure an Amazon Simple Notifiication Service (Amazon SNS) topic lo receive a notification when a threshold is exceeded.
A company is hosting a website from an Amazon S3 bucket that is configured for public hosting. The company’s security team mandates the usage of secure connections for access to the website. However; HTTP-based URLS and HTTPS-based URLS must be functional.
What should a solution architect recommend to meet these requirements? Create an S3 bucket policy to explicitly deny non-HTTPS traffic. Enable S3 Transfer Acceleration. Select the HTTPS Only bucket property. Place the website behind an Elastic Load Balancer that is configured to redirect HTTP traffic to HTTPS. Serve the website through an Amazon CloudFront distribution that is configured to redirect HTTP traffic to HTTPS.
A company hosts a serverless application on AWS. The application uses Amazon API Gateway. AWS Lambda, and an Amazon RDS for PostgreSQL database. The company notices an increase in application errors that result from database connection timeouts during times of peak traffic or unpredictable traffic. The company needs a solution that reduces the application failures with the least amount of change to the code.
What should a solutions architect do to meet these requirements? Reduce the Lambda concurrency rate. Enable RDS Proxy on the RDS DB instance. Resize the RDS DB instance class to accept more connections. Migrate the database to Amazon DynamoDB with on-demand scaling.
A company is developing an Internal application that uses a PostgreSQL database. The company has decided to host the database on Amazon Aurora The application does not need to be highly available but data must be stored in multiple Availability Zones to maximize durability.
Which database configuration meets these requirements MOST cost-effectively? An Aurora PostgreSQL DB cluster with a single DB Instance. An Aurora PostgreSQL DB cluster with a primary DB instance and a read replica. An Aurora PostgreSQL DB cluster with Multi-AZ deployment enabled. An Aurora PostgreSQL global database cluster.
A company stores confidential data in an Amazon Aurora PostgreSQL database in the ap-southeast-3 Region. The database is encrypted with an AWS Key Management Service (AWS KMS) customer managed key. The company was recently acquired and must securely share a backup of the database with the acquiring company's AWS account in ap-southeast-3.
What should a solutions architect do to meet these requirements? Create a database snapshot. Copy the snapshot to a new unencrypted snapshot. Share the new snapshot with the acquiring company's AWS account. Create a database snapshot. Add the acquiring company's AWS account to the KMS key policy. Share the snapshot with the acquiring company's AWS account. Create a database snapshot that uses a different AWS managed KMS key. Add the acquiring company's AWS account to the KMS key alias. Share the snapshot with the acquiring company's AWS account. Create a database snapshot. Download the database snapshot. Upload the database snapshot to an Amazon S3 bucket. Update the S3 bucket policy to allow access from the acquiring company's AWS account.
A company is running a high performance computing (HPC) workload on AWS across many Linux based Amazon EC2 instances. The company needs a shared storage system that is capable of sub-millisecond latencies, hundreds of Gbps of throughput and millions of IOPS. Users will store millions of small files.
Which solution meets these requirements? Create an Amazon Elastic File System (Amazon EFS) file system Mount me file system on each of the EC2 instances. Create an Amazon S3 bucket Mount the S3 bucket on each of the EC2 instances. Ensure that the EC2 instances ate Amazon Elastic Block Store (Amazon EBS) optimized Mount Provisioned lOPS SSD (io2) EBS volumes with Multi-Attach on each instance. Create an Amazon FSx for Lustre file system. Mount the file system on each of the EC2 instances.
A company's security team requests that network traffic be captured in VPC Flow Logs. The logs will be frequently accessed for 90 days and then accessed intermittently.
What should a solutions architect do to meet these requirements when configuring the logs? Use Amazon CloudWatch as the target. Set the CloudWatch log group with an expiration of 90 days. Use Amazon Kinesis as the target. Configure the Kinesis stream to always retain the logs for 90 days. Use AWS CloudTrail as the target. Configure CloudTrail to save to an Amazon S3 bucket, and enable S3 Intelligent-Tiering. Use Amazon S3 as the target. Enable an S3 Lifecycle policy to transition the logs to S3 Standard- Infrequent Access (S3 Standard-IA) after 90 days.
A company is building an application that consists of several microservices. The company has decided to use container technologies to deploy its software on AWS. The company needs a solution that minimizes the amount of ongoing effort for maintenance and scaling. The company cannot manage additional infrastructure.
Which combination of actions should a solutions architect take to meet these requirements? (Choose TWO) Deploy an Amazon Elastic Container Service (Amazon ECS) cluster. Deploy the Kubernetes control plane on Amazon EC2 instances that span multiple Availability Zones. Deploy an Amazon Elastic Container Service (Amazon ECS) service with an Amazon EC2 launch type. Specify a desired task number level of greater than or equal to 2. Deploy an Amazon Elastic Container Service (Amazon ECS) service with a Fargate launch type. Specify a desired task number level of greater than or equal to 2. Deploy Kubernetes worker nodes on Amazon EC2 instances that span multiple Availability Zones. Create a deployment that specifies two or more replicas for each microservice.
A company recently launched a new service that involves medical images. The company scans the images and sends them from its on-premises data center through an AWS Direct Connect connection to Amazon EC2 instances. After processing is complete, the images are stored in an Amazon S3 bucket.
A company requirement states that the EC2 instances cannot be accessible through the internet. The EC2 instances run in a private subnet, which has a default route back to the on-premises data center for outbound internet access.
Usage of the new service is increasing rapidly. A solutions architect must recommend a solution that meets the company's requirements and reduces the Direct Connect charges.
Which solution accomplishes these goals MOST cost-effectively? Configure a VPC endpoint for Amazon S3. Add an entry to the private subnet's route table for the S3 endpoint. Configure a NAT gateway in a public subnet. Configure the private subnet's route table to use the NAT gateway. Configure Amazon S3 as a file system mount point on the EC2 instances. Access Amazon S3 through the mount. Move the EC2 instances into a public subnet. Configure the public subnet route table to point to an internet gateway.
A company is building an online multiplayer game. The game communicates by using UDP, and low latency between the client and the backend is important. The backend is hosted on Amazon EC2 instances that can be deployed to multiple AWS Regions to meet demand. The company needs the game to be highly available so that users around the world can access the game at all times.
What should a solutions architect do to meet these requirements? Deploy Amazon CloudFront to support the global traffic. Configure CloudFront with an origin group to allow access to EC2 instances in multiple Regions. Deploy an Application Load Balancer in one Region to distribute traffic to EC2 instances in each Region that hosts the game's backend instances. Deploy Amazon CloudFront to support an origin access identity (OAI). Associate the OAI with EC2 instances in each Region to support global traffic. Deploy a Network Load Balancer in each Region to distribute the traffic. Use AWS Global Accelerator to route traffic to the correct Regional endpoint.
|
