Special Black Friday Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Amazon Web Services SAA-C02 AWS Certified Solutions Architect - Associate (SAA-C02) Exam Practice Test

Page: 1 / 49
Total 494 questions

AWS Certified Solutions Architect - Associate (SAA-C02) Questions and Answers

Question 1

A company has developed a microservices application. It uses a client-facing API with Amazon API Gateway and multiple internal services hosted on Amazon EC2 instances to process user requests The API is designed to support unpredictable surges in traffic, but internal services may become overwhelmed and unresponsive for a period of time during surges A solutions architect needs to design a more reliable solution that reduces errors when internal services become unresponsive or unavailable

Which solution meets these requirements?

Options:

A.

Use AWS Auto Scaling to scale up internal services when there is a surge in traffic

B.

Use different Availability Zones to host internal services. Send a notification to a system administrator when an internal service becomes unresponsive.

C.

Use an Elastic Load Balancer to distribute the traffic between internal services Configure Amazon CloudWatch metrics to monitor traffic to internal services.

D.

Use Amazon Simple Queue Service (Amazon SQS) to store user requests as they arrive. Change the internal services to retrieve the requests from the queue for processing.

Question 2

A company has been running a web application with an Oracle relational database in an on-premises data center for the past 15 years. The company must migrate the database to AWS. The company needs to reduce operational overhead without having to modify the application's code.

Which solution meets these requirements?

Options:

A.

Use AWS Database Migration Service (AWS DMS) to migrate the database servers to Amazon RDS.

B.

servers.

C.

Use AWS Database Migration Service (AWS DMS) to migrate the database servers to Amazon DynamoDB.

D.

Use an AWS Snowball Edge Storage Optimized device to migrate the data from Oracle to Amazon Aurora.

Question 3

A company is hosting an application in its own data center The application uses Amazon S3 for data storage The application transfers several hundred terabytes of data every month to and from Amazon S3 The company needs to minimize the cost of this data transfer

Which solution meets this requirement?

Options:

A.

Establish an AWS Direct Connect connection between the AWS Region in use and the company's data center Route traffic to Amazon S3 over the Direct Connect connection

B.

Establish an AWS Site-to-Site VPN connection between the company's data center and a VPC in the AWS Region in use. Create a VPC endpoint for Amazon S3 in the VPC. Route traffic to Amazon S3 over the VPN connection to the S3 endpoint.

C.

Create an AWS Storage Gateway file gateway Deploy the software appliance in the company's data center Configure the application to use the file gateway to store and retrieve files

D.

Create an FTPS server by using AWS Transfer Family. Configure the application to use the FTPS server to store and retrieve files

Question 4

A company is running an application on Amazon EC2 instances. Traffic to the workload increases substantially during business hours and decreases afterward. The CPU utilization of an EC2 instance is a strong indicator of end-user demand on the application. The company has configured an Auto Scaling group to have a minimum group size of 2 EC2 instances and a maximum group size of 10 EC2 instances.

The company is concerned that the current scaling policy that is associated with the Auto Scaling group might not be correct. The company must avoid over-provisioning EC2 instances and incurring unnecessary costs.

What should a solutions architect recommend to meet these requirements?

Options:

A.

Configure Amazon EC2 Auto Scaling to use a scheduled scaling plan and launch an additional 8 EC2 instances during business hours.

B.

Configure AWS Auto Scaling to use a scaling plan that enables predictive scaling. Configure predictive scaling with a scaling mode of forecast and scale, and to enforce the maximum capacity setting during scaling.

C.

Configure a step scaling policy to add 4 EC2 instances at 50% CPU utilization and add another 4 EC2 instances at 90% CPU utilization. Configure scale-in policies to perform the reverse and remove EC2 instances based on the two values.

D.

Configure AWS Auto Scaling to have a desired capacity of 5 EC2 instances, and disable any existing scaling policies. Monitor the CPU utilization metric for 1 week. Then create dynamic scaling policies that are based on the observed values.

Question 5

A company is designing a new application that runs in a VPC on Amazon EC2 instances. The application stores data in Amazon S3 and uses Amazon DynamoDB as its database For compliance reasons, the company prohibits all traffic between the EC2 instances and other AWS services from passing over the public internet

What can a solutions architect do to meet this requirement?

Options:

A.

Configure gateway VPC endpoints to Amazon S3 and DynamoDB

B.

Configure interface VPC endpoints to Amazon S3 and DynamoDB

C.

Configure a gateway VPC endpoint to Amazon S3. Configure an interface VPC endpoint to DynamoDB.

D.

Configure a gateway VPC endpoint to DynamoDB Configure an interface VPC endpoint to Amazon S3

Question 6

A company runs a web application that is backed by Amazon RDS. A new database administrator caused data loss by accidentally editing information in a database table To help recover from this type of incident, the company wants the ability to restore the database to its state from 5 minutes before any change within the last 30 days.

Which feature should the solutions architect include in the design to meet this requirement?

Options:

A.

Read replicas

B.

Manual snapshots

C.

Automated backups

D.

Multi-AZ deployments

Question 7

A company is concerned about the security of its public web application due to recent web attacks. The application uses an Application Load Balancer (ALB). A solutions architect must reduce the risk of DDoS attacks against the application

What should the solutions architect do to meet this requirement?

Options:

A.

Add an Amazon Inspector agent to the ALB

B.

Configure Amazon Made to prevent attacks.

C.

Enable AWS Shield Advanced to prevent attacks.

D.

Configure Amazon GuardDuty to monitor the ALB

Question 8

A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the tiles can be accessed only by authorized users. The files must be downloaded securely to the employees' devices.

The tiles are stored in an on-premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.

Which solution will meet these requirements?

Options:

A.

Migrate the file server to an Amazon EC2 instance in a public subnet. Configure the security group to limit inbound traffic to the employees' IP addresses.

B.

Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the Amazon FSx file system with the on-premises Active Directory. Configure AWS Client VPN.

C.

Migrate the tiles to Amazon S3, and create a private VPC endpoint. Create a signed URL to allow download.

D.

Migrate the tiles to Amazon S3, and create a public VPC endpoint. Allow employees to sign on with AWS Single Sign-On.

Question 9

A development team needs to host a website that will be accessed by other teams. The website contents consist of HTML. CSS, client-side JavaScript, and images Which method is the MOST cost-effective for hosting the website?

Options:

A.

Containerize the website and host it in AWS Fargate.

B.

Create an Amazon S3 bucket and host the website there

C.

Deploy a web server on an Amazon EC2 instance to host the website.

D.

Configure an Application Loa d Balancer with an AWS Lambda target that uses the Express js framework.

Question 10

An application runs on Amazon EC2 instances across multiple Availability Zones The instances run in an Amazon EC2 Auto Scaling group behind an Application Load Balancer The application performs best when the CPU utilization of the EC2 instances is at or near 40%.

What should a solutions architect do to maintain the desired performance across all instances in the group?

Options:

A.

Use a simple scaling policy to dynamically scale the Auto Scaling group

B.

Use a target tracking policy to dynamically scale the Auto Scaling group

C.

Use an AWS Lambda function to update the desired Auto Scaling group capacity.

D.

Use scheduled scaling actions to scale up and scale down the Auto Scaling group

Question 11

A company is automating an order management application. The company's development team has decided to use SFTP to transfer and store the business-critical information files The files must be encrypted and must be highly available. The files also must be automatically deleted a month after they are created.

Which solution meets these requirements with the LEAST operational overhead?

Options:

A.

Configure an Amazon S3 bucket with encryption enabled. Use AWS transfer for SFTP to securely transfer the files to the S3 bucket Apply an AWS Transfer for SFTP file retention policy to delete the files after a month

B.

Install an SFTP service on an Amazon EC2 instance Mount an Amazon Elastic File System (Amazon EFS) file share on the EC2 instance. Enable cron to delete the files after a month

C.

Configure an Amazon Elastic File System (Amazon EFS) file system with encryption enabled. Use AWS Transfer for SFTP to securely transfer the files to the EFS file system. Apply an EFS lifecycle policy to automatically delete the files after a month.

D.

Configure an Amazon S3 bucket with encryption enabled. Use AWS Transfer for SFTP to securely transfer the files to the S3 bucket. Apply S3 Lifecycle rules to automatically delete the files after a month.

Question 12

A company wants to run an in-memory database for a latency-sensitive application that runs on Amazon EC2 instances. The application processes more than 100,000 transactions each minute and requires high network throughput. A solutions architect needs to provide a cost-effective network design that minimizes data transfer charges.

Which solution meets these requirements?

Options:

A.

Launch all EC2 instances in the same Availability Zone within the same AWS Region. Specify a placement group with cluster strategy when launching EC2 instances.

B.

Launch all EC2 instances in different Availability Zones within the same AWS Region. Specify a placement group with partition strategy when launching EC2 instances.

C.

Deploy an Auto Scaling group to launch EC2 instances in different Availability Zones based on a network utilization target.

D.

Deploy an Auto Scaling group with a step scaling policy to launch EC2 instances in different Availability Zones.

Question 13

A solutions architect needs to design a resilient solution for Windows users' home directories. The solution must provide fault tolerance, file-level backup and recovery, and access control, based upon the company's Active Directory.

Which storage solution meets these requirements?

Options:

A.

Configure Amazon S3 to store the users' home directories. Join Amazon S3 to Active Directory

B.

Configure a Multi-AZ file system with Amazon FSx for Windows File Server Join Amazon FSx to Active Directory

C.

Configure Amazon Elastic File System (Amazon EFS) for the users home directories. Configure AWS Single Sign-On with Active Directory.

D.

Configure Amazon Elastic Block Store (Amazon EBS) to store the users home directories Configure AWS Single Sign-On with Active Directory

Question 14

A bicycle sharing company is developing a multi-tier architecture to track the location of its bicycles during peak operating hours The company wants to use these data points in its existing analytics platform A solutions architect must determine the most viable multi-tier option to support this architecture The data points must be accessible from the REST API.

Which action meets these requirements for storing and retrieving location data?

Options:

A.

Use Amazon Athena with Amazon S3

B.

Use Amazon API Gateway with AWS Lambda

C.

Use Amazon QuickSight with Amazon Redshift.

D.

Use Amazon API Gateway with Amazon Kinesis Data Analytics

Question 15

A company must migrate 20 TB of data from a data centre to the AWS Cloud within 30 days. The company's network bandwidth is limited to 15 Mbps and cannot exceed 70% utilization.

What should a solutions architect do to meet these requirements?

Options:

A.

Use AWS Snowball.

B.

Use AWS DataSync

C.

Use a secure VPN connection.

D.

Use Amazon S3 Transfer Acceleration

Question 16

A company recently started using Amazon Aurora as the data store for its global ecommerce application When large reports are run developers report that the ecommerce application is performing poorly After reviewing metrics in Amazon CloudWatch, a solutions architect finds that the ReadlOPS and CPUUtilization metrics are spiking when monthly reports run.

What is the MOST cost-effective solution?

Options:

A.

Migrate the monthly reporting to Amazon Redshift.

B.

Migrate the monthly reporting to an Aurora Replica

C.

Migrate the Aurora database to a larger instance class

D.

Increase the Provisioned IOPS on the Aurora instance

Question 17

A company has an application that calls AWS Lambda functions. A recent code review found database credentials stored in the source code. The database credentials needs to be removed from the Lambda source code. The credentials must then be securely stored and rotated on a on-going basis to meet security policy requirements.

What should a solutions architect recommend meet these requirements?

Options:

A.

Store the password in AWS CloudHSM. Associate the Lambda function with a role that can review the password from CloudHSM given key ID.

B.

Store the password in AWS Secrets Manager . A associate the Lambda function with a role that can retrieve the password from secrets Manager given its secret ID.

C.

Move the database password to an environment variable associate the Lambda function Retrieve the password from the environment variable upon execution.

D.

Store the password in AWS Key Management Service (AWS KMS). Associate the Lambda function with a role that can retrieve the password from AWS KMS given its key ID.

Question 18

A company processes large amounts of data. The output data is stored in Amazon S3 Standard storage in an S3 bucket, where it is analyzed for 1 month. The data must remain immediately accessible after the 1-month analysis period.

Which storage solution meets these requirements MOST cost-effectively?

Options:

A.

Configure an S3 Lifecycle policy to transition the objects to S3 Glacier after 30 days.

B.

Configure S3 Intelligent-Tiering to transition the objects to S3 Glacier after 30 days.

C.

Configure an S3 Lifecycle policy to transition the objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.

D.

Configure an S3 Lifecycle policy to delete the objects after 30 days. Enable versioning on the S3 bucket so that deleted objects can still be immediately restored as needed.

Question 19

A company has a customer relationship management (CRM) application that stores data in an Amazon RDS DB instance that runs Microsoft SQL Server. The company's IT staff has administrative access to the database. The database contains sensitive data. The company wants to ensure that the data is not accessible to the IT staff and that only authorized personnel can view the data.

What should a solutions architect do to secure the data?

Options:

A.

Use client-side encryption with an Amazon RDS managed key.

B.

Use client-side encryption with an AWS Key Management Service (AWS KMS) customer managed key.

C.

Use Amazon RDS encryption with an AWS Key Management Service (AWS KMS) default encryption key.

D.

Use Amazon RDS encryption with an AWS Key Management Service (AWS KMS) customer managed key.

Question 20

A company has a Microsoft NET application that runs on an on-premises Windows Server. The application stores data by using an Oracle Database Standard Edition server. The company is planning a migration to AWS and wants to minimize development changes while moving the application. The AWS application environment should be highly available.

Which combination of actions should the company take to meet these requirements? (Select TWO.)

Options:

A.

Refactor the application as serverless with AWS Lambda functions running NET Core.

B.

Rehost the application in AWS Elastic Beanstalk with the .NET platform in a Multi-AZ deployment.

C.

Replatform the application to run on Amazon EC2 with the Amazon Linus Amazon Machine Image (AMI).

D.

Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Amazon DynamoDB in a Multi-AZ deployment.

E.

Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Oracle on Amazon RDS in a Multi-AZ deployment.

Question 21

A company hosts an online shopping application that stores all orders in an Amazon RDS for PostgreSQL Single-AZ DB instance Management wants to eliminate single points of failure and has asked a solutions architect to recommend an approach to minimize database downtime without requiring any changes to the application code

Which solution meets these requirements?

Options:

A.

Convert the existing database instance to a Multi-AZ deployment by modifying the database instance and specifying the Multi-AZ option

B.

Create a new RDS Multi-AZ deployment Take a snapshot of the current RDS instance and restore the new Multi-AZ deployment with the snapshot

C.

Create a read-only replica of the PostgreSQL database m another Availability Zone Use Amazon Route 53 weighted record sets to distribute requests across the databases

D.

Place the RDS for PostgreSQL database in an Amazon EC2 Auto Scaling group with a minimum group size of two Use Amazon Route 53 weighted record sets to distribute requests across instances

Question 22

A company is deploying an application that processes streaming data in near-teal time. The company plans to use Amazon EC2 instances for the workload The network architecture must be configurable to provide the lowest possible latency between nodes.

Which networking solution meets these requirements?

Options:

A.

Place the EC2 instances in multiple VPCs and configure VPC peering

B.

Attach an Elastic Fabric Adapter (EFA) to each EC2 instance

C.

Run the EC2 instances m a spread placement group

D.

Use Amazon Elastic Block Store (Amazon EBS) optimized instance types

Question 23

A company recently launched its website to servo content to its global user base. The company wants to store and accelerate the delivery of static content to its users by leveraging Amazon CloudFront with an Amazon EC2 instance attached as its origin

How should a solutions architect optimize high availability tor the application?

Options:

A.

Use lambda@Edge for CloudFront

B.

Use Amazon S3 Transfer Acceleration for CloudFront

C.

Configure another EC2 instance m a different Availability Zone as part of the origin group

D.

Configure another EC2 instance as part of the origin server cluster in the same Availability Zone

Question 24

A solutions architect is designing the storage architecture tor a new web application used for storing and viewing engineering drawings All application components will be deployed on the AWS infrastructure.

The application design must support caching to minimize the amount of time that users wait for the engineering drawings to load The application must be able to store petabytes of data.

Which combination of storage and caching should the solutions architect use?

Options:

A.

Amazon S3 with Amazon CloudFront

B.

Amazon S3 Glacier with Amazon ElastiCache

C.

Amazon Elastic Block Store (Amazon BBS) volumes with Amazon CloudFront

D.

AWS Storage Gateway with Amazon ElastiCache

Question 25

A company has deployed a business-critical application in the AWS Good The application uses Amazon EC2 instances that run in the us-east-1 Region The application uses Amazon S3 for storage of all critical data

To meet compliance requirements the company must create a disaster recovery (DR) plan that provides the capability of a full failover to another AWS Region

What should a solutions architect recommend for this DR plan?

Options:

A.

Deploy the application to multiple Availability Zones in us-east-1 Create a resource group in AWS Resource Groups Turn on automatic failover for the application to use a predefined recovery Region

B.

Perform a virtual machine (VM) export by using AWS Import/Export on the existing EC2 instances Copy the exported instances to the destination Region in the event of a disaster provision new EC2 instances from the exported EC2 instances

C.

Create snapshots of all Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the EC2 instances in us-east-t Copy the snapshots to the destination Region In the event of a disaster provision new EC2 instances from the EBS snapshots

D.

Use S3 Cross-Region Replication for the data that is stored in Amazon S3 Create an AWS CloudFormation template for the application with an S3 bucket parameter In the event of a disaster deploy the template to the destination Region and specify the local S3 bucket as the parameter

Question 26

A company recently announced the deployment of its retail website to a global audience. The website runs on multiple Amazon EC2 instances behind an Elastic Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones.

The company wants to provide its customers with different versions of content based on the devices that the customers use to access the website.

Which combination of actions should a solutions architect take to meet these requirements7 (Select TWO.)

Options:

A.

Configure Amazon CloudFront to cache multiple versions of the content.

B.

Configure a host header in a Network Load Balancer to forward traffic to different instances.

C.

Configure a Lambda@Edge function to send specific objects to users based on the User-Agent header.

D.

Configure AWS Global Accelerator. Forward requests to a Network Load Balancer (NLB). Configure the NLB to set up host-based routing to different EC2 instances.

E.

Configure AWS Global Accelerator. Forward requests to a Network Load Balancer (NLB). Configure the NLB to set up path-based routing to different EC2 instances.

Question 27

A solutions architect needs to design a nighty available application consisting of web. application and database tiers HTTPS content delivery should be as close to the edge as possible with the least delivery time

Which solution meets these requirements and is MOST secure?

Options:

A.

Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in public subnets Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin

B.

Configure a public Application Load Balancer with multiple redundant Amazon EC2 instances in private subnets Configure Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin

C.

Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in private subnets Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin

D.

Configure a public Application Load Balancer with multiple redundant Amazon EC2 instances in public subnets Configure Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin

Question 28

A solutions architect is designing a high performance computing (HPC) workload on Amazon EC2 The EC2 instances need to communicate to each other frequently and require network performance with low latency and high throughput

Which EC2 configuration meets these requirements?

Options:

A.

Launch the EC2 instances in a cluster placement group in one Availability Zone

B.

Launch the EC2 instances in a spread placement group in one Availability Zone

C.

Launch the EC2 instances in an Auto Scaling group m two Regions and peer the VPCs

D.

Launch the EC2 instances in an Auto Scaling group spanning multiple Availability Zones

Question 29

A recent analysis of a company's IT expenses highlights the need to reduce backup costs The company s chief information officer wants to simplify the on-premises backup infrastructure and reduce costs by eliminating the use ol physical backup tapes The company must preserve the existing investment in the on-premises backup applications and workflows

What should a solutions architect recommend''

Options:

A.

Set up AWS Storage Gateway to conned with the backup applications using the NFS interface

B.

Set up an Amazon EFS file system that connects wtth the backup applications using the NFS interface

C.

Set up an Amazon EFS file system that connects with the backup applications using the iSCSl interface

D.

Set up AWS Storage Gateway to connect with the backup applications using the iSCSi-virtual tape library (VTL) interface

Question 30

A company needs the ability to analyze the log files of its proprietary application The logs are stored in JSON format in an Amazon S3 bucket Queries will be simple and will run on-demand A solutions architect needs to perform the analysis with minimal changes to the existing architecture

What should the solutions architect do to meet these requirements with the LEAST amount of operational overhead?

Options:

A.

Use Amazon Redshift to load all the content into one place and run the SQL queries as needed

B.

Use Amazon CloudWatch Logs to store the logs Run SQL queries as needed from the Amazon CloudWatch console

C.

Use Amazon Athena directly with Amazon S3 to run the queries as needed

D.

Use AWS Glue to catalog the logs Use a transient Apache Spark cluster on Amazon EMR to run the SQL queries as needed

Question 31

A company hosts its static website content from an Amazon S3 bucket in the us-east-1 Region Content is made available through an Amazon CloudFront origin pointing to that bucket Cross-Region replication is set up to create a second copy of the bucket in the ap-southeast-1 Region Management wants a solution that provides greater availability for the website

Which combination of actions should a solutions architect take to increase availability'? (Select TWO.

Options:

A.

Add both buckets to the CloudFront origin

B.

Configure failover routing in Amazon Route 53

C.

Create a record in Amazon Route 53 pointing to the replica bucket

D.

Create an additional CloudFront origin pointing to the ap-southeast-1 bucket

E.

Set up a CloudFront origin group with the us-east-1 bucket as the primary and the ap-southeast-1 bucket as the secondary

Question 32

Organizers for a global event want to put daily reports online as static HTML pages. The pages are expected to generate millions of views from users around the work. The files are stored in an Amazon S3 Ducket A solutions architect has been asked to design an efficient and effective solution

Which action should the solutions architect take to accomplish this?

Options:

A.

Generate presigned URLs for the files

B.

Use cross-Region replication to all Regions

C.

Use the geoproximity feature of Amazon Route 53

D.

Use Amazon CloudFront with the S3 bucket as its origin

Question 33

A company serves content to its subscribers across the world using an application running on AWS The application has several Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB) Due to a recent change in copyright restrictions, the chief information officer (CiO) wants to block access for certain countries.

Which action will meet these requirements?

Options:

A.

Modify the ALB security group to deny incoming traffic from blocked countries

B.

Modify the security group for EC2 instances to deny incoming traffic from blocked countries

C.

Use Amazon CloudFront to serve the application and deny access to blocked countries

D.

Use ALB listener rules to return access dented responses to incoming traffic from blocked countries

Question 34

A developer has a script lo generate daily reports that users previously ran manually The script consistently completes in under 10 minutes The developer needs to automate this process in a cost-effective manner.

Which combination of services should the developer use? (Select TWO.)

Options:

A.

AWS Lambda

B.

AWS CloudTrail

C.

Cron on an Amazon EC2 instance

D.

Amazon EC2 On-Demand Instance with user data

E.

Amazon EventBridge {Amazon CloudWatch Events)

Question 35

A company provides machine learning solutions .The company's users need to download large data sets from the company's Amazon S3 bucket. These downloads often take a long lime, especially when the users are running many simulations on a subset of those datasets. Users download the datasets to Amazon EC2 instances in the same AWS Region as the S3 bucket. Multiple users typically use the same datasets at the same time.

Which solution will reduce the lime that is required to access the datasets?

Options:

Question 36

A company has data stored in an on-premises data center that is used by several on-premises applications The company wants to maintain its existing application environment and be able to use AWS services for data analytics and future visualizations

Which storage service should a solutions architect recommend?

Options:

A.

Amazon Redshift

B.

AWS Storage Gateway for files

C.

Amazon Elastic Block Store (Amazon EBS)

D.

Amazon Elastic File System (Amazon EFS)

Question 37

A company has recently updated its internal security standards The company must now ensure all Amazon S3 buckets and Amazon Elastic Block Store (Amazon EBS) volumes are encrypted with keys created and periodically rotated by internal security specialists The company is looking for a native, software-based AWS service to accomplish this goal

What should a solutions architect recommend as a solution?

Options:

A.

Use AWS Secrets Manager with customer master keys (CMKs) to store master key material and apply a routine to create a new CMK periodically and replace it m AWS Secrets Manager

B.

Use AWS Key Management Service (AWS KMS) with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in AWS KMS.

C.

Use an AWS CloudHSM cluster with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in the CloudHSM cluster nodes

D.

Use AWS Systems Manager Parameter Store with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in the Parameter Store

Question 38

A company is building a new furniture inventory application The company has deployed the application on a fleet of Amazon EC2 instances across multiple Availability Zones The EC2 instances run behind an Application Load Balancer (ALB) in their VPC

A solutions architect has observed that incoming traffic seems to favor one EC2 instance resulting in latency for some requests

What should the solutions architect do to resolve this issue?

Options:

A.

Disable session affinity (sticky sessions) on the ALB

B.

Replace the ALB with a Network Load Balancer

C.

increase the number of EC2 instances in each Availability Zone

D.

Adjust the frequency of the health checks on the ALB's target group

Question 39

A company is using a VPC peering strategy to connect its VPCs in a single Region to allow for cross-communication. A recent increase in account creations and VPCs has made it difficult to maintain the VPC peering strategy, and the company expects to grow to hundreds of VPCs. There are also new requests to create site-to-site VPNs some of the VPCs. A solution architect has been tasked with creating a centrally managed networking setup for multiple account, VPCs and VPNs.

Which networking solution these requirements?

Options:

A.

Configure shared VPCs and VPNs and share to each other.

B.

Configure a hub-and-spoke VPC and route all traffic through VPC peering.

C.

Configure an AWS Direct Connect connection between al VPCs and VPNs.

D.

Configure a transit gateway with Transit Gateway and connect all VPCs and VPNs.

Question 40

At part of budget planning. management wants a report of AWS billed dams listed by user. The data will be used to create department budgets. A solution architect needs to determine the most efficient way to obtain this report Information

Which solution meets these requirement?

Options:

A.

Run a query with Amazon Athena to generate the report.

B.

Create a report in Cost Explorer and download the report

C.

Access the bill details from me tuning dashboard and download Via bill.

D.

Modify a cost budget in AWS Budgets to alert with Amazon Simple Email Service (Amazon SES).

Question 41

A solutions architect is implementing a document review application using an Amazon S3 bucket for storage. The solution must prevent accidental deletion of the documents and ensure that all versions of the documents are available Users must be able to download, modify, and upload documents.

Which combination of actions should be taken to meet these requirements? (Select TWO.)

Options:

A.

Enable a read-only bucket ACL

B.

Enable versioning on the bucket.

C.

Attach an IAM policy to the bucket

D.

Enable MFA Delete on the bucket.

E.

Encrypt the bucket using AWS KMS.

Question 42

A company's web application is running on Amazon EC2 instances behind an application Load Balancer. The company changed its policy., which now requires the application to be accessed from one specific country only.

Which configuration will meet this requirement?

Options:

A.

Configure the security group for the EC2 Instances

B.

Configure the security group on the Application Load Balancer

C.

Configure AWS WAF on the Application Load Balancer in a VPC

D.

Configure the network ACL for the subnet that contains the EC2 instances

Question 43

A company provides an API to its users trial automates inquires for tax computations based on item prices. The company experiences a larger number of inquiries during the holiday season only that cause slower response times. A solutions architect needs to design a solution that is scalable and elastic.

What should the solution architect do lo accompli this?

Options:

A.

Provide an API hosted on an Amazon EC2 Instance. The EC2 instance performs the required computations when the API request is made.

B.

Design a REST API using Amazon API Gateway mat accepts the item names API Gateway passes item names to AWS Lambda for tax computations

C.

Create an Application Load Balancer mat has two Amazon EC2 instances behind it. The EC2 instances will compute the tax on the received Hem names.

D.

Design a REST API using Amazon API Gateway that connects with an API hosted on an Amazon EC2 instance. API Gateway accepts and passes the item names to the EC2 instance for tax

computations

Question 44

A company wants to migrate its accounting system from an on-premises data center to the AWS Cloud m a single AWS Region. Data security and an immutable audit log are the top priorities. The company must monitor all AWS activities for compliance auditing. The company that enabled AWS CloudTrail but wants to make sure it meets meat requirements

Which actions should a solutions architect take lo protect and secure CloudTrail? (Select TWO.)

Options:

A.

Enable CloudTrail log file validation.

B.

Enable the CloudTrail Proceeding Library.

C.

Enable logging of Insights events in CloudTrail.

D.

Enable custom logging from the on-premises resources

E.

Create an AWS Config rule to monitor whether CloudTrail is configured to use server-side encryption with AWS KMS managed encryption keys (SSE-KMS)

Question 45

A company wants to move a multi-tiered application from on premises to the AWS Cloud to improve the application’s performance. The application consists of application tiers that communicate with each other by way of

Which solution moots these and is the MOST operationally efficient?

Options:

A.

Use Amazon API Gateway and direct transactions to the AWS Lambda functions as the application layer Use Amazon Simple Queue Service (Amazon SOS) as the communication layer between application services.

B.

Use Amazon CloudWatch metrics to analyze the application performance history to determine the servers' peak utilization during the performance failures Increase the size or the application servers Amazon EC2 instance to meet the peak requirements

C.

Use Amazon Simple Notification Service (Amazon SNS) to handle the messaging between application servers running on Amazon EC2 m an Auto Scaling group Use Amazon CloudWatch to monitor the SNS queue length and scale up and down as required.

D.

Use Amazon Simple Queue Service (Amazon SOS) to handle the messaging between application servers running on Amazon EC2 In an Auto Seeing group Use Amazon CloudWatch to monitor the SOS queue length and scale up when communication failures are detected.

Question 46

A company is preparing to store confidential data in Amazon S3 For compliance reasons the data must be encrypted at rest Encryption key usage must be logged tor auditing purposes. Keys must be rotated every year.

Which solution meets these requirements and «the MOST operationally efferent?

Options:

A.

Server-side encryption with customer-provided keys (SSE-C)

B.

Server-side encryption with Amazon S3 managed keys (SSE-S3)

C.

Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with manual rotation

D.

Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with automate rotation

Question 47

A customer is running an application on Amazon EC2 instances hosted in a private subnet of a VPC. The EC2 instances are configured in an Auto Scaling group behind an Elastic Load Balancer (ELB). The EC2 instances use a NAT gateway outbound internet access However, the EC2 instances are not able to connect to the public internet to download software updates.

Options:

A.

The ELB is not configured with a proper health check.

B.

The route tables in the VPC are configured incorrectly.

C.

The EC2 instances are not associated with an Elastic IP address.

D.

The security group attached to the NAT gateway is configured incorrectly.

E.

The outbound rules on the security group attachment to the EC2 instances are configured incorrectly.

Question 48

A company has NFS servers in an on-premises data center that need to periodically back up small amounts of data to Amazon S3.

Which solution marts these requirement and is MOST cost-effective?

Options:

A.

Set up AWS Glue lo copy the data from the on-premises servers to Amazon S3.

B.

Set up an AWS DataSync agent on Vie on-premises servers, and sync the data lo Amazon S3

C.

Set up an SFTP sync using AWS Transfer for SFTP lo sync data from on premises lo Amazon S3

D.

Set up an AWS Direct Connect connection between the on-premises data center and a VPC, and copy the data to Amazon S3

Question 49

A company is running an application on AWS to process weather sensor data that is stored in an Amazon S3 bucket. Three batch jobs run hourly to process the data in the S3 bucket for different purposes. The company wants to reduce the overall processing time by running. The three applications in parallel using an event-based approach.

What should a solutions architect do to meet these requirements?

Options:

A.

Enable S3 Event Notifications for new objects to an Amazon Simple Queue Service (Amazon SOS) FIFO queue Subscribe al applications to the queue for processing.

B.

Enable S3 Event Notifications for new objects to an Amazon Simple Queue Service (Amazon SOS) standard queue Create an additional SOS queue for all applications, and subscribe all applications to the meal queue for processing.

C.

Enable S3 Event Notifications for new objects to separate Amazon Simple Queue Service (Amazon SOS) FIFO queues Create an additional SOS queue (or each application and subscribe each queue to the initial topic for processing

D.

Enable S3 Event Notifications tor new objects to an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon Simple Queue Service (Amazon SOS) queue for each application, and subscribe each queue to the topic for processing

Question 50

A database is on an Amazon RDS MySQL 5.6 Multi-AZ 06 instance that experiences highly dynamic reads. Application developers notice a significant slowdown when testing read performance from a secondary AWS Region. The developers want a solution that provider less than 1 second of read replication latency

What should the solutions architect recommend?

Options:

A.

Install MySQL on Amazon EC2 in the secondary Region

B.

Migrate the database to Amazon Aurora with cross-Region replicas.

C.

Create another RDS for MySQL read replica m the secondary Region

D.

Implement Amazon ElastiCache to improve database query performance

Question 51

A company stores can wordings on a monthly basis Users access lie recorded files randomly within 1year of recording, but users rarely access the files after 1year. The company wants to optimize its solution by allowing only files that ant newer than 1year old to be queried and retrieved as quickly as possible. A delay in retrieving older fees is acceptable

Which solution meets these requirements MOST cost-effectively?

Options:

A.

Store individual files in Amazon S3 Glacier Store search metadata in object tags that are created in S3 Glacier Query the S3 Glacier tags to retrieve the files from S3 Glacier.

B.

Store individual files in Amazon S3. Use S3 Lifecycle polices to move the ties to S3 Glacier after

1year. Query and retrieve the files that are in Amazon S3 by using Amazon Athena. Query and retrieve the files that are in S3 Glacier by using S3 Glacier Select.

C.

Store Individual files In Amazon S3 Store search metadata for each archive In Amazon S3 Use S3 Lifecycle policies to move the ties to S3 Glacier after 1 year Query and retrieve tie flies by searching for metadata from Amazon S3.

D.

Store individual files in Amazon S3 Use S3 Lifecycle policies to move the files to S3 Glacier after

1year. Store search metadata in Amazon RDS Query the Sea from Amazon RDS Retrieve the files from Amazon S3 or S3 Glacier

Question 52

A company is running several business applications in three separate VPCs within the us-east-1 Region. The applications must be able to communicate between VPCs. The applications also must be able to consistently send hundreds of gigabytes of data each day to a latency-sensitive application that runs in a single on-premises data center.

A solutions architect needs to design a network connectivity solution that maximizes cost-effectiveness.

Which solution meets these requirements?

Options:

A.

Configure three AWS Site-to-Site VPN connections from the data center to AWS. Establish connectivity by configuring one VPN connection for each VPC.

B.

Launch a third-party virtual network appliance in each VPC. Establish an IPsec VPN tunnel between the data center and each virtual appliance.

C.

Set up three AWS Direct Connect connections from the data center to a Direct Connect gateway In us-easl-1. Establish connectivity by configuring each VPC to use one of the Direct Connect connections.

D.

Set up one AWS Direct Connect connection from the data center lo AWS Create a transit gateway, and attach each VPC to the transit gateway. Establish connectivity between the Direct Connect connection and the transit gateway.

Question 53

An application hosted on AWS is experiencing performance problems, and the application vendor wants to perform an analysis of the log file to troubleshoot further. The log file is stored on Amazon S3 and is 10GB in size. The application owner will make the log file available to the vendor for a limited time.

Whit it the MOST secure way to do this?

Options:

A.

Enable public read on the S3 object and provide the link to the vendor

B.

Upload the lie to Amazon WorkDocs and share the public link with the vendor.

C.

Generate a presigned URL and have the vendor download the log Me before it expiree

D.

Create an LAM user for the vendor to provide access to the S3 bucket and tie application. Enforce multifactor authentication

Question 54

A company uses an application to present metrics from sporting events to the public. The application must scale quickly during live events and must store these metrics for log-term reporting purposes. The company’s architecture includes the following:

* Amazon EC2 instances that run in an Auto Scaling group in private subnets

* A network Load Balancer That runs in public subnets

* A MongoDB database cluster that runs across multiple EC2 instances

A solutions architect must implement a solution that minimizes operational overhead The solution alto must be able to Kale automatically. What should the solutions architect set up to meet these requirements?

Options:

A.

An Amazon DynamoDB database

B.

An Amazon ROS for MySQL D6 instance

C.

EC2 instances that run MySQL

D.

Amazon Redshift

Question 55

A company has primary and secondary data canters that are 500 miles (804.7 km) apart and Interconnected with high-speed fiber.optic cable. The company needs a highly available and secure network connection between its data centers and a VPC on AWS for a mission-critical workload A solutions architect must choose a connection solution that provides maximum resiliency. Which solution meets these requirements?

Options:

A.

Two AWS Direct Connect connections from the primary data center terminating at two Direct Connect locations on two separate devices

B.

A single AWS Direct Connect connection from each of the primary and secondary data centers terminating at one Direct Connect location on the same device

C.

Two AWS Direct Connect connections from each of the primary and secondary data centers terminating at two Direct Connect locations on two separate devices

D.

A single AWS Direct Connect connection from each of the primary and secondary data centers terminating at one Direct Conned location on two separate devices

Question 56

A company uses a combination of Amazon EC2 instances and AWS Fargate tasks to process daily transactions. The company faces unpredictable and sudden increases in transaction volume. The company needs a solution that will process the transactions immediately.

Which solution meets these requirement MOST cost-effectively?

Options:

A.

Purchase a Compute Savings Plan

B.

Purchase an EC2 Instance Savings Plan.

C.

Purchase Reserved Instances tor existing EC2 workloads.

D.

Use Spot Instances for existing EC2 workloads.

E.

Use Far gale Spot capacity for the tasks.

Question 57

A company needs to save the results from a medical trial to an Amazon S3 repository. The repository must allow a few scientists to add new dies and must restrict all other users to read-only access No users can have the ability to modify or delete any files in the repository. The company must heap every lie in the repository for a minimum of 1 year after its creation date.

Which solution will meet these requirements?

Options:

A.

Use S3 Object Lock In governance mode with a legal hold of 1 year

B.

Use S3 Object Lock in compliance mode with a retention period of 365 days.

C.

Use an IAM role to restrict all users from deleting or changing objects in the S3 bucket Use an S3 bucket policy to only allow the IAM role

D.

Configure the S3 bucket to invoke an AWS Lambda function every tune an object is added Configure the function to track the hash of the saved object to that modified objects can be marked accordingly

Question 58

Which AWS service can a company use to store and manage Docker images?

Options:

A.

Amazon DynamoDB

B.

Amazon Kinesis Data Streams

C.

Amazon Elastic Container Registry (Amazon ECR)

D.

Amazon Elastic File System (Amazon EFS)

Question 59

A company wants to migrate an on-premises data center to AWS. The data canter hosts an SFTP server that stores its data on an NFS-based file system. The server holds 200 GB of data that needs to be transferred. The server must be hosted on an Amazon EC2 instance that uses an Amazon Elastic File System (Amazon EFS) file system

When combination of steps should a solutions architect take to automate this task? (Select TWO )

Options:

A.

Launch the EC2 instance into the same Avalability Zone as the EFS fie system

B.

install an AWS DataSync agent m the on-premises data center

C.

Create a secondary Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instance tor the data

D.

Manually use an operating system copy command to push the data to the EC2 instance

E.

Use AWS DataSync to create a suitable location configuration for the onprermises SFTP server

Question 60

A company uses AWS to run all components of its three-tier web application. The company wants to automatically detect any potential security breaches within the environment The company wants to track any findings and notify administrators if a potential breach occurs

Which solution meets these requirements?

Options:

A.

Set up AWS WAF to evaluate suspicious web traffic Create AWS Lambda functions to log any findings in Amazon CloudWatch and send email notifications to administrators.

B.

Set up AWS Shield to evaluate suspicious web traffic Create AWS Lambda functions to log any findings in Amazon CloudWatch and send email notifications to administrators.

C.

Deploy Amazon Inspector to monitor the environment and generate findings in Amazon CloudWatch Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify administrators by email

D.

Deploy Amazon GuardDuty to monitor the environment and generate findings in Amazon CloudWatch Configure an

Amazon EventBridge (Amazon CloudWatch Events) rule to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify administrators by email

Question 61

A company runs an online ticketing application with backend services that run on Amazon EC2 instances. The EC2 instances belong to an Auto Scaling group and run behind an Application Load Balancer. The application experiences periods of high user traffic when a popular event is posted online. The company wants a solution that will be able to handle increases in user traffic without affecting the user experience.

What should a solutions architect do to meet these requirements?

Options:

A.

Configure a scheduled scaling policy for peak hours with a recurrence schedule set to every day.

B.

Configure a target tracking scaling policy that uses the average aggregate CPU utilization target metric.

C.

Configure a step scaling policy that is based on an Amazon CloudWatch alarm that monitors CPU utilization.

D.

Configure an Application Load Balancer health check that increases the Auto Scaling group capacity whenever the application returns HTTP 503 error codes.

Question 62

A company wants to move from many standalone AWS accounts to a consolidated, multi-account architecture. The company plans to create many new AWS accounts for different business units The company needs to authenticate access to these AWS accounts by using a centralized corporate directory service

Which combination of actions should a solutions architect recommend to meet these requirements? (Select TWO )

Options:

A.

Create a new organization in AWS Organizations with all features turned on Create the new AWS accounts in the organization

B.

Set up an Amazon Cognito identity pool Configure AWS Single Sign-On to accept Amazon Cognito authentication

C.

Configure a service control policy (SCP) to manage the AWS accounts Add AWS Single Sign-On to AWS Directory Service

D.

Create a new organization in AWS Organizations Configure the organization's authentication mechanism to use AWS Directory Service directly

E.

Set up AWS Single Sign-On (AWS SSO) in the organization Configure AWS SSO and integrate it with the company's corporate directory service

Question 63

A solutions architect creates a VPC that includes two public subnets and two private subnets A corporate security mandate requires the solutions architect to launch all Amazon EC2 instances in a private subnet However when the solutions architect launches an EC2 instance that runs a web server on ports 80 and 443 in a private subnet, no external internet traffic can connect to the server

What should the solutions architect do to resolve this issue?

Options:

A.

Attach the EC2 instance to an Auto Scaling group in a private subnet Ensure that the DNS record for the website resolves to the Auto Scaling group identifier

B.

Provision an internet-facing Application Load Balancer (ALB) in a public subnet Add the EC2 instance to the target group that is associated with the ALB Ensure that the DNS record for the website resolves to the ALB

C.

Launch a NAT gateway in a private subnet Update the route table for the private subnets to add a default route to the NAT gateway Attach a public Elastic IP address to the NAT gateway

D.

Ensure that the security group that is attached to the EC2 instance allows HTTP traffic on port 80 and HTTPS traffic on port 443 Ensure that the DNS record for the website resolves to the public IP address of the EC2 instance

Question 64

A company is running a web-based game in two Availability Zones in the us-west-2 Region The web servers use an Application Load Balancer (ALB) in public subnets The ALB has an SSL certificate from AWS Certificate Manager (ACM) with a custom domain name The game is written in JavaScript and runs entirely in a user's web browser.

The game is increasing in popularity in many countries around the world The company wants to update the application architecture and optimize costs without compromising performance.

What should a solutions architect do to meet these requirements?

Options:

A.

Use Amazon CloudFront and create a global distribution that points to the ALB. Reuse the existing certificate from ACM for the CloudFront distribution Use Amazon Route 53 to update the application alias to point to the distribution

B.

Use AWS CloudFormation to deploy the application stack to AWS Regions near countries where the game is popular Use ACM to create a new certificate for each application instance Use Amazon Route 53 with a geolocation routing policy to direct traffic to the local application instance.

C.

Use Amazon S3 and create an S3 bucket in AWS Regions near countries where the game is popular Deploy the HTML and JavaScript files to each S3 bucket Use ACM to create a new certificate for each S3 bucket Use Amazon Route 53 with a geolocation routing policy to direct traffic to the local S3 bucket

D.

Use Amazon S3 and create an S3 bucket in us-west-2 Deploy the HTML and JavaScript files to the S3 bucket Use

Amazon CloudFront and create a global distribution with the S3 bucket as the origin Use ACM to create a new certificate for the distribution Use Amazon Route 53 to update the application alias to point to the distribution

Question 65

A company is running a photo hosting service in the us-east-1 Region. The service enables users across multiple countries to upload and view photos. Some photos are heavily viewed tor months, and others are viewed for less than a week. The application allows uploads of up to 20 MB for each photo. The service uses the photo metadata to determine which photos to display to each user.

Which solution provides the appropriate user access MOST cost-effectively?

Options:

A.

Store the photos in Amazon DynamoDB. Turn on DynamoDB Accelerator (DAX) to cache frequently viewed items.

B.

Store the photos In the Amazon S3 Intelligent-Tiering storage class. Store the photo metadata and its S3 location in DynamoDB.

C.

Store the photos in the Amazon S3 Standard storage class. Set up an S3 Lifecycle policy to move photos older than 30 days to the S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Use the object tags to keep track of metadata.

D.

Store the photos in the Amazon S3 Glacier storage class. Set up an S3 Lifecycle policy to move photos older than 30 days to the S3 Glacier Deep Archive storage class. Store the photo metadata and its S3 location in Amazon Elasticsearch Service (Amazon ES).

Question 66

A company has a hybrid application hosted on multiple on-premises servers with static IP addresses There is already a VPN that provides connectivity between the VPC and the on-premises network. The company wants to distribute TCP traffic across the on-premises servers for internet users

What should a solutions architect recommend to provide a highly available and scalable solution?

Options:

A.

Launch an internet-facing Network Load Balancer (NLB) and register on-premises IP addresses with the NLB

B.

Launch an internet-facing Application Load Balancer (ALB) and register on-premises IP addresses with the ALB

C.

Launch an Amazon EC2 instance attach an Elastic IP address, and distribute traffic to the on-premises servers

D.

Launch an Amazon EC2 instance with public IP addresses in an Auto Scaling group and distribute traffic to the on-premises servers

Question 67

A company recently expanded globally and wants to make its application accessible to users in those geographic locations. The application is deployed on Amazon EC2 instances behind an Application Load Balancer in an Auto Scaling group. The company needs the ability to shift traffic from resources in one region to another.

What should a solutions architect recommend?

Options:

A.

Configure an Amazon Route 53 latency routing policy.

B.

Configure an Amazon Route 53 geolocation routing policy.

C.

Configure an Amazon Route 53 geoproximity routing policy.

D.

Configure an Amazon Route 53 multivalue answer routing policy.

Question 68

A company is building a website that relies on reading and writing to an Amazon DynamoDB database The website experiences high traffic during normal business hours, but the traffic declines drastically overnight and during weekends The company is concerned about operating costs

Which solution will meet the website's traffic demands MOST cost-effectively?

Options:

A.

Enable DynamoDB Accelerator (DAX) to cache the data

B.

Enable DynamoDB auto scaling when creating the tables.

C.

Enable Multi-AZ replication for the DynamoDB database

D.

Enable DynamoDB on-demand capacity allocation when creating the tables

Question 69

A company has a data ingestion workflow that includes the following components:

• An Amazon Simple Notation Service (Amazon SNS) topic that receives notifications about new data deliveries

• An AWS Lambda function that processes and stores the data

The ingestion workflow occasionally fails because of network connectivity issues. When tenure occurs the corresponding data is not ingested unless the company manually reruns the job. What should a solutions architect do to ensure that all notifications are eventually processed?

Options:

A.

Configure the Lambda function (or deployment across multiple Availability Zones

B.

Modify me Lambda functions configuration to increase the CPU and memory allocations tor the (unction

C.

Configure the SNS topic's retry strategy to increase both the number of retries and the wait time between retries

D.

Configure an Amazon Simple Queue Service (Amazon SQS) queue as the on failure destination Modify the Lambda function to process messages in the queue

Question 70

A company manages its own Amazon EC2 instances that run MySQL databases The company is manually managing replication and scaling as demand increases or decreases The company needs a new solution that simplifies the process of adding or removing compute capacity to or from its database tier as needed The solution also must offer improved performance, scaling, and durability with minimal effort from operations

Which solution meets these requirements'?

Options:

A.

Migrate the databases to Amazon Aurora Serverless for Aurora MySQL

B.

Migrate the databases to Amazon Aurora Serverless for Aurora PostgreSQL

C.

Combine the databases into one larger MySQL database Run the larger database on larger EC2 instances

D.

Create an EC2 Auto Scaling group for the database tier Migrate the existing databases to the new environment

Question 71

A company observes an increase in Amazon EC2 costs in its most recent bill The billing team notices unwanted vertical scaling of instance types for a couple of EC2 instances A solutions architect needs to create a graph comparing the last 2 months of EC2 costs and perform an in-depth analysis to identify the root cause of the vertical scaling

How should the solutions architect generate the information with the LEAST operational overhead?

Options:

A.

Use AWS Budgets to create a budget report and compare EC2 costs based on instance types

B.

Use Cost Explorer's granular filtering feature to perform an in-depth analysis of EC2 costs based on instance types

C.

Use graphs from the AWS Billing and Cost Management dashboard to compare EC2 costs based on instance types for the last 2 months

D.

Use AWS Cost and Usage Reports to create a report and send it to an Amazon S3 bucket Use Amazon QuickSight with Amazon S3 as a source to generate an interactive graph based on instance types.

Question 72

A company is experiencing sudden increases in demand. The company needs to provision large Amazon EC2 instances from an Amazon Machine image (AMI) The instances will run m an Auto Scaling group. The company needs a solution that provides minimum initialization latency to meet the demand.

Which solution meets these requirements?

Options:

A.

Use the aws ec2 register-image command to create an AMI from a snapshot Use AWS Step Functions to replace the AMI in the Auto Scaling group

B.

Enable Amazon Elastic Block Store (Amazon EBS) fast snapshot restore on a snapshot Provision an AMI by using the snapshot Replace the AMI m the Auto Scaling group with the new AMI

C.

Enable AMI creation and define lifecycle rules in Amazon Data Lifecycle Manager (Amazon DLM) Create an AWS Lambda function that modifies the AMI in the Auto Scaling group

D.

Use Amazon EventBridge (Amazon CloudWatch Events) to invoke AWS Backup lifecycle policies that provision AMIs Configure Auto Scaling group capacity limits as an event source in EventBridge (CloudWatch Events)

Question 73

A solution architect has configured the following IAM policy.

Which action will be allowed by the policy?

Which action will be allowed by the policy?

Options:

A.

An AWS Lambda function can be deleted from any network.

B.

An AWS Lambda function can be created from any network.

C.

An AWS Lambda function can be deleted from the 100.220.0.0/20 network.

D.

An AWS Lambda function can be deleted from the 220.100.16.0/20 network

Question 74

A global company plans to track and store information about local allergens in aj Amazon DynamoDB table and query this data from its website The website traffic will fluctuate The combined read capacity units (RCUs) and write capacity units (WCUs) will range from 10 per second to 10.000 per second, depending on the severity of the conditions for the given day A solutions architect must design a solution that avoids throttling issues and manages capacity efficiently The solution also must provide the ability to set a maximum number of capacity units

What should the solutions architect do to meet these requirements?

Options:

A.

Use provisioned capacity mode Set the table's maximum RCUs to 10.000

B.

Use provisioned capacity mode. Configure a scaling policy in DynamoDB auto scaling

C.

Use on-demand capacity mode Set the table's maximum RCUs to 10,000.

D.

Use on-demand capacity mode for a couple of months Then switch to provisioned capacity mode

Page: 1 / 49
Total 494 questions