March Sale Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Amazon Web Services SAA-C02 AWS Certified Solutions Architect - Associate (SAA-C03) Exam Practice Test

Note! Following SAA-C02 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is SAA-C03
Page: 1 / 0
Total 1 questions

AWS Certified Solutions Architect - Associate (SAA-C03) Questions and Answers

Question 1

A company's security team requests that network traffic be captured in VPC Flow Logs The logs will be frequently accessed for 90 days and then accessed intermittently What should a solutions architect do to meet these requirements when configuring the logs?

Options:

A.

Use Amazon CloudWatch as the target. Set the CloudWatch log group with an expiration of 90 days.

B.

Use Amazon Kinesis as the target Configure the Kinesis stream to always retain the logs for 90 days

C.

Use AWS CloudTrail as the target. Configure CloudTrail to save to an Amazon S3 bucket, and enable S3 Intelligent-Tiering

D.

Use Amazon S3 as the target Enable an S3 Lifecycle policy to transition the logs to S3 Standard-Infrequent Access (S3 Standard-IA) after 90 days

Question 2

A company has created an isolated backup of its environment in another Region The application is running in warm standby mode and is fronted by an Application Load Balancer (ALB) The current failover process is manual and requires updating a DNS alias record to point to the secondary ALB in another Region

What should a solutions architect do to automate the failover process?

Options:

A.

Enable an ALB health check

B.

Enable an Amazon Route 53 health check

C.

Create a CNAME record on Amazon Route 53 pointing to the ALB endpoint.

D.

Create conditional forwarding rules on Amazon Route 53 pointing to an internal BIND DNS server

Question 3

An administrator of a large company wants to monitor for and prevent any cryptocurrency-related attacks on the company's AWS accounts Which AWS service can the administrator use to protect the company against attacks?

Options:

A.

Amazon Cognito

B.

Amazon GuardDuty

C.

Amazon Inspector

D.

Amazon Macie

Question 4

A company needs to store 160TB of data for an indefinite of time. The company must be able to use standard SQL and business intelligence tools to query all of the data. The data will be queried no more than twice each month.

What is the MOST cost-effective solution that meets these requirements?

Options:

A.

Store the data in Amazon Aurora Serverles with MySQL . Use an SQL client to query the data.

B.

Store the data in Amazon S3. Use AWS Glue. Amazon Athena. IDBC and COBC drivers to query the data.

C.

Store the data in an Amazon EMR cluster with EMR File System (EMRFS) as the storage layer use Apache Presto to query the data.

D.

Store a subnet of the data in Amazon Redshift, and store the remaining data in Amazon S3. Use Amazon Redshift Spectrum to query the S3 data.

Question 5

A company's website runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The website has a mix of dynamic and static content. Users around the globe are reporting that the website is slow

Which set of actions will improve website performance for users worldwide?

Options:

A.

Create an Amazon CloudFront distribution and configure the ALB as an origin. Then update the Amazon Route 53 record to point to the CloudFront distribution

B.

Create a latency-based Amazon Route 53 record for the ALB. Then launch new EC2 instances with larger instance sizes and register the instances with the ALB

C.

Launch new EC2 instances hosting the same web application in different Regions closer to the users. Then register the instances with the same ALB using cross-Region VPC peering.

D.

Host the website in an Amazon S3 bucket in the Regions closest to the users and delete the ALB and EC2 instances. Then update an Amazon Route 53 record to point to the S3 buckets.

Question 6

A company needs to connect its on-premises data center network to a new VPC. The data center network has a 100 Mbps symmetrical internet connection. An application that is running on premises will transfer multiple gigabytes of data each day. The application will use an Amazon Kinesis Data Firehose delivery stream for processing

What should a solutions architect recommend for maximum performance?

Options:

A.

Create a VPC peering connection between the on-premises network and the VPC Configure routing for the on-premises network to use the VPC peering connection.

B.

Procure an AWS Snowball Edge Storage Optimized device. After several days' worth of data has accumulated, copy the data to the device and ship the device to AWS for expedited transfer to Kinesis Data Firehose Repeat as needed

C.

Create an AWS Site-to-Site VPN connection between the on-premises network and the VPC Configure BGP routing between the customer gateway and the virtual private gateway. Use the VPN connection to send the data from on premises to Kinesis Data Firehose.

D.

Use AWS PrivateLink to create an interface VPC endpoint for Kinesis Data Firehose in the VPC. Set up a 1 Gbps AWS Direct Connect connection between the on-premises network and AWS Use the PrivateLink endpoint to send the data from on premises to Kinesis Data Firehose.

Question 7

A company has been running a web application with an Oracle relational database in an on-premises data center for the past 15 years. The company must migrate the database to AWS. The company needs to reduce operational overhead without having to modify the application's code.

Which solution meets these requirements?

Options:

A.

Use AWS Database Migration Service (AWS DMS) to migrate the database servers to Amazon RDS.

B.

Use Amazon EC2 instances to migrate and operate the database servers.

C.

Use AWS Database Migration Service (AWS DMS) to migrate the database servers to Amazon DynamoDB.

D.

Use an AWS Snowball Edge Storage Optimized device to migrate the data from Oracle to Amazon Aurora.

Question 8

A company is running a multi-tier web application on premises. The web application is containerized and runs on a number of Linux hosts connected to a PostgreSQL database that contains user records The operational overhead of maintaining the infrastructure and capacity planning is limiting the company's growth A solutions architect must improve the application's infrastructure.

Which combination of actions should the solutions architect take to accomplish this? (Select TWO.)

Options:

A.

Migrate the PostgreSQL database to Amazon Aurora

B.

Migrate the web application to be hosted on Amazon EC2 instances.

C.

Set up an Amazon CloudFront distribution for the web application content.

D.

Set up Amazon ElastiCache between the web application and the PostgreSQL database.

E.

Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container Service (Amazon ECS).

Question 9

A company is developing a new online gaming application. The application will run on Amazon EC2 instances in multiple AWS Regions and will have a high number of globally distributed users A solutions architect must design the application to optimize network latency for the users.

Which actions should the solutions architect take to meet these requirements? (Select TWO.)

Options:

A.

Configure AWS Global Accelerator Create Regional endpoint groups in each Region where an EC2 fleet is hosted

B.

Create a content delivery network (CDN) by using Amazon CloudFront Enable caching for static and dynamic content, and specify a high expiration period

C.

Integrate AWS Client VPN into the application. Instruct users to select which Region is closest to them after they launch the application. Establish a VPN connection to that Region

D.

Create an Amazon Route 53 weighted routing policy Configure the routing policy to give the highest weight to the EC2 instances in the Region that has the largest number of users.

E.

Configure an Amazon API Gateway endpoint in each Region where an EC2 fleet is hosted Instruct users to select which Region is closest to them after they launch the application. Use the API Gateway endpoint that is closest to them.

Question 10

A company hosts an application on AWS. The application interacts with an Amazon DynamoDB table that has 10 read capacity units (RCUs) Data from Amazon CloudWatch alarms shows that throttling is occurring on read requests to the DynamoDB table. The company needs to prevent this issue from happening in the future as the application continues to grow.

What should a solutions architect recommend to meet these requirements?

Options:

A.

Add an Elastic Load Balancer in front of the DynamoDB table.

B.

Change the RCUs for the DynamoDB table to 20.

C.

Provision 20 write capacity units (WCUs) for the DynamoDB table to offset the throttling on read requests.

D.

Enable auto scaling for the DynamoDB table

Question 11

A company's legacy application is currently relying on a single-instance Amazon RDS MySQL database without encryption. Due to new compliance requirements all existing and new data in this database must be encrypted.

How should this be accomplished?

Options:

A.

Create an Amazon S3 bucket with server-side encryption enabled Move all the data to Amazon S3 Delete the RDS instance

B.

Enable RDS Multi-AZ mode with encryption at rest enabled. Perform a failover to the standby instance to delete the original instance

C.

Take a snapshot of the RDS instance. Create an encrypted copy of the snapshot. Restore the RDS instance from the encrypted snapshot.

D.

Create an RDS read replica with encryption at rest enabled Promote the read replica to master and switch the application over to the new master Delete the old RDS instance

Question 12

A company is building a mobile app on AWS. The company wants to expand its reach to millions of users The company needs to build a platform so that authorized users can watch the company's content on their mobile devices

What should a solutions architect recommend to meet these requirements?

Options:

A.

Publish content to a public Amazon S3 bucket. Use AWS Key Management Service (AWS KMS) keys to stream content.

B.

Set up IPsec VPN between the mobile app and the AWS environment to stream content

C.

Use Amazon CloudFront Provide signed URLs to stream content.

D.

Set up AWS Client VPN between the mobile app and the AWS environment to stream content.

Question 13

A company is designing a new web service that will run on Amazon EC2 instances behind an Elastic Load Balancer. However, many of the web service clients can only reach IP addresses whitelisted on their firewalls.

What should a solutions architect recommend to meet the clients' needs?

Options:

A.

A Network Load Balancer with an associated Elastic IP address

B.

An Application Load Balancer with an associated Elastic IP address

C.

An A record in an Amazon Route 53 hosted zone pointing to an Elastic IP address

D.

An EC2 instance with a public IP address running as a proxy in front of the load balancer

Question 14

A company has an ecommerce application that stores data in an on-premises SQL database. The company has decided to migrate this database to AWS. However, as part of the migration, the company wants to find a way to attain sub-millisecond responses to common read requests

A solutions architect knows that the increase in speed is paramount and that a small percentage of stale data returned in the database reads is acceptable.

What should the solutions architect recommend'?

Options:

A.

Build Amazon RDS read replicas.

B.

Build the database as a larger instance type.

C.

Build a database cache using Amazon ElastiCache

D.

Build a database cache using Amazon Elasticsearch Service (Amazon ES).

Question 15

A company allows its developers to attach existing IAM policies to existing IAM roles to enable faster experimentation and agility. However, the security operations team is concerned that the developers could attach the existing administrator policy, which would allow the developers to circumvent any other security policies.

How should a solution architect address this issue?

Options:

A.

Create an Amazon SNS topic to send an alert every time a developer create a new policy.

B.

Use service control policies to disable IAM across all account in the organizational unit.

C.

Prevent the developers from attaching any policies and duties to the security option team.

D.

Set an IAM permission boundary on the developer IAM role that explicitly denies of attaching the administrator policy

Question 16

A company has an application that uses Amazon Elastic File System (Amazon EFS) to store data. The files are 1 GB in size or larger and are accessed often only for the first few days after creation The application data is shared across a cluster of Linux servers The company wants to reduce storage costs for the application.

What should a solutions architect do to meet these requirements?

Options:

A.

Implement Amazon FSx and mount the network drive on each server

B.

Move the files from Amazon EFS and store them locally on each Amazon EC2 instance

C.

Configure a lifecycle policy to move the files to the EFS Infrequent Access (IA) storage class after 7 days.

D.

Move the files to Amazon S3 with S3 Lifecycle policies enabled. Rewrite the application to support mounting the S3 bucket

Question 17

A company is designing a new application that runs in a VPC on Amazon EC2 instances. The application stores data in Amazon S3 and uses Amazon DynamoDB as its database For compliance reasons, the company prohibits all traffic between the EC2 instances and other AWS services from passing over the public internet

What can a solutions architect do to meet this requirement?

Options:

A.

Configure gateway VPC endpoints to Amazon S3 and DynamoDB

B.

Configure interface VPC endpoints to Amazon S3 and DynamoDB

C.

Configure a gateway VPC endpoint to Amazon S3. Configure an interface VPC endpoint to DynamoDB.

D.

Configure a gateway VPC endpoint to DynamoDB Configure an interface VPC endpoint to Amazon S3

Question 18

A company wants to run an in-memory database for a latency-sensitive application that runs on Amazon EC2 instances. The application processes more than 100,000 transactions each minute and requires high network throughput. A solutions architect needs to provide a cost-effective network design that minimizes data transfer charges.

Which solution meets these requirements?

Options:

A.

Launch all EC2 instances in the same Availability Zone within the same AWS Region. Specify a placement group with cluster strategy when launching EC2 instances.

B.

Launch all EC2 instances in different Availability Zones within the same AWS Region. Specify a placement group with partition strategy when launching EC2 instances.

C.

Deploy an Auto Scaling group to launch EC2 instances in different Availability Zones based on a network utilization target.

D.

Deploy an Auto Scaling group with a step scaling policy to launch EC2 instances in different Availability Zones.

Question 19

A company must migrate 20 TB of data from a data centre to the AWS Cloud within 30 days. The company's network bandwidth is limited to 15 Mbps and cannot exceed 70% utilization.

What should a solutions architect do to meet these requirements?

Options:

A.

Use AWS Snowball.

B.

Use AWS DataSync

C.

Use a secure VPN connection.

D.

Use Amazon S3 Transfer Acceleration

Question 20

A leasing company generates and emails PDF statements every month for all its customers. Each statement is about 400 KB in size Customers can download their statements from the website for up to 30 days from when the statements were generated At the end of their 3-year lease, the customers are emailed a ZIP file that contains all the statements

What is the MOST cost-effective storage solution for this situation?

Options:

A.

Store the statements using the Amazon S3 Standard storage class Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 1 day.

B.

Store the statements using the Amazon S3 Glacier storage class Create a lifecycle policy to move the statements to Amazon S3 Glacier Deep Archive storage after 30 days.

C.

Store the statements using the Amazon S3 Standard storage class Create a lifecycle policy to move the statements to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) storage after 30 days.

D.

Store the statements using the Amazon S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 30 days.

Question 21

A solutions architect needs to design a resilient solution for Windows users' home directories. The solution must provide fault tolerance, file-level backup and recovery, and access control, based upon the company's Active Directory.

Which storage solution meets these requirements?

Options:

A.

Configure Amazon S3 to store the users' home directories. Join Amazon S3 to Active Directory

B.

Configure a Multi-AZ file system with Amazon FSx for Windows File Server Join Amazon FSx to Active Directory

C.

Configure Amazon Elastic File System (Amazon EFS) for the users home directories. Configure AWS Single Sign-On with Active Directory.

D.

Configure Amazon Elastic Block Store (Amazon EBS) to store the users home directories Configure AWS Single Sign-On with Active Directory

Question 22

A solutions architect must design a highly available infrastructure for a website. The website is powered by Windows web servers that run on Amazon EC2 instances. The solutions architect must implement a solution that can mitigate a large-scale DDoS attack that originates from thousands of IP addresses. Downtime is not acceptable for the website.

Which actions should the solutions architect take to protect the website from such an attack? (Select TWO.)

Options:

A.

Use AWS Shield Advanced to stop the DDoS attack.

B.

Configure Amazon GuardDuty to automatically block the attackers.

C.

Configure the website to use Amazon CloudFront for both static and dynamic content.

D.

Use an AWS Lambda function to automatically add attacker IP addresses to VPC network ACLs.

E.

Use EC2 Spot Instances in an Auto Scaling group with a target tracking scaling policy that is set to 80% CPU utilization

Question 23

A company's application is running on Amazon EC2 instances within an Auto Scaling group behind an Elastic Load Balancer Based on the application's history the company anticipates a spike m traffic during a holiday each year A solutions architect must design a strategy to ensure that the Auto Scaling group proactively increases capacity to minimize any performance impact on application users.

Which solution will meet these requirements?

Options:

A.

Create an Amazon CloudWatch alarm to scale up the EC2 instances when CPU utilization exceeds 90%.

B.

Create a recurring scheduled action to scale up the Auto Scaling group before the expected period of peak demand.

C.

increase the minimum and maximum number of EC2 instances in the Auto Scaling group during the peak demand period

D.

Configure an Amazon Simple Notification Service (Amazon SNS) notification to send alerts when there are autoscaling EC2_INSTANCE_LAUNCH events

Question 24

A company recently released a new type of internet-connected sensor. The company is expecting to sell thousands of sensors, which are designed to stream high volumes of data each second to a central location. A solutions architect must design a solution that ingests and stores data so that engineering teams can analyse it in near-real time with millisecond responsiveness.

Which solution should the solution architect recommend?

Options:

A.

Use an Amazon SOS queue to ingest the data. Consume the data with an AWS Lambda function which then stores the data in Amazon Redshift

B.

Use on Amazon SQS queue to ingest the data. Consume the data with an AWS Lambda function which then stores the data In Amazon DynamoDB

C.

Use Amazon Kinases Data Streams to ingest the data. Consume the data with an AWS Lambda function, which then stores the data m Amazon Redshift

D.

Use Amazon Kinesis Data Streams to ingest the data. Consume the data with an AWS Lambda function, which then stores the data m Amazon DynamoDB

Question 25

A company needs to develop a repeatable solution to process time-ordered information from websites around the world. The company collects the data from the

websites by using Amazon Kinesis Data Streams and stores the data in Amazon S3.

The processing logic needs to collect events and handle data from the last 5 years.

The processing logic also must generate results m an S3 bucket so that a business intelligence application can analyze and compare the results. The processing must be repeated multiple times.

What should a solutions architect do to meet these requirements?

Options:

A.

Use Amazon S3 to collect events. Create an AWS Lambda function to process the events. Create different Lambda functions to handle repeated processing.

B.

Use Amazon EventBridge (Amazon CloudWatch Events) to collect events Set AWS Lambda as an event target.

Use EventBridge (CloudWatch Events) to create an archive for the events and to replay the events.

C.

Use an Amazon Simple Queue Service (Amazon SQS) FIFO queue to collect events. Process the events by using Amazon EC2. Use AWS Step Function to create an archive for the events and to replay the events

D.

Use Amazon Managed Streaming for Apache Kafka (Amazon MSK) to collect events. Process the events by using Amazon Elastic Kubemetes Service (Amazon EKS) Use Amazon MSK to create an archive for the events and to replay the events.

Question 26

A solutions architect is creating a new VPC design. There are two public subnets for the load balancer, two private subnets for web servers, and two private subnets for MySQL. The web servers use only HTTPS. The solutions architect has already created a security group for the load balancer allowing port 443 from 0.0.0.0/0.

Company policy requires that each resource has the least access required to still be able to perform its tasks.

Which additional configuration strategy should the solutions architect use to meet these requirements?

Options:

A.

Create a security group for the web servers and allow port 443 from 0.0.0.0/0. Create a security group (or the MySQL servers and allow port 3306 from the web servers security group.

B.

Create a network ACL for the web servers and allow port 443 from 0.0.0.0/0. Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group.

C.

Create a security group for the web servers and allow port 443 from the load balancer. Create a security group for the MySQL servers and allow port 3306 from the web servers security group.

D.

Create a network ACL for the web servers and allow port 443 from the load balancer. Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group.

Question 27

A company uses NFS to store large video files in on-premises network attached storage. Each video file ranges in size from 1MB to 500 GB. The total storage is 70 TB and is no longer growing. The company decides to migrate the video files to Amazon S3. The company must migrate the video files as soon as possible while using the least possible network bandwidth.

Which solution will meet these requirements?

Options:

A.

Create an S3 bucket Create an 1AM role that has permissions to write to the S3 bucket. Use the AWS CLI to copy all files locally to the S3 bucket.

B.

Create an AWS Snowball Edge job. Receive a Snowball Edge device on premises. Use the Snowball Edge client to transfer data to the device. Return the device so that AWS can import the data into

Amazon S3.

C.

Deploy an S3 File Gateway on premises. Create a public service endpoint to connect to the S3 File Gateway Create an S3 bucket Create a new NFS file share on the S3 File Gateway Point the new file share to the S3 bucket. Transfer the data from the existing NFS file share to the S3 File Gateway.

D.

Set up an AWS Direct Connect connection between the on-premises network and AWS. Deploy an S3 File Gateway on premises. Create a public virtual interlace (VIF) to connect to the S3 File Gateway. Create an S3 bucket. Create a new NFS file share on the S3 File Gateway. Point the new file share to the S3 bucket. Transfer the data from the existing NFS file share to the S3 File Gateway.

Question 28

A company is running an application in a private subnet in a VPC win an attached internet gateway The company needs to provide the application access to the internet while restricting public access to the application The company does not want to manage additional infrastructure and wants a solution that is highly available and scalable

Which solution meets these requirements?

A Create a NAT gateway in the private subnet. Create a route table entry from the private subnet to the internet gateway

B Create a NAT gateway m a public subnet Create a route table entry from the private subnet to the NAT gateway

C. Launch a NAT instance m the private subnet Create a route table entry from the private subnet lo the internet gateway

D. Launch a NAT Instance in a public subnet Create a route table entry from the private subnet to the NAT instance.

Options:

Question 29

An ecommerce company wants to launch a one-deal-a-day website on AWS. Each day will feature exactly one product on sale (or a period of 24 hours. The company wants to be able to handle millions of requests each hour with millisecond latency during peak hours.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Use Amazon S3 to host the full website in different S3 buckets Add Amazon CloudFront distributions Set the S3 buckets as origins for the distributions Store the order data in Amazon S3

B.

Deploy the full website on Amazon EC2 instances that run in Auto Scaling groups across multiple Availability Zones Add an Application Load Balancer (ALB) to distribute the website traffic Add another ALB for the backend APIs Store the data in Amazon RDS for MySQL

C.

Migrate the full application to run in containers Host the containers on Amazon Elastic Kubernetes Service (Amazon EKS) Use the Kubernetes Cluster Autoscaler to increase and decrease the number of pods to process bursts in traffic Store the data in Amazon RDS for MySQL

D.

Use an Amazon S3 bucket to host the website's static content Deploy an Amazon CloudFront distribution. Set the S3 bucket as the origin Use Amazon API Gateway and AWS Lambda functions for the backend APIs Store the data in Amazon DynamoDB

Question 30

A global company hosts its web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The web application has static data and dynamic data. The company stores its static data in an Amazon S3 bucket. The company wants to improve performance and reduce latency for the static data and dynamic data. The company is using its own domain name registered with Amazon Route 53.

What should a solutions architect do to meet these requirements?

Options:

A.

Create an Amazon CloudFront distribution that has the S3 bucket and the ALB as origins Configure Route 53 to route traffic to the CloudFront distribution.

B.

Create an Amazon CloudFront distribution that has the ALB as an origin Create an AWS Global Accelerator standard accelerator that has the S3 bucket as an endpoint. Configure Route 53 to route traffic to the CloudFront distribution.

C.

Create an Amazon CloudFront distribution that has the S3 bucket as an origin Create an AWS Global Accelerator standard accelerator that has the ALB and the CloudFront distribution as endpoints Create a custom domain name that points to the accelerator DNS name Use the custom domain name as an endpoint for the web application.

D.

Create an Amazon CloudFront distribution that has the ALB as an origin C. Create an AWS Global Accelerator standard accelerator that has the S3 bucket as an endpoint Create two domain names. Point one domain name to the CloudFront DNS name for dynamic content, Point the other domain name to the accelerator DNS name for static content Use the domain names as endpoints for the web application.

Question 31

A solutions architect is designing the cloud architecture for a new application being deployed on AWS. The process should run in parallel while adding and removing application nodes as needed based on the number of fobs to be processed. The processor application is stateless. The solutions architect must ensure that the application is loosely copied and the job items are durably stored

Which design should the solutions architect use?

Options:

A.

Create an Amazon SNS topic to send the jobs that need to be processed Create an Amazon Machine Image (AMI) that consists of the processor application Create a launch configuration that uses the AMI Create an Auto Scaling group using the launch configuration Set the scaling policy for the Auto Scaling group to add and remove nodes based on CPU usage

B.

Create an Amazon SQS queue to hold the jobs that need to be processed Create an Amazon Machine image (AMI) that consists of the processor application Create a launch configuration that uses the AM' Create an Auto Scaling group using the launch configuration Set the scaling policy for the Auto Scaling group to add and remove nodes based on network usage

C.

Create an Amazon SQS queue to hold the jobs that needs to be processed Create an Amazon Machine image (AMI) that consists of the processor application Create a launch template that uses the AMI Create an Auto Scaling group using the launch template Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue

D.

Create an Amazon SNS topic to send the jobs that need to be processed Create an Amazon Machine Image (AMI) that consists of the processor application Create a launch template that uses the AMI Create an Auto Scaling group using the launch template Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of messages published to the SNS topic

Question 32

A company has an application that loads documents into an Amazon 53 bucket and converts the documents into another format. The application stores the converted documents m another S3 bucket and saves the document name and URLs in an Amazon DynamoOB table The DynamoOB entries are used during subsequent days to access the documents The company uses a DynamoOB Accelerator (DAX) cluster in front of the table

Recently, traffic to the application has increased. Document processing tasks are timing out during the scheduled DAX maintenance window. A solutions architect must ensure that the documents continue to load during the maintenance window

What should the solutions architect do to accomplish this goal?

A Modify the application to write to the DAX cluster Configure the DAX cluster to write to the DynamoDB table when the maintenance window is complete

B. Enable Amazon DynamoDB Streams for the DynamoDB table. Modify the application to write to the stream Configure the stream to load the data when the maintenance window is complete.

C. Convert the application to an AWS Lambda function Configure the Lambda function runtime to be longer than the maintenance window Create an Amazon CloudWatch alarm to monitor Lambda timeouts

D. Modify the application to write the document name and URLs to an Amazon Simple Queue Service (Amazon SOS) queue Create an AWS Lambda function to read the SOS queue and write to DynamoDB.

Options:

Question 33

A company has two AWS accounts in the same AWS Region. One account is a publisher account, and the other account is a subscriber account Each account has its own Amazon S3 bucket.

An application puts media objects into the publisher account's S3 bucket The objects are encrypted with server-side encryption with customer-provided encryption keys (SSE-C). The company needs a solution that will automatically copy the objects to the subscriber's account's S3 bucket.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Enable S3 Versioning on the publisher account's S3 bucket Configure S3 Same-Region Replication of the objects to the subscriber account's S3 bucket

B.

Create an AWS Lambda function that is invoked when objects are published in the publisher account's S3 bucket. Configure the Lambda function to copy the objects to the subscriber accounts S3 bucket

C.

Configure Amazon EventBridge (Amazon CloudWatch Events) to invoke an AWS Lambda function when objects are published in the publisher account's S3 bucket Configure the Lambda function to copy the objects to the subscriber account's S3 bucket

D.

Configure Amazon EventBridge (Amazon CloudWatch Events) to publish Amazon Simple Notification Service (Amazon SNS) notifications when objects are published in the publisher account's S3 bucket When notifications are received use the S3 console to copy the objects to the subscriber accounts S3 bucket

Question 34

A company runs a photo processing application mat needs to frequently upload and download pictures from Amazon S3 buckets that are located in the same AWS Region A solutions architect has noticed an increased cost in data transfer lees and needs to implement a solution to reduce these costs

How can the solutions architect meet this requirement?

Options:

A.

Deploy Amazon API Gateway into a public subnet and adjust the route table to route S3 calls through it

B.

Deploy a NAT gateway into a public subnet and attach an endpoint policy that allows access to the S3 buckets

C.

Deploy the application into a public subnet and allow it to route through an internet gateway to access the S3 buckets

D.

Deploy an S3 VPC gateway endpoint into the VPC and attach an endpoint policy that allows access to the S3 buckets

Question 35

A company runs an application that receives data from thousands of geographically dispersed remote devices that use UDP The application processes the data immediately and sends a message back to the device if necessary No data is stored.

The company needs a solution that minimizes latency for the data transmission from the devices. The solution also must provide rapid failover to another AWS Region

Which solution will meet these requirements?

Options:

A.

Configure an Amazon Route 53 failover routing policy Create a Network Load Balancer (NLB) in each of the two Regions Configure the NLB to invoke an AWS Lambda function to process the data

B.

Use AWS Global Accelerator Create a Network Load Balancer (NLB) in each of the two Regions as an endpoint. Create an Amazon Elastic Container Service (Amazon ECS) cluster with the Fargate launch type Create an ECS service on the cluster Set the ECS service as the target for the NLB Process the data in Amazon ECS.

C.

Use AWS Global Accelerator Create an Application Load Balancer (ALB) in each of the two Regions as an endpoint Create an Amazon Elastic Container Service (Amazon ECS) cluster with the Fargate launch type Create an ECS service on the cluster. Set the ECS service as the target for the ALB Process the data in Amazon ECS

D.

Configure an Amazon Route 53 failover routing policy Create an Application Load Balancer (ALB) in each of the two Regions Create an Amazon Elastic Container Service (Amazon ECS) cluster with the Fargate launch type Create an ECS service on the cluster Set the ECS service as the target for the ALB Process the data in Amazon ECS

Question 36

A company is creating a new application that will store a large amount of data. The data will be analyzed hourly and will be modified by several Amazon EC2 Linux instances that are deployed across multiple Availability Zones. The needed amount of storage space will continue to grow for the next 6 Months.

Which storage solution should a solutions architect recommend to meet these requirements?

Options:

A.

Store the data in Amazon S3 Glacier Update me S3 Glacier vault policy to allow access to the application Instances

B.

Store the data in an Amazon Elastic Block Store (Amazon EBS) volume Mount the EBS volume on the application nuances.

C.

Store the data in an Amazon Elastic File System (Amazon EFS) tile system Mount the file system on the application instances.

D.

Store the data in an Amazon Elastic Block Store (Amazon EBS) Provisioned K)PS volume shared between the application instances.

Question 37

A company collects data from thousands of remote devices by using a RESTful web services application that runs on an Amazon EC2 instance. The EC2 instance receives the raw data, transforms the raw data, and stores all the data in an Amazon S3 bucket. The number of remote devices will increase into the millions soon. The company needs a highly scalable solution that minimizes operational overhead.

Which combination of steps should a solutions architect take to meet these requirements9 (Select TWO.)

Options:

A.

Use AWS Glue to process the raw data in Amazon S3.

B.

Use Amazon Route 53 to route traffic to different EC2 instances.

C.

Add more EC2 instances to accommodate the increasing amount of incoming data.

D.

Send the raw data to Amazon Simple Queue Service (Amazon SOS). Use EC2 instances to process the data.

E.

Use Amazon API Gateway to send the raw data to an Amazon Kinesis data stream. Configure Amazon Kinesis Data Firehose to use the data stream as a source to deliver the data to Amazon S3.

Question 38

A company is implementing a new business application The application runs on two Amazon EC2 instances and uses an Amazon S3 bucket for document storage A solutions architect needs to ensure that the EC? instances can access the S3 bucket

What should the solutions architect do to moot this requirement?

Options:

A.

Create an IAM role that grants access to the S3 bucket. Attach the role to the EC2 Instances.

B.

Create an IAM policy that grants access to the S3 bucket Attach the policy to the EC2 Instances

C.

Create an IAM group that grants access to the S3 bucket Attach the group to the EC2 instances

D.

Create an IAM user that grants access to the S3 bucket Attach the user account to the EC2 Instances

Question 39

A company is running a critical business application on Amazon EC2 instances behind an Application Load Balancer The EC2 instances run in an Auto Scaling group and access an Amazon RDS DB instance

The design did not pass an operational review because the EC2 instances and the DB instance are all located in a single Availability Zone A solutions architect must update the design to use a second Availability Zone

Which solution will make the application highly available?

Options:

A.

Provision a subnet in each Availability Zone Configure the Auto Scaling group to distribute the EC2 instances across both

Availability Zones Configure the DB instance with connections to each network

B.

Provision two subnets that extend across both Availability Zones Configure the Auto Scaling group to distribute the EC2 instances

across both Availability Zones Configure the DB instance with connections to each network

C.

Provision a subnet in each Availability Zone Configure the Auto Scaling group to distribute the EC2 instances across both Availability Zones Configure the DB instance for Multi-AZ deployment

D.

Provision a subnet that extends across both Availability Zones Configure the Auto Scaling group to distribute the EC2 instances

across both Availability Zones Configure the DB instance for Multi-AZ deployment

Question 40

A company is running a publicly accessible serverless application that uses Amazon API Gateway and AWS Lambda. The application’s traffic recently spiked due to fraudulent requests from botnets.

Which steps should a solutions architect take to block requests from unauthorized users? (Select TWO.)

Options:

A.

Create a usage plan with an API key that it shared with genuine users only.

B.

Integrate logic within the Lambda function to ignore the requests lion- fraudulent IP addresses

C.

Implement an AWS WAF rule to target malicious requests and trigger actions to filler them out

D.

Convert the existing public API to a private API Update the DNS records to redirect users to the new API endpoint

E.

Create an IAM role tor each user attempting to access the API A user will assume the role when making the API call

Question 41

A company stores millions of objects in Amazon S3. The data is in JSON format and Apache Parquet format. The data is partitioned and new objects are added daily. A solutions architect needs to create a solution so that employees can use SQL to perform one-time queries against all the data. The solution must avoid code changes and must minimize operational overhead.

Which solution will meet these requirements?

Options:

A.

Use S3 Select to perform queries against all the S3 objects

B.

Create an AWS Glue table and an AWS Glue crawler Schedule the crawler to run daily Perform queries with Amazon Athena

C.

Create an Amazon EMR cluster Set up C. EMR File System (EMRFS) to access the S3 bucket Perform queries with Apache Spark

D.

Create an Amazon Redshift cluster Schedule an AWS Lambda function to perform the COPY command on the Redshift cluster to load the S3 data Perform queries on the Redshift cluster.

Question 42

A company is building a solution that will report Amazon EC2 Auto Scaling events across all the applications In an AWS account. The company needs to use a serverless solution to store the EC2 Auto Scaling status data in Amazon S3 The company then will use the data m Amazon S3 to provide near-real time updates in a dashboard The solution must not affect the speed of EC2 instance launches.

How should the company move the data to Amazon S3 to meet these requirements?

Options:

A.

Use an Amazon CioudWatch metric stream to send the EC2 Auto Scaling status data to Amazon Kinesis Data Firehose Store the data in Amazon S3

B.

Launch an Amazon EMR duster to collect the EC2 Auto Scaling status data and send the data to Amazon Kinesis Data Firehose Store the data in Amazon S3

C.

Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda (unction on a schedule Configure the Lambda function to send the EC2 Auto Scaling status data directly to Amazon S3

D.

Use a bootstrap script during the launch of an EC2 instance to install Amazon Kinesis Agent Configure Kinesis Agent to collect the EC2 Auto Scaling status data and send the data to Amazon Kinesis Data Firehose Store the data in Amazon S3

Question 43

A company hosts an application on AWS Lambda functions mat are invoked by an Amazon API Gateway API The Lambda functions save customer data to an Amazon Aurora MySQL database Whenever the company upgrades the database, the Lambda functions fail to establish database connections until the upgrade is complete The result is that customer data Is not recorded for some of the event

A solutions architect needs to design a solution that stores customer data that is created during database upgrades

Which solution will meet these requirements?

Options:

A.

Provision an Amazon RDS proxy to sit between the Lambda functions and the database Configure the Lambda functions to connect to the RDS proxy

B.

Increase the run time of me Lambda functions to the maximum Create a retry mechanism in the code that stores the customer data in the database

C.

Persist the customer data to Lambda local storage. Configure new Lambda functions to scan the local storage to save the customer data to the database.

D.

Store the customer data m an Amazon Simple Queue Service (Amazon SOS) FIFO queue Create a new Lambda function that polls the queue and stores the customer data in the database

Question 44

A gaming company has a web application that displays scores. The application runs on Amazon EC2 instances behind an Application Load Balancer. The application stores data in an Amazon RDS for MySQL database. Users are starting to experience long delays and interruptions that are caused by database read performance. The company wants to improve the user experience while minimizing changes to the application's architecture.

What should a solutions architect do to meet these requirements?

Options:

A.

Use Amazon ElastiCache in front of the database.

B.

Use RDS Proxy between the application and the database.

C.

Migrate the application from EC2 instances to AWS Lambda.

D.

Migrate the database from Amazon RDS for MySQL to Amazon DynamoDB.

Question 45

A company wants to build an online marketplace application on AWS as a set of loosely coupled microservices For this application, when a customer submits a new order two microservices should handle the event simultaneously The Email microservice will send a confirmation email and the OrderProcessing microservice will start the order delivery process If a customer cancels an order, the OrderCancellation and Email microservices should handle the event simultaneously.

A solutions architect wants to use Amazon Simple Queue Service (Amazon SQS) and Amazon Simple Notification Service (Amazon SNS) to design the messaging between the microservices.

How should the solutions architect design the solution?

Options:

A.

Create a single SQS queue and publish order events to it The Email, OrderProcessing and OrderCancellation microservices can then consume messages off the queue

B.

Create three SNS topics for each microservice Publish order events to the three topics Subscribe each of the Email OrderProcessmg, and OrderCancellation microservices to its own topic

C.

Create an SNS topic and publish order events to it Create three SQS queues for the Email OrderProcessing and OrderCancellation microservices Subscribe all SQS queues to the SNS topic with message filtering

D.

Create two SQS queues and publish order events to both queues simultaneously One queue is for the Email and OrderProcessmg microservices The second queue is for the Email and Order Cancellation microservices

Question 46

A solutions architect is designing the cloud architecture for a company that needs to host hundreds of machine learning models for its users Dunng startup, the models need to load up to 10 GB of data from Amazon S3 into memory, out they do not need disk access Most of the models are used sporadically but the users expect all of them to be highly available and accessible with low latency.

Which solution meets the requirements and is MOST cost-effective1?

Options:

A.

Deploy models as AWS Lambda functions behind an Amazon API Gateway for each model

B.

Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind an Application Load Balancer for each model

C.

Deploy models as AWS Lambda functions behind a single Amazon API Gateway with path-based routing where one path corresponds to each model

D.

Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind a single Application Load Balancer with path-based routing where one path corresponds to each model

Question 47

A company uses on-premises servers to host Its application. The company is running out of storage capacity. The applications use both block storage and NFS storage. The company needs a high-performing solution that supports local caching without re-architecting its existing applications

Which combination of actions should a solutions architect take to meet these requirements'? (Select TWO.)

Options:

A.

Mount Amazon S3 as a file system to the on-premises servers

B.

Deploy an AWS Storage Gateway Me gateway to replace NFS storage

C.

Deploy AWS Snowball Edge to provision NFS mounts to on-premises servers

D.

Deploy an AWS Storage Gateway volume gateway to replace the block storage

E.

Deploy Amazon Elastic File System (Amazon EFS) volumes and mount them to on-premises servers

Question 48

A company has a web application with sporadic usage patterns There is heavy usage at the beginning of each month moderate usage at the start of each week and unpredictable usage during the week The application consists of a web server and a MySQL database server running inside the data center The company would like to move the application to the AWS Cloud and needs to select a cost-effective database platform that will not require database modifications

Which solution will meet these requirements?

Options:

A.

Amazon DynamoDB

B.

Amazon RDS for MySQL

C.

MySQL-compatible Amazon Aurora Serverless

D.

MySQL deployed on Amazon EC2 in an Auto Scaling group

Question 49

A company wants to build an immutable infrastructure for its software applications The company wants to test the software applications before sending traffic to them The company seeks an efficient solution that limits the effects of application bugs

Which combination of steps should a solutions architect recommend? {Select TWO)

Options:

A.

Use AWS Cloud Formation to update the production infrastructure and roll back the stack if the update fails

B.

Apply Amazon Route 53 weighted routing to test the staging environment and gradually increase the traffic as the tests pass

C.

Apply Amazon Route 53 failover routing to test the staging environment and fail over to the production environment if the tests pass

D.

Use AWS Cloud Formation with a parameter set to the staging value in a separate environment other than the production environment

E.

Use AWS Cloud Formation to deploy the staging environment with a snapshot deletion policy and reuse the resources in the production environment if the tests pass

Question 50

A company is developing a mobile game that streams score updates to a backend processor and then posts results on a leaderboard A solutions architect needs to design a solution that can handle large traffic spikes process the mobile game updates in order of receipt and store the processed updates in a highly available database The company also wants to minimize the management overhead required to maintain the solution

What should the solutions architect do to meet these requirements?

Options:

A.

Push score updates to Amazon Kinesis Data Streams Process the updates in Kinesis Data Streams with AWS Lambda Store the processed updates in Amazon DynamoDB

B.

Push score updates to Amazon Kinesis Data Streams Process the updates with a fleet of Amazon EC2 instances set up for Auto Scaling Store the processed updates in Amazon Redshifi

C.

Push score updates to an Amazon Simple Notification Service (Amazon SNS) topic Subscribe an AWS Lambda function to the SNS topic to process the updates Store the processed updates in a SQL database running on Amazon EC2

D.

Push score updates to an Amazon Simple Queue Service (Amazon SQS) queue Use a fleet of Amazon EC2 instances with Auto Scaling to process the updates in the SQS queue Store the processed updates in an Amazon RDS Multi-AZ DB instance

Question 51

A company has designed an application where users provide small sets of textual data by calling a public API The application runs on AWS and includes a public Amazon API Gateway API that forwards requests to an AWS Lambda function for processing The Lambda function then writes the data to an Amazon Aurora Serverless database for consumption

The company is concerned that it could lose some user data it a Lambda function fails to process the request property or reaches a concurrency limit.

What should a solutions architect recommend to resolve this concern?

Options:

A.

Split the existing Lambda function into two Lambda functions Configure one function to receive API Gateway requests and put relevant items into Amazon Simple Queue Service (Amazon SQS) Configure the other function to read items from Amazon SQS and save the data into Aurora

B.

Configure the Lambda function to receive API Gateway requests and write relevant items to Amazon ElastiCache Configure ElastiCache to save the data into Aurora

C.

Increase the memory for the Lambda function Configure Aurora to use the Multi-AZ feature

D.

Split the existing Lambda function into two Lambda functions Configure one function to receive API Gateway requests and put relevant items into Amazon Simple Notification Service (Amazon SNS) Configure the other function to read items from Amazon SNS and save the data into Aurora

Question 52

A company wants to migrate its MySQL database from on premises to AWS. The company recently experienced a database outage that significantly impacted the business To ensure this does not happen again the company wants a reliable database solution on AWS that minimizes data loss and stores every transaction on at least two nodes

Which solution meets these requirements?

Options:

A.

Create an Amazon RDS DB instance with synchronous replication to three nodes in three Availability Zones.

B.

Create an Amazon RDS MySQL DB instance with Multi-AZ functionality enabled to synchronously replicate the data.

C.

Create an Amazon RDS MySQL DB instance and then create a read replica in a separate AWS Region that synchronously replicates the data.

D.

Create an Amazon EC2 instance with a MySQL engine installed that triggers an AWS Lambda function to synchronously replicate the data to an Amazon RDS MySQL DB instance

Question 53

A company has a large Microsoft SharePoint deployment running on-premises that requires Microsoft Windows shared file storage The company wants to migrate this workload to the AWS Cloud and is considering various storage options. The storage solution must be highly available and integrated with Active Directory for access control

Which solution will satisfy these requirements?

Options:

A.

Configure Amazon EFS storage and set the Active Directory domain for authentication

B.

Create an SMB Me share on an AWS Storage Gateway tile gateway in two Availability Zones

C.

Create an Amazon S3 bucket and configure Microsoft Windows Server to mount it as a volume

D.

Create an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication

Question 54

A company wants to provide users with access lo AWS resources. The company has 1.500 users and manages their access to on-premises resources through Active Directory user groups on the corporate network However, the company does not want users to have to maintain another identity to access the resources A solutions architect must manage user access to the AWS resources while preserving access to the on-premises resources

What should the solutions architect do to meet these requirements?

Options:

A.

Create an IAM user for each user in the company Attach the appropriate policies to each user

B.

Use Amazon Cognito with an Active Directory user pool Create rotes with the appropriate policies attached

C.

Define cross-account roles with the appropriate policies attached Map the roles to the Active Directory groups

D.

Configure Security Assertion Markup Language (SAML) 2 0-based federation Create roles with the appropriate policies attached Map the roles to the Active Directory groups

Question 55

A startup company is using me AWS Cloud to develop a traffic control monitoring system for a large city The system must be highly available and must provide near-real-time results for residents and city officials even during peak events

Gigabytes of data will come in daily from loT devices that run at intersections and freeway ramps across the city The system must process the data sequentially to provide the correct timeline However results need to show only what has happened in the last 24 hours.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Deploy Amazon Kinesis Data Firehose to accept incoming data from the loT devices and write the data to Amazon S3 Build a web dashboard to display the data from the last 24 hours

B.

Deploy an Amazon API Gateway API endpoint and an AWS Lambda function to process incoming data from the loT devices and store the data in Amazon DynamoDB Build a web dashboard to display the data from the last 24 hours

C.

Deploy an Amazon API Gateway API endpoint and an Amazon Simple Notification Service (Amazon SNS) tope to process incoming data from the loT devices Write the data to Amazon Redshift Build a web dashboard to display the data from the last 24 hours

D.

Deploy an Amazon Simple Queue Service (Amazon SOS) FIFO queue and an AWS Lambda function to process incoming data from the loT devices and store the data in an Amazon RDS DB instance Build a web dashboard to display the data from the last 24 hours

Question 56

An airline that is based in the United States provides services for routes in North America and Europe. The airline is developing a new read-intensive application that customers can use to find flights on either continent.

The application requires strong read consistency and needs scalable database capacity to accommodate changes in user demand. The airline needs the database service to synchronize with the least possible latency between the two continents and to provide a simple failover mechanism to a second AWS Region.

Which solution will meet these requirements?

Options:

A.

Deploy Microsoft SQL Server on Amazon EC2 instances in a Region in North America. Use SOL Server binary log replication on an EC2 instance in a Region in Europe.

B.

Create an Amazon DynamoDB global table Add a Region from North America and a Region from Europe to the table. Query data with strongly consistent reads.

C.

Use an Amazon Aurora MySQL global database. Deploy the read-write node in a Region in North America, and deploy read-only endpoints in Regions in North America and Europe. Query data with global read consistency.

D.

Create a subscriber application that uses Amazon Kinesis Data Steams for an Amazon Redshift cluster in a Region in North America. Create a second subscriber application for the Amazon Redshift cluster in a Region in Europe. Process all database modifications through Kinesis Data Streams.

Question 57

A recent analysis of a company's IT expenses highlights the need to reduce backup costs The company s chief information officer wants to simplify the on-premises backup infrastructure and reduce costs by eliminating the use ol physical backup tapes The company must preserve the existing investment in the on-premises backup applications and workflows

What should a solutions architect recommend''

Options:

A.

Set up AWS Storage Gateway to conned with the backup applications using the NFS interface

B.

Set up an Amazon EFS file system that connects wtth the backup applications using the NFS interface

C.

Set up an Amazon EFS file system that connects with the backup applications using the iSCSl interface

D.

Set up AWS Storage Gateway to connect with the backup applications using the iSCSi-virtual tape library (VTL) interface

Question 58

A solutions architect must migrate a Windows Internet Information Services (IIS) web application to AWS The application currently relies on a file share hosted in the user's on-premises network-attached storage (NAS) The solutions architect has proposed migrating the MS web servers to Amazon EC2 instances in multiple Availability Zones that are connected to the storage solution, and configuring an Elastic Load Balancer attached to the instances

Which replacement to the on-premises file share is MOST resilient and durable?

Options:

A.

Migrate the file share to Amazon RDS

B.

Migrate the file share to AWS Storage Gateway

C.

Migrate the file share to Amazon FSx for Windows File Server

D.

Migrate the file share to Amazon Elastic File System (Amazon EFS)

Question 59

A company has established a new AWS account. The account is newly provisioned and no changes have been made to the default settings The company is concerned about the security of the AWS account root user

What should be done to secure the root user?

Options:

A.

Create IAM users for daily administrative tasks Disable the root user

B.

Create IAM users for daily administrative tasks Enable multi-factor authentication on the root user

C.

Generate an access key for the root user Use the access key for daily administration tasks instead of the AWS Management Console

D.

Provide the root user credentials to the most senior solutions architect Have the solutions architect use the root user for daily administration tasks

Question 60

An application uses an Amazon RDS MySQL DB instance The RDS database is becoming low on disk space A solutions architect wants to increase the disk space without downtime Which solution meets these requirements with the LEAST amount of effort?

Options:

A.

Enable storage autoscaling in RDS

B.

Increase the RDS database instance size

C.

Change the RDS database instance storage type to Provisioned lOPS

D.

Back up the RDS database increase the storage capacity restore the database and stop the previous instance

Question 61

A solutions architect is designing a high performance computing (HPC) workload on Amazon EC2 The EC2 instances need to communicate to each other frequently and require network performance with low latency and high throughput

Which EC2 configuration meets these requirements?

Options:

A.

Launch the EC2 instances in a cluster placement group in one Availability Zone

B.

Launch the EC2 instances in a spread placement group in one Availability Zone

C.

Launch the EC2 instances in an Auto Scaling group m two Regions and peer the VPCs

D.

Launch the EC2 instances in an Auto Scaling group spanning multiple Availability Zones

Question 62

A company has a service that reads and writes large amounts of data from an Amazon S3 bucket in the same AWS Region The service is deployed on Amazon EC2 instances within the private subnet of a VPC. The service communicates with Amazon S3 over a NAT gateway in the public subnet However, the company wants a solution that will reduce the data output costs.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Provision a dedicated EC2 NAT instance in the public subnet. Configure the route table for the private subnet to use the elastic network interface of this instance as the destination for all S3 traffic

B.

Provision a dedicated EC2 NAT instance in the private subnet. Configure the route table for the public subnet to use the elastic network interface of this instance as the destination for all S3 traffic.

C.

Provision a VPC gateway endpoint. Configure the route table for the private subnet to use the gateway endpoint as the route for all S3 traffic.

D.

Provision a second NAT gateway. Configure the route table foe the private subnet to use this NAT gateway as the destination for all S3 traffic.

Question 63

A solutions architect is optimizing a website for an upcoming musical event Videos of the performances will be streamed in real time and then will be available on demand The event is

expected to attract a global online audience

Which service will improve the performance of both the real-time and on-demand streaming?

Options:

A.

Amazon CloudFront

B.

AWS Global Accelerator

C.

Amazon Route 53

D.

Amazon S3 Transfer Acceleration

Question 64

A company has recently updated its internal security standards The company must now ensure all Amazon S3 buckets and Amazon Elastic Block Store (Amazon EBS) volumes are encrypted with keys created and periodically rotated by internal security specialists The company is looking for a native, software-based AWS service to accomplish this goal

What should a solutions architect recommend as a solution?

Options:

A.

Use AWS Secrets Manager with customer master keys (CMKs) to store master key material and apply a routine to create a new CMK periodically and replace it m AWS Secrets Manager

B.

Use AWS Key Management Service (AWS KMS) with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in AWS KMS.

C.

Use an AWS CloudHSM cluster with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in the CloudHSM cluster nodes

D.

Use AWS Systems Manager Parameter Store with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in the Parameter Store

Question 65

A company plans to store sensitive user data on Amazon S3 internal security compliance requirement mandate encryption of data before secured it to Amazon S3.

What should a solutions architect recommend to safely these requirements?

Options:

A.

Server-side encryption with customer-provided encryption keys.

B.

Client-side encryption with Amazon S3 managed encryption keys.

C.

Service-side encryption with keys stored in AWS Management Service (AWS KMS)

D.

Client-side encryption with a master stored in AWS Management Service (AWS KMS)

Question 66

A solutions architect is designing a solution to access a catalog of images and provide users with the ability to submit requests to customize images Image customization parameters wilt be in every request that is sent to an Amazon API Gateway API. The solution will generate tie customized images on demand. Users will receive a link that they can use to view or download their customized images. The solution must be highly available for viewing and customizing images

What should the solutions architect do to meet these requirements MOST cost effectively?

Options:

A.

Use Amazon EC2 instances to manipulate the original images into the requested customizations Store the original and manipulated images in Amazon S3. Configure an Elastic Load Balancer in front. of the EC2 Instances.

B.

Use AWS Lambda to manipulate the original images into the requested customization. Store the original and manipulated images in Amazon S3. Configure an Amazon CloudFront distribution with the S3 bucket as the origin.

C.

Use AWS Lambda to manipulate the original images into the requested customizations Store the original images in Amazon S3 Store the manipulated images in Amazon DynamoDB. Provision an Application Load Balancer and Amazon EC2 instances to serve the content.

D.

Use Amazon EC2 instances to manipulate the original Images Into the requested customizations. Store the original images in Amazon S3. Store the manipulated Images m Amazon DynamoDB Configure an Amazon CloudFront distribution with the S3 bucket as the origin

Question 67

A company runs an application in the AWS Cloud and uses Amazon DynamoDB as the database. The company deploys Amazon EC2 instances to a private network to process data horn the database. The company uses two NAT instances to provide connectivity lo DynamoDB

The company wants to retire the NAT instances. A solutions architect must implement a solution that provides connectivity to DynamoDB and that does not require ongoing management

What Is the MOST cost-effective solution that meets these requirements?

Options:

A.

Create a gateway VPC endpoint to provide connectivity to DynamoDB.

B.

Configure a managed NAT gateway to provide connectivity to DynamoDB.

C.

Establish an AWS Direct Connect connection behaviour to private network and DynamoDB.

D.

Deploy an AWS PrivateLink endpoint service between the private network and DynamoDB.

Question 68

A company wants to use an AWS Region as a disaster recovery location for its on-premises infrastructure. The company has 10 TB of existing data and the on-premises data center has a 1Gbps internet connection A solution architect must find a solution so the company can have its existing data on AWS in 72 hours without transmitting it using an unencrypted channel.

Which solution should the solutions architect

select

Options:

A.

Send the initial 10 TB of data to AWS using FTP.

B.

Send the initial 10 TB of data lo AWS using AWS Snowball.

C.

Establish a VPN connection between Amazon VPC and the company's data center

D.

Establish an AWS Direct Connect connection between Amazon VPC and the company's data canter

Question 69

A solution architect is designing he architect of a new application being deployed to the AWS Cloud. The application will run on Amazon EC2 On-Demand instances and will automatically scale across multiple Availability Zones. The EC2 instances will scale up and down frequently the day. An

Application load balancer (ALB) will handle the load distribution. The architecture needs to support distributed session data management. The company is willing to make charges to code if needed.

What should the solutions architect do to ensure that the architecture supports distributed session data management?

Options:

A.

Use Amazon ElastiCache to manage and store session data.

B.

Use session affinity (sticky sessions) of the ALB to manage session data.

C.

Use Session Manager from AWS Systems Manager to manage the session.

D.

Use the GetSessionToken API operation in AWS Security Token Service (AWS STS) to manage the session.

Question 70

A solutions architect It designing a VPC with public and private subnets. The VPC and subnets use IPv4 CIDR blocks. There is one public subnet and one private subnet in each of three Availability Zones (AZs) for high availability An internet gateways used to provide internet access for the public subnets. The private subnets require access to the internet to allow Amazon BC2 Instances to download software updates.

What should the solutions architect do to enable internet access for the private subnets?

Options:

A.

Create three NAT gateways, one for each public subnet in each AZ Create a private route table for each AZ that forwards non-VPC traffic to tie NAT gateway m its AZ.

B.

Create three NAT instances, one for each private subnet in each AZ Create a private route table for each AZ that forwards non-VPC traffic to the NAT instance in its AZ.

C.

Create a second internet gateway on one of the private subnets. Update the route table for the private subnets that forward non-VPC trade to the private Internet gateway.

D.

Create an egress-only internet gateway on one of the pubic subnets. Update the route table for the private subnets that forward non-VPC traffic to the egress-only internet gateway.

Question 71

A company runs an application on an Amazon EC2 instances backed by Amazon Elastic Block Store (Amazon EBS). The instances needs to be available for 12 hours daily. The company wants to save costs by making the instance outside the window required for the application. However, the contents of the memory must be preserved whenever the instance is unavailable.

What should a solutions architect do lo meet this requirement?

Options:

A.

Stop the instance outside the application's availability window Start up the instance again when required

B.

Hibernate the instance outside the application's availability window Start up the instance again when required

C.

Use Auto Scaling to scale down the instance outside the application's availability window Scale up the instance when required.

D.

Terminate the instance outside the application's availability window Launch the instance by using a preconfigured Amazon Machine Image (AMI) when required

Question 72

A company runs a fleet of web servers using an Amazon RDS for PostgreSQL DB instance After a routine compliance check, the company sets a standard that requires a recovery pant objective (RPO) of less than 1 second for all its production databases.

Which solution meets these requirement?

Options:

A.

Enable a Multi-AZ deployment for the DB Instance

B.

Enable auto scaling for the OB instance m one Availability Zone.

C.

Configure the 06 instance in one Availability Zone and create multiple read replicas in a separate Availability Zone

D.

Configure the 06 instance m one Availability Zone, and configure AWS Database Migration Service (AWS DMS) change data capture (CDC) tasks

Question 73

A company is running several business applications in three separate VPCs within the us-east-1 Region. The applications must be able to communicate between VPCs. The applications also must be able to consistently send hundreds of gigabytes of data each day to a latency-sensitive application that runs in a single on-premises data center.

A solutions architect needs to design a network connectivity solution that maximizes cost-effectiveness.

Which solution meets these requirements?

Options:

A.

Configure three AWS Site-to-Site VPN connections from the data center to AWS. Establish connectivity by configuring one VPN connection for each VPC.

B.

Launch a third-party virtual network appliance in each VPC. Establish an IPsec VPN tunnel between the data center and each virtual appliance.

C.

Set up three AWS Direct Connect connections from the data center to a Direct Connect gateway In us-easl-1. Establish connectivity by configuring each VPC to use one of the Direct Connect connections.

D.

Set up one AWS Direct Connect connection from the data center lo AWS Create a transit gateway, and attach each VPC to the transit gateway. Establish connectivity between the Direct Connect connection and the transit gateway.

Question 74

A company runs its Infrastructure on AWS and has a registered base of 700.000 users for res document management application The company intends to create a product that converts large pdf files to jpg Imago files. The .pdf files average 5 MB in size. The company needs to store the original files and the converted files. A solutions architect must design a scalable solution to accommodate demand that will grow rapidly over lime.

Which solution meets these requirements MOST cost-effectively?

Options:

A.

Save the pdf files to Amazon S3 Configure an S3 PUT event to invoke an AWS Lambda function to convert the files to jpg format and store them back in Amazon S3

B.

Save the pdf files to Amazon DynamoDB. Use the DynamoDB Streams feature to invoke an AWS Lambda function to convert the files to jpg format and store them hack in DynamoDB

C.

Upload the pdf files to an AWS Elastic Beanstalk application that includes Amazon EC2 instances. Amazon Elastic Block Store (Amazon EBS) storage and an Auto Scaling group. Use a program In the EC2 instances to convert the files to jpg format Save the .pdf files and the .jpg files In the EBS store.

D.

Upload the .pdf files to an AWS Elastic Beanstalk application that includes Amazon EC2 instances, Amazon Elastic File System (Amazon EPS) storage, and an Auto Scaling group. Use a program in the EC2 instances to convert the file to jpg format Save the pdf files and the jpg files in the EBS store.

Question 75

A company is using a fleet of Amazon EC2 instances to ingest data from on-premises data sources. The data is in JSON format and Ingestion rates can be as high as 1 MB/s. When an EC2 instance is rebooted, the data in-flight is lost. The company's data science team wants to query Ingested data In near-real time.

Which solution provides near-real -time data querying that is scalable with minimal data loss?

Options:

A.

Publish data to Amazon Kinesis Data Streams Use Kinesis data Analytics to query the data.

B.

Publish data to Amazon Kinesis Data Firehose with Amazon Redshift as the destination Use Amazon Redshift to query the data

C.

Store ingested data m an EC2 Instance store Publish data to Amazon Kinesis Data Firehose with Amazon S3 as the destination. Use Amazon Athena to query the data.

D.

Store ingested data m an Amazon Elastic Block Store (Amazon EBS) volume Publish data to Amazon ElastiCache tor Red Subscribe to the Redis channel to query the data

Question 76

A company wants to move a multi-tiered application from on premises to the AWS Cloud to improve the application’s performance. The application consists of application tiers that communicate with each other by way of

Which solution moots these and is the MOST operationally efficient?

Options:

A.

Use Amazon API Gateway and direct transactions to the AWS Lambda functions as the application layer Use Amazon Simple Queue Service (Amazon SOS) as the communication layer between application services.

B.

Use Amazon CloudWatch metrics to analyze the application performance history to determine the servers' peak utilization during the performance failures Increase the size or the application servers Amazon EC2 instance to meet the peak requirements

C.

Use Amazon Simple Notification Service (Amazon SNS) to handle the messaging between application servers running on Amazon EC2 m an Auto Scaling group Use Amazon CloudWatch to monitor the SNS queue length and scale up and down as required.

D.

Use Amazon Simple Queue Service (Amazon SOS) to handle the messaging between application servers running on Amazon EC2 In an Auto Seeing group Use Amazon CloudWatch to monitor the SOS queue length and scale up when communication failures are detected.

Question 77

A company uses a combination of Amazon EC2 instances and AWS Fargate tasks to process daily transactions. The company faces unpredictable and sudden increases in transaction volume. The company needs a solution that will process the transactions immediately.

Which solution meets these requirement MOST cost-effectively?

Options:

A.

Purchase a Compute Savings Plan

B.

Purchase an EC2 Instance Savings Plan.

C.

Purchase Reserved Instances tor existing EC2 workloads.

D.

Use Spot Instances for existing EC2 workloads.

E.

Use Far gale Spot capacity for the tasks.

Question 78

A company uses Amazon Redshift for to data warehouse. The company wants to ensure high durability for its data in case of any component failure. What should a solution architect recommend?

Options:

A.

Enable concurrency scaling

B.

Enable cross-Region snapshots

C.

Increase the data retention period

D.

Deploy Amazon Redshift in Multi-AZ

Question 79

A company stores can wordings on a monthly basis Users access lie recorded files randomly within 1year of recording, but users rarely access the files after 1year. The company wants to optimize its solution by allowing only files that ant newer than 1year old to be queried and retrieved as quickly as possible. A delay in retrieving older fees is acceptable

Which solution meets these requirements MOST cost-effectively?

Options:

A.

Store individual files in Amazon S3 Glacier Store search metadata in object tags that are created in S3 Glacier Query the S3 Glacier tags to retrieve the files from S3 Glacier.

B.

Store individual files in Amazon S3. Use S3 Lifecycle polices to move the ties to S3 Glacier after

1year. Query and retrieve the files that are in Amazon S3 by using Amazon Athena. Query and retrieve the files that are in S3 Glacier by using S3 Glacier Select.

C.

Store Individual files In Amazon S3 Store search metadata for each archive In Amazon S3 Use S3 Lifecycle policies to move the ties to S3 Glacier after 1 year Query and retrieve tie flies by searching for metadata from Amazon S3.

D.

Store individual files in Amazon S3 Use S3 Lifecycle policies to move the files to S3 Glacier after

1year. Store search metadata in Amazon RDS Query the Sea from Amazon RDS Retrieve the files from Amazon S3 or S3 Glacier

Question 80

A company runs an online marketplace web application on AWS. The application serves hundreds of thousands of users during peak hours. The company needs a scalable, near-real-time solution to share the details of millions of financial transactions with several other internal applications Transactions also need to be processed to remove sensitive data before being stored in a document database for low-latency retrieval.

What should a solutions architect recommend to meet these requirements?

Options:

A.

Store the transactions data into Amazon DynamoDB Set up a rule in DynamoDB to remove sensitive data from every transaction upon write Use DynamoDB Streams to share the transactions data with other applications

B.

Stream the transactions data into Amazon Kinesis Data Firehose to store data in Amazon DynamoDB and Amazon S3 Use AWS Lambda integration with Kinesis Data Firehose to remove sensitive data. Other applications can consume the data stored in Amazon S3

C.

Stream the transactions data into Amazon Kinesis Data Streams Use AWS Lambda integration to remove sensitive data from every transaction and then store the transactions data in Amazon DynamoDB Other applications can consume the transactions data off the Kinesis data stream.

D.

Store the batched transactions data in Amazon S3 as files. Use AWS Lambda to process every file and remove sensitive data before updating the files in Amazon S3 The Lambda function then stores the data in Amazon DynamoDB Other applications can consume transaction files stored in Amazon S3.

Question 81

A solutions architect Is designing a new API using Amazon API Gateway that will receive requests from users. The volume of requests is highly variable: several hours can pass without receiving a single request. The data processing will take place asynchronously, but should be completed within a few seconds after a request la made.

Which compute service should the solutions architect have the API invoke to deliver the requirements at the lowest cost?

Options:

A.

An AWS Glue job

B.

An AWS Lambda function

C.

A containerized service hosted in Amazon Elastic Kubemetes Service {Amazon EKS)

D.

A containerized service hosted in Amazon ECS with Amazon EC2

Question 82

A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team IAM user credentials according to the principle of least privilege Company managers are wonted about accidental deletion of documents in the S3 bucket and want a more secure solution

What should a solutions architect do to secure the audit documents?

Options:

A.

Enable the versioning and MFA Delete features on the S3 bucket.

B.

Enable multi-factor authentication (UFA) on the IAM user credentials for each audit team IAM user account.

C.

Add an S3 Lifecycle policy to the audit team's IAM user accounts to deny the s3 DekaeObject action during audit dates

D.

Use AWS Key Management Service (AWS KMS) to encrypt the S3 bucket and restrict audit learn IAM user accounts from accessing the KMS key.

Question 83

A marketing company is storing CSV files in an Amazon S3 bucket for statistical analysis An application on an Amazon EC2 instance needs permission to efficiently process the CSV data stored in the S3 bucket.

Options:

A.

Attach a resource-based policy lo the S3 bucket

B.

Create an IAM user for the application with specific permissions to the S3 bucket

C.

Associate an IAM role with least privilege permissions lo the EC2 instance profile

D Store AWS a credential directly on the EC2 instance for applications on the instance to use for API calls

Question 84

A company is rebelling its data canter and wants to securely transfer 50 TB of data lo AWS *ilhm 2 weeks. The existing data center has a Site-to-Site VPN connection to AWS that is 90 % utilized

Which AWS service should a solutions architect use to meet these requirements?

Options:

A.

AWS DataSync with a VPC endpoint

B.

AWS Direct Conned

C.

AWS Snowball Edge Storage Optimized

D.

AWS Storage Gateway

Question 85

A development team is collaborating with another company to create an integrate product. The other company needs to access an Amazon Simple Queue Service (Amazon SOS) queue that is contained in the development team's account. The other company wants to poll the queue without giving up its own account permissions to do so.

How should a solutions architect provide access to the 303 queue?

Options:

A.

Create an Instance profile that provides the other company access to the SOS queue

B.

Create an IAM policy that provides the other company access to the SOS queue.

C.

Create an SOS access policy that provides the other company access to the SOS queue

D.

Create an Amazon Simple Notification Service (Amazon SNS) aeons policy that provides the other company access to the SOS queue

Question 86

A business application is hosted on Amazon EC2 and uses Amazon S3 for encrypted object storage. The chief information security officer has directed that no application traffic between the two services should traverse the public internet.

Which capability should the solutions architect use to meet the compliance requirements?

Options:

A.

AW3 Key Management Service (AWS KMS)

B.

VPC endpoint

C.

Private subnet

D.

Virtual private gateway

Question 87

Some of the company’s customers are retrieving records frequently, leading to an increase in costs for the company. The company wants to limit retrieved requests in the future. The company also wants to ensure that if one customer reaches its retrieval limit other customers will not affected.

Which solution will meet these requirements?

Options:

A.

Set up server-side throttling limits for API Gateway.

B.

Limit DynamoDB read throughput on the table lo an amount that results m the maximum cost that the company is willing to incur.

C.

Set up a usage plan for API Gateway Implement throttling limits tor each customer. and distribute API keys to each customer

D.

Set up AWS Budgets. Monitor the usage of API Gateway and DynamoDB Configure an alarm to provide an alert when the cost exceeds a certain threshold each month

Question 88

A company is planning to migrate its virtual server-based workloads to AWS The company has internet-facing load balancers backed by application servers The application servers rely on patches from an internet-hosted repository

Which services should a solutions architect recommend be hosted on the public subnet? (Select TWO.)

Options:

A.

NAT gateway

B.

Amazon RDS DB instances

C.

Application Load Balancers

D.

Amazon EC2 application servers

E.

Amazon Elastic File System (Amazon EFS) volumes

Question 89

A company has a three-tier application image sharing. The application uses an Amazon EC2 instance for the front-end layer, another EC2 instance tor the application layer, and a third EC2 instance for a MySQL database A solutions architect must design a scalable and nighty available solution mat requires the least amount of change to the application.

Which solution meets these requirement?

Options:

A.

Use Amazon S3 to host the front-end layer. Use AWS Lambda functions for the application layer. Move the database to an Amazon DynamoDB table Use Amazon S3 to store and service users' images.

B.

Use toad-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end layer and the application layer. Move the database to an Amazon RDS OB instance with multiple read replicas to serve users' images.

C.

Use Amazon S3 to host the front-end layer. Use a fleet of EC2 instances in an Auto Scaling group for the application layer. Move the database to a memory optimized instance type to store and serve users' images.

D.

Use toad-balanced Multi-AZ AWS Elastic Beanstark environments for tie front-end layer and the application layer. Move the database to an Amazon ROS Multi-AZ DB instance Use Amazon S3 to store and serve users' images.

Question 90

A company runs its production workload on an Amazon Aurora MySQL DB cluster that includes six Aurora Replicas The company wants near-real-time reporting queries from one of its departments to be automatically distributed across three of the Aurora Replicas Those three replicas have a different compute and memory specification from the rest of the DB cluster

Which solution meets these requirements?

Options:

A.

Create and use a custom endpoint for the workload

B.

Create a three-node cluster clone and use the reader endpoint

C.

Use any of the instance endpoints for the selected three nodes

D.

Use the reader endpoint to automatically distribute the read-only workload

Question 91

A company observes an increase in Amazon EC2 costs in its most recent bill The billing team notices unwanted vertical scaling of instance types for a couple of EC2 instances A solutions architect needs to create a graph comparing the last 2 months of EC2 costs and perform an in-depth analysis to identify the root cause of the vertical scaling

How should the solutions architect generate the information with the LEAST operational overhead?

Options:

A.

Use AWS Budgets to create a budget report and compare EC2 costs based on instance types

B.

Use Cost Explorer's granular filtering feature to perform an in-depth analysis of EC2 costs based on instance types

C.

Use graphs from the AWS Billing and Cost Management dashboard to compare EC2 costs based on instance types for the last 2 months

D.

Use AWS Cost and Usage Reports to create a report and send it to an Amazon S3 bucket Use Amazon QuickSight with Amazon S3 as a source to generate an interactive graph based on instance types.

Question 92

A company runs a static website through its on-premises data center. The company has multiple servers that handle all of its traffic, but on busy days, services are interrupted and the website becomes unavailable. The company wants to expand its presence globally and plans to triple its website traffic.

What should a solutions architect recommend to meet these requirements?

Options:

A.

Migrate the website content to Amazon S3 and host the website on Amazon CloudFront.

B.

Migrate the website content to Amazon EC2 instances with public Elastic IP addresses in multiple AWS Regions.

C.

Migrate the website content to Amazon EC2 instances and vertically scale as the load increases.

D.

Use Amazon Route 53 to distribute the loads across multiple Amazon CloudFront distributions for each AWS Region that exists globally.

Question 93

A company has a web application that users access from around the world The company has web servers in multiple AWS Regions to support the traffic A solutions architect must configure an Amazon Route 53 routing policy to send traffic to only the active web servers

Which configuration meets this requirement?

Options:

A.

Create a simple routing policy that uses health checks for each Region

B.

Create a multivalue answer routing policy that uses health checks for each Region

C.

Create a geoproximity routing policy with a health check bias of 99 for each Region

D.

Create a weighted routing policy with a health check weight of 100 for each Region

Question 94

A company stores 200 GB of data each month in Amazon S3. The company needs to perform analytics on this data at the end of each month to determine the number of items sold m each sates region for the previous month

Which analytics strategy is MOST cost-effective for the company to use?

Options:

A.

Create an Amazon Elasticsearch Service (Amazon ES) cluster Query the data in Amazon ES Visualize the data by using Kibana

B.

Create a table m the AWS Glue Data Catalog Query the data in Amazon S3 by using Amazon Athena Visualize the data m Amazon QuickSight

C.

Create an Amazon EMR cluster Query the data by using Amazon EMR and store the results in Amazon S3 Visualize the data in Amazon QuickSign.

D.

Create an Amazon Redshift cluster Query the data in Amazon Redshift and upload the results to Amazon S3 Visualize the data in Amazon QuickSight

Question 95

A company uses Amazon S3 as its object storage solution The company has thousands of S3 buckets it uses to store data Some of the S3 buckets have data that is accessed less frequently than others. A solutions architect found that lifecycle policies are not consistently implemented or are implemented partially: resulting in data being stored in high-cost storage

Which solution will lower costs without compromising the availability of objects?

Options:

A.

Use S3 ACLs

B.

Use Amazon Elastic Block Store (Amazon EBS) automated snapshots

C.

Use S3 Intelligent-Tiering storage

D.

Use S3 One Zone-Infrequent Access (S3 One Zone-IA).

Question 96

A company is planning to store data on Amazon RDS DB instances. The company must encrypt the data at rest.

What should a solutions architect do to meet this requirement?

Options:

A.

Create an encryption key and store the key in AWS Secrets Manager Use the key to encrypt the DB instances

B.

Generate a certificate in AWS Certificate Manager (ACM). Enable SSL/TLS on the DB instances by using the certificate

C.

Create a customer master key (CMK) in AWS Key Management Service (AWS KMS) Enable encryption for the DB instances

D.

Generate a certificate in AWS Identity and Access Management {IAM) Enable SSUTLS on the DB instances by using the certificate

Question 97

A company runs a shopping application lhat uses Amazon DynamoDB to store customer information. In case of data corruption, a solutions architect needs to design a solution that meets a recovery point objective (RPO) of 15 minutes and a recovery time objective (RTO> of 1 hour.

What should the solutions architect recommend to meet these requirements?

Options:

A.

Configure DynamoDB global tables. For RPO recovery, point the application to a different AWS Region.

B.

Configure DynamoDB point-in-time recovery. For RPO recovery, restore to the desired point in time.

C.

Export the DynamoDB data to Amazon S3 Glacier on a daily basis. For RPO recovery, import the data from S3 Glacier to DynamoDB.

D.

Schedule Amazon Elastic Block Store (Amazon EBS) snapshots for the DynamoDB table every 15 minutes. For RPO recovery, restore the DynamoDB table by using the EBS snapshot.

Question 98

A company wants to move its on-premises network attached storage (NAS) to AWS The company wants to make the data available to any Linux instances within its VPC and ensure changes are automatically synchronized across all instances accessing the data store The majority of the data is accessed very rarely, and some files are accessed by multiple users at the same time

Which solution meets these requirements and is MOST cost-effective?

Options:

A.

Create an Amazon Elastic Block Store (Amazon EBS) snapshot containing the data. Share it with users within the VPC

B.

Create an Amazon S3 bucket that has a lifecycle policy set to transition the data to S3 Standard-Infrequent Access (S3 Standard-IA) after the appropriate number of days

C.

Create an Amazon Elastic File System (Amazon EFS) file system within the VPC Set the throughput mode to Provisioned and to the required amount of IOPS to support concurrent usage

D.

Create an Amazon Elastic File System (Amazon EFS) file system within the VPC Set the hfecycle policy to transition the data to EFS Infrequent Access (EFS IA) after the appropriate number of days

Question 99

A company runs batch processes on Amazon EC2 instances that are needed only during business hours These processes must preserve the data at alt times but the speed of processing is not important The company needs to run these processes in the MOST cost-effective manner

Which solution will meet these requirements?

Options:

A.

Use EC2 Reserved Instances with the All Upfront payment option

B.

Use EC2 Reserved instances with the Partial Upfront payment option

C.

Use Spot Fleet requests with the allocation strategy set to lowestPnce

D.

Use persistent Spot Instance requests with behaviour that stops interrupted instances

Question 100

A company has several business systems that require access to data stored in a file share. The business systems will access the die share using the Server Message Block (SMB) protocol. The file share solution should be accessible from both of the company's legacy on-premises environments and with AWS

Which services meet the business requirements? (Select TWO )

Options:

A.

Amazon EBS

B.

Amazon EFS

C.

Amazon FSx for Windows

D.

Amazon S3

E.

AWS Storage Gateway file gateway

Question 101

A company has a serverless website with millions of objects in an Amazon S3 bucket The company uses tie S3 bucket as the origin tor an Amazon CloudFront distribution The company did not set encryption on the S3 bucket before the objects were loaded A solutions architect needs to enable encryption for all existing objects and for all objects that are added to the S3 bucket in the future

Which solution will meet these requirements with the LEAST amount of effort?

Options:

A.

Create a new S3 bucket Turn on the default encryption settings for the new S3 bucket Download all existing objects to temporary local storage Upload the objects to the new S3 bucket

B.

Turn on the default encryption settings for the S3 bucket Use the S3 Inventory feature to create a csv file that lists the unencrypted objects Run an S3 Batch Operations job that uses the copy command to encrypt those objects

C.

Create a new encryption key by using AWS Key Management Service (AWS KMS) Change the settings on the S3 bucket to use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) Turn on versioning for the S3 bucket

D.

Navigate to Amazon S3 in the AWS Management Console Browse the S3 bucket's objects Sort by the encryption field Select each unencrypted object Use the Modify button to apply default encryption settings to every unencrypted object in the S3 bucket

Question 102

A company is using a content management system that runs on a single Amazon EC2 instance. The EC2 instance contains both the web server and the database software. The company must make its website platform highly available and must enable the website to scale to meet user demand

What should a solutions architect recommend to meet these requirements?

Options:

A.

Move the database to Amazon RDS, and enable automatic backups Manually launch another EC2 instance in the same Availability Zone Configure an Application Load Balancer in the Availability Zone and set the two instances as targets

B.

Migrate the database to an Amazon Aurora instance with a read replica in the same Availability Zone as the existing EC2 instance Manually launch another EC2 instance in the same Availability Zone Configure an Application Load Balancer and set the two EC2 instances as targets

C.

Move the database to Amazon Aurora with a read replica in another Availability Zone Create an Amazon Machine Image (AMI) from the EC2 instance Configure an Application Load Balancer in two Availability Zones Attach an Auto Scaling group that uses the AMI across two Availability Zones

D.

Move the database to a separate EC2 instance and schedule backups to Amazon S3 Create an Amazon Machine Image (AMI > from the original EC2 instance Configure an Application Load Balancer in two Availability Zones Attach an Auto Scaling group that uses the AMI across two Availability Zones

Question 103

A company runs a stateless web application in production on a group of Amazon EC2 On-Demand Instances behind an Application Load Balancer. The application experiences heavy usage during an 8-hour period each business day. Application usage is moderate and steady overnight Application usage is low during weekends.

The company wants to minimize its EC2 costs without affecting the availability of the application.

Which solution will meet these requirements?

Options:

A.

Use Spot Instances for the entire workload.

B.

Use Reserved instances for the baseline level of usage Use Spot Instances for any additional capacity that the application needs.

C.

Use On-Demand Instances for the baseline level of usage. Use Spot Instances for any additional capacity that the application needs

D.

Use Dedicated Instances for the baseline level of usage. Use On-Demand Instances for any additional capacity that the application needs

Question 104

A company has deployed a database in Amazon RDS for MySQL. Due to increased transactions, the database support team is reporting slow reads against the DB instance and recommends adding a read replica.

Which combination of actions should a solutions architect take before implementing this change? {Select TWO.)

Options:

A.

Enable binlog replication on the RDS primary node.

B.

Choose a failover priority for the source DB instance.

C.

Allow long-running transactions to complete on the source DB instance.

D.

Create a global table and specify the AWS Regions where the table will be available.

E.

Enable automatic backups on the source instance by setting the backup retention period to a value other than 0.

Question 105

A company offers a food delivery service that is growing rapidly Because of the growth the company's order processing system is experiencing scaling problems during peak traffic hours. The current architecture includes the following;

• A group of Amazon EC2 instances that run in an Amazon EC2 Auto Scaling group to collect orders from the application

• Another group of EC2 instances that run in an Amazon EC2 Auto Scaling group to fulfill orders

The order collection process occurs quickly, but the order fulfillment process can take longer Data must not be lost because of a scaling event

A solutions architect must ensure that the order collection process and the order fulfillment process can both scale properly during peak traffic hours The solution must optimize utilization of the company's AWS resources

Which solution meets these requirements'?

Options:

A.

Use Amazon CloudWatch metrics to monitor the CPU of each instance in the Auto Scaling groups. Configure each Auto Scaling group's minimum capacity according to peak workload values

B.

Use Amazon CloudWatch metrics to monitor the CPU of each instance in the Auto Scaling groups Configure a

CloudWatch alarm to invoke an Amazon Simple Notification Service (Amazon SNS) topic that creates additional Auto Scaling groups on demand

C.

Provision two Amazon Simple Queue Service (Amazon SQS) queues one for order collection and another for order fulfillment Configure the EC2 instances to poll their respective queue Scale the Auto Scaling groups based on notifications that the queues send

D.

Provision two Amazon Simple Queue Service (Amazon SQS) queues one for order collection and another for order

fulfillment. Configure the EC2 instances to poll their respective queue. Create a metric based on a backlog per instance calculation Scale the Auto Scaling groups based on this metric.

Question 106

A company hosts an application used to upload files to an Amazon S3 bucket Once uploaded, the files are processed to extract metadata which takes less than 5 seconds The volume and frequency of the uploads vanes from a few files each hour to hundreds of concurrent uploads The company has asked a solutions architect to design a cost-effective architecture that will meet these requirements.

What should the solutions architect recommend?

Options:

A.

Configure AWS CloudTrail trails to log S3 API calls Use AWS AppSync to process the files

B.

Configure an object-created event notification within the S3 bucket to invoke an AWS Lambda function to process the files

C.

Configure Amazon Kinesis Data Streams to process and send data to Amazon S3 Invoke an AWS Lambda function to process the files

D.

Configure an Amazon Simple Notification Service (Amazon SNS) topic to process the files uploaded to Amazon S3. Invoke an AWS Lambda function to process the files

Page: 1 / 0
Total 1 questions