Amazon Web Services SAA-C02 AWS Certified Solutions Architect - Associate (SAA-C03) Exam Practice Test

Use Amazon CloudWatch as the target. Set the CloudWatch log group with an expiration of 90 days.

Use Amazon Kinesis as the target Configure the Kinesis stream to always retain the logs for 90 days

Use AWS CloudTrail as the target. Configure CloudTrail to save to an Amazon S3 bucket, and enable S3 Intelligent-Tiering

Use Amazon S3 as the target Enable an S3 Lifecycle policy to transition the logs to S3 Standard-Infrequent Access (S3 Standard-IA) after 90 days

Enable an ALB health check

Enable an Amazon Route 53 health check

Create a CNAME record on Amazon Route 53 pointing to the ALB endpoint.

Create conditional forwarding rules on Amazon Route 53 pointing to an internal BIND DNS server

Amazon Cognito

Amazon GuardDuty

Amazon Inspector

Amazon Macie

Store the data in Amazon Aurora Serverles with MySQL . Use an SQL client to query the data.

Store the data in Amazon S3. Use AWS Glue. Amazon Athena. IDBC and COBC drivers to query the data.

Store the data in an Amazon EMR cluster with EMR File System (EMRFS) as the storage layer use Apache Presto to query the data.

Store a subnet of the data in Amazon Redshift, and store the remaining data in Amazon S3. Use Amazon Redshift Spectrum to query the S3 data.

Create an Amazon CloudFront distribution and configure the ALB as an origin. Then update the Amazon Route 53 record to point to the CloudFront distribution

Create a latency-based Amazon Route 53 record for the ALB. Then launch new EC2 instances with larger instance sizes and register the instances with the ALB

Launch new EC2 instances hosting the same web application in different Regions closer to the users. Then register the instances with the same ALB using cross-Region VPC peering.

Host the website in an Amazon S3 bucket in the Regions closest to the users and delete the ALB and EC2 instances. Then update an Amazon Route 53 record to point to the S3 buckets.

Create a VPC peering connection between the on-premises network and the VPC Configure routing for the on-premises network to use the VPC peering connection.

Procure an AWS Snowball Edge Storage Optimized device. After several days' worth of data has accumulated, copy the data to the device and ship the device to AWS for expedited transfer to Kinesis Data Firehose Repeat as needed

Create an AWS Site-to-Site VPN connection between the on-premises network and the VPC Configure BGP routing between the customer gateway and the virtual private gateway. Use the VPN connection to send the data from on premises to Kinesis Data Firehose.

Use AWS PrivateLink to create an interface VPC endpoint for Kinesis Data Firehose in the VPC. Set up a 1 Gbps AWS Direct Connect connection between the on-premises network and AWS Use the PrivateLink endpoint to send the data from on premises to Kinesis Data Firehose.

Use AWS Database Migration Service (AWS DMS) to migrate the database servers to Amazon RDS.

Use Amazon EC2 instances to migrate and operate the database servers.

Use AWS Database Migration Service (AWS DMS) to migrate the database servers to Amazon DynamoDB.

Use an AWS Snowball Edge Storage Optimized device to migrate the data from Oracle to Amazon Aurora.

Migrate the PostgreSQL database to Amazon Aurora

Migrate the web application to be hosted on Amazon EC2 instances.

Set up an Amazon CloudFront distribution for the web application content.

Set up Amazon ElastiCache between the web application and the PostgreSQL database.

Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container Service (Amazon ECS).

Configure AWS Global Accelerator Create Regional endpoint groups in each Region where an EC2 fleet is hosted

Create a content delivery network (CDN) by using Amazon CloudFront Enable caching for static and dynamic content, and specify a high expiration period

Integrate AWS Client VPN into the application. Instruct users to select which Region is closest to them after they launch the application. Establish a VPN connection to that Region

Create an Amazon Route 53 weighted routing policy Configure the routing policy to give the highest weight to the EC2 instances in the Region that has the largest number of users.

Configure an Amazon API Gateway endpoint in each Region where an EC2 fleet is hosted Instruct users to select which Region is closest to them after they launch the application. Use the API Gateway endpoint that is closest to them.

Add an Elastic Load Balancer in front of the DynamoDB table.

Change the RCUs for the DynamoDB table to 20.

Provision 20 write capacity units (WCUs) for the DynamoDB table to offset the throttling on read requests.

Enable auto scaling for the DynamoDB table

Create an Amazon S3 bucket with server-side encryption enabled Move all the data to Amazon S3 Delete the RDS instance

Enable RDS Multi-AZ mode with encryption at rest enabled. Perform a failover to the standby instance to delete the original instance

Take a snapshot of the RDS instance. Create an encrypted copy of the snapshot. Restore the RDS instance from the encrypted snapshot.

Create an RDS read replica with encryption at rest enabled Promote the read replica to master and switch the application over to the new master Delete the old RDS instance

Publish content to a public Amazon S3 bucket. Use AWS Key Management Service (AWS KMS) keys to stream content.

Set up IPsec VPN between the mobile app and the AWS environment to stream content

Use Amazon CloudFront Provide signed URLs to stream content.

Set up AWS Client VPN between the mobile app and the AWS environment to stream content.

A Network Load Balancer with an associated Elastic IP address

An Application Load Balancer with an associated Elastic IP address

An A record in an Amazon Route 53 hosted zone pointing to an Elastic IP address

An EC2 instance with a public IP address running as a proxy in front of the load balancer

Build Amazon RDS read replicas.

Build the database as a larger instance type.

Build a database cache using Amazon ElastiCache

Build a database cache using Amazon Elasticsearch Service (Amazon ES).

Create an Amazon SNS topic to send an alert every time a developer create a new policy.

Use service control policies to disable IAM across all account in the organizational unit.

Prevent the developers from attaching any policies and duties to the security option team.

Set an IAM permission boundary on the developer IAM role that explicitly denies of attaching the administrator policy

Implement Amazon FSx and mount the network drive on each server

Move the files from Amazon EFS and store them locally on each Amazon EC2 instance

Configure a lifecycle policy to move the files to the EFS Infrequent Access (IA) storage class after 7 days.

Move the files to Amazon S3 with S3 Lifecycle policies enabled. Rewrite the application to support mounting the S3 bucket

Configure gateway VPC endpoints to Amazon S3 and DynamoDB

Configure interface VPC endpoints to Amazon S3 and DynamoDB

Configure a gateway VPC endpoint to Amazon S3. Configure an interface VPC endpoint to DynamoDB.

Configure a gateway VPC endpoint to DynamoDB Configure an interface VPC endpoint to Amazon S3

Launch all EC2 instances in the same Availability Zone within the same AWS Region. Specify a placement group with cluster strategy when launching EC2 instances.

Launch all EC2 instances in different Availability Zones within the same AWS Region. Specify a placement group with partition strategy when launching EC2 instances.

Deploy an Auto Scaling group to launch EC2 instances in different Availability Zones based on a network utilization target.

Deploy an Auto Scaling group with a step scaling policy to launch EC2 instances in different Availability Zones.

Use AWS Snowball.

Use AWS DataSync

Use a secure VPN connection.

Use Amazon S3 Transfer Acceleration

Store the statements using the Amazon S3 Standard storage class Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 1 day.

Store the statements using the Amazon S3 Glacier storage class Create a lifecycle policy to move the statements to Amazon S3 Glacier Deep Archive storage after 30 days.

Store the statements using the Amazon S3 Standard storage class Create a lifecycle policy to move the statements to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) storage after 30 days.

Store the statements using the Amazon S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 30 days.

Configure Amazon S3 to store the users' home directories. Join Amazon S3 to Active Directory

Configure a Multi-AZ file system with Amazon FSx for Windows File Server Join Amazon FSx to Active Directory

Configure Amazon Elastic File System (Amazon EFS) for the users home directories. Configure AWS Single Sign-On with Active Directory.

Configure Amazon Elastic Block Store (Amazon EBS) to store the users home directories Configure AWS Single Sign-On with Active Directory

Use AWS Shield Advanced to stop the DDoS attack.

Configure Amazon GuardDuty to automatically block the attackers.

Configure the website to use Amazon CloudFront for both static and dynamic content.

Use an AWS Lambda function to automatically add attacker IP addresses to VPC network ACLs.

Use EC2 Spot Instances in an Auto Scaling group with a target tracking scaling policy that is set to 80% CPU utilization

Create an Amazon CloudWatch alarm to scale up the EC2 instances when CPU utilization exceeds 90%.

Create a recurring scheduled action to scale up the Auto Scaling group before the expected period of peak demand.

increase the minimum and maximum number of EC2 instances in the Auto Scaling group during the peak demand period

Configure an Amazon Simple Notification Service (Amazon SNS) notification to send alerts when there are autoscaling EC2_INSTANCE_LAUNCH events

Use an Amazon SOS queue to ingest the data. Consume the data with an AWS Lambda function which then stores the data in Amazon Redshift

Use on Amazon SQS queue to ingest the data. Consume the data with an AWS Lambda function which then stores the data In Amazon DynamoDB

Use Amazon Kinases Data Streams to ingest the data. Consume the data with an AWS Lambda function, which then stores the data m Amazon Redshift

Use Amazon Kinesis Data Streams to ingest the data. Consume the data with an AWS Lambda function, which then stores the data m Amazon DynamoDB

Use Amazon S3 to collect events. Create an AWS Lambda function to process the events. Create different Lambda functions to handle repeated processing.

Use Amazon EventBridge (Amazon CloudWatch Events) to collect events Set AWS Lambda as an event target.

Use EventBridge (CloudWatch Events) to create an archive for the events and to replay the events.

Use an Amazon Simple Queue Service (Amazon SQS) FIFO queue to collect events. Process the events by using Amazon EC2. Use AWS Step Function to create an archive for the events and to replay the events

Use Amazon Managed Streaming for Apache Kafka (Amazon MSK) to collect events. Process the events by using Amazon Elastic Kubemetes Service (Amazon EKS) Use Amazon MSK to create an archive for the events and to replay the events.

Create a security group for the web servers and allow port 443 from 0.0.0.0/0. Create a security group (or the MySQL servers and allow port 3306 from the web servers security group.

Create a network ACL for the web servers and allow port 443 from 0.0.0.0/0. Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group.

Create a security group for the web servers and allow port 443 from the load balancer. Create a security group for the MySQL servers and allow port 3306 from the web servers security group.

Create a network ACL for the web servers and allow port 443 from the load balancer. Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group.

Create an S3 bucket Create an 1AM role that has permissions to write to the S3 bucket. Use the AWS CLI to copy all files locally to the S3 bucket.

Create an AWS Snowball Edge job. Receive a Snowball Edge device on premises. Use the Snowball Edge client to transfer data to the device. Return the device so that AWS can import the data into

Amazon S3.

Deploy an S3 File Gateway on premises. Create a public service endpoint to connect to the S3 File Gateway Create an S3 bucket Create a new NFS file share on the S3 File Gateway Point the new file share to the S3 bucket. Transfer the data from the existing NFS file share to the S3 File Gateway.

Set up an AWS Direct Connect connection between the on-premises network and AWS. Deploy an S3 File Gateway on premises. Create a public virtual interlace (VIF) to connect to the S3 File Gateway. Create an S3 bucket. Create a new NFS file share on the S3 File Gateway. Point the new file share to the S3 bucket. Transfer the data from the existing NFS file share to the S3 File Gateway.

Use Amazon S3 to host the full website in different S3 buckets Add Amazon CloudFront distributions Set the S3 buckets as origins for the distributions Store the order data in Amazon S3

Deploy the full website on Amazon EC2 instances that run in Auto Scaling groups across multiple Availability Zones Add an Application Load Balancer (ALB) to distribute the website traffic Add another ALB for the backend APIs Store the data in Amazon RDS for MySQL

Migrate the full application to run in containers Host the containers on Amazon Elastic Kubernetes Service (Amazon EKS) Use the Kubernetes Cluster Autoscaler to increase and decrease the number of pods to process bursts in traffic Store the data in Amazon RDS for MySQL

Use an Amazon S3 bucket to host the website's static content Deploy an Amazon CloudFront distribution. Set the S3 bucket as the origin Use Amazon API Gateway and AWS Lambda functions for the backend APIs Store the data in Amazon DynamoDB

Create an Amazon CloudFront distribution that has the S3 bucket and the ALB as origins Configure Route 53 to route traffic to the CloudFront distribution.

Create an Amazon CloudFront distribution that has the ALB as an origin Create an AWS Global Accelerator standard accelerator that has the S3 bucket as an endpoint. Configure Route 53 to route traffic to the CloudFront distribution.

Create an Amazon CloudFront distribution that has the S3 bucket as an origin Create an AWS Global Accelerator standard accelerator that has the ALB and the CloudFront distribution as endpoints Create a custom domain name that points to the accelerator DNS name Use the custom domain name as an endpoint for the web application.

Create an Amazon CloudFront distribution that has the ALB as an origin C. Create an AWS Global Accelerator standard accelerator that has the S3 bucket as an endpoint Create two domain names. Point one domain name to the CloudFront DNS name for dynamic content, Point the other domain name to the accelerator DNS name for static content Use the domain names as endpoints for the web application.

Create an Amazon SNS topic to send the jobs that need to be processed Create an Amazon Machine Image (AMI) that consists of the processor application Create a launch configuration that uses the AMI Create an Auto Scaling group using the launch configuration Set the scaling policy for the Auto Scaling group to add and remove nodes based on CPU usage

Create an Amazon SQS queue to hold the jobs that need to be processed Create an Amazon Machine image (AMI) that consists of the processor application Create a launch configuration that uses the AM' Create an Auto Scaling group using the launch configuration Set the scaling policy for the Auto Scaling group to add and remove nodes based on network usage

Create an Amazon SQS queue to hold the jobs that needs to be processed Create an Amazon Machine image (AMI) that consists of the processor application Create a launch template that uses the AMI Create an Auto Scaling group using the launch template Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue

Create an Amazon SNS topic to send the jobs that need to be processed Create an Amazon Machine Image (AMI) that consists of the processor application Create a launch template that uses the AMI Create an Auto Scaling group using the launch template Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of messages published to the SNS topic

Enable S3 Versioning on the publisher account's S3 bucket Configure S3 Same-Region Replication of the objects to the subscriber account's S3 bucket

Create an AWS Lambda function that is invoked when objects are published in the publisher account's S3 bucket. Configure the Lambda function to copy the objects to the subscriber accounts S3 bucket

Configure Amazon EventBridge (Amazon CloudWatch Events) to invoke an AWS Lambda function when objects are published in the publisher account's S3 bucket Configure the Lambda function to copy the objects to the subscriber account's S3 bucket

Configure Amazon EventBridge (Amazon CloudWatch Events) to publish Amazon Simple Notification Service (Amazon SNS) notifications when objects are published in the publisher account's S3 bucket When notifications are received use the S3 console to copy the objects to the subscriber accounts S3 bucket

Deploy Amazon API Gateway into a public subnet and adjust the route table to route S3 calls through it

Deploy a NAT gateway into a public subnet and attach an endpoint policy that allows access to the S3 buckets

Deploy the application into a public subnet and allow it to route through an internet gateway to access the S3 buckets

Deploy an S3 VPC gateway endpoint into the VPC and attach an endpoint policy that allows access to the S3 buckets

Configure an Amazon Route 53 failover routing policy Create a Network Load Balancer (NLB) in each of the two Regions Configure the NLB to invoke an AWS Lambda function to process the data

Use AWS Global Accelerator Create a Network Load Balancer (NLB) in each of the two Regions as an endpoint. Create an Amazon Elastic Container Service (Amazon ECS) cluster with the Fargate launch type Create an ECS service on the cluster Set the ECS service as the target for the NLB Process the data in Amazon ECS.

Use AWS Global Accelerator Create an Application Load Balancer (ALB) in each of the two Regions as an endpoint Create an Amazon Elastic Container Service (Amazon ECS) cluster with the Fargate launch type Create an ECS service on the cluster. Set the ECS service as the target for the ALB Process the data in Amazon ECS

Configure an Amazon Route 53 failover routing policy Create an Application Load Balancer (ALB) in each of the two Regions Create an Amazon Elastic Container Service (Amazon ECS) cluster with the Fargate launch type Create an ECS service on the cluster Set the ECS service as the target for the ALB Process the data in Amazon ECS

Store the data in Amazon S3 Glacier Update me S3 Glacier vault policy to allow access to the application Instances

Store the data in an Amazon Elastic Block Store (Amazon EBS) volume Mount the EBS volume on the application nuances.

Store the data in an Amazon Elastic File System (Amazon EFS) tile system Mount the file system on the application instances.

Store the data in an Amazon Elastic Block Store (Amazon EBS) Provisioned K)PS volume shared between the application instances.

Use AWS Glue to process the raw data in Amazon S3.

Use Amazon Route 53 to route traffic to different EC2 instances.

Add more EC2 instances to accommodate the increasing amount of incoming data.

Send the raw data to Amazon Simple Queue Service (Amazon SOS). Use EC2 instances to process the data.

Use Amazon API Gateway to send the raw data to an Amazon Kinesis data stream. Configure Amazon Kinesis Data Firehose to use the data stream as a source to deliver the data to Amazon S3.

Create an IAM role that grants access to the S3 bucket. Attach the role to the EC2 Instances.

Create an IAM policy that grants access to the S3 bucket Attach the policy to the EC2 Instances

Create an IAM group that grants access to the S3 bucket Attach the group to the EC2 instances

Create an IAM user that grants access to the S3 bucket Attach the user account to the EC2 Instances

Provision a subnet in each Availability Zone Configure the Auto Scaling group to distribute the EC2 instances across both

Availability Zones Configure the DB instance with connections to each network

Provision two subnets that extend across both Availability Zones Configure the Auto Scaling group to distribute the EC2 instances

across both Availability Zones Configure the DB instance with connections to each network

Provision a subnet in each Availability Zone Configure the Auto Scaling group to distribute the EC2 instances across both Availability Zones Configure the DB instance for Multi-AZ deployment

Provision a subnet that extends across both Availability Zones Configure the Auto Scaling group to distribute the EC2 instances

across both Availability Zones Configure the DB instance for Multi-AZ deployment

Create a usage plan with an API key that it shared with genuine users only.

Integrate logic within the Lambda function to ignore the requests lion- fraudulent IP addresses

Implement an AWS WAF rule to target malicious requests and trigger actions to filler them out

Convert the existing public API to a private API Update the DNS records to redirect users to the new API endpoint

Create an IAM role tor each user attempting to access the API A user will assume the role when making the API call

Use S3 Select to perform queries against all the S3 objects

Create an AWS Glue table and an AWS Glue crawler Schedule the crawler to run daily Perform queries with Amazon Athena

Create an Amazon EMR cluster Set up C. EMR File System (EMRFS) to access the S3 bucket Perform queries with Apache Spark

Create an Amazon Redshift cluster Schedule an AWS Lambda function to perform the COPY command on the Redshift cluster to load the S3 data Perform queries on the Redshift cluster.

Use an Amazon CioudWatch metric stream to send the EC2 Auto Scaling status data to Amazon Kinesis Data Firehose Store the data in Amazon S3

Launch an Amazon EMR duster to collect the EC2 Auto Scaling status data and send the data to Amazon Kinesis Data Firehose Store the data in Amazon S3

Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda (unction on a schedule Configure the Lambda function to send the EC2 Auto Scaling status data directly to Amazon S3

Use a bootstrap script during the launch of an EC2 instance to install Amazon Kinesis Agent Configure Kinesis Agent to collect the EC2 Auto Scaling status data and send the data to Amazon Kinesis Data Firehose Store the data in Amazon S3

Provision an Amazon RDS proxy to sit between the Lambda functions and the database Configure the Lambda functions to connect to the RDS proxy

Increase the run time of me Lambda functions to the maximum Create a retry mechanism in the code that stores the customer data in the database

Persist the customer data to Lambda local storage. Configure new Lambda functions to scan the local storage to save the customer data to the database.

Store the customer data m an Amazon Simple Queue Service (Amazon SOS) FIFO queue Create a new Lambda function that polls the queue and stores the customer data in the database

Use Amazon ElastiCache in front of the database.

Use RDS Proxy between the application and the database.

Migrate the application from EC2 instances to AWS Lambda.

Migrate the database from Amazon RDS for MySQL to Amazon DynamoDB.

Create a single SQS queue and publish order events to it The Email, OrderProcessing and OrderCancellation microservices can then consume messages off the queue

Create three SNS topics for each microservice Publish order events to the three topics Subscribe each of the Email OrderProcessmg, and OrderCancellation microservices to its own topic

Create an SNS topic and publish order events to it Create three SQS queues for the Email OrderProcessing and OrderCancellation microservices Subscribe all SQS queues to the SNS topic with message filtering

Create two SQS queues and publish order events to both queues simultaneously One queue is for the Email and OrderProcessmg microservices The second queue is for the Email and Order Cancellation microservices

Deploy models as AWS Lambda functions behind an Amazon API Gateway for each model

Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind an Application Load Balancer for each model

Deploy models as AWS Lambda functions behind a single Amazon API Gateway with path-based routing where one path corresponds to each model

Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind a single Application Load Balancer with path-based routing where one path corresponds to each model

Mount Amazon S3 as a file system to the on-premises servers

Deploy an AWS Storage Gateway Me gateway to replace NFS storage

Deploy AWS Snowball Edge to provision NFS mounts to on-premises servers

Deploy an AWS Storage Gateway volume gateway to replace the block storage

Deploy Amazon Elastic File System (Amazon EFS) volumes and mount them to on-premises servers

Amazon DynamoDB

Amazon RDS for MySQL

MySQL-compatible Amazon Aurora Serverless

MySQL deployed on Amazon EC2 in an Auto Scaling group

Use AWS Cloud Formation to update the production infrastructure and roll back the stack if the update fails

Apply Amazon Route 53 weighted routing to test the staging environment and gradually increase the traffic as the tests pass

Apply Amazon Route 53 failover routing to test the staging environment and fail over to the production environment if the tests pass

Use AWS Cloud Formation with a parameter set to the staging value in a separate environment other than the production environment

Use AWS Cloud Formation to deploy the staging environment with a snapshot deletion policy and reuse the resources in the production environment if the tests pass

Push score updates to Amazon Kinesis Data Streams Process the updates in Kinesis Data Streams with AWS Lambda Store the processed updates in Amazon DynamoDB

Push score updates to Amazon Kinesis Data Streams Process the updates with a fleet of Amazon EC2 instances set up for Auto Scaling Store the processed updates in Amazon Redshifi

Push score updates to an Amazon Simple Notification Service (Amazon SNS) topic Subscribe an AWS Lambda function to the SNS topic to process the updates Store the processed updates in a SQL database running on Amazon EC2

Push score updates to an Amazon Simple Queue Service (Amazon SQS) queue Use a fleet of Amazon EC2 instances with Auto Scaling to process the updates in the SQS queue Store the processed updates in an Amazon RDS Multi-AZ DB instance

Split the existing Lambda function into two Lambda functions Configure one function to receive API Gateway requests and put relevant items into Amazon Simple Queue Service (Amazon SQS) Configure the other function to read items from Amazon SQS and save the data into Aurora

Configure the Lambda function to receive API Gateway requests and write relevant items to Amazon ElastiCache Configure ElastiCache to save the data into Aurora

Increase the memory for the Lambda function Configure Aurora to use the Multi-AZ feature

Split the existing Lambda function into two Lambda functions Configure one function to receive API Gateway requests and put relevant items into Amazon Simple Notification Service (Amazon SNS) Configure the other function to read items from Amazon SNS and save the data into Aurora

Create an Amazon RDS DB instance with synchronous replication to three nodes in three Availability Zones.

Create an Amazon RDS MySQL DB instance with Multi-AZ functionality enabled to synchronously replicate the data.

Create an Amazon RDS MySQL DB instance and then create a read replica in a separate AWS Region that synchronously replicates the data.

Create an Amazon EC2 instance with a MySQL engine installed that triggers an AWS Lambda function to synchronously replicate the data to an Amazon RDS MySQL DB instance

Configure Amazon EFS storage and set the Active Directory domain for authentication

Create an SMB Me share on an AWS Storage Gateway tile gateway in two Availability Zones

Create an Amazon S3 bucket and configure Microsoft Windows Server to mount it as a volume

Create an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication

Create an IAM user for each user in the company Attach the appropriate policies to each user

Use Amazon Cognito with an Active Directory user pool Create rotes with the appropriate policies attached

Define cross-account roles with the appropriate policies attached Map the roles to the Active Directory groups

Configure Security Assertion Markup Language (SAML) 2 0-based federation Create roles with the appropriate policies attached Map the roles to the Active Directory groups

Deploy Amazon Kinesis Data Firehose to accept incoming data from the loT devices and write the data to Amazon S3 Build a web dashboard to display the data from the last 24 hours

Deploy an Amazon API Gateway API endpoint and an AWS Lambda function to process incoming data from the loT devices and store the data in Amazon DynamoDB Build a web dashboard to display the data from the last 24 hours

Deploy an Amazon API Gateway API endpoint and an Amazon Simple Notification Service (Amazon SNS) tope to process incoming data from the loT devices Write the data to Amazon Redshift Build a web dashboard to display the data from the last 24 hours

Deploy an Amazon Simple Queue Service (Amazon SOS) FIFO queue and an AWS Lambda function to process incoming data from the loT devices and store the data in an Amazon RDS DB instance Build a web dashboard to display the data from the last 24 hours

Deploy Microsoft SQL Server on Amazon EC2 instances in a Region in North America. Use SOL Server binary log replication on an EC2 instance in a Region in Europe.

Create an Amazon DynamoDB global table Add a Region from North America and a Region from Europe to the table. Query data with strongly consistent reads.

Use an Amazon Aurora MySQL global database. Deploy the read-write node in a Region in North America, and deploy read-only endpoints in Regions in North America and Europe. Query data with global read consistency.

Create a subscriber application that uses Amazon Kinesis Data Steams for an Amazon Redshift cluster in a Region in North America. Create a second subscriber application for the Amazon Redshift cluster in a Region in Europe. Process all database modifications through Kinesis Data Streams.

Set up AWS Storage Gateway to conned with the backup applications using the NFS interface

Set up an Amazon EFS file system that connects wtth the backup applications using the NFS interface

Set up an Amazon EFS file system that connects with the backup applications using the iSCSl interface

Set up AWS Storage Gateway to connect with the backup applications using the iSCSi-virtual tape library (VTL) interface

Migrate the file share to Amazon RDS

Migrate the file share to AWS Storage Gateway

Migrate the file share to Amazon FSx for Windows File Server

Migrate the file share to Amazon Elastic File System (Amazon EFS)

Create IAM users for daily administrative tasks Disable the root user

Create IAM users for daily administrative tasks Enable multi-factor authentication on the root user

Generate an access key for the root user Use the access key for daily administration tasks instead of the AWS Management Console

Provide the root user credentials to the most senior solutions architect Have the solutions architect use the root user for daily administration tasks

Enable storage autoscaling in RDS

Increase the RDS database instance size

Change the RDS database instance storage type to Provisioned lOPS

Back up the RDS database increase the storage capacity restore the database and stop the previous instance

Launch the EC2 instances in a cluster placement group in one Availability Zone

Launch the EC2 instances in a spread placement group in one Availability Zone

Launch the EC2 instances in an Auto Scaling group m two Regions and peer the VPCs

Launch the EC2 instances in an Auto Scaling group spanning multiple Availability Zones

Provision a dedicated EC2 NAT instance in the public subnet. Configure the route table for the private subnet to use the elastic network interface of this instance as the destination for all S3 traffic

Provision a dedicated EC2 NAT instance in the private subnet. Configure the route table for the public subnet to use the elastic network interface of this instance as the destination for all S3 traffic.

Provision a VPC gateway endpoint. Configure the route table for the private subnet to use the gateway endpoint as the route for all S3 traffic.

Provision a second NAT gateway. Configure the route table foe the private subnet to use this NAT gateway as the destination for all S3 traffic.

Amazon CloudFront

AWS Global Accelerator

Amazon Route 53

Amazon S3 Transfer Acceleration

Use AWS Secrets Manager with customer master keys (CMKs) to store master key material and apply a routine to create a new CMK periodically and replace it m AWS Secrets Manager

Use AWS Key Management Service (AWS KMS) with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in AWS KMS.

Use an AWS CloudHSM cluster with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in the CloudHSM cluster nodes

Use AWS Systems Manager Parameter Store with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in the Parameter Store

Server-side encryption with customer-provided encryption keys.

Client-side encryption with Amazon S3 managed encryption keys.

Service-side encryption with keys stored in AWS Management Service (AWS KMS)

Client-side encryption with a master stored in AWS Management Service (AWS KMS)

Use Amazon EC2 instances to manipulate the original images into the requested customizations Store the original and manipulated images in Amazon S3. Configure an Elastic Load Balancer in front. of the EC2 Instances.

Use AWS Lambda to manipulate the original images into the requested customization. Store the original and manipulated images in Amazon S3. Configure an Amazon CloudFront distribution with the S3 bucket as the origin.

Use AWS Lambda to manipulate the original images into the requested customizations Store the original images in Amazon S3 Store the manipulated images in Amazon DynamoDB. Provision an Application Load Balancer and Amazon EC2 instances to serve the content.

Use Amazon EC2 instances to manipulate the original Images Into the requested customizations. Store the original images in Amazon S3. Store the manipulated Images m Amazon DynamoDB Configure an Amazon CloudFront distribution with the S3 bucket as the origin

Create a gateway VPC endpoint to provide connectivity to DynamoDB.

Configure a managed NAT gateway to provide connectivity to DynamoDB.

Establish an AWS Direct Connect connection behaviour to private network and DynamoDB.

Deploy an AWS PrivateLink endpoint service between the private network and DynamoDB.

Send the initial 10 TB of data to AWS using FTP.

Send the initial 10 TB of data lo AWS using AWS Snowball.

Establish a VPN connection between Amazon VPC and the company's data center

Establish an AWS Direct Connect connection between Amazon VPC and the company's data canter

Use Amazon ElastiCache to manage and store session data.

Use session affinity (sticky sessions) of the ALB to manage session data.

Use Session Manager from AWS Systems Manager to manage the session.

Use the GetSessionToken API operation in AWS Security Token Service (AWS STS) to manage the session.

Create three NAT gateways, one for each public subnet in each AZ Create a private route table for each AZ that forwards non-VPC traffic to tie NAT gateway m its AZ.

Create three NAT instances, one for each private subnet in each AZ Create a private route table for each AZ that forwards non-VPC traffic to the NAT instance in its AZ.

Create a second internet gateway on one of the private subnets. Update the route table for the private subnets that forward non-VPC trade to the private Internet gateway.

Create an egress-only internet gateway on one of the pubic subnets. Update the route table for the private subnets that forward non-VPC traffic to the egress-only internet gateway.

Stop the instance outside the application's availability window Start up the instance again when required

Hibernate the instance outside the application's availability window Start up the instance again when required

Use Auto Scaling to scale down the instance outside the application's availability window Scale up the instance when required.

Terminate the instance outside the application's availability window Launch the instance by using a preconfigured Amazon Machine Image (AMI) when required

Enable a Multi-AZ deployment for the DB Instance

Enable auto scaling for the OB instance m one Availability Zone.

Configure the 06 instance in one Availability Zone and create multiple read replicas in a separate Availability Zone

Configure the 06 instance m one Availability Zone, and configure AWS Database Migration Service (AWS DMS) change data capture (CDC) tasks

Configure three AWS Site-to-Site VPN connections from the data center to AWS. Establish connectivity by configuring one VPN connection for each VPC.

Launch a third-party virtual network appliance in each VPC. Establish an IPsec VPN tunnel between the data center and each virtual appliance.

Set up three AWS Direct Connect connections from the data center to a Direct Connect gateway In us-easl-1. Establish connectivity by configuring each VPC to use one of the Direct Connect connections.

Set up one AWS Direct Connect connection from the data center lo AWS Create a transit gateway, and attach each VPC to the transit gateway. Establish connectivity between the Direct Connect connection and the transit gateway.

Save the pdf files to Amazon S3 Configure an S3 PUT event to invoke an AWS Lambda function to convert the files to jpg format and store them back in Amazon S3

Save the pdf files to Amazon DynamoDB. Use the DynamoDB Streams feature to invoke an AWS Lambda function to convert the files to jpg format and store them hack in DynamoDB

Upload the pdf files to an AWS Elastic Beanstalk application that includes Amazon EC2 instances. Amazon Elastic Block Store (Amazon EBS) storage and an Auto Scaling group. Use a program In the EC2 instances to convert the files to jpg format Save the .pdf files and the .jpg files In the EBS store.

Upload the .pdf files to an AWS Elastic Beanstalk application that includes Amazon EC2 instances, Amazon Elastic File System (Amazon EPS) storage, and an Auto Scaling group. Use a program in the EC2 instances to convert the file to jpg format Save the pdf files and the jpg files in the EBS store.

Publish data to Amazon Kinesis Data Streams Use Kinesis data Analytics to query the data.

Publish data to Amazon Kinesis Data Firehose with Amazon Redshift as the destination Use Amazon Redshift to query the data

Store ingested data m an EC2 Instance store Publish data to Amazon Kinesis Data Firehose with Amazon S3 as the destination. Use Amazon Athena to query the data.

Store ingested data m an Amazon Elastic Block Store (Amazon EBS) volume Publish data to Amazon ElastiCache tor Red Subscribe to the Redis channel to query the data

Use Amazon API Gateway and direct transactions to the AWS Lambda functions as the application layer Use Amazon Simple Queue Service (Amazon SOS) as the communication layer between application services.

Use Amazon CloudWatch metrics to analyze the application performance history to determine the servers' peak utilization during the performance failures Increase the size or the application servers Amazon EC2 instance to meet the peak requirements

Use Amazon Simple Notification Service (Amazon SNS) to handle the messaging between application servers running on Amazon EC2 m an Auto Scaling group Use Amazon CloudWatch to monitor the SNS queue length and scale up and down as required.

Use Amazon Simple Queue Service (Amazon SOS) to handle the messaging between application servers running on Amazon EC2 In an Auto Seeing group Use Amazon CloudWatch to monitor the SOS queue length and scale up when communication failures are detected.

Purchase a Compute Savings Plan

Purchase an EC2 Instance Savings Plan.

Purchase Reserved Instances tor existing EC2 workloads.

Use Spot Instances for existing EC2 workloads.

Use Far gale Spot capacity for the tasks.

Enable concurrency scaling

Enable cross-Region snapshots

Increase the data retention period

Deploy Amazon Redshift in Multi-AZ

Store individual files in Amazon S3 Glacier Store search metadata in object tags that are created in S3 Glacier Query the S3 Glacier tags to retrieve the files from S3 Glacier.

Store individual files in Amazon S3. Use S3 Lifecycle polices to move the ties to S3 Glacier after

1year. Query and retrieve the files that are in Amazon S3 by using Amazon Athena. Query and retrieve the files that are in S3 Glacier by using S3 Glacier Select.

Store Individual files In Amazon S3 Store search metadata for each archive In Amazon S3 Use S3 Lifecycle policies to move the ties to S3 Glacier after 1 year Query and retrieve tie flies by searching for metadata from Amazon S3.

Store individual files in Amazon S3 Use S3 Lifecycle policies to move the files to S3 Glacier after

1year. Store search metadata in Amazon RDS Query the Sea from Amazon RDS Retrieve the files from Amazon S3 or S3 Glacier

Store the transactions data into Amazon DynamoDB Set up a rule in DynamoDB to remove sensitive data from every transaction upon write Use DynamoDB Streams to share the transactions data with other applications

Stream the transactions data into Amazon Kinesis Data Firehose to store data in Amazon DynamoDB and Amazon S3 Use AWS Lambda integration with Kinesis Data Firehose to remove sensitive data. Other applications can consume the data stored in Amazon S3

Stream the transactions data into Amazon Kinesis Data Streams Use AWS Lambda integration to remove sensitive data from every transaction and then store the transactions data in Amazon DynamoDB Other applications can consume the transactions data off the Kinesis data stream.

Store the batched transactions data in Amazon S3 as files. Use AWS Lambda to process every file and remove sensitive data before updating the files in Amazon S3 The Lambda function then stores the data in Amazon DynamoDB Other applications can consume transaction files stored in Amazon S3.

An AWS Glue job

An AWS Lambda function

A containerized service hosted in Amazon Elastic Kubemetes Service {Amazon EKS)

A containerized service hosted in Amazon ECS with Amazon EC2

Enable the versioning and MFA Delete features on the S3 bucket.

Enable multi-factor authentication (UFA) on the IAM user credentials for each audit team IAM user account.

Add an S3 Lifecycle policy to the audit team's IAM user accounts to deny the s3 DekaeObject action during audit dates

Use AWS Key Management Service (AWS KMS) to encrypt the S3 bucket and restrict audit learn IAM user accounts from accessing the KMS key.

Attach a resource-based policy lo the S3 bucket

Create an IAM user for the application with specific permissions to the S3 bucket

Associate an IAM role with least privilege permissions lo the EC2 instance profile

D Store AWS a credential directly on the EC2 instance for applications on the instance to use for API calls

AWS DataSync with a VPC endpoint

AWS Direct Conned

AWS Snowball Edge Storage Optimized

AWS Storage Gateway

Create an Instance profile that provides the other company access to the SOS queue

Create an IAM policy that provides the other company access to the SOS queue.

Create an SOS access policy that provides the other company access to the SOS queue

Create an Amazon Simple Notification Service (Amazon SNS) aeons policy that provides the other company access to the SOS queue

AW3 Key Management Service (AWS KMS)

VPC endpoint

Private subnet

Virtual private gateway

Set up server-side throttling limits for API Gateway.

Limit DynamoDB read throughput on the table lo an amount that results m the maximum cost that the company is willing to incur.

Set up a usage plan for API Gateway Implement throttling limits tor each customer. and distribute API keys to each customer

Set up AWS Budgets. Monitor the usage of API Gateway and DynamoDB Configure an alarm to provide an alert when the cost exceeds a certain threshold each month

NAT gateway

Amazon RDS DB instances

Application Load Balancers

Amazon EC2 application servers

Amazon Elastic File System (Amazon EFS) volumes

Use Amazon S3 to host the front-end layer. Use AWS Lambda functions for the application layer. Move the database to an Amazon DynamoDB table Use Amazon S3 to store and service users' images.

Use toad-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end layer and the application layer. Move the database to an Amazon RDS OB instance with multiple read replicas to serve users' images.

Use Amazon S3 to host the front-end layer. Use a fleet of EC2 instances in an Auto Scaling group for the application layer. Move the database to a memory optimized instance type to store and serve users' images.

Use toad-balanced Multi-AZ AWS Elastic Beanstark environments for tie front-end layer and the application layer. Move the database to an Amazon ROS Multi-AZ DB instance Use Amazon S3 to store and serve users' images.

Create and use a custom endpoint for the workload

Create a three-node cluster clone and use the reader endpoint

Use any of the instance endpoints for the selected three nodes

Use the reader endpoint to automatically distribute the read-only workload

Use AWS Budgets to create a budget report and compare EC2 costs based on instance types

Use Cost Explorer's granular filtering feature to perform an in-depth analysis of EC2 costs based on instance types

Use graphs from the AWS Billing and Cost Management dashboard to compare EC2 costs based on instance types for the last 2 months

Use AWS Cost and Usage Reports to create a report and send it to an Amazon S3 bucket Use Amazon QuickSight with Amazon S3 as a source to generate an interactive graph based on instance types.

Migrate the website content to Amazon S3 and host the website on Amazon CloudFront.

Migrate the website content to Amazon EC2 instances with public Elastic IP addresses in multiple AWS Regions.

Migrate the website content to Amazon EC2 instances and vertically scale as the load increases.

Use Amazon Route 53 to distribute the loads across multiple Amazon CloudFront distributions for each AWS Region that exists globally.

Create a simple routing policy that uses health checks for each Region

Create a multivalue answer routing policy that uses health checks for each Region

Create a geoproximity routing policy with a health check bias of 99 for each Region

Create a weighted routing policy with a health check weight of 100 for each Region

Create an Amazon Elasticsearch Service (Amazon ES) cluster Query the data in Amazon ES Visualize the data by using Kibana

Create a table m the AWS Glue Data Catalog Query the data in Amazon S3 by using Amazon Athena Visualize the data m Amazon QuickSight

Create an Amazon EMR cluster Query the data by using Amazon EMR and store the results in Amazon S3 Visualize the data in Amazon QuickSign.

Create an Amazon Redshift cluster Query the data in Amazon Redshift and upload the results to Amazon S3 Visualize the data in Amazon QuickSight

Use S3 ACLs

Use Amazon Elastic Block Store (Amazon EBS) automated snapshots

Use S3 Intelligent-Tiering storage

Use S3 One Zone-Infrequent Access (S3 One Zone-IA).

Create an encryption key and store the key in AWS Secrets Manager Use the key to encrypt the DB instances

Generate a certificate in AWS Certificate Manager (ACM). Enable SSL/TLS on the DB instances by using the certificate

Create a customer master key (CMK) in AWS Key Management Service (AWS KMS) Enable encryption for the DB instances

Generate a certificate in AWS Identity and Access Management {IAM) Enable SSUTLS on the DB instances by using the certificate

Configure DynamoDB global tables. For RPO recovery, point the application to a different AWS Region.

Configure DynamoDB point-in-time recovery. For RPO recovery, restore to the desired point in time.

Export the DynamoDB data to Amazon S3 Glacier on a daily basis. For RPO recovery, import the data from S3 Glacier to DynamoDB.

Schedule Amazon Elastic Block Store (Amazon EBS) snapshots for the DynamoDB table every 15 minutes. For RPO recovery, restore the DynamoDB table by using the EBS snapshot.

Create an Amazon Elastic Block Store (Amazon EBS) snapshot containing the data. Share it with users within the VPC

Create an Amazon S3 bucket that has a lifecycle policy set to transition the data to S3 Standard-Infrequent Access (S3 Standard-IA) after the appropriate number of days

Create an Amazon Elastic File System (Amazon EFS) file system within the VPC Set the throughput mode to Provisioned and to the required amount of IOPS to support concurrent usage

Create an Amazon Elastic File System (Amazon EFS) file system within the VPC Set the hfecycle policy to transition the data to EFS Infrequent Access (EFS IA) after the appropriate number of days

Use EC2 Reserved Instances with the All Upfront payment option

Use EC2 Reserved instances with the Partial Upfront payment option

Use Spot Fleet requests with the allocation strategy set to lowestPnce

Use persistent Spot Instance requests with behaviour that stops interrupted instances

Amazon EBS

Amazon EFS

Amazon FSx for Windows

Amazon S3

AWS Storage Gateway file gateway

Create a new S3 bucket Turn on the default encryption settings for the new S3 bucket Download all existing objects to temporary local storage Upload the objects to the new S3 bucket

Turn on the default encryption settings for the S3 bucket Use the S3 Inventory feature to create a csv file that lists the unencrypted objects Run an S3 Batch Operations job that uses the copy command to encrypt those objects

Create a new encryption key by using AWS Key Management Service (AWS KMS) Change the settings on the S3 bucket to use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) Turn on versioning for the S3 bucket

Navigate to Amazon S3 in the AWS Management Console Browse the S3 bucket's objects Sort by the encryption field Select each unencrypted object Use the Modify button to apply default encryption settings to every unencrypted object in the S3 bucket

Move the database to Amazon RDS, and enable automatic backups Manually launch another EC2 instance in the same Availability Zone Configure an Application Load Balancer in the Availability Zone and set the two instances as targets

Migrate the database to an Amazon Aurora instance with a read replica in the same Availability Zone as the existing EC2 instance Manually launch another EC2 instance in the same Availability Zone Configure an Application Load Balancer and set the two EC2 instances as targets

Move the database to Amazon Aurora with a read replica in another Availability Zone Create an Amazon Machine Image (AMI) from the EC2 instance Configure an Application Load Balancer in two Availability Zones Attach an Auto Scaling group that uses the AMI across two Availability Zones

Move the database to a separate EC2 instance and schedule backups to Amazon S3 Create an Amazon Machine Image (AMI > from the original EC2 instance Configure an Application Load Balancer in two Availability Zones Attach an Auto Scaling group that uses the AMI across two Availability Zones

Use Spot Instances for the entire workload.

Use Reserved instances for the baseline level of usage Use Spot Instances for any additional capacity that the application needs.

Use On-Demand Instances for the baseline level of usage. Use Spot Instances for any additional capacity that the application needs

Use Dedicated Instances for the baseline level of usage. Use On-Demand Instances for any additional capacity that the application needs

Enable binlog replication on the RDS primary node.

Choose a failover priority for the source DB instance.

Allow long-running transactions to complete on the source DB instance.

Create a global table and specify the AWS Regions where the table will be available.

Enable automatic backups on the source instance by setting the backup retention period to a value other than 0.

Use Amazon CloudWatch metrics to monitor the CPU of each instance in the Auto Scaling groups. Configure each Auto Scaling group's minimum capacity according to peak workload values

Use Amazon CloudWatch metrics to monitor the CPU of each instance in the Auto Scaling groups Configure a

CloudWatch alarm to invoke an Amazon Simple Notification Service (Amazon SNS) topic that creates additional Auto Scaling groups on demand

Provision two Amazon Simple Queue Service (Amazon SQS) queues one for order collection and another for order fulfillment Configure the EC2 instances to poll their respective queue Scale the Auto Scaling groups based on notifications that the queues send

Provision two Amazon Simple Queue Service (Amazon SQS) queues one for order collection and another for order

fulfillment. Configure the EC2 instances to poll their respective queue. Create a metric based on a backlog per instance calculation Scale the Auto Scaling groups based on this metric.

Configure AWS CloudTrail trails to log S3 API calls Use AWS AppSync to process the files

Configure an object-created event notification within the S3 bucket to invoke an AWS Lambda function to process the files

Configure Amazon Kinesis Data Streams to process and send data to Amazon S3 Invoke an AWS Lambda function to process the files

Configure an Amazon Simple Notification Service (Amazon SNS) topic to process the files uploaded to Amazon S3. Invoke an AWS Lambda function to process the files