Download 2024 AWS SAA Practice Exam Updated 2024-2025 New
Latest Version with All Questions and more Exams Engineering in PDF only on Docsity! 2024 AWS SAA Practice Exam Updated 2024-2025 New Latest Version with All Questions and 100% Correct Answers A Solutions Architect is designing an application that will encrypt all data in an Amazon Redshift cluster.Which action will encrypt the data at rest? --------- Correct Answer ------- -- Use the AWS KMS Default Customer master key. what type of consistency model is provided in Amazon S3 when you upload a new version of an object? --------- Correct Answer --------- eventual consistency ( for overwrite PUTS and Deletes) how can you create a hierarchy that mimics a file system in Amazon S3? --------- Correct Answer --------- use folders in your buckets an EC2 instance with an EBS root volume and an EBS data volume is terminated with a default settings. what will happen to the volumes? --------- Correct Answer --------- The root volume will be deleted but the data volume will be retained how can you control access to files and directories and Amazon EFS file systems? ------ --- Correct Answer --------- using user and group level permissions you would like to run some code when an object is uploaded to an Amazon S3 bucket. how can it be achieved? --------- Correct Answer --------- create an event notification on the S3 bucket that triggers a lambda function an Amazon RDS database is experiencing heavy demand and slowing down. most database calls are reads. what is the simplest way to scale the database without downtime? --------- Correct Answer --------- create a read replica if you wanted to change to an instance type with more resources there would be downtime A new application requires a database that can allow writes to DB instances in multiple AZ with read after write consistency. which solution meets these requirements? --------- Correct Answer --------- Amazon Aurora Multi-Master This adds the ability to scale out write performance across multiple AZ and provides configurable read after write consistency. an organization is migrating a database into the AWS cloud. they require a managed service for their MySQL database and need automatic failover to a secondary database. which solution should they use? --------- Correct Answer --------- Amazon RDS with multi- AZ which IAM entity can be used to delegate permissions? --------- Correct Answer --------- Role which IAM entity is used for assigning permissions to multiple users? --------- Correct Answer --------- Group which element of an IAM policy document can be used to specify the policy should take effect only if the caller is coming from a specific source IP address? --------- Correct Answer --------- condition element AKA condition block Hibernating an instance --------- Correct Answer --------- EC2 signals the operating system to perform hibernation (suspend to disk). Hibernation saves the contents from the instance memory ram to your Amazon EBS root volume. Amazon EC2 persists the instance's EBS root volume and any attached data volumes an organization has a unit with multiple member accounts. the company needs to restrict the ability to launch only specific Amazon EC2 instance types. how can this policy be applied across the accounts with the least effort? --------- Correct Answer ------- -- create an SCP with a deny rule that denies all but the specific instance types AWS Glue --------- Correct Answer --------- fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics. Scheduled Scaling --------- Correct Answer --------- good for Predictable Workloads - so when you know when and for how long you are going to need additional capacity Simple Scaling --------- Correct Answer --------- Good for unpredictable workloads. with simple scaling, after scaling activity has started, the policy must wait for the scaling activity or health check replacement to complete and the cooldown period to expire before responding to additional alarms (in contrast to step scaling) AWS recommends Step Scaling. Step Scaling --------- Correct Answer --------- increase or decrease the current capacity of your auto scaling group based on a set of scaling adjustments, known as step adjustments. The adjustments very based on the size of the alarm breach. suitable for situations where the load is unpredictable. Elastic File System --------- Correct Answer --------- provides a simple, scalable, fully- managed elastic NFS file system for use with AWS cloud services and on-prem This is a solution that provides an active active configuration where reads and rights can take place in multiple regions with full bi-directional synchronization. Amazon API Gateway --------- Correct Answer --------- decouples the client application from the back-end application-layer services by providing a single endpoint for API requests a mobile client requires data from several application layer services to populate its user interface. what can the application team use to decouple the client interface from the underlying services behind them? --------- Correct Answer --------- Amazon API Gateway Task Definition / Task Role --------- Correct Answer --------- you can only apply one IAM role to a task definition a task definition is required to run DACA containers on Amazon ECS and you can specify the IAM role (task role) that the tasks should use for permissions Cluster Placement Group --------- Correct Answer --------- provides low latency and high throughput for instances deployed in a single AZ. This allows for internode performance NLB --------- Correct Answer --------- Network load balancer is used for distributing incoming connections. Spread Placement Group --------- Correct Answer --------- a group of instances that are placed on distinct underlying hardware. spread placement groups are recommended for applications that have a smell number of critical instances that should be kept separate from each other. launching instances in a spread group reduces the risk of simultaneous failures that might occur when instances share the same underlying hardware. IAM Roles Best Practice --------- Correct Answer --------- IAM Roles should be used in place of storing credentials on Amazon EC2 instances. This is the most secure way to provide permissions to EC2 as no credentials are stored and short-lived credentials are obtained using AWS STS. additionally the policy attached to the role should provide least privilege permissions. AWS Global Accelerator --------- Correct Answer --------- a service that improves the availability and performance of applications with local or global users. you can configure the application load balancer as a target and global accelerator will automatically route users to the closest point of presence. failover is automatic and does not rely on any client-side cache changes as the IP addresses for the global accelerator are static any cast addresses. Global Accelerator uses the AWS Global Network which ensures consistent performance IAM Roles for ECS tasks --------- Correct Answer --------- enables you to secure your infrastructure by assigning an IAM role directly to the ECS task rather than to the EC2 container instance. This means you can have one task that uses a specific IAM role for access to S3 and one task that uses an IAM role to access DynamoDB AWS Best Practice for Resiliency --------- Correct Answer --------- - connect from multiple data centers for physical location redundancy - when designing remote connections consider using redundant hardware and telecommunication providers - use dynamically routed active/active connections for automatic load balancing and failover across redundant network connections - provision sufficient network capacity to ensure that the failure of one network connection does not overwhelm and degrade redundant connections EC2 Instance Stores --------- Correct Answer --------- high speed ephemeral storage that is physically attached to the EC2 instance. This is a good way to lower cost and improve performance in a cost-efficient way if files are temporary, ephemeral storage is sufficient. This means the data is lost when the instances stopped. Where can you restrict access with an OAI? --------- Correct Answer --------- S3. you cannot restrict access on EC2 or ELB OAI = origin access identity AWS Data Sync --------- Correct Answer --------- an online data transfer service that simplifies automates and accelerates copying large amounts of data between on-prem systems and AWS storage services It can copy data between -NFS or SMB shares -self-managed object storage -AWS snow cone -S3 -EFS -Amazon FSX for Windows Fun fact about EBS volumes --------- Correct Answer --------- EBS volumes cannot be shared across AZs AWS Transit Gateway --------- Correct Answer --------- connects VPCs and on-prem networks through a central hub you can quickly add Amazon VPCs AWS accounts and VPN capacity or AWS direct connect gateways to meet unexpected demand without having to wrestle with complex connections or massive routing tables. What is a solution to scale read performance and the solution must be configured for high availability? --------- Correct Answer --------- create a read replica as a multi-az db instance A shared services VPC is being set up for use by several AWS accounts. an application needs to be securely shared from the shared services VPC. the solution should not allow consumers to connect to other instances in the VPC. How can this be set up with the least admin effort? --------- Correct Answer --------- use AWS private link to expose the application as an endpoint service and create a network load balancer VPCs can be shared among multiple AWS accounts. resources can then be shared amongst those accounts. to easily restrict access so that consumers cannot connect to other instances in the VPC use a private link. the endpoint type will be an interface on point and it uses an NLB in the shared services VPC. Target tracking Scaling Policy --------- Correct Answer --------- increases or decreases the number of tasks that your service runs based on a target value for a specified metric, as reported by CloudWatch Amazon EFS --------- Correct Answer --------- fully managed service and makes it easy to set up scale and cross optimize file storage in the Amazon Cloud. EFS file systems are accessible to Amazon EC2 instances via a file system interface (using standard operating system file I/O APIs) and support profile system access semantics (such as strong consistency and file locking) EFS is a good solution for when you need to attach a shaded file system to multiple EC2 instances across multiple availability zones. RedShift Use Cases --------- Correct Answer --------- - performing complex queries on a data warehouse that takes several hours to complete for a team of data scientists - running fast repeated queries and updating dashboards for customer support staff you can create VPC connections between your own VPCs or within a VPC in another AWS account. what does it mean when an EC2 status check on an EBS volume is showing as insufficient data? --------- Correct Answer --------- The checks may still be in progress on the volume. Amazon Aurora Serverless --------- Correct Answer --------- on-demand, auto-scaling configuration of Amazon Aurora. This is ideal for infrequently used applications. The database automatically starts up shuts down and scales capacity up or down based on application needs. Amazon Aurora is a service that requires an instance to be running at all times which is more costly. security groups --------- Correct Answer --------- a virtual firewall for your instance to control inbound and outbound traffic. when you launch an incense in a VPC you can assign up to five security groups to the instance. security groups are not at the subnet level. WAF is a web application firewall and does not work at the instance level. AWS Global Accelerator --------- Correct Answer --------- a service where you create accelerators to improve availability and performance of your applications for local and global users interlocks traffic to optimal and points over the AWS network. By default global accelerator provides you with two static IP addresses that you associate with the accelerator CloudFront cannot expose static public IP addresses. Aurora Replicas --------- Correct Answer --------- independent end points in an Aurora DB cluster for scaling read operations and increasing availability. up to 15 Aurora replicas can be distributed across the AZ that a DB cluster spans within an AWS region. TO INCREASE AVAILABILITY Use Aurora Replicas as failover targets Amazon Aurora DB cluster --------- Correct Answer --------- consists of a DB instance and a cluster volume that represents the data for the DB cluster copied across 3 AZ's as a single virtual volume. it is compatible with either MySQL or PostgreSQL. The DB classic contains a primary instances and optionally up to 15 Aurora replicas Aurora Global Database --------- Correct Answer --------- a new feature in the my SQL edition of the episode of Aurora which is designed for applications with a global footprint. allows a single Aurora database to span multiple AWS regions with fast replication to enable low latency global reads and disaster recovery from region wide outages. Amazon instance store --------- Correct Answer --------- offers very high performance and low latency. as long as you can afford to lose an instance, you can use this to replicate your data with high performance low latency. Amazon FSx for Lustre --------- Correct Answer --------- high performance file system optimized for fast processing of workloads such as machine learning HPC video processing financial modeling. Amazon FSX for Lustre works natively with Amazon S3. Amazon FSX for Windows file server means that you would have to work with a Windows based application. Amazon RDS and Snapshots --------- Correct Answer --------- snapchats are encrypted when created only if the database is encrypted and you can only select encryption for the database when you first create it. if at a later time you need to encrypt the database you can create an encrypted copy of a snapshot. then you can restore using that snapshot which creates a new DB instance that has encryption enabled from that point on encryption will be enabled on all snapshots. VPG --------- Correct Answer --------- a virtual private gateway is used to set up an AWS VPN and combine it with direct connect to encrypt all data that goes through the direct connect link. Amazon STS --------- Correct Answer --------- used for requesting temporary credentials What are the four main IAM options? --------- Correct Answer --------- Groups - collection of users that have policies attached User - represents a person or service. 5k users per Account Role - roles are created and then assumed by trusted entities and define a set of permissions for making AWS service requests Policies - define permissions and can be applied to users, groups and roles what are the three types of placement groups? --------- Correct Answer --------- cluster - packs instances together inside an AZ. great for workloads that need low latency network performance for a tightly coupled node to node communication. when you see HPC think cluster. Partition - spread your instances across logical partitions so that groups of instances in one partition do not share the underlying hardware with groups of instances in other partitions. This is a strategy for large distributed and replicated workloads like Hadoop. Spread - strictly plays a small group of instances across distinct underlying hardware to reduce correlated failures ENI --------- Correct Answer --------- elastic network interface A logical networking component in a VPC that represents a virtual network card. ENA --------- Correct Answer --------- elastic network adapter. used for enhanced networking when you need to have a higher bandwidth or lower latency between instances EFA --------- Correct Answer --------- an ENA with additional capabilities. elastic fabric adapter enables customers to run application requiring high levels of internode communication at scale. What are the three types of Subnets? --------- Correct Answer --------- Public Subnet - subnet's traffic is routed to an internet gateway Private Subnet - traffic does not route to an Internet Gateway VPN-only subnet - traffic is routed to a virtual private gateway for a VPN connection VPC Peering --------- Correct Answer --------- a way to set up a network connection so that you can send traffic through VPCs using Private IP addresses via CIDR blocks of the VPC VPC Sharing --------- Correct Answer --------- Allow other AWS accounts to create their application resources (Like EC2, RDS, RedShift, Lambda) into shared centrally- managed VPCs What can be done to enhance security on an Amazon Elasticache for Reddis cluster? -- ------- Correct Answer --------- you can require that users enter a token on a token protected rather server to do this you need to run the Redis AUTH command. CLI: --auth-token API: AuthToken HTTP Codes --------- Correct Answer --------- 200 - OK 400 - Bad Request 429 - Too many requests 503 - Service Unavailable What is a cost-effective solution to provide a backup for a direct connect connection? --- ------ Correct Answer --------- implement an IPsec VPN connection and use the same BGP prefix. BGP - Border Gateway Protocol PTR Records --------- Correct Answer --------- reverse lookup records when you use the IP to find the DNS name What are the best techniques to help ensure availability of services for a high-profile website in the case of a DDoS attack? --------- Correct Answer --------- configure auto scaling with a high maximum number of instances to ensure that it can scale accordingly use cloud front for distributing both static and dynamic content VPC Endpoints --------- Correct Answer --------- enables you to privately connect your VPC to supported AWS services. there are two types Interface Endpoint: - an Elastic Network Interface with a Private IP - uses DNS entries to redirect traffic - Uses Security Groups - API Gateway, CloudFormation, CloudWatch Gateway Endpoint: - a gateway that is a Target for a specific route - uses prefix lists and the route table to redirect traffic - VPC Endpoint Policies - Amazon S3, Dynamo DB Cognito User Pool --------- Correct Answer --------- a user directory in Amazon cognito. with a user pool, users can sign into web or mobile apps through Amazon cognito or federate through a third party identity provider Cognito Identity Pools --------- Correct Answer --------- provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token. Key Pairs --------- Correct Answer --------- used in EC2 for access to instances AWS Batch --------- Correct Answer --------- AWS batch multi-node parallel jobs enables you to run single jobs that span multiple Amazon EC2 instances with AWS batch multi-node parallel jobs you can run large scale tightly coupled high- performance computing applications why might an EC2 instance immediately terminate? --------- Correct Answer --------- -you have reached your EBS volume limit -an EBS snapshot is corrupt -the root EBS volume is encrypted and you do not have permission to access the KMS key for decryption -The instance store backed AMI that you used to launch the instance is missing a required part Pilot Light (Disaster Recovery) --------- Correct Answer --------- Minimal version of environment is always running in the cloud. backup and restore disaster recovery --------- Correct Answer --------- This is the lowest cost DR approach that simply entails creating online backups of all data and application Warm Standby (Disaster Recovery) --------- Correct Answer --------- The term warm standby is used to describe a DR scenario in which a scale down version of a fully functional environment is always running in the cloud Multi-site disaster recovery --------- Correct Answer --------- a multi-site solution runs on AWS as well as on your existing on-site infrastructure and an active active configuration What is a use case for Systems Manager Parameter Store? --------- Correct Answer ----- ---- when an application like Lambda must use database credentials to authenticate to mySQL. typically the scenario would say that the credentials must not be stored in the function code. systems manager parameters store provides secure hierarchical storage for configuration data management and secrets management How to encrypt data at rest and in transit to S3? --------- Correct Answer --------- you can securely upload or download your data to Amazon S3 via SSL endpoints using the HTTPS protocol ( in transit SSL/TLS ) you have the option of encrypting the data locally before it is uploaded or uploading SSL/TLS so it is secure and transit and encrypting on the Amazon S3 side using us three managed keys. The keys will be AES 256 bit keys. How can you make programmatic API calls to IAM? --------- Correct Answer --------- AWS recommends that you use *AWS SDKs* or you can also use the *IAM query API* to make direct calls to the IAM web service. And access key ID and secret access key must be used for authentication when using the query API Failover Routing --------- Correct Answer --------- used for active passive configurations. let's see about traffic to a resource from the resource is healthy or to a different resource when it's unhealthy. Why would you choose Amazon Elasticache with Memcached? --------- Correct Answer --------- In-memory database that can be used as a database caching layer. Supports: multiple CPU cores and threads (Redis does not) large nodes What are five best practices for DynamoDB? --------- Correct Answer --------- 1. keep item sizes small 2. if you are a storing serial data and DynamoDB that will require action based on data or time use separate tables for days weeks and months 3. store more frequently and less frequently accessed data and separate tables 4. if possible compressed larger attribute values 5. store objects larger than 400 KB and S3 and use pointers (S3 object ID) in DynamoDB What is Amazon Redshift? --------- Correct Answer --------- enterprise-level petabyte scale fully managed data warehousing service it uses columnar storage to improve the performance of complex queries you can use the copy command to load data into a red shift data warehouse and run the analytic queries there. Dedicated Host vs. Dedicated Instance --------- Correct Answer --------- dedicated host - an Amazon EC2 dedicated host. it's a physical server with EC2 instance capacity fully Security Group vs Network ACLs --------- Correct Answer --------- Security Group vs Network ACLs 1. operates at the *instance* level versus the *subnet* level 2. supports *allow rules only* versus allow *and deny rules* 3. stateful versus stateless 4. evaluate all rules versus processes rules in order 5. applies to an instance only if associated with a group versus automatically applies to all instances in the subnets it's associated with encrypting elastic block store volumes --------- Correct Answer --------- data and transit between an instance and an encrypted volume is also encrypted. there is no direct way to change the encryption state of a volume. all EBS types of an all-instance families support encryption, but not all instance types support encryption. you can have encrypted and non-encrypted EBS volumes on a single instance What are the default inbound outbound rules of a network ACL? --------- Correct Answer --------- default inbound and outbound rule denies all traffic AWS SAM --------- Correct Answer --------- an extension of AWS cloud formation that is used to package test and deploy serverless applications AWS XRay --------- Correct Answer --------- analyze a debug so you can ask applications by providing distributed tracing and service maps to easily identify performance bottlenecks by visualizing the request end to end What are the possible protocols for an ALB? --------- Correct Answer --------- http and https Enhanced networking --------- Correct Answer --------- provides higher bandwidth higher packet per second performance and consistently lower into instance latencies. AWS Beanstalk --------- Correct Answer --------- can be used to quickly deploy and manage applications in the AWS Cloud developers upload applications and elastic being stock handles the deployment details of capacity provisioning load balancing auto scaling and application health monitoring. elastic beanstalk supports applications developed and go Java .NET node JS PHP Python and Ruby AWS CloudFormation --------- Correct Answer --------- uses templates to deploy infrastructure as code sticky sessions --------- Correct Answer --------- sessions stickiness uses cookies and ensures the client is bound to an individual backend instance for the division of the cookie lifetime proxy protocol --------- Correct Answer --------- the proxy protocol header helps you identify the IP address of a client when you have a load balancer that uses TCP for back end connections Connection Draining --------- Correct Answer --------- enabled by default and provides a period of time for existing connections for ec2 instances to close cleanly Deletion Protection --------- Correct Answer --------- used to protect the ELB from Deletion What feature allows an Architect to specify scripts the software can be installed during EC2 instance launch? --------- Correct Answer --------- user data. when you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. two types of data: shell scripts and cloud-init directives Amazon EMR --------- Correct Answer --------- Amazon EMR provides a managed Hadoop framework that makes it easy, fast, and costeffective to process vast amounts of data across dynamically scalable EC2 instances and S3. Amazon S3 Select --------- Correct Answer --------- analyzes and processes data within an object in Amazon S3 buckets faster and cheaper Amazon ElasiSearch --------- Correct Answer --------- a fully managed service that makes it easy to deploy, secure, operate and scale ElastiSearch to Search, Analyze and Visualize Data in Real Time Amazon SWF --------- Correct Answer --------- helps developers build, run and scale background jobs that have parallel / sequential steps Amazon API Gateway --------- Correct Answer --------- a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. *Decouples* the client application from the back end application layer by providing a single endpoint for API requests AWS Device Farm --------- Correct Answer --------- AWS Device Farm is an app testing service that lets you test and interact with your Android, iOS, and web apps on many devices at once, or reproduce issues on a device in real time. Amazon Cognito --------- Correct Answer --------- Amazon Cognito lets you easily add user sign-up and sign-in to your mobile and web apps ALB --------- Correct Answer --------- Application Load Balancer distributes incoming connection requests to back-end EC2 instances. SCP --------- Correct Answer --------- Service Control Policies (SCPs) offer central control over the maximum available permissions for all accounts in your organization allowing you to ensure your accounts stay within your organization's access control guidelines. VPG --------- Correct Answer --------- a VPG is used to set up an AWS VPN which you can use in combination with direct connect to encrypt all data that traverses the direct connect link AWS WAF --------- Correct Answer --------- AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. allows you to create rules that help protect against common web exploits like SQL injection and cross-site scripting. Internet Gateway --------- Correct Answer --------- an internet gateway says two purposes to provide a target in your VPC route tables for internet routable traffic and to perform the network address translation for instances that have been assigned public IPv4 for addresses. supports IPv4 and IPv6 traffic. It does not cause availability risks or bandwidth constraints on your network traffic. Amazon Route 53 Health Check --------- Correct Answer --------- you can use Route 53 to check the house of your resources and only return healthy resources and response to DNS queries. 3 types of failover configuration: can the Architect take to address this requirement? --------- Correct Answer --------- Modify the Redshift cluster and configure cross-region snapshots to the other region. A popular e-commerce application runs on AWS. The application encounters performance issues. The database is unable to handle the amount of queries and load during peak times. The database is running on the RDS Aurora engine on the largest instance size available.What should an administrator do to improve performance? ------- -- Correct Answer --------- Create one or more read replicas. A Solutions Architect is designing the architecture for a new three-tier web-based e- commerce site that must be available 24/7. Requests are expected to range from 100 to 10,000 each minute. Usage can vary depending on time of day, holidays, and promotions. The design should be able to handle these volumes, with the ability to handle higher volumes if necessary.How should the Architect design the architecture to ensure the web tier is cost-optimized and can handle the expected traffic? (Select two.) --------- Correct Answer --------- 1. Launch Amazon EC2 instances in an Auto Scaling group behind an ELB. 2. Create an CloudFront distribution pointing to static content in Amazon S3. A Solution Architect is designing a three-tier web application. The Architect wants to restrict access to the database tier to accept traffic from the application servers only. However, these application servers are in an Auto Scaling group and may vary in quantity.How should the Architect configure the database servers to meet the requirements? --------- Correct Answer --------- Configure the database security group to allow database traffic from the application server security group. An Internet-facing multi-tier web application must be highly available. An ELB Classic Load Balancer is deployed in front of the web tier. Amazon EC2 instances at the web application tier are deployed evenly across two Availability Zones. The database is deployed using RDS Multi-AZ. A NAT instance is launched for AmazonEC2 instances and database resources to access the Internet. These instances are not assigned with public IP addresses.Which component poses a potential single point of failure in this architecture? --------- Correct Answer --------- NAT instance A call center application consists of a three-tier application using Auto Scaling groups to automatically scale resources as needed. Users report that every morning at 9:00 AM the system becomes very slow for about 15 minutes. A Solution Architect determines that a large percentage of the call center staff starts work at 9:00AM, so Auto Scaling does not have enough time to scale out to meet demand.How can the Architect fix the problem? --------- Correct Answer --------- Create an Auto Scaling scheduled action to scale out the necessary resources at 8:30 AM every morning. An e-commerce application is hosted in AWS. The last time a new product was launched, the application experienced a performance issue due to an enormous spike in traffic. Management decided that capacity must be doubled the week after the product is launched.Which is the MOST efficient way for management to ensure that capacity requirements are met? --------- Correct Answer --------- Add a Scheduled Scaling action. A customer owns a simple API for their website that receives about 1,000 requests each day and has an average response time of 50 ms. It is currently hosted on one c4.large instance.Which changes to the architecture will provide high availability at the LOWEST cost? --------- Correct Answer --------- Recreate the API using Amazon API Gateway and use AWS Lambda as the service backend. A Solution Architect is designing an application that uses Amazon EBS volumes. The volumes must be backed up to a different region.How should the Architect meet this requirement? --------- Correct Answer --------- Create EBS snapshots and then copy them to the desired region. A company is using an Amazon S3 bucket located in us-west-2 to serve videos to their customers. Their customers are located all around the world and the videos are requested a lot during peak hours. Customers in Europe complain about experiencing slow downloaded speeds, and during peak hours, customers in all locations report experiencing HTTP 500 errors.What can a Solutions Architect do to address these issues? --------- Correct Answer --------- Cache the web content with Amazon CloudFront and use all Edge locations for content delivery. A Solutions Architect is designing a solution that includes a managed VPN connection.To monitor whether the VPN connection is up or down, the Architect should use: --------- Correct Answer --------- the CloudWatch TunnelState Metric. A social networking portal experiences latency and throughput issues due to an increased number of users. Application servers use very large datasets from anAmazon RDS database, which creates a performance bottleneck on the database.Which AWS service should be used to improve performance? --------- Correct Answer --------- A Solutions Architect is designing network architecture for an application that has compliance requirements. The application will be hosted on Amazon EC2 instances in a private subnet and will be using Amazon S3 for storing data. The compliance requirements mandate that the data cannot traverse the publicInternet.What is the MOST secure way to satisfy this requirement? --------- Correct Answer --------- Use a VPC endpoint. Developers are creating a new online transaction processing (OLTP) application for a small database that is very read-write intensive. A single table in the database is updated continuously throughout the day, and the developers want to ensure that the database performance is consistent.Which Amazon EBS storage option will achieve the MOST consistent performance to help maintain application performance? --------- Correct Answer --------- Provisioned IOPS SSD A Solutions Architect is designing a log-processing solution that requires storage that supports up to 500 MB/s throughput. The data is sequentially accessed by an Amazon EC2 instance.Which Amazon storage type satisfies these requirements? --------- Correct Answer --------- EBS Throughput Optimized HDD (st1) A company's development team plans to create an Amazon S3 bucket that contains millions of images. The team wants to maximize the read performance of Amazon S3. Which naming scheme should the company use? --------- Correct Answer --------- Add a date as the prefix A Solutions Architect needs to design a solution that will enable a security team to detect, review, and perform root cause analysis of security incidents that occur in a cloud environment. The Architect must provide a centralized view of all API events for current and future AWS regions.How should the Architect accomplish this task? --------- Correct Answer --------- Enable AWS CloudTrail by creating a new trail and apply the trail to all regions. A company has a legacy application using a proprietary file system and plans to migrate the application to AWS.Which storage service should the company use? --------- Correct Answer --------- Amazon EBS A company plans to use AWS for all new batch processing workloads. The company's developers use Docker containers for the new batch processing. The system design must accommodate critical and non-critical batch processing workloads 24/7.How should a Solutions Architect design this architecture in a cost-efficient manner? --------- Correct Answer --------- Use Amazon ECS orchestration and Auto Scaling groups: one with Reserve Instances, one with Spot Instances. A company is evaluating Amazon S3 as a data storage solution for their daily analyst reports. The company has implemented stringent requirements concerning the security of the data at rest. Specifically, the CISO asked for the use of envelope encryption with separate permissions for the use of an envelope key, automated rotation of the encryption keys, and visibility into when an encryption key was used and by whom.Which steps should a Solutions Architect take to satisfy the security requirements requested by the CISO? --------- Correct Answer --------- Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with AWS KMS-Managed Keys (SSE- KMS). A customer has a production application that frequently overwrites and deletes data, the application requires the most up-to-date version of the data every time it is requested.Which storage should a Solutions Architect recommend to bet accommodate this use case? --------- Correct Answer --------- Amazon RDS A Solutions Architect is designing a photo application on AWS. Every time a user uploads a photo to Amazon S3, the Architect must insert a new item to aDynamoDB Users connect to the application from the Internet. The application servers and database must be secure.How should a Solutions Architect perform this task? --------- Correct Answer --------- Create a private subnet for the Amazon EC2 instances and a private subnet for the Amazon RDS cluster. A Solutions Architect is designing a solution for a media company that will stream large amounts of data from an Amazon EC2 instance. The data streams are typically large and sequential, and must be able to support up to 500 MB/s.Which storage type will meet the performance requirements of this application? --------- Correct Answer --------- EBS Throughput Optimized HDD A legacy application running in premises requires a Solutions Architect to be able to open a firewall to allow access to several Amazon S3 buckets. The Architect has a VPN connection to AWS in place.How should the Architect meet this requirement? --------- Correct Answer --------- Create an IAM role that allows access from the corporate network to Amazon S3. A Solutions Architect is designing a database solution that must support a high rate of random disk reads and writes. It must provide consistent performance, and requires long-term persistence.Which storage solution BEST meets these requirements? --------- Correct Answer --------- An Amazon EBS Provisioned IOPS volume A Solutions Architect is designing solution with AWS Lambda where different environments require different database passwords.What should the Architect do to accomplish this in a secure and scalable way? --------- Correct Answer --------- Use encrypted AWS Lambda environmental variables A news organization plans to migrate their 20 TB video archive to AWS. The files are rarely accessed, but when they are, a request is made in advance and a 3 to5-hour retrieval time frame is acceptable. However, when there is a breaking news story, the editors require access to archived footage within minutes.Which storage solution meets the needs of this organization while providing the LOWEST cost of storage? --------- Correct Answer --------- Store the archive in Amazon Glacier and pay the additional charge for expedited retrieval when needed. A Solutions Architect is building a multi-tier website. The web servers will be in a public subnet, and the database servers will be in a private subnet. Only the web servers can be accessed from the Internet. The database servers must have Internet access for software updates.Which solution meets the requirements? --------- Correct Answer ------- -- Use a NAT Gateway. A Solutions Architect is designing a Lambda function that calls an API to list all running Amazon RDS instances.How should the request be authorized? --------- Correct Answer --------- Create an IAM role to the Lambda function with permissions to list all Amazon RDS instances A Solutions Architect is building an application on AWS that will require 20,000 IOPS on a particular volume to support a media event. Once the event ends, theIOPS need is no longer required. The marketing team asks the Architect to build the platform to optimize storage without incurring downtime.How should the Architect design the platform to meet these requirements? --------- Correct Answer --------- Change the EBS volume type to Provisioned IOPS. A Solutions Architect is building a new feature using a Lambda to create metadata when a user uploads a picture to Amazon S3. All metadata must be indexed.Which AWS service should the Architect use to store this metadata? --------- Correct Answer --------- Amazon DynamoDB An interactive, dynamic website runs on Amazon EC2 instances in a single subnet behind an ELB Classic Load Balancer.Which design changes will make the site more highly available? --------- Correct Answer --------- Move some Amazon EC2 instances to a subnet in a different way. A Solutions Architect is designing a web application that is running on an Amazon EC2 instance. The application stores data in DynamoDB. The Architect needs to secure access to the DynamoDB table.What combination of steps does AWS recommend to achieve secure authorization? (Select two.) --------- Correct Answer --------- 1. Create an IAM role with permissions to write to the DynamoDB table. 2. Attach an IAM role to the Amazon EC2 instance. A Solutions Architect is about to deploy an API on multiple EC2 instances in an Auto Scaling group behind an ELB. The support team has the following operational requirements:1 They get an alert when the requests per second go over 50,0002 They get an alert when latency goes over 5 seconds3 They can validate how many times a day users call the API requesting highly-sensitive dataWhich combination of steps does the Architect need to take to satisfy these operational requirements? (Select two.) -------- - Correct Answer --------- 1. Create a custom CloudWatch metric to monitor the API for data access. 2. Ensure that detailed monitoring for the EC2 instances is enabled. A Solutions Architect is designing a highly-available website that is served by multiple web servers hosted outside of AWS. If an instance becomes unresponsive, the Architect needs to remove it from the rotation.What is the MOST efficient way to fulfill this requirement? --------- Correct Answer --------- Use Amazon Route 53 health checks. A company hosts a popular web application. The web application connects to a database running in a private VPC subnet. The web servers must be accessible only to customers on an SSL connection. The RDS MySQL database server must be accessible only from the web servers.How should the Architect design a solution to meet the requirements without impacting running applications? --------- Correct Answer - -------- Open an HTTPS port on the security group for web servers and set the source to 0.0.0.0/0. Open the MySQL port on the database security group and attach it to the MySQL instance. Set the source to Web Server Security Group. Which service should an organization use if it requires an easily managed and scalable platform to host its web application running on Nginx? --------- Correct Answer --------- AWS Elastic Beanstalk An Administrator is hosting an application on a single Amazon EC2 instance, which users can access by the public hostname. The administrator is adding a second instance, but does not want users to have to decide between many public hostnames.Which AWS service will decouple the users from specific Amazon EC2 instances? --------- Correct Answer --------- Amazon ELB A Solutions Architect is designing a microservices-based application using Amazon ECS. The application includes a WebSocket component, and the traffic needs to be distributed between microservices based on the URL.Which service should the Architect choose to distribute the workload? --------- Correct Answer --------- ELB Application Load Balancer A Solutions Architect is designing the storage layer for a production relational database. The database will run on Amazon EC2. The database is accessed by an application that performs intensive reads and writes, so the database requires the LOWEST random I/O latency.Which data storage method fulfills the above requirements? --------- Correct Answer --------- Stripe data across multiple Amazon EBS volumes using RAID 0. A Solutions Architect is designing a VPC. Instances in a private subnet must be able to establish IPv6 traffic to the Internet. The design must scale automatically and not incur any additional cost.This can be accomplished with: --------- Correct Answer --------- an egress-only internet gateway A web application stores all data in an Amazon RDS Aurora database instance. A Solutions Architect wants to provide access to the data for a detailed report for the Marketing team, but is concerned that the additional load on the database will affect the performance of the web application.How can the report be created without affecting the performance of the application? --------- Correct Answer --------- Create a read replica of the database. A company has an application that stores sensitive data. The company is required by government regulations to store multiple copies of its data.What would be the MOST resilient and cost-effective option to meet this requirement? --------- Correct Answer ------ --- Amazon S3 A company is using AWS Key Management Service (AWS KMS) to secure their Amazon RDS databases. An auditor has recommended that the company log all use of their AWS KMS keys.What is the SIMPLEST solution? --------- Correct Answer --------- Use AWS CloudTrail to log AWS KMS key usage. A client notices that their engineers often make mistakes when creating Amazon SQS queues for their backend system.Which action should a Solutions Architect recommend to improve this process? --------- Correct Answer --------- Use AWS CloudFormation Templates to manage the Amazon SQS queue creation. Hide Solution Discussion 5 A development team is building an application with front-end and backend application tiers. Each tier consists of Amazon EC2 instances behind an ELB ClassicLoad Balancer. The instances run in Auto Scaling groups across multiple Availability Zones. The network team has allocated the 10.0.0.0/24 address space for this application. Only the front-end load balancer should be exposed to the Internet. There are concerns about the limited size of the address space and the ability of each tier to scale.What should the VPC subnet design be in each Availability Zone? --------- Correct Answer ----- ---- One public subnet for the load balancer tier and one shared private subnet for the application tiers. A Solutions Architect must select the storage type for a big data application that requires very high sequential I/O. The data must persist if the instance is stopped.Which of the following storage types will provide the best fit at the LOWEST cost for the application? --------- Correct Answer --------- An Amazon EBS throughput optimized HDD volume. Two Auto Scaling applications, Application A and Application B, currently run within a shared set of subnets. A Solutions Architect wants to make sure thatApplication A can make requests to Application B, but Application B should be denied from making requests to Application A.Which is the SIMPLEST solution to achieve this policy? -------- - Correct Answer --------- Using security groups that reference the security groups of the other application Legacy applications currently send messages through a single Amazon EC2 instance, which then routes the messages to the appropriate destinations. TheAmazon EC2 instance is a bottleneck and single point of failure, so the company would like to address these issues.Which services could address this architectural use case? (Choose two.) --------- Correct Answer --------- 1. Amazon SNS 2. Amazon SQS A Solutions Architect needs to design an architecture for a new, mission-critical batch processing billing application. The application is required to run Monday,Wednesday, and Friday from 5 AM to 11 AM.Which is the MOST cost-effective Amazon EC2 pricing model? --------- Correct Answer --------- Scheduled Reserved Instances A workload consists of downloading an image from an Amazon S3 bucket, processing the image, and moving it to another Amazon S3 bucket. An Amazon EC2 instance runs a scheduled task every hour to perform the operation.How should a Solutions Architect redesign the process so that it is highly available? --------- Correct Answer --------- Trigger a Lambda function when a new object is uploaded. An application is running on an Amazon EC2 instance in a private subnet. The application needs to read and write data onto Amazon Kinesis Data Streams, and corporate policy requires that this traffic should not go to the internet.How can these requirements be met? --------- Correct Answer --------- Configure an interface VPC endpoint for Kinesis and route all traffic to Kinesis through the gateway VPC endpoint. A Solutions Architect is building an application that stores object data. Compliance requirements state that the data stored is immutable.Which service meets these requirements? --------- Correct Answer --------- Amazon Glacier A Solutions Architect is defining a shared Amazon S3 bucket where corporate applications will save objects.How can the Architect ensure that when an application uploads an object to the Amazon S3 bucket, the object is encrypted? --------- Correct Answer --------- Enable default encryption on the bucket. An application tier currently hosts two web services on the same set of instances, listening on different ports.Which AWS service should a Solutions Architect use to route traffic to the service based on the incoming request path? --------- Correct Answer -------- - AWS Application Load Balancer A data analytics startup company asks a Solutions Architect to recommend an AWS data store options for indexed data. The data processing engine will generate and input more than 64 TB of processed data every day, with item sizes reaching up to 300 KB. The startup is flexible with data storage and is more interested in a database that requires minimal effort to scale with a growing dataset size.Which AWS data store service should the Architect recommend? --------- Correct Answer --------- Amazon DynamoDB A Solutions Architect needs to allow developers to have SSH connectivity to web servers. The requirements are as follows:✑ Limit access to users origination from the corporate network.✑ Web servers cannot have SSH access directly from the Internet.✑ Web servers reside in a private subnet.Which combination of steps must the Architect complete to meet these requirements? (Choose two.) --------- Correct Answer --------- 1. Create a bastion host with security group rules that only allow traffic from the corporate network. 2. Configure the web servers' security group to allow SSH traffic from a bastion host. A Solutions Architect needs to use AWS to implement pilot light disaster recovery for a three-tier web application hosted in an on-premises datacenter.Which solution allows rapid provision of working, fully-scaled production environment? --------- Correct Answer --------- Continuously replicate the production database server to Amazon RDS. Use AWS CloudFormation to deploy the application and any additional servers if necessary. A Solutions Architect notices slower response times from an application. The CloudWatch metrics on the MySQL RDS indicate Read IOPS are high and fluctuate significantly when the database is under load.How should the database environment be re-designed to resolve the IOPS fluctuation? --------- Correct Answer --------- Change the storage type to Provisioned IOPS. A Solutions Architect is designing a solution that can monitor memory and disk space utilization of all Amazon EC2 instances running Amazon Linux andWindows.Which solution meets this requirement? --------- Correct Answer --------- Custom Amazon CloudWatch metrics A Solutions Architect is creating a new relational database. The Compliance team will use the database, and mandates that data content must be stored across three different Availability Zones.Which of the following options should the Architect Use? --------- Correct Answer --------- Amazon Aurora A company needs to quickly ensure that all files created in an Amazon S3 bucket in us- east-1 are also available in another bucket in ap-southeast-2.Which option represents the SIMPLIEST way to implement this design? --------- Correct Answer --------- Enable versioning and configure cross-region replication from the bucket in us-east-1 to the bucket in ap-southeast-2. An organization has a long-running image processing application that runs on Spot Instances that will be terminated when interrupted. A highly available workload must be designed to respond to Spot Instance interruption notices. The solution must include a two-minute warning when there is not enough capacity.How can these requirements be met? --------- Correct Answer --------- Use Amazon CloudWatch Events to invoke an AWS Lambda function that can launch On-Demand Instances. A company has an Amazon RDS-managed online transaction processing system that has very heavy read and write. The Solutions Architect notices throughput issues with the system.How can the responsiveness of the primary database be improved? --------- Correct Answer --------- Offload SELECT queries that can tolerate stale data to READ replica. A company is designing a failover strategy in Amazon Route 53 for its resources between two AWS Regions. The company must have the ability to route a user's traffic to the region with least latency, and if both regions are healthy, Route 53 should route traffic to resources in both regions.Which strategy should the Solutions Architect recommend? --------- Correct Answer --------- Configure active-active failover using Route 53 latency DNS records. A company is developing several critical long-running applications hosted on Docker.How should a Solutions Architect design a solution to meet the scalability and orchestration requirements on AWS? --------- Correct Answer --------- Use Amazon ECS and Service Auto Scaling. An organization must process a stream of large-volume hashtag data in real time and needs to run custom SQL queries on the data to get insights on certain tags.The organization needs this solution to be elastic and does not want to manage clusters.Which of the following AWS services meets these requirements? --------- Correct Answer --------- Amazon Kinesis Data Analytics Which requirements must be met in order for a Solutions Architect to specify that an Amazon EC2 instance should stop rather than terminate when its SpotInstance is interrupted? (Choose two.) --------- Correct Answer --------- 1. The Spot Instance request type must be persistent. 2. The root volume must be an Amazon EBS volume. An application hosted on AWS uses object storage for storing internal reports that are accessed daily by the CFO. Currently, these reports are publicly available.How should a Solutions Architect re-design this architecture to prevent unauthorized access to these reports? --------- Correct Answer --------- Store the files on Amazon S3 and use the application to generate S3 pre-signed URLs to users. A Solutions Architect is designing an application on AWS that will connect to the on- premise data center through a VPN connection. The solution must be able to log network traffic over the VPN.Which service logs this network traffic? --------- Correct Answer --------- Amazon VPC flow logs A company wants to durably store data in 8 KB chunks. The company will access the data once every few months. However, when the company does access the data, it must be done with as little latency as possible.Which AWS service should a Solutions Architect recommend if cost is NOT a factor? --------- Correct Answer --------- Amazon DynamoDB A media company has more than 100TB of data to be stored and retrieved infrequently. However, the company occasionally receives requests for data within an hour. The company needs a low-cost retrieval method to handle the requests.Which service meets this requirement? --------- Correct Answer --------- Amazon S3 Standard Infrequent Access An on-premises database is experiencing significant performance problems when running SQL queries. With 10 users, the lookups are performing as expected.As the number of users increases, the lookups take three times longer than expected to return values to an application.Which action should a Solutions Architect take to maintain performance as the user count increases? --------- Correct Answer --------- Configure Amazon RDS with additional read replicas. A team has an application that detects new objects being uploaded into an Amazon S3 bucket. The uploads trigger a Lambda function to write object metadata into an Amazon DynamoDB table and RDS PostgreSQL database.Which action should the team take to ensure high availability? --------- Correct Answer --------- Enable multi-AZ on the RDS PostgreSQL database. A media company must store 10 TB of audio recordings. Retrieval happens infrequently and requestors agree on an 8-hour turnaround time.What is the MOST cost-effective solution to store the files? --------- Correct Answer --------- Amazon Glacier A company wants to improve the performance of their web application after receiving customer complaints. An analysis concluded that the same complex database queries were causing increased latency.What should a Solutions Architect recommend to improve the application's performance? --------- Correct Answer --------- Integrate Amazon ElastiCache into the application. Which tool analyzes account resources and provides a detailed inventory of changes over time? --------- Correct Answer --------- AWS Config A Solutions Architect is designing a solution that will include a database in Amazon RDS. Corporate security policy mandates that the database, its logs, and its backups are all encrypted.Which is the MOST efficient option to fulfill the security policy using Amazon RDS? --------- Correct Answer --------- Launch an Amazon RDS instance with encryption enabled. Logs and backups are automatically encrypted. A Solutions Architect is designing a public-facing web application for employees to upload images to their social media account. The application consists of multiple Amazon EC2 instances behind an elastic load balancer, an Amazon S3 bucket where uploaded images are stored, and an Amazon DynamoDB table for storing image metadata.Which AWS service can the Architect use to automate the process of updating metadata in the DynamoDB table upon image upload? --------- Correct Answer --------- AWS Lambda A company's policy requires that all data stored in Amazon S3 is encrypted. The company wants to use the option with the least overhead and does not want to manage any encryption keys.Which of the following options will meet the company's requirements? --------- Correct Answer --------- Server Side Encryption (SSE-S3) A company has gigabytes of web log files stored in an Amazon S3 bucket. A Solutions Architect wants to copy those files into Amazon Redshift for analysis. The company's security policy mandates that data is encrypted at rest both in the Amazon Redshift cluster and the Amazon S3 bucket.Which process will fulfill the security requirements? - -------- Correct Answer --------- Enable server-side encryption on the Amazon S3 bucket. Launch an encrypted Amazon Redshift cluster. Copy the data into the Amazon Redshift cluster. An application runs on Amazon EC2 instances in an Auto Scaling group. When instances are terminated, the Systems Operations team cannot determine the route cause, because the logs reside on the terminated instances and are lost.How can the root cause be determined? --------- Correct Answer --------- Use an Amazon CloudWatch agent to push the logs to Amazon CloudWatch Logs. A Solutions Architect is designing a customer order processing application that will likely have high usage spikes.What should the Architect do to ensure that customer orders are not lost before being written to an Amazon RDS database? (Choose two.) --------- Correct Answer --------- 1. Have the orders written into an Amazon SQS queue. 2. Scale the number of processing nodes based on pending order volume. Employees from several companies use an application once a year during a specific 30- day period. The periods are different for each company. Traffic to the application spikes during these 30-day periods.How can the application be designed to handle these traffic spikes? --------- Correct Answer --------- Use an Auto Scaling group to scale the number of EC2 instances to match the site traffic. A restaurant reservation application needs the ability to maintain a waiting list. When a customer tries to reserve a table, and none are available, the customer must be put on the waiting list, and the application must notify the customer when a table becomes free.What service should the Solutions Architect recommend to ensure that the system respects the order in which the customer requests are put onto the waiting list? --------- Correct Answer --------- A FIFO queue in Amazon SQS A Solutions Architect is designing a solution for a dynamic website, "example.com," that is deployed in two regions: Tokyo, Japan and Sydney, Australia. TheArchitect wants to ensure that users located in Australia are directed to the website deployed in the Sydney region and users located in Japan are redirected to the website in the Tokyo region when they browse to "example.com".Which service should the Architect use to achieve this goal with the LEAST administrative effort? --------- Correct Answer --------- Amazon Route 53 A company has a popular multi-player mobile game hosted in its on-premises datacenter. The current infrastructure can no longer keep up with demand and the company is considering a move to the cloud.Which solution should a Solutions Architect recommend as the MOST scalable and cost-effective solution to meet these needs? ---- ----- Correct Answer --------- AWS Lambda and Amazon API Gateway A company has instances in private subnets that require outbound access to the internet.This requires: --------- Correct Answer --------- Updating the route table associated with the subnet to point internet traffic through a NAT gateway. An organization regularly backs up their application data. The application backups are required to be stored on Amazon S3 for a certain amount of time. The backups should be accessed instantly in the event of a disaster recovery.Which of the following Amazon S3 storage classes would be the MOST cost-effective option to meet the needs of this scenario? --------- Correct Answer --------- Standard Infrequent Access (IA) 2. Create an IPSec VPN tunnel between the customer site and the VPC, and use the VPN tunnel to connect to the database. A web application running on Amazon EC2 instances writes data synchronously to an Amazon DynamoDB table configured for 60 write capacity units. During normal operation the application writes 50 KB/s to the tale, but can scale up to 500 KB/ s during peak hours. The application is currently throttling errors from theDynamoDB table during peak hours.What is the MOST cost-efficient change to support the increased traffic with minimal changes to the application? --------- Correct Answer --------- Configure Amazon DynamoDB Auto Scaling to handle the extra demand. One company wants to share the contents of their Amazon S3 bucket with another company. Security requirements mandate that only the other company's AWS accounts have access to the contents of the Amazon S3 bucket.Which Amazon S3 feature will allow secure access to the Amazon S3 bucket? --------- Correct Answer --------- Bucket policy A Solutions Architect is designing a service that must have four Amazon EC2 instances running between 8 AM and 6 PM daily. The service requires one EC2 instance outside of those hours.What is the MOST cost-effective way to provide enough compute? -------- - Correct Answer --------- Use one Amazon EC2 Reserved Instance and use an Auto Scaling Group scheduled action to add three EC2 On-Demand instances at 7:30 AM and remove three instances at 6:10 PM. A company plans to use an Amazon VPC to deploy a web application consisting of an elastic load balancer, a fleet of web and application servers, and anAmazon RDS MySQL database that should not be accessible from the Internet. The proposed design must be highly available and distributed over two AvailabilityZones.What would be the MOST appropriate VPC design for this specific use case? --------- Correct Answer -------- - Two public subnets for the elastic load balancer, two private subnets for the web servers, and two private subnets for RDS. A workload in an Amazon VPC consists of a single web server launched from a custom AMI. Session state is stored in a database.How should the Solutions Architect modify this workload to be both highly available and scalable? --------- Correct Answer --------- Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly-created launch configuration, and a desired capacity of two web servers across multiple Availability Zones. Use an ALB to balance traffic across the Auto Scaling group. A Solutions Architect is developing a new web application on AWS. The services must scale to support an increasing load. The Architect wants to focus on software development and deploying new features rather than provisioning or managing servers.Which AWS service is appropriate? --------- Correct Answer --------- Elastic Beanstalk A company wants to migrate a three-tier web application to AWS. The company wants to control the placement of the instances and have visibility into underlying sockets and cores for licensing purposes.Which compute model should a Solutions Architect choose to accomplish this task? --------- Correct Answer --------- EC2 Dedicated Hosts An application runs on multiple Amazon EC2 instances. Each running instance of the application must have access to a shared file system.Where should the data be stored? --------- Correct Answer --------- Amazon EFS A Solutions Architect is designing a microservice to process records from Amazon Kinesis Streams. The metadata must be stored in Amazon DynamoDB. The microservice must be capable of concurrently processing 10,000 records daily as they arrive in the Kinesis stream.The MOST scalable way to design the microservice is: ------ --- Correct Answer --------- As a Docker container running on Amazon ECS. A university is running an internal web application on AWS that students can access from the university network to check their exam results. The web application runs on Amazon EC2 instances and pulls results from an Amazon DynamoDB table. Auto Scaling is currently configured to add a new web server when CPU is greater than 80% for 5 minutes. DynamoDB is configured to increase both read and write capacity units by five when utilization is greater than 80%. Exam results are released at 9:00 a.m. each Monday, and 80% of students, attempt to access their unique result within the first 30 minutes. Despite Auto Scaling being enabled, students are complaining of slow response times and errors when they view the site. There are no performance complaints after 9:30 a.m. on Monday.Which recommendation should a Solutions Architect make to improve performance in a cost-effective manner? --------- Correct Answer --------- Use a scheduled job to scale out EC2 before 9:00 a.m. on Monday and to scale down after 9:30 a.m. As part of a migration strategy, a Solutions Architect needs to analyze workloads that can be optimized for performance and cost. The Solutions Architect has identified a stateless application that serves static content as a potential candidate to move to the cloud. The Solutions Architect has the flexibility to choose an identity solution between Facebook, Twitter, and Amazon.Which AWS solution offers flexibility and ease of use, and the LEAST operational overhead for this migration? --------- Correct Answer --------- Use Amazon Cognito for managing identities, and migrate the application to run on Amazon S3, Amazon API Gateway, and AWS Lambda. A company needs to capture all client connection information from its Application Load Balancer every five minutes. This data will be used to analyze traffic patterns and troubleshoot the application.How can a Solutions Architect meet this requirement? ------- -- Correct Answer --------- Enable Access Logs on the Application Load Balancer. An application runs on EC2 instances behind an Elastic Load Balancing Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. The application provides a RESTful interface with both synchronous and asynchronous operations. The asynchronous operations require up to 5 minutes to complete. Although the application must remain available at all times, after business hours, the traffic going to the application is greatly reduced and often results in the Auto Scaling group running the minimum number of On-Demand Instances.What should the Solutions Architect recommend to optimize the cost of the environment after business hours? --------- Correct Answer --------- Purchase Reserved Instances for the minimum number of Auto Scaling instances. A Solutions Architect is designing a web application for document sharing. The users will upload documents that are then made available to other users. There will be tens of thousands of these documents.What is the MOST cost-effective storage solution? ------- -- Correct Answer --------- Amazon S3 A Solutions Architect was tasked with reviewing several templates that build VPCs and ensuring that they meet specific security requirements. After reviewing the templates, the Architect realizes that all of the templates are missing important security best practices.What should the Architect do to implement security best practices in an efficient manner? --------- Correct Answer --------- Create AWS Identity and Access Management (IAM) policies that enforce the corporate VPC architecture standards A Solutions Architect has been given the following requirements for a company's VPC:✑ The solution is a two-tiered application with a web tier and a database tier.✑ All web traffic to the environment must be directed from the Internet to an Application Load Balancer.✑ The web servers and the databases should not obtain public IP addresses or be directly accessible from the public Internet.✑ Because of security requirements, databases may not share a route table or subnet with any other service.✑ The environment must be highly available within the same VPC for all services.What is the minimum number of subnets that the Solutions Architect will need based on these requirements and best practices? --------- Correct Answer --------- 6 An application currently stores objects in Amazon S3-Standard. The application accesses new objects frequently for one week. After one week, they are accessed occasionally for analysis batch jobs. A Solutions Architect has been asked to reduce storage costs for the application while allowing immediate access for batch jobs.How can costs be reduced without reducing data durability? --------- Correct Answer --------- Keep the data on Amazon S3, then create a lifecycle policy to move the data to S3 Standard-Infrequent Access storage after 7 days. A company is building a critical ingestion service on AWS that will receive 1,000 incoming events per second. The events must be processed in order, and no events may be lost. Multiple applications will need to process each event. The company will expose the service as RESTful calls through an API Gateway.What should a Solutions Architect use to receive the events based on these requirements? --------- Correct Answer --------- Amazon Kinesis Data Stream Correct Answer --------- Copy data to Amazon S3 with server-side encryption. Configure lifecycle management policies to move data to Amazon Glacier after 0 days. A web application runs on 10 EC2 instances launched from a single customer Amazon Machine Image (AMI). The EC2 instances are behind an InternetApplication Load Balancer. Amazon Route 53 provides DNS for the application.How should a Solutions Architect automate recovery when a web server instance stops replying to request? ----- ---- Correct Answer --------- Launch the instances in an Auto Scaling group with an Elastic Load Balancing health check. A company has a Node.js application running on Amazon EC2 that currently retrieves data for customers from a DynamoDB table. The company is seeing many repeat queries for the same items, and the number of queries is continuing to increase as the application gains popularity.What solution will reduce the number of read capacity units (RCUs) required while minimizing the amount of refactoring that must be done to the application? --------- Correct Answer --------- Use Amazon DynamoDB Accelerator (DAX) to provide a caching layer A company has an application that accesses a MySQL database installed on a single EC2 instance. The instance recently experienced a fault and brought down the entire application for several hours. The company wants to address the issue but is concerned about spending too much time modifying application code or managing the legacy application.What should the Solutions Architect recommend to remove this single point of failure with the FEWEST changes to the application code and the LEAST amount of administrative effort? --------- Correct Answer --------- Migrate the database to an RDS MySQL Multi-AZ DB instance, and point the application servers to the new RDS instance. A team is launching a marketing campaign and the peak database read activity in Amazon Aurora for MySQL is expected to increase. A Solutions Architect decides to add two Read Replicas to the cluster.How should the Solutions Architect ensure that the connections for read activities are load balanced? --------- Correct Answer --------- Reader endpoint for Amazon Aurora A company plans to migrate a website to AWS to use a serverless architecture. The website contains both static and dynamic content and is accessed by users across the world. The website should maintain sessions for returning users to improve the user experience.Which service should a Solutions Architect use for a cost-efficient solution with the LOWEST latency? --------- Correct Answer --------- Amazon S3, Amazon CloudFront, AWS Lambda, Amazon API Gateway, and Amazon DynamoDB. A Solutions Architect is helping a customer migrate an application to AWS. The application is composed of a fleet of Linux servers that currently use a shared file system to read and write data. One of the goals of moving this application to AWS is to increase the reliability of the storage tier.What solution would increase reliability while minimizing the operational overhead of managing this infrastructure? --------- Correct Answer --------- Create an EFS file system and mount it to all the servers. A Solution Architect is designing a two-tier application for maximum security, with a web tier running on EC2 instances and the data stored in an RDS DB instance.The web tier should accept user access only through HTTPS connections (port 443) from the Internet, and the data must be encrypted in transit to and from the database.What combination of steps will MOST securely meet the stated requirements? (Choose two.) - -------- Correct Answer --------- 1. Create a security group for the web tier instances that allows inbound traffic only over port 443. 2. Configure the web servers to communicate with RDS by using SSL, and issue certificates to the web tier EC2 instances. A credit card processing application, hosted on an on-premises server, needs to communicate directly with a database hosted on an Amazon EC2 instance running in a private subnet of a VPC. Compliance requirements state that end-to-end communication should be encrypted.Which solution will ensure that this requirement is met? --------- Correct Answer --------- Use HTTPS for traffic over a VPN connection between the VPC and the on-premises datacenter. A company has asked a Solutions Architect to ensure that data is protected during data transfer to and from Amazon S3.Use of which service will protect the data in transit? ---- ----- Correct Answer --------- HTTPS A Solutions Architect is trying to bring a data warehouse workload to an Amazon EC2 instance. The data will reside in Amazon EBS volumes and full table scans will be executed frequently.What type of Amazon EBS volume would be most suitable in this scenario? --------- Correct Answer --------- Throughput Optimized HDD (st1) A Solutions Architect has a three-tier web application that serves customers worldwide. Analysis reveals that product images take more time to load than expected.Which action will improve the image load time? --------- Correct Answer --------- Use an Amazon CloudFront distribution for product images A gaming application is heavily dependent on caching and uses Amazon ElastiCache for Redis. The application performance was recently degraded due to failure of the cache node.What should a Solutions Architect recommend to minimize performance degradation in the future? --------- Correct Answer --------- Configure ElastiCache Multi- AZ with automatic failover A client has set up an Auto Scaling group associated with a load balancer. The client has noticed that instances launched by the Auto Scaling group are reported unhealthy as the result of an Elastic Load Balancing (ELB) health check, but these unhealthy instances are not being terminated.What can a Solutions Architect do to ensure that the instances marked unhealthy will be terminated and replaced? --------- Correct Answer --- ------ Change the health check type to ELB for the Auto Scaling group. A Solutions Architect must review an application deployed on EC2 instances that currently stores multiple 5-GB files on attached instance store volumes. The company recently experienced a significant data loss after stopping and starting their instances and wants to prevent the data loss from happening again. The solution should minimize performance impact and the number of code changes required.What should the Solutions Architect recommend? --------- Correct Answer --------- Store the application data in an EBS volume An organization is deploying Amazon ElastiCache for Redis and requires password protection to improve their data security posture.Which solution should a Solutions Architect recommend? --------- Correct Answer --------- Redis Auth A Solutions Architect is designing a solution to send Amazon CloudWatch Alarm notifications to a group of users on a smartphone mobile application.What are the key steps to this solution? (Choose two.) --------- Correct Answer --------- 1. Configure the CloudWatch Alarm to send the notification to an Amazon SNS topic whenever there is an alarm. 2. Create the platform endpoints for mobile devices and subscribe the SNS topic with platform endpoints. A company uses Amazon S3 for storing a variety of files. A Solutions Architect needs to design a feature that will allow users to instantly restore any deleted files within 30 days of deletion.Which is the MOST cost-efficient solution? --------- Correct Answer --------- Enable versioning and create a lifecycle policy to remove expired versions after 30 days. An application running on Amazon EC2 has been experiencing performance issues when accessing an Amazon RDS for Oracle database. The database has been provisioned correctly for average workloads, but there are several usage spikes each day that have saturated the database, causing the application to time out. The application is write-heavy, updating information more often than reading information. A Solutions Architect has been asked to review the application design.What should the Solutions Architect recommend to improve performance? --------- Correct Answer --------- Change the Amazon RDS instance storage type from General Purpose SSD to provisioned IOPS SSD. During performance testing of an application, the Amazon RDS database caused a performance bottleneck.What steps can be taken to improve the database performance? (Choose two.) --------- Correct Answer --------- 1. Scale up to a larger RDS instance type. 2. Redirect read queries to RDS read replicas. A Solutions Architect must design an Amazon DynamoDB table to store data about customer activities. The data is used to analyze recent customer behavior, so data that is less than a week old is heavily accessed and older data is accessed infrequently. A company has a web application running in a Docker container that connects to a MySQL server in an on-premises data center. The deployment and maintenance of this application are becoming time-consuming and slowing down new feature releases. The company wants to migrate the application to AWS and use services that helps facilitate infrastructure management and deployment.Which architectures should the company consider on AWS? (Choose two.) --------- Correct Answer --------- 1. AWS Elastic Beanstalk Docker Single Container for the web application, and an Amazon RDS for MySQL for the database. 2. AWS CloudFormation with Lambda Custom Resources running in a VPC for the web application, and an Amazon RDS for MySQL database. A Solutions Architect has designed a VPC that meets all necessary security requirements for their organization. Any applications deployed in the organization must use this VPC design.How can project teams deploy, manage, and delete VPCs that meet this design with the LEAST administrative effort? --------- Correct Answer --------- Deploy an AWS CloudFormation template that defines components of the VPC. What conditions could cause a Multi-AZ Amazon RDS failover to occur? (Choose two.) - -------- Correct Answer --------- 1. An Availability Zone becomes unavailable 2. A failure of the primary database instance A Solutions Architect has five web servers serving requests for a domain.Which of the following Amazon Route 53 routing policies can distribute traffic randomly among all healthy web servers? --------- Correct Answer --------- Multivalue Answer A web server will be provisioned on two Amazon EC2 instances with an Application Load Balancer.Which of the following configurations will allow traffic on HTTP and HTTPS when configuring a security group to apply to each of these servers? --------- Correct Answer --------- Allow incoming traffic to HTTP and HTTPS ports. A company wants to run a static website served through Amazon CloudFront.What is an advantage of storing the website content in an S3 bucket instead of an EBS volume? --- ------ Correct Answer --------- S3 is an origin for CloudFront. EBS volumes would need EC2 instances behind an Elastic Load Balancing load balancer to be an origin. A company is moving to AWS. Management has identified a set of approved AWS services that meet all deployment requirements. The company would like to restrict access to all other unapproved services to which employees would have access.Which solution meets these requirements with the LEAST amount of operational overhead? --- ------ Correct Answer --------- Configure AWS Organizations. Create an organizational unit (OU) and place all AWS accounts into the OU. Apply a service control policy (SCP) to the OU that denies the use of certain services. A customer is running a critical payroll system in a production environment in one data center and a disaster recovery (DR) environment in another. The application includes load-balanced web servers and failover for the MySQL database. The customer's DR process is manual and error-phone. For this reason, management has asked IT to migrate the application to AWS and make it highly available so that IT no longer has to manually fail over the environment.How should a Solutions Architect migrate the system to AWS? --------- Correct Answer --------- Migrate the production environment to span multiple Availability Zones, using Elastic Load Balancing and Multi-AZ Amazon RDS. Decommission the DR environment because it is no longer needed. A company is creating a web application that will run on an Amazon EC2 instance. The application on the instance needs access to an Amazon DynamoDB table for storage.What should be done to meet these requirements? --------- Correct Answer ------ --- Create an IAM role and assign the role to the EC2 instance with permissions to the DynamoDB table. A company is creating a web application that allows customers to view photos in their web browsers. The website is hosted in us-east-1 on Amazon EC2 instances behind an Application Load Balancer. Users will be located in many places around the world.Which solution should provide all users with the fastest photo viewing experience? --------- Correct Answer --------- Enable Amazon CloudFront for the website and specify the Application Load Balancer as the origin. A Solutions Architect is designing a highly available web application on AWS. The data served on the website is dynamic and is pulled from Amazon DynamoDB.All users are geographically close to one another.How can the Solutions Architect make the application highly available? --------- Correct Answer --------- Host the application on EC2 instances across multiple Availability Zones. Use an Auto Scaling group coupled with an Application Load Balancer. A company is migrating on-premises databases to AWS. The company's backend application produces a large amount of database queries for reporting purposes, and the company wants to offload some of those reads to Read Replica, allowing the primary database to continue performing efficiently.Which AWS database platforms will accomplish this? (Select TWO.) --------- Correct Answer --------- 1. Amazon RDS for PostgreSQL 2. Amazon RDS for MariaDB An application launched on Amazon EC2 instances needs to publish personally identifiable information (PII) about customers using Amazon SNS. The application is launched in private subnets within an Amazon VPC.Which is the MOST secure way to allow the application to access service endpoints in the same region? --------- Correct Answer --------- Use AWS PrivateLink. A data-processing application runs on an i3.large EC2 instance with a single 100 GB EBS gp2 volume. The application stores temporary data in a small database(less than 30 GB) located on the EBS root volume. The application is struggling to process the data fast enough, and a Solutions Architect has determined that theI/O speed of the temporary database is the bottleneck.What is the MOST cost-efficient way to improve the database response times? --------- Correct Answer --------- Move the temporary database onto instance storage. An application stores data in an Amazon RDS PostgreSQL Multi-AZ database instance. The ratio of read requests to write requests is about 2 to 1. Recent increases in traffic are causing very high latency.How can this problem be corrected? --------- Correct Answer --------- Create a read replica and send all read traffic to it. A Solutions Architect is designing a system that will store Personally Identifiable Information (PII) in an Amazon S3 bucket. Due to compliance and regulatory requirements, both the master keys and unencrypted data should never be sent to AWS.What Amazon S3 encryption technique should the Architect choose? --------- Correct Answer --------- Amazon S3 client-side encryption with a client-side master key A Security team reviewed their company's VPC Flow Logs and found that traffic is being directed to the internet. The application in the VPC uses Amazon EC2 instances for compute and Amazon S3 for storage. The company's goal is to eliminate internet access and allow the application to continue to function.What change should be made in the VPC before updating the route table? --------- Correct Answer --------- Create a VPC endpoint for Amazon S3 access A company is deploying a reporting application on Amazon EC2. The application is expected to generate 1,000 documents every hour and each document will be800 MB. The company is concerned about strong data consistency and file locking, as various applications hosted on other EC2 instances will process the report documents in parallel when they become available.What storage solution will meet these requirements with the LEAST amount of administrative overhead? --------- Correct Answer --------- Amazon EFS A Solutions Architect is building a WordPress-based web application hosted on AWS using Amazon EC2. This application serves as a blog for an international internet security company. The application must be geographically redundant and scalable. It must separate the public Amazon EC2 web servers from the privateAmazon RDS database, it must be highly available, and it must support dynamic port routing.Which combination of AWS services or capabilities will meet these requirements? --------- Correct Answer --------- Amazon Route 53, Auto Scaling with an Application Load Balancer, and Amazon CloudFront An e-commerce application places orders in an Amazon SQS queue. When a message is received, Amazon EC2 worker instances process the request. The EC2 instances are in an Auto Scaling group.How should the architecture be designed to scale up and down with the LEAST amount of operational overhead? --------- Correct Answer --------- Use an Amazon CloudWatch alarm based on the number of visible messages to scale the Auto Scaling group up or down. A user is designing a new service that receives location updates from 3,600 rental cars every hour. The cars upload their location to an Amazon S3 bucket. Each location must be checked for distance from the original rental location.Which services will process the updates and automatically scale? --------- Correct Answer --------- Amazon S3 events and AWS Lambda A company is writing a new service running on Amazon EC2 that must create thumbnail images of thousands of images in a large archive. The system will write scratch data to storage during the process.Which storage service is best suited for this scenario? -------- - Correct Answer --------- Amazon EBS Throughput Optimized HDD (st1) A company's Amazon RDS MySQL DB instance may be rebooted for maintenance and to apply patches. This database is critical and potential user disruption must be minimized.What should the Solution Architect do in this scenario? --------- Correct Answer --------- Set RDS MySQL to Multi-AZ. A retail company operates an e-commerce environment that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in anAmazon EC2 Auto Scaling group. Images are hosted in an Amazon S3 bucket using a custom domain name.During a flash sale with 10,000 simultaneous users, some images on the website are not loading.What should be done to resolve the performance issue? --------- Correct Answer --------- Configure an Amazon CloudFront distribution with the S3 bucket as the origin. A solutions Architect is designing a new workload where an AWS Lambda function will access an Amazon DynamoDB table.What is the MOST secure means of granting the Lambda function access to the DynamoDB table? --------- Correct Answer --------- Create an identity and access management (IAM) role with the necessary permissions to access the DynamoDB table, and assign the role to the Lambda function. A web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an EC2 Auto Scaling group across multipleAvailability Zones. Every night, the Auto Scaling group doubles in size. Traffic analysis shows that users in a particular region are requesting the same static content stored locally on the EC2 instances.How can a Solutions Architect reduces the need to scale and improve application performance for the users? --------- Correct Answer --------- Create an Amazon CloudFront distribution for the site and redirect user traffic to the distribution. A Solutions Architect is designing an application that will run on Amazon ECS behind an Application Load Balancer (ALB). For security reasons, the Amazon EC2 host instances for the ECS cluster are in a private subnet.What should be done to ensure that the incoming traffic to the host instances is from the ALB only? --------- Correct Answer ------ --- Modify the security group used by the EC2 cluster to allow incoming traffic from the security group used by the ALB only. A company wants to improve latency by hosting images within a public Amazon S3 bucket fronted by an Amazon CloudFront distribution. The company wants to restrict access to the S3 bucket to include the CloudFront distribution only, while also allowing CloudFront to continue proper functionality.What should be done after making the bucket private to restrict access with the LEAST operational overhead? --------- Correct Answer --------- Create a CloudFront origin access identity and update the bucket policy to grant access to it. A Solutions Architect is designing a new architecture that will use an Amazon EC2 Auto Scaling group.Which of the following factors determine the health check grace period? (Select TWO.) --------- Correct Answer --------- 1. How much of the application code is embedded in the AMI. 2. How long the bootstrap script takes to run. A company plans to deploy a new application in AWS that reads and writes information to a database. The company wants to deploy the application in two different AWS Regions in an active-active configuration. The databases need to replicate to keep information in sync.What should be used to meet these requirements? --------- Correct Answer --------- Amazon DynamoDB with global tables A company is developing a data lake solution in Amazon S3 to analyze large-scale datasets. The solution makes infrequent SQL queries only. In addition, the company wants to minimize infrastructure costs.Which AWS service should be used to meet these requirements? --------- Correct Answer --------- Amazon Athena A company needs to store data for 5 years. The company will need to have immediate and highly available access to the data at any point in time, but will not require frequent access.What lifecycle action should be taked to meet the requirements while reducing costs? --------- Correct Answer --------- Transition objects from Amazon S3 Standard to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) A company wants to create an application that will transmit protected health information (PHI) to thousands of service consumers in different AWS accounts. The application servers will sit in private VPC subnets. The routing for the application must be fault tolerant.What should be done to meet these requirements? --------- Correct Answer ------ --- Create a VPC endpoint service and grant permissions to specific service consumers to create a connection. A company hosts a website using Amazon API Gateway on the front end. Recently, there has been heavy traffic on the website and the company wants to control access by allowing authenticated traffic only.How should the company limit access to authenticated users only? (Select TWO.) --------- Correct Answer --------- 1. Allow users that are authenticated through Amazon Cognito. 2. Assign permissions in AWS IAM to allow users. A company needs to use AWS resources to expand capacity for a website hosted in an on-premises data center. The AWS resources will include load balancers,Auto Scaling, and Amazon EC2 instances that will access an on-premises database. Network connectivity has been established, but no traffic is going to the AWS environment.How should Amazon Route 53 be configured to distribute load to the AWS environment? (Select TWO.) --------- Correct Answer --------- 1. Set up a weighted routing policy, distributing the workload between the load balancer and the on-premises environment. 2. Set up an A record to point the DNS name to the IP address of the load balancer. Users submit requests to a service that takes several minutes to process. A Solutions Architect needs to ensure that these requests are processed at least once, and that the service has the ability to handle large increases in the number of requests.How should these requirements be met? --------- Correct Answer --------- Put the requests into an Amazon SQS queue and configure Amazon EC2 instances to poll the queue A Solutions Architect is designing an Amazon VPC that requires access to a remote API server using IPv6. Resources within the VPC should not be accessed directly from the Internet.How should this be achieved? --------- Correct Answer --------- Attach an egress- only internet gateway and update the routing tables When designing an Amazon SQS message-processing solution, messages in the queue must be processed before the maximum retention time has elapsed.Which actions will meet this requirement? (Choose two.) --------- Correct Answer --------- 1. Use Amazon EC2 instances in an Auto Scaling group with scaling triggered based on the queue length 2. Increase the SQS queue attribute for the message retention period A company deployed a three-tier web application on Amazon EBS backed Amazon EC2 instances for the web and application tiers, and Amazon RDS for the database tier. The company is concerned about loss of data in the web and application tiers.What is the MOST efficient way to prevent data loss? --------- Correct Answer --------- Create a snapshot lifecycle policy that takes periodic snapshots of the Amazon EBS volumes A company is using Amazon S3 for backups from an on-premises environment. Regulatory requirements state that data must be retained for at least 7 years. The data is infrequently accessed for 35 days, but needs to be instantly available. After 35 days, the data is rarely accessed.Which combination of actions will provide the MOST cost- effective solution? (Choose two) --------- Correct Answer --------- 1. Change the backup so the data goes to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) directly 2. Creates an S3 lifecycle policy that moves the data to the GLACIER storage class after 35 days A Solutions Architect is building an online shopping application where users will be able to browse items, add items to a cart, and purchase the items. Images of items will be stored in Amazon S3 buckets organized by item category. When an item is no longer available for purchase, the item image will be deleted from theS3 bucket.Occasionally, whitelist based only on IP address. The application is currently deployed in two Availability Zones, with one EC2 instance in each that has Elastic IP addresses. The customer wants to whitelist only two IP addresses, but the two existing EC2 instances cannot sustain the amount of traffic.What can a Solutions Architect do to support the customer and allow for more capacity? (Choose two.) --------- Correct Answer --------- 1. Create a Network Load Balancer with an interface in each subnet, and assign a static IP address to each subnet. 2. Switch the two existing EC2 instances for an Auto Scaling group, and register them with the Network Load Balancer. A company is storing application data in Amazon S3 buckets across multiple AWS regions. Company policy requires that encryption keys be generated at the company headquarters, but the encryption keys may be stored in AWS after generation. The Solutions Architect plans to configure cross-region replication.Which solution will encrypt the data whole requiring the LEAST amount of operational overhead? --------- Correct Answer --------- Configure S3 buckets to use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS) with imported key material in both regions A Solutions Architect must design a solution that encrypts data in Amazon S3. Corporate policy mandates encryption keys be generated and managed on premises.Which solution should the Architect use to meet the security requirements? --- ------ Correct Answer --------- SSE-C: Server-side encryption with customer-provided encryption keys A Solutions Architect is considering possible options for improving the security of the data on an Amazon EBS volume attached to an Amazon EC2 instance.Which solution will improve the security of the data? --------- Correct Answer --------- Use AWS KMS to encrypt the EBS volume A Solutions Architect designed a system based on Amazon Kinesis Data Streams. After the workflow was put into production, the company noticed it performed slowly and identified Kinesis Data Streams as the problem. One of the streams has a total of 10 Mb/s throughput.What should the Solutions Architect recommend to improve performance? --------- Correct Answer --------- Run the UpdateShardCount command to increase the number of shards in the stream A Solutions Architect is designing an application that requires having six Amazon EC2 instances running at all times. The application will be deployed in the sa- east-1 region, which has three Availability Zones: sa-east-1a, sa-east-1b, and sa-east-1c.Which action will provide 100 percent fault tolerance and the LOWEST cost in the event that one Availability Zone in the region becomes unavailable? --------- Correct Answer --------- Deploy three Amazon EC2 instances in sa-east-1a, three Amazon EC2 instances in sa- east-1b, and three Amazon EC2 instances in sa-east-1c A Solutions Architect is designing a three-tier web application that will allow customers to upload pictures from a mobile application. The application will then generate a thumbnail of the picture and return a message to the user confirming that the image was successfully uploaded. Generation of the thumbnail may take up to 5 seconds. To provide a sub second response time to the customers uploading the images, the Solutions Architect wants to separate the web tier from the application tier.Which service would allow the presentation tier to asynchronously dispatch the request to the application tier? --------- Correct Answer --------- Amazon SQS A Solutions Architect is designing an application in AWS. The Architect must not expose the application or database tier over the Internet for security reasons. The application must be low-cost and have a scalable front end. The databases and application tier must have only one-way Internet access to download software and patch updates.Which solution helps to meet these requirements? --------- Correct Answer ------ --- Use an ELB Classic Load Balancer as the front end for the application tier, and a NAT Gateway to allow Internet access for private resources. A Solutions Architect is designing a multi-tier application consisting of an Application Load Balancer, an Amazon RDS database instance, and an Auto Scaling group on Amazon EC2 instances. Each tier is in a separate subnet. There are some EC2 instances in the subnet that belong to another application. The RDS database instance should accept traffic only from the EC2 instances in the Auto Scaling group.What should be done to meet these requirements? --------- Correct Answer --------- Configure the inbound rules on the security group associated with the RDS database instance. Set the source to the security group associated with instances in the Auto Scaling group. An organization uses Amazon S3 to store video content served via its website. It only has rights to deliver this content to users within its own country and needs to restrict access.How can the organization ensure that these files are only accessible from within its country? --------- Correct Answer --------- Use Amazon CloudFront and Geo Restriction to allow access only to users inside the organization's country A company is storing data in an Amazon DynamoDB table and needs to take daily backups and retain them for 6 months.How should the Solutions Architect meet these requirements without impacting the production workload? --------- Correct Answer -------- - Use Amazon CloudWatch Events to trigger an AWS Lambda function that makes an on-demand backup of the table A client reports that they want see an audit log of any changes made to AWS resources in their account.What can the client do to achieve this? --------- Correct Answer --------- Enable AWS CloudTrail logs to be delivered to an Amazon S3 bucket An application running in a private subnet accesses an Amazon DynamoDB table. There is a security requirement that the data never leave the AWS network.How should this requirement be met? --------- Correct Answer --------- Create a VPC endpoint for DynamoDB and configure the endpoint policy A three-tier application is being created to host small news articles. The application is expected to serve millions of users. When breaking news occurs, the site must handle very large spikes in traffic without significantly impacting database performance.Which design meets these requirements while minimizing costs? --------- Correct Answer -------- - Use Amazon DynamoDB Accelerator (DAX) to cache read operations to the database During a review of business applications, a Solutions Architect identifies a critical application with a relational database that was built by a business user and is running on the user's desktop. To reduce the risk of a business interruption, the Solutions Architect wants to migrate the application to a highly available, multi- tiered solution in AWS.What should the Solutions Architect do to accomplish this with the LEAST amount of disruption to the business? --------- Correct Answer --------- Use AWS DMS to migrate the backend database to an Amazon RDS Multi-AZ DB instance. Migrate the application code to AWS Elastic Beanstalk A company has thousands of files stored in an Amazon S3 bucket that has a well- defined access pattern. The files are accessed by an application multiple times a day for the first 30 days. Files are rarely accessed within the next 90 days. After that, the files are never accessed again. During the first 120 days, accessing these files should never take more than a few seconds.Which lifecycle policy should be used for the S3 objects to minimize costs based on the access pattern? --------- Correct Answer --------- Use Amazon S3 Standard storage for the first 30 days. Then move the files to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) for the next 90 days. Allow the data to expire after that. A company creates business-critical 3D images every night. The images are batch- processed every Friday and require an uninterrupted 48 hours to complete.What is the MOST cost-effective Amazon EC2 pricing model for this scenario? --------- Correct Answer --------- Scheduled Reserved Instances An application generates audit logs of operational activities. Compliance requirements mandate that the application retain the logs for 5 years.How can these requirements be met? --------- Correct Answer --------- Save the logs in an Amazon Glacier vault and use the Vault Lock feature. A Solutions Architect is creating an application running in an Amazon VPC that needs to access AWS Systems Manager Parameter Store. Network security rules prohibit any route table entry with a 0.0.0.0/0 destination.What infrastructure addition will allow access to the AWS service while meeting the requirements? --------- Correct Answer ---- ----- AWS PrivateLink A photo-sharing website running on AWS allows users to generate thumbnail images of photos stored in Amazon S3. An Amazon DynamoDB table maintains the locations of photos, and thumbnails are easily re-created from the originals if they are accidentally deleted.How should the thumbnail images be stored to ensure the LOWEST cost? ------- -- Correct Answer --------- Amazon S3 An organization hosts 10 microservices, each in an Auto Scaling group behind individual Classic Load Balancers. Each EC2 instance is running at optimal load.Which of the following actions would allow the organization to reduce costs without impacting performance? --------- Correct Answer --------- Replace the Classic Load Balancers with a single Application Load Balancer. A Solutions Architect is designing a ride-sharing application. The application needs consistent and single-digit millisecond latency. In addition, the application must integrate with a highly scalable and fully managed database service to track GPS coordinates and user data for all rides.Which database service should the Solutions Architect use to meet these performance requirements? --------- Correct Answer --------- Amazon DynamoDB An application has components running in a public subnet and a private subnet. The components within the private subnet must connect to the internet to receive updates.How should this be accomplished without moving the components into a public subnet? --------- Correct Answer --------- Add a NAT gateway to the public subnet and update the private subnet route table. A Solutions Architect is designing a multicontainer-based web application. Parts of the web application, /orders and /sale-event, must scale independently while maintaining a single Fully Qualified Domain Name.Which AWS services will help the Architect build this platform? (Select TWO.) --------- Correct Answer --------- 1. Amazon ELB Application Load Balancer 2. Amazon EC2 Container Service A company will host a static website within an Amazon S3 bucket. The website will serve millions of users globally, and the company wants to minimize data transfer costs.What should the Solutions Architect do to ensure costs are kept to a minimum? --- ------ Correct Answer --------- Create an Amazon CloudFront distribution, with the S3 bucket as the origin server. A company has a web application that makes requests to a backend API service. The API service is behind an Elastic Load Balancer running on Amazon EC2 instances.Most backend API service endpoint calls finish very quickly, but one endpoint that makes calls to create objects in an external service takes a long time to complete. These long- running calls are causing client timeouts and increasing overall system latency.What should be done to minimize the system throughput impact of the slow-running endpoint? --------- Correct Answer --------- Use Amazon SQS to offload the long-running requests for asynchronous processing by seprate workers. A company will run different data analytics jobs on large petabyte-scale datasets, using standard SQL and existing business intelligence tools. The data is mostly structured, but part of the data is unstructured and resides in Amazon S3.What technology should be used to support this use case? --------- Correct Answer --------- Amazon Redshift with Amazon Redshift Spectrum. A Solutions Architect is investigating purchasing options for a batch processing application on Amazon EC2. The batch job downloads an image from an AmazonS3 bucket, adds copyright information, and uploads it back to Amazon S3. It normally takes 5 to 10 hours to process all the files uploaded each week. The application has built-in capabilities to process files in parallel, recover from the instance failures, and continue the processing from where it left off.What is the MOST cost-effective purchasing option the Solutions Architect can recommed? --------- Correct Answer --------- Spot Instances A team has developed a new web application in an AWS Region that has three Availability Zones: AZ-a, AZ-b, and AZ-c. This application must be fault tolerant and needs at least six Amazon EC2 instances running at all times. The application must tolerate the loss of connectivity to any single Availability Zone so that the application can continue to run.Which configurations will meet these requirements? (Select TWO.) - -------- Correct Answer --------- 1. AZ-a with four EC2 instances, AZ-b with two EC2 instances, and AZ-c with two EC2 instances. 2. AZ-a with three EC2 instances, AZ-b with three EC2 instances, and AZ-c with three EC2 instances. A retail company runs hourly flash sales and has a performance issue on its Amazon RDS for PostgreSQL database. The Database Administrators have identified that the issue with performance happens when finance and marketing employees refresh sales dashboards that are used for reporting real-time sales data.What should be done to resolve the issue without impacting performance? --------- Correct Answer --------- Create a Read Replica of the RDS PostgreSQL database and point the dashboards at the Read Replica. A Solutions Architect is designing a high-performance computing job that runs on Amazon EC2 instances in private subnets. To allow the application to download patches, the infrastructure must be altered to allow the instances to access external endpoints. Any changes to the infrastructure must involve minimal ongoing systems management effort.What will allow the EC2 instances to access the endpoint while meeting these requirements? --------- Correct Answer --------- NAT gateway An application runs on Amazon EC2 instances in multiple Availability Zones (AZs) behind an Application Load Balancer. The load balancer is in public subnets; the EC2 instances are in private subnets and must not be accessible from the internet. The EC2 instances must call external services on the internet. If one AZ becomes unavailable, the remaining EC2 instances must still be able to call the external services.How should these requirements be met? --------- Correct Answer --------- Create a NAT gateway in each AZ. Update the route tables for each private subnet to direct internet-bound traffic to the NAT gateway. A company plans to use Amazon GuardDuty to detect unexpected and potentially malicious activity. The company wants to use Amazon CloudWatch to ensure that when findings occur, remediation takes place automatically.Which CloudWatch feature should be used to trigger an AWS Lambda function to perform the remediation? --------- Correct Answer --------- Events A Solutions Architect must create a solution whereby user access to multiple Amazon Aurora MySQL databases is securely managed with short-lived connection credentials.How can the Solutions Architect meet these requirements? --------- Correct Answer --------- Create the user account to use the AWS-provided AWSAuthenticationPlugin with IAM. A customer has a legacy application with a large amount of data. The files accessed by the application are approximately 10 GB each, but are rarely accessed.However, when files are accessed, they are retrieved sequentially. The customer is migrating the application to AWS and would like to use Amazon EC2 andAmazon EBS.What is the Least expensive EBS volume type for this use case? --------- Correct Answer --------- Cold HDD (sc1) A company is migrating an on-premises application to AWS. The application currently uses their corporate message broker, passing messages between layers by using the MQTT protocol. Because of time and budget constraints, the company cannot rewrite the application and cannot manage a new message broker on theEC2 instances.Which service should a Solutions Architect use to allow the customer to migrate the application to AWS? --------- Correct Answer --------- Amazon MQ A customer is deploying a production portal application on AWS. The database tier has structured data. The company requires a solution that is easily manageable and highly available.How can these requirements be met? --------- Correct Answer --------- Use Amazon RDS with a multiple Availability Zone option. A Solutions Architect is designing a disaster recovery (DR) environment in a separate AWS region from an application's primary workload. The application uses a multi-tier architecture, and only the RDS instance will have frequent changes. The application installation process takes 60 minutes on average. The disaster recovery plan must have an RPO of less than 90 minutes and an RTO of less than 30 minutes.Which of the following would enable the Solutions Architect to meet these requirements? (Choose two.) --------- Correct Answer --------- 1. An Aurora instance as the primary database with a read replica in the DR region. 2. A cross-region Amazon EC2 Amazon Machine Image (AMI) copy A website keeps a record of user actions using a globally unique identifier (GIUD) retrieved from Amazon Aurora in place of the user name within the audit record.Security protocols state that the GUID content must not leave the company's Amazon VPC.As the web traffic has increased, the number of web servers and Aurora read replicas has also increased to keep up with the user record reads for the GUID.What should be done to reduce the number of read replicas required while improving performance? --------- Correct Answer --------- Deploy a Amazon ElastiCache for Redis server into the