More Test Questions - 6 Flashcards
A company runs a streaming media service and the content is stored on Amazon S3. The media catalog server pulls updated content from S3 and can issue over 1 million read operations per second for short periods. Latency must be kept under 5ms for these updates. Which solution will provide the BEST performance for the media catalog updates?
1: Update the application code to use an Amazon ElastiCache for Redis cluster
2: Implement Amazon CloudFront and cache the content at Edge Locations
3: Update the application code to use an Amazon DynamoDB Accelerator cluster
4: Implement an Instance store volume on the media catalog server
1: Update the application code to use an Amazon ElastiCache for Redis cluster
2: Implement Amazon CloudFront and cache the content at Edge Locations
3: Update the application code to use an Amazon DynamoDB Accelerator cluster
4: Implement an Instance store volume on the media catalog server
Three AWS accounts are owned by the same company but in different regions. Account Z has two AWS Direct Connect connections to two separate company offices. Accounts A and B require the ability to route across account Z’s Direct Connect connections to each company office. A Solutions Architect has created an AWS Direct Connect gateway in account Z. How can the required connectivity be configured?
1: Associate the Direct Connect gateway to a transit gateway in each region
2: Associate the Direct Connect gateway to a virtual private gateway in account A and B
3: Create a VPC Endpoint to the Direct Connect gateway in account A and B
4: Create a PrivateLink connection in Account Z and ENIs in accounts A and B
1: Associate the Direct Connect gateway to a transit gateway in each region
2: Associate the Direct Connect gateway to a virtual private gateway in account A and B
3: Create a VPC Endpoint to the Direct Connect gateway in account A and B
4: Create a PrivateLink connection in Account Z and ENIs in accounts A and B
A tool needs to analyze data stored in an Amazon S3 bucket. Processing the data takes a few seconds and results are then written to another S3 bucket. Less than 256 MB of memory is needed to run the process. What would be the MOST cost-effective compute solutions for this use case?
1: AWS Fargate tasks
2: AWS Lambda functions
3: Amazon EC2 spot instances
4: Amazon Elastic Beanstalk
1: AWS Fargate tasks
2: AWS Lambda functions
3: Amazon EC2 spot instances
4: Amazon Elastic Beanstalk
An application makes calls to a REST API running on Amazon EC2 instances behind an Application Load Balancer (ALB). Most API calls complete quickly. However, a single endpoint is making API calls that require much longer to complete and this is introducing overall latency into the system. What steps can a Solutions Architect take to minimize the effects of the long-running API calls?
1: Change the EC2 instance to one with enhanced networking to reduce latency
2: Create an Amazon SQS queue and decouple the long-running API calls
3: Increase the ALB idle timeout to allow the long-running requests to complete
4: Change the ALB to a Network Load Balancer (NLB) and use SSL/TLS termination
1: Change the EC2 instance to one with enhanced networking to reduce latency
2: Create an Amazon SQS queue and decouple the long-running API calls
3: Increase the ALB idle timeout to allow the long-running requests to complete
4: Change the ALB to a Network Load Balancer (NLB) and use SSL/TLS termination
An application runs on EC2 instances in a private subnet behind an Application Load Balancer in a public subnet. The application is highly available and distributed across multiple AZs. The EC2 instances must make API calls to an internet-based service. How can the Solutions Architect enable highly available internet connectivity?
1: Create a NAT gateway and attach it to the VPC. Add a route to the gateway to each private subnet route table
2: Configure an internet gateway. Add a route to the gateway to each private subnet route table
3: Create a NAT instance in the private subnet of each AZ. Update the route tables for each private subnet to direct internet-bound traffic to the NAT instance
4: Create a NAT gateway in the public subnet of each AZ. Update the route tables for each private subnet to direct internet-bound traffic to the NAT gateway
1: Create a NAT gateway and attach it to the VPC. Add a route to the gateway to each private subnet route table
2: Configure an internet gateway. Add a route to the gateway to each private subnet route table
3: Create a NAT instance in the private subnet of each AZ. Update the route tables for each private subnet to direct internet-bound traffic to the NAT instance
4: Create a NAT gateway in the public subnet of each AZ. Update the route tables for each private subnet to direct internet-bound traffic to the NAT gateway
A legacy application is being migrated into AWS. The application has a large amount of data that is rarely accessed. When files are accessed, they are retrieved sequentially. The application will be migrated onto an Amazon EC2 instance. What is the LEAST expensive EBS volume type for this use case?
1: Cold HDD (sc1)
2: Provisioned IOPS SSD (io1)
3: General Purpose SSD (gp2)
4: Throughput Optimized HDD (st1)
1: Cold HDD (sc1)
2: Provisioned IOPS SSD (io1)
3: General Purpose SSD (gp2)
4: Throughput Optimized HDD (st1)
An application uses an Amazon RDS database and Amazon EC2 instances in a web tier. The web tier instances must not be directly accessible from the internet to improve security. How can a Solutions Architect meet these requirements?
1: Launch the EC2 instances in a private subnet and create an Application Load Balancer in a public subnet
2: Launch the EC2 instances in a private subnet with a NAT gateway and update the route table
3: Launch the EC2 instances in a public subnet and use AWS WAF to protect the instances from internet-based attacks
4: Launch the EC2 instances in a public subnet and create an Application Load Balancer in a public subnet
1: Launch the EC2 instances in a private subnet and create an Application Load Balancer in a public subnet
2: Launch the EC2 instances in a private subnet with a NAT gateway and update the route table
3: Launch the EC2 instances in a public subnet and use AWS WAF to protect the instances from internet-based attacks
4: Launch the EC2 instances in a public subnet and create an Application Load Balancer in a public subnet
A company runs an application on premises that stores a large quantity of semi-structured data using key-value pairs. The application code will be migrated to AWS Lambda and a highly scalable solution is required for storing the data. Which datastore will be the best fit for these requirements?
1: Amazon EFS
2: Amazon RDS MySQL
3: Amazon EBS
4: Amazon DynamoDB
1: Amazon EFS
2: Amazon RDS MySQL
3: Amazon EBS
4: Amazon DynamoDB
An application uses a MySQL database running on an Amazon EC2 instance. The application generates high I/O and constant writes to a single table on the database. Which Amazon EBS volume type will provide the MOST consistent performance and low latency?
1: General Purpose SSD (gp2)
2: Provisioned IOPS SSD (io1)
3: Throughput Optimized HDD (st1)
4: Cold HDD (sc1)
1: General Purpose SSD (gp2)
2: Provisioned IOPS SSD (io1)
3: Throughput Optimized HDD (st1)
4: Cold HDD (sc1)
A Solutions Architect needs to capture information about the traffic that reaches an Amazon Elastic Load Balancer. The information should include the source, destination, and protocol. What is the most secure and reliable method for gathering this data?
1: Create a VPC flow log for each network interface associated with the ELB
2: Enable Amazon CloudTrail logging and configure packet capturing
3: Use Amazon CloudWatch Logs to review detailed logging information
4: Create a VPC flow log for the subnets in which the ELB is running
1: Create a VPC flow log for each network interface associated with the ELB
2: Enable Amazon CloudTrail logging and configure packet capturing
3: Use Amazon CloudWatch Logs to review detailed logging information
4: Create a VPC flow log for the subnets in which the ELB is running
The Solutions Architect in charge of a critical application must ensure the Amazon EC2 instances are able to be launched in another AWS Region in the event of a disaster. What steps should the Solutions Architect take? (Select TWO)
1: Launch instances in the second Region using the S3 API
2: Create AMIs of the instances and copy them to another Region
3: Enable cross-region snapshots for the Amazon EC2 instances
4: Launch instances in the second Region from the AMIs
5: Copy the snapshots using Amazon S3 cross-region replication
1: Launch instances in the second Region using the S3 API
2: Create AMIs of the instances and copy them to another Region
3: Enable cross-region snapshots for the Amazon EC2 instances
4: Launch instances in the second Region from the AMIs
5: Copy the snapshots using Amazon S3 cross-region replication
A company needs to ensure that they can failover between AWS Regions in the event of a disaster seamlessly with minimal downtime and data loss. The applications will run in an active-active configuration. Which DR strategy should a Solutions Architect recommend?
1: Backup and restore
2: Pilot light
3: Warm standby
4: Multi-site
1: Backup and restore
2: Pilot light
3: Warm standby
4: Multi-site
A company has launched a multi-tier application architecture. The web tier and database tier run on Amazon EC2 instances in private subnets within the same Availability Zone. Which combination of steps should a Solutions Architect take to add high availability to this architecture? (Select TWO)
1: Create new public subnets in the same AZ for high availability and move the web tier to the public subnets
2: Create an Amazon EC2 Auto Scaling group and Application Load Balancer (ALB) spanning multiple AZs
3: Add the existing web application instances to an Auto Scaling group behind an Application Load Balancer (ALB)
4: Create new private subnets in the same VPC but in a different AZ. Create a database using Amazon EC2 in one AZ
5: Create new private subnets in the same VPC but in a different AZ. Migrate the database to an Amazon RDS multi-AZ deployment
1: Create new public subnets in the same AZ for high availability and move the web tier to the public subnets
2: Create an Amazon EC2 Auto Scaling group and Application Load Balancer (ALB) spanning multiple AZs
3: Add the existing web application instances to an Auto Scaling group behind an Application Load Balancer (ALB)
4: Create new private subnets in the same VPC but in a different AZ. Create a database using Amazon EC2 in one AZ
5: Create new private subnets in the same VPC but in a different AZ. Migrate the database to an Amazon RDS multi-AZ deployment
An on-premises server runs a MySQL database and will be migrated to the AWS Cloud. The company require a managed solution that supports high availability and automatic failover in the event of the outage of an Availability Zone (AZ). Which solution is the BEST fit for these requirements?
1: Use the AWS Database Migration Service (DMS) to directly migrate the database to an Amazon RDS MySQL Multi-AZ deployment
2: Use the AWS Database Migration Service (DMS) to directly migrate the database to an Amazon EC2 MySQL Multi-AZ deployment
3: Create a snapshot of the MySQL database server and use AWS DataSync to migrate the data Amazon S3. Launch a new Amazon RDS MySQL Multi-AZ deployment from the snapshot
4: Use the AWS Database Migration Service (DMS) to directly migrate the database to Amazon RDS MySQL. Use the Schema Conversion Tool (SCT) to enable conversion from MySQL to Amazon RDS
1: Use the AWS Database Migration Service (DMS) to directly migrate the database to an Amazon RDS MySQL Multi-AZ deployment
2: Use the AWS Database Migration Service (DMS) to directly migrate the database to an Amazon EC2 MySQL Multi-AZ deployment
3: Create a snapshot of the MySQL database server and use AWS DataSync to migrate the data Amazon S3. Launch a new Amazon RDS MySQL Multi-AZ deployment from the snapshot
4: Use the AWS Database Migration Service (DMS) to directly migrate the database to Amazon RDS MySQL. Use the Schema Conversion Tool (SCT) to enable conversion from MySQL to Amazon RDS
The database layer of an on-premises web application is being migrated to AWS. The database currently uses an in-memory cache. A Solutions Architect must deliver a solution that supports high availability and replication for the caching layer. Which service should the Solutions Architect recommend?
1: Amazon ElastiCache Redis
2: Amazon RDS Multi-AZ
3: Amazon ElastiCache Memcached
4: Amazon DynamoDB
1: Amazon ElastiCache Redis
2: Amazon RDS Multi-AZ
3: Amazon ElastiCache Memcached
4: Amazon DynamoDB
A Solutions Architect has created an AWS Organization with several AWS accounts. Security policy requires that use of specific API actions are limited across all accounts. The Solutions Architect requires a method of centrally controlling these actions. What is the SIMPLEST method of achieving the requirements?
1: Create a Network ACL that limits access to the services or actions and attach it to all relevant subnets
2: Create an IAM policy in the root account and attach it to users and groups in each account
3: Create cross-account roles in each account to limit access to the services and actions that are allowed
4: Create a service control policy in the root organizational unit to deny access to the services or actions
1: Create a Network ACL that limits access to the services or actions and attach it to all relevant subnets
2: Create an IAM policy in the root account and attach it to users and groups in each account
3: Create cross-account roles in each account to limit access to the services and actions that are allowed
4: Create a service control policy in the root organizational unit to deny access to the services or actions
A company has a fleet of Amazon EC2 instances behind an Elastic Load Balancer (ELB) that are a mixture of c4.2xlarge instance types and c5.large instances. The load on the CPUs on the c5.large instances has been very high, often hitting 100% utilization, whereas the c4.2xlarge instances have been performing well. What should a Solutions Architect recommend to resolve the performance issues?
1: Enable the weighted routing policy on the ELB and configure a higher weighting for the c4.2xlarge instances
2: Add all of the instances into a Placement Group
3: Change the configuration to use only c4.2xlarge instance types
4: Add more c5.large instances to spread the load more evenly
1: Enable the weighted routing policy on the ELB and configure a higher weighting for the c4.2xlarge instances
2: Add all of the instances into a Placement Group
3: Change the configuration to use only c4.2xlarge instance types
4: Add more c5.large instances to spread the load more evenly
A Solutions Architect created a new IAM user account for a temporary employee who recently joined the company. The user does not have permissions to perform any actions, which statement is true about newly created users in IAM?
1: They are created with no permissions
2: They are created with limited permissions
3: They are created with full permissions
4: They are created with user privileges
1: They are created with no permissions
2: They are created with limited permissions
3: They are created with full permissions
4: They are created with user privileges
A government agency is using CloudFront for a web application that receives personally identifiable information (PII) from citizens. What feature of CloudFront applies an extra level of encryption at CloudFront edge locations to ensure the PII data is secured end-to-end?
1: Object invalidation
2: Field-level encryption
3: RTMP distribution
4: Origin access identity
1: Object invalidation
2: Field-level encryption
3: RTMP distribution
4: Origin access identity
A company has multiple Amazon VPCs that are peered with each other. The company would like to use a single Elastic Load Balancer (ELB) to route traffic to multiple EC2 instances in peered VPCs within the same region. How can this be achieved?
1: This is not possible, the instances that an ELB routes traffic to must be in the same VPC
2: This is possible using the Classic Load Balancer (CLB) if using Instance IDs
3: This is possible using the Network Load Balancer (NLB) and Application Load Balancer (ALB) if using IP addresses as targets
4: This is not possible with ELB, you would need to use Route 53
1: This is not possible, the instances that an ELB routes traffic to must be in the same VPC
2: This is possible using the Classic Load Balancer (CLB) if using Instance IDs
3: This is possible using the Network Load Balancer (NLB) and Application Load Balancer (ALB) if using IP addresses as targets
4: This is not possible with ELB, you would need to use Route 53
Some data has become corrupted in an Amazon RDS database. A Solutions Architect plans to use point-in-time restore to recover the data to the last known good configuration. Which of the following statements is correct about restoring an RDS database to a specific point-in-time? (Select TWO)
1: You can restore up to the last 5 minutes
2: Custom DB security groups are applied to the new DB instance
3: You can restore up to the last 1 minute
4: The default DB security group is applied to the new DB instance
1: You can restore up to the last 5 minutes
2: Custom DB security groups are applied to the new DB instance
3: You can restore up to the last 1 minute
4: The default DB security group is applied to the new DB instance
An application is generating a large amount of clickstream events data that is being stored on S3. The business needs to understand customer behavior and want to run complex analytics queries against the data. Which AWS service can be used for this requirement?
1: Amazon RedShift
2: Amazon Neptune
3: Amazon RDS
4: Amazon Kinesis Firehose
1: Amazon RedShift
2: Amazon Neptune
3: Amazon RDS
4: Amazon Kinesis Firehose
A Solutions Architect is deploying a production application that will use several Amazon EC2 instances and run constantly on an ongoing basis. The application cannot be interrupted or restarted. Which EC2 pricing model would be best for this workload?
1: Reserved instances
2: On-demand instances
3: Spot instances
4: Flexible instances
1: Reserved instances
2: On-demand instances
3: Spot instances
4: Flexible instances
A customer has requested some advice on how to implement security measures in their Amazon VPC. The client has recently been the victim of some hacking attempts. The client wants to implement measures to mitigate further threats. The client has explained that the attacks always come from the same small block of IP addresses. What would be a quick and easy measure to help prevent further attacks?
1: Use a Security Group rule that denies connections from the block of IP addresses
2: Use CloudFront’s DDoS prevention features
3: Create a Bastion Host restrict all connections to the Bastion Host only
4: Use a Network ACL rule that denies connections from the block of IP addresses
1: Use a Security Group rule that denies connections from the block of IP addresses
2: Use CloudFront’s DDoS prevention features
3: Create a Bastion Host restrict all connections to the Bastion Host only
4: Use a Network ACL rule that denies connections from the block of IP addresses
An Amazon EC2 instance has been launched into an Amazon VPC. A Solutions Architect needs to ensure that instances have both a private and public DNS hostnames. Assuming settings were not changed during creation of the VPC, how will DNS hostnames be assigned by default? (Select TWO)
1: In all VPCs instances no DNS hostnames will be assigned
2: In a non-default VPC instances will be assigned a public and private DNS hostname
3: In a default VPC instances will be assigned a public and private DNS hostname
4: In a non-default VPC instances will be assigned a private but not a public DNS hostname
5: In a default VPC instances will be assigned a private but not a public DNS hostname
1: In all VPCs instances no DNS hostnames will be assigned
2: In a non-default VPC instances will be assigned a public and private DNS hostname
3: In a default VPC instances will be assigned a public and private DNS hostname
4: In a non-default VPC instances will be assigned a private but not a public DNS hostname
5: In a default VPC instances will be assigned a private but not a public DNS hostname
A fleet of Amazon EC2 instances running Linux will be launched in an Amazon VPC. An application development framework and some custom software must be installed on the instances. The installation will be initiated using some scripts. What feature enables a Solutions Architect to specify the scripts the software can be installed during the EC2 instance launch?
1: Metadata
2: Run Command
3: AWS Config
4: User Data
1: Metadata
2: Run Command
3: AWS Config
4: User Data
