Practice Exam Questions Flashcards
A company is planning to migrate a TCP-based application into the company’s VPC The
application is publicly accessible on a nonstandard TCP port through a hardware appliance in
the company’s data centre. This public endpoint can process up to 3 million requests per
second with low latency. The company requires the same level of performance for the new2https://Xcerts.com
public endpoint in AWS.
What should a solutions architect recommend to meet this requirement?
A. Deploy a Network Load Balancer (NLB). Configure the NLB to be publicly accessible over the
TCP port that the application requires.
B. Deploy an Application Load Balancer (ALB). Configure the ALB to be publicly accessible over
the TCP port that the application requires.
C. Deploy an Amazon CloudFront distribution that listens on the TCP port that the application
requires Use an Application Load Balancer as the origin.
D. Deploy an Amazon API Gateway API that is configured with the TCP port that the application
requires. Configure AWS Lambda functions with provisioned concurrency to process the
requests.
A - Remember that it’s a Network that we are focused on.
A company has an ecommerce application that stores data in an on-premises SQL database.
The company has decided to migrate this database to AWS. However, as part of the migration,
the company wants to find a way to attain sub-millisecond responses to common read requests.
A solutions architect knows that the increase in speed is paramount and that a small percentage
of stale data returned in the database reads is acceptable.
What should the solutions architect recommend’?
A. Build Amazon RDS read replicas.
B. Build the database as a larger instance type.
C. Build a database cache using Amazon ElastiCache.
D. Build a database cache using Amazon Elasticsearch Service (Amazon ES)
C
A company is implementing new data retention policies for all databases that run on Amazon
RDS DB instances. The company must retain daily backups for a minimum period of 2 years.
The backups must be consistent and restorable.
Which solution should a solutions architect recommend to meet these requirements?
A. Create a backup vault in AWS Backup to retain RDS backups. Create a new backup plan
with a daily schedule and an expiration period of 2 years after creation. Assign the RDS DB
instances to the backup plan.
Configure a backup window for the RDS DB Instances for daily snapshots. Assign a snapshot
retention policy of 2 years to each RDS DB instance. Use Amazon Data Lifecycle Manager
(Amazon DLM) to schedule snapshot deletions.
B. Configure database transaction logs to be automatically backed up to Amazon CloudWatch
Logs with an expiration period of 2 years.
C. Configure an AWS Database Migration Service (AWS DMS) replication task. Deploy a
replication instance, and configure a change data capture (CDC) task to stream database
changes to Amazon S3 as the target Configure S3 Lifecycle policies to delete the snapshots after 2 years.
A
A disaster response team is using drones to collect images of recent storm damage. The
response team’s laptops lack the storage and compute capacity to transfer the images and
process the data While the team has Amazon EC2 instances for processing and Amazon S3
buckets for storage, network connectivity is intermittent and unreliable. The images need to be
processed to evaluate the damage.
What should a solutions architect recommend’?
A. Use AWS Snowball Edge devices to process and store the images.
B. Upload the images to Amazon Simple Queue Service (Amazon SQS) during intermittent
connectivity to EC2 instances.
C. Configure Amazon Kinesis Data Firehose to create multiple delivery streams aimed
separately at the S3 buckets for storage and the EC2 instances for processing the images.
D. Use AWS Storage Gateway pre-installed on a hardware appliance to cache the images
locally for Amazon S3 to process the images when connectivity becomes available.
A
A solutions architect needs to design a network that will allow multiple Amazon EC2 instances
to access a common data source used for mission-critical data that can be accessed by all the
EC2 instances simultaneously. The solution must be highly scalable, easy to implement, and
support the NFS protocol.
Which solution meets these requirements?
A. Create an Amazon EFS file system Configure a mount target in each Availability Zone.
Attach each instance to the appropriate mount target.
B. Create an additional EC2 instance and configure it as a file server Create a security group
that allows communication between the instances and apply that to the additional instance.
C. Create an Amazon S3 bucket with the appropriate permissions Create a role in AWS IAM
that grants the correct permissions to the S3 bucket. Attach the role to the EC2 instances that
need access to the data.
D. Create an Amazon EBS volume with the appropriate permissions. Create a role in AWS IAM
that grants the correct permissions to the EBS volume. Attach the role to the EC2 instances that
need access to the data.
A
A manufacturing company has machine sensors that upload csv files to an Amazon S3 bucket
These csv files must be converted into images and must be made available as soon as possible
for the automatic generation of graphical reports.
The images become irrelevant after 1 month, but the csv files must be kept to train machine
learning (ML) models twice a year. The ML trainings and audits are planned weeks in advance Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO )
A. Launch an Amazon EC2 Spot Instance that downloads the .csv files every hour, generates
the image files, and uploads the images to the S3 bucket.
B. Design an AWS Lambda function that converts the .csv files into images and stores the
images in the S3 bucket Invoke the Lambda function when a csv file is uploaded.
C. Create S3 Lifecycle rules for .csv files and image files in the S3 bucket Transition the csv
files from S3 Standard to S3 Glacier 1 day after they are uploaded. Expire the image files after
30 days.
D. Create S3 Lifecycle rules for csv files and image files in the S3 bucket Transition the csv files
from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) 1 day after they are
uploaded Expire the image files after 30 days.
E. Create S3 Lifecycle rules for .csv files and image files in the S3 bucket. Transition the csv
files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 1 day after they are
uploaded. Keep the image files in Reduced Redundancy Storage (RRS).
B, D
A company is developing a serverless web application that gives users the ability to interact with
real-time analytics from online games. The data from the games must be streamed in real time.
The company needs a durable, low-latency database option for user data. The company does
not know how many users will use the application Any design considerations must provide
response times of single-digit milliseconds as the application scales.
Which combination of AWS services will meet these requirements? (Select TWO.)
A. Amazon CloudFront
B. Amazon DynamoDB
C. Amazon Kinesis
D. Amazon RDS
E. AWS Global Accelerator
B, C
A company has an application that calls AWS Lambda functions. A recent code review found
database credentials stored in the source code. The database credentials needs to be removed
from the Lambda source code. The credentials must then be securely stored and rotated on a
on-going basis to meet security policy requirements.
What should a solutions architect recommend meet these requirements?
A. Store the password in AWS CloudHSM. Associate the Lambda function with a role that can
review the password from CloudHSM given key ID.
B. Store the password in AWS Secrets Manager . A associate the Lambda function with a role
that can retrieve the password from secrets Manager given its secret ID.
C. Move the database password to an environment variable associate the Lambda function
Retrieve the password from the environment variable upon execution.
D. Store the password in AWS Key Management Service (AWS KMS). Associate the Lambda 5https://Xcerts.com function with a role that can retrieve the password from AWS KMS given its key ID
B
An application running on AWS uses an Amazon Aurora Multi-AZ deployment for its database
When evaluating performance metrics, a solutions architect discovered that the database reads
are causing high I/O and adding latency to the write requests against the database.
What should the solutions architect do to separate the read requests from the write requests?
A. Enable read-through caching on the Amazon Aurora database.
B. Update the application to read from the Multi-AZ standby instance.
C. Create a read replica and modify the application to use the appropriate endpoint.
D. Create a second Amazon Aurora database and link it to the primary database as a read
replica.
C
A company’s website hosted on Amazon EC2 instances processes classified data stored in
Amazon S3. Due to security concerns, the company requires a private and secure connection
between its EC2 resources and Amazon S3.
Which solution meets these requirements?
A. Set up S3 bucket policies to allow access from a VPC endpoint.
B. Set up an IAM policy to grant read-write access to the S3 bucket.
C. Set up a NAT gateway to access resources outside the private subnet.
D. Set up an access key ID and a secret access key to access the S3 bucket
A
A company’s near-real-time streaming application is running on AWS. As the data is ingested, a
job runs on the data and takes 30 minutes to complete. The workload frequently experiences
high latency due to large amounts of incoming data A solutions architect needs to design a
scalable and serverless solution to enhance performance.
Which combination of steps should the solutions architect take? (Select TWO.)
A. Use Amazon Kinesis Data Firehose to ingest the data.
B. Use AWS Lambda with AWS Step Functions to process the data.
C. Use AWS Database Migration Service (AWS DMS) to ingest the data.
D. Use Amazon EC2 instances in an Auto Scaling group to process the data.
E. Use AWS Fargate with Amazon Elastic Container Service (Amazon ECS) to process the
data.
A, B
A company has created an isolated backup of its environment in another Region The application
is running in warm standby mode and is fronted by an Application Load Balancer (ALB) The
current failover process is manual and requires updating a DNS alias record to point to the
secondary ALB in another Region.
What should a solutions architect do to automate the failover process?
A. Enable an ALB health check
B. Enable an Amazon Route 53 health check.
C. Create a CNAME record on Amazon Route 53 pointing to the ALB endpoint.
D. Create conditional forwarding rules on Amazon Route 53 pointing to an internal BIND DNS
server.
B
A company recently signed a contract with an AWS Managed Service Provider (MSP) Partner
for help with an application migration initiative. A solutions architect needs to share an Amazon
Machine Image (AMI) from an existing AWS account with the MSP Partner’s AWS account. The
AMI is backed by Amazon Elastic Block Store (Amazon EBS) and uses a customer managed
customer master key (CMK) to encrypt EBS volume snapshots.
What is the MOST secure way for the solutions architect to share the AMI with the MSP
Partner’s AWS account?
A. Make the encrypted AMI and snapshots publicly available. Modify the CMK’s key policy to
allow the MSP Partner’s AWS account to use the key.
B. Modify the launchPermission property of the AMI. Share the AMI with the MSP Partner’s
AWS account only. Modify the CMK’s key policy to allow the MSP Partner’s AWS account to
use the key.
C. Modify the launchPermission property of the AMI Share the AMI with the MSP Partner’s AWS
account only. Modify the CMK’s key policy to trust a new CMK that is owned by the MSP
Partner for encryption.
D. Export the AMI from the source account to an Amazon S3 bucket in the MSP Partner’s AWS
account. Encrypt the S3 bucket with a CMK that is owned by the MSP Partner Copy and launch
the AMI in the MSP Partner’s AWS account.
B
A company is designing a new web service that will run on Amazon EC2 instances behind an
Elastic Load Balancer. However many of the web service clients can only reach IP addresses
whitelisted on their firewalls.
What should a solutions architect recommend to meet the clients’ needs?
A. A Network Load Balancer with an associated Elastic IP address.
B. An Application Load Balancer with an associated Elastic IP address.
C. An A record in an Amazon Route 53 hosted zone pointing to an Elastic IP address.
D. An EC2 instance with a public IP address running as a proxy in front of the load balancer.
A
A solutions architect must design a database solution for a high-traffic ecommerce web
application. The database stores customer profiles and shopping cart information. The database
must support a peak load of several million requests each second and deliver responses in
milliseconds The operational overhead for managing and scaling the database must be
minimized.
Which database solution should the solutions architect recommend?
A. Amazon Aurora
B. Amazon DynamoDB
C. Amazon RDS
D. Amazon Redshift
B
A solutions architect is designing the cloud architecture for a new application that is being
deployed on AWS. The application’s users will interactively download and upload files. Files that
are more than 90 days old will be accessed less frequently than newer files, but all files need to
be instantly available. The solutions architect must ensure that the application can scale to store
petabytes of data with maximum durability.
Which solution meets these requirements?
A. Store the files in Amazon S3 Standard. Create an S3 Lifecycle policy that moves objects that
are more than 90 days old to S3 Glacier.
B. Store the tiles in Amazon S3 Standard. Create an S3 Lifecycle policy that moves objects that
are more than 90 days old to S3 Standard-Infrequent Access (S3 Standard-IA).
C. Store the files in Amazon Elastic Block Store (Amazon EBS) volumes. Schedule snapshots
of the volumes. Use the snapshots to archive data that is more than 90 days old.
D. Store the files in RAID-striped Amazon Elastic Block Store (Amazon EBS) volumes.
Schedule snapshots of the volumes. Use the snapshots to archive data that is more than 90
days old.
B
A company has a service that produces event data. The company wants to use AWS to process
the event data as it is received. The data is written in a specific order that must be maintained
throughout processing The company wants to implement a solution that minimizes operational
overhead.
How should a solutions architect accomplish this?
A. Create an Amazon Simple Queue Service (Amazon SQS) FIFO queue to hold messages Set
up an AWS Lambda function to process messages from the queue.
B. Create an Amazon Simple Notification Service (Amazon SNS) topic to deliver notifications
containing payloads to process Configure an AWS Lambda function as a subscriber.
C. Create an Amazon Simple Queue Service (Amazon SQS) standard queue to hold messages. Set up an AWS Lambda function to process messages from the queue independently.
D. Create an Amazon Simple Notification Service (Amazon SNS) topic to deliver notifications
containing payloads to process. Configure an Amazon Simple Queue Service (Amazon SQS)
queue as a subscriber.
A
A social media company is building a feature tor its website. The feature will give users the
ability to upload photos. The company expects significant increases in demand during large
events and must ensure that the website can handle the upload traffic from users.
Which solution meets these requirements with the MOST scalability?
A. Upload files from the user’s browser to the application servers Transfer the files to an
Amazon S3 bucket.
B. Provision an AWS Storage Gateway file gateway. Upload files directly from the user’s
browser to the file gateway.
C. Generate Amazon S3 presigned URLs in the application. Upload files directly from the user’s
browser into an S3 bucket.
D. Provision an Amazon Elastic File System (Amazon EFS) file system. Upload files directly
from the user’s browser to the file system.
C
A company is concerned about the security of its public web application due to recent web
attacks. The application uses an Application Load Balancer (ALB). A solutions architect must
reduce the risk of DDoS attacks against the application.
What should the solutions architect do to meet this requirement?
A. Add an Amazon Inspector agent to the ALB
B. Configure Amazon Made to prevent attacks.
C. Enable AWS Shield Advanced to prevent attacks.
D. Configure Amazon GuardDuty to monitor the ALB
C
A website runs a web application that receives a burst of traffic each day at noon. The users
upload new pictures and context daily, but have complaining of timeout. The architect uses
Amazon EC2 Auto Scaling groups, and the custom application consistently takes 1 minutes to
initiate upon boot up before responding to user requests.
How should a solutions architect redesign the architect to better respond to changing traffic?
A. Configure a Network Load Balancer with a slow start configuration.
B. Configure AWS ElastiCache for Redis to offload direct requests to the servers.
C. Configure an Auto Scaling step scaling policy with an instance warmup condition.
D. Configure Amazon CloudFront to use an Application Load Balancer as the origin.
9https://Xcerts.com
Answer(s): C
Explanation:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-simple-step.html#as- step-
scaling-warmup.
“If you are creating a step policy, you can specify the number of seconds that it takes for a
newly launched instance to warm up. Until its specified warm-up time has expired, an instance
is not counted toward the aggregated metrics of the Auto Scaling group. Using the example in
the Step Adjustments section, suppose that the metric gets to 60, and then it gets to 62 while
the new instance is still warming up. The current capacity is still 10 instances, so 1 instance is
added (10 percent of 10 instances). However, the desired capacity of the group is already 11
instances, so the scaling policy does not increase the desired capacity further. If the metric gets
to 70 while the new instance is still warming up, we should add 3 instances (30 percent of 10
instances). However, the desired capacity of the group is already 11, so we add only 2
instances, for a new desired capacity of 13 instances”
The application’s traffic is often low. but it occasionally grows significantly. During these sudden
increases in traffic, DynamoDB returns throttling errors. The result is that error pages are
displayed to end users.
What should a solutions architect do to reduce these errors?
A. Change the DynamoDB table to use on-demand capacity mode.
B. Create a DynamoDB read replica to scale the read traffic horizontally.
C. Purchase DynamoDB reserved capacity of 1,000 RCUs and 500 WCUs.
D. Configure the application to use strongly consistent reads for DynamoDB queries.
D
A solutions architect must design a highly available infrastructure for a website. The website is
powered by Windows web servers that run on Amazon EC2 instances. The solutions architect
must implement a solution that can mitigate a large-scale DDoS attack that originates from
thousands of IP addresses. Downtime is not acceptable for the website.
Which actions should the solutions architect take to protect the website from such an attack?
(Select TWO.)
A. Use AWS Shield Advanced to stop the DDoS attack.
B. Configure Amazon GuardDuty to automatically block the attackers.
C. Configure the website to use Amazon CloudFront for both static and dynamic content.
D. Use an AWS Lambda function to automatically add attacker IP addresses to VPC network
ACLs.
E. Use EC2 Spot Instances in an Auto Scaling group with a target tracking scaling policy that is
set to 80% CPU utilization.
A, D
A company hosts an application on AWS. The application interacts with an Amazon DynamoDB
table that has 10 read capacity units (RCUs) Data from Amazon CloudWatch alarms shows that throttling is occurring on read requests to the DynamoDB table. The company needs to prevent
this issue from happening in the future as the application continues to grow.
What should a solutions architect recommend to meet these requirements?
A. Add an Elastic Load Balancer in front of the DynamoDB table.
B. Change the RCUs for the DynamoDB table to 20.
C. Provision 20 write capacity units (WCUs) for the DynamoDB table to offset the throttling on
read requests.
D. Enable auto scaling for the DynamoDB table
D
A company’s security team requests that network traffic be captured in VPC Flow Logs The logs
will be frequently accessed for 90 days and then accessed intermittently What should a
solutions architect do to meet these requirements when configuring the logs?
A. Use Amazon CloudWatch as the target. Set the CloudWatch log group with an expiration of
90 days.
B. Use Amazon Kinesis as the target Configure the Kinesis stream to always retain the logs for
90 days.
C. Use AWS CloudTrail as the target. Configure CloudTrail to save to an Amazon S3 bucket,
and enable S3 Intelligent-Tiering.
D. Use Amazon S3 as the target Enable an S3 Lifecycle policy to transition the logs to S3
Standard-Infrequent Access (S3 Standard-IA) after 90 days.
A
A company has a custom application running on an Amazon EC2 instance that:
· Reads a large amount of data from Amazon S3
· Performs a multi-stage analysis.
Writes the results to Amazon DynamoDB
The application writes a significant number of large, temporary files during the multi-stage
analysis. The process performance depends on the temporary storage performance. What
would be the fastest storage option for holding the temporary files?
A. Multiple Amazon S3 buckets with Transfer Acceleration for storage.
B. Multiple Amazon EBS drives with Provisioned IOPS and EBS optimization.
C. Multiple Amazon EFS volumes using the Network File System version 4 1 (NFSv4 1)
protocol.
D. Multiple instance store volumes with software RAID 0.
A
A company’s legacy application is currently relying on a single-instance Amazon RDS MySQL database without encryption. Due to new compliance requirements all existing and new data in
this database must be encrypted.
How should this be accomplished?
A. Create an Amazon S3 bucket with server-side encryption enabled Move all the data to
Amazon S3 Delete the RDS instance.
B. Enable RDS Multi-AZ mode with encryption at rest enabled. Perform a failover to the standby
instance to delete the original instance.
C. Take a snapshot of the RDS instance. Create an encrypted copy of the snapshot. Restore
the RDS instance from the encrypted snapshot.
D. Create an RDS read replica with encryption at rest enabled Promote the read replica to
master and switch the application over to the new master Delete the old RDS instance.
C
A company needs to store 160TB of data for an indefinite of time. The company must be able to
use standard SQL and business intelligence tools to query all of the data. The data will be
queried no more than twice each month.
What is the MOST cost-effective solution that meets these requirements?
A. Store the data in Amazon Aurora Serverles with MySQL . Use an SQL client to query the
data.
B. Store the data in Amazon S3. Use AWS Glue. Amazon Athena. IDBC and COBC drivers to
query the data.
C. Store the data in an Amazon EMR cluster with EMR File System (EMRFS) as the storage
layer use Apache Presto to query the data.
D. Store a subnet of the data in Amazon Redshift, and store the remaining data in Amazon S3.
Use Amazon Redshift Spectrum to query the S3 data.
D
A solution architect at a company is designing the architecture for a two-tiered web application.
The web application is composed of an internet facing application load balancer that forwards
traffic to an auto scaling group of amazon EC2 instances. The EC2 instances must be able to
access a database that runs on Amazon RDS.
The company has requested a defence-in-depth approach to the network layout. The company
does not want to rely solely on security groups or network ACLs. Only the minimum resources
that are necessary should be routable from the internet.
Which network design should the solutions architect recommend to meet these requirements?
A. Place the ALB, EC2 instances and RDS database in private subnets.
B. Place the ALB in public subnets. Place the EC2 instances and RDS database in private
subnets.
C. Place the ALB and EC2 instances in public subnets. Place the RDS database in private
subnets.
D. Place the ALB outside the VPC. Place the EC2 instances and RDS database in private
subnets.
C
A solutions architect is designing the architecture for a company website that is composed of
static content. The company’s target customers are located in the United States and Europe.
Which architecture should the solutions architect recommend to MINIMIZE cost?
A. Store the website files on Amazon S3 in the us-east-2 Region. Use an Amazon CloudFront distribution with the price class configured to limit the edge locations in use.
B. Store the website files on Amazon S3 in the us-east-2 Region. Use an Amazon CloudFront distribution with the price class configured to maximize the use of edge locations.
C. Store the website files on Amazon S3 in the us-east-2 Region and the eu-west-1 Region.
Use an Amazon CloudFront geolocation routing policy to route requests to the closest Region to
the user.
D. Store the website files on Amazon S3 in the us-east-2 Region and the eu-west-1 Region.
Use an Amazon CloudFront distribution with an Amazon Route 53 latency routing policy to route
requests to the closest Region to the user
D
A company captures ordered clickstream data from multiple websites and uses batch
processing to analyze the data. The company receives 100 million event records, all
approximately 1 KB in size, each day. The company loads the data into Amazon Redshift each
night, and business analysts consume the data.
The company wants to move toward near-real-time data processing for timely insights. The
solution should process the streaming data while requiring the least possible operational
overhead.
Which combination of AWS services will meet these requirements MOST cost-effectively?
(Select TWO.)
A. Amazon EC2
B. AWS Batch
C. Amazon Simple Queue Service (Amazon SQS)
D. Amazon Kinesis Data Firehose
E. Amazon Kinesis Data Analytics
B, C
A company has a stateless web application that runs on AWS Lambda functions that are
invoked by Amazon API Gateway. The company wants to deploy the application across multiple
AWS Regions to provide Regional failover capabilities.
What should a solutions architect do to route traffic to multiple Regions?
A. Configure Amazon Route 53 health checks for each Region. Use an active-active failover
configuration.
B. Create an Amazon CloudFront distribution with an origin for each Region. Use CloudFront
health checks to route traffic.
C. Create an AWS Transit Gateway Attach the transit gateway to the API Gateway endpoint in
each Region Configure the transit gateway to route requests.
D. Use AWS Global Accelerator to create an accelerator with endpoints in each Region. Allow
Global Accelerator to automatically monitor the health of endpoints and route requests.
A
A solutions architect is redesigning a monolithic application to be a loosely coupled application
composed of two microservices: Microservice A and Microservice B
Microservice A places messages in a mam Amazon Simple Queue Service (Amazon SOS)
queue for Microservice B to consume When Microservice B fails to process a message after
four retries, the message needs to be removed from the queue and stored for further
investigation.
What should the solutions architect do to meet these requirements?
A. Create an SQS dead-letter queue Microservice B adds failed messages to that queue after it
receives and fails to process the message four times.
B. Create an SQS dead-letter queue Configure the main SQS queue to deliver messages to the
dead-letter queue after the message has been received four times.
C. Create an SQS queue for failed messages Microservice A adds failed messages to that
queue after Microservice B receives and fails to process the message four times.
D. Create an SQS queue for failed messages. Configure the SQS queue for failed messages to
pull messages from the main SQS queue after the original message has been received four
times.
Answer(s): B
Explanation:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs- dead-
letter-queues.html#sqs-dead-letter-queues-how-they-work
A company needs a storage solution for an application that runs on a high performance
computing (HPC) cluster. The cluster is hosted on AWS Fargate for Amazon Elastic Container
Service (Amazon ECS) The company needs a mountable file system that provides concurrent
access to files while delivering hundreds of GBps of throughput at sub- millisecond latencies.
Which solution meets these requirements?
A. Create an Amazon FSx for Lustre file share for the application data Create an IAM role that
allows Fargate to access the FSx for Lustre file share.
B. Create an Amazon Elastic File System (Amazon EFS) file share for the application data.
Create an IAM role that allows Fargate to access the EFS file share.
C. Create an Amazon S3 bucket for the application data. Create an S3 bucket policy that allows Fargate to access the S3 bucket.
D. Create an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS SSD (io2) volume
for the application data Create an IAM role that allows Fargate to access the volume.
A
A company has a customer relationship management (CRM) application that stores data in an
Amazon RDS DB instance that runs Microsoft SQL Server. The company’s IT staff has
administrative access to the database. The database contains sensitive data. The company
wants to ensure that the data is not accessible to the IT staff and that only authorized personnel
can view the data.
What should a solutions architect do to secure the data?
A. Use client-side encryption with an Amazon RDS managed key.
B. Use client-side encryption with an AWS Key Management Service (AWS KMS) customer managed key.
C. Use Amazon RDS encryption with an AWS Key Management Service (AWS KMS) default
encryption key.
D. Use Amazon RDS encryption with an AWS Key Management Service (AWS KMS) customer
managed key
D
A company operates a website on Amazon EC2 Linux instances Some of the instances are
failing. Troubleshooting points to insufficient swap space on the failed instances. The operations
team lead needs a solution to monitor this.
What should a solutions architect recommend?
A. Configure an Amazon CloudWatch SwapUsage metric dimension Monitor the SwapUsage
dimension in the EC2 metrics in CloudWatch.
B. Use EC2 metadata to collect information, then publish it to Amazon CloudWatch custom
metrics Monitor SwapUsage metrics in CloudWatch.
C. Install an Amazon CloudWatch agent on the instances. Run an appropriate script on a set
schedule. Monitor SwapUtilization metrics in CloudWatch.
D. Enable detailed monitoring in the EC2 console Create an Amazon CloudWatch
SwapUtilization custom metric Monitor SwapUtilization metrics in CloudWatch.
A
A social media company allows users to upload images to its website. The website runs on
Amazon EC2 instances. During upload requests, the website resizes the images to a standard
size and stores the resized images in Amazon S3. Users are experiencing slow upload requests
to the website.
The company needs to reduce coupling within the application and improve website performance
A solutions architect must design the most operationally efficient process for image uploads.
Which combination of actions should the solutions architect take to meet these requirements’?
(Select TWO.)
A. Configure the application to upload images to S3 Glacier.
B. Configure the web server to upload the original images to Amazon S3.
C. Configure the application to upload images directly from each user’s browser to Amazon S3
through the use of a presigned URL.
D. Configure S3 Event Notifications to invoke an AWS Lambda function when an image is
uploaded. Use the function to resize the image.
E. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS
Lambda function on a schedule to resize uploaded images.
D, E
A company hosts its multi-tier, public web application in the AWS Cloud. The web application runs on Amazon EC2 instances and its database runs on Amazon RDS The company is
anticipating a large increase in sales during an upcoming holiday weekend A solutions architect
needs to build a solution to analyze the performance of the web application with a granularity of
no more than 2 minutes.
What should the solutions architect do to meet this requirement?
A. Send Amazon CloudWatch logs to Amazon Redshift Use Amazon QuickSight to perform
further analysis.
B. Enable detailed monitoring on all EC2 instances. Use Amazon CloudWatch metrics to
perform further analysis.
C. Create an AWS Lambda function to fetch EC2 logs from Amazon CloudWatch Logs. Use
Amazon CloudWatch metrics to perform further analysis.
D. Send EC2 logs to Amazon S3. Use Amazon Redshift to fetch logs from the S3 bucket to
process raw data for further analysis with Amazon QuickSight
B
A company needs to connect its on-premises data center network to a new VPC. The data
center network has a 100 Mbps symmetrical internet connection. An application that is running
on premises will transfer multiple gigabytes of data each day. The application will use an
Amazon Kinesis Data Firehose delivery stream for processing.
What should a solutions architect recommend for maximum performance?
A. Create a VPC peering connection between the on-premises network and the VPC Configure
routing for the on-premises network to use the VPC peering connection.
B. Procure an AWS Snowball Edge Storage Optimized device. After several days’ worth of data
has accumulated, copy the data to the device and ship the device to AWS for expedited transfer
to Kinesis Data Firehose Repeat as needed.
C. Create an AWS Site-to-Site VPN connection between the on-premises network and the VPC
Configure BGP routing between the customer gateway and the virtual private gateway. Use the
VPN connection to send the data from on premises to Kinesis Data Firehose.
D. Use AWS PrivateLink to create an interface VPC endpoint for Kinesis Data Firehose in the
VPC. Set up a 1 Gbps AWS Direct Connect connection between the on-premises network and
AWS Use the PrivateLink endpoint to send the data from on premises to Kinesis Data Firehose.
D
A company is designing a new web service that will run on Amazon EC2 instances behind an
Elastic Load Balancer. However, many of the web service clients can only reach IP addresses
whitelisted on their firewalls.
What should a solutions architect recommend to meet the clients’ needs?
A. A Network Load Balancer with an associated Elastic IP address.
B. An Application Load Balancer with an associated Elastic IP address.
C. An A record in an Amazon Route 53 hosted zone pointing to an Elastic IP address.
D. An EC2 instance with a public IP address running as a proxy in front of the load balancer.
A
A company is hosting an application in its own data center The application uses Amazon S3 for
data storage The application transfers several hundred terabytes of data every month to and
from Amazon S3 The company needs to minimize the cost of this data transfer.
Which solution meets this requirement?
A. Establish an AWS Direct Connect connection between the AWS Region in use and the
company’s data center Route traffic to Amazon S3 over the Direct Connect connection.
B. Establish an AWS Site-to-Site VPN connection between the company’s data center and a VPC in the AWS Region in use. Create a VPC endpoint for Amazon S3 in the VPC. Route traffic
to Amazon S3 over the VPN connection to the S3 endpoint.
C. Create an AWS Storage Gateway file gateway Deploy the software appliance in the
company’s data center Configure the application to use the file gateway to store and retrieve
files.
D. Create an FTPS server by using AWS Transfer Family. Configure the application to use the
FTPS server to store and retrieve files
C
A development team needs to host a website that will be accessed by other teams. The website
contents consist of HTML. CSS, client-side JavaScript, and images Which method is the MOST
cost-effective for hosting the website?
A. Containerize the website and host it in AWS Fargate.
B. Create an Amazon S3 bucket and host the website there.
C. Deploy a web server on an Amazon EC2 instance to host the website.
D. Configure an Application Loa d Balancer with an AWS Lambda target that uses the Express
js framework.
B
A solution architect is designing a new service behind API Gateway. The request pattern for the
service will be unpredictable and can change suddenly from 0 request to over 500 per second.
The total size of the data that needs to be persisted database is currently less than 1 GB
unpredictable future growth. Date can be queried using sampling key -value request.
Which combination of AWS services would meet these requirements? (Select TWO.)
A. AWS Fargete
B. AWS Lambda
C. Amazon DynamoDB
D. Amazon EC2 Auto Scaling
E. MySQL-compatible Amazon Aurora
A, C
A bicycle sharing company is developing a multi-tier architecture to track the location of its
bicycles during peak operating hours The company wants to use these data points in its existing
analytics platform A solutions architect must determine the most viable multi-tier option to
support this architecture The data points must be accessible from the REST API.
Which action meets these requirements for storing and retrieving location data?
A. Use Amazon Athena with Amazon S3
B. Use Amazon API Gateway with AWS Lambda.
C. Use Amazon QuickSight with Amazon Redshift.
D. Use Amazon API Gateway with Amazon Kinesis Data Analytics
D
A company hosts historical weather records in Amazon S3 The records are downloaded from
the company’s website by way of a URL that resolves to a domain name Users all over the
world access this content through subscriptions A third-party provider hosts the company’s root
domain name, but the company recently migrated some of its services to Amazon Route 53.
The company wants to consolidate contracts, reduce latency for users, and reduce costs related
to serving the application to subscribers.
Which solution meets these requirements?
A. Create a web distribution on Amazon CloudFront to serve the S3 content for the application
Create a CNAME record in a Route 53 hosted zone that points to the CloudFront distribution,
resolving to the application’s URL domain name.
B. Create a web distribution on Amazon CloudFront to serve the S3 content for the application.
Create an ALIAS record in the Amazon Route 53 hosted zone that points to the CloudFront
distribution, resolving to the application’s URL domain name.
C. Create an A record in a Route 53 hosted zone for the application. Create a Route 53 traffic
policy for the web application, and configure a geolocation rule Configure health checks to check the health of the endpoint and route DNS queries to other endpoints if an endpoint is
unhealthy.
D. Create an A record in a Route 53 hosted zone for the application Create a Route 53 traffic policy for the web application, and configure a geoproximity rule. Configure health checks to check the health of the endpoint and route DNS queries to other endpoints if an endpoint is
unhealthy.
B
A company runs an application on Amazon EC2 instances. The application is deployed in
private subnets in three Availability Zones of the us-east-1 Region. The instances must be able
to connect to the internet to download files The company wants a design that is highly available
across the Region.
Which solution should be implemented to ensure that there are no disruptions to internet
connectivity?
A. Deploy a NAT instance in a private subnet of each Availability Zone.
B. Deploy a NAT gateway in a public subnet of each Availability Zone.
C. Deploy a transit gateway in a private subnet of each Availability Zone.
D. Deploy an internet gateway in a public subnet of each Availability Zone.
B
A company runs a multi-tier web application that hosts news content. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones and use an Amazon Aurora database A solutions architect needs to make the application more resilient to periodic increases in request
rates. Which architecture should the solutions architect implement? (Select TWO.)
A. Add AWS Shield
B. Add Aurora Replicas.
C. Add AWS Direct Connect.
D. Add AWS Global Accelerator.
E. Add an Amazon CloudFront distribution in front of the Application Load Balancer
B, E
A company currently has 250 TB of backup files stored in Amazon S3 in a vendor’s proprietary format. Using a Linux-based software application provided by the vendor, the company wants to
retrieve files from Amazon S3, transform the files to an industry- standard format, and re-upload them to Amazon S3. The company wants to minimize the data transfer charges associated with
this conversion.
What should a solutions architect do to accomplish this?
A. Install the conversion software as an Amazon S3 batch operation so the data is transformed
without leaving Amazon S3
B. Install the conversion software onto an on-premises virtual machine. Perform the
transformation and re-upload the files to Amazon S3 from the virtual machine.
C. Use AWS Snowball Edge devices to export the data and install the conversion software onto the devices. Perform the data transformation and re-upload the files to Amazon S3 from the Snowball Edge devices.
D. Launch an Amazon EC2 instance in the same Region as Amazon S3 and install the
conversion software onto the instance. Perform the transformation and re-upload the files to
Amazon S3 from the EC2 instance.
D
A company is developing a new online gaming application. The application will run on Amazon EC2 instances in multiple AWS Regions and will have a high number of globally distributed users A solutions architect must design the application to optimize network latency for the users.
Which actions should the solutions architect take to meet these requirements? (Select TWO.)
A. Configure AWS Global Accelerator Create Regional endpoint groups in each Region where
an EC2 fleet is hosted.
B. Create a content delivery network (CDN) by using Amazon CloudFront Enable caching for
static and dynamic content, and specify a high expiration period.
C. Integrate AWS Client VPN into the application. Instruct users to select which Region is
closest to them after they launch the application. Establish a VPN connection to that Region.
D. Create an Amazon Route 53 weighted routing policy Configure the routing policy to give the highest weight to the EC2 instances in the Region that has the largest number of users.
E. Configure an Amazon API Gateway endpoint in each Region where an EC2 fleet is hosted Instruct users to select which Region is closest to them after they launch the application. Use the API Gateway endpoint that is closest to them.
A, B
A company has two applications: a sender application that sends messages with payloads to be
processed and a processing application intended to receive the messages with payloads The company wants to implement an AWS service to handle messages between the twoapplications The sender application can send about 1,000 messages each hour The messages may take up to 2 days to be processed If the messages fail to process, they must be retained so that they do not impact the processing of any remaining messages.
Which solution meets these requirements and is the MOST operationally efficient?
A. Set up an Amazon EC2 instance running a Redis database Configure both applications to use the instance Store process, and delete the messages., respectively.
B. Use an Amazon Kinesis data stream to receive the messages from the sender application.
Integrate the processing application with the Kinesis Client Library (KCL).
C. Integrate the sender and processor applications with an Amazon Simple Queue Service
(Amazon SQS) queue Configure a dead-letter queue to collect the messages that failed to process.
D. Subscribe the processing application to an Amazon Simple Notification Service (Amazon SNS) topic to receive notifications to process, integrate the sender application to write to the
SNS topic.
C
A company has an application that uses Amazon Elastic File System (Amazon EFS) to store
data. The files are 1 GB in size or larger and are accessed often only for the first few days after creation The application data is shared across a cluster of Linux servers The company wants to
reduce storage costs for the application.
What should a solutions architect do to meet these requirements?
A. Implement Amazon FSx and mount the network drive on each server.
B. Move the files from Amazon EFS and store them locally on each Amazon EC2 instance.
C. Configure a lifecycle policy to move the files to the EFS Infrequent Access (IA) storage class after 7 days.
D. Move the files to Amazon S3 with S3 Lifecycle policies enabled. Rewrite the application to
support mounting the S3 bucket
C
A company runs an application on a group of Amazon Linux EC2 instances. For compliance
reasons, the company must retain all application log files for 7 years. The log files will be
analyzed by a reporting tool that must be able to access all the files concurrently.
Which storage solution meets these requirements MOST cost-effectively?
A. Amazon Elastic Block Store (Amazon EBS)
B. Amazon Elastic File System (Amazon EFS)
C. Amazon EC2 instance store
D. Amazon S3
D
A company has a mobile chat application with a data store based in Amazon DynamoDB. Users would like new messages to be need with as little latency as possible. A possible architect needs design an optimal solution that requires minimal application changes.
Which method should the solution architect select?
A. Configure amazon DynamoDB Accelerator (DAX) for the new messages table. Update the
code to use DAX endpoint.
B. AddDynamoDB read replicas to handle the increased read lead the application to point to the
read endpoint for the read replicas.
C. Double the number of read capacity units for the new messages table in DynamoDB.
Continue to use the existing DynamoDB endpoint.
D. Add an Amazon ElastiCache for Redis cache to the application stack. Update the application to point to the Redis cache endpoint of DynamoDB
A
A company’s database is hosted on an Amazon Aurora MySQL DB cluster in the us-east-1 Region The database is 4 TB in size. The company needs to expand its disaster recovery strategy to the us-west-2 Region The company must have the ability to fail over to us-west- 2 with a recovery time objective (RTO) of 15 minutes.
What should a solutions architect recommend to meet these requirements?
A. Create a Multi-Region Aurora MySQL DB cluster in us-east-1 and us-west-2 Use an Amazon
Route 53 health check to monitor us-east-1 and fail over to us-west-2 upon failure.
B. Take a snapshot of the DB cluster in us-east-1. Configure an Amazon EventBridge (Amazon
CloudWatch Events) rule that invokes an AWS Lambda function upon receipt of resource events Configure the Lambda function to copy the snapshot to us-west-2 and restore the snapshot in us-west-2 when failure is detected.
C. Create an AWS CloudFormation script to create another Aurora MySQL DB cluster in us-
west-2 in case of failure Configure an Amazon EventBridge (Amazon CloudWatch Events) rule
that invokes an AWS Lambda function upon receipt of resource events. Configure the Lambda function to deploy the AWS CloudFormation stack in us-west-2 when failure is detected.
D. Recreate the database as an Aurora global database with the primary DB cluster in us- east-1 and a secondary DB cluster in us-west-2 Configure an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function upon receipt of resource events Configure the Lambda function to promote the DB cluster in us-west-2 when failure is
detected.
B
A company processes large amounts of data. The output data is stored in Amazon S3 Standard storage in an S3 bucket, where it is analyzed for 1 month. The data must remain immediately
accessible after the 1-month analysis period.
Which storage solution meets these requirements MOST cost-effectively?
A. Configure an S3 Lifecycle policy to transition the objects to S3 Glacier after 30 days.
B. Configure S3 Intelligent-Tiering to transition the objects to S3 Glacier after 30 days.
C. Configure an S3 Lifecycle policy to transition the objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.
D. Configure an S3 Lifecycle policy to delete the objects after 30 days. Enable versioning on the
S3 bucket so that deleted objects can still be immediately restored as needed.
B
A leasing company generates and emails PDF statements every month for all its customers. Each statement is about 400 KB in size Customers can download their statements from the
website for up to 30 days from when the statements were generated At the end of their 3-year lease, the customers are emailed a ZIP file that contains all the statements.
What is the MOST cost-effective storage solution for this situation?
A. Store the statements using the Amazon S3 Standard storage class Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 1 day.
B. Store the statements using the Amazon S3 Glacier storage class Create a lifecycle policy to move the statements to Amazon S3 Glacier Deep Archive storage after 30 days.
C. Store the statements using the Amazon S3 Standard storage class Create a lifecycle policy
to move the statements to Amazon S3 One Zone-Infrequent Access (S3 One Zone- IA) storage
after 30 days.
D. Store the statements using the Amazon S3 Standard-Infrequent Access (S3 Standard- IA) storage class. Create a lifecycle policy to move the statements to Amazon S3 Glacier storage
after 30 days
D
A solutions architect must create a highly available bastion host architecture. The solution needs to be resilient within a single AWS Region and should require only minimal effort to
maintain.
What should the solutions architect do to meet these requirements?
A. Create a Network Load Balancer backed by an Auto Scaling group with a UDP listener.
B. Create a Network Load Balancer backed by a Spot Fleet with instances in a partition
placement group.
C. Create a Network Load Balancer backed by the existing servers in different Availability Zones as the target.
D. Create a Network Load Balancer backed by an Auto Scaling group with instances in multiple
Availability Zones as the target.
D
A solutions architect needs to design a managed storage solution for a company’s application that includes high-performance machine learning This application runs on AWS Fargate, and the connected storage needs to have concurrent access to files and deliver high performance.
Which storage option should the solutions architect recommend?
A. Create an Amazon S3 bucket for the application and establish an IAM role for Fargate to communicate with Amazon S3
B. Create an Amazon FSx for Lustre file share and establish an IAM role that allows Fargate to communicate with FSx for Lustre.
C. Create an Amazon Elastic File System (Amazon EFS) file share and establish an IAM
role that allows Fargate to communicate with Amazon EFS.
D. Create an Amazon Elastic Block Store (Amazon EBS) volume for the application and
establish an IAM role that allows Fargate to communicate with Amazon EBS
B
A company wants to run an in-memory database for a latency-sensitive application that runs on Amazon EC2 instances. The application processes more than 100,000 transactions each minute and requires high network throughput. A solutions architect needs to provide a cost-effective network design that minimizes data transfer charges.
Which solution meets these requirements?
A. Launch all EC2 instances in the same Availability Zone within the same AWS Region.
Specify a placement group with cluster strategy when launching EC2 instances.
B. Launch all EC2 instances in different Availability Zones within the same AWS Region. Specify a placement group with partition strategy when launching EC2 instances.
C. Deploy an Auto Scaling group to launch EC2 instances in different Availability Zones based
on a network utilization target.
D. Deploy an Auto Scaling group with a step scaling policy to launch EC2 instances in different
Availability Zones.
A
A company must migrate 20 TB of data from a data centre to the AWS Cloud within 30 days. The company’s network bandwidth is limited to 15 Mbps and cannot exceed 70% utilization.
What should a solutions architect do to meet these requirements?
A. Use AWS Snowball.
B. Use AWS DataSync
C. Use a secure VPN connection.
D. Use Amazon S3 Transfer Acceleration
A
A solutions architect is designing a security solution for a company that wants to provide developers with individual AWS accounts through AWS Organizations, while also maintaining
standard security controls Because the individual developers will have AWS account root user-level access to their own accounts, the solutions architect wants to ensure that the mandatory
AWS CloudTrail configuration that is applied to new developer accounts is not modified.
Which action meets these requirements?
A. Create an IAM policy that prohibits changes to CloudTrail, and attach it to the root user.
B. Create a new trail in CloudTrail from within the developer accounts with the organization trails option enabled.
C. Create a service control policy (SCP) the prohibits changes to CloudTrail, and attach it the developer accounts.
D. Create a service-linked role for CloudTrail with a policy condition that allows changes only from an Amazon Resource Name (ARN) in the master account
C
An ecommerce company is creating an application that requires a connection to a third- party
payment service to process payments. The payment service needs to explicitly allow the public
IP address of the server that is making the payment request. However, the company’s security
policies do not allow any server to be exposed directly to the public internet.
Which solution will meet these requirements?
A. Provision an Elastic IP address. Host the application servers on Amazon EC2 instances in a
private subnet. Assign the public IP address to the application servers.
B. Create a NAT gateway in a public subnet. Host the application servers on Amazon EC2 instances in a private subnet Route payment requests through the NAT gateway.
C. Deploy an Application Load Balancer (ALB). Host the application servers on Amazon EC2
instances in a private subnet. Route the payment requests through the ALB.
D. Set up an AWS Client VPN connection to the payment service Host the application servers
on Amazon EC2 instances in a private subnet Route the payment requests through the VPN.
C
An application runs on Amazon EC2 instances across multiple Availability Zones The instances run in an Amazon EC2 Auto Scaling group behind an Application Load Balancer The application
performs best when the CPU utilization of the EC2 instances is at or near 40%.
What should a solutions architect do to maintain the desired performance across all instances in
the group?
A. Use a simple scaling policy to dynamically scale the Auto Scaling group.
B. Use a target tracking policy to dynamically scale the Auto Scaling group.
C. Use an AWS Lambda function to update the desired Auto Scaling group capacity.
D. Use scheduled scaling actions to scale up and scale down the Auto Scaling group.
B
A company has deployed a multiplayer game for mobile devices. The game requires live location tracking of players based on latitude and longitude. The data store for the game must support rapid updates and retrieval of locations. The game uses an Amazon RDS for PostgreSQL DB instance with read replicas to store the location data. During peak usage periods, the database is unable to maintain the performance
that is needed for reading and writing updates. The game’s user base is increasing rapidly.
What should a solutions architect do to improve the performance of the data tier?
A. Take a snapshot of the existing DB instance. Restore the snapshot with Multi-AZ enabled.
B. Migrate from Amazon RDS to Amazon Elasticsearch Service (Amazon ES) with Kibana.
C. Deploy Amazon DynamoDB Accelerator (DAX) in front of the existing DB instance.
Modify the game to use DAX.
D. Deploy an Amazon ElastiCache for Redis cluster in front of the existing DB instance. Modify the game to use Redis.
D
A company is designing a new application that runs in a VPC on Amazon EC2 instances. The application stores data in Amazon S3 and uses Amazon DynamoDB as its database For
compliance reasons, the company prohibits all traffic between the EC2 instances and other AWS services from passing over the public internet.
What can a solutions architect do to meet this requirement?
A. Configure gateway VPC endpoints to Amazon S3 and DynamoDB
B. Configure interface VPC endpoints to Amazon S3 and DynamoDB
C. Configure a gateway VPC endpoint to Amazon S3. Configure an interface VPC endpoint to DynamoDB.
D. Configure a gateway VPC endpoint to DynamoDB Configure an interface VPC endpoint to Amazon S3
A
A solutions architect is designing the architecture for a new web application. The application will run on AWS Fargate containers with an Application Load Balancer (ALB) and an Amazon
Aurora PostgreSQL database. The web application will perform primarily read queries against the database.
What should the solutions architect do to ensure that the website can scale with increasing
traffic? (Select TWO.)
A. Enable auto scaling on the ALB to scale the load balancer horizontally.
B. Configure Aurora Auto Scaling to adjust the number of Aurora Replicas in the Aurora cluster dynamically.
C. Enable cross-zone load balancing on the ALB to distribute the load evenly across containers
in all Availability Zones.
D. Configure an Amazon Elastic Container Service (Amazon ECS) cluster in each Availability Zone to distribute the load across multiple Availability Zones.
E. Configure Amazon Elastic Container Service (Amazon ECS) Service Auto Scaling with a target tracking scaling policy that is based on CPU utilization.
A, BA, B
An administrator of a large company wants to monitor for and prevent any cryptocurrency-
related attacks on the company’s AWS accounts Which AWS service can the administrator use
to protect the company against attacks?
A. Amazon Cognito
B. Amazon GuardDuty
C. Amazon Inspector
D. Amazon Macie
B
A company is deploying a two-tier web application in a VPC. The web tier is using an Amazon EC2 Auto Scaling group with public subnets that span multiple Availability Zones. The database
tier consists of an Amazon RDS for MySQL DB instance in separate private subnets. The web tier requires access to the database to retrieve product information.
The web application is not working as intended. The web application reports that it cannot connect to the database. The database is confirmed to be up and running. All configurations for
the network ACLs. security groups, and route tables are still in their default states.
What should a solutions architect recommend to fix the application?
A. Add an explicit rule to the private subnet’s network ACL to allow traffic from the web tier’s EC2 instances.
B. Add a route in the VPC route table to allow traffic between the web tier’s EC2 instances and the database tier.
C. Deploy the web tier’s EC2 instances and the database tier’s RDS instance into two separate VPCs. and configure VPC peering.
D. Add an inbound rule to the security group of the database tier’s RDS instance to allow traffic from the web tier’s security group.
D
A company has developed a microservices application. It uses a client-facing API with Amazon API Gateway and multiple internal services hosted on Amazon EC2 instances to process user
requests The API is designed to support unpredictable surges in traffic, but internal services may become overwhelmed and unresponsive for a period of time during surges A solutions
architect needs to design a more reliable solution that reduces errors when internal services become unresponsive or unavailable.
Which solution meets these requirements?
A. Use AWS Auto Scaling to scale up internal services when there is a surge in traffic.
B. Use different Availability Zones to host internal services. Send a notification to a system administrator when an internal service becomes unresponsive.
C. Use an Elastic Load Balancer to distribute the traffic between internal services Configure Amazon CloudWatch metrics to monitor traffic to internal services.
D. Use Amazon Simple Queue Service (Amazon SQS) to store user requests as they arrive.
Change the internal services to retrieve the requests from the queue for processing
D
A company is running a web application on Amazon EC2 instances in an Auto Scaling group.
The application uses a database that runs on an Amazon RDS for PostgreSQL DB instance.
The application performs slowly as traffic increases, and the database experiences a heavy read load during periods of high traffic.
Which actions should a solutions architect take to resolve these performance issues? (Select
TWO.)
A. Enable auto scaling for the DB instance.
B. Create a read replica for the DB instance. Configure the application to send read traffic to the read replica.
C. Enable Multi-AZ for the DB instance. Configure the application to send read traffic to the standby DB instance.
D. Create an Amazon ElastiCache cluster. Configure the application to cache query results in the ElastiCache cluster.
E. Configure the Auto Scaling group subnets to ensure that the EC2 instances are provisioned in the same Availability Zone as the DB instance.
B, D
A company is running a multi-tier web application on premises. The web application is containerized and runs on a number of Linux hosts connected to a PostgreSQL database that contains user records The operational overhead of maintaining the infrastructure and capacity
planning is limiting the company’s growth A solutions architect must improve the application’s infrastructure.
Which combination of actions should the solutions architect take to accomplish this? (Select TWO.)
A. Migrate the PostgreSQL database to Amazon Aurora.
B. Migrate the web application to be hosted on Amazon EC2 instances.
C. Set up an Amazon CloudFront distribution for the web application content.
D. Set up Amazon ElastiCache between the web application and the PostgreSQL database.
E. Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container
Service (Amazon ECS).
C, D
A solutions architect needs to design a resilient solution for Windows users’ home directories.
The solution must provide fault tolerance, file-level backup and recovery, and access control, based upon the company’s Active Directory.
Which storage solution meets these requirements?
A. Configure Amazon S3 to store the users’ home directories. Join Amazon S3 to Active Directory.
B. Configure a Multi-AZ file system with Amazon FSx for Windows File Server Join Amazon FSx to Active Directory.
C. Configure Amazon Elastic File System (Amazon EFS) for the users home directories.
Configure AWS Single Sign-On with Active Directory.
D. Configure Amazon Elastic Block Store (Amazon EBS) to store the users home directories Configure AWS Single Sign-On with Active Directory.
B
A company has three VPCs named Development, Testing and Production in the us-east-1
Region. The three VPCs need to be connected to an on-premises data center and are designed to be separate to maintain security and prevent any resource sharing A solutions architect needs to find a scalable and secure solution.
What should the solutions architect recommend?
A. Create an AWS Direct Connect connection and a VPN connection for each VPC to connect back to the data center.
B. Create VPC peers from all the VPCs to the Production VPC Use an AWS Direct Connect connection from the Production VPC back to the data center.
C. Connect VPN connections from all the VPCs to a VPN in the Production VPC. Use a VPN connection from the Production VPC back to the data center.
D. Create a new VPC called Network Within the Network VPC create an AWS Transit Gateway with an AWS Direct Connect connection back to the data center Attach all the other VPCs to the
Network VPC.
D
A company uses a payment processing system that requires messages for a particular payment
ID to be received in the same order that they were sent Otherwise, the payments might be processed incorrectly.
Which actions should a solutions architect take to meet this requirement? (Select TWO.)
A. Write the messages to an Amazon DynamoDB table with the payment ID as the partition key.
B. Write the messages to an Amazon Kinesis data stream with the payment ID as the partition key.
C. Write the messages to an Amazon ElastiCache for Memcached cluster with the payment ID as the key.
D. Write the messages to an Amazon Simple Queue Service (Amazon SQS) queue Set the message attribute to use the payment ID
E. Write the messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the message group to use the payment ID.
A, E
A company hosts historical weather records in Amazon S3. The records are downloaded from the company’s website by way of a URL that resolves to a domain name Users all over the
world access this content through subscriptions. A third-party provider hosts the company’s root domain name, but the company recently migrated some of its services to Amazon Route 53 The
company wants to consolidate contracts, reduce latency for users, and reduce costs related to serving the application to subscribers.
Which solution meets these requirements?
A. Create a web distribution on Amazon CloudFront to serve the S3 content for the application Create a CNAME record in a Route 53 hosted zone that points to the CloudFront distribution,
resolving to the application’s URL domain name.
B. Create a web distribution on Amazon CloudFront to serve the S3 content for the application Create an ALIAS record in the Amazon Route 53 hosted zone that points to the CloudFront distribution, resolving to the application’s URL domain name.
C. Create an A record in a Route 53 hosted zone for the application. Create a Route 53 traffic policy for the web application, and configure a geolocation rule. Configure health checks to check the health of the endpoint and route DNS queries to other endpoints if an endpoint is
unhealthy.
D. Create an A record in a Route 53 hosted zone for the application. Create a Route 53 traffic policy for the web application, and configure a geoproximity rule. Configure health checks to check the health of the endpoint and route DNS queries to other endpoints if an endpoint is unhealthy.
C
A company is creating an architecture for a mobile app that requires minimal latency for its users. The company’s architecture consists of Amazon EC2 instances behind an Application Load Balancer running in an Auto Seating group The EC2 instances connect to Amazon RDS
Application beta testing showed there was a slowdown when reading the data However, the metrics indicate that the EC2 instances do not cross any CPU utilization thresholds.
How can this issue be addressed?
A. Reduce the threshold for CPU utilization in the Auto Scaling group.
B. Replace the Application Load Balancer with a Network Load Balancer.
C. Add read replicas for the RDS instances and direct read traffic to the replica.
D. Add Multi-AZ support to the RDS instances and direct read traffic to the new EC2 instance.
C
A company’s facility has badge readers at every entrance throughout the building. When
badges are scanned, the readers send a message over HTTPS to indicate who attempted to access that particular entrance.
A solutions architect must design a system to process these messages from the sensors. The solution must be highly available, and the results must be made available for the company’s
security team to analyze.
Which system architecture should the solutions architect recommend?
A. Launch an Amazon EC2 instance to serve as the HTTPS endpoint and to process the messages Configure the EC2 instance to save the results to an Amazon S3 bucket.
B. Create an HTTPS endpoint in Amazon API Gateway. Configure the API Gateway endpoint to invoke an AWS Lambda function to process the messages and save the results to an Amazon
DynamoDB table.
C. Use Amazon Route 53 to direct incoming sensor messages to an AWS Lambda function. Configure the Lambda function to process the messages and save the results to an Amazon
DynamoDB table.
D. Create a gateway VPC endpoint for Amazon S3. Configure a Site-to-Site VPN connection from the facility network to the VPC so that sensor data can be written directly to an S3 bucket
by way of the VPC endpoint.
B
A company allows its developers to attach existing IAM policies to existing IAM roles to enable faster experimentation and agility. However, the security operations team is concerned that the developers could attach the existing administrator policy, which would allow the developers to
circumvent any other security policies.
How should a solution architect address this issue?
A. Create an Amazon SNS topic to send an alert every time a developer create a new policy.
B. Use service control policies to disable IAM across all account in the organizational unit.
C. Prevent the developers from attaching any policies and duties to the security option team.
D. Set an IAM permission boundary on the developer IAM role that explicitly denies of attaching the administrator policy.
D
A company is automating an order management application. The company’s development team has decided to use SFTP to transfer and store the business-critical information files The files must be encrypted and must be highly available. The files also must be automatically deleted a
month after they are created.
Which solution meets these requirements with the LEAST operational overhead?
A. Configure an Amazon S3 bucket with encryption enabled. Use AWS transfer for SFTP to securely transfer the files to the S3 bucket Apply an AWS Transfer for SFTP file retention policy to delete the files after a month.
B. Install an SFTP service on an Amazon EC2 instance Mount an Amazon Elastic File System (Amazon EFS) file share on the EC2 instance. Enable cron to delete the files after a month.
C. Configure an Amazon Elastic File System (Amazon EFS) file system with encryption enabled. Use AWS Transfer for SFTP to securely transfer the files to the EFS file system. Apply an EFS lifecycle policy to automatically delete the files after a month.
D. Configure an Amazon S3 bucket with encryption enabled. Use AWS Transfer for SFTP to securely transfer the files to the S3 bucket. Apply S3 Lifecycle rules to automatically delete the
files after a month.
D
A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the tiles can be accessed only by authorized users.
The files must be downloaded securely to the employees’ devices. The files are stored in an on-premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.
Which solution will meet these requirements?
A. Migrate the file server to an Amazon EC2 instance in a public subnet. Configure the security group to limit inbound traffic to the employees’ IP addresses.
B. Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the Amazon FSx file system with the on-premises Active Directory. Configure AWS Client VPN.
C. Migrate the tiles to Amazon S3, and create a private VPC endpoint. Create a signed URL to allow download.
D. Migrate the tiles to Amazon S3, and create a public VPC endpoint. Allow employees to sign on with AWS Single Sign-On.
D
A solutions architect is designing a multi-tier application for a company. The application’s users upload images from a mobile device. The application generates a thumbnail of each image and
returns a message to the user to confirm that the image was uploaded successfully.
The thumbnail generation can take up to 60 seconds, but the company wants to provide a faster response time to its users to notify them that the original image was received. The solutions architect must design the application to asynchronously dispatch requests to the different
application tiers.
What should the solutions architect do to meet these requirements?
A. Write a custom AWS Lambda function to generate the thumbnail and alert the user. Use the image upload process as an event source to invoke the Lambda function.
B. Create an AWS Step Functions workflow Configure Step Functions to handle the
orchestration between the application tiers and alert the user when thumbnail generation is complete.
C. Create an Amazon Simple Queue Service (Amazon SQS) message queue. As images are
uploaded, place a message on the SQS queue for thumbnail generation. Alert the user through an application message that the image was received.
D. Create Amazon Simple Notification Service (Amazon SNS) notification topics and
subscriptions Use one subscription with the application to generate the thumbnail after the image upload is complete. Use a second subscription to message the user’s mobile app by way of a push notification after thumbnail generation is complete.
A
A solutions architect must transfer 750 TB of data from an on-premises network-attached file system to Amazon S3 Glacier. The migration must not saturate the on-premises 10 Mbps
internet connection.
Which solution will meet these requirements?
A. Create an AWS Site-to-Site VPN tunnel to an S3 bucket Transfer the files directly by using the AWS CLI.
B. Order 10 AWS Snowball Edge Storage Optimized devices, and select an S3 Glacier vault as the destination.
C. Mount the network-attached file system to an S3 bucket, and copy the files directly. Create an S3 Lifecycle policy to transition the S3 objects to S3 Glacier.
D. Order 10 AWS Snowball Edge Storage Optimized devices, and select an S3 bucket as the destination. Create an S3 Lifecycle policy to transition the S3 objects to S3 Glacier.
D
A company has been running a web application with an Oracle relational database in an on-premises data center for the past 15 years. The company must migrate the database to AWS.
The company needs to reduce operational overhead without having to modify the application’s code.
Which solution meets these requirements?
A. Use AWS Database Migration Service (AWS DMS) to migrate the database servers to Amazon RDS.
B. servers.
C. Use AWS Database Migration Service (AWS DMS) to migrate the database servers to Amazon DynamoDB.
D. Use an AWS Snowball Edge Storage Optimized device to migrate the data from Oracle to Amazon Aurora.
C
A company has an application that collects data from loT sensors on automobiles. The data is streamed and stored in Amazon S3 through Amazon Kinesis Date Firehose The data produces trillions of S3 objects each year. Each morning, the company uses the data from the previous 30
days to retrain a suite of machine learning (ML) models.
Four times each year, the company uses the data from the previous 12 months to perform analysis and train other ML models The data must be available with minimal delay for up to 1 year. After 1 year, the data must be retained for archival purposes.
Which storage solution meets these requirements MOST cost-effectively?
A. Use the S3 Intelligent-Tiering storage class. Create an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive after 1 year.
B. Use the S3 Intelligent-Tiering storage class. Configure S3 Intelligent-Tiering to automatically
move objects to S3 Glacier Deep Archive after 1 year.
C. Use the S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Create an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive after 1 year.
D. Use the S3 Standard storage class. Create an S3 Lifecycle policy to transition objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days, and then to S3 Glacier Deep
Archive after 1 year.
B
A company is launching a new application that will be hosted on Amazon EC2 instances. A
solutions architect needs to design a solution that does not allow public IPv4 access that
originates from the internet. However, the solution must allow the EC2 instances to make outbound IPv4 internet requests.
The initial design proposal shows that the EC2 instances would be located in two private subnets across two Availability Zones. The entire architecture must be highly available.
How should the solutions architect change the architecture to meet these requirements?
A. Deploy a NAT gateway in public subnets in both Availability Zones. Create and configure one route table for each private subnet.
B. Deploy an internet gateway in public subnets in both Availability Zones. Create and configure a shared route table for the private subnets.
C. Deploy a NAT gateway in public subnets in both Availability Zones. Create and configure a shared route table for the private subnets.
D. Deploy an egress-only internet gateway in public subnets in both Availability Zones. Create and configure one route table for each private subnet.
C
A company is building a mobile app on AWS. The company wants to expand its reach to millions of users The company needs to build a platform so that authorized users can watch the
company’s content on their mobile devices. What should a solutions architect recommend to meet these requirements?
A. Publish content to a public Amazon S3 bucket. Use AWS Key Management Service (AWS KMS) keys to stream content.
B. Set up IPsec VPN between the mobile app and the AWS environment to stream content.
C. Use Amazon CloudFront Provide signed URLs to stream content.
D. Set up AWS Client VPN between the mobile app and the AWS environment to stream content.
C
A company stores project information in a shared spreadsheet. The company wants to create a web application to replace the spreadsheet The company has chosen Amazon DynamoDB to
store the spreadsheet’s data and is designing the web application to display the project information that is obtained from DynamoDB.
A solutions architect must design the web application’s backend by using managed services that require minimal operational maintenance.
Which architectures meet these requirements? (Select TWO.)
A. An Amazon API Gateway REST API accesses the project information that is in DynamoDB.
B. An Elastic Load Balancer forwards requests to a target group with DynamoDB set up as the target.
C. An Amazon API Gateway REST API invokes an AWS Lambda function. The Lambda function accesses DynamoDB.
D. An Amazon Route 53 hosted zone routes requests to an AWS Lambda endpoint to invoke a Lambda function that accesses DynamoDB.
E. An Elastic Load Balancer forwards requests to a target group of Amazon EC2 instances The EC2 instances run an application that accesses DynamoDB.
A, E
A healthcare computer stores highly sensitive records. Compliance requires that multiple copies be stored in different locations. Each record must be stored for 7 years. The company has a service level agreement (SLA) to provide records to government agencies immediately for the first 30 days and thin within 4 hours of a request thereafter.
What should a solutions architect recommend?
A. Use Amazon S3 with cross-Region Region replication enabled. After 30 days. Transition the data to Amazon S3 Glacier using lifecycle policy.
B. Use Amazon S3 with cross-origin resource sharing (CCRS) enabled. After 30 days. Transition on the data to Amazon S3 Glacier using a lifecycle policy.
C. Use Amazon S3 with cross-origin replication enabled. After 30 days, transition the data to Amazon S3 Glacier Deep Archive a lifecycle policy.
D. Use Amazon S3 with cross-origin resource sharing (CCRS) enabled. After 30 days, transition on the data to Amazon S3 Glacier Deep Archive using a lifecycle policy.
C
A company is running a highly sensitive application on Amazon EC2 backed by an Amazon RDS database Compliance regulations mandate that all personally identifiable information (Pll)
be encrypted at rest.
Which solution should a solutions architect recommend to meet this requirement with the LEAST amount of changes to the infrastructure?
A. Deploy AWS Certificate Manager to generate certificates Use the certificates to encrypt the database volume.
B. Deploy AWS CloudHSM, generate encryption keys, and use the customer master key (CMK) to encrypt database volumes.
C. Configure SSL encryption using AWS Key Management Service customer master keys
(AWS KMS CMKs) to encrypt database volumes.
D. Configure Amazon Elastic Block Store (Amazon EBS) encryption and Amazon RDS
encryption with AWS Key Management Service (AWS KMS) keys to encrypt instance and database volumes.
D
A company is migrating a large, mission-critical database to AWS. A solutions architect has decided to use an Amazon RDS for MySQL Multi-AZ DB instance that Is deployed with 80,000
Provisioned IOPS for storage The solutions architect is using AWS Database Migration Service (AWS DMS) to perform the data migration. The migration is taking longer than expected, and the company wants to speed up the process. The company’s network team has ruled out
bandwidth as a limiting factor.
Which actions should the solutions architect take to speed up the migration? (Select TWO.)
A. Disable Multi-AZ on the target DB instance.
B. Create a new DMS instance that has a larger instance size.
C. Turn off logging on the target DB instance until the initial load is complete.
D. Restart the DMS task on a new DMS instance with transfer acceleration enabled.
E. Change the storage type on the target DB instance to Amazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp2).
C, D
A company wants to run a hybrid workload for data processing. The data needs to be accessed by on-premises applications for local data processing using an NFS protocol and must also be
accessible from the AWS Cloud for further analytics and batch processing.
Which solution will meet these requirements?
A. Use an AWS Storage Gateway file gateway to provide file storage to AWS: then perform analytics on this data in the AWS Cloud.
B. Use an AWS Storage Gateway tape gateway to copy the backup of the local data to AWS. then perform analytics on this data in the AWS Cloud.
C. Use an AWS Storage Gateway volume gateway in a stored volume configuration to regularly take snapshots of the local data, then copy the data to AWS.
D. Use an AWS Storage Gateway volume gateway in a cached volume configuration to back up all the local storage in the AWS Cloud, then perform analytics on this data in the cloud.
A
An application runs on Amazon EC2 instances across multiple Availability Zones. The instances run in an Amazon EC2 Auto Scaling group behind an Application Load Balancer The application
performs best when the CPU utilization of the EC2 instances is at or near 40%.
What should a solutions architect do to maintain the desired performance across all instances in the group?
A. Use a simple scaling policy to dynam
B. Amazon DynamoDB global tables
C. Amazon RDS for MySQL with Multi-AZ enabled
D. Amazon RDS for MySQL with a cross-Region snapshot copy
A
A company is running an application on Amazon EC2 instances. Traffic to the workload increases substantially during business hours and decreases afterward. The CPU utilization of an EC2 instance is a strong indicator of end-user demand on the application. The company has configured an Auto Scaling group to have a minimum group size of 2 EC2 instances and a maximum group size of 10 EC2 instances.
The company is concerned that the current scaling policy that is associated with the Auto Scaling group might not be correct. The company must avoid over-provisioning EC2 instances and incurring unnecessary costs.
What should a solutions architect recommend to meet these requirements?
A. Configure Amazon EC2 Auto Scaling to use a scheduled scaling plan and launch an additional 8 EC2 instances during business hours.
B. Configure AWS Auto Scaling to use a scaling plan that enables predictive scaling. Configure predictive scaling with a scaling mode of forecast and scale, and to enforce the maximum capacity setting during scaling.
C. Configure a step scaling policy to add 4 EC2 instances at 50% CPU utilization and add
another 4 EC2 instances at 90% CPU utilization. Configure scale-in policies to perform the
reverse and remove EC2 instances based on the two values.
D. Configure AWS Auto Scaling to have a desired capacity of 5 EC2 instances, and disable any existing scaling policies. Monitor the CPU utilization metric for 1 week. Then create dynamic scaling policies that are based on the observed values.
B
A company has two VPCs that are located in the us-west-2 Region within the same AWS
account. The company needs to allow network traffic between these VPCs. Approximately 500 GB of data transfer will occur between the VPCs each month.
What is the MOST cost-effective solution to connect these VPCs’?’
A. Implement AWS Transit Gateway to connect the VPCs Update the route tables of each VPC to use the transit gateway for inter-VPC communication.
B. Implement an AWS Site-to-Stte VPN tunnel between the VPCs. Update the route tables of each VPC to use the VPN tunnel for inter-VPC communication.
C. Set up a VPC peering connection between the VPCs. Update the route tables of each VPC to use the VPC peering connection for inter-VPC communication.
D. Set up a 1 GB AWS Direct Connect connection between the VPCs. Update the route tables of each VPC to use the Direct Connect connection for inter-VPC communication.
C
A computer is reviewing a recent migration of a three-tier application to a VPC. The security team discover that the principle of lest privilege is not being applied to Amazon EC2 security group ingress and egress rules between the application tiers.
What should a solution architect do to connect issue?
A. Create security group rules using the instance ID as the source destination.
B. Create security group rules using the security ID as the source or destination.
C. Create security group rules using the VPC CDR blocks as the source or destination.
D. Create security group rules using the subnet CDR blocks as the source or destination.
C
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group- rules.html
A company is using AWS Key Management Service (AWS KMS) customer master keys (CMKs) to encrypt AWS Lambda environment variables A solutions architect needs to ensure that the required permissions are in place to decrypt and use the environment variables.
Which steps must the solutions architect take to implement the correct permissions? (Select
TWO.)
A. Add AWS KMS permissions in the Lambda resource policy
B. Add AWS KMS permissions in the Lambda execution role
C. Add AWS KMS permissions in the Lambda function policy.
D. Allow the Lambda execution role in the AWS KMS key policy.
E. Allow the Lambda resource policy in the AWS KMS key policy
B, C
A company’s website provides users with downloadable historical performance reports. The website needs a solution that will scale to meet the company’s website demands globally. The solution should be cost-effective, limit the provisioning of infrastructure resources, and provide
the fastest possible response time.
Which combination should a solutions architect recommend to meet these requirements?
A. Amazon CloudFront and Amazon S3
B. AWS Lambda and Amazon DynamoDB
C. Application Load Balancer with Amazon EC2 Auto Scaling
D. Amazon Route 53 with internal Application Load Balancers
A
A medical research lab produces data that is related to a new study. The lab wants to make the data available with minimum latency to clinics across the country for their on-premises file-based applications. The data files are stored in an Amazon S3 bucket that has read- only
permissions for each clinic.
What should a solutions architect recommend to meet these requirements?
A. Deploy an AWS Storage Gateway file gateway as a virtual machine (VM) on premises at each clinic.
B. Migrate the files to each clinic’s on-premises applications by using AWS DataSync for processing.
C. Deploy an AWS Storage Gateway volume gateway as a virtual machine (VM) on premises at each clinic.
D. Attach an Amazon Elastic File System (Amazon EFS) file system to each clinic’s on-
premises servers.
A
A solutions architect must design a solution that uses Amazon CloudFront with an Amazon S3 origin to store a static website. The company’s security policy requires that all website traffic be inspected by AWS WAF.
How should the solutions architect comply with these requirements?
A. Configure an S3 bucket policy to accept requests coming from the AWS WAF Amazon Resource Name (ARN) only.
B. Configure Amazon CloudFront to forward all incoming requests to AWS WAF before requesting content from the S3 origin.
C. Configure a security group that allows Amazon CloudFront IP addresses to access Amazon S3 only. Associate AWS WAF to CloudFront.
D. Configure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucket Enable AWS WAF on the distribution.
B
A company has created a multi-tier application for its ecommerce website The website uses an Application Load Balancer that resides in the public subnets, a web tier in the public subnets, and a MySQL cluster hosted on Amazon EC2 instances in the private subnets. The MySQL
database needs to retrieve product catalog and pricing information that is hosted on the internet by a third-party provider A solutions architect must devise a strategy that maximizes security without increasing operational overhead.
What should the solutions architect do to meet these requirements?
A. Deploy a NAT instance in the VPC Route all the internet-based traffic through the NAT
instance.
B. Deploy a NAT gateway in the public subnets. Modify the private subnet route table to direct all internet-bound traffic to the NAT gateway.
C. Configure an internet gateway and attach it to the VPC Modify the private subnet route table to direct internet-bound traffic to the internet gateway.
D. Configure a virtual private gateway and attach it to the VPC Modify the private subnet route table to direct internet-bound traffic to the virtual private gateway.
B
A solutions architect must provide a fully managed replacement for an on-premises solution that
allows employees and partners to exchange files The solution must be easily accessible to employees connecting from on-premises systems, remote employees, and external partners.
Which solution meets these requirements?
A. Use AWS Transfer for SFTP to transfer files into and out of Amazon S3.
B. Use AWS Snowball Edge for local storage and large-scale data transfers.
C. Use Amazon FSx to store and transfer files to make them available remotely.
D. Use AWS Storage Gateway to create a volume gateway to store and transfer files to Amazon S3
A
A company’s packaged application dynamically creates and returns single-use text files in response to user requests. The company is using Amazon CloudFront for distribution^ but wants to further reduce data transfer costs The company cannot modify the application’s source code.
What should a solutions architect do to reduce costs?
A. Use Lambda@Edge to compress the files as they are sent to users.
B. Enable Amazon S3 Transfer Acceleration to reduce the response times.
C. Enable caching on the CloudFront distribution to store generated files at the edge.
D. Use Amazon S3 multipart uploads to move the files to Amazon S3 before returning them to users.
C
A company receives data from millions of users totalling about 1 TB each day. The company providers its users with usage report going back 12 months. All usage data must be stored for at least 5 years to comply with regularly and auditing requirement?
Which storage solution is MOST cost-effective?
A. Store the data in Amazon S3 Standard Set a lifecycle Set a lifecycle rule to transmission the data S3 Glacier Deep after 1 year. Set a lifecycle rule to data the data after 5 years.
B. Store the data in Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) Set a lifecycle rule to transition the data to S3 Glacier after 1 year set the lifecycle rule to delete the data after 5 years.
C. Store the data in Amazon Standard Set a lifecycle rule to transmission the data to S3
Standard-infrequence Access (S3 Standard-IA) after 1 year Set a lifecycle rule to delete the data after 5 years.
D. Store the data in Amazon S3 Standard Set a lifecycle rule to transition the data to S3 Zone-Infrequent Access (S3 One Zones-IA) after 1 year. Set a lifecycle rule to delete the data after 5 years.
A
A company recently implemented hybrid cloud connectivity using AWS Direct Connect and is migrating data to Amazon S3. The company is looking for a fully managed solution that will automate and accelerate the replication of data between the on-premises storage systems and AWS storage services.
Which solution should a solutions architect recommend to keep the data private?
A. Deploy an AWS DataSync agent for the on-premises environment Configure a sync job to replicate the data and connect it with an AWS service endpoint.
B. Deploy an AWS DataSync agent for the on-premises environment. Schedule a batch job to replicate point-in-time snapshots to AWS.
C. Deploy an AWS Storage Gateway volume gateway for the on-premises environment.
Configure it to store data locally, and asynchronously back up point-in-time snapshots to AWS.
D. Deploy an AWS Storage Gateway file gateway for the on-premises environment Configure it to store data locally, and asynchronously back up point-m-time snapshots to AWS.
A
A company runs a web application that is backed by Amazon RDS. A new database
administrator caused data loss by accidentally editing information in a database table To help recover from this type of incident, the company wants the ability to restore the database to its state from 5 minutes before any change within the last 30 days.
Which feature should the solutions architect include in the design to meet this requirement?
A. Read replicas
B. Manual snapshots
C. Automated backups
D. Multi-AZ deployments
C
An ecommerce company hosts its analytics application in the AWS Cloud. The application generates about 300 MB of data each month. The data is stored in JSON format The company is evaluating a disaster recovery solution to back up the data. The data must be accessible in milliseconds if it is needed, and the data must be kept for 30 days.
Which solution meets these requirements MOST cost-effectively?
A. Amazon Elasticsearch Service (Amazon ES)
B. Amazon S3 Glacier
C. Amazon S3 Standard
D. Amazon RDS for PostgreSQL
A
A company’s website runs on Amazon EC2 instances behind an Application Load Balancer
(ALB). The website has a mix of dynamic and static content. Users around the globe are
reporting that the website is slow.
Which set of actions will improve website performance for users worldwide?
A. Create an Amazon CloudFront distribution and configure the ALB as an origin. Then update the Amazon Route 53 record to point to the CloudFront distribution.
B. Create a latency-based Amazon Route 53 record for the ALB. Then launch new EC2 instances with larger instance sizes and register the instances with the ALB
C. Launch new EC2 instances hosting the same web application in different Regions closer to the users. Then register the instances with the same ALB using cross-Region VPC peering.
D. Host the website in an Amazon S3 bucket in the Regions closest to the users and delete the ALB and EC2 instances. Then update an Amazon Route 53 record to point to the S3 buckets.
A
A company has applications that are deployed in multiple AWS Regions. The applications use
an architecture that is based on Amazon EC2, Amazon Elastic Block Store (Amazon EBS),
Amazon Elastic File System (Amazon EFS). and Amazon DynamoDB.
The company lacks a mechanism for centralized data backup. A solutions architect must centralize data backup with the least possible operational effort.
What should the solutions architect do to meet these requirements?
A. Tag all resources by project Use AWS Systems Manager to set up snapshots by project and set DynamoDB incremental backups.
B. Tag all resources by project. Create backup plans in AWS Backup to back up the data by tag name according to each project’s needs.
C. Tag all resources by project Create an AWS Lambda function to run on schedule and take snapshots of each EC2 instance. EBS volume, and EFS file system by project Configure the function to invoke DynamoDB on-demand backup.
D. Use AWS CloudFormation to create a template for every new project so that all resources can be recreated at any time. Set the template to take daily snapshots of each EC2 instance r
EBS volume and EFS file system Set the template to use DynamoDB on- demand backup for
daily backups
B
A medical records company is hosting an application on Amazon EC2 instances. The
application processes customer data files that are stored on Amazon S3. The EC2 instances are hosted in public subnets. The EC2 instances access Amazon S3 over the internet, but they
do not require any other network access.
A new requirement mandates that the network traffic for file transfers take a private route and
not be sent over the internet.
Which change to the network architecture should a solutions architect recommend to meet this requirement”?
A. Create a NAT gateway. Configure the route table for the public subnets to send traffic to Amazon S3 through the NAT gateway.
B. Configure the security group for the EC2 instances to restrict outbound traffic so that only traffic to the S3 prefix list is permitted.
C. Move the EC2 instances to private subnets. Create a VPC endpoint for Amazon S3, and link the endpoint to the route table for the private subnets.
D. Remove the internet gateway from the VPC. Set up an AWS Direct Connect connection, and route traffic to Amazon S3 over the Direct Connect connection
C
What should a solutions architect do to ensure that all objects uploaded to an Amazon S3 bucket are encrypted?
A. Update the bucket policy to deny if the PutObject does not have an s3 x-amz-acl header set.
B. Update the bucket policy to deny if the PutObject does not have an s3:x-amz-aci header set to private.
C. Update the bucket policy to deny if the PutObject does not have an aws SecureTransport
header set to true.
D. Update the bucket policy to deny if the PutObject does not have an x-amz-server-side-
encryption header set.
D
A company needs to implement a relational database with a multi-Region disaster recovery
Recovery Point Objective (RPO) of 1 second and an Recovery Time Objective (RTO) of 1 minute.
Which AWS solution can achieve this?
A. Amazon Aurora Global Database
B. Amazon DynamoDB global tables
C. Amazon RDS for MySQL with Multi-AZ enabled
D. Amazon RDS for MySQL with a cross-Region snapshot copy
A
A company is designing an internet-facing web application. The application runs on Amazon EC2 for Linux-based instances that store sensitive user data in Amazon RDS MySQL Multi-AZ
DB instances The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against
web-based attacks.
What should a solutions architect recommend?
A. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer Configure the EC2 instance iptables rules to drop suspicious web traffic. Create
a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.
B. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Move DB instances to the same subnets that EC2 instances are located in.
Create a security group for the DB instances Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.
C. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats Create a security group for the web application servers and a security group for the DB instances. Configure the
RDS security group to only allow port 3306 inbound from the web application server security group.
D. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats Configure the Auto
Scaling group to automatically create new DB instances under heavy traffic. Create a security group for the RDS DB instances. Configure the RDS security group to only allow port 3306 inbound.
C
A company runs a website on Amazon EC2 instances behind an ELB Application Load Balancer Amazon Route 53 Is used for the DNS The company wants to set up a backup website with a
message including a phone number and email address that users can reach if the primary website is down.
How should the company deploy this solution?
A. Use Amazon S3 website hosting for the backup website and a Route 53 failover routing policy.
B. Use Amazon S3 website hosting for the backup website and a Route 53 latency routing policy.
C. Deploy the application in another AWS Region and use ELB health checks for failover
routing.
D. Deploy the application in another AWS Region and use server-side redirection on the primary website.
A
Reference:
https://aws.amazon.com/blogs/aws/create-a-backup-website-using-route-53- dns-failover-and-
s3-website-hosting/
A company serves content to its subscribers across the world using an application running on AWS The application has several Amazon EC2 instances in a private subnet behind an
Application Load Balancer (ALB) Due to a recent change in copyright restrictions, the chief information officer (CiO) wants to block access for certain countries.
Which action will meet these requirements?
A. Modify the ALB security group to deny incoming traffic from blocked countries.
B. Modify the security group for EC2 instances to deny incoming traffic from blocked countries.
C. Use Amazon CloudFront to serve the application and deny access to blocked countries.
D. Use ALB listener rules to return access dented responses to incoming traffic from blocked countries.
C
A recently created startup built a three-tier web application. The front end nas static content The application layer is based on mtcroservtces User data is stored as JSON documents that need to be accessed with low latency. The company expects regular traffic to be tow during the first
year with peaks in traffic when it publicizes new features every month. The startup team needs to minimize operational overhead costs.
What should a solutions architect recommend to accomplish this?
A. Use Amazon S3 static website hosting to store and serve the front end Use AWS Elastic Beanstalk tor the application layer Use Amazon DynamoDB to store user data.
B. Use Amazon S3 static website hosting to store and serve the front end Use Amazon Elastic Kubernetes Service (Amazon EKSJ for the application layer Use Amazon DynamoDB lo store user data.
C. Use Amazon S3 static website hosting to store and serve the front end Use Amazon API Gateway and AWS Lambda function for the application layer Use Amazon DynamoDB to store user data.
D. Use Amazon S3 static website hosting to store and serve the front end Use Amazon API Gateway and AWS Lambda function for the application layer Use Amazon RDS with read replicas to store user data.
C
A company has an on-premises application that collects data and stores it to an on- premises NFS server The company recently set up a 10 Gbps AWS Direct Connect connection. The company is running out of storage capacity on premises. The company needs to migrate the
application data from on premises to the AWS Cloud while maintaining low-latency access to the data from the on-premises application.
What should a solutions architect do to meet these requirements?
A. Deploy AWS Storage Gateway for the application data and use the file gateway to store the data in Amazon S3 Connect the on-premises application servers to the file gateway using NFS
B. Attach an Amazon Elastic File System (Amazon EFS) file system to the NFS server and copy the application data to the EFS file system. Then connect the on-premises application to Amazon EFS
C. Configure AWS Storage Gateway as a volume gateway Make the application data available to the on-premises application from the NFS server and with Amazon Elastic Block Store
{Amazon EBS) snapshots.
D. Create an AWS DataSync agent with the NFS server as the source location and an Amazon Elastic File System (Amazon EFS) file system as the destination for application data transfer Connect the on-premises application to the EFS file system.
D
A company recently announced the deployment of its retail website to a global audience. The website runs on multiple Amazon EC2 instances behind an Elastic Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones.
The company wants to provide its customers with different versions of content based on the devices that the customers use to access the website.
Which combination of actions should a solutions architect take to meet these requirements
(Select TWO.)
A. Configure Amazon CloudFront to cache multiple versions of the content.
B. Configure a host header in a Network Load Balancer to forward traffic to different instances.
C. Configure a Lambda@Edge function to send specific objects to users based on the User-Agent header.
D. Configure AWS Global Accelerator. Forward requests to a Network Load Balancer (NLB). Configure the NLB to set up host-based routing to different EC2 instances.
E. Configure AWS Global Accelerator. Forward requests to a Network Load Balancer (NLB). Configure the NLB to set up path-based routing to different EC2 instances.
B, D
A solutions architect needs to design a nighty available application consisting of web.
application and database tiers HTTPS content delivery should be as close to the edge as
possible with the least delivery time.
Which solution meets these requirements and is MOST secure?
A. Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in public subnets Configure Amazon CloudFront to deliver HTTPS content using the
public ALB as the origin.
B. Configure a public Application Load Balancer with multiple redundant Amazon EC2 instances in private subnets Configure Amazon CloudFront to deliver HTTPS content using the EC2
instances as the origin.
C. Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in private subnets Configure Amazon CloudFront to deliver HTTPS content. using the public ALB as the origin.
D. Configure a public Application Load Balancer with multiple redundant Amazon EC2 instances in public subnets Configure Amazon CloudFront to deliver HTTPS content using the EC2
instances as the origin.
B
A company wants to provide users with access lo AWS resources. The company has 1.500 users and manages their access to on-premises resources through Active Directory user groups
on the corporate network However, the company does not want users to have to maintain another identity to access the resources A solutions architect must manage user access to the
AWS resources while preserving access to the on-premises resources.
What should the solutions architect do to meet these requirements?
A. Create an IAM user for each user in the company Attach the appropriate policies to each user.
B. Use Amazon Cognito with an Active Directory user pool Create rotes with the appropriate policies attached.
C. Define cross-account roles with the appropriate policies attached Map the roles to the Active Directory groups.
D. Configure Security Assertion Markup Language (SAML) 2 0-based federation Create roles with the appropriate policies attached Map the roles to the Active Directory groups.
D
A company has an automobile sales website that stores its listings in a database on Amazon RDS When an automobile is sold the listing needs to be removed from the website and the data must be sent to multiple target systems.
Which design should a solutions architect recommend?
A. Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS> queue for the targets to consume.
B. Create an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) FIFO queue for the targets to consume.
C. Subscribe to an RDS event notification and send an Amazon Simple Queue Service (Amazon SQS) queue fanned out to multiple Amazon Simple Notification Service (Amazon SNS) topics Use AWS Lambda functions to update the targets.
D. Subscribe to an RDS event notification and send an Amazon Simple Notification Service (Amazon SNS) topic fanned out to multiple Amazon Simple Queue Service (Amazon SQS) queues Use AWS Lambda functions to update the targets.
D
A company wants to host a web application on AWS that will communicate to a database within a VPC. The application should be highly available.
What should a solutions architect recommend?
A. Create two Amazon EC2 instances to host the web servers behind a load balancer and then deploy the database on a large instance.
B. Deploy a load balancer in multiple Availability Zones with an Auto Scaling group for the web servers, and then deploy Amazon RDS in multiple Availability Zones.
C. Deploy a load balancer in the public subnet with an Auto Scaling group for the web servers, and then deploy the database on an Amazon EC2 instance in the private subnet.
D. Deploy two web servers with an Auto Scaling group, configure a domain that points to the two web servers, and then deploy a database architecture in multiple Availability Zones.
D
A disaster relief company is designing a new solution to analyze real-time csv data. The data is collected by a network of thousands of research stations met are distributed across the world.
The data volume is consistent and constant, and the size of each data We is 512 KB. The
company needs to stream the data and analyze the data in real time.
Which combination of actions should a solutions architect take to meet these requirements?
(Select TWO.)
A. Provision an appropriately sized Amazon Simple Queue Service (Amazon SOS) queue. Use the AWS SDK at the research stations to write the data into the SOS queue.
B. Provision an appropriately sized Amazon Kinesis Data Firehose delivery stream. Use the AWS SDK at the research stations to write the data into the delivery stream and then into an Amazon S3 bucket.
C. Provision an appropriately sized Amazon Kinesis Data Analytics application. Use the AWS CLI to configure Kinesis Data Analytics with SOL queries.
D. Provision an AWS Lambda function to process the data. Set up the BatchSize property on the Lambda event source.
E. Provision an AWS Lambda function to process the data. Set up an Amazon EventBridge (Amazon CloudWatch Events) cron expression rule to invoke the Lambda function.
A, D
A company has a Microsoft NET application that runs on an on-premises Windows Server. The application stores data by using an Oracle Database Standard Edition server. The company is
planning a migration to AWS and wants to minimize development changes while moving the application. The AWS application environment should be highly available.
Which combination of actions should the company take to meet these requirements? (Select TWO.)
A. Refactor the application as serverless with AWS Lambda functions running NET Core.
B. Rehost the application in AWS Elastic Beanstalk with the .NET platform in a Multi-AZ
deployment.
C. Replatform the application to run on Amazon EC2 with the Amazon Linus Amazon Machine Image (AMI).
D. Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Amazon DynamoDB in a Multi-AZ deployment.
E. Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Oracle on Amazon RDS in a Multi-AZ deployment.
A, D
A solutions architect needs to ensure that API calls to Amazon DynamoDB from Amazon EC2 instances in a VPC do not traverse the internet What should the solutions architect do to
accomplish this?
(Select TWO.)
A. Create a route table entry for the endpoint.
B. Create a gateway endpoint for DynamoDB
C. Create a new DynamoDB table that uses the endpoint.
D. Create an ENI for the endpoint in each of the subnets of the VPC
E. Create a security group entry in the default security group to provide access.
A, B
A company runs an AWS Lambda function in private subnets in a VPC The subnets have a default route to the internet through an Amazon EC2 NAT instance The Lambda function processes input data and saves its output as an object to Amazon S3
intermittently the Lambda function times out while trying to upload the object because of saturated traffic on the NAT instance’s network The company wants to access Amazon S3 without traversing the internet.
Which solution will meet these requirements
A. Replace the fcC2 NAT instance with an AWS managed NAT gateway.
B. Increase the size of the EC2 NAT instance in the VPC to a network optimized instance type.
C. Provision a gateway endpoint for Amazon S3 in the VPC Update the route tables of the subnets accordingly.
D. Provision a transit gateway Place transit gateway attachments in the private subnets where the Lambda function is running.
C
A solutions architect is deploying a distributed database on multiple Amazon EC2 instances. The database stores all data on multiple instances so it can withstand the loss of an instance.
The database requires block storage with latency and throughput to support several million transactions per second per server.
Which storage solution should the solutions architect use?
A. Amazon EBS
B. Amazon EC2 instance store
C. Amazon EFS
D. Amazon S3
B
A company is running a multi-tier web application on AWS. The application runs its database on Amazon Aurora MySQL. The application and database tiers are in the us- easily Region. A database administrator who monitors the Aurora DB cluster finds that an intermittent increase
in read traffic is creating high CPU utilization on the read replica. The result is increased read latency for the application. The memory and disk utilization of the DB instance are stable
throughout the event of increased latency.
What should a solutions architect do to improve the read scalability?
A. Reboot the DB cluster
B. Create a cross-Region read replica
C. Configure Aurora Auto Scaling for the read replica
D. Increase the provisioned read IOPS for the DB instance
B
A solutions architect is designing a multi-Region disaster recovery solution (or an application that will provide public API access The application will use Amazon EC2 instances with a
userdata script to load application code and an Amazon RDS for MySQL database The Recovery Time Objective (RTO) is 3 hours and the Recovery Point Objective (RPO) is 24 hours.
Which architecture would meet these requirements at the LOWEST cost/?
A. Use an Application Load Balancer for Region failover Deploy new EC2 instances with the user data script Deploy separate RDS instances in each Region.
B. Use Amazon Route 53 for Region failover Deploy new EC2 instances with the userdata script Create a read replica of the RDS instance in a backup Region.
C. Use Amazon API Gateway for the public APIs and Region failover Deploy new EC2
instances with the userdata script Create a MySQL read replica of the RDS instance in a backup Region.
D. Use Amazon Route 53 for Region failover Deploy new EC2 instances with the userdata script for APIs, and create a snapshot of the RDS instance daily for a backup Replicate the snapshot
to a backup Region.
C
A company has applications hosted on Amazon EC2 instances with IPv6 addresses. The applications must initiate communications with other external applications using the internet
However the company’s security policy states that any external service cannot initiate a connection to the EC2 instances.
What should a solutions architect recommend to resolve this issue?
A. Create a NAT gateway and make it the destination of the subnet’s route table.
B. Create an internet gateway and make it the destination of the subnet’s route table.
C. Create a virtual private gateway and make it the destination of the subnet’s route table.
D. Create an egress-only internet gateway and make it the destination of the subnet’s route
table.
D
A company hosts a training site on a fleet of Amazon EC2 instances. The company anticipates that its new course which consists of dozens of training videos on the site, will be extremely popular when it is released in 1 week.
What should a solutions architect do to minimize the anticipated server load?
A. Store the videos in Amazon ElastiCache for Redis Update the web servers to serve the
videos using the ElastiCache API
B. Store the videos m Amazon Elastic File System (Amazon EFS) Create a user data script for the web servers to mount the EPS volume.
C. Store the videos m an Amazon S3 bucket Create an Amazon CloudFront distribution with an origin access identity (OAl) of that S3 bucket Restrict Amazon S3 access to the OAl.
D. Store the videos in an Amazon S3 bucket Create an AWS Storage Gateway file gateway to access the S3 bucket Create a user data script for the web servers to mount the file gateway.
C
A company has an on-premises data center that is running out of storage capacity. The company wants to migrate its storage infrastructure to AWS while minimizing bandwidth costs.
The solution must allow for immediate retrieval of data at no additional cost.
How can these requirements be met?
A. Deploy Amazon S3 Glacier Vault and enable expedited Enable provisioned retrieved capacity for the workload.
B. Deploy AWS Storage Gateway using cached volumes. Use Storage GATEWAY store data in
Amazon retaining copies of frequently accessed data subnets locally.
C. Deploy AWS Storage gateway using stored volume to store data locally Use Storage gateway asynchronously back up point-in-time snapshots of the data Amazon S3.
D. Deploy AWS Direct Connects to connect with on-premises data center. Configure AWS Storage gateway to store data locally use storage gateway to asynchronously back up point-in-time snapshot of data Amazon S3.
B
Explanation:
https: //docs.aws.amazon.com/storagegateway/latest/userguide/WhatIsStorageGateway.html
https: //docs.aws.amazon.com/amazonglacier/latest/dev/downloading-an-archive-two- steps.htm
A company has an image processing workload running on Amazon Elastic Container Service {Amazon ECS) in two private subnets Each private subnet uses a NAT instance for Internet access All images are stored in Amazon S3 buckets The company is concerned about the data
transfer costs between Amazon ECS and Amazon S3
What should a solutions architect do to reduce costs?
A. Configure a NAT gateway to replace the NAT instances.
B. Configure a gateway endpoint for traffic destined to Amazon S3
C. Configure an interface endpoint for traffic destined to Amazon S3
D. Configure Amazon CloudFront for the S3 bucket storing the images.
C
A developer is creating an AWS Lambda function to perform dynamic updates to a database when an item is added to an Amazon Simple Queue Service (Amazon SOS) queue A solutions
architect must recommend a solution that tracks any usage of database credentials in AWS CloudTrail. The solution also must provide auditing capabilities.
Which solution will meet these requirements?
A. Store the encrypted credentials in a Lambda environment variable
B. Create an Amazon DynamoDB table to store the credentials Encrypt the table
C. Store the credentials as a secure string in AWS Systems Manager Parameter Store
D. Use an AWS Key Management Service (AWS KMS) key store to store the credentials
D
A company uses on-premises servers to host Its application. The company is running out of
storage capacity. The applications use both block storage and NFS storage. The company needs a high-performing solution that supports local caching without re-architecting its existing
applications.
Which combination of actions should a solutions architect take to meet these requirements’?
(Select TWO.)
A. Mount Amazon S3 as a file system to the on-premises servers.
B. Deploy an AWS Storage Gateway Me gateway to replace NFS storage.
C. Deploy AWS Snowball Edge to provision NFS mounts to on-premises servers.
D. Deploy an AWS Storage Gateway volume gateway to replace the block storage.
E. Deploy Amazon Elastic File System (Amazon EFS) volumes and mount them to on- premises servers.
B, D
A company is launching a new application deployed on an Amazon Elastic Container Service (Amazon ECS) cluster and is using the Fargate launch type tor ECS tasks The company is monitoring CPU and memory usage because it is expecting high traffic to the application upon its launch However the company wants to reduce costs when utilization decreases.
What should a solutions architect recommend?
A. Use Amazon EC2 Auto Scaling to scale at certain periods based on previous traffic patterns.
B. Use an AWS Lambda function to scale Amazon ECS based on metric breaches that trigger an Amazon CloudWatch alarm.
C. Use Amazon EC2 Auto Scaling with simple scaling policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm.
D. Use AWS Application Auto Scaling with target tracking policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm.
C
A company hosts an online shopping application that stores all orders in an Amazon RDS for PostgreSQL Single-AZ DB instance Management wants to eliminate single points of failure and has asked a solutions architect to recommend an approach to minimize database downtime
without requiring any changes to the application code.
Which solution meets these requirements?
A. Convert the existing database instance to a Multi-AZ deployment by modifying the database instance and specifying the Multi-AZ option.
B. Create a new RDS Multi-AZ deployment Take a snapshot of the current RDS instance and restore the new Multi-AZ deployment with the snapshot.
C. Create a read-only replica of the PostgreSQL database m another Availability Zone Use
Amazon Route 53 weighted record sets to distribute requests across the databases.
D. Place the RDS for PostgreSQL database in an Amazon EC2 Auto Scaling group with a minimum group size of two Use Amazon Route 53 weighted record sets to distribute requests across instances
A
A company uses an Amazon S3 bucket to store static images for its website. The company
configured permissions to allow access to Amazon S3 objects by privileged users only. What
should a solutions architect do to protect against data loss?
(Select TWO.)
A. Enable versioning on the S3 bucket.
B. Enable access togging on the S3 bucket.
C. Enable server-side encryption on the S3 bucket.
D. Configure an S3 lifecycle rule to transition objects to Amazon S3 Glacier.
E. Use MFA Delete to require multi-factor authentication to delete an object.
A, E
An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table. What is me MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?
A. Use a VPC endpoint for DynamoDB
B. Use a NAT gateway in a public subnet.
C. Use a NAT instance in a private subnet.
D. Use the internet gateway attached to the VPC
A
A company hosts an application on multiple Amazon EC2 instances The application processes messages from an Amazon SQS queue writes to an Amazon RDS table and deletes the message from the queue Occasional duplicate records are found in the RDS table. The SQS
queue does not contain any duplicate messages.
What should a solutions architect do to ensure messages are being processed once only?
A. Use the CreateQueue API call to create a new queue.
B. Use the Add Permission API call to add appropriate permissions.
C. Use the ReceiveMessage API call to set an appropriate wail time.
D. Use the ChangeMessageVisibility APi call to increase the visibility timeout.
D
A company recently launched Linux-based application instances on Amazon EC2 in a private subnet and launched a Linux-based bastion host on an Amazon EC2 instance in a public subnet of a VPC A solutions architect needs to connect from the on-premises network, through the company’s internet connection to the bastion host and to the application servers The solutions architect must make sure that the security groups of all the EC2 instances will allow that access.
Which combination of steps should the solutions architect take to meet these requirements?
(Select TWO)
A. Replace the current security group of the bastion host with one that only allows inbound access from the application instances.
B. Replace the current security group of the bastion host with one that only allows inbound access from the internal IP range for the company.
C. Replace the current security group of the bastion host with one that only allows inbound access from the external IP range for the company.
D. Replace the current security group of the application instances with one that allows inbound SSH access from only the private IP address of the bastion host.
E. Replace the current security group of the application instances with one that allows inbound SSH access from only the public IP address of the bastion host.
B, E
A solutions architect wants all new users to have specific complexity requirements and mandatory rotation periods tor IAM user passwords What should the solutions architect do to accomplish this?
A. Set an overall password policy for the entire AWS account.
B. Set a password policy for each IAM user in the AWS account.
C. Use third-party vendor software to set password requirements.
D. Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with
the appropriate requirements.
A
A company needs guaranteed Amazon EC2 capacity in three specific Availability Zones in a specific AWS Region for an upcoming event that will last 1 week.
What should the company do to guarantee the EC2 capacity?
A. Purchase Reserved instances that specify the Region needed.
B. Create an On Demand Capacity Reservation that specifies the Region needed.
C. Purchase Reserved instances that specify the Region and three Availability Zones needed.
D. Create an On-Demand Capacity Reservation that specifies the Region and three Availability
Zones needed.
D
A company is migrating a NoSQL database cluster to Amazon EC2. The database automatically
replicates data to maintain at least three copies of the data I/O throughput of the servers is the
highest priority.
Which instance type should a solutions architect recommend for the migration?
A. Storage optimized instances with instance store.
B. Burstable general purpose instances with an Amazon Elastic Block Store (Amazon EBS)
volume.
C. Memory optimized instances with Amazon Elastic Block Store {Amazon EBS) optimization
enabled.
D. Compute optimized instances with Amazon Elastic Block Store (Amazon EBS) optimization enabled
A
A company is building a web application that serves a content management system The content
management system runs on Amazon EC2 instances behind an Application Load Balancer (ALB) The EC2 instances run in an Auto Scaling group across multiple Availability Zones Users are constantly adding and updating files blogs and other website assets in the content management system.
A solutions architect must implement a solution in which all the EC2 instances share up-to- date
website content with the least possible lag time.
Which solution meets these requirements?
A. Update the EC2 user data in the Auto Scaling group lifecycle policy to copy the website
assets from the EC2 instance that was launched most recently Configure the ALB to make
changes to the website assets only m the newest EC2 instance.
B. Copy the website assets to an Amazon Elastic File System (Amazon EFS) file system
Configure each EC2 instance to mount the EPS file system locally Configure the website
hosting application to reference the website assets that are stored in the EFS file system.
C. Copy the website assets to an Amazon S3 bucket Ensure that each EC2 instance.
downloads the website assets from the S3 bucket to the attacneo Amazon Elastic Block Store
(Amazon EBS) volume Run the S3 sync command once each hour to keep files up to date.
D. Restore an Amazon Elastic Block Store (Amazon EBS) snapshot with the website assets
Attach the EBS snapshot as a secondary EBS volume when a new EC2 instance is launched
Configure the website hosting application to reference the website assets that are stored in the
secondary EBS volume.
B
A company is planning to migrate a legacy application to AWS. The application currently uses NFS to communicate to an on-premises storage solution to store application data. The application cannot be modified to use any other communication protocols other than NFS for this purpose.
Which storage solution should a solutions architect recommend for use after the migration?
A. AWS DataSync
B. Amazon Elastic Block Store (Amazon EBS)
C. Amazon Elastic File System (Amazon EFS)
D. Amazon EMR File System (Amazon EMRFS)
C
A company has an Amazon S3 bucket that contains mission-critical data. The company wants to ensure this data is protected from accidental deletion. The data should still be accessible, and a user should be able to delete the data internationally
Which combination of steps should a solutions architect take to accomplish this? (Select TWO.)
A. Enable versioning on the S3 bucket.
B. Enable MFA Delete on the S3 bucket.
C. Create a bucket policy on the S3 bucket.
D. Enable default encryption on the S3 bucket.
E. Create a lifecycle policy for the objects in the S3 bucket
A, B
A company build an application that gives users the ability to check in to places they visit, rank
the places, and add reviews about their experiences. The application is successful and is experiencing a rapid increase in the number of users every month. The company uses a single Amazon RDS for MySQL DB instance for its database. The company fears that the database might not be able to handle the load for the upcoming month because the DB instance has activated alarms that are related to resource exhaustion.
A solutions architect must design a solution that prevents service interruptions at the database
layer. The solutions architect also must minimize any changes to code.
Which solution meets these requirements?
A. Create RDS read replicas. Redirect read-only traffic to the read replica endpoints.
B. Create an Amazon EMR cluster. Migrate the data to a Hadoop Distributed File System
(HDFS) with a replication factor of 3.
C. Create an Amazon ElastiCache cluster. Redirect all read-only traffic to the cluster. Set up the
cluster to be deployed in three Availability Zones.
D. Turn on the Multi-AZ feature for the DB instance. Redirect read-only traffic to the standby
replica endpoint.
A
A company wants to build an online marketplace application on AWS as a set of loosely coupled
microservices For this application, when a customer submits a new order two microservices should handle the event simultaneously The Email microservice will send a confirmation email and the OrderProcessing microservice will start the order delivery process If a customer cancels an order, the OrderCancellation and Email microservices should handle the event
simultaneously.
A solutions architect wants to use Amazon Simple Queue Service (Amazon SQS) and Amazon
Simple Notification Service (Amazon SNS) to design the messaging between the microservices.
How should the solutions architect design the solution?
A. Create a single SQS queue and publish order events to it The Email, OrderProcessing and
OrderCancellation microservices can then consume messages off the queue.
B. Create three SNS topics for each microservice Publish order events to the three topics Subscribe each of the Email OrderProcessmg, and OrderCancellation microservices to its own topic.
C. Create an SNS topic and publish order events to it Create three SQS queues for the Email
OrderProcessing and OrderCancellation microservices Subscribe all SQS queues to the SNS
topic with message filtering.
D. Create two SQS queues and publish order events to both queues simultaneously One queue
is for the Email and OrderProcessmg microservices The second queue is for the Email and
Order Cancellation microservices.
C
A company is hosting a three-tier ecommerce application in the AWS Cloud. The company
hosts the website on Amazon S3 and integrates the website with an API that handles sales
requests. The company hosts the API on three Amazon EC2 instances behind an Application
Load Balancer (ALB). The API consists of static and dynamic front-end content along with
backend workers that process sales requests asynchronously.
The company is expecting a significant and sudden increase in the number of sales requests
during events for the launch of new products.
What should a solutions architect recommend to ensure that all the requests are processed
successfully?
A. Add an Amazon CloudFront distribution for the dynamic content. Increase the number of EC2
instances to handle the increase in traffic.
B. Add an Amazon CloudFront distribution for the static content. Place the EC2 instances in an
Auto Scaling group to launch new instances based on network traffic.
C. Add an Amazon CloudFront distribution for the dynamic content. Add an Amazon
ElastiCache instance in front of the ALB to reduce traffic for the API to handle.
D. Add an Amazon CloudFront distribution for the static content. Add an Amazon Simple Queue
Service (Amazon SOS) queue to receive requests from the website for later processing by the
EC2 instances.
D
A solutions architect is optimizing a website for an upcoming musical event Videos of the
performances will be streamed in real time and then will be available on demand The event is
expected to attract a global online audience.
Which service will improve the performance of both the real-time and on-demand streaming?
A. Amazon CloudFront
B. AWS Global Accelerator
C. Amazon Route 53
D. Amazon S3 Transfer Acceleration
A
A company wants lo share data that is collected from sell-driving cars with the automobile community. The data will be made available (rom within an Amazon S3 bucket. The company wants to minimize its cost of making this data available to other AWS accounts.
What should a solutions architect do to accomplish this goal?
A. Create an S3 VPC endpoint for the bucket.
B. Configure the S3 bucket to be a Requester Pays bucket.
C. Create an Amazon CloudFront distribution in front of the S3 bucket.
D. Require that the fries be accessible only with the use of the BitTorrent protocol.
A
A company has a website hosted on AWS The website is behind an Application Load Balancer (ALB) that is configured to handle HTTP and HTTPS separately. The company wants to forward all requests to the website so that the requests will use HTTPS.
What should a solutions architect do to meet this requirement?
A. Update the ALB’s network ACL to accept only HTTPS traffic.
B. Create a rule that replaces the HTTP in the URL with HTTPS.
C. Create a listener rule on the ALB to redirect HTTP traffic to HTTPS.
D. Replace the ALB with a Network Load Balancer configured to use Server Name Indication
(SNI).
C
A company has a web application hosted over 10 Amazon EC2 instances with traffic directed by
Amazon Route 53 The company occasionally experiences a timeout error when attempting to
browse the application The networking team finds that some DNS queries return IP addresses of unhealthy instances resulting in the timeout error.
What should a solutions architect implement to overcome these timeout errors?
A. Create a Route 53 simple routing policy record for each EC2 instance Associate a health
check with each record.
B. Create a Route 53 failover routing policy record for each EC2 instance Associate a hearth
check with each record.
C. Create an Amazon CloudFront distribution with EC2 instances as its origin Associate a health
check with the EC2 instances.
D. Create an Application Load Balancer (ALB) with a health check in front of the EC2 instances
Route to the ALB from Route 53
D
A company is running an online transaction processing (OLTP) workload on AWS This workload uses an unencrypted Amazon RDS DB instance in a Multi-AZ deployment Dairy database snapshots are taken from this instance.
What should a solutions architect do to ensure the database and snapshots are always
encrypted moving forward?
A. Encrypt a copy of the latest DB snapshot. Replace existing DB instance by restoring the
encrypted snapshot.
B. Create a new encrypted Amazon Elastic Block Store (Amazon EBS) volume and copy the
snapshots to it Enable encryption on the DB instance.
C. Copy the snapshots and enable encryption using AWS Key Management Service (AWS
KMS) Restore encrypted snapshot to an existing DB instance.
D. Copy the snapshots to an Amazon S3 bucket that is encrypted using server-side encryption
with AWS Key Management Service (AWS KMS) managed keys (SSE-KMS
C
An ecommerce company is running a multi-tier application on AWS. The front-end and backend
tiers run on Amazon EC2, and the database runs on Amazon RDS for MYSQL. The backend tier communities with the RDS instance. There are frequent calls to return identical database from the database that are causing performance slowdowns.
Which action should be taken to improve the performance of the backend?
A. Implement Amazon SNS to store the database calls.
B. Implement Amazon ElasticCache to cache the large database.
C. Implement an RDS for MySQL read replica to cache database calls.
D. Implement Amazon Kinesis Data Firehose to stream the calls to the database.
B
A solutions architect is creating a new VPC design There are two public subnets for the load balancer, two private subnets for web servers and two private subnets for MySQL The web servers use only HTTPS The solutions architect has already created a security group tor the
load balancer allowing port 443 from 0 0 0 0/0 Company policy requires that each resource has
the teas! access required to still be able to perform its tasks.
Which additional configuration strategy should the solutions architect use to meet these
requirements?
A. Create a security group for the web servers and allow port 443 from 0 00 0/0 Create a
security group for the MySQL servers and allow port 3306 from the web servers security group.
B. Create a network ACL for the web servers and allow port 443 from 0 0 0 0*0 Create a network ACL (or the MySQL servers and allow port 3306 from the web servers security group.
C. Create a security group for the web servers and allow port 443 from the load balancer Create
a security group for the MySQL servers and allow port 3306 from the web servers security
group.
D. Create a network ACL ‘or the web servers and allow port 443 from the load balancer Create
a network ACL for the MySQL servers and allow port 3306 from the web servers security group
C
A solutions architect must migrate a Windows Internet Information Services (IIS) web application to AWS The application currently relies on a file share hosted in the user’s on-premises network-attached storage (NAS) The solutions architect has proposed migrating the
MS web servers to Amazon EC2 instances in multiple Availability Zones that are connected to
the storage solution, and configuring an Elastic Load Balancer attached to the instances.
Which replacement to the on-premises file share is MOST resilient and durable?
A. Migrate the file share to Amazon RDS
B. Migrate the file share to AWS Storage Gateway.
C. Migrate the file share to Amazon FSx for Windows File Server.
D. Migrate the file share to Amazon Elastic File System (Amazon EFS
C
A company sells datasets to customers who do research in artificial intelligence and machine learning (Al/ML) The datasets are large, formatted files that are stored in an Amazon S3 bucket in the us-east-1 Region The company hosts a web application that the customers use to
purchase access to a given dataset The web application is deployed on multiple Amazon EC2 instances behind an Application Load Balancer After a purchase is made customers receive an S3 signed URL that allows access to the files.
The customers are distributed across North America and Europe The company wants to reduce
the cost that is associated with data transfers and wants to maintain or improve performance.
What should a solutions architect do to meet these requirements?
A. Configure S3 Transfer Acceleration on the existing S3 bucket Direct customer requests to the
S3 Transfer Acceleration endpoint Continue to use S3 signed URLs for access control.
B. Deploy an Amazon CloudFront distribution with the existing S3 bucket as the origin Direct
customer requests to the CloudFront URL Switch to CloudFront signed URLs for access control.
C. Set up a second S3 bucket in the eu-central-1 Region with S3 Cross-Region Replication
between the buckets Direct customer requests to the closest Region Continue to use S3 signed
URLs for access control.
D. Modify the web application to enable streaming of the datasets to end users. Configure the
web application to read the data from the existing S3 bucket Implement access control directly
in the application.
B
A company has deployed a business-critical application in the AWS Good The application uses Amazon EC2 instances that run in the us-east-1 Region The application uses Amazon S3 for
storage of all critical data.
To meet compliance requirements the company must create a disaster recovery (DR) plan that
provides the capability of a full failover to another AWS Region
What should a solutions architect recommend for this DR plan?
A. Deploy the application to multiple Availability Zones in us-east-1 Create a resource group in
AWS Resource Groups Turn on automatic failover for the application to use a predefined
recovery Region.
B. Perform a virtual machine (VM) export by using AWS Import/Export on the existing EC2
instances Copy the exported instances to the destination Region in the event of a disaster
provision new EC2 instances from the exported EC2 instances.
C. Create snapshots of all Amazon Elastic Block Store (Amazon EBS) volumes that are
attached to the EC2 instances in us-east-t Copy the snapshots to the destination Region In the
event of a disaster provision new EC2 instances from the EBS snapshots.
D. Use S3 Cross-Region Replication for the data that is stored in Amazon S3 Create an AWS
CloudFormation template for the application with an S3 bucket parameter In the event of a
disaster deploy the template to the destination Region and specify the local S3 bucket as the
parameter.
D
A company is using AWS to design a web application that will process insurance quotes Users will request quotes from the application Quotes must be separated by quote type, must be responded to within 24 hours, and must not get lost The solution must maximize operational efficiency and must minimize maintenance. Which solution meets these requirements?
A. Create multiple Amazon Kinesis data streams based on the quote type Configure the web
application to send messages to the proper data stream Configure each backend group of
application servers to use the Kinesis Client Library (KCL) to pool messages from its own data
stream.
B. Create an AWS Lambda function and an Amazon Simple Notification Service (Amazon SNS)
topic for each quote type Subscribe the Lambda function to its associated SNS topic Configure
the application to publish requests tot quotes to the appropriate SNS topic.
C. Create a single Amazon Simple Notification Service (Amazon SNS) topic Subscribe Amazon
Simple Queue Service (Amazon SQS) queues to the SNS topic Configure SNS message
filtering to publish messages to the proper SQS queue based on the quote type Configure each
backend application server to use its own SQS queue.
D. Create multiple Amazon Kinesis Data Firehose delivery streams based on the quote type to
deliver data streams to an Amazon Elasucsearch Service (Amazon ES) cluster Configure the
application to send messages to the proper delivery stream Configure each backend group of
application servers to search for the messages from Amazon ES and process them accordingly
C
A company has a large Microsoft SharePoint deployment running on-premises that requires Microsoft Windows shared file storage The company wants to migrate this workload to the AWS Cloud and is considering various storage options. The storage solution must be highly available and integrated with Active Directory for access control.
Which solution will satisfy these requirements?
A. Configure Amazon EFS storage and set the Active Directory domain for authentication.
B. Create an SMB Me share on an AWS Storage Gateway tile gateway in two Availability Zones.
C. Create an Amazon S3 bucket and configure Microsoft Windows Server to mount it as a
volume.
D. Create an Amazon FSx for Windows File Server file system on AWS and set the Active
Directory domain for authentication
D
A company has a website running on Amazon EC2 Instances across two Availability Zones The
company is expecting spikes in traffic on specific holidays and wants to provide a consistent
user experience.
How can a solutions architect meet this requirement?
A. Use step scaling
B. Use simple scaling
C. Use lifecycle hooks
D. Use scheduled scaling
D
A company has multiple AWS accounts for various departments. One of the departments wants
to share an Amazon S3 bucket with all other departments. Which solution will require the
LEAST amount of effort?
A. Enable cross-account S3 replication for the bucket.
B. Create a pre-signed URL for the bucket and share it with other departments.
C. Set the S3 bucket policy to allow cross-account access to other departments.
D. Create IAM users for each of the departments and configure a read-only IAM policy.
C
A company has hired an external vendor to perform work in the company’s AWS account The vendor uses an automated tool that is hosted in an AWS account that the vendor owns The vendor does not have IAM access to the company’s AWS account.
How should a solutions architect grant this access to the vendor?
A. Create an lAM rote in the company’s account to delegate access to the vendor’s IAM role
Attach the appropriate IAM policies to the role for the permissions that the vendor requires.
B. Create an lAM user in the company’s account with a password that meets the password
complexity requirements Attach the appropriate lAM policies to the user (or the permissions that
the vendor requires.
C. Create an IAM group in the company’s account Add the tool’s lAM user from the vendor
account lo the group Attach the appropriate lAM policies to the group for the permissions that
the vendor requires.
D. Create a new identity provider by choosing “AWS account” as the provider type in the IAM
console Supply the vendor’s AWS account ID and user name Attach the appropriate IAM policies to the new provider for the permissions that the vendor requires.
B
A solution architect has created a new AWS account and must secure AWS account root user
access Which combination of actions mil accomplish this?
(Select TWO )
A. Ensure the root user uses a strong password.
B. Enable multi-factor authentication to the root user.
C. Store root user access keys m an encrypted Amazon S3 bucket.
D. Add the root user to a group containing administrative permissions.
E. Apply the required permissions to the root user with an inline policy document
A, B
A company is hosting 60 TB of production-level data in an Amazon S3 bucket A solutions architect needs to bring that data on premises for quarterly audit requirements This export of data must be encrypted while in transit The company has low network bandwidth in place between AWS and its on-premises data center.
What should the solutions architect do to meet these requirements?
A. Deploy AWS Migration Hub with 90-day replication windows for data transfer.
B. Deploy an AWS Storage Gateway volume gateway on AWS Enable a 90-day replication
window to transfer the data.
C. Deploy Amazon Elastic File System (Amazon EFS). with Iifecycle policies enabled, on AWS
Use it to transfer the data.
D. Deploy an AWS Snowball device in the on-premises data center after completing an export
Job request In the AWS Snowball console.
D
A company has a service that reads and writes large amounts of data from an Amazon S3 bucket in the same AWS Region The service is deployed on Amazon EC2 instances within the private subnet of a VPC. The service communicates with Amazon S3 over a NAT gateway in
the public subnet However, the company wants a solution that will reduce the data output costs.
Which solution will meet these requirements MOST cost-effectively?
A. Provision a dedicated EC2 NAT instance in the public subnet. Configure the route table for
the private subnet to use the elastic network interface of this instance as the destination for all
S3 traffic.
B. Provision a dedicated EC2 NAT instance in the private subnet. Configure the route table for
the public subnet to use the elastic network interface of this instance as the destination for all S3
traffic.
C. Provision a VPC gateway endpoint. Configure the route table for the private subnet to use
the gateway endpoint as the route for all S3 traffic.
D. Provision a second NAT gateway. Configure the route table foe the private subnet to use this NAT gateway as the destination for all S3 traffic.
C
A company has established a new AWS account. The account is newly provisioned and no changes have been made to the default settings The company is concerned about the security of the AWS account root user.
What should be done to secure the root user?
A. Create IAM users for daily administrative tasks Disable the root user.
B. Create IAM users for daily administrative tasks Enable multi-factor authentication on the root
user.
C. Generate an access key for the root user Use the access key for daily administration tasks
instead of the AWS Management Console.
D. Provide the root user credentials to the most senior solutions architect Have the solutions
architect use the root user for daily administration tasks.
B
A company is building a media sharing application and decides to use Amazon S3 for storage When a media file is uploaded, the company starts a multi-step process to create thumbnails identity objects in the images transcode videos into standard formats and resolutions and extract and store the metadata to an Amazon DynamoDB table The metadata is used for
searching and navigation.
The amount of traffic is variable The solution must be able to scale to handle spikes in load
without unnecessary expenses.
What should a solutions architect recommend to support this workload?
A. Build the processing into the website or mobile app used to upload the content to Amazon S3
Save the required data to the DynamoDB table when the objects are uploaded.
B. Trigger AWS Step Functions when an object is stored in the S3 bucket Have the Step
Functions perform the steps needed to process the object and then write the metadata to the
DynamoDB table.
C. Trigger an AWS Lambda function when an object is stored in the S3 bucket Have the
Lambda function start AWS Batch to perform the steps to process the object Place the object
data m the DynamoDB table when complete.
D. Trigger an AWS Lambda function to store an initial entry in the DynamoDB table when an
object is uploaded to Amazon S3 Use a program running on an Amazon EC2 instance in an
Auto Scaling group to poll the index for unprocessed items, and use the program to perform the
processing.
C
Organizers for a global event want to put daily reports online as static HTML pages. The pages
are expected to generate millions of views from users around the work. The files are stored in
an Amazon S3 Bucket .
A solutions architect has been asked to design an efficient and effective solution.
Which action should the solutions architect take to accomplish this?
A. Generate presigned URLs for the files.
B. Use cross-Region replication to all Regions.
C. Use the geoproximity feature of Amazon Route 53
D. Use Amazon CloudFront with the S3 bucket as its origin.
D
A company runs an application using Amazon ECS. The application creates resized versions of an original Image and then makes Amazon S3 API calls to store the resized images in Amazon
S3
How can a solutions architect ensure that the application has permission to access Amazon S3?
A. Update the S3 role in AWS IAM to allow read/write access from Amazon ECS and then
relaunch the container.
B. Create an IAM role with S3 permissions and then specify that role as the taskRoleArn in the
task definition.
C. Create a security group that allows access from Amazon ECS to Amazon S3 and update the
launch configuration used by the ECS cluster.
D. Create an IAM user with S3 permissions, and then relaunch the Amazon EC2 instances for
the ECS cluster while logged in as this account
B
A media streaming company collects real-time data and stores it in a disk-optimized database
system. The company is not getting the expected throughput and wants an m- memory
database storage solution that performs faster and provides high availability using data
replication.
Which database should a solutions architect recommend?
A. Amazon RDS for MySQL
B. Amazon RDS for PostgreSQL
C. Amazon ElastiCache for Redis.
D. Amazon ElastiCache for Memcached
C
A company stores use’ data in AWS The data is used continuously with peak usage during business hours Access patterns vary with some data not being used for months at a time A solutions architect must choose a cost-effective solution that maintains the highest level of
durability while maintaining high availability.
Which storage solution meets these requirements?
A. Amazon S3 Standard
B. Amazon S3 Intelligent-Tiering
C. Amazon S3 Glacier Deep Archive
D. Amazon S3 One Zone-infrequent Access (S3 One Zone-IA)
B
A weather forecasting company needs to process hundreds of gigabytes of data with sub- mill
(second latency. The company has a high performance computing (HPC) environment in its data center and wants to expand its forecasting capabilities.
A solutions architect must identify a highly available cloud storage solution that can handle large
amounts of sustained throughput Files that are stored in the solution should be accessible to thousands of compute instances that will simultaneously access and process the entire dataset.
What should the solutions architect do to meet these requirements?
A. Use Amazon FSx for Lustre scratch file systems.
B. Use Amazon FSx for Lustre persistent file systems.
C. Use Amazon Elastic File System (Amazon EFS) with Bursting Throughput mode.
D. Use Amazon Elastic File System (Amazon EFS) with Provisioned Throughput mode.
C
A company receives structured and semi-structured data from various sources once every day
A solutions architect needs to design a solution that leverages big data processing frameworks
The data should be accessible using SQL queries and business intelligence tools.
What should the solutions architect recommend to build the MOST high-performing solution**
A. Use AWS Glue to process data and Amazon S3 to store data.
B. Use Amazon EMR to process data and Amazon Redshift lo store data.
C. Use Amazon EC2 to process data and Amazon Elastic Block Store (Amazon EBS) to store
data.
D. Use Amazon Kinesis Data Analytics to process data and Amazon Elastic File System
(Amazon EFS) to store data.
A
A company wants to build an immutable infrastructure for its software applications The company
wants to test the software applications before sending traffic to them The company seeks an
efficient solution that limits the effects of application bugs.
Which combination of steps should a solutions architect recommend? {Select TWO)
A. Use AWS Cloud Formation to update the production infrastructure and roll back the stack if
the update fails.
B. Apply Amazon Route 53 weighted routing to test the staging environment and gradually increase the traffic as the tests pass.
C. Apply Amazon Route 53 failover routing to test the staging environment and fail over to the
production environment if the tests pass.
D. Use AWS Cloud Formation with a parameter set to the staging value in a separate
environment other than the production environment.
E. Use AWS Cloud Formation to deploy the staging environment with a snapshot deletion policy
and reuse the resources in the production environment if the tests pass.
A, E
A company hosts its website on AWS To address the highly variable demand the company has
implemented Amazon EC2 Auto Scaling Management is concerned that the company Is over-prows toning its infrastructure, especially at the front end of the three-tier application.
A solutions architect needs to ensure costs are optimized without impacting performance.
What should the solutions architect do to accomplish this?
A. Use Auto Scaling with Reserved Instances.
B. Use Auto Scaling with a scheduled scaling policy.
C. Use Auto Scaling with the suspend-resume feature.
D. Use Auto Scaling with a target tracking scaling policy.
D
A company has a Windows-based application that must be migrated to AWS. The application requires the use of a shared Windows Me system attached to multiple Amazon EC2 Windows instances that are deployed across multiple Availability Zones.
What should a solutions architect do to meet this requirement?
A. Configure AWS Storage Gateway in volume gateway mode Mount the volume to each
Windows instance.
B. Configure Amazon FSx for Windows File Server Mount the Amazon FSx file system to each
Windows instance.
C. Configure a file system by using Amazon Elastic File System (Amazon EFS) Mount the EPS
file system to each Windows instance.
D. Configure an Amazon Elastic Block Store (Amazon EBS) volume with the required size
Attach each EC2 instance to the volume Mount the file system within the volume to each
Windows instance.
B
A solutions architect is designing the architecture for a software demonstration environment The environment will run on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB) The system will experience significant increases in traffic during working hours but Is not required to operate on weekends.
Which combination of actions should the solutions architect take to ensure that the system can scale to meet demand?
(Select TWO)
A. Use AWS Auto Scaling to adjust the ALB capacity based on request rate.
B. Use AWS Auto Scaling to scale the capacity of the VPC internet gateway.
C. Launch the EC2 instances in multiple AWS Regions to distribute the load across Regions.
D. Use a target tracking scaling policy to scale the Auto Scaling group based on instance CPU
utilization.
E. Use scheduled scaling to change the Auto Scaling group minimum, maximum, and desired
capacity to zero for weekends Revert to the default values at the start of the week.
D, E
A company has an application that uses an Amazon OynamoDB table low storage. A solutions architect discovers that many requests to the table are not returning the latest data.
The company’s users have not reported any other issues with database performance Latency is in an acceptable range.
Which design change should the solutions architect recommend?
A. Add read replicas to the table.
B Use a global secondary index (GSI).
B. Request strongly consistent reads for the table.
C. Request eventually consistent reads for the table.
C?
A company has a web application with sporadic usage patterns There is heavy usage at the beginning of each month moderate usage at the start of each week and unpredictable usage during the week The application consists of a web server and a MySQL database server
running inside the data center The company would like to move the application to the AWS Cloud and needs to select a cost-effective database platform that will not require database modifications.
Which solution will meet these requirements?
A. Amazon DynamoDB
B. Amazon RDS for MySQL
C. MySQL-compatible Amazon Aurora Serverless.
D. MySQL deployed on Amazon EC2 in an Auto Scaling group
B
A company is planning to store sensitive documents in an Amazon S3 bucket. The documents must be encrypted al rest. The company wants to manage the underlying keys that are used lor encryption However, the company does not want to manage the encryption and decryption
process.
Which solutions will meet these requirements? (Select TWO.)
A. Use server-side encryption with customer-provided encryption keys (SSE-C).
B. Use client-side encryption with AWS managed keys.
C. Use server-side encryption with S3 managed encryption keys (SSE-S3).
D. Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) with a key
policy document that is 40 KB in size.
E. Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) that the
company uploads to AWS KMS
C, E
A company is developing a real-time multiplayer game that uses UDP for communications between the client and servers In an Auto Scaling group Spikes in demand are anticipated during the day, so the game server platform must adapt accordingly Developers want to store gamer scores and other non-relational data in a database solution that will scale without intervention.
Which solution should a solutions architect recommend?
A. Use Amazon Route 53 for traffic distribution and Amazon Aurora Serverless for data storage.
B. Use a Network Load Balancer for traffic distribution and Amazon DynamoDB on- demand for
data storage.
C. Use a Network Load Balancer for traffic distribution and Amazon Aurora Global Database for
data storage.
D. Use an Application Load Balancer for traffic distribution and Amazon DynamoDB global
tables for data storage.
B
A company is building a new furniture inventory application The company has deployed the application on a fleet of Amazon EC2 instances across multiple Availability Zones The EC2 instances run behind an Application Load Balancer (ALB) in their VPC
A solutions architect has observed that incoming traffic seems to favor one EC2 instance
resulting in latency for some requests.
What should the solutions architect do to resolve this issue?
A. Disable session affinity (sticky sessions) on the ALB
B. Replace the ALB with a Network Load Balancer.
C. increase the number of EC2 instances in each Availability Zone.
D. Adjust the frequency of the health checks on the ALB’s target group.
B
An airline that is based in the United States provides services for routes in North America and Europe. The airline is developing a new read-intensive application that customers can use to find flights on either continent.
The application requires strong read consistency and needs scalable database capacity to accommodate changes in user demand. The airline needs the database service to synchronize with the least possible latency between the two continents and to provide a simple failover mechanism to a second AWS Region.
Which solution will meet these requirements?
A. Deploy Microsoft SQL Server on Amazon EC2 instances in a Region in North America. Use
SOL Server binary log replication on an EC2 instance in a Region in Europe.
B. Create an Amazon DynamoDB global table Add a Region from North America and a Region
from Europe to the table. Query data with strongly consistent reads.
C. Use an Amazon Aurora MySQL global database. Deploy the read-write node in a Region in
North America, and deploy read-only endpoints in Regions in North America and Europe. Query
data with global read consistency.
D. Create a subscriber application that uses Amazon Kinesis Data Steams for an Amazon
Redshift cluster in a Region in North America. Create a second subscriber application for the
Amazon Redshift cluster in a Region in Europe. Process all database modifications through
Kinesis Data Streams.
C
A company wants to perform an online migration of active datasets from an on-premises NFS
server to an Amazon S3 bucket that is named DOC-EXAMPLE-BUCKET Data integrity
verification is required during the transfer and at the end of the transfer. The data also must he encrypted.
A solutions architect is using an AWS solution to migrate the data.
Which solution meets these requirements?
A. AWS Storage Gateway file gateway
B. S3 Transfer Acceleration
C. AWS DataSync
D. AWS Snowhall Edge Storage Optimized
C
A solutions architect is designing a high performance computing (HPC) workload on Amazon EC2 The EC2 instances need to communicate to each other frequently and require network performance with low latency and high throughput.
Which EC2 configuration meets these requirements?
A. Launch the EC2 instances in a cluster placement group in one Availability Zone.
B. Launch the EC2 instances in a spread placement group in one Availability Zone.
C. Launch the EC2 instances in an Auto Scaling group m two Regions and peer the VPCs.
D. Launch the EC2 instances in an Auto Scaling group spanning multiple Availability Zones.
A
A company hosts its static website content from an Amazon S3 bucket in the us-east-1 Region
Content is made available through an Amazon CloudFront origin pointing to that bucket Cross-
Region replication is set up to create a second copy of the bucket in the ap- southeast-1 Region Management wants a solution that provides greater availability for the website.
Which combination of actions should a solutions architect take to increase availability’?
(Select TWO.)
A. Add both buckets to the CloudFront origin.
B. Configure failover routing in Amazon Route 53
C. Create a record in Amazon Route 53 pointing to the replica bucket.
D. Create an additional CloudFront origin pointing to the ap-southeast-1 bucket.
E. Set up a CloudFront origin group with the us-east-1 bucket as the primary and the ap-
southeast-1 bucket as the secondary.
B, E
A company has an Amazon S3 bucket that contains confidential information in its production
AWS account The company has turned on AWS CloudTrail for the account. The account sends
a copy of its logs to Amazon CloudWatch Logs. The company has configured the S3 bucket to
log read and write data events.
A company auditor discovers that some objects in the S3 bucket have been deleted A solutions
architect must provide the auditor with information about who deleted the objects.
What should the solutions architect do to provide this information?
A. Create a CloudWatch Logs fitter to extract the S3 write API calls against the S3 bucket.
B. Query the CloudTrail togs with Amazon Athena to identify the S3 write API calls against the S3 bucket.
C. Use AWS Trusted Advisor to perform security checks for S3 writ© API calls that deleted the content.
D. Use AWS Config to track configuration changes on the S3 bucket Use these details to track
the S3 write API calls that deleted the content.
B
A company is running a three-tier web application to process credit card payments The front-end user interface consists of static webpages The application tier can have long- runmng processes The database tier uses MySQL
The application is currently running on a single general purpose large Amazon EC2 instance A
solutions architect needs to decouple the services to make the web application highly available.
Which solution would provide the HIGHEST availability.
A. Move static assets to Amazon CloudFront Leave the application in EC2 in an Auto Scaling
group Move the database to Amazon RDS to deploy Multi-AZ
B. Move static assets and the application into a medium EC2 instance Leave the database on
me large instance Place both instances in an Auto Scaling group.
C. Move static assets to Amazon S3 Move the application to AWS Lambda with the concurrency
limit set Move the database to Amazon DynamoDB with on-demand enabled.
D. Move static assets to Amazon S3 Move the application to Amazon Elastic Container Service
(Amazon ECS) containers with Auto Scaling enabled Move the database to Amazon RDS to deploy Multi-AZ
D
A company has thousands of edge devices that collectively generate 1 TB of status averts.
each day Each alert s approximately 2 KB in size.
A solutions architect needs to implement a
solution to ingest and store the alerts for future analysis.
The company wants a highly available solution However the company needs to minimize costs and does not want to manage additional infrastructure Additionally, the company wants to keep 14 days of data available for immediate analysis and archive any data older than 14 days.
What is the MOST operationally efficient solution that meets these requirements^
A. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts Configure the
Kinesis Data Firehose stream to deliver the alerts to an Amazon S3 bucket Set up an S3
Lifecycle configuration to transition data to Amazon S3 Glacier after 14 days B Launch Amazon
EC2 instances across two Availability Zones and place them behind an Elastic Load Balancer to
ingest the alerts Create a script on the EC2 instances that will store tne alerts m an Amazon S3
bucket Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier after 14
days.
B. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts Configure the
Kinesis Data Firehose stream to deliver the alerts to an Amazon Elasticsearch Service (Amazon
ES) duster Set up the Amazon ES cluster to take manual snapshots every day and delete data
from the duster that is older than 14 days D . Create an Amazon Simple Queue Service
(Amazon SQS i standard queue to ingest the alerts and set the message retention period to 14
days Configure consumers to poll the SQS queue check the age of the message and analyze
the message data as needed If the message is 14 days old the consumer should copy the
message to an Amazon S3 bucket and delete the message from the SQS queue.
A
An ecommerce company has noticed performance degradation of its Amazon RDS based web application The performance degradation is attributed to an increase in the number of read-only SQL queries triggered by business analysts A solutions architect needs to solve the problem with minimal changes to the existing web application.
What should the solutions architect recommend?
A. Export the data to Amazon DynamoDB and have the business analysts run their queries.
B. Load the data into Amazon ElastiCache and have the business analysts run their queries.
C. Create a read replica of the primary database and have the business analysts run their
queries.
D. Copy the data into an Amazon Redshift cluster and have the business analysts run their
queries.
C
A company has an application that ingests incoming messages Dozens of other applications and microservices then quickly consume these messages The number of messages vanes drastically and sometimes increases suddenly to 100 000 each second. The company wants to decouple the solution and increase scalability.
Which solution meets these requirements?
A. Persist the messages to Amazon Kinesis Data Analytics Configure the consumer applications
to read and process the messages.
B. Deploy the ingestion application on Amazon EC2 instances m an Auto Scaling group to scale
the number of EC2 instances based on CPU metrics.
C. Write the messages to Amazon Kinesis Data Streams with a single shard Use an AWS
Lambda function to preprocess messages and store them in Amazon DynamoDB Configure the
consumer applications to read from DynamoDB to process the messages.
D. Publish the messages to an Amazon Simple Notification Service (Amazon SNS) topic with
multiple Amazon Simple Queue Service (Amazon SQS) subscriptions Configure the consumer
applications to process the messages from the queues.
D
A company provides machine learning solutions .The company’s users need to download large data sets from the company’s Amazon S3 bucket. These downloads often take a long lime, especially when the users are running many simulations on a subset of those datasets. Users download the datasets to Amazon EC2 instances in the same AWS Region as the S3 bucket.
Multiple users typically use the same datasets at the same time.
Which solution will reduce the lime that is required to access the datasets?
A. Configure the S3 bucket lo use the S3 Standard storage class with S3 Transfer Acceleration activated.
B. Configure the S3 bucket to use the S3 Intelligent-Tiering storage class with S3 Transfer Acceleration activated.
C. Create an Amazon Elastic File System (Amazon EFS) network Tile system.
Migrate the datasets by using AWS DataSync.
D. Move the datasets onto a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon
EBS) volume. Attach the volume to all the EC2 instances.
C
A company has three AWS accounts Management Development and Production. These accounts use AWS services only in the us-east-1 Region All accounts have a VPC with VPC Flow Logs configured to publish data to an Amazon S3 bucket in each separate account For
compliance reasons the company needs an ongoing method to aggregate all the VPC flow logs
across all accounts into one destination S3 bucket in the Management account.
What should a solutions architect do to meet these requirements with the LEAST operational
overhead?
A. Add S3 Same-Region Replication rules in each S3 bucket that stores VPC flow logs to replicate objects to the destination S3 bucket Configure the destination S3 bucket to allow objects to be received from the S3 buckets in other accounts.
B. Set up an IAM user in the Management account Grant permissions to the IAM user to access the S3 buckets that contain the VPC flow logs Run the aws s3 sync command in the AWS CLl to copy the objects to the destination S3 bucket.
C. Use an S3 inventory report to specify which objects in the S3 buckets to copy Perform an S3 batch operation to copy the objects into the destination S3 bucket in the Management account with a single request.
D. Create an AWS Lambda function in the Management account Grant S3 GET permissions on the source S3 buckets Grant S3 PUT permissions on the destination S3 bucket Configure the function to invoke when objects are loaded in the source S3 buckets.
A
A solutions architect is designing the cloud architecture for a company that needs to host hundreds of machine learning models for its users Dunng startup, the models need to load up to 10 GB of data from Amazon S3 into memory, out they do not need disk access Most of the
models are used sporadically but the users expect all of them to be highly available and accessible with low latency.
Which solution meets the requirements and is MOST cost-effective1?
A. Deploy models as AWS Lambda functions behind an Amazon API Gateway for each model.
B. Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind an
Application Load Balancer for each model.
C. Deploy models as AWS Lambda functions behind a single Amazon API Gateway with path-
based routing where one path corresponds to each model.
D. Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind a single
Application Load Balancer with path-based routing where one path corresponds to each model
D
A company runs a web-based portal that provides users with global breaking news local alerts, and weather updates The portal delivers each user a personalized view by using a mixture of static and dynamic content Content is served over HTTPS through an API server running on an Amazon EC2 instance behind an Application Load Balancer (ALB) The company wants the
portal to provide this content to its users across the world as quickly as possible.
How should a solutions architect design the application to ensure the LEAST amount of latency
for all users?
A. Deploy the application stack in a single AWS Region Use Amazon CloudFront to serve all
static and dynamic content by specifying the ALB as an origin.
B. Deploy the application stack in two AWS Regions Use an Amazon Route 53 latency routing
policy to serve all content from the ALB in the closest Region.
C. Deploy the application stack in a single AWS Region Use Amazon CloudFront to serve the
static content Serve the dynamic content directly from the ALB
D. Deploy the application stack in two AWS Regions Use an Amazon Route 53 geolocation
routing policy to serve all content from the ALB in the closest Region.
B
A company is developing a mobile game that streams score updates to a backend processor and then posts results on a leaderboard A solutions architect needs to design a solution that can handle large traffic spikes process the mobile game updates in order of receipt and store the processed updates in a highly available database The company also wants to minimize the
management overhead required to maintain the solution.
What should the solutions architect do to meet these requirements?
A. Push score updates to Amazon Kinesis Data Streams Process the updates in Kinesis Data Streams with AWS Lambda Store the processed updates in Amazon DynamoDB
B. Push score updates to Amazon Kinesis Data Streams Process the updates with a fleet of Amazon EC2 instances set up for Auto Scaling Store the processed updates in Amazon Redshifi.
C. Push score updates to an Amazon Simple Notification Service (Amazon SNS) topic Subscnbe an AWS Lambda function to the SNS topic to process the updates Store the processed updates in a SQL database running on Amazon EC2
D. Push score updates to an Amazon Simple Queue Service (Amazon SQS) queue Use a fleet
of Amazon EC2 instances with Auto Scaling to process the updates in the SQS queue Store the
processed updates in an Amazon RDS Multi-AZ DB instance.
A
You can use
Amazon Kinesis Data Streams to collect and process large streams of data records in real time.
You can use Kinesis Data Streams for rapid and continuous data intake and aggregation. The
type of data used can include IT infrastructure log data, application logs, social media, market
data feeds, and web clickstream data. Because the response time for the data intake and
processing is in real time, the processing is typically lightweight
Application developers have noticed that a production application is very slow when business reporting users run large production reports against the Amazon RDS instance backing the application The CPU and memory utilization metrics for the RDS instance do not exceed 60% while the reporting queries are running The business reporting users must be able to generate
reports without affecting the application’s performance.
Which action will accomplish this?
A. Increase the size of the RDS instance
B. Create a read replica and connect the application to it
C. Enable multiple Availability Zones on the RDS instance
D. Create a read replica and connect the business reports to it
D
A company wants to migrate its MySQL database from on premises to AWS. The company recently experienced a database outage that significantly impacted the business To ensure this does not happen again the company wants a reliable database solution on AWS that minimizes data loss and stores every transaction on at least two nodes.
Which solution meets these requirements?
A. Create an Amazon RDS DB instance with synchronous replication to three nodes in three Availability Zones.
B. Create an Amazon RDS MySQL DB instance with Multi-AZ functionality enabled to
synchronously replicate the data.
C. Create an Amazon RDS MySQL DB instance and then create a read replica in a separate
AWS Region that synchronously replicates the data.
D. Create an Amazon EC2 instance with a MySQL engine installed that triggers an AWS
Lambda function to synchronously replicate the data to an Amazon RDS MySQL DB instance.
B
A startup company is using me AWS Cloud to develop a traffic control monitoring system for a large city The system must be highly available and must provide near-real-time results for residents and city officials even during peak events. Gigabytes of data will come in daily from loT devices that run at intersections and freeway
ramps across the city The system must process the data sequentially to provide the correct timeline However results need to show only what has happened in the last 24 hours.
Which solution will meet these requirements MOST cost-effectively?
A. Deploy Amazon Kinesis Data Firehose to accept incoming data from the loT devices and
write the data to Amazon S3 Build a web dashboard to display the data from the last 24 hours.
B. Deploy an Amazon API Gateway API endpoint and an AWS Lambda function to process
incoming data from the loT devices and store the data in Amazon DynamoDB Build a web
dashboard to display the data from the last 24 hours.
C. Deploy an Amazon API Gateway API endpoint and an Amazon Simple Notification Service
(Amazon SNS) tope to process incoming data from the loT devices Write the data.
to Amazon Redshift Build a web dashboard to display the data from the last 24 hours.
D. Deploy an Amazon Simple Queue Service (Amazon SOS) FIFO queue and an AWS Lambda
function to process incoming data from the loT devices and store the data in an Amazon RDS
DB instance Build a web dashboard to display the data from the last 24 hours.
D
A company that operates a web application on premises is preparing to launch a newer version
of the application on AWS The company needs to route requests to either the AWS-hosted or
the on-premises-hosted application based on the URL query string The on- premises application
Is not available from the Internet, and a VPN connection Is established between Amazon VPC
and the company’s data center. The company wants to use an Application Load Balancer (ALB)
for this launch.
Which solution meets these requirements?
A. Use two ALBs: one for on premises and one for the AWS resource Add hosts to each target
group of each ALB Route with Amazon Route 53 based on the URL query string.
B. Use Mo ALBs; one for on premises and one for the AWS resource Add hosts to the target
group of each ALB Create a software router on an EC2 instance based on the URL query string.
C. Use one ALB with two target groups one for the AWS resource and one for on premises Add
hosts to each target group of the ALB Configure listener rules based on the URL query string.
D. Use one ALB with two AWS Auto Scaling groups one for the AWS resource and one for on
premises Add hosts to each Auto Scaling group Route with Amazon Route 53 based on the
URL query string.
C
A company has a three-tier environment on AWS that ingests sensor data from its users’
devices The traffic flows through a Network Load Balancer (NIB) then to Amazon EC2 instances
for the web tier and finally to EC2 instances for the application tier that makes database calls.
What should a solutions architect do to improve the security of data in transit to the web tier?
A. Configure a TLS listener and add the server certificate on the NLB
B. Configure AWS Shield Advanced and enable AWS WAF on the NLB
C. Change the load balancer to an Application Load Balancer and attach AWS WAF to it.
D. Encrypt the Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instances using
AWS Key Management Service (AWS KMS)
A
A company previously migrated its data warehouse solution to AWS The company also has an
AWS Direct Conned connection Corporate office users query the data warehouse using a
visualization tool The average size of a query returned by the data warehouse is 50 MB and
each webpage sent by the visualization tool is approximately 500 KB Result sets returned by
the data warehouse are not cached.
Which solution provides the LOWEST data transfer egress cost for the company?
A. Host the visualization tool on premises and query the data warehouse directly over the
internet.
B. Host the visualization tool m the same AWS Region as the data warehouse Access it over
the internet.
C. Host the visualization tool on premises and query me data warehouse directly over a Direct
Conned connection at a location in the same AWS Region.
D. Host the visualization tool in the same AWS Region as the data warehouse and access it
over a Direct Conned connection at a location in the same Region.
D
A company has recently updated its internal security standards The company must now ensure
all Amazon S3 buckets and Amazon Elastic Block Store (Amazon EBS) volumes are encrypted
with keys created and periodically rotated by internal security specialists The company is
looking for a native, software-based AWS service to accomplish this goal.
What should a solutions architect recommend as a solution?
A. Use AWS Secrets Manager with customer master keys (CMKs) to store master key material
and apply a routine to create a new CMK periodically and replace it m AWS Secrets Manager.
B. Use AWS Key Management Service (AWS KMS) with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in
AWS KMS.
C. Use an AWS CloudHSM cluster with customer master keys (CMKs) to store master key
material and apply a routine to re-create a new key periodically and replace it in the CloudHSM
cluster nodes.
D. Use AWS Systems Manager Parameter Store with customer master keys (CMKs) to store
master key material and apply a routine to re-create a new key periodically and replace it in the
Parameter Store
A
A company is performing an AWS Well-Architected Framework review of an existing workload
deployed on AWS The review Identified a public-facing website running on the same Amazon
EC2 instance as a Microsoft Active Directory domain controller that was installed recently to
support other AWS services A solutions architect needs to recommend a new design that would
improve the security of the architecture and minimize the administrative demand on IT staff.
What should the solutions architect recommend?
A. Use AWS Directory Service to create a managed Active Directory Uninstall Active Directory
on the current EC2 instance.
B. Create another EC2 instance in the same subnet and reinstall Active Directory on it Uninstall
Active Directory on the current EC2 instance.
C. Use AWS Directory Service to create an Active Directory connector Proxy Active Directory
requests to the Active Directory domain controller running on the current EC2 instance.
D. Enable AWS Single Sign-On (AWS SSO) with Security Assertion Markup Language (SAML)
2 0 federation with the current Active Directory controller Modify the EC2 instance’s security
group to deny public access to Active Directory
A
A company runs en application on a large fleet of Amazon EC2 instances. The application reads
and write entries into an Amazon DynamoDB table The size of the OynamoDB table
continuously grows but the application needs only data from the last 30 days The company
needs a solution that minimizes cost and development effort.
Which solution meets these requirements’?
A. Use an AWS CloudFormation template to deploy the complete solution Redeploy the Cloud
Formation stack every 30 days, and delete the original stack.
B. Use an EC2 instance that runs a monitoring application from AWS Marketplace Configure the
monitoring application to use Amazon DynamoOB Streams to store the timestamp when a new
item is created in the table Use a script that runs on the EC2 instance to delete items that have
a timestamp that is older than 30 days.
C. Configure Amazon DynamoDB Streams to invoke an AWS Lambda function when a new
item is created in the table Configure the Lambda function to delete items m the table that are
older than 30 days.
D. Extend the application to add an attribute that has a value of the current timestamp plus 30
days to each new item that is created in the table Configure DynamoDB to use the attribute as
the TTL attribute.
D
A recent analysis of a company’s IT expenses highlights the need to reduce backup costs The
company s chief information officer wants to simplify the on-premises backup infrastructure and
reduce costs by eliminating the use ol physical backup tapes The company must preserve the
existing investment in the on-premises backup applications and workflows.
What should a solutions architect recommend?
A. Set up AWS Storage Gateway to conned with the backup applications using the NFS
interface.
B. Set up an Amazon EFS file system that connects wtth the backup applications using the NFS
interface.
C. Set up an Amazon EFS file system that connects with the backup applications using the
iSCSl interface.
D. Set up AWS Storage Gateway to connect with the backup applications using the iSCSi-
virtual tape library (VTL) interface.
D
A developer has a script lo generate daily reports that users previously ran manually The script
consistently completes in under 10 minutes The developer needs to automate this process in a
cost-effective manner.
Which combination of services should the developer use? (Select TWO.)
A. AWS Lambda
B. AWS CloudTrail
C. Cron on an Amazon EC2 instance
D. Amazon EC2 On-Demand Instance with user data
E. Amazon EventBridge {Amazon CloudWatch Events)
A, E
A company has a production web application in which users upload documents through a web
interlace or a mobile app. According to a new regulatory requirement, new documents cannot
be modified or deleted after they are stored.
What should a solutions architect do to meet this requirement?
A. Store the uploaded documents in an Amazon S3 bucket with S3 Versioning and S3 Object
Lock enabled.
B. Store the uploaded documents in an Amazon S3 bucket. Configure an S3 Lifecycle policy to
archive the documents periodically.
C. Store the uploaded documents in an Amazon S3 bucket with S3 Versioning enabled
Configure an ACL to restrict all access to read-only.
D. Store the uploaded documents on an Amazon Elastic File System (Amazon EFS) volume Access the data by mounting the volume in read-only mode.
A
A company is designing a shared storage solution for a gaming application that is hosted in the
AWS Cloud The company needs the ability to use SMB clients to access data solution must be
fully managed.
Which AWS solution meets these requirements?
A. Create an AWS DataSync task that shares the data as a mountable file system Mount the file
system to the application server.
B. Create an Amazon EC2 Windows instance Install and configure a Windows file share role on
the instance Connect the application server to the file share.
C. Create an Amazon FSx for Windows File Server file system Attach the file system to the
origin server Connect the application server to the file system.
D. Create an Amazon S3 bucket Assign an IAM role to the application to grant access to the S3
bucket Mount the S3 bucket to the application server
C
A company has data stored in an on-premises data center that is used by several on- premises
applications The company wants to maintain its existing application environment and be able to
use AWS services for data analytics and future visualizations.
Which storage service should a solutions architect recommend?
A. Amazon Redshift.
B. AWS Storage Gateway for files.
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon Elastic File System (Amazon EFS)
B
A company needs the ability to analyze the log files of its proprietary application. The logs are
stored in JSON format in an Amazon S3 bucket Queries will be simple and will run on- demand
A solutions architect needs to perform the analysis with minimal changes to the existing
architecture.
What should the solutions architect do to meet these requirements with the LEAST amount of
operational overhead?
A. Use Amazon Redshift to load all the content into one place and run the SQL queries as
needed.
B. Use Amazon CloudWatch Logs to store the logs Run SQL queries as needed from the
Amazon CloudWatch console.
C. Use Amazon Athena directly with Amazon S3 to run the queries as needed.
D. Use AWS Glue to catalog the logs Use a transient Apache Spark cluster on Amazon EMR to un the SQL queries as needed.
C
A company recently launched its website to servo content to its global user base. The company
wants to store and accelerate the delivery of static content to its users by leveraging Amazon
CloudFront with an Amazon EC2 instance attached as its origin.
How should a solutions architect optimize high availability tor the application?
A. Use lambda@Edge for CloudFront.
B. Use Amazon S3 Transfer Acceleration for CloudFront.
C. Configure another EC2 instance m a different Availability Zone as part of the origin group.
D. Configure another EC2 instance as part of the origin server cluster in the same Availability
Zone.
A
A company is migrating Us applications to AWS Currently applications that run on premises
generate hundreds of terabytes of data that is stored on a shared file system The company Is
running an analytics application in the cloud that runs hourly to generate Insights from this data.
The company needs a solution to handle the ongoing data transfer between the on- premises
shared file system and Amazon S3 The solution also must be able to handle occasional
interruptions m internet connectivity.
Which solution should the company use for the data transfer to meet these requirements?
A. AWS DataSync
B. AWS Migration Hub
C. AWS Snowball Edge Storage Optimized
D. AWS Transfer for SFTP
A
A solutions architect is designing the storage architecture tor a new web application used for
storing and viewing engineering drawings All application components will be deployed on the
AWS infrastructure.
The application design must support caching to minimize the amount of time that users wait for
the engineering drawings to load The application must be able to store petabytes of data.
Which combination of storage and caching should the solutions architect use?
A. Amazon S3 with Amazon CloudFront
B. Amazon S3 Glacier with Amazon ElastiCache
C. Amazon Elastic Block Store (Amazon BBS) volumes with Amazon CloudFront
D. AWS Storage Gateway with Amazon ElastiCache
A
A company plans to store sensitive user data on Amazon S3 internal security compliance
requirement mandate encryption of data before secured it to Amazon S3.
What should a solutions architect recommend to safely these requirements?
A. Server-side encryption with customer-provided encryption keys.
B. Client-side encryption with Amazon S3 managed encryption keys.
C. Service-side encryption with keys stored in AWS Management Service (AWS KMS)
D. Server-side encryption with a master stored in AWS Management Service (AWS KMS)
D
A company is developing a mobile game that streams score updates to a backend processor
and then posts results on a leaderboard A solutions architect needs to design a solution that
can handle large traffic spikes process the mobile game updates in order of receipt and store
the processed updates in a highly available database
The company also wants to minimize the
management overhead required to maintain the solution.
What should the solutions architect do to meet these requirements?
A. Push score updates to Amazon Kinesis Data Streams Process the updates in Kinesis Data
Streams with AWS Lambda Store the processed updates in Amazon DynamoDB
B. Push score updates to Amazon Kinesis Data Streams Process the updates with a fleet of
Amazon EC2 instances set up for Auto Scaling Store the processed updates in Amazon
Redshifi.
C. Push score updates to an Amazon Simple Notification Service (Amazon SNS) topic
Subscribe an AWS Lambda function to the SNS topic to process the updates Store the
processed updates in a SQL database running on Amazon EC2
D. Push score updates to an Amazon Simple Queue Service (Amazon SQS) queue Use a fleet
of Amazon EC2 instances with Auto Scaling to process the updates in the SQS queue Store the
processed updates in an Amazon RDS Multi-AZ DB instance.
A
A company has designed an application where users provide small sets of textual data by
calling a public API The application runs on AWS and includes a public Amazon API Gateway
API that forwards requests to an AWS Lambda function for processing The Lambda function
then writes the data to an Amazon Aurora Serverless database for consumption.
The company is concerned that it could lose some user data it a Lambda function fails to
process the request property or reaches a concurrency limit.
What should a solutions architect recommend to resolve this concern?
A. Split the existing Lambda function into two Lambda functions Configure one function to 86https://Xcerts.com
receive API Gateway requests and put relevant items into Amazon Simple Queue Service
(Amazon SQS) Configure the other function to read items from Amazon SQS and save the data
into Aurora.
B. Configure the Lambda function to receive API Gateway requests and write relevant items to
Amazon ElastiCache Configure ElastiCache to save the data into Aurora.
C. Increase the memory for the Lambda function Configure Aurora to use the Multi-AZ feature.
D. Split the existing Lambda function into two Lambda functions Configure one function to
receive API Gateway requests and put relevant items into Amazon Simple Notification Service
(Amazon SNS) Configure the other function to read items from Amazon SNS and save the data
into Aurora
A
A company is deploying an application that processes large quantities of data in batches as
needed. The company plans to use Amazon EC2 instances for the workload. The network
architecture must support a highly scalable solution and prevent groups of nodes from sharing
the same underlying hardware.
Which combination of network solutions will meet these requirements? (Select TWO.)
A. Create Capacity Reservations for the EC2 instances to run in a placement group.
B. Run the EC2 instances in a spread placement group.
C. Run the EC2 instances in a cluster placement group.
D. Place the EC2 instances in an EC2 Auto Scaling group.
E. Run the EC2 instances in a partition placement group.
B, C
A company receives inconsistent service from its data center provider because the company is
headquartered in an area affected by natural disasters The company is not ready to fully
migrate to the AWS Cloud but it wants a failure environment on AWS in case the on-premises
data center fails.
The company runs web servers that connect to external vendors The data available on AWS
and on premises must be uniform.
Which solution should a solutions architect recommend that has the LEAST amount of
downtime?
A. Configure an Amazon Route 53 failover record Run application servers on Amazon EC2
instances behind an Application Load Balancer in an Auto Scaling group Set up AWS Storage
Gateway with stored volumes to back up data to Amazon S3.
B. Configure an Amazon Route 53 failover record Execute an AWS CloudFormation template
from a script to create Amazon EC2 instances behind an Application Load Balancer Set up
AWS Storage Gateway with stored volumes to back up data to Amazon S3
C. Configure an Amazon Route 53 failover record Set up an AWS Direct Connect connection
between a VPC and the data center Run application servers on Amazon EC2 in an Auto Scaling
group Run an AWS Lambda function to execute an AWS CloudFormation template to create an
Application Load Balancer
D. Configure an Amazon Route 53 failover record Run an AWS Lambda function to execute an
AWS CloudFormation template to launch two Amazon EC2 instances Set up AWS Storage
Gateway with stored volumes to back up data to Amazon S3 Set up an AWS Direct Connect
connection between a VPC and the data center.
A
A security learn needs to enforce the rotation of all IAM users’ access keys every 90 days If an
access key Is found to be older, the key must be made inactive and removed A solutions
architect must create a solution that will check for and remediate any keys older than 90 days.
Which solution meets these requirements with the LEAST operational effort?
A. Create an AWS Config rule to check for the key age Configure the AWS Config rule to run an
AWS Batch job to remove the key.
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to check for the key age
Configure the rule to run an AWS Batch job to remove the key.
C. Create an AWS Config rule to check for the key age Define an Amazon EventBridge
(Amazon CloudWatch Events) rule to schedule an AWS Lambda function to remove the key.
D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to check for the key age
Define an EventBridge (CloudWatch Events) rule to run an AWS Batch job to remove the key
C
A monolithic application was recently migrated to AWS and is now running on a single Amazon
EC2 instance Due to application limitations it is not possible to use automatic scaling to scale
out the application. The chief technology officer (CTO) wants an automated solution to restore
the EC2 instance in the unlikely event the underlying hardware fails.
What would allow foe automatic recovery of the EC2 instance as quickly as possible?
A. Configure an Amazon CloudWatch alarm that triggers the recovery of the EC2 instance if it
becomes impaired.
B. Configure an Amazon CloudWatch alarm to trigger an SNS message that alerts the CTO
when the EC2 instance is impaired.
C. Configure AWS CloudTrail to monitor the health of the EC2 instance, and if it becomes
impaired trigger instance recovery.
D. Configure an Amazon EventBridge event to trigger an AWS Lambda function once an hour
that checks the health of the EC2 instance and triggers instance recovery if the EC2 instance is
unhealthy.
A
A media company is evaluating the possibility of moving rts systems to the AWS Cloud The
company needs at least 10 TB of storage with the maximum possible I/O performance for video
processing. 300 TB of very durable storage for storing media content, and 900 TB of storage to
meet requirements for archival media that is not in use anymore.
Which set of services should a solutions architect recommend to meet these requirements?
A. Amazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon
S3 Glacier for archival storage.
B. Amazon EBS for maximum performance, Amazon EFS for durable data storage and Amazon
S3 Glacier for archival storage.
C. Amazon EC2 instance store for maximum performance. Amazon EFS for durable data
storage and Amazon S3 for archival storage.
D. Amazon EC2 Instance store for maximum performance. Amazon S3 for durable data
storage, and Amazon S3 Glacier for archival storage.
A
A company hosts more than 300 global websites and applications. The company requires a
platform to analyze more than 30 TB of clickstream data each day.
What should a solutions architect do to transmit and process the clickstream data?
A. Design an AWS Data Pipeline to archive the data to an Amazon S3 bucket and run an
Amazon EMR duster with the data to generate analytics.
B. Create an Auto Scaling group of Amazon EC2 instances to process the data and send it to
an Amazon S3 data lake for Amazon Redshift to use tor analysis.
C. Cache the data to Amazon CloudFron: Store the data in an Amazon S3 bucket When an
object is added to the S3 bucket, run an AWS Lambda function to process the data tor analysis.
D. Collect the data from Amazon Kinesis Data Streams. Use Amazon Kinesis Data Firehose to
transmit the data to an Amazon S3 data lake Load the data in Amazon Redshift for analysis.
D
A company needs to retain its AWS CloudTrail logs (or 3 years. The company is enforcing
CloudTrail across a set of AWS accounts by using AWS Organizations from the parent account.
The CloudTrail target S3 bucket is configured with S3 Versioning enabled An S3 Lifecycle policy
is in place to delete current objects after 3 years.
After the fourth year of use of the S3 bucket, the S3 bucket metrics show that the number of
objects has continued to rise. However, the number of new CloudTrail logs that are delivered to
the S3 bucket has remained consistent.
Which solution will delete objects that are older than 3 years in the MOST cost-effective
manner?
A. Configure the organization’s centralized CloudTrail trail to expire objects after 3 years.
B. Configure the S3 Lifecycle policy to delete previous versions as well as current versions.
C. Create an AWS Lambda function to enumerate and delete objects from Amazon S3 that are
older than 3 years.
D. Configure the parent account as the owner of all objects that are delivered to the S3 bucket.
B
A solutions architect plans to convert a company’s monolithic web application into a multi- tier
application The company wants to avoid managing its own Infrastructure The minimum
requirements for the web application are high availability, scalability, and regional low latency
during peak hours The solution should also store and retrieve data with millisecond latency
using the application’s API.
Which solution meets these requirements?
A. Use AWS Fargate to host the web application with backend Amazon RDS Multi-AZ DB
instances.
B. Use Amazon API Gateway with an edge-optimized API endpoint. AWS Lambda for compute,
and Amazon DynamoDB as the data store.
C. Use an Amazon Route 53 routing policy with geolocation that points to an Amazon S3 bucket
with static website hosting and Amazon DynamoDB as the data store.
D. Use an Amazon CloudFront distribution that points to an Elastic Load Balancer with an
Amazon EC2 Auto Scaling group, along with Amazon RDS Multi-AZ DB instances.
B
A company runs a three-tier web application in a VPC across multiple Availability Zones
Amazon EC2 instances run in an Auto Scaling group tor the application tier.
The company needs to make an automated scaling plan that will analyze each resource’s daily
and weekly historical workload trends The configuration must scale resources appropriately
according to both the forecast and live changes in utilization.
Which scaling strategy should a solutions architect recommend to meet these requirements?
A. Implement dynamic scaling with step scaling based on average CPU utilization from the EC2
instances.
B. Enable predictive scaling to forecast and scale Configure dynamic scaling with target
tracking.
C. Create an automated scheduled scaling action based on the traffic patterns of the web
application.
D. Set up a simple scaling policy Increase the cool down period based on the EC2 instance start
up time.
B
A company wants to enforce strict security guidelines on accessing AWS Cloud resources as
the company migrates production workloads from its data centers. Company management
wants all users to receive permissions according to their job roles and functions.
Which solution meets these requirements with the LEAST operational overhead?
A. Create an AWS Single Sign-On deployment. Connect to the on-premises Active Directory to
centrally manage users and permissions across the company.
B. Create an IAM role for each job function. Require each employee to call the stsiAssumeRole
action in the AWS Management Console to perform their job role.
C. Create individual IAM user accounts for each employee Create an IAM policy for each job
function, and attach the policy to all IAM users based on their job role.
D. Create individual IAM user accounts for each employee. Create IAM policies for each job
function. Create IAM groups, and attach associated policies to each group. Assign the IAM
users to a group based on their Job role.
D
A company maintains about 300 TB in Amazon S3 Standard storage month after month The S3
objects are each typically around 50 GB in size and are frequently replaced with multipart
uploads by their global application The number and size of S3 objects remain constant but the
company’s S3 storage costs are increasing each month.
How should a solutions architect reduce costs in this situation?
A. Switch from multipart uploads to Amazon S3 Transfer Acceleration.
B. Enable an S3 Lifecycle policy that deletes incomplete multipart uploads.
C. Configure S3 inventory to prevent objects from being archived too quickly.
D. Configure Amazon CloudFront to reduce the number of objects stored in Amazon S3
B
A company’s application is running on Amazon EC2 instances within an Auto Scaling group
behind an Elastic Load Balancer Based on the application’s history the company anticipates a
spike in traffic during a holiday each year A solutions architect must design a strategy to ensure
that the Auto Scaling group proactively increases capacity to minimize any performance impact
on application users.
Which solution will meet these requirements’?
A. Create an Amazon CloudWatch alarm to scale up the EC2 instances when CPU utilization
exceeds 90%
B. Create a recurring scheduled action to scale up the Auto Scaling group before the expected
period of peak demand.
C. Increase the minimum and maximum number of EC2 instances in the Auto Scaling group
during the peak demand period.
D. Configure an Amazon Simple Notification Service (Amazon SNS) notification to send alerts
when there are autoscaling EC2_INSTANCE_LAUNCH events
B
A company is deploying an application that processes streaming data in near-teal time. The
company plans to use Amazon EC2 instances for the workload The network architecture must
be configurable to provide the lowest possible latency between nodes.
Which networking solution meets these requirements?
A. Place the EC2 instances in multiple VPCs and configure VPC peering
B. Attach an Elastic Fabric Adapter (EFA) to each EC2 instance.
C. Run the EC2 instances m a spread placement group.
D. Use Amazon Elastic Block Store (Amazon EBS) optimized instance types.
B
A company’s website is used to sell products to the public The site runs on Amazon EC2
instances in an Auto Scaling group behind an Application Load Balancer (ALB) There is also an
Amazon CloudFront distribution and AWS WAF Is being used to protect against SQL injection
attacks The ALB is the origin for the CloudFront distribution A recent review of security logs
revealed an external malicious IP that needs to be blocked from accessing the website.
What should a solutions architect do to protect the application?
A. Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP
address.
B. Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP
address.
C. Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny
the malicious IP address.
D. Modify the security groups for the EC2 instances in the target groups behind the ALB to deny
the malicious IP address
B
An application uses an Amazon RDS MySQL DB instance The RDS database is becoming low
on disk space A solutions architect wants to increase the disk space without downtime Which
solution meets these requirements with the LEAST amount of effort?
A. Enable storage autoscaling in RDS
B. Increase the RDS database instance size.
C. Change the RDS database instance storage type to Provisioned lOPS
D. Back up the RDS database increase the storage capacity restore the database and stop the
previous instance.
A
A solutions architect is creating an application that will handle batch processing of large
amounts of data The input data will be held in Amazon S3 and the output data will be stored in a
different S3 bucket For processing, the application will transfer the data over the network
between multiple Amazon EC2 instances.
What should the solutions architect do to reduce the overall data transfer costs?
A. Place ail the EC2 instances in an Auto Scaling group.
B. Place all the EC2 instances in the same AWS Region.
C. Place ail the EC2 instances in the same Availability Zone.
D. Place all the EC2 Instances in private subnets in multiple Availability Zones.
C
A law firm needs to share information with the public. The information includes hundreds of files
that must be publicly readable. Modifications or deletions of the files by anyone before a
designated future date are prohibited.
Which solution will meet these requirements in the MOST secure way?
A. Upload all tiles to an Amazon S3 bucket that is configured for static website hosting. Grant
read-only IAM permissions to any AWS principals that access the S3 bucket until the
designated date.
B. Create a new Amazon S3 bucket with S3 Versioning enabled. Use S3 Object Lock with a
retention period in accordance with the designated dale. Configure the S3 bucket for static
website hosting Set an S3 bucket policy to allow read-only access to the objects.
C. Create a new Amazon S3 bucket with S3 Versioning enabled Configure an event trigger to run an AWS Lambda function in case of object modification or deletion Configure the Lambda function to replace the objects with the original versions from a private S3 bucket.
D. Upload all files to an Amazon S3 bucket that is configured for static website hosing. Select
the folder that contains the files. Use S3 Object Lock with a retention period m accordance with
the designated date Grant read-only IAM permissions to any AWS principals that access the S3
bucket
B
A company uses a combination of Amazon EC2 instances and AWS Fargate tasks to process
daily transactions. The company faces unpredictable and sudden increases in transaction
volume. The company needs a solution that will process the transactions immediately.
Which solution meets these requirement MOST cost-effectively?
A. Purchase a Compute Savings Plan.
B. Purchase an EC2 Instance Savings Plan.
C. Purchase Reserved Instances tor existing EC2 workloads.
D. Use Spot Instances for existing EC2 workloads.
E. Use Far gale Spot capacity for the tasks
B
A company has a mutt-tier application deployed on several Amazon EC2 instances m an Auto
Scaling group. An Amazon RDS for Oracle instance is the application’s data layer that uses
Oracle-specific.
PL/’SQL functions. Traffic to the application has been steadily Increasing. This is causing the
EC2 instances to become overloaded and the RDS instance to run out of storage. The Auto
Scaling group does not have any scaling metrics and defines the minimum healthy instance count only. The company predicts that traffic will continue to increase at a steady but
unpredictable rate before levelling off.
What should a solutions architect do to ensure the system can automatically scale for the
increased traffic? (Select TWO.)
A. Configure storage Auto Scaling on the RDS for Oracle Instance.
B. Migrate the database to Amazon Aurora to use Auto Scaling storage.
C. Configure an alarm on the RDS for Oracle Instance for low free storage space.
D. Configure the Auto Scaling group to use the average CPU as the scaling metric.
E. Configure the Auto Scaling group to use the average free memory as the seeing metric.
A, C
A solution architect is designing he architect of a new application being deployed to the AWS
Cloud. The application will run on Amazon EC2 On-Demand instances and will automatically
scale across multiple Availability Zones. The EC2 instances will scale up and down frequently
the day. An Application load balancer (ALB) will handle the load distribution. The architecture
needs to support distributed session data management. The company is willing to make
charges to code if needed.
What should the solutions architect do to ensure that the architecture supports distributed
session data management?
A. Use Amazon ElastiCache to manage and store session data.
B. Use session affinity (sticky sessions) of the ALB to manage session data.
C. Use Session Manager from AWS Systems Manager to manage the session.
D. Use the GetSessionToken API operation in AWS Security Token Service (AWS STS) to
manage the session
A
A company wants to use an AWS Region as a disaster recovery location for its on- premises
infrastructure. The company has 10 TB of existing data and the on-premises data center has a
1Gbps internet connection A solution architect must find a solution so the company can have its
existing data on AWS in 72 hours without transmitting it using an unencrypted channel.
Which solution should the solutions architect select.
A. Send the initial 10 TB of data to AWS using FTP.
B. Send the initial 10 TB of data lo AWS using AWS Snowball.
C. Establish a VPN connection between Amazon VPC and the company’s data center.
D. Establish an AWS Direct Connect connection between Amazon VPC and the company’s data
canter.
C
A company used an AWS Direct Connect connection to copy 1 PB of data from a colocation
facility to an Amazon S3 bucket in the us-east-1 Region. The company now wants to copy the
data to another S3 bucket in the us-weet-2 Region.
Which solution will meet this requirement?
A. Use an AWS Snowball Edge Storage Optimized device to copy the data from the colocation
facility to ua-weet-2
B. Use the S3 console to copy the data horn the source S3 bucket to the target S3 bucket.
C. Use S3 Transfer Acceleration and the S3 copy-object command to copy the data from the
source S3 bucket to the target S3 bucket.
D. Add an S3 Cross-Region Replication configuration to copy the data from the source S3
bucket to the target S3 bucket.
D
A company is hosting a web application from an Amazon S3 bucket. The application uses
Amazon Cognito as an identity provider lo authenticate users and return a JSON Web Token
(JWT) that provides access to protected resources that am restored in another S3 bucket.
Upon deployment of the application, users report errors and are unable to access the protected
content. A solutions architect must resolve this issue by providing proper permissions so that
users can access the protected content.
Which solution meets these requirements?
A. Update the Amazon Cognito identity pool to assume the proper IAM role for access to the
protected consent.
B. Update the S3 ACL to allow the application to access the protected content.
C. Redeploy the application to Amazon 33 to prevent eventually consistent reads m the S3
bucket from affecting the ability of users to access the protected content.
D. Update the Amazon Cognito pool to use custom attribute mappings within tie Identity pool
and grant users the proper permissions to access the protected content.
B
A company provides an API to its users trial automates inquires for tax computations based on
item prices. The company experiences a larger number of inquiries during the holiday season
only that cause slower response times. A solutions architect needs to design a solution that is
scalable and elastic.
What should the solution architect do lo accompli this?
A. Provide an API hosted on an Amazon EC2 Instance. The EC2 instance performs the required
computations when the API request is made.
B. Design a REST API using Amazon API Gateway mat accepts the item names API Gateway
passes item names to AWS Lambda for tax computations.
C. Create an Application Load Balancer mat has two Amazon EC2 instances behind it. The EC2
instances will compute the tax on the received Hem names.
D. Design a REST API using Amazon API Gateway that connects with an API hosted on an
Amazon EC2 instance. API Gateway accepts and passes the item names to the EC2 instance
for tax computations.
B
A company has a web application for travel ticketing. The application is based on a database
that runs in a single data center in North America. The company wants to expand the
application to serve a global user base The company needs to deploy the application to multiple
AWS Regions Average latency must be less than 1 second on updates to the reservation
database.
The company wants to have separate deployments of its web platform across multiple Regions.
However, the company must maintain a single primary reservation database that is globally
consistent.
Which solution should a solutions architect recommend to meet these requirements?
A. Convert the application to use Amazon DynamoDB Use a global table for the center
reservation table Use the correct Regional endpoint in each Regional deployment.
B. Migrate the database to an Amazon Aurora MySQL database Deploy Aurora Read Replicas
in each Region Use the correct Regional endpoint in each Regional deployment for access to
the database.
C. Migrate the database to an Amazon RDS for MySQL database Deploy MySQL read replicas
in each Region Use the correct Regional endpoint in each Regional deployment for access to
the database.
D. Migrate the application to an Amazon Aurora Serverless database Deploy instances of the
database to each Region. Use the correct Regional endpoint in each Regional deployment to
access the database Use AWS Lambda functions to process event streams in each Region to
synchronize the databases.
B
An entertainment company is using Amazon DynamoDB to store media metadata. The
application Is read intensive and experience delays The company does not have staff to handle additional operational overhead and needs to Improve the performance efficiency of DynamoDB
without reconfiguring the application.
What should a solutions architect recommend to meet this requirement?
A. Use Amazon ElastiCache for Redis.
B. Use Amazon DynamoDB Accelerator (DAX).
C. Replicate data by using DynamoDB global tables.
D. Use Amazon ElasoCache for Merncached with Auto Discovery enabled
B
A company has an AWS Lambda function that needs read access to an Amazon S3 bucket that
is located in the same AWS account. Which solution will meet these requirement in the MOST
secure manner?
A. Apply an S3 bucket pokey that grants road access to the S3 bucket.
B. Apply an IAM role to the Lambda function Apply an IAM policy to the role to grant read
access to the S3 bucket.
C. Embed an access key and a secret key In the Lambda function’s coda to grant the required
IAM permissions for read access to the S3 bucket.
D. Apply an IAM role to the Lambda function. Apply an IAM policy to the role to grant read
access to all S3 buckets In the account
B
A customer is running an application on Amazon EC2 instances hosted in a private subnet of a
VPC. The EC2 instances are configured in an Auto Scaling group behind an Elastic Load
Balancer (ELB). The EC2 instances use a NAT gateway outbound internet access However, the
EC2 instances are not able to connect to the public internet to download software updates.
A. The ELB is not configured with a proper health check.
B. The route tables in the VPC are configured incorrectly.
C. The EC2 instances are not associated with an Elastic IP address.
D. The security group attached to the NAT gateway is configured incorrectly.
E. The outbound rules on the security group attachment to the EC2 instances are configured
incorrectly.
B, E
A company runs a fleet of web servers using an Amazon RDS for PostgreSQL DB instance
After a routine compliance check, the company sets a standard that requires a recovery pant
objective (RPO) of less than 1 second for all its production databases.
Which solution meets these requirement?
A. Enable a Multi-AZ deployment for the DB Instance.
B. Enable auto scaling for the OB instance m one Availability Zone.
C. Configure the 06 instance in one Availability Zone and create multiple read replicas in a
separate Availability Zone.
D. Configure the 06 instance m one Availability Zone, and configure AWS Database Migration
Service (AWS DMS) change data capture (CDC) lacks.
A
A company collects 10 GB of telemetry data dairy from various machines. The company stores
the data in an Amazon S3 bucket in a source data account.
The company has hired several consuming agencies to use this data for analysis. Each agency
needs read access to the data for its analysis. The company must share the data from tie
source data account by choosing a solution that maximizes security and operational efficiency.
Which solution will meet these requirements?
A. Configure S3 global tables to replicate data tor each agency.
B. Make the S3 bucket public for a limited time Inform only the agencies.
C. Configure cross-account access for the S3 bucket to the accounts that the agencies own.
D. Set up an IAM user for each analyst In the source data account Grant each user access to
the S3 bucket.
A
A company requires that all version of object in its Amazon S3 bucket be retained. Current
object versions will be frequently accessed during the first 30 days, after which they will be
rarely accessed and must be retrievable within 5 minutes. Previous object versions need to be
kept forever, will be rarely accessed, and can be retrieved within 1 week. All store solutions
must be highly available and highly durable.
What should a solutions architect recommend to meet these requirements in the MOST costs-
effective manner?
A. Create an S3 lifecycle policy tor the bucket that moves current object versions horn S3
Standard storage lo S3 Glacier after 30 days and moves previous object versions to S3 Glacier
after 1 day.
B. Create an S3 lifecycle policy for the bucket that moves current object versions from S3
Standard storage to S3 Glacier after 30 days and moves previous object versions to S3 Glacier
Deep Archive after 1 day.
C. Create an S3 lifecycle policy for the bucket that moves current object versions from S3
Standard storage to S3 standard-infrequent Access (S3 Standard-IA) after 30 days and moves
previous object versions to S3 Glacier Deep Archive after 1 day.
D. Create an S3 lifecycle policy for the bucket that moves current object versions from S3
Standard storage to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days and
moves previous object versions to S3 Glacier Deep Archive after 1 day.
B
A company wants to automate the security assessment of its Amazon EC2 instances The company needs to validate and demonstrate that it is meeting security and compliance
standards throughout the development process.
What should a solutions architect do to meet these requirements?
A. Use Amazon Macie to automatically discover, classify and protect the EC2 instances.
B. Use Amazon GuardDuty on the EC2 instances to publish Amazon Simple Notification Service
(Amazon SNS) notifications.
C. Use Amazon Inspector with Amazon CloudWatch to publish Amazon Simple Notification
Service (Amazon SNS) notifications.
D. Use Amazon EventBridge (Amazon CloudWatch Events) to detect and react to changes in
the status of AWS Trusted Advisor checks.
C
A company is using a fleet of Amazon EC2 instances to ingest data from on-premises data
sources. The data is in JSON format and Ingestion rates can be as high as 1 MB/s. When an
EC2 instance is rebooted, the data in-flight is lost. The company’s data science team wants to
query Ingested data In near-real time.
Which solution provides near-real -time data querying that is scalable with minimal data loss?
A. Publish data to Amazon Kinesis Data Streams Use Kinesis data Analytics to query the data.
B. Publish data to Amazon Kinesis Data Firehose with Amazon Redshift as the destination Use
Amazon Redshift to query the data.
C. Store ingested data m an EC2 Instance store Publish data to Amazon Kinesis Data Firehose
with Amazon S3 as the destination. Use Amazon Athena to query the data.
D. Store ingested data m an Amazon Elastic Block Store (Amazon EBS) volume Publish data to
Amazon ElastiCache tor Red Subscribe to the Redis channel to query the data.
B
A company runs an internet-facing web application on AWS. The company uses Amazon Route
53 for DNS management and has a public hosted zone lo route traffic from the internet to the
application. The company wants to tog DNS response codes to help system administrators
perform any root cause analysis in the future.
Which solution will meet these requirements?
A. Use Route 53 to configure query togging.
B. Use AWS CloudTrail lo record ail Route 53 queries.
C. Use Amazon CloudWatch to record and process Route 53 metrics.
D. Use AWS Trusted Advisor to perform on-demand root cause analysis.
A
A company is rebelling its data canter and wants to securely transfer 50 TB of data lo AWS
*ilhm 2 weeks. The existing data center has a Site-to-Site VPN connection to AWS that is 90 % utilized.
Which AWS service should a solutions architect use to meet these requirements?
A. AWS DataSync with a VPC endpoint.
B. AWS Direct Conned.
C. AWS Snowball Edge Storage Optimized.
D. AWS Storage Gateway.
C