AWS #101 to #200

#101 A Solutions Architect needs to use AWS to implement pilot light disaster recovery for a three-tier web application hosted in an on-premises datacenter. Which solution allows rapid provision of working, fully-scaled production environment? A. Continuously replicate the production database server to Amazon RDS. Use AWS CloudFormation to deploy the application and any additional servers if necessary. B. Continuously replicate the production database server to Amazon RDS. Create one application load balancer and register on-premises servers. Configure ELB Application Load Balancer to automatically deploy Amazon EC2 instances for application and additional servers if the on-premises application is down. C. Use a scheduled Lambda function to replicate the production database to AWS. Use Amazon Route 53 health checks to deploy the application automatically to Amazon S3 if production is unhealthy. D. Use a scheduled Lambda function to replicate the production database to AWS. Register on-premises servers to an Auto Scaling group and deploy the application and additional servers if production is unavailable.

A

#104 A Solutions Architect is creating a new relational database. The Compliance team will use the database, and mandates that data content must be stored across three different Availability Zones. Which of the following options should the Architect Use? A. Amazon Aurora B. Amazon RDS MySQL with Multi-AZ enabled C. Amazon DynamoDB D. Amazon ElastiCache

A

#106 An organization has a long-running image processing application that runs on Spot Instances that will be terminated when interrupted. A highly available workload must be designed to respond to Spot Instance interruption notices. The solution must include a two-minute warning when there is not enough capacity. How can these requirements be met? A. Use Amazon CloudWatch Events to invoke an AWS Lambda function that can launch On-Demand Instances. B. Regularly store data from the application on Amazon DynamoDB. Increase the maximum number of instances in the AWS Auto Scaling group. C. Manually place a bid for additional Spot Instances at a higher price in the same AWS Region and Availability Zone. D. Ensure that the Amazon Machine Image associated with the application has the latest configurations for the launch configuration.

A

#108 A company is designing a failover strategy in Amazon Route 53 for its resources between two AWS Regions. The company must have the ability to route a user's traffic to the region with least latency, and if both regions are healthy, Route 53 should route traffic to resources in both regions. Which strategy should the Solutions Architect recommend? A. Configure active-active failover using Route 53 latency DNS records. B. Configure active-passive failover using Route 53 latency DNS records. C. Configure active-active failover using Route 53 failover DNS records. D. Configure active-passive failover using Route 53 failover DNS records.

A

#109 A company is developing several critical long-running applications hosted on Docker. How should a Solutions Architect design a solution to meet the scalability and orchestration requirements on AWS? A. Use Amazon ECS and Service Auto Scaling. B. Use Spot Instances for orchestration and for scaling containers on existing Amazon EC2 instances. C. Use AWS OpsWorks to launch containers in new Amazon EC2 instances. D. Use Auto Scaling groups to launch containers on existing Amazon EC2 instances.

A

#110 A Solutions Architect is developing a new web application on AWS. The Architect expects the application to become very popular, so the application must scale to support the load. The Architect wants to focus on software development and deploying new features without provisioning or managing instances. What solution is appropriate? A. Amazon API Gateway and AWS Lambda B. Elastic Load Balancing with Auto Scaling groups and Amazon EC2 C. Amazon API Gateway and Amazon EC2 D. Amazon CloudFront and AWS Lambda

A

#112 An organization designs a mobile application for their customers to upload photos to a site. The application needs a secure login with MFA. The organization wants to limit the initial build time and maintenance of the solution. Which solution should a Solutions Architect recommend to meet the requirements? A. Use Amazon Cognito Identity with SMS-based MFA. B. Edit AWS IAM policies to require MFA for all users. C. Federate IAM against corporate AD that requires MFA. D. Use Amazon API Gateway and require SSE for photos.

A

#114 A company hosts a website on premises. The website has a mix of static and dynamic content, but users experience latency when loading static files. Which AWS service can help reduce latency? A. Amazon CloudFront with on-premises servers as the origin B. ELB Application Load Balancer C. Amazon Route 53 latency-based routing D. Amazon EFS to store and server static files

A

#117 A retail company has sensors placed in its physical retail stores. The sensors send messages over HTTP when customers interact with in-store product displays. A Solutions Architect needs to implement a system for processing those sensor messages; the results must be available for the Data Analysis team. Which architecture should be used to meet these requirements? A. Implement an Amazon API Gateway to server as the HTTP endpoint. Have the API Gateway trigger an AWS Lambda function to process the messages, and save the results to an Amazon DynamoDB table. B. Create an Amazon EC2 instance to server as the HTTP endpoint and to process the messages. Save the results to Amazon S3 for the Data Analysis team to download. C. Use Amazon Route 53 to direct incoming sensor messages to a Lambda function to process the message and save the results to a Amazon DynamoDB table. D. Use AWS Direct Connect to connect sensors to DynamoDB so that data can be written directly to a DynamoDB table where it can be accessed by the Data Analysis team.

A

#118 A client is migrating a legacy web application to the AWS Cloud. The current system uses an Oracle database as a relational database management system solution. Backups occur every night, and the data is stored on-premises. The Solutions Architect must automate the backups and identity a storage solution while keeping costs low. Which AWS service will meet these requirements? A. Amazon RDS B. Amazon RedShift C. Amazon DynamoDB Accelerator D. Amazon ElastiCache

A

#122 After reviewing their logs, a startup company noticed large, random spikes in traffic to their web application. The company wants to configure a cost-efficient Auto Scaling solution to support high availability of the web application. Which scaling plan should a Solutions Architect recommend to meet the company's needs? A. Dynamic B. Scheduled C. Manual D. Lifecycle

A

#128 A Solutions Architect is designing an application on AWS that will connect to the on-premise data center through a VPN connection. The solution must be able to log network traffic over the VPN. Which service logs this network traffic? A. AWS CloudTrail logs B. Amazon VPC flow logs C. Amazon S3 bucket logs D. Amazon CloudWatch Logs

A

#129 A company wants to durably store data in 8 KB chunks. The company will access the data once every few months. However, when the company does access the data, it must be done with as little latency as possible. Which AWS service should a Solutions Architect recommend if cost is NOT a factor? A. Amazon DynamoDB B. Amazon EBS Throughput Optimized HDD Volumes C. Amazon EBS Cold HDD Volumes D. Amazon ElastiCache

A

#135 Which tool analyzes account resources and provides a detailed inventory of changes over time? A. AWS Config B. AWS CloudFormation C. Amazon CloudWatch D. AWS Service Catalog

A

#148 An organization runs an online voting system for a television program. During broadcasts, hundreds of thousands of votes are submitted within minutes and sent to a front-end fleet of auto-scaled Amazon EC2 instances. The EC2 instances push the votes to an RDBMS database. The database is unable to keep up with the front-end connection requests. What is the MOST efficient and cost-effective way of ensuring that votes are processed in a timely manner? A. Each front-end node should send votes to an Amazon SQS queue. Provision worker instances to read the SQS queue and process the message information into RDBMS database. B. As the load on the database increases, horizontally-scale the RDBMS database with additional memory-optimized instances. When voting has ended, scale down the additional instances. C. Re-provision the RDBMS database with larger, memory-optimized instances. When voting ends, re-provision the back-end database with smaller instances. D. Send votes from each front-end node to Amazon DynamoDB. Provision worker instances to process the votes in DynamoDB into the RDBMS database.

A

#152 A business team requires a structured storage solution to store all of a company's historical sales data. Currently there are 4 TB of data, which will grow to hundreds of terabytes within a few years. The team must be able to regularly run queries against the data using current business intelligence tools. Fast performance is required despite the dataset growth. Which solution should the company use? A. Amazon Redshift B. Amazon Aurora C. Amazon DynamoDB D. Amazon S3

A

#158 An application is running on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. Four instances are required to handle a predictable traffic load. The Solutions Architect wants to ensure that the operation is fault-tolerant up to the loss of one Availability Zone. Which is the MOST cost-efficient way to meet these requirements? A. Deploy two instances in each of three Availability Zones. B. Deploy two instances in each of two Availability Zones. C. Deploy four instances in each of two Availability Zones. D. Deploy one instance in each of three Availability Zones.

A

#162 One company wants to share the contents of their Amazon S3 bucket with another company. Security requirements mandate that only the other company's AWS accounts have access to the contents of the Amazon S3 bucket. Which Amazon S3 feature will allow secure access to the Amazon S3 bucket? A. Bucket policy B. Object tagging C. CORS configuration D. Lifecycle policy

A

#178 A company is building a critical ingestion service on AWS that will receive 1,000 incoming events per second. The events must be processed in order, and no events may be lost. Multiple applications will need to process each event. The company will expose the service as RESTful calls through an API Gateway. What should a Solutions Architect use to receive the events based on these requirements? A. Amazon Kinesis Data Stream B. Amazon DynamoDB C. Amazon SQS D. Amazon SNS

A

#181 A company has an application that uses Amazon CloudFront for content that is hosted on an Amazon S3 bucket. After an unexpected refresh, the users are still seeing old content. Which step should the Solutions Architect take to ensure that new content is displayed? A. Perform a cache refresh on the CloudFront distribution that is serving the content. B. Perform an invalidation on the CloudFront distribution that is serving the content. C. Create a new cache behavior path with the updated content. D. Change the TTL value for removing the old objects.

A

#184 A web application is running on Amazon EC2 instances behind an Elastic Load Balancing Application Load Balancer (ALB). The EC2 instances should receive no traffic, except for web requests to the application. Based on these requirements, what security group rules should be put on the Amazon EC2 instances? A. An inbound rule allowing traffic from the security group attached to the ALB B. An inbound rule allowing traffic from the network ACLs attached to the ALB C. An outbound rule allowing traffic to the security group attached to the ALB D. An outbound rule blocking all traffic to the Internet

A

#195 A team is launching a marketing campaign and the peak database read activity in Amazon Aurora for MySQL is expected to increase. A Solutions Architect decides to add two Read Replicas to the cluster. How should the Solutions Architect ensure that the connections for read activities are load balanced? A. Reader endpoint for Amazon Aurora B. Cluster endpoint for Amazon Aurora C. Primary DB instance endpoint for Amazon Aurora D. Replica DB instances endpoint for Aurora

A

#120 A company must collect temperature data from thousands of remote weather devices. The company must also store this data in a data warehouse to run aggregations and visualizations. Which services will meet these requirements? (Choose two.) A. Amazon Kinesis Data Firehouse B. Amazon SQS C. Amazon Redshift D. Amazon SNS E. Amazon DynamoDB

A, C

#160 A Solutions Architect is designing a web application that will be hosted on Amazon EC2 instances in a public subnet. The web application uses a MySQL database in a private subnet. The database should be accessible to database administrators. Which of the following options should the Architect recommend? (Choose two.) A. Create a bastion host in a public subnet, and use the bastion host to connect to the database. B. Log in to the web servers in the public subnet to connect to the database. C. Perform DB maintenance after using SSH to connect to the NAT Gateway in a public subnet. D. Create an IPSec VPN tunnel between the customer site and the VPC, and use the VPN tunnel to connect to the database. E. Attach an Elastic IP address to the database.

A, D

#198 A Solution Architect is designing a two-tier application for maximum security, with a web tier running on EC2 instances and the data stored in an RDS DB instance. The web tier should accept user access only through HTTPS connections (port 443) from the Internet, and the data must be encrypted in transit to and from the database. What combination of steps will MOST securely meet the stated requirements? (Choose two.) A. Create a security group for the web tier instances that allows inbound traffic only over port 443. B. Enforce Transparent Data Encryption (TDE) on the RDS database. C. Create a network ACL that allows inbound traffic only over port 443. D. Configure the web servers to communicate with RDS by using SSL, and issue certificates to the web tier EC2 instances. E. Create a customer master key in AWS KMS and apply it to encrypt the RDS instance.

A, D

#182 A company expects its user base to increase five times over one year. Its application is hosted in one region and uses an Amazon RDS MySQL database, an ELB Application Load Balancer, and Amazon ECS to host the website and its microservices. Which design changes should a Solutions Architect recommend to support the expected growth? (Choose two.) A. Move static files from ECS to Amazon S3 B. Use an Amazon Route 53 geolocation routing policy C. Scale the environment based on real-time AWS CloudTrail logs D. Create a dedicated Elastic Load Balancer for each microservice E. Create RDS read replicas and change the application to use these replicas

A, E

#102 A Solutions Architect notices slower response times from an application. The CloudWatch metrics on the MySQL RDS indicate Read IOPS are high and fluctuate significantly when the database is under load. How should the database environment be re-designed to resolve the IOPS fluctuation? A. Change the RDS instance type to get more RAM. B. Change the storage type to Provisioned IOPS. C. Scale the web server tier horizontally. D. Split the DB layer into separate RDS instances.

B

#103 A Solutions Architect is designing a solution that can monitor memory and disk space utilization of all Amazon EC2 instances running Amazon Linux and Windows. Which solution meets this requirement? A. Default Amazon CloudWatch metrics. B. Custom Amazon CloudWatch metrics. C. Amazon Inspector resource monitoring. D. Default monitoring of Amazon EC2 instances.

B

#107 A company has an Amazon RDS-managed online transaction processing system that has very heavy read and write. The Solutions Architect notices throughput issues with the system. How can the responsiveness of the primary database be improved? A. Use asynchronous replication for standby to maximize throughput during peak demand. B. Offload SELECT queries that can tolerate stale data to READ replica. C. Offload SELECT and UPDATE queries to READ replica. D. Offload SELECT query that needs the most current data to READ replica.

B

#111 A Solutions Architect is deploying a new production MySQL database on AWS. It is critical that the database is highly available. What should the Architect do to achieve this goal with Amazon RDS? A. Create a read replica of the primary database and deploy it in a different AWS Region. B. Enable multi-AZ to create a standby database in a different Availability Zone. C. Enable multi-AZ to create a standby database in a different AWS Region. D. Create a read replica of the primary database and deploy it in a different Availability Zone.

B

#113 A Solutions Architect is designing a solution to monitor weather changes by the minute. The frontend application is hosted on Amazon EC2 instances. The backend must be scalable to a virtually unlimited size, and data retrieval must occur with minimal latency. Which AWS service should the Architect use to store the data and achieve these requirements? A. Amazon S3 B. Amazon DynamoDB C. Amazon RDS D. Amazon EBS

B

#116 A media company has deployed a multi-tier architecture on AWS. Web servers are deployed in two Availability Zones using an Auto Scaling group with a default Auto Scaling termination policy. The web servers' Auto Scaling group currently has 15 instances running. Which instance will be terminated first during a scale-in operation? A. The instance with the oldest launch configuration. B. The instance in the Availability Zone that has most instances. C. The instance closest to the next billing hour. D. The oldest instance in the group.

B

#119 A company has an Amazon RDS database backing its production website. The Sales team needs to run queries against the database to track training program effectiveness. Queries against the production database cannot impact performance, and the solution must be easy to maintain. How can these requirements be met? A. Use an Amazon Redshift database. Copy the product database into Redshift and allow the team to query it. B. Use an Amazon RDS read replica of the production database and allow the team to query against it. C. Use multiple Amazon EC2 instances running replicas of the production database, placed behind a load balancer. D. Use an Amazon DynamoDB table to store a copy of the data.

B

#124 An online company wants to conduct real-time sentiment analysis about its products from its social media channels using SQL. Which of the following solutions has the LOWEST cost and operational burden? A. Set up a streaming data ingestion application on Amazon EC2 and connect it to a Hadoop cluster for data processing. Send the output to Amazon S3 and use Amazon Athena to analyze the data. B. Configure the input stream using Amazon Kinesis Data Streams. Use Amazon Kinesis Data Analytics to write SQL queries against the stream. C. Configure the input stream using Amazon Kinesis Data Streams. Use Amazon Kinesis Data Firehose to send data to an Amazon Redshift cluster, and then query directly against Amazon Redshift D. Set up streaming data ingestion application on Amazon EC2 and send the output to Amazon S3 using Kinesis Data Firehose. Use Athena to analyze the data.

B

#125 An organization must process a stream of large-volume hashtag data in real time and needs to run custom SQL queries on the data to get insights on certain tags. The organization needs this solution to be elastic and does not want to manage clusters. Which of the following AWS services meets these requirements? A. Amazon Elasticsearch Service B. Amazon Athena C. Amazon Redshift D. Amazon Kinesis Data Analytics

B

#144 A Solutions Architect is designing a solution for a dynamic website, "example.com," that is deployed in two regions: Tokyo, Japan and Sydney, Australia. The Architect wants to ensure that users located in Australia are directed to the website deployed in the Sydney region and users located in Japan are redirected to the website in the Tokyo region when they browse to "example.com". Which service should the Architect use to achieve this goal with the LEAST administrative effort? A. Amazon CloudFront with geolocation routing B. Amazon Route 53 C. Application Load Balancer D. Network Load Balancer deployed across multiple regions

B

#146 A company has instances in private subnets that require outbound access to the internet. This requires: A. Assigning a public IP address to the instance. B. Updating the route table associated with the subnet to point internet traffic through a NAT gateway. C. Updating the security group associated with the subnet to allow ingress on 0.0.0.0/0. D. Routing traffic from the instance through a VPC endpoint that has internet access.

B

#151 A customer owns a MySQL database that is accessed by various clients who expect, at most, 100 ms latency on requests. Once a record is stored in the database, it rarely changed. Clients only access one record at a time. Database access has been increasing exponentially due to increased client demand. The resultant load will soon exceed the capacity of the most expensive hardware available for purchase. The customer wants to migrate to AWS, and is willing to change database systems. Which service would alleviate the database load issue and offer virtually unlimited scalability for the future? A. Amazon RDS B. Amazon DynamoDB C. Amazon Redshift D. AWS Data Pipeline

B

#155 A Solutions Architect needs to design a centralized logging solution for a group of web applications running on Amazon EC2 instances. The solution requires minimal development effort due to budget constraints. Which of the following should the Architect recommend? A. Create a crontab job script in each instance to push the logs regularly to Amazon S3. B. Install and configure Amazon CloudWatch Logs agent in the Amazon EC2 instances. C. Enable Amazon CloudWatch Events in the AWS Management Console. D. Enable AWS CloudTrail to map all API calls invoked by the applications.

B

#157 A company is looking for a fully-managed solution to store its players' state information for a rapidly growing game. The application runs on multiple Amazon EC2 nodes, which can scale according to the incoming traffic. The request can be routed to any of the nodes, therefore, the state information must be stored in a centralized database. The players' state information needs to be read with strong consistency and needs conditional updates for any changes. Which service would be MOST cost-effective, and scale seamlessly? A. Amazon S3 B. Amazon DynamoDB C. Amazon RDS D. Amazon Redshift

B

#164 A company plans to use an Amazon VPC to deploy a web application consisting of an elastic load balancer, a fleet of web and application servers, and an Amazon RDS MySQL database that should not be accessible from the Internet. The proposed design must be highly available and distributed over two Availability Zones. What would be the MOST appropriate VPC design for this specific use case? A. Two public subnets for the elastic load balancer, two public subnets for the web servers, and two public subnets for Amazon RDS. B. One public subnet for the elastic load balancer, two private subnets for the web servers, and two private subnets for Amazon RDS. C. One public subnet for the elastic load balancer, one public subnet for the web servers, and one private subnet for the database. D. Two public subnets for the elastic load balancer, two private subnets for the web servers, and two private subnets for RDS.

B

#166 A Solutions Architect is developing a new web application on AWS. The services must scale to support an increasing load. The Architect wants to focus on software development and deploying new features rather than provisioning or managing servers. Which AWS service is appropriate? A. Auto Scaling B. Elastic Beanstalk C. EC2 Container Service D. CloudFormation

B

#172 A company needs to capture all client connection information from its Application Load Balancer every five minutes. This data will be used to analyze traffic patterns and troubleshoot the application. How can a Solutions Architect meet this requirement? A. Enable AWS CloudTrail for the Application Load Balancer. B. Enable Access Logs on the Application Load Balancer. C. Install CloudWatch Agent on the Application Load Balancer. D. Enable CloudWatch metrics on the Application Load Balancer.

B

#174 A Solutions Architect is designing a web application for document sharing. The users will upload documents that are then made available to other users. There will be tens of thousands of these documents. What is the MOST cost-effective storage solution? A. Amazon EFS B. Amazon S3 C. Amazon Glacier D. Amazon EBS

B

#190 A company has a website running on Amazon EC2. The application DNS name points to an Elastic IP address associated with the EC2 instance. In the event of an attack on the website coming from a specific IP address, the company wants a way to block the offending IP address. Which tool or service should a Solutions Architect recommend to block the IP address? A. Security groups B. Network ACL C. AWS WAF D. AWS Shield

B

#194 A company has an application that accesses a MySQL database installed on a single EC2 instance. The instance recently experienced a fault and brought down the entire application for several hours. The company wants to address the issue but is concerned about spending too much time modifying application code or managing the legacy application. What should the Solutions Architect recommend to remove this single point of failure with the FEWEST changes to the application code and the LEAST amount of administrative effort? A. Implement a caching layer by using Amazon ElastiCache to store query results of frequently accessed information. B. Deploy a second EC2 instance with MySQL installed, and configure replication between this instance and the existing MySQL instance. C. Migrate the database to an RDS MySQL Multi-AZ DB instance, and point the application servers to the new RDS instance. D. Create a DynamoDB table to use as a cache layer, and update the application to query data from Amazon DynamoDB before querying MySQL.

B

#197 A Solutions Architect is helping a customer migrate an application to AWS. The application is composed of a fleet of Linux servers that currently use a shared file system to read and write data. One of the goals of moving this application to AWS is to increase the reliability of the storage tier. What solution would increase reliability while minimizing the operational overhead of managing this infrastructure? A. Create an EBS volume and mount it to all the servers. B. Create an EFS file system and mount it to all the servers. C. Create an S3 bucket that can be accessed through an S3 VPC Endpoint. D. Create two EC2 instances in separate Availability Zones that act as file servers.

B

#200 A company has asked a Solutions Architect to ensure that data is protected during data transfer to and from Amazon S3. Use of which service will protect the data in transit? A. AWS KMS B. HTTPS C. SFTP D. FTPS

B

#123 To meet compliance standards, a company must have encrypted archival data storage. Data will be accessed infrequently, with lead times well in advance of when archived data must be recovered. The company requires that the storage be secure, durable, and provided at the lowest price per 1TB of data stored. What type of storage should be used? A. Amazon S3 B. Amazon EBS C. Amazon Glacier D. Amazon EFS

C

#131 An on-premises database is experiencing significant performance problems when running SQL queries. With 10 users, the lookups are performing as expected. As the number of users increases, the lookups take three times longer than expected to return values to an application. Which action should a Solutions Architect take to maintain performance as the user count increases? A. Use Amazon SQS. B. Deploy Multi-AZ RDS MySQL C. Configure Amazon RDS with additional read replicas. D. Migrate from MySQL to RDS Microsoft SQL Server.

C

#132 A team has an application that detects new objects being uploaded into an Amazon S3 bucket. The uploads trigger a Lambda function to write object metadata into an Amazon DynamoDB table and RDS PostgreSQL database. Which action should the team take to ensure high availability? A. Enable cross-region replication in the Amazon S3 bucket. B. Create a Lambda function for each Availability Zone the application is deployed in. C. Enable multi-AZ on the RDS PostgreSQL database. D. Create a DynamoDB stream for the DynamoDB table.

C

#134 A company wants to improve the performance of their web application after receiving customer complaints. An analysis concluded that the same complex database queries were causing increased latency. What should a Solutions Architect recommend to improve the application's performance? A. Migrate the database to MySQL. B. Use Amazon RedShift to analyze the queries. C. Integrate Amazon ElastiCache into the application. D. Use a Lambda-triggered request to the backend database.

C

#136 A Solutions Architect is designing a solution that will include a database in Amazon RDS. Corporate security policy mandates that the database, its logs, and its backups are all encrypted. Which is the MOST efficient option to fulfill the security policy using Amazon RDS? A. Launch an Amazon RDS instance with encryption enabled. Enable encryption for logs and backups. B. Launch an Amazon RDS instance. Enable encryption for database, logs and backups. C. Launch an Amazon RDS instance with encryption enabled. Logs and backups are automatically encrypted. D. Launch an Amazon RDS instance. Enable encryption for backups. Encrypt logs with a database-engine feature.

C

#137 A Solutions Architect is designing a public-facing web application for employees to upload images to their social media account. The application consists of multiple Amazon EC2 instances behind an elastic load balancer, an Amazon S3 bucket where uploaded images are stored, and an Amazon DynamoDB table for storing image metadata. Which AWS service can the Architect use to automate the process of updating metadata in the DynamoDB table upon image upload? A. Amazon CloudWatch B. AWS CloudFormation C. AWS Lambda D. Amazon SQS

C

#138 A company's policy requires that all data stored in Amazon S3 is encrypted. The company wants to use the option with the least overhead and does not want to manage any encryption keys. Which of the following options will meet the company's requirements? A. AWS CloudHSM B. AWS Trusted Advisor C. Server Side Encryption (SSE-S3) D. Server Side Encryption (SSE-KMS)

C

#140 An application runs on Amazon EC2 instances in an Auto Scaling group. When instances are terminated, the Systems Operations team cannot determine the route cause, because the logs reside on the terminated instances and are lost. How can the root cause be determined? A. Use ephemeral volumes to store the log files. B. Use a scheduled Amazon CloudWatch Event to take regular Amazon EBS snapshots. C. Use an Amazon CloudWatch agent to push the logs to Amazon CloudWatch Logs. D. Use AWS CloudTrail to pull the logs from the Amazon EC2 instances.

C

#142 Employees from several companies use an application once a year during a specific 30-day period. The periods are different for each company. Traffic to the application spikes during these 30-day periods. How can the application be designed to handle these traffic spikes? A. Use an Amazon Route 53 latency routing policy to route traffic to an Amazon EC2 instance with the least lag time. B. Use Amazon S3 to cache static elements of the website requests. C. Use an Auto Scaling group to scale the number of EC2 instances to match the site traffic. D. Use Amazon Cloud Front to serve static assets to decrease the load on the EC2 instances.

C

#143 A restaurant reservation application needs the ability to maintain a waiting list. When a customer tries to reserve a table, and none are available, the customer must be put on the waiting list, and the application must notify the customer when a table becomes free. What service should the Solutions Architect recommend to ensure that the system respects the order in which the customer requests are put onto the waiting list? A. Amazon SNS B. AWS Lambda with sequential dispatch C. A FIFO queue in Amazon SQS D. A standard queue in Amazon SQS

C

#147 An organization regularly backs up their application data. The application backups are required to be stored on Amazon S3 for a certain amount of time. The backups should be accessed instantly in the event of a disaster recovery. Which of the following Amazon S3 storage classes would be the MOST cost-effective option to meet the needs of this scenario? A. Glacier Storage Class B. Standard Storage Class C. Standard "" Infrequent Access (IA) D. Reduced Redundancy Class (RRS)

C

#149 An application publishes Amazon SNS messages in response to several events. An AWS Lambda function subscribes to these messages. Occasionally the function will fail while processing a message, so the original event message must be preserved for root cause analysis. What architecture will meet these requirements without changing the workflow? A. Subscribe an Amazon SQS queue to the Amazon SNS topic and trigger the Lambda function from the queue. B. Configure Lambda to write failures to an SQS Dead Letter Queue. C. Configure a Dead Letter Queue for the Amazon SNS topic. D. Configure the Amazon SNS topic to invoke the Lambda function synchronously.

C

#153 A prediction process requires access to a trained model that is stored in an Amazon S3 bucket. The process takes a few seconds to process an image and make a prediction. The process is not overly resource-intensive, does not require any specialized hardware, and takes less than 512 MB of memory to run. What would be the MOST effective compute solution for this use case? A. Amazon ECS B. Amazon EC2 Spot instances C. AWS Lambda functions D. AWS Elastic Beanstalk

C

#154 An application that runs on an Amazon EC2 instance must make secure calls to Amazon S3 buckets. Which steps can a Solutions Architect take to ensure that the calls are made without exposing credentials? A. Generate an access key ID and a secret key, and assign an IAM role with least privilege. B. Create an IAM policy granting access to all services and assign it to the Amazon EC2 instance profile. C. Create an IAM role granting least privilege and assign it to the Amazon EC2 instance profile. D. Generate temporary access keys to grant users temporary access to the Amazon EC2 instance.

C

#156 A company is using Amazon S3 as its local repository for weekly analysis reports. One of the company-wide requirements is to secure data at rest using encryption. The company chose Amazon S3 server-side encryption. The company wants to know how the object is decrypted when a GET request is issued. Which of the following answers this question? A. The user needs to place a PUT request to decrypt the object. B. The user needs to decrypt the object using a private key. C. Amazon S3 manages encryption and decryption automatically. D. Amazon S3 provides a server-side key for decrypting the object.

C

#165 A workload in an Amazon VPC consists of a single web server launched from a custom AMI. Session state is stored in a database. How should the Solutions Architect modify this workload to be both highly available and scalable? A. Create a launch configuration with a desired capacity of two web servers across multiple Availability Zones. Create an Auto Scaling group with the AMI ID of the web server image. Use Amazon Route 53 latency-based routing to balance traffic across the Auto Scaling group. B. Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly-created launch configuration, and a desired capacity of two web servers across multiple regions. Use an Application Load Balancer (ALB) to balance traffic across the Auto Scaling group. C. Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly-created launch configuration, and a desired capacity of two web servers across multiple Availability Zones. Use an ALB to balance traffic across the Auto Scaling group. D. Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly-created launch configuration, and a desired capacity of two web servers across multiple Availability Zones. Use Amazon Route 53 weighted routing to balance traffic across the Auto Scaling group.

C

#167 A company wants to migrate a three-tier web application to AWS. The company wants to control the placement of the instances and have visibility into underlying sockets and cores for licensing purposes. Which compute model should a Solutions Architect choose to accomplish this task? A. EC2 Reserved Instances B. EC2 Spot Instances C. EC2 Dedicated Hosts D. EC2 Placement Groups

C

#168 An application runs on multiple Amazon EC2 instances. Each running instance of the application must have access to a shared file system. Where should the data be stored? A. Amazon S3 B. Amazon DynamoDB C. Amazon EFS D. Amazon EBS

C

#169 A Solutions Architect is designing a microservice to process records from Amazon Kinesis Streams. The metadata must be stored in Amazon DynamoDB. The microservice must be capable of concurrently processing 10,000 records daily as they arrive in the Kinesis stream. The MOST scalable way to design the microservice is: A. As an AWS Lambda function. B. As a process on an Amazon EC2 instance. C. As a Docker container running on Amazon ECS. D. As a Docker container on an EC2 instance.

C

#170 A university is running an internal web application on AWS that students can access from the university network to check their exam results. The web application runs on Amazon EC2 instances and pulls results from an Amazon DynamoDB table. Auto Scaling is currently configured to add a new web server when CPU is greater than 80% for 5 minutes. DynamoDB is configured to increase both read and write capacity units by five when utilization is greater than 80%. Exam results are released at 9:00 a.m. each Monday, and 80% of students, attempt to access their unique result within the first 30 minutes. Despite Auto Scaling being enabled, students are complaining of slow response times and errors when they view the site. There are no performance complaints after 9:30 a.m. on Monday. Which recommendation should a Solutions Architect make to improve performance in a cost-effective manner? A. Scale out the EC2 instances to ensure that the environment scales up and down based on the highest load. B. Implement Amazon DynamoDB Accelerator to improve database performance and remove the need to scale the read/write units. C. Use a scheduled job to scale out EC2 before 9:00 a.m. on Monday and to scale down after 9:30 a.m. D. Use Amazon CloudFront to cache web request and reduce the load on EC2 and DynamoDB.

C

#171 As part of a migration strategy, a Solutions Architect needs to analyze workloads that can be optimized for performance and cost. The Solutions Architect has identified a stateless application that serves static content as a potential candidate to move to the cloud. The Solutions Architect has the flexibility to choose an identity solution between Facebook, Twitter, and Amazon. Which AWS solution offers flexibility and ease of use, and the LEAST operational overhead for this migration? A. Use AWS Identity and Access Management (IAM) for managing identities, and migrate the application to run on Amazon S3, Amazon API Gateway, and AWS Lambda. B. Use a third-party solution for managing identities, and migrate the application to run on Amazon S3, EC2 Spot Instances, and Amazon EC2. C. Use Amazon Cognito for managing identities, and migrate the application to run on Amazon S3, Amazon API Gateway, and AWS Lambda. D. Use Amazon Cognito for managing identities, and migrate the application to run on Amazon S3, EC2 Spot Instances, and Amazon EC2.

C

#173 An application runs on EC2 instances behind an Elastic Load Balancing Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. The application provides a RESTful interface with both synchronous and asynchronous operations. The asynchronous operations require up to 5 minutes to complete. Although the application must remain available at all times, after business hours, the traffic going to the application is greatly reduced and often results in the Auto Scaling group running the minimum number of On-Demand Instances. What should the Solutions Architect recommend to optimize the cost of the environment after business hours? A. Change the Availability Zones in which the instances were created to another Availability Zone in the same region with a lower cost. B. Replace all On-Demand Instances with Spot Instances in the Auto Scaling group. C. Purchase Reserved Instances for the minimum number of Auto Scaling instances. D. Reduce the number of minimum instances to 0. New requests to the Application Load Balancer create new instances.

C

#175 A Solutions Architect was tasked with reviewing several templates that build VPCs and ensuring that they meet specific security requirements. After reviewing the templates, the Architect realizes that all of the templates are missing important security best practices. What should the Architect do to implement security best practices in an efficient manner? A. Use VPC peering to enforce network consistency B. Restrict users from deploying an AWS CloudFormation template C. Provide the teams a nested AWS CloudFormation template that builds the VPC correctly D. Create AWS Identity and Access Management (IAM) policies that enforce the corporate VPC architecture standards

C

#179 An AWS Lambda function requires access to an Amazon RDS for SQL Server instance. It is against company policy to store passwords in Lambda functions. How can a Solutions Architect enable the Lambda function to retrieve the database password without violating company policy? A. Add an IAM policy for IAM database access to the Lambda execution role. B. Store a one-way hash of the password in the Lambda function. C. Have the Lambda function use the AWS Systems Manager Parameter Store. D. Connect to the Amazon RDS for SQL Server instance by using a role assigned to the Lambda function.

C

#180 A company has two different types of reporting needs on their 200-GB data warehouse: ✑ Data scientists run a small number of concurrent ad hoc SQL queries that can take several minutes each to run. ✑ Display screens throughout the company run many fast SQL queries to populate dashboards. Which design would meet these requirements with the LEAST cost? A. Replicate relevant data between Amazon Redshift and Amazon DynamoDB. Data scientists use Redshift. Dashboards use DynamoDB. B. Configure auto-replication between Amazon Redshift and Amazon RDS. Data scientists use Redshift. Dashboards use RDS. C. Use Amazon Redshift for both requirements, with separate query queues configured in workload management. D. Use Amazon Redshift for Data Scientists. Run automated dashboard queries against Redshift and store the results in Amazon ElastiCache. Dashboards query ElastiCache.

C

#185 A Solutions Architect must migrate a monolithic on-premises application to AWS. It is a web application with a load balancer, web server, application server, and relational database. The key requirement driving the migration is that the application should perform better and be more elastic. Which of the following architectures would meet these requirements? A. Re-host the application on Amazon EC2 with lift and shift of existing application code. Configure an Elastic Load Balancing load balancer to handle incoming requests. Use Amazon CloudWatch alarms to receive notification of scaling issues. Increase and decrease the size of the Amazon EC2 instances using AWS CLI or AWS Management Console as required. B. Re-architect the application as a three-tier application. Move the database to Amazon RDS. Use read replicas and Amazon ElastiCache with RDS for better performance. Use an Application Load Balancer to forward incoming requests to web and application servers running on-premises. C. Re-platform the application as a three-tier application. Use Elastic Load Balancing for incoming requests. Use EC2 for web and application tiers. Use RDS at the database tier. Use CloudWatch alarms and Auto Scaling for horizontal scaling at the web tier. D. Re-architect the application as Service Oriented Architecture (SOA). Run database and application servers on-premises. Run web-facing EC2 servers. Use an Enterprise Service Bus to handle communications between different parts of the application running on-premises and in the cloud.

C

#187 A Solutions Architect is asked to improve the fault tolerance of an existing Python application. The web application places 1-MB images is an S3 bucket. The application then uses a single t2.large instance to transform the image to include a watermark with the company's brand before writing the image back to the S3 bucket. What should the Solutions Architect recommend to increase the fault tolerance of the solution? A. Convert the code to a Lambda function triggered by scheduled Amazon CloudWatch Events. B. Increase the instance size to m4.xlarge and configure Enhanced Networking. C. Convert the code to a Lambda function triggered by Amazon S3 events. D. Create an Amazon SQS queue to send the images to the t2.large instance.

C

#189 A Solutions Architect needs to deploy a node.js-based web application that is highly available and scales automatically. The Marketing team needs to roll back on application releases quickly, and they need to have an operational dashboard. The Marketing team does not want to manage deployment of OS patches to the Linux servers. Use of which AWS service will satisfy these requirements? A. Amazon EC2 B. Amazon API Gateway C. AWS Elastic Beanstalk D. Amazon EC2 Container Service

C

#192 A web application runs on 10 EC2 instances launched from a single customer Amazon Machine Image (AMI). The EC2 instances are behind an Internet Application Load Balancer. Amazon Route 53 provides DNS for the application. How should a Solutions Architect automate recovery when a web server instance stops replying to request? A. Launch the instances in an Auto Scaling group with an Elastic Load Balancing health check. B. Launch instances in multiple Availability Zones and set the load balancer to Multi-AZ. C. Add CloudWatch alarm actions for each instance to restart if the Status Check (Any) fails. D. Add Route 53 records for each instance with an instance health check.

C

#193 A company has a Node.js application running on Amazon EC2 that currently retrieves data for customers from a DynamoDB table. The company is seeing many repeat queries for the same items, and the number of queries is continuing to increase as the application gains popularity. What solution will reduce the number of read capacity units (RCUs) required while minimizing the amount of refactoring that must be done to the application? A. Use Amazon ElastiCache to provide a caching layer B. Use a Lambda function to make concurrent requests for caching C. Use Amazon DynamoDB Accelerator (DAX) to provide a caching layer D. Obtain Reserved Capacity for Amazon DynamoDB to manage the increased number of queries

C

#199 A credit card processing application, hosted on an on-premises server, needs to communicate directly with a database hosted on an Amazon EC2 instance running in a private subnet of a VPC. Compliance requirements state that end-to-end communication should be encrypted. Which solution will ensure that this requirement is met? A. Use HTTPS for traffic over VPC peering between the VPC and the on-premises datacenter. B. Use HTTPS for traffic over the Internet between the on-premises server and the Amazon EC2 instance. C. Use HTTPS for traffic over a VPN connection between the VPC and the on-premises datacenter. D. Use HTTPS for traffic over gateway VPC endpoints that have been configured for the Amazon EC2 instance.

C

#141 A Solutions Architect is designing a customer order processing application that will likely have high usage spikes. What should the Architect do to ensure that customer orders are not lost before being written to an Amazon RDS database? (Choose two.) A. Use Amazon CloudFront to deliver the application front end. B. Use Elastic Load Balancing with a round-robin routing algorithm. C. Have the orders written into an Amazon SQS queue. D. Scale the number of processing nodes based on pending order volume. E. Have a standby Amazon RDS instance in a separate Availability Zone.

C, D

#105 A company needs to quickly ensure that all files created in an Amazon S3 bucket in us-east-1 are also available in another bucket in ap-southeast-2. Which option represents the SIMPLIEST way to implement this design? A. Add an S3 lifecycle rule to move any files from the bucket in us-east-1 to the bucket in ap-southeast-2. B. Create a Lambda function to be triggered for every new file in us-east-1 that copies the file to the bucket in ap-southeast-2. C. Use SNS to notify the bucket in ap-southeast-2 to create a file whenever the file is created in the bucket in us-east-1. D. Enable versioning and configure cross-region replication from the bucket in us-east-1 to the bucket in ap-southeast-2.

D

#115 A company wants to analyze all of its sales information aggregated over the last 12 months. The company expects there to be over 10TB of data from multiple sources. What service should be used? A. Amazon DynamoDB B. Amazon Aurora MySQL C. Amazon RDS MySQL D. Amazon Redshift

D

#121 A company has a legal requirement to store point-in-time copies of its Amazon RDS PostGreSQL database instance in facilities that are at least 200 miles apart. Use of which of the following provides the easiest way to comply with this requirement? A. Cross-region read replica B. Multiple Availability Zone snapshot copy C. Multiple Availability Zone read replica D. Cross-region snapshot copy

D

#126 Which requirements must be met in order for a Solutions Architect to specify that an Amazon EC2 instance should stop rather than terminate when its Spot Instance is interrupted? (Choose two.) A. The Spot Instance request type must be one-time. B. The Spot Instance request type must be persistent. C. The root volume must be an Amazon EBS volume. D. The root volume must be an instance store volume. E. The launch configuration is changed.

D

#127 An application hosted on AWS uses object storage for storing internal reports that are accessed daily by the CFO. Currently, these reports are publicly available. How should a Solutions Architect re-design this architecture to prevent unauthorized access to these reports? A. Encrypt the files on the client side and store the files on Amazon Glacier, then decrypt the reports on the client side. B. Move the files to Amazon ElastiCache and provide a username and password for downloading the reports. C. Specify the use of AWS KMS server-side encryption at the time of an object creation on Amazon S3. D. Store the files on Amazon S3 and use the application to generate S3 pre-signed URLs to users.

D

#130 A media company has more than 100TB of data to be stored and retrieved infrequently. However, the company occasionally receives requests for data within an hour. The company needs a low-cost retrieval method to handle the requests. Which service meets this requirement? A. Amazon S3 Standard B. Amazon Glacier standard retrievals C. Amazon Glacier bulk retrievals D. Amazon S3 Standard Infrequent Access

D

#133 A media company must store 10 TB of audio recordings. Retrieval happens infrequently and requestors agree on an 8-hour turnaround time. What is the MOST cost-effective solution to store the files? A. Amazon S3 Standard "" Infrequent Access (Standard "" IA) B. EBS Throughput Optimized HDD (st1) C. EBS Cold HDD (sc1) D. Amazon Glacier

D

#139 A company has gigabytes of web log files stored in an Amazon S3 bucket. A Solutions Architect wants to copy those files into Amazon Redshift for analysis. The company's security policy mandates that data is encrypted at rest both in the Amazon Redshift cluster and the Amazon S3 bucket. Which process will fulfill the security requirements? A. Enable server-side encryption on the Amazon S3 bucket. Launch an unencrypted Amazon Redshift cluster. Copy the data into the Amazon Redshift cluster. B. Enable server-side encryption on the Amazon S3 bucket. Copy data from the Amazon S3 bucket into an unencrypted Redshift cluster. Enable encryption on the cluster. C. Launch an encrypted Amazon Redshift cluster. Copy the data from the Amazon S3 bucket into the Amazon Redshift cluster. Copy data back to the Amazon S3 bucket in encrypted form. D. Enable server-side encryption on the Amazon S3 bucket. Launch an encrypted Amazon Redshift cluster. Copy the data into the Amazon Redshift cluster.

D

#145 A company has a popular multi-player mobile game hosted in its on-premises datacenter. The current infrastructure can no longer keep up with demand and the company is considering a move to the cloud. Which solution should a Solutions Architect recommend as the MOST scalable and cost-effective solution to meet these needs? A. Amazon EC2 and an Application Load Balancer B. Amazon S3 and Amazon CloudFront C. Amazon EC2 and Amazon Elastic Transcoder D. AWS Lambda and Amazon API Gateway

D

#150 An application uses an Amazon RDS MySQL cluster for the database layer. Database growth requires periodic resizing of the instance. Currently, administrators check the available disk space manually once a week. How can this process be improved? A. Use the largest instance type for the database. B. Use AWS CloudTrail to monitor storage capacity. C. Use Amazon CloudWatch to monitor storage capacity. D. Use Auto Scaling to increase storage size.

D

#159 A Solutions Architect is designing a three-tier web application that includes an Auto Scaling group of Amazon EC2 instances running behind an ELB Classic Load Balancer. The security team requires that all web servers must be accessible only through the Load Balancer, and that none of the web servers are directly accessible from the Internet. How should the Architect meet these requirements? A. Use a Load Balancer installed on an Amazon EC2 instance. B. Configure the web servers' security group to deny traffic from the public Internet. C. Create an Amazon CloudFront distribution in front of the ELB Classic Load Balancer. D. Configure the web tier security group to allow only traffic from the ELB Classic Load Balancer.

D

#161 A web application running on Amazon EC2 instances writes data synchronously to an Amazon DynamoDB table configured for 60 write capacity units. During normal operation the application writes 50 KB/s to the tale, but can scale up to 500 KB/ s during peak hours. The application is currently throttling errors from the DynamoDB table during peak hours. What is the MOST cost-efficient change to support the increased traffic with minimal changes to the application? A. Use Amazon SQS to manage the write operations to the DynamoDB table. B. Change DynamoDB table configuration to 600 write capacity units. C. Increase the number of Amazon EC2 instances to support the traffic. D. Configure Amazon DynamoDB Auto Scaling to handle the extra demand.

D

#163 A Solutions Architect is designing a service that must have four Amazon EC2 instances running between 8 AM and 6 PM daily. The service requires one EC2 instance outside of those hours. What is the MOST cost-effective way to provide enough compute? A. Use one Amazon EC2 Reserved Instance and use an Auto Scaling group to add and remove EC2 instances based on CPU utilization. B. Use one Amazon EC2 On-Demand instance and use an Auto Scaling group to add and remove EC2 instances based on CPU utilization. C. Use one Amazon EC2 On-Demand instance and use an Auto Scaling Group scheduled action to add three EC2 Spot instances at 7:30 AM and remove three instances at 6:10 PM. D. Use one Amazon EC2 Reserved Instance and use an Auto Scaling Group scheduled action to add three EC2 On-Demand instances at 7:30 AM and remove three instances at 6:10 PM.

D

#176 A Solutions Architect has been given the following requirements for a company's VPC: ✑ The solution is a two-tiered application with a web tier and a database tier. ✑ All web traffic to the environment must be directed from the Internet to an Application Load Balancer. ✑ The web servers and the databases should not obtain public IP addresses or be directly accessible from the public Internet. ✑ Because of security requirements, databases may not share a route table or subnet with any other service. ✑ The environment must be highly available within the same VPC for all services. What is the minimum number of subnets that the Solutions Architect will need based on these requirements and best practices? A. 2 B. 3 C. 4 D. 6

D

#177 An application currently stores objects in Amazon S3-Standard. The application accesses new objects frequently for one week. After one week, they are accessed occasionally for analysis batch jobs. A Solutions Architect has been asked to reduce storage costs for the application while allowing immediate access for batch jobs. How can costs be reduced without reducing data durability? A. Create a lifecycle policy that moves Amazon S3 data to Amazon S3 One Zone-Infrequent Access storage after 7 days. After 30 days, move the data to Amazon Glacier. B. Keep the data on Amazon S3, and create a lifecycle policy to move S3 data to Amazon Glacier after 7 days. C. Move all Amazon S3 data to S3 Standard-Infrequent Access storage, and create a lifecycle policy to move the data to Amazon Glacier after 7 days. D. Keep the data on Amazon S3, then create a lifecycle policy to move the data to S3 Standard-Infrequent Access storage after 7 days.

D

#183 A company is rolling out a new web service, but is unsure how many customers the service will attract. However, the company is unwilling to accept any downtime. What could a Solutions Architect recommend to the company in order to keep track of customers' current session data? A. Amazon EC2 B. Amazon RDS C. AWS CloudTrail D. Amazon DynamoDB

D

#186 A company has asked the Solutions Architect to modify its AWS-hosted internal application to allow for load balancing. The customer requests always come from the company domain (example.net). The company requires that incoming HTTP and HTTPS traffic is routed based on the path element of the URL in the request. Which implementation can satisfy all requirements? A. Configure a Network Load Balancer with listeners for appropriate path patterns for the target groups. B. Configure an Application Load Balancer with host-based routing based on the domain field in the HTTP header. C. Configure a Network Load Balancer and enable cross-zone load balancing to ensure that all EC2 instances are used. D. Configure an Application Load Balancer with listeners for appropriate path patterns for the target group.

D

#188 A Solutions Architect has been asked to deliver video content stored on Amazon S3 to specific users from Amazon CloudFront while restricting access by unauthorized users. How can the Architect implement a solution to meet these requirements? A. Configure CloudFront to use signed-URLs to access Amazon S3. B. Store the videos as private objects in Amazon S3, and let CloudFront serve the objects by using only Origin Access Identity (OAI). C. Use Amazon S3 static website as the origin of CloudFront, and configure CloudFront to deliver the videos by generating a signed URL for users. D. Use OAI for CloudFront to access private S3 objects and select the Restrict Viewer Access option in CloudFront cache behavior to use signed URLs.

D

#191 A customer is looking for a storage archival solution for 1,000 TB of data. The customer requires that the solution be durable and data be available within a few hours of requesting it, but not exceeding a day. The solution should be as cost-effective as possible. To meet security compliance policies, data must be encrypted at rest. The customer expects they will need to fetch the data two times in a year. Which storage solution should a Solutions Architect recommend to meet these requirements? A. Copy data to Amazon S3 buckets by using server-side encryption. Move data to Amazon S3 to reduce redundancy storage (RRS). B. Copy data to encrypted Amazon EBS volumes, then store data into Amazon S3. C. Copy each object into a separate Amazon Glacier vault, and let Amazon Glacier take care of encryption. D. Copy data to Amazon S3 with server-side encryption. Configure lifecycle management policies to move data to Amazon Glacier after 0 days.

D

#196 A company plans to migrate a website to AWS to use a serverless architecture. The website contains both static and dynamic content and is accessed by users across the world. The website should maintain sessions for returning users to improve the user experience. Which service should a Solutions Architect use for a cost-efficient solution with the LOWEST latency? A. Amazon S3, AWS Lambda, Amazon API Gateway, and Amazon DynamoDB B. Amazon CloudFront, AWS Lambda, API Gateway, and Amazon RDS C. Amazon CloudFront, Elastic Load Balancing, Amazon EC2, and Amazon RDS D. Amazon S3, Amazon CloudFront, AWS Lambda, Amazon API Gateway, and Amazon DynamoDB.

D