AWS Certified Solutions Architect Associate

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

A DevOps engineer at an IT company just upgraded an EC2 instance type from t2.nano (0.5G of RAM, 1 vCPU) to u-12tb1.metal (12.3 TB of RAM, 448 vCPUs). How would you categorize this upgrade? A. This is a scale-up example of vertical scalability B. This is a scale-up example of horizontal scalability C. This is a scale-out example of vertical scalability D. This is an example of high availability

A

A developer has created a new Application Load Balancer but has not registered any targets with the target groups. Which of the following errors would be generated by the Load Balancer? A. HTTP 500: Internal server error B. HTTP 502: Bad gateway C. HTTP 503: Service unavailable D. HTTP 504: Gateway timeout

C

AWS Lambda supports runtime for what programming languages? (6 answers)

C#/.NET Go Java Node.js Python Ruby

A company is looking for an orchestration solution to manage a workflow that uses AWS Glue and Amazon Lambda to process data on its S3 based data lake. As a solutions architect, which of the following AWS services involves the LEAST development effort for this use-case? A. AWS Step Functions B. AWS Batch C. Amazon Simple Workflow Service (SWF) D. Amazon EMR

A

A development team working for a gaming company has deployed an application on EC2 and needs CloudWatch monitoring for the relevant metrics with a resolution of 1 minute in order to set alarms that can rapidly react to changes. As a solutions architect, which of the following would you suggest as the MOST optimal solution? A. The development team should create and send a high-resolution custom metric B. Enable EC2 detailed monitoring C. Use AWS Lambda to retrieve metrics often using the application /health route D. Enable EC2 basic monitoring

B

A financial services company wants to move the Windows file server clusters out of their datacenters. They are looking for cloud file storage offerings that provide full Windows compatibility. Can you identify the AWS storage services that provide highly reliable file storage that is accessible over the industry-standard Server Message Block (SMB) protocol compatible with Windows systems? (Select two) A. Elastic File System B. Amazon FSx for Windows File Server C. File Gateway Configuration of AWS Storage Gateway D. Elastic Block Storage E. Simple Storage Service (Amazon S3)

B, C

The DevOps team at a leading social media company uses AWS OpsWorks, which is a fully managed configuration management service. OpsWorks eliminates the need to operate your configuration management systems or worry about maintaining its infrastructure. Can you identify the configuration management tools for which OpsWorks provides managed instances? (Select two) A. Ansible B. Chef C. Puppet D. CFEngine E. Salt

B, C

An AWS Organization is using Service Control Policies (SCP) for central control over the maximum available permissions for all accounts in their organization. This allows the organization to ensure that all accounts stay within the organization's access control guidelines. Which of the given scenarios are correct regarding the permissions described below? (Select three) A. If a user or role has an IAM permission policy that grants access to an action that is either not allowed or explicitly denied by the applicable SCPs, the user or role can still perform that action B. If a user or role has an IAM permission policy that grants access to an action that is either not allowed or explicitly denied by the applicable SCPs, the user or role can't perform that action C. SCPs affect all users and roles in attached accounts, including the root user D. SCPs affect all users and roles in attached accounts, excluding the root user E. SCPs affect service-linked roles F. SCPs do not affect service-linked role

B, C, F

Which of the following AWS services provides a highly available and fault-tolerant solution to capture the clickstream events from the source and then provide a concurrent feed of the data stream to the downstream applications? A. AWS Kinesis Data Firehose B. AWS Kinesis Data Analytics C. AWS Kinesis Data Streams D. Amazon SQS

C

You have an in-memory database launched on an EC2 instance and you would like to be able to stop and start the EC2 instance without losing the in-memory state of your database. What do you recommend? A. Create an AMI from the instance B. Use an EC2 Instance Store C. Use EC2 Instance Hibernate D.Mount an in-memory EBS Volume

C

You would like to mount a network file system on Linux instances, where files will be stored and accessed frequently at first, and then infrequently. What solution is the MOST cost-effective? A. S3 Intelligent Tiering B. Glacier Deep Archive C. EFS IA D. FSx for Lustre

C

Which of the following features of an Amazon S3 bucket can only be suspended once they have been enabled? A. Server Access Logging B. Static Website Hosting C. Requester Pays D. Versioning

D

Your application is hosted by a provider on yourapp.provider.com. You would like to have your users access your application using www.your-domain.com, which you own and manage under Route 53. What Route 53 record should you create? A. Create an A record B. Create a PTR record C. Create an Alias Record D. Create a CNAME record

D

A biotechnology company has multiple High Performance Computing (HPC) workflows that quickly and accurately process and analyze genomes for hereditary diseases. The company is looking to migrate these workflows from their on-premises infrastructure to AWS Cloud. As a solutions architect, which of the following networking components would you recommend on the EC2 instances running these HPC workflows? A. Elastic Fabric Adapter B. Elastic Network Interface C. Elastic Network Adapter D. Elastic IP Address

A

A company is looking at storing their less frequently accessed files on AWS that can be concurrently accessed by hundreds of EC2 instances. The company needs the most cost-effective file storage service that provides immediate access to data whenever needed. Which of the following options represents the best solution for the given requirements? A. Amazon Elastic File System (EFS) Standard-IA storage class B. Amazon S3 Standard-Infrequent Access (S3 Standard-IA) storage class C. Amazon Elastic File System (EFS) Standard storage class D. Amazon Elastic Block Store (EBS)

A

A software engineering intern at an e-commerce company is documenting the process flow to provision EC2 instances via the Amazon EC2 API. These instances are to be used for an internal application that processes HR payroll data. He wants to highlight those volume types that cannot be used as a boot volume. Can you help the intern by identifying those storage volume types that CANNOT be used as boot volumes while creating the instances? (Select two) A. General Purpose SSD (gp2) B. Provisioned IOPS SSD (io1) C. Instance Store D. Throughput Optimized HDD (st1) E. Cold HDD (sc1)

D, E

A retail company uses Amazon EC2 instances, API Gateway, Amazon RDS, Elastic Load Balancer and CloudFront services. To improve the security of these services, the Risk Advisory group has suggested a feasibility check for using the Amazon GuardDuty service. Which of the following would you identify as data sources supported by GuardDuty? A. VPC Flow Logs, DNS logs, CloudTrail events B. VPC Flow Logs, API Gateway logs, S3 access logs C. ELB logs, DNS logs, CloudTrail events D. CloudFront logs, API Gateway logs, CloudTrail events

A

What is true about RDS Read Replicas encryption? A. If the master database is encrypted, the read replicas are encrypted B. If the master database is encrypted, the read replicas can be either encrypted or unencrypted C. If the master database is unencrypted, the read replicas can be either encrypted or unencrypted D. If the master database is unencrypted, the read replicas are encrypted

A

You have a team of developers in your company, and you would like to ensure they can quickly experiment with AWS Managed Policies by attaching them to their accounts, but you would like to prevent them from doing an escalation of privileges, by granting themselves the AdministratorAccess managed policy. How should you proceed? A. For each developer, define an IAM permission boundary that will restrict the managed policies they can attach to themselves B. Create a Service Control Policy (SCP) on your AWS account that restricts developers from attaching themselves the AdministratorAccess policy C. Attach an IAM policy to your developers, that prevents them from attaching the AdministratorAccess policy D. Put the developers into an IAM group, and then define an IAM permission boundary on the group that will restrict the managed policies they can attach to themselves

A

The engineering team at a data analytics company has observed that its flagship application functions at its peak performance when the underlying EC2 instances have a CPU utilization of about 50%. The application is built on a fleet of EC2 instances managed under an Auto Scaling group. The workflow requests are handled by an internal Application Load Balancer that routes the requests to the instances. As a solutions architect, what would you recommend so that the application runs near its peak performance state? A. Configure the Auto Scaling group to use step scaling policy and set the CPU utilization as the target metric with a target value of 50% B. Configure the Auto Scaling group to use target tracking policy and set the CPU utilization as the target metric with a target value of 50% C. Configure the Auto Scaling group to use simple scaling policy and set the CPU utilization as the target metric with a target value of 50% D. Configure the Auto Scaling group to use a Cloudwatch alarm triggered on a CPU utilization threshold of 50%

B

The engineering team at an e-commerce company is working on cost optimizations for EC2 instances. The team wants to manage the workload using a mix of on-demand and spot instances across multiple instance types. They would like to create an Auto Scaling group with a mix of these instances. Which of the following options would allow the engineering team to provision the instances for this use-case? A. You can only use a launch configuration to provision capacity across multiple instance types using both On-Demand Instances and Spot Instances to achieve the desired scale, performance, and cost B. You can only use a launch template to provision capacity across multiple instance types using both On-Demand Instances and Spot Instances to achieve the desired scale, performance, and cost C. You can use a launch configuration or a launch template to provision capacity across multiple instance types using both On-Demand Instances and Spot Instances to achieve the desired scale, performance, and cost D. You can neither use a launch configuration nor a launch template to provision capacity across multiple instance types using both On-Demand Instances and Spot Instances to achieve the desired scale, performance, and cost

B

A research group needs a fleet of EC2 instances for a specialized task that must deliver high random I/O performance. Each instance in the fleet would have access to a dataset that is replicated across the instances. Because of the resilient application architecture, the specialized task would continue to be processed even if any instance goes down, as the underlying application architecture would ensure the replacement instance has access to the required dataset. Which of the following options is the MOST cost-optimal and resource-efficient solution to build this fleet of EC2 instances? A. Use EBS based EC2 instances B. Use EC2 instances with EFS mount points C.Use Instance Store based EC2 instances D. Use EC2 instances with access to S3 based storage

C

As part of a pilot program, a biotechnology company wants to integrate data files from its on-premises analytical application with AWS Cloud via an NFS interface. Which of the following AWS service is the MOST efficient solution for the given use-case? A.AWS Storage Gateway - Volume Gateway B.AWS Storage Gateway - Tape Gateway C.AWS Storage Gateway - File Gateway D.AWS Site-to-Site VPN

C

You are building an application that will be deployed on 10 EC2 instances using Amazon Linux 2 AMI. The application needs access to a shared network file system that is POSIX compliant. What do you recommend? A. EBS B. S3 C. EFS D. Instance Store

C

The engineering team at an e-commerce company wants to establish a dedicated, encrypted, low latency, and high throughput connection between its data center and AWS Cloud. The engineering team has set aside sufficient time to account for the operational overhead of establishing this connection. As a solutions architect, which of the following solutions would you recommend to the company? A. Use site-to-site VPN to establish a connection between the data center and AWS Cloud B. Use VPC transit gateway to establish a connection between the data center and AWS Cloud C. Use AWS Direct Connect to establish a connection between the data center and AWS Cloud D. Use AWS Direct Connect plus VPN to establish a connection between the data center and AWS Cloud

D

A company has recently launched a new mobile gaming application that the users are adopting rapidly. The company uses RDS MySQL as the database. The engineering team wants an urgent solution to this issue where the rapidly increasing workload might exceed the available database storage. As a solutions architect, which of the following solutions would you recommend so that it requires minimum development and systems administration effort to address this requirement? A. Enable storage auto-scaling for RDS MySQL B. Migrate RDS MySQL to Aurora which offers storage auto-scaling C. Migrate RDS MySQL database to DynamoDB which automatically allocates storage space when required D. Create read replica for RDS MySQL

A

A healthcare startup needs to enforce compliance and regulatory guidelines for objects stored in Amazon S3. One of the key requirements is to provide adequate protection against accidental deletion of objects. As a solutions architect, what are your recommendations to address these guidelines? (Select two) A. Enable versioning on the bucket B. Enable MFA delete on the bucket C. Create an event trigger on deleting any S3 object. The event invokes an SNS notification via email to the IT manager D. Establish a process to get managerial approval for deleting S3 objects E. Change the configuration on AWS S3 console so that the user needs to provide additional confirmation while deleting any S3 object

A, B

A Hollywood studio is planning a series of promotional events leading up to the launch of the trailer of its next sci-fi thriller. The executives at the studio want to create a static website with lots of animations in line with the theme of the movie. The studio has hired you as a solutions architect to build a scalable serverless solution. Which of the following represents the MOST cost-optimal and high-performance solution? A. Host the website on AWS Lambda. Create a CloudFront distribution with Lambda as the origin B. Build the website as a static website hosted on Amazon S3. Create a CloudFront distribution with Amazon S3 as the origin. Use Amazon Route 53 to create an alias record that points to your CloudFront distribution C. Host the website on an EC2 instance. Create a CloudFront distribution with the EC2 instance as the custom origin D. Host the website on an instance in the studio's on-premises data center. Create a CloudFront distribution with this instance as the custom origin

B

A Big Data analytics company wants to set up an AWS cloud architecture that throttles requests in case of sudden traffic spikes. The company is looking for AWS services that can be used for buffering or throttling to handle such traffic variations. Which of the following services can be used to support this requirement? A. Amazon SQS, Amazon SNS and AWS Lambda B. Amazon Gateway Endpoints, Amazon SQS and Amazon Kinesis C. Amazon API Gateway, Amazon SQS and Amazon Kinesis D. Elastic Load Balancer, Amazon SQS, AWS Lambda

C

A company has many VPC in various accounts, that need to be connected in a star network with one another and connected with on-premises networks through Direct Connect. What do you recommend? A. VPC Peering B. VPN Gateway C. Private Link D. Transit Gateway

D

A financial services company is looking to move its on-premises IT infrastructure to AWS Cloud. The company has multiple long-term server bound licenses across the application stack and the CTO wants to continue to utilize those licenses while moving to AWS. As a solutions architect, which of the following would you recommend as the MOST cost-effective solution? A. Use EC2 dedicated hosts B. Use EC2 dedicated instances C. Use EC2 on-demand instances D. Use EC2 reserved instances

A

A financial services company is migrating their messaging queues from self-managed message-oriented middleware systems to Amazon SQS. The development team at the company wants to minimize the costs of using SQS. As a solutions architect, which of the following options would you recommend for the given use-case? A. Use SQS long polling to retrieve messages from your Amazon SQS queues B. Use SQS short polling to retrieve messages from your Amazon SQS queues C. Use SQS visibility timeout to retrieve messages from your Amazon SQS queues D. Use SQS message timer to retrieve messages from your Amazon SQS queues

A

A financial services company wants to identify any sensitive data stored on its Amazon S3 buckets. The company also wants to monitor and protect all data stored on S3 against any malicious activity. As a solutions architect, which of the following solutions would you recommend to help address the given requirements? A. Use Amazon GuardDuty to monitor any malicious activity on data stored in S3. Use Amazon Macie to identify any sensitive data stored on S3 B. Use Amazon GuardDuty to monitor any malicious activity on data stored in S3 as well as to identify any sensitive data stored on S3 C. Use Amazon Macie to monitor any malicious activity on data stored in S3 as well as to identify any sensitive data stored on S3 D. Use Amazon Macie to monitor any malicious activity on data stored in S3. Use Amazon GuardDuty to identify any sensitive data stored on S3

A

A legacy application is built using a tightly-coupled monolithic architecture. Due to a sharp increase in the number of users, the application performance has degraded. The company now wants to decouple the architecture and adopt AWS microservices architecture. Some of these microservices need to handle fast running processes whereas other microservices need to handle slower processes. Which of these options would you identify as the right way of connecting these microservices? A. Configure Amazon SQS queue to decouple microservices running faster processes from the microservices running slower ones B. Use Amazon SNS to decouple microservices running faster processes from the microservices running slower ones C. Configure Amazon Kinesis Data Streams to decouple microservices running faster processes from the microservices running slower ones D. Add Amazon EventBridge to decouple the complex architecture

A

A media startup is looking at hosting their web application on AWS Cloud. The application will be accessed by users from different geographic regions of the world. The main feature of the application requires the upload and download of video files that can reach a maximum size of 10GB. The startup wants the solution to be cost-effective and scalable with the lowest possible latency for a great user experience. As a Solutions Architect, which of the following will you suggest as an optimal solution to meet the given requirements? A. Use Amazon S3 for hosting the web application and use S3 Transfer Acceleration to reduce the latency that geographically dispersed users might face B. Use Amazon S3 for hosting the web application and use Amazon CloudFront for faster distribution of content to geographically dispersed users C. Use Amazon EC2 with Global Accelerator for faster distribution of content, while using Amazon S3 as storage service D. Use Amazon EC2 with ElastiCache for faster distribution of content, while Amazon S3 can be used as a storage service

A

A retail company uses AWS Cloud to manage its IT infrastructure. The company has set up "AWS Organizations" to manage several departments running their AWS accounts and using resources such as EC2 instances and RDS databases. The company wants to provide shared and centrally-managed VPCs to all departments using applications that need a high degree of interconnectivity. As a solutions architect, which of the following options would you choose to facilitate this use-case? A. Use VPC sharing to share one or more subnets with other AWS accounts belonging to the same parent organization from AWS Organizations B. Use VPC sharing to share a VPC with other AWS accounts belonging to the same parent organization from AWS Organizations C. Use VPC peering to share one or more subnets with other AWS accounts belonging to the same parent organization from AWS Organizations D. Use VPC peering to share a VPC with other AWS accounts belonging to the same parent organization from AWS Organizations

A

A retail organization is moving some of its on-premises data to AWS Cloud. The DevOps team at the organization has set up an AWS Managed IPSec VPN Connection between their remote on-premises network and their Amazon VPC over the internet. Which of the following represents the correct configuration for the IPSec VPN Connection? A. Create a Virtual Private Gateway on the AWS side of the VPN and a Customer Gateway on the on-premises side of the VPN B. Create a Virtual Private Gateway on the on-premises side of the VPN and a Customer Gateway on the AWS side of the VPN C. Create a Customer Gateway on both the AWS side of the VPN as well as the on-premises side of the VPN D. Create a Virtual Private Gateway on both the AWS side of the VPN as well as the on-premises side of the VPN

A

A systems administrator has created a private hosted zone and associated it with a Virtual Private Cloud (VPC). However, the DNS queries for the private hosted zone remain unresolved. As a Solutions Architect, can you identify the Amazon VPC options to be configured in order to get the private hosted zone to work? A. Enable DNS hostnames and DNS resolution for private hosted zones B. Remove any overlapping namespaces for the private and public hosted zones C. Fix the Name server (NS) record and Start Of Authority (SOA) records that may have been created with wrong configurations D. Fix conflicts between your private hosted zone and any Resolver rule that routes traffic to your network for the same domain name, as it results in ambiguity over the route to be taken

A

An IT company hosts windows based applications on its on-premises data center. The company is looking at moving the business to the AWS Cloud. The cloud solution should offer shared storage space that multiple applications can access without a need for replication. Also, the solution should integrate with the company's self-managed Active Directory domain. Which of the following solutions addresses these requirements with the minimal integration effort? A. Use Amazon FSx for Windows File Server as a shared storage solution B. Use File Gateway of AWS Storage Gateway to create a hybrid storage solution C. Use Amazon FSx for Lustre as a shared storage solution with millisecond latencies. D. Use Amazon Elastic File System (Amazon EFS) as a shared storage solution

A

An IT consultant is helping a small business revamp their technology infrastructure on the AWS Cloud. The business has two AWS accounts and all resources are provisioned in the us-west-2 region. The IT consultant is trying to launch an EC2 instance in each of the two AWS accounts such that the instances are in the same Availability Zone of the us-west-2 region. Even after selecting the same default subnet (us-west-2a) while launching the instances in each of the AWS accounts, the IT consultant notices that the Availability Zones are still different. As a solutions architect, which of the following would you suggest resolving this issue? A. Use AZ ID to uniquely identify the Availability Zones across the two AWS Accounts B. Use the default VPC to uniquely identify the Availability Zones across the two AWS Accounts C. Use the default subnet to uniquely identify the Availability Zones across the two AWS Accounts D. Reach out to AWS Support for creating the EC2 instances in the same Availability Zone across the two AWS accounts

A

An e-commerce application uses an Amazon Aurora Multi-AZ deployment for its database. While analyzing the performance metrics, the engineering team has found that the database reads are causing high I/O and adding latency to the write requests against the database. As an AWS Certified Solutions Architect Associate, what would you recommend to separate the read requests from the write requests? A. Set up a read replica and modify the application to use the appropriate endpoint B. Provision another Amazon Aurora database and link it to the primary database as a read replica C. Configure the application to read from the Multi-AZ standby instance D. Activate read-through caching on the Amazon Aurora database

A

An e-commerce company uses Microsoft Active Directory to provide users and groups with access to resources on the on-premises infrastructure. The company has extended its IT infrastructure to AWS in the form of a hybrid cloud. The engineering team at the company wants to run directory-aware workloads on AWS for a SQL Server-based application. The team also wants to configure a trust relationship to enable single sign-on (SSO) for its users to access resources in either domain. As a solutions architect, which of the following AWS services would you recommend for this use-case? A. AWS Managed Microsoft AD B. AD Connector C. Simple AD D. Amazon Cloud Directory

A

An engineering lead is designing a VPC with public and private subnets. The VPC and subnets use IPv4 CIDR blocks. There is one public subnet and one private subnet in each of three Availability Zones (AZs) for high availability. An internet gateway is used to provide internet access for the public subnets. The private subnets require access to the internet to allow EC2 instances to download software updates. Which of the following options represents the correct solution to set up internet access for the private subnets? A. Set up three NAT gateways, one in each public subnet in each AZ. Create a custom route table for each AZ that forwards non-local traffic to the NAT gateway in its AZ B. Set up three NAT gateways, one in each private subnet in each AZ. Create a custom route table for each AZ that forwards non-local traffic to the NAT gateway in its AZ C. Set up three Internet gateways, one in each private subnet in each AZ. Create a custom route table for each AZ that forwards non-local traffic to the Internet gateway in its AZ D. Set up three Egress-only Internet gateways, one in each public subnet in each AZ. Create a custom route table for each AZ that forwards non-local traffic to the Egress-only Internet Gateway in its AZ

A

Upon a security review of your AWS account, an AWS consultant has found that a few RDS databases are un-encrypted. As a Solutions Architect, what steps must be taken to encrypt the RDS databases? A. Take a snapshot of the database, copy it as an encrypted snapshot, and restore a database from the encrypted snapshot. Terminate the previous database B. Create a Read Replica of the database, and encrypt the read replica. Promote the read replica as a standalone database, and terminate the previous database C. Enable Multi-AZ for the database, and make sure the standby instance is encrypted. Stop the main database to that the standby database kicks in, then disable Multi-AZ D. Enable encryption on the RDS database using the AWS Console

A

Your company has an on-premises Distributed File System Replication (DFSR) service to keep files synchronized on multiple Windows servers, and would like to migrate to AWS cloud. What do you recommend as a replacement for the DFSR? A. FSx for Windows B. FSx for Lustre C. EFS D. Amazon S3

A

An HTTP application is deployed on an Auto Scaling Group, is accessible from an Application Load Balancer that provides HTTPS termination, and accesses a PostgreSQL database managed by RDS. How should you configure the security groups? (Select three) A. The security group of RDS should have an inbound rule from the security group of the EC2 instances in the ASG on port 5432 B. The security group of the EC2 instances should have an inbound rule from the security group of the ALB on port 80 C. The security group of the ALB should have an inbound rule from anywhere on port 80 D. The security group of the EC2 instances should have an inbound rule from the security group of the RDS database on port 5432 E. The security group of RDS should have an inbound rule from the security group of the EC2 instances in the ASG on port 80 F. The security group of the ALB should have an inbound rule from anywhere on port 443

A, B, F

The DevOps team at a multi-national company is helping its subsidiaries standardize EC2 instances by using the same Amazon Machine Image (AMI). Some of these subsidiaries are in the same AWS region but use different AWS accounts whereas others are in different AWS regions but use the same AWS account as the parent company. The DevOps team has hired you as a solutions architect for this project. Which of the following would you identify as CORRECT regarding the capabilities of AMIs? (Select three) A. You can copy an AMI across AWS Regions B. You cannot copy an AMI across AWS Regions C. You can share an AMI with another AWS account D. You cannot share an AMI with another AWS account E. Copying an AMI backed by an encrypted snapshot results in an unencrypted target snapshot F. Copying an AMI backed by an encrypted snapshot cannot result in an unencrypted target

A, C, F

A company wants to migrate its on-premises databases to AWS Cloud. The CTO at the company wants a solution that can handle complex database configurations such as secondary indexes, foreign keys, and stored procedures. As a solutions architect, which of the following AWS services should be combined to handle this use-case? (Select two) A. AWS Schema Conversion Tool B. AWS Snowball Edge C. AWS Glue D. AWS Database Migration Service E. Basic Schema Copy

A, D

The DevOps team at an IT company is provisioning a two-tier application in a VPC with a public subnet and a private subnet. The team wants to use either a NAT instance or a NAT gateway in the public subnet to enable instances in the private subnet to initiate outbound IPv4 traffic to the internet but needs some technical assistance in terms of the configuration options available for the NAT instance and the NAT gateway. As a solutions architect, which of the following options would you identify as CORRECT? (Select three) A. NAT instance can be used as a bastion server B. NAT gateway can be used as a bastion server C. Security Groups can be associated with a NAT gateway D. Security Groups can be associated with a NAT instance E. NAT instance supports port forwarding F. NAT gateway supports port forwarding

A, D, E

The engineering team at a social media company wants to use Amazon CloudWatch alarms to automatically recover EC2 instances if they become impaired. The team has hired you as a solutions architect to provide subject matter expertise. As a solutions architect, which of the following statements would you identify as CORRECT regarding this automatic recovery process? (Select two) A. A recovered instance is identical to the original instance, including the instance ID, private IP addresses, Elastic IP addresses, and all instance metadata B. Terminated EC2 instances can be recovered if they are configured at the launch of instance C. During instance recovery, the instance is migrated during an instance reboot, and any data that is in-memory is retained D. If your instance has a public IPv4 address, it does not retain the public IPv4 address after recovery E. If your instance has a public IPv4 address, it retains the public IPv4 address after recovery

A, E

A financial services company has developed its flagship application on AWS Cloud with data security requirements such that the encryption key must be stored in a custom application running on-premises. The company wants to offload the data storage as well as the encryption process to Amazon S3 but continue to use the existing encryption key. Which of the following S3 encryption options allows the company to leverage Amazon S3 for storing data with given constraints? A. Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3) B. Server-Side Encryption with Customer-Provided Keys (SSE-C) C. Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS Key Management Service (SSE-KMS) D. Client-Side Encryption with data encryption is done on the client-side before sending it to Amazon S3

B

A gaming company uses Application Load Balancers (ALBs) in front of Amazon EC2 instances for different services and microservices. The architecture has now become complex with too many ALBs in multiple AWS Regions. Security updates, firewall configurations, and traffic routing logic have become complex with too many IP addresses and configurations. The company is looking at an easy and effective way to bring down the number of IP addresses allowed by the firewall and easily manage the entire network infrastructure. Which of these options represents an appropriate solution for this requirement? A. Configure Elastic IPs for each of the ALBs in each Region B. Launch AWS Global Accelerator and create endpoints for all the Regions. Register the ALBs of each Region to the corresponding endpoints C. Set up a Network Load Balancer (NLB) with Elastic IPs. Register the private IPs of all the ALBs as targets of this NLB D. Assign an Elastic IP to an Auto Scaling Group (ASG), and set up multiple Amazon EC2 instances to run behind the ASGs, for each of the Regions

B

A global pharmaceutical company wants to move most of the on-premises data into Amazon S3, Amazon EFS, and Amazon FSx for Windows File Server easily, quickly, and cost-effectively. As a solutions architect, which of the following solutions would you recommend as the BEST fit to automate and accelerate online data transfers to these AWS storage services? A. Use AWS Snowball Edge Storage Optimized device to automate and accelerate online data transfers to the given AWS storage services B. Use AWS DataSync to automate and accelerate online data transfers to the given AWS storage services C. Use AWS Transfer Family to automate and accelerate online data transfers to the given AWS storage services D. Use File Gateway to automate and accelerate online data transfers to the given AWS storage services

B

A leading news aggregation company offers hundreds of digital products and services for customers ranging from law firms to banks to consumers. The company bills its clients based on per unit of clickstream data provided to the clients. As the company operates in a regulated industry, it needs to have the same ordered clickstream data available for auditing within a window of 7 days. As a solutions architect, which of the following AWS services provides the ability to run the billing process and auditing process on the given clickstream data in the same order? A. AWS Kinesis Data Firehose B. AWS Kinesis Data Streams C. AWS Kinesis Data Analytics D. Amazon SQS

B

A retail company has a fleet of EC2 instances running behind an Auto Scaling group (ASG). The development team has configured two metrics that control the scale-in and scale-out policies of ASG. First one is a target tracking policy that uses a custom metric to add and remove two new instances, based on the number of SQS messages in the queue. The other is a step scaling policy that uses the CloudWatch CPUUtilization metric to launch one new instance when the existing instance exceeds 90 percent utilization for a specified length of time. While testing, the scale-out policy criteria for both policies was met at the same time. How many new instances will be launched because of these multiple scaling policies? A. Amazon EC2 Auto Scaling chooses the minimum capacity from each of the policies that meet the criteria. So, one new instance will be launched by the ASG B. Amazon EC2 Auto Scaling chooses the policy that provides the largest capacity, so policy with the custom metric is triggered, and two new instances will be launched by the ASG C. Amazon EC2 Auto Scaling chooses the latest policy after running the algorithm defined during ASG configuration. Based on this output, either of the policies will be chosen for scaling out D. Amazon EC2 Auto Scaling chooses the sum of the capacity of all the policies that meet the criteria. So, three new instances will be launched by the ASG

B

A retail company wants to share sensitive accounting data that is stored in an Amazon RDS DB instance with an external auditor. The auditor has its own AWS account and needs its own copy of the database. Which of the following would you recommend to securely share the database with the auditor? A. Create a snapshot of the database in Amazon S3 and assign an IAM role to the auditor to grant access to the object in that bucket B. Create an encrypted snapshot of the database, share the snapshot, and allow access to the AWS Key Management Service (AWS KMS) encryption key C. Export the database contents to text files, store the files in Amazon S3, and create a new IAM user for the auditor with access to that bucket D. Set up a read replica of the database and configure IAM standard database authentication to grant the auditor access

B

A small business has been running its IT systems on the on-premises infrastructure but the business now plans to migrate to AWS Cloud for operational efficiencies. As a Solutions Architect, can you suggest a cost-effective serverless solution for its flagship application that has both static and dynamic content? A. Host both the static and dynamic content of the web application on Amazon S3 and use Amazon CloudFront for distribution across diverse regions/countries B. Host the static content on Amazon S3 and use Lambda with DynamoDB for the serverless web application that handles dynamic content. Amazon CloudFront will sit in front of Lambda for distribution across diverse regions C. Host the static content on Amazon S3 and use Amazon EC2 with RDS for generating the dynamic content. Amazon CloudFront can be configured in front of EC2 instance, to make global distribution easy D. Host both the static and dynamic content of the web application on Amazon EC2 with RDS as the database. Amazon CloudFront should be configured to distribute the content across geographically disperse regions

B

A social media startup uses AWS Cloud to manage its IT infrastructure. The engineering team at the startup wants to perform weekly database rollovers for a MySQL database server using a serverless cron job that typically takes about 5 minutes to execute the database rollover script written in Python. The database rollover will archive the past week's data from the production database to keep the database small while still keeping its data accessible. As a solutions architect, which of the following would you recommend as the MOST cost-efficient and reliable solution? A. Create a time-based schedule option within an AWS Glue job to invoke itself every week and run the database rollover script B. Schedule a weekly CloudWatch event cron expression to invoke a Lambda function that runs the database rollover job C. Provision an EC2 spot instance to run the database rollover job triggered via an OS-based weekly cron expression D. Provision an EC2 scheduled reserved instance to run the database rollover script to be run via an OS-based weekly cron expression

B

A video conferencing application is hosted on a fleet of EC2 instances which are part of an Auto Scaling group (ASG). The ASG uses a Launch Configuration (LC1) with "dedicated" instance placement tenancy but the VPC (V1) used by the Launch Configuration LC1 has the instance tenancy set to default. Later the DevOps team creates a new Launch Configuration (LC2) with "default" instance placement tenancy but the VPC (V2) used by the Launch Configuration LC2 has the instance tenancy set to dedicated. Which of the following is correct regarding the instances launched via Launch Configuration LC1 and Launch Configuration LC2? A. The instances launched by Launch Configuration LC1 will have dedicated instance tenancy while the instances launched by the Launch Configuration LC2 will have default instance tenancy B. The instances launched by both Launch Configuration LC1 and Launch Configuration LC2 will have dedicated instance tenancy C. The instances launched by Launch Configuration LC1 will have default instance tenancy while the instances launched by the Launch Configuration LC2 will have dedicated instance tenancy D. The instances launched by both Launch Configuration LC1 and Launch Configuration LC2 will have default instance tenancy

B

Amazon EC2 Auto Scaling needs to terminate an instance from Availability Zone (AZ) us-east-1a as it has the most number of instances amongst the AZs being used currently. There are 4 instances in the AZ us-east-1a like so: Instance A has the oldest launch template, Instance B has the oldest launch configuration, Instance C has the newest launch configuration and Instance D is closest to the next billing hour. Which of the following instances would be terminated per the default termination policy? A. Instance A B. Instance B C. Instance C D. Instance D

B

An IT company has an Access Control Management (ACM) application that uses Amazon RDS for MySQL but is running into performance issues despite using Read Replicas. The company has hired you as a solutions architect to address these performance-related challenges without moving away from the underlying relational database schema. The company has branch offices across the world, and it needs the solution to work on a global scale. Which of the following will you recommend as the MOST cost-effective and high-performance solution? A. Use Amazon DynamoDB Global Tables to provide fast, local, read and write performance in each region B. Use Amazon Aurora Global Database to enable fast local reads with low latency in each region C. Spin up a Redshift cluster in each AWS region. Migrate the existing data into Redshift clusters D. Spin up EC2 instances in each AWS region, install MySQL databases and migrate the existing data into these new databases

B

An IT company provides S3 bucket access to specific users within the same account for completing project specific work. With changing business requirements, cross-account S3 access requests are also growing every month. The company is looking for a solution that can offer user level as well as account-level access permissions for the data stored in S3 buckets. As a Solutions Architect, which of the following would you suggest as the MOST optimized way of controlling access for this use-case? A. Use Identity and Access Management (IAM) policies B. Use Amazon S3 Bucket Policies C. Use Access Control Lists (ACLs) D. Use Security Groups

B

An IT training company hosted its website on Amazon S3 a couple of years ago. Due to COVID-19 related travel restrictions, the training website has suddenly gained traction. With an almost 300% increase in the requests served per day, the company's AWS costs have sky-rocketed for just the S3 outbound data costs. As a Solutions Architect, can you suggest an alternate method to reduce costs while keeping the latency low? A. To reduce S3 cost, the data can be saved on an EBS volume connected to an EC2 instance that can host the application B. Configure Amazon CloudFront to distribute the data hosted on Amazon S3, cost-effectively C. Use Amazon Elastic File System (Amazon EFS), as it provides a shared, scalable, fully managed elastic NFS file system for storing AWS Cloud or on-premises data D. Configure S3 Batch Operations to read data in bulk at one go, to reduce the number of calls made to S3 buckets

B

An e-commerce company runs its web application on EC2 instances in an Auto Scaling group and it's configured to handle consumer orders in an SQS queue for downstream processing. The DevOps team has observed that the performance of the application goes down in case of a sudden spike in orders received. As a solutions architect, which of the following solutions would you recommend to address this use-case? A. Use a simple scaling policy based on a custom Amazon SQS queue metric B. Use a target tracking scaling policy based on a custom Amazon SQS queue metric C. Use a step scaling policy based on a custom Amazon SQS queue metric D. Use a scheduled scaling policy based on a custom Amazon SQS queue metric

B

An online gaming application has a large chunk of its traffic coming from users who download static assets such as historic leaderboard reports and the game tactics for various games. The current infrastructure and design are unable to cope up with the traffic and application freezes on most of the pages. Which of the following is a cost-optimal solution that does not need provisioning of infrastructure? A. Configure AWS Lambda with an RDS database to provide a serverless architecture B. Use Amazon CloudFront with S3 as the storage solution for the static assets C. Use Amazon CloudFront with DynamoDB for greater speed and low latency access to static assets D. Use AWS Lambda with ElastiCache and Amazon RDS for serving static assets at high speed and low latency

B

The DevOps team at an IT company has created a custom VPC (V1) and attached an Internet Gateway (I1) to the VPC. The team has also created a subnet (S1) in this custom VPC and added a route to this subnet's route table (R1) that directs internet-bound traffic to the Internet Gateway. Now the team launches an EC2 instance (E1) in the subnet S1 and assigns a public IPv4 address to this instance. Next the team also launches a NAT instance (N1) in the subnet S1. Under the given infrastructure setup, which of the following entities is doing the Network Address Translation for the EC2 instance E1? A. NAT instance (N1) B. Internet Gateway (I1) C. Subnet (S1) D. Route Table (R1)

B

The business analytics team at a company has been running ad-hoc queries on Oracle and PostgreSQL services on Amazon RDS to prepare daily reports for senior management. To facilitate the business analytics reporting, the engineering team now wants to continuously replicate this data and consolidate these databases into a petabyte-scale data warehouse by streaming data to Amazon Redshift. As a solutions architect, which of the following would you recommend as the MOST resource-efficient solution that requires the LEAST amount of development time without the need to manage the underlying infrastructure? A. Use AWS Glue to replicate the data from the databases into Amazon Redshift B. Use AWS Database Migration Service to replicate the data from the databases into Amazon Redshift C. Use AWS EMR to replicate the data from the databases into Amazon Redshift D. Use Amazon Kinesis Data Streams to replicate the data from the databases into Amazon Redshift

B

The development team at an e-commerce startup has set up multiple microservices running on EC2 instances under an Elastic Load Balancer. The team wants to route traffic to multiple back-end services based on the content of the request. Which of the following types of load balancers would allow routing based on the content of the request? A. Classic Load Balancer B. Application Load Balancer C. Network Load Balancer D. Both Application Load Balancer and Network Load Balancer

B

The engineering manager for a content management application wants to set up RDS read replicas to provide enhanced performance and read scalability. The manager wants to understand the data transfer charges while setting up RDS read replicas. Which of the following would you identify as correct regarding the data transfer charges for RDS read replicas? A. There are data transfer charges for replicating data within the same Availability Zone B. There are data transfer charges for replicating data across AWS Regions C. There are data transfer charges for replicating data within the same AWS Region D. There are no data transfer charges for replicating data across AWS Regions

B

You are establishing a monitoring solution for desktop systems, that will be sending telemetry data into AWS every 1 minute. Data for each system must be processed in order, independently, and you would like to scale the number of consumers to be possibly equal to the number of desktop systems that are being monitored. What do you recommend? A. Use an SQS FIFO queue, and send the telemetry data as is B. Use an SQS FIFO queue, and make sure the telemetry data is sent with a Group ID attribute representing the value of the Desktop ID C. Use an SQS standard queue, and send the telemetry data as is D. Use a Kinesis Data Stream, and send the telemetry data with a Partition ID that uses the value of the Desktop ID

B

You would like to deploy an application behind an Application Load Balancer, that will have some Auto Scaling capability and efficiently leverage a mix of Spot Instances and On-Demand instances to meet demand. What do you recommend to manage the instances? A. Create a Spot Instance Request B. Create an ASG with a launch template C. Create a Spot Fleet Request D. Create an ASG with a launch configuration

B

The engineering team at an e-commerce company wants to migrate from SQS Standard queues to FIFO queues with batching. As a solutions architect, which of the following steps would you have in the migration checklist? (Select three) A. Convert the existing standard queue into a FIFO queue B. Delete the existing standard queue and recreate it as a FIFO queue C. Make sure that the name of the FIFO queue ends with the .fifo suffix D. Make sure that the name of the FIFO queue is the same as the standard queue E. Make sure that the throughput for the target FIFO queue does not exceed 3,000 messages per second F. Make sure that the throughput for the target FIFO queue does not exceed 300 messages per second

B, C, E

The development team at a retail company wants to optimize the cost of EC2 instances. The team wants to move certain nightly batch jobs to spot instances. The team has hired you as a solutions architect to provide the initial guidance. Which of the following would you identify as CORRECT regarding the capabilities of spot instances? (Select three) A. When you cancel an active spot request, it terminates the associated instance as well B. When you cancel an active spot request, it does not terminate the associated instance C. If a spot request is persistent, then it is opened again after you stop the Spot Instance D. If a spot request is persistent, then it is opened again after your Spot Instance is interrupted E. Spot blocks are designed not to be interrupted F. Spot blocks are designed to be interrupted, just like a spot instance

B, D, E

A big data analytics company is working on a real-time vehicle tracking solution. The data processing workflow involves both I/O intensive and throughput intensive database workloads. The development team needs to store this real-time data in a NoSQL database hosted on an EC2 instance and needs to support up to 25,000 IOPS per volume. As a solutions architect, which of the following EBS volume types would you recommend for this use-case? A. General Purpose SSD (gp2) B. Cold HDD (sc1) C. Provisioned IOPS SSD (io1) D. Throughput Optimized HDD (st1)

C

A company has a hybrid cloud structure for its on-premises data center and AWS Cloud infrastructure. The company wants to build a web log archival solution such that only the most frequently accessed logs are available as cached data locally while backing up all logs on Amazon S3. As a solutions architect, which of the following solutions would you recommend for this use-case? A. Use AWS direct connect to store the most frequently accessed logs locally for low-latency access while storing the full backup of logs in an Amazon S3 bucket B. Use AWS Volume Gateway - Stored Volume - to store the most frequently accessed logs locally for low-latency access while storing the full volume with all logs in its Amazon S3 service bucket C. Use AWS Volume Gateway - Cached Volume - to store the most frequently accessed logs locally for low-latency access while storing the full volume with all logs in its Amazon S3 service bucket D. Use AWS Snowball Edge Storage Optimized device to store the most frequently accessed logs locally for low-latency access while storing the full backup of logs in an Amazon S3 bucket

C

A company has set up "AWS Organizations" to manage several departments running their own AWS accounts. The departments operate from different countries and are spread across various AWS Regions. The company wants to set up a consistent resource provisioning process across departments so that each resource follows pre-defined configurations such as using a specific type of EC2 instances, specific IAM roles for Lambda functions, etc. As a solutions architect, which of the following options would you recommend for this use-case? A. Use AWS CloudFormation templates to deploy the same template across AWS accounts and regions B. Use AWS CloudFormation stacks to deploy the same template across AWS accounts and regions C. Use AWS CloudFormation StackSets to deploy the same template across AWS accounts and regions D. Use AWS Resource Access Manager (RAM) to deploy the same template across AWS accounts and regions

C

A data analytics company is using SQS queues for decoupling the various processes of an application workflow. The company wants to postpone the delivery of certain messages to the queue by one minute while all other messages need to be delivered immediately to the queue. As a solutions architect, which of the following solutions would you suggest to the company? A. Use dead-letter queues to postpone the delivery of certain messages to the queue by one minute B. Use visibility timeout to postpone the delivery of certain messages to the queue by one minute C. Use message timers to postpone the delivery of certain messages to the queue by one minute D. Use delay queues to postpone the delivery of certain messages to the queue by one minute

C

A freelance developer has built a Python based web application. The developer would like to upload his code to AWS Cloud and have AWS handle the deployment automatically. He also wants access to the underlying operating system for further enhancements. As a solutions architect, which of the following AWS services would you recommend for this use-case? A. AWS CloudFormation B. Amazon EC2 C. AWS Elastic Beanstalk D. AWS Elastic Container Service (ECS)

C

A media company has its corporate headquarters in Los Angeles with an on-premises data center using an AWS Direct Connect connection to the AWS VPC. The branch offices in San Francisco and Miami use Site-to-Site VPN connections to connect to the AWS VPC. The company is looking for a solution to have the branch offices send and receive data with each other as well as with their corporate headquarters. As a solutions architect, which of the following AWS services would you recommend addressing this use-case? A. VPC Endpoint B. VPC Peering C. VPN CloudHub D. Software VPN

C

A media company wants a low-latency way to distribute live sports results which are delivered via a proprietary application using UDP protocol. As a solutions architect, which of the following solutions would you recommend such that it offers the BEST performance for this use case? A. Use CloudFront to provide a low latency way to distribute live sports results B. Use Elastic Load Balancer to provide a low latency way to distribute live sports results C. Use Global Accelerator to provide a low latency way to distribute live sports results D. Use Auto Scaling group to provide a low latency way to distribute live sports results

C

A retail company has its flagship application running on a fleet of EC2 instances behind an Elastic Load Balancer (ELB). The engineering team has been seeing recurrent issues wherein the in-flight requests from the ELB to the EC2 instances are getting dropped when an instance becomes unhealthy. Which of the following features can be used to address this issue? A. Cross Zone Load Balancing B. Sticky Sessions C. Connection Draining D. Idle Timeout

C

A startup has created a new web application for users to complete a risk assessment survey for COVID-19 symptoms via a self-administered questionnaire. The startup has purchased the domain covid19survey.com using Route 53. The web development team would like to create a Route 53 record so that all traffic for covid19survey.com is routed to www.covid19survey.com. As a solutions architect, which of the following is the MOST cost-effective solution that you would recommend to the web development team? A. Create a CNAME record for covid19survey.com that routes traffic to www.covid19survey.com B. Create an MX record for covid19survey.com that routes traffic to www.covid19survey.com C. Create an alias record for covid19survey.com that routes traffic to www.covid19survey.com D. Create an NS record for covid19survey.com that routes traffic to www.covid19survey.com

C

A university manages a proprietary application on an EC2 instance. When started, the EC2 instance takes a long time to build a memory footprint for all the software libraries required for the application to function. The university would like to keep the instance pre-warmed so it can launch the analysis right away when needed. Which of the following solutions would you recommend? A. Use a custom AMI with the software libraries pre-installed B. Use Spot Instances C. Use EC2 hibernate D. Create an Auto Scaling Group (ASG) with capacity 0

C

An IT company is using SQS queues for decoupling the various components of application architecture. As the consuming components need additional time to process SQS messages, the company wants to postpone the delivery of new messages to the queue for a few seconds. As a solutions architect, which of the following solutions would you suggest to the company? A. Use FIFO queues to postpone the delivery of new messages to the queue for a few seconds B. Use dead-letter queues to postpone the delivery of new messages to the queue for a few seconds C. Use delay queues to postpone the delivery of new messages to the queue for a few seconds D. Use visibility timeout to postpone the delivery of new messages to the queue for a few second

C

An IT company wants to optimize the costs incurred on its fleet of 100 EC2 instances for the next year. Based on historical analyses, the engineering team observed that 70 of these instances handle the compute services of its flagship application and need to be always available. The other 30 instances are used to handle batch jobs that can afford a delay in processing. As a solutions architect, which of the following would you recommend as the MOST cost-optimal solution? A. Purchase 70 on-demand instances and 30 spot instances B. Purchase 70 on-demand instances and 30 reserved instances C. Purchase 70 reserved instances and 30 spot instances D. Purchase 70 reserved instances and 30 on-demand instances

C

An analytics company wants to improve the performance of its big data processing workflows running on Amazon EFS. Which of the following performance modes should be used for EFS to address this requirement? A. Provisioned Throughput B. Bursting Throughput C. Max I/O D. General Purpose

C

The DevOps team at an IT company has recently migrated to AWS and they are configuring security groups for their two-tier application with public web servers and private database servers. The team wants to understand the allowed configuration options for an inbound rule for a security group. As a solutions architect, which of the following would you identify as an INVALID option for setting up such a configuration? A. You can use a security group as the custom source for the inbound rule B. You can use a range of IP addresses in CIDR block notation as the custom source for the inbound rule C. You can use an Internet Gateway ID as the custom source for the inbound rule D. You can use an IP address as the custom source for the inbound rule

C

To improve the performance and security of the application, the engineering team at a company has created a CloudFront distribution with an Application Load Balancer as the custom origin. The team has also set up a Web Application Firewall (WAF) with CloudFront distribution. The security team at the company has noticed a surge in malicious attacks from a specific IP address to steal sensitive data stored on the EC2 instances. As a solutions architect, which of the following actions would you recommend to stop the attacks? A. Create a deny rule for the malicious IP in the NACL associated with each of the instances B. Create a deny rule for the malicious IP in the Security Groups associated with each of the instances C. Create an IP match condition in the WAF to block the malicious IP address D. Create a ticket with AWS support to take action against the malicious IP

C

You would like to store a database password in a secure place, and enable automatic rotation of that password every 90 days. What do you recommend? A. "KMS" B. "CloudHSM" C. "Secrets Manager" D. "SSM Parameter Store"

C

A big data consulting firm needs to set up a data lake on Amazon S3 for a Health-Care client. The data lake is split in raw and refined zones. For compliance reasons, the source data needs to be kept for a minimum of 5 years. The source data arrives in the raw zone and is then processed via an AWS Glue based ETL job into the refined zone. The business analysts run ad-hoc queries only on the data in the refined zone using AWS Athena. The team is concerned about the cost of data storage in both the raw and refined zones as the data is increasing at a rate of 1TB daily in each zone. As a solutions architect, which of the following would you recommend as the MOST cost-optimal solution? (Select two) A. Create a Lambda function based job to delete the raw zone data after 1 day B. Setup a lifecycle policy to transition the refined zone data into Glacier Deep Archive after 1 day of object creation C. Setup a lifecycle policy to transition the raw zone data into Glacier Deep Archive after 1 day of object creation D. Use Glue ETL job to write the transformed data in the refined zone using CSV format E. Use Glue ETL job to write the transformed data in the refined zone using a compressed file format

C, E

A retail company has connected its on-premises data center to the AWS Cloud via AWS Direct Connect. The company wants to be able to resolve DNS queries for any resources in the on-premises network from the AWS VPC and also resolve any DNS queries for resources in the AWS VPC from the on-premises network. As a solutions architect, which of the following solutions can be combined to address the given use case? (Select two) A. Create an outbound endpoint on Route 53 Resolver and then DNS resolvers on the on-premises network can forward DNS queries to Route 53 Resolver via this endpoint B. Create an inbound endpoint on Route 53 Resolver and then Route 53 Resolver can conditionally forward queries to resolvers on the on-premises network via this endpoint C. Create an inbound endpoint on Route 53 Resolver and then DNS resolvers on the on-premises network can forward DNS queries to Route 53 Resolver via this endpoint D. Create a universal endpoint on Route 53 Resolver and then Route 53 Resolver can receive and forward queries to resolvers on the on-premises network via this endpoint E. Create an outbound endpoint on Route 53 Resolver and then Route 53 Resolver can conditionally forward queries to resolvers on the on-premises network via this endpoint

C, E

An IT company is looking to move its on-premises infrastructure to AWS Cloud. The company has a portfolio of applications with a few of them using server bound licenses that are valid for the next year. To utilize the licenses, the CTO wants to use dedicated hosts for a one year term and then migrate the given instances to default tenancy thereafter. As a solutions architect, which of the following options would you identify as CORRECT for changing the tenancy of an instance after you have launched it? (Select two) A. You can change the tenancy of an instance from default to dedicated B. You can change the tenancy of an instance from dedicated to default C. You can change the tenancy of an instance from dedicated to host D. You can change the tenancy of an instance from default to host E. You can change the tenancy of an instance from host to dedicated

C, E

The engineering team at a logistics company has noticed that the Auto Scaling group (ASG) is not terminating an unhealthy Amazon EC2 instance. As a Solutions Architect, which of the following options would you suggest to troubleshoot the issue? (Select three) A. The EC2 instance could be a spot instance type, which cannot be terminated by ASG B. A user might have updated the configuration of ASG and increased the minimum number of instances forcing ASG to keep all instances alive C. The health check grace period for the instance has not expired D. A custom health check might have failed. ASG does not terminate instances that are set unhealthy by custom checks E. The instance maybe in Impaired status F. The instance has failed the ELB health check status

C, E, F

A Machine Learning research group uses a proprietary computer vision application hosted on an EC2 instance. Every time the instance needs to be stopped and started again, the application takes about 3 minutes to start as some auxiliary software programs need to be executed so that the application can function. The research group would like to minimize the application bootstrap time whenever the system needs to be stopped and then started at a later point in time. As a solutions architect, which of the following solutions would you recommend for this use-case? A. Use EC2 User-Data B. Use EC2 Meta-Data C. Create an AMI and launch your EC2 instances from that D. Use EC2 Instance Hibernate

D

A company has its application servers in the public subnet that connect to the RDS instances in the private subnet. For regular maintenance, the RDS instances need patch fixes that need to be downloaded from the internet. Considering the company uses only IPv4 addressing and is looking for a fully managed service, which of the following would you suggest as an optimal solution? A. Configure an Egress-only internet gateway for the resources in the private subnet of the VPC B. Configure a NAT instance in the public subnet of the VPC C. Configure the Internet Gateway of the VPC to be accessible to the private subnet resources, by changing the route tables D. Configure a NAT Gateway in the public subnet of the VPC

D

A company recently experienced a database outage in its on-premises data center. The company now wants to migrate to a reliable database solution on AWS that minimizes data loss and stores every transaction on at least two nodes. Which of the following solutions meets these requirements? A. Set up an RDS MySQL DB instance and then create a read replica in another Availability Zone that synchronously replicates the data B. Set up an RDS MySQL DB instance and then create a read replica in a separate AWS Region that synchronously replicates the data C. Set up an EC2 instance with a MySQL DB engine installed that triggers an AWS Lambda function to synchronously replicate the data to an RDS MySQL DB instance D. Set up an RDS MySQL DB instance with Multi-AZ functionality enabled to synchronously replicate the data

D

A financial services company has recently migrated from on-premises infrastructure to AWS Cloud. The DevOps team wants to implement a solution that allows all resource configurations to be reviewed and make sure that they meet compliance guidelines. Also, the solution should be able to offer the capability to look into the resource configuration history across the application stack. As a solutions architect, which of the following solutions would you recommend to the team? A. Use Amazon CloudWatch to review resource configurations to meet compliance guidelines and maintain a history of resource configuration changes B. Use AWS CloudTrail to review resource configurations to meet compliance guidelines and maintain a history of resource configuration changes C. Use AWS Systems Manager to review resource configurations to meet compliance guidelines and maintain a history of resource configuration changes D. Use AWS Config to review resource configurations to meet compliance guidelines and maintain a history of resource configuration changes

D

A global manufacturing company with facilities in the US, Europe, and Asia is designing a new distributed application to optimize its procurement workflow. The orders booked on one continent should be visible to all AWS Regions in a second or less. The database should be able to facilitate failover with a short Recovery Time Objective (RTO). The uptime of the application is critical to ensure that the manufacturing processes are not impacted. As a solutions architect, which of the following will you recommend as the MOST cost-effective solution? ​ A. Provision Amazon DynamoDB global tables​ B. Provision Amazon RDS for PostgreSQL with a cross-Region read replica​ C. Provision Amazon RDS for MySQL with a cross-Region read replica​ D. Provision Amazon Aurora Global Database

D

A health care application processes the real-time health data of the patients into an analytics workflow. With a sharp increase in the number of users, the system has become slow and sometimes even unresponsive as it does not have a retry mechanism. The startup is looking at a scalable solution that has minimal implementation overhead. Which of the following would you recommend as a scalable alternative to the current solution? A. Use Amazon SNS for data ingestion and configure Lambda to trigger logic for downstream processing B. Use Amazon SQS for data ingestion and configure Lambda to trigger logic for downstream processing C. Use Amazon API Gateway with the existing REST-based interface to create a high performing architecture D. Use Amazon Kinesis Data Streams to ingest the data, process it using AWS Lambda or run analytics using Kinesis Data Analytics

D

A leading bank has moved its IT infrastructure to AWS Cloud and they have been using Amazon EC2 Auto Scaling for their web servers. This has helped them deal with traffic spikes effectively. But, their relational database has now become a bottleneck and they urgently need a fully managed auto scaling solution for their relational database to address any unpredictable changes in the traffic. Can you identify the AWS service that is best suited for this use-case? A. Amazon DynamoDB B. Amazon Relational Database Service (Amazon RDS) C. Amazon Aurora D. Amazon Aurora Serverless

D

A leading online gaming company is migrating its flagship application to AWS Cloud for delivering its online games to users across the world. The company would like to use a Network Load Balancer (NLB) to handle millions of requests per second. The engineering team has provisioned multiple instances in a public subnet and specified these instance IDs as the targets for the NLB. As a solutions architect, can you help the engineering team understand the correct routing mechanism for these target instances? A. Traffic is routed to instances using the primary public IP address specified in the primary network interface for the instance B. Traffic is routed to instances using the primary elastic IP address specified in the primary network interface for the instance C. Traffic is routed to instances using the instance ID specified in the primary network interface for the instance D. Traffic is routed to instances using the primary private IP address specified in the primary network interface for the instance

D

A manufacturing company receives unreliable service from its data center provider because the company is located in an area prone to natural disasters. The company is not ready to fully migrate to the AWS Cloud, but it wants a failover environment on AWS in case the on-premises data center fails. The company runs web servers that connect to external vendors. The data available on AWS and on-premises must be uniform. Which of the following solutions would have the LEAST amount of downtime? A. Set up a Route 53 failover record. Execute an AWS CloudFormation template from a script to provision EC2 instances behind an Application Load Balancer. Set up AWS Storage Gateway with stored volumes to back up data to S3 B. Set up a Route 53 failover record. Run an AWS Lambda function to execute an AWS CloudFormation template to launch two EC2 instances. Set up AWS Storage Gateway with stored volumes to back up data to S3. Set up an AWS Direct Connect connection between a VPC and the data center C. Set up a Route 53 failover record. Set up an AWS Direct Connect connection between a VPC and the data center. Run application servers on EC2 in an Auto Scaling group. Run an AWS Lambda function to execute an AWS CloudFormation template to create an Application Load Balancer D. Set up a Route 53 failover record. Run application servers on EC2 instances behind an Application Load Balancer in an Auto Scaling group. Set up AWS Storage Gateway with stored volumes to back up data to S3

D

A media streaming company is looking to migrate its on-premises infrastructure into the AWS Cloud. The engineering team is looking for a fully managed NoSQL persistent data store with in-memory caching to maintain low latency that is critical for real-time scenarios such as video streaming and interactive content. The team expects the number of concurrent users to touch up to a million so the database should be able to scale elastically. As a solutions architect, which of the following AWS services would you recommend for this use-case? A. DocumentDB B. ElastiCache C. RDS D. DynamoDB

D

A retail company wants to rollout and test a blue-green deployment for its global application in the next 48 hours. Most of the customers use mobile phones which are prone to DNS caching. The company has only two days left for the annual Thanksgiving sale to commence. As a Solutions Architect, which of the following options would you recommend to test the deployment on as many users as possible in the given time frame? A. Use Route 53 weighted routing to spread traffic across different deployments B. Use Elastic Load Balancer to distribute traffic across deployments C. Use AWS CodeDeploy deployment options to choose the right deployment D. Use AWS Global Accelerator to distribute a portion of traffic to a particular deployment

D

A startup has recently moved their monolithic web application to AWS Cloud. The application runs on a single EC2 instance. Currently, the user base is small and the startup does not want to spend effort on elaborate disaster recovery strategies or Auto Scaling Group. The application can afford a maximum downtime of 10 minutes. In case of a failure, which of these options would you suggest as a cost-effective and automatic recovery procedure for the instance? A. Configure Amazon CloudWatch events that can trigger the recovery of the EC2 instance, in case the instance or the application fails B. Configure an Amazon CloudWatch alarm that triggers the recovery of the EC2 instance, in case the instance fails. The instance can be configured with EBS volume or with instance store volumes C. Configure AWS Trusted Advisor to monitor the health check of EC2 instance and provide a remedial action in case an unhealthy flag is detected D. Configure an Amazon CloudWatch alarm that triggers the recovery of the EC2 instance, in case the instance fails. The instance, however, should only be configured with an EBS volume

D

A tax computation software runs on Amazon EC2 instances behind a Classic Load Balancer. The instances are managed by an Auto Scaling Group. The tax computation software has an optimization module, which can take up to 10 minutes to find the optimal answer. How do you ensure that when the Auto Scaling Group initiates a scale-in event, the users do not see their current requests interrupted? A. Create an ASG Scheduled Action B. Enable Stickiness on the CLB C. Enable ELB health checks on the ASG D. Increase the deregistration delay to more than 10 minutes

D

An IT company is working on a client project to build a Supply Chain Management application. The web-tier of the application runs on an EC2 instance and the database tier is on Amazon RDS MySQL. For beta testing, all the resources are currently deployed in a single Availability Zone. The development team wants to improve application availability before the go-live. Given that all end users of the web application would be located in the US, which of the following would be the MOST resource-efficient solution? A. Deploy the web-tier EC2 instances in two Availability Zones, behind an Elastic Load Balancer. Deploy the Amazon RDS MySQL database in read replica configuration B. Deploy the web-tier EC2 instances in two regions, behind an Elastic Load Balancer. Deploy the Amazon RDS MySQL database in read replica configuration C. Deploy the web-tier EC2 instances in two regions, behind an Elastic Load Balancer. Deploy the Amazon RDS MySQL database in Multi-AZ configuration D. Deploy the web-tier EC2 instances in two Availability Zones, behind an Elastic Load Balancer. Deploy the Amazon RDS MySQL database in Multi-AZ configuration

D

An e-commerce company is planning to migrate their two-tier application from on-premises infrastructure to AWS Cloud. As the engineering team at the company is new to the AWS Cloud, they are planning to use the Amazon VPC console wizard to set up the networking configuration for the two-tier application having public web servers and private database servers. Can you spot the configuration that is NOT supported by the Amazon VPC console wizard? A. VPC with a single public subnet B. VPC with public and private subnets (NAT) C. VPC with public and private subnets and AWS Site-to-Site VPN access D. VPC with a public subnet only and AWS Site-to-Site VPN access

D

An e-commerce company is using an Elastic Load Balancer for its fleet of EC2 instances spread across two Availability Zones, with one instance as a target in Availability Zone A and four instances as targets in Availability Zone B. The company is doing benchmarking for server performance when cross-zone load balancing is enabled compared to the case when cross-zone load balancing is disabled. As a solutions architect, which of the following traffic distribution outcomes would you identify as correct? A. With cross-zone load balancing enabled, one instance in Availability Zone A receives 50% traffic and four instances in Availability Zone B receive 12.5% traffic each. With cross-zone load balancing disabled, one instance in Availability Zone A receives 20% traffic and four instances in Availability Zone B receive 20% traffic each B. With cross-zone load balancing enabled, one instance in Availability Zone A receives no traffic and four instances in Availability Zone B receive 25% traffic each. With cross-zone load balancing disabled, one instance in Availability Zone A receives 50% traffic and four instances in Availability Zone B receive 12.5% traffic each C. With cross-zone load balancing enabled, one instance in Availability Zone A receives 20% traffic and four instances in Availability Zone B receive 20% traffic each. With cross-zone load balancing disabled, one instance in Availability Zone A receives no traffic and four instances in Availability Zone B receive 25% traffic each D. With cross-zone load balancing enabled, one instance in Availability Zone A receives 20% traffic and four instances in Availability Zone B receive 20% traffic each. With cross-zone load balancing disabled, one instance in Availability Zone A receives 50% traffic and four instances in Availability Zone B receive 12.5% traffic each

D

The application maintenance team at a company has noticed that the production application is very slow when the business reports are run on the RDS database. These reports fetch a large amount of data and have complex queries with multiple joins, spanning across multiple business-critical core tables. CPU, memory, and storage metrics are around 50% of the total capacity. Can you recommend an improved and cost-effective way of generating the business reports while keeping the production application unaffected? A. Increase the size of RDS instance B. Migrate from General Purpose SSD to magnetic storage to enhance IOPS C. Configure the RDS instance to be Multi-AZ DB instance, and connect the report generation tool to the DB instance in a different AZ D. Create a read replica and connect the report generation tool/application to it

D

The engineering team at a company wants to use Amazon SQS to decouple components of the underlying application architecture. However, the team is concerned about the VPC-bound components accessing SQS over the public internet. As a solutions architect, which of the following solutions would you recommend to address this use-case? A. Use Internet Gateway to access Amazon SQS B. Use VPN connection to access Amazon SQS C. Use Network Address Translation (NAT) instance to access Amazon SQS D. Use VPC endpoint to access Amazon SQS

D

You have been hired as a Solutions Architect to advise a company on the various authentication/authorization mechanisms that AWS offers to authorize an API call within the API Gateway. The company would prefer a solution that offers built-in user management. Which of the following solutions would you suggest as the best fit for the given use-case? A. Use AWS_IAM authorization B. Use API Gateway Lambda authorizer C. Use Amazon Cognito Identity Pools D. Use Amazon Cognito User Pools

D

A company wants some EBS volumes with maximum possible Provisioned IOPS (PIOPS) to support high-performance database workloads on EC2 instances. The company also wants some EBS volumes that can be attached to multiple EC2 instances in the same Availability Zone. As an AWS Certified Solutions Architect Associate, which of the following options would you identify as correct for the given requirements? (Select two) A. Use io2 Block Express volumes on Nitro-based EC2 instances to achieve a maximum Provisioned IOPS of 256,000 B. Use io2 volumes on Nitro-based EC2 instances to achieve a maximum Provisioned IOPS of 256,000 C. Use gp3 volumes on Nitro-based EC2 instances to achieve a maximum Provisioned IOPS of 256,000 D. Use io1/io2 volumes to enable Multi-Attach on Nitro-based EC2 instances E. Use gp2 volumes to enable Multi-Attach on Nitro-based EC2 instances

A, D

A US-based healthcare startup is building an interactive diagnostic tool for COVID-19 related assessments. The users would be required to capture their personal health records via this tool. As this is sensitive health information, the backup of the user data must be kept encrypted in S3. The startup does not want to provide its own encryption keys but still wants to maintain an audit trail of when an encryption key was used and by whom. Which of the following is the BEST solution for this use-case? A. Use SSE-S3 to encrypt the user data on S3 B. Use SSE-KMS to encrypt the user data on S3 C. Use SSE-C to encrypt the user data on S3 D. Use client-side encryption with client provided keys and then upload the encrypted user data to S3

B

A company is developing a healthcare application that cannot afford any downtime for database write operations. The company has hired you as an AWS Certified Solutions Architect Associate to build a solution using Amazon Aurora. Which of the following options would you recommend? A. Set up an Aurora serverless DB cluster B. Set up an Aurora multi-master DB cluster C. Set up an Aurora provisioned DB cluster D. Set up an Aurora Global Database cluster

B

A developer needs to implement a Lambda function in AWS account A that accesses an Amazon S3 bucket in AWS account B. As a Solutions Architect, which of the following will you recommend to meet this requirement? A. AWS Lambda cannot access resources across AWS accounts. Use Identity federation to work around this limitation of Lambda B. Create an IAM role for the Lambda function that grants access to the S3 bucket. Set the IAM role as the Lambda function's execution role. Make sure that the bucket policy also grants access to the Lambda function's execution role C. Create an IAM role for the Lambda function that grants access to the S3 bucket. Set the IAM role as the Lambda function's execution role and that would give the Lambda function cross-account access to the S3 bucket D. The S3 bucket owner should make the bucket public so that it can be accessed by the Lambda function in the other AWS account

B

A financial services company recently launched an initiative to improve the security of its AWS resources and it had enabled AWS Shield Advanced across multiple AWS accounts owned by the company. Upon analysis, the company has found that the costs incurred are much higher than expected. Which of the following would you attribute as the underlying reason for the unexpectedly high costs for AWS Shield Advanced service? A. AWS Shield Advanced is being used for custom servers, that are not part of AWS Cloud, thereby resulting in increased costs B. Consolidated billing has not been enabled. All the AWS accounts should fall under a single consolidated billing for the monthly fee to be charged only once C. AWS Shield Advanced also covers AWS Shield Standard plan, thereby resulting in increased costs D. Savings Plans has not been enabled for the AWS Shield Advanced service across all the AWS accounts

B

What does this IAM policy do? { "Version": "2012-10-17", "Statement": [ { "Sid": "Mystery Policy", "Action": [ "ec2:RunInstances" ], "Effect": "Allow", "Resource": "*", "Condition": { "IpAddress": { "aws:SourceIp": "34.50.31.0/24" } } } ] } A. It allows starting EC2 instances only when they have a Public IP within the 34.50.31.0/24 CIDR block B. It allows starting EC2 instances only when the IP where the call originates is within the 34.50.31.0/24 CIDR block C. It allows starting EC2 instances only when they have an Elastic IP within the 34.50.31.0/24 CIDR block D. It allows starting EC2 instances only when they have a Private IP within the 34.50.31.0/24 CIDR block

B

A news network uses Amazon S3 to aggregate the raw video footage from its reporting teams across the US. The news network has recently expanded into new geographies in Europe and Asia. The technical teams at the overseas branch offices have reported huge delays in uploading large video files to the destination S3 bucket. Which of the following are the MOST cost-effective options to improve the file upload speed into S3? (Select two) A. Create multiple AWS direct connect connections between the AWS Cloud and branch offices in Europe and Asia. Use the direct connect connections for faster file uploads into S3 B. Create multiple site-to-site VPN connections between the AWS Cloud and branch offices in Europe and Asia. Use these VPN connections for faster file uploads into S3 C. Use multipart uploads for faster file uploads into the destination S3 bucket D. Use Amazon S3 Transfer Acceleration to enable faster file uploads into the destination S3 bucket E. Use AWS Global Accelerator for faster file uploads into the destination S3 bucket

C, D

A developer has configured inbound traffic for the relevant ports in both the Security Group of the EC2 instance as well as the Network Access Control List (NACL) of the subnet for the EC2 instance. The developer is, however, unable to connect to the service running on the Amazon EC2 instance. As a solutions architect, how will you fix this issue? A. Network ACLs are stateful, so allowing inbound traffic to the necessary ports enables the connection. Security Groups are stateless, so you must allow both inbound and outbound traffic B. IAM Role defined in the Security Group is different from the IAM Role that is given access in the Network ACLs C. Rules associated with Network ACLs should never be modified from command line. An attempt to modify rules from command line blocks the rule and results in an erratic behavior D. Security Groups are stateful, so allowing inbound traffic to the necessary ports enables the connection. Network ACLs are stateless, so you must allow both inbound and outbound traffic

D

A geological research agency maintains the seismological data for the last 100 years. The data has a velocity of 1GB per minute. You would like to store the data with only the most relevant attributes to build a predictive model for earthquakes. What AWS services would you use to build the most cost-effective solution with the LEAST amount of infrastructure maintenance? A. Ingest the data in Kinesis Data Analytics and use SQL queries to filter and transform the data before writing to S3 B. Ingest the data in AWS Glue job and use Spark transformations before writing to S3 C. Ingest the data in a Spark Streaming Cluster on EMR use Spark Streaming transformations before writing to S3 D. Ingest the data in Kinesis Data Firehose and use a Lambda function to filter and transform the incoming stream before the output is dumped on S3

D

An application is currently hosted on four EC2 instances (behind Application Load Balancer) deployed in a single Availability Zone (AZ). To maintain an acceptable level of end-user experience, the application needs at least 4 instances to be always available. As a solutions architect, which of the following would you recommend so that the application achieves high availability with MINIMUM cost? A. Deploy the instances in two Availability Zones. Launch two instances in each Availability Zone B. Deploy the instances in two Availability Zones. Launch four instances in each Availability Zone C. Deploy the instances in one Availability Zones. Launch two instances in the Availability Zone D. Deploy the instances in three Availability Zones. Launch two instances in each Availability Zone

D

A company manages a multi-tier social media application that runs on EC2 instances behind an Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones and use an Amazon Aurora database. As a solutions architect, you have been tasked to make the application more resilient to periodic spikes in request rates. Which of the following solutions would you recommend for the given use-case? (Select two) A. Use AWS Shield B. Use AWS Global Accelerator C. Use AWS Direct Connect D. Use Aurora Replica E. Use CloudFront distribution in front of the Application Load Balancer

D, E

A cybersecurity company uses a fleet of EC2 instances to run a proprietary application. The infrastructure maintenance group at the company wants to be notified via an email whenever the CPU utilization for any of the EC2 instances breaches a certain threshold. Which of the following services would you use for building a solution with the LEAST amount of development effort? (Select two) A. AWS Lambda B. Amazon SQS C. AWS Step Functions D. Amazon SNS E. Amazon CloudWatch

D, E

A data analytics company measures what the consumers watch and what advertising they're exposed to. This real-time data is ingested into its on-premises data center and subsequently, the daily data feed is compressed into a single file and uploaded on Amazon S3 for backup. The typical compressed file size is around 2 GB. Which of the following is the fastest way to upload the daily compressed file into S3? A. Upload the compressed file using multipart upload with S3 transfer acceleration B. Upload the compressed file in a single operation C. Upload the compressed file using multipart upload D. FTP the compressed file into an EC2 instance that runs in the same region as the S3 bucket. Then transfer the file from the EC2 instance into the S3 bucket

A

A file-hosting service uses Amazon S3 under the hood to power its storage offerings. Currently all the customer files are uploaded directly under a single S3 bucket. The engineering team has started seeing scalability issues where customer file uploads have started failing during the peak access hours with more than 5000 requests per second. Which of the following is the MOST resource efficient and cost-optimal way of addressing this issue? A. Change the application architecture to create customer-specific custom prefixes within the single bucket and then upload the daily files into those prefixed locations B. Change the application architecture to create a new S3 bucket for each customer and then upload each customer's files directly under the respective buckets C. Change the application architecture to create a new S3 bucket for each day's data and then upload the daily files directly under that day's bucket D. Change the application architecture to use EFS instead of Amazon S3 for storing the customers' uploaded files

A

A financial services company wants a single log processing model for all the log files (consisting of system logs, application logs, database logs, etc) that can be processed in a serverless fashion and then durably stored for downstream analytics. The company wants to use an AWS managed service that automatically scales to match the throughput of the log data and requires no ongoing administration. As a solutions architect, which of the following AWS services would you recommend solving this problem? A. Kinesis Data Firehose B. Kinesis Data Streams C. Amazon EMR D. AWS Lambda

A

A junior DevOps engineer wants to change the default configuration for EBS volume termination. By default, the root volume of an EC2 instance for an EBS-backed AMI is deleted when the instance terminates. Which option below helps change this default behavior to ensure that the volume persists even after the instance terminates? A. Set the DeleteOnTermination attribute to false B. Set the TerminateOnDelete attribute to true C. Set the TerminateOnDelete attribute to false D. Set the DeleteOnTermination attribute to true

A

A leading carmaker would like to build a new car-as-a-sensor service by leveraging fully serverless components that are provisioned and managed automatically by AWS. The development team at the carmaker does not want an option that requires the capacity to be manually provisioned, as it does not want to respond manually to changing volumes of sensor data. Given these constraints, which of the following solutions is the BEST fit to develop this car-as-a-sensor service? A. Ingest the sensor data in an Amazon SQS standard queue, which is polled by a Lambda function in batches and the data is written into an auto-scaled DynamoDB table for downstream processing B. Ingest the sensor data in a Kinesis Data Stream, which is polled by a Lambda function in batches, and the data is written into an auto-scaled DynamoDB table for downstream processing C. Ingest the sensor data in an Amazon SQS standard queue, which is polled by an application running on an EC2 instance and the data is written into an auto-scaled DynamoDB table for downstream processing D. Ingest the sensor data in a Kinesis Data Stream, which is polled by an application running on an EC2 instance and the data is written into an auto-scaled DynamoDB table for downstream processing

A

A leading social media analytics company is contemplating moving its dockerized application stack into AWS Cloud. The company is not sure about the pricing for using Elastic Container Service (ECS) with the EC2 launch type compared to the Elastic Container Service (ECS) with the Fargate launch type. Which of the following is correct regarding the pricing for these two services? A. ECS with EC2 launch type is charged based on EC2 instances and EBS volumes used. ECS with Fargate launch type is charged based on vCPU and memory resources that the containerized application requests B. Both ECS with EC2 launch type and ECS with Fargate launch type are charged based on vCPU and memory resources that the containerized application requests C. Both ECS with EC2 launch type and ECS with Fargate launch type are charged based on EC2 instances and EBS volumes used D. Both ECS with EC2 launch type and ECS with Fargate launch type are just charged based on Elastic Container Service used per hour

A

A retail company has developed a REST API which is deployed in an Auto Scaling group behind an Application Load Balancer. The API stores the user data in DynamoDB and any static content, such as images, are served via S3. On analyzing the usage trends, it is found that 90% of the read requests are for commonly accessed data across all users. As a Solutions Architect, which of the following would you suggest as the MOST efficient solution to improve the application performance? A. Enable DynamoDB Accelerator (DAX) for DynamoDB and CloudFront for S3 B. Enable ElastiCache Redis for DynamoDB and CloudFront for S3 C. Enable DAX for DynamoDB and ElastiCache Memcached for S3 D. Enable ElastiCache Redis for DynamoDB and ElastiCache Memcached for S3

A

A social photo-sharing web application is hosted on EC2 instances behind an Elastic Load Balancer. The app gives the users the ability to upload their photos and also shows a leaderboard on the homepage of the app. The uploaded photos are stored in S3 and the leaderboard data is maintained in DynamoDB. The EC2 instances need to access both S3 and DynamoDB for these features. As a solutions architect, which of the following solutions would you recommend as the MOST secure option? A. Attach the appropriate IAM role to the EC2 instance profile so that the instance can access S3 and DynamoDB B. Save the AWS credentials (access key Id and secret access token) in a configuration file within the application code on the EC2 instances. EC2 instances can use these credentials to access S3 and DynamoDB C. Configure AWS CLI on the EC2 instances using a valid IAM user's credentials. The application code can then invoke shell scripts to access S3 and DynamoDB via AWS CLI D. Encrypt the AWS credentials via a custom encryption library and save it in a secret directory on the EC2 instances. The application code can then safely decrypt the AWS credentials to make the API calls to S3 and DynamoDB

A

A solutions architect has created a new Application Load Balancer and has configured a target group with IP address as a target type. Which of the following types of IP addresses are allowed as a valid value for this target type? A. Private IP address B. Public IP address C. Elastic IP address D. Dynamic IP address

A

A telecom company operates thousands of hardware devices like switches, routers, cables, etc. The real-time status data for these devices must be fed into a communications application for notifications. Simultaneously, another analytics application needs to read the same real-time status data and analyze all the connecting lines that may go down because of any device failures. As a Solutions Architect, which of the following solutions would you suggest, so that both the applications can consume the real-time status data concurrently? A. Amazon Kinesis Data Streams B. Amazon Simple Notification Service (SNS) C. Amazon Simple Queue Service (SQS) with Amazon Simple Notification Service (SNS) D. Amazon Simple Queue Service (SQS) with Amazon Simple Email Service (Amazon SES)

A

An Electronic Design Automation (EDA) application produces massive volumes of data that can be divided into two categories. The 'hot data' needs to be both processed and stored quickly in a parallel and distributed fashion. The 'cold data' needs to be kept for reference with quick access for reads and updates at a low cost. Which of the following AWS services is BEST suited to accelerate the aforementioned chip design process? A. Amazon FSx for Lustre B. Amazon FSx for Windows File Server C. Amazon EMR D. AWS Glue

A

An organization wants to delegate access to a set of users from the development environment so that they can access some resources in the production environment which is managed under another AWS account. As a solutions architect, which of the following steps would you recommend? A. Create a new IAM role with the required permissions to access the resources in the production environment. The users can then assume this IAM role while accessing the resources from the production environment B. Create new IAM user credentials for the production environment and share these credentials with the set of users from the development environmen C. It is not possible to access cross-account resources D. Both IAM roles and IAM users can be used interchangeably for cross-account access

A

The sourcing team at the US headquarters of a global e-commerce company is preparing a spreadsheet of the new product catalog. The spreadsheet is saved on an EFS file system created in us-east-1 region. The sourcing team counterparts from other AWS regions such as Asia Pacific and Europe also want to collaborate on this spreadsheet. As a solutions architect, what is your recommendation to enable this collaboration with the LEAST amount of operational overhead? A. The spreadsheet on the EFS file system can be accessed in other AWS regions by using an inter-region VPC peering connection B. The spreadsheet will have to be copied in Amazon S3 which can then be accessed from any AWS region C. The spreadsheet data will have to be moved into an RDS MySQL database which can then be accessed from any AWS region D. The spreadsheet will have to be copied into EFS file systems of other AWS regions as EFS is a regional service and it does not allow access from other AWS regions

A

You have multiple AWS accounts within a single AWS Region managed by AWS Organizations and you would like to ensure all EC2 instances in all these accounts can communicate privately. Which of the following solutions provides the capability at the CHEAPEST cost? A. Create a VPC in an account and share one or more of its subnets with the other accounts using Resource Access Manager B. Create a Private Link between all the EC2 instances C. Create a VPC peering connection between all VPCs D. Create a Transit Gateway and link all the VPC in all the accounts together

A

You would like to migrate an AWS account from an AWS Organization A to an AWS Organization B. What are the steps do to it? A. Remove the member account from the old organization. Send an invite to the new organization. Accept the invite to the new organization from the member account B. Send an invite to the new organization. Accept the invite to the new organization from the member account. Remove the member account from the old organization C. Send an invite to the new organization. Remove the member account from the old organization. Accept the invite to the new organization from the member account D. Open an AWS Support ticket to ask them to migrate the account

A

A new DevOps engineer has joined a large financial services company recently. As part of his onboarding, the IT department is conducting a review of the checklist for tasks related to AWS Identity and Access Management. As a solutions architect, which best practices would you recommend (Select two)? A. Enable MFA for privileged users B. Configure AWS CloudTrail to record all account activity C.Create a minimum number of accounts and share these account credentials among employees D. Grant maximum privileges to avoid assigning privileges again E. Use user credentials to provide access specific permissions for Amazon EC2 instances

A, B

A company uses DynamoDB as a data store for various kinds of customer data, such as user profiles, user events, clicks, and visited links. Some of these use-cases require a high request rate (millions of requests per second), low predictable latency, and reliability. The company now wants to add a caching layer to support high read volumes. As a solutions architect, which of the following AWS services would you recommend as a caching layer for this use-case? (Select two) A. ElastiCache B. RDS C. DynamoDB Accelerator (DAX) D. Elasticsearch E. Redshift

A, C

A large IT company wants to federate its workforce into AWS accounts and business applications. Which of the following AWS services can help build a solution for this requirement? (Select two) A. Use AWS Identity and Access Management (IAM) B. Use Multi-Factor Authentication C. Use AWS Single Sign-On (SSO) D. Use AWS Security Token Service (AWS STS) to get temporary security credentials E. Use AWS Organizations.

A, C

An engineering team wants to examine the feasibility of the user data feature of Amazon EC2 for an upcoming project. Which of the following are true about the EC2 user data configuration? (Select two) A. By default, scripts entered as user data are executed with root user privileges B. By default, user data is executed every time an EC2 instance is re-started C. When an instance is running, you can update user data by using root user credentials D. By default, user data runs only during the boot cycle when you first launch an instance E. By default, scripts entered as user data do not have root user privileges for executing

A, D

One of the biggest football leagues in Europe has granted the distribution rights for live streaming its matches in the US to a silicon valley based streaming services company. As per the terms of distribution, the company must make sure that only users from the US are able to live stream the matches on their platform. Users from other countries in the world must be denied access to these live-streamed matches. Which of the following options would allow the company to enforce these streaming restrictions? (Select two): A. Use georestriction to prevent users in specific geographic locations from accessing content that you're distributing through a CloudFront web distribution B. Use Route 53 based latency routing policy to restrict distribution of content to only the locations in which you have distribution rights C. Use Route 53 based weighted routing policy to restrict distribution of content to only the locations in which you have distribution rights D. Use Route 53 based geolocation routing policy to restrict distribution of content to only the locations in which you have distribution rights E. Use Route 53 based failover routing policy to restrict distribution of content to only the locations in which you have distribution rights

A, D

A company has moved its business critical data to Amazon EFS file system which will be accessed by multiple EC2 instances. As an AWS Certified Solutions Architect Associate, which of the following would you recommend to exercise access control such that only the permitted EC2 instances can read from the EFS file system? (Select three) A. Use EFS Access Points to manage application access B. Use Network ACLs to control the network traffic to and from your Amazon EC2 instance C. Set up the IAM policy root credentials to control and configure the clients accessing the EFS file system D. Attach an IAM policy to your file system to control clients who can mount your file system with the required permissions E. Use Amazon GuardDuty to curb unwanted access to EFS file system F. Use VPC security groups to control the network traffic to and from your file system

A, D, F

A silicon valley based startup has a content management application with the web-tier running on EC2 instances and the database tier running on Amazon Aurora. Currently, the entire infrastructure is located in us-east-1 region. The startup has 90% of its customers in the US and Europe. The engineering team is getting reports of deteriorated application performance from customers in Europe with high application load time. As a solutions architect, which of the following would you recommend addressing these performance issues? (Select two) A. Setup another fleet of EC2 instances for the web tier in the eu-west-1 region. Enable latency routing policy in Route 53 B. Setup another fleet of EC2 instances for the web tier in the eu-west-1 region. Enable geolocation routing policy in Route 53 C. Setup another fleet of EC2 instances for the web tier in the eu-west-1 region. Enable failover routing policy in Route 53 D. Create Amazon Aurora Multi-AZ standby instance in the eu-west-1 region E. Create Amazon Aurora read replicas in the eu-west-1 region

A, E

The engineering team at an in-home fitness company is evaluating multiple in-memory data stores with the ability to power its on-demand, live leaderboard. The company's leaderboard requires high availability, low latency, and real-time processing to deliver customizable user data for the community of users working out together virtually from the comfort of their home. As a solutions architect, which of the following solutions would you recommend? (Select two) A. Power the on-demand, live leaderboard using ElastiCache Redis as it meets the in-memory, high availability, low latency requirements B. Power the on-demand, live leaderboard using AWS Neptune as it meets the in-memory, high availability, low latency requirements C. Power the on-demand, live leaderboard using DynamoDB as it meets the in-memory, high availability, low latency requirements D. Power the on-demand, live leaderboard using RDS Aurora as it meets the in-memory, high availability, low latency requirements E. Power the on-demand, live leaderboard using DynamoDB with DynamoDB Accelerator (DAX) as it meets the in-memory, high availability, low latency requirements

A, E

A gaming company is looking at improving the availability and performance of its global flagship application which utilizes UDP protocol and needs to support fast regional failover in case an AWS Region goes down. Which of the following AWS services represents the best solution for this use-case? A. Amazon CloudFront B. AWS Global Accelerator C. AWS Elastic Load Balancing (ELB) D. Amazon Route 53

B

A gaming company uses Amazon Aurora as its primary database service. The company has now deployed 5 multi-AZ read replicas to increase the read throughput and for use as failover target. The replicas have been assigned the following failover priority tiers and corresponding sizes are given in parentheses: tier-1 (16TB), tier-1 (32TB), tier-10 (16TB), tier-15 (16TB), tier-15 (32TB). In the event of a failover, Amazon RDS will promote which of the following read replicas? A. Tier-15 (32TB) B. Tier-1 (32TB) C. Tier-1 (16TB) D. Tier-10 (16TB)

B

A junior scientist working with the Deep Space Research Laboratory at NASA is trying to upload a high-resolution image of a nebula into Amazon S3. The image size is approximately 3GB. The junior scientist is using S3 Transfer Acceleration (S3TA) for faster image upload. It turns out that S3TA did not result in an accelerated transfer. Given this scenario, which of the following is correct regarding the charges for this image transfer? A. The junior scientist only needs to pay S3TA transfer charges for the image upload B. The junior scientist does not need to pay any transfer charges for the image upload C. The junior scientist only needs to pay S3 transfer charges for the image upload D. The junior scientist needs to pay both S3 transfer charges and S3TA transfer charges for the image upload

B

A large financial institution operates an on-premises data center with hundreds of PB of data managed on Microsoft's Distributed File System (DFS). The CTO wants the organization to transition into a hybrid cloud environment and run data-intensive analytics workloads that support DFS. Which of the following AWS services can facilitate the migration of these workloads? A. Amazon FSx for Lustre B. Amazon FSx for Windows File Server C. AWS Managed Microsoft AD D. Microsoft SQL Server on Amazon

B

A media company runs a photo-sharing web application that is accessed across three different countries. The application is deployed on several Amazon EC2 instances running behind an Application Load Balancer. With new government regulations, the company has been asked to block access from two countries and allow access only from the home country of the company. Which configuration should be used to meet this changed requirement? A. Use Geo Restriction feature of Amazon CloudFront in a VPC B. Configure AWS WAF on the Application Load Balancer in a VPC C. Configure the security group on the Application Load Balancer D. Configure the security group for the EC2 instances

B

A social media application is hosted on an EC2 server fleet running behind an Application Load Balancer. The application traffic is fronted by a CloudFront distribution. The engineering team wants to decouple the user authentication process for the application, so that the application servers can just focus on the business logic. As a Solutions Architect, which of the following solutions would you recommend to the development team so that it requires minimal development effort? A. Use Cognito Authentication via Cognito Identity Pools for your Application Load Balancer B. Use Cognito Authentication via Cognito User Pools for your Application Load Balancer C. Use Cognito Authentication via Cognito User Pools for your CloudFront distribution D. Use Cognito Authentication via Cognito Identity Pools for your CloudFront distribution

B

An IT company has built a solution wherein a Redshift cluster writes data to an Amazon S3 bucket belonging to a different AWS account. However, it is found that the files created in the S3 bucket using the UNLOAD command from the Redshift cluster are not even accessible to the S3 bucket owner. What could be the reason for this denial of permission for the bucket owner? A. When objects are uploaded to S3 bucket from a different AWS account, the S3 bucket owner will get implicit permissions to access these objects. This issue seems to be due to an upload error that can be fixed by providing manual access from AWS console B. By default, an S3 object is owned by the AWS account that uploaded it. So the S3 bucket owner will not implicitly have access to the objects written by Redshift cluster C. The owner of an S3 bucket has implicit access to all objects in his bucket. Permissions are set on objects after they are completely copied to the target location. Since the owner is unable to access the uploaded files, the write operation may be still in progress D. When two different AWS accounts are accessing an S3 bucket, both the accounts must share the bucket policies. An erroneous policy can lead to such permission failures

B

An IT company wants to review its security best-practices after an incident was reported where a new developer on the team was assigned full access to DynamoDB. The developer accidentally deleted a couple of tables from the production environment while building out a new feature. Which is the MOST effective way to address this issue so that such incidents do not recur? A. Remove full database access for all IAM users in the organization B. Use permissions boundary to control the maximum permissions employees can grant to the IAM principals C. The CTO should review the permissions for each new developer's IAM user so that such incidents don't recur D. Only root user should have full database access in the organization

B

An e-commerce company is looking for a solution with high availability, as it plans to migrate its flagship application to a fleet of Amazon EC2 instances. The solution should allow for content-based routing as part of the architecture. As a Solutions Architect, which of the following will you suggest for the company? A. Use a Network Load Balancer for distributing traffic to the EC2 instances spread across different Availability Zones. Configure a Private IP address to mask any failure of an instance B. Use an Application Load Balancer for distributing traffic to the EC2 instances spread across different Availability Zones. Configure Auto Scaling group to mask any failure of an instance C. Use an Auto Scaling group for distributing traffic to the EC2 instances spread across different Availability Zones. Configure an Elastic IP address to mask any failure of an instance D. Use an Auto Scaling group for distributing traffic to the EC2 instances spread across different Availability Zones. Configure a Public IP address to mask any failure of an instance

B

An ivy-league university is assisting NASA to find potential landing sites for exploration vehicles of unmanned missions to our neighboring planets. The university uses High Performance Computing (HPC) driven application architecture to identify these landing sites. Which of the following EC2 instance topologies should this application be deployed on? A. The EC2 instances should be deployed in a partition placement group so that distributed workloads can be handled effectively B. The EC2 instances should be deployed in a cluster placement group so that the underlying workload can benefit from low network latency and high network throughput C. The EC2 instances should be deployed in a spread placement group so that there are no correlated failures D. The EC2 instances should be deployed in an Auto Scaling group so that application meets high availability requirements

B

The payroll department at a company initiates several computationally intensive workloads on EC2 instances at a designated hour on the last day of every month. The payroll department has noticed a trend of severe performance lag during this hour. The engineering team has figured out a solution by using Auto Scaling Group for these EC2 instances and making sure that 10 EC2 instances are available during this peak usage hour. For normal operations only 2 EC2 instances are enough to cater to the workload. As a solutions architect, which of the following steps would you recommend to implement the solution? A. Configure your Auto Scaling group by creating a scheduled action that kicks-off at the designated hour on the last day of the month. Set the min count as well as the max count of instances to 10. This causes the scale-out to happen before peak traffic kicks in at the designated hour B. Configure your Auto Scaling group by creating a scheduled action that kicks-off at the designated hour on the last day of the month. Set the desired capacity of instances to 10. This causes the scale-out to happen before peak traffic kicks in at the designated hour C. Configure your Auto Scaling group by creating a target tracking policy and setting the instance count to 10 at the designated hour. This causes the scale-out to happen before peak traffic kicks in at the designated hour D. Configure your Auto Scaling group by creating a simple tracking policy and setting the instance count to 10 at the designated hour. This causes the scale-out to happen before peak traffic kicks in at the designated hour

B

A silicon valley based startup has a two-tier architecture using EC2 instances for its flagship application. The web servers (listening on port 443), which have been assigned security group A, are in public subnets across two Availability Zones and the MSSQL based database instances (listening on port 1433), which have been assigned security group B, are in two private subnets across two Availability Zones. The DevOps team wants to review the security configurations of the application architecture. As a solutions architect, which of the following options would you select as the MOST secure configuration? (Select two) A. For security group A: Add an inbound rule that allows traffic from all sources on port 443. Add an outbound rule with the destination as security group B on port 443 B. For security group A: Add an inbound rule that allows traffic from all sources on port 443. Add an outbound rule with the destination as security group B on port 1433 C. For security group B: Add an inbound rule that allows traffic only from security group A on port 1433 D. For security group B: Add an inbound rule that allows traffic only from all sources on port 1433 E. For security group B: Add an inbound rule that allows traffic only from security group A on port 443

B, C

A video analytics organization has been acquired by a leading media company. The analytics organization has 10 independent applications with an on-premises data footprint of about 70TB for each application. The CTO of the media company has set a timeline of two weeks to carry out the data migration from on-premises data center to AWS Cloud and establish connectivity. Which of the following are the MOST cost-effective options for completing the data transfer and establishing connectivity? (Select two) A. Order 1 Snowmobile to complete the one-time data transfer B. Order 10 Snowball Edge Storage Optimized devices to complete the one-time data transfer C. Setup Site-to-Site VPN to establish connectivity between the on-premises data center and AWS Cloud D. Setup AWS direct connect to establish connectivity between the on-premises data center and AWS Cloud E. Order 70 Snowball Edge Storage Optimized devices to complete the one-time data transfer

B, C

A company uses Amazon S3 buckets for storing sensitive customer data. The company has defined different retention periods for different objects present in the Amazon S3 buckets, based on the compliance requirements. But, the retention rules do not seem to work as expected. Which of the following options represent a valid configuration for setting up retention periods for objects in Amazon S3 buckets? (Select two) A. You cannot place a retention period on an object version through a bucket default setting B. When you apply a retention period to an object version explicitly, you specify a Retain Until Date for the object version C. When you use bucket default settings, you specify a Retain Until Date for the object version D. Different versions of a single object can have different retention modes and periods E. The bucket default settings will override any explicit retention mode or period you request on an object version

B, D

A startup has just developed a video backup service hosted on a fleet of EC2 instances. The EC2 instances are behind an Application Load Balancer and the instances are using EBS volumes for storage. The service provides authenticated users the ability to upload videos that are then saved on the EBS volume attached to a given instance. On the first day of the beta launch, users start complaining that they can see only some of the videos in their uploaded videos backup. Every time the users log into the website, they claim to see a different subset of their uploaded videos. Which of the following is the MOST optimal solution to make sure that users can view all the uploaded videos? (Select two) A. Write a one time job to copy the videos from all EBS volumes to S3 Glacier Deep Archive and then modify the application to use S3 Glacier Deep Archive for storing the videos B. Write a one time job to copy the videos from all EBS volumes to S3 and then modify the application to use Amazon S3 standard for storing the videos C. Write a one time job to copy the videos from all EBS volumes to RDS and then modify the application to use RDS for storing the videos D. Mount EFS on all EC2 instances. Write a one time job to copy the videos from all EBS volumes to EFS. Modify the application to use EFS for storing the videos E. Write a one time job to copy the videos from all EBS volumes to DynamoDB and then modify the application to use DynamoDB for storing the videos

B, D

The IT department at a consulting firm is conducting a training workshop for new developers. As part of an evaluation exercise on Amazon S3, the new developers were asked to identify the invalid storage class lifecycle transitions for objects stored on S3. Can you spot the INVALID lifecycle transitions from the options below? (Select two) A. S3 Standard => S3 Intelligent-Tiering B. S3 Intelligent-Tiering => S3 Standard C. S3 Standard-IA => S3 Intelligent-Tiering D. S3 One Zone-IA => S3 Standard-IA E. S3 Standard-IA => S3 One Zone-IA

B, D

A weather forecast agency collects key weather metrics across multiple cities in the US and sends this data in the form of key-value pairs to AWS Cloud at a one-minute frequency. As a solutions architect, which of the following AWS services would you use to build a solution for processing and then reliably storing this data with high availability? (Select two) A. Redshift B. Lambda C. ElastiCache D. RDS E. DynamoDB

B, E

A big-data consulting firm is working on a client engagement where the ETL workloads are currently handled via a Hadoop cluster deployed in the on-premises data center. The client wants to migrate their ETL workloads to AWS Cloud. The AWS Cloud solution needs to be highly available with about 50 EC2 instances per Availability Zone. As a solutions architect, which of the following EC2 placement groups would you recommend handling the distributed ETL workload? A. Cluster placement group B. Spread placement group C. Partition placement group D. Both Spread placement group and Partition placement group

C

A development team requires permissions to list an S3 bucket and delete objects from that bucket. A systems administrator has created the following IAM policy to provide access to the bucket and applied that policy to the group. The group is not able to delete objects in the bucket. The company follows the principle of least privilege. "Version": "2021-10-17", "Statement": [ { "Action": [ "s3:ListBucket", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::example-bucket" ], "Effect": "Allow" } ] Which statement should a solutions architect add to the policy to address this issue? A. { "Action": [ "s3:*Object" ], "Resource": [ "arn:aws:s3:::example-bucket/*" ], "Effect": "Allow" } B. { "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:::example-bucket/*" ], "Effect": "Allow" } C. { "Action": [ "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::example-bucket/*" ], "Effect": "Allow" } D. { "Action": [ "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::example-bucket*" ], "Effect": "Allow" }

C

A financial services company uses Amazon GuardDuty for analyzing its AWS account metadata to meet the compliance guidelines. However, the company has now decided to stop using GuardDuty service. All the existing findings have to be deleted and cannot persist anywhere on AWS Cloud. Which of the following techniques will help the company meet this requirement? A. Suspend the service in the general settings B. De-register the service under services tab C. Disable the service in the general settings D. Raise a service request with Amazon to completely delete the data from all their backups

C

A financial services company wants to implement a solution that ensures that the order of financial transactions is preserved and no duplicate transactions are created. As a solutions architect, which of the following solutions would you recommend? A. Publish transaction updates using SNS FIFO topic, which is subscribed by SQS standard queue for further processing B. Publish transaction updates using SNS standard topic, which is subscribed by SQS FIFO queue for further processing C. Publish transaction updates using SNS FIFO topic, which is subscribed by SQS FIFO queue for further processing D. Publish transaction updates using SNS standard topic, which is subscribed by SQS standard queue for further processing

C

The solo founder at a tech startup has just created a brand new AWS account. The founder has provisioned an EC2 instance 1A which is running in region A. Later, he takes a snapshot of the instance 1A and then creates a new AMI in region A from this snapshot. This AMI is then copied into another region B. The founder provisions an instance 1B in region B using this new AMI in region B. At this point in time, what entities exist in region B? A. 1 EC2 instance and 1 AMI exist in region B B. 1 EC2 instance and 2 AMIs exist in region B C. 1 EC2 instance, 1 AMI and 1 snapshot exist in region B D. 1 EC2 instance and 1 snapshot exist in region B

C

A gaming company is developing a mobile game that streams score updates to a backend processor and then publishes results on a leaderboard. The company has hired you as an AWS Certified Solutions Architect Associate to design a solution that can handle major traffic spikes, process the mobile game updates in the order of receipt, and store the processed updates in a highly available database. The company wants to minimize the management overhead required to maintain the solution. Which of the following will you recommend to meet these requirements? A. Push score updates to an SQS queue which uses a fleet of EC2 instances (with Auto Scaling) to process these updates in the SQS queue and then store these processed updates in an RDS MySQL database B. Push score updates to Kinesis Data Streams which uses a fleet of EC2 instances (with Auto Scaling) to process the updates in Kinesis Data Streams and then store these processed updates in DynamoDB C. Push score updates to Kinesis Data Streams which uses a Lambda function to process these updates and then store these processed updates in DynamoDB D. Push score updates to an SNS topic, subscribe a Lambda function to this SNS topic to process the up

C

A health-care solutions company wants to run their applications on single-tenant hardware to meet regulatory guidelines. Which of the following is the MOST cost-effective way of isolating their Amazon EC2 instances to a single tenant? A. Spot Instances B. Dedicated Hosts C. Dedicated Instances D. On-Demand Instances

C

A new DevOps engineer has just joined a development team and wants to understand the replication capabilities for RDS Multi-AZ as well as RDS Read-replicas. Which of the following correctly summarizes these capabilities for the given database? A. Multi-AZ follows asynchronous replication and spans one Availability Zone within a single region. Read replicas follow synchronous replication and can be within an Availability Zone, Cross-AZ, or Cross-Region B. Multi-AZ follows asynchronous replication and spans at least two Availability Zones within a single region. Read replicas follow synchronous replication and can be within an Availability Zone, Cross-AZ, or Cross-Region C. Multi-AZ follows synchronous replication and spans at least two Availability Zones within a single region. Read replicas follow asynchronous replication and can be within an Availability Zone, Cross-AZ, or Cross-Region D. Multi-AZ follows asynchronous replication and spans at least two Availability Zones within a single region. Read replicas follow asynchronous replication and can be within an Availability Zone, Cross-AZ, or Cross-Region

C

An application runs big data workloads on EC2 instances. The application needs at least 20 instances to maintain a minimum acceptable performance threshold and the application needs 300 instances to handle spikes in the workload. Based on historical workloads processed by the application, it needs 80 instances 80% of the time. As a solutions architect, which of the following would you recommend as the MOST cost-optimal solution so that it can meet the workload demand in a steady state? A. Purchase 80 on-demand instances. Use Auto Scaling Group to provision the remaining instances as spot instances per the workload demand B. Purchase 80 on-demand instances. Provision additional on-demand and spot instances per the workload demand (Use Auto Scaling Group with launch template to provision the mix of on-demand and spot instances) C. Purchase 80 reserved instances. Provision additional on-demand and spot instances per the workload demand (Use Auto Scaling Group with launch template to provision the mix of on-demand and spot instances) D. Purchase 80 spot instances. Use Auto Scaling Group to provision the remaining instances as on-demand instances per the workload demand

C

The development team at an e-commerce startup has set up multiple microservices running on EC2 instances under an Application Load Balancer. The team wants to route traffic to multiple back-end services based on the URL path of the HTTP header. So it wants requests for https://www.example.com/orders to go to a specific microservice and requests for https://www.example.com/products to go to another microservice. Which of the following features of Application Load Balancers can be used for this use-case? A. Query string parameter-based routing B. HTTP header-based routing C. Path-based Routing D. Host-based Routing

C

The engineering team at a Spanish professional football club has built a notification system for its website using Amazon SNS notifications which are then handled by a Lambda function for end-user delivery. During the off-season, the notification systems need to handle about 100 requests per second. During the peak football season, the rate touches about 5000 requests per second and it is noticed that a significant number of the notifications are not being delivered to the end-users on the website. As a solutions architect, which of the following would you suggest as the BEST possible solution to this issue? A. Amazon SNS has hit a scalability limit, so the team needs to contact AWS support to raise the account limit B. The engineering team needs to provision more servers running the SNS service C. Amazon SNS message deliveries to AWS Lambda have crossed the account concurrency quota for Lambda, so the team needs to contact AWS support to raise the account limit D. The engineering team needs to provision more servers running the Lambda service

C

The product team at a startup has figured out a market need to support both stateful and stateless client-server communications via the APIs developed using its platform. You have been hired by the startup as a solutions architect to build a solution to fulfill this market need using AWS API Gateway. Which of the following would you identify as correct? A. API Gateway creates RESTful APIs that enable stateful client-server communication and API Gateway also creates WebSocket APIs that adhere to the WebSocket protocol, which enables stateful, full-duplex communication between client and server B. API Gateway creates RESTful APIs that enable stateless client-server communication and API Gateway also creates WebSocket APIs that adhere to the WebSocket protocol, which enables stateless, full-duplex communication between client and server C. API Gateway creates RESTful APIs that enable stateless client-server communication and API Gateway also creates WebSocket APIs that adhere to the WebSocket protocol, which enables stateful, full-duplex communication between client and server D. API Gateway creates RESTful APIs that enable stateful client-server communication and API Gateway also creates WebSocket APIs that adhere to the WebSocket protocol, which enables stateless, full-duplex communication between client and server

C

What does this IAM policy do? { "Version": "2012-10-17", "Statement": [ { "Sid": "Mystery Policy", "Action": [ "ec2:RunInstances" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "aws:RequestedRegion": "eu-west-1" } } } ] } A. It allows running EC2 instances anywhere but in the eu-west-1 region B. It allows running EC2 instances in any region when the API call is originating from the eu-west-1 region C. It allows running EC2 instances only in the eu-west-1 region, and the API call can be made from anywhere in the world D. It allows running EC2 instances in the eu-west-1 region when the API call is made from the eu-west-1 region

C

Which of the following IAM policies provides read-only access to the S3 bucket mybucket and its content? A. { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:ListBucket", "s3:GetObject" ], "Resource":"arn:aws:s3:::mybucket" } ] } B. { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:ListBucket", "s3:GetObject" ], "Resource":"arn:aws:s3:::mybucket/*" } ] } C. { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:ListBucket" ], "Resource":"arn:aws:s3:::mybucket" }, { "Effect":"Allow", "Action":[ "s3:GetObject" ], "Resource":"arn:aws:s3:::mybucket/*" } ] } D. { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:ListBucket" ], "Resource":"arn:aws:s3:::mybucket/*" }, { "Effect":"Allow", "Action":[ "s3:GetObject" ], "Resource":"arn:aws:s3:::mybucket" } ] }

C

Your company has a monthly big data workload, running for about 2 hours, which can be efficiently distributed across various servers of various sizes, with a variable number of CPU, and that can withstand server failures. Which is the MOST cost-optimal solution for this workload? A. Run the workload on Spot Instances B. Run the workload on Reserved Instances C. Run the workload on a Spot Fleet D. Run the workload on Dedicated Hosts

C

n IT security consultancy is working on a solution to protect data stored in S3 from any malicious activity as well as check for any vulnerabilities on EC2 instances. As a solutions architect, which of the following solutions would you suggest to help address the given requirement? A. Use Amazon GuardDuty to monitor any malicious activity on data stored in S3. Use security assessments provided by Amazon GuardDuty to check for vulnerabilities on EC2 instances B. Use Amazon Inspector to monitor any malicious activity on data stored in S3. Use security assessments provided by Amazon Inspector to check for vulnerabilities on EC2 instances C. Use Amazon GuardDuty to monitor any malicious activity on data stored in S3. Use security assessments provided by Amazon Inspector to check for vulnerabilities on EC2 instances D. Use Amazon Inspector to monitor any malicious activity on data stored in S3. Use security assessments provided by Amazon GuardDuty to check for vulnerabilities on EC2 instances

C

An IT consultant is helping the owner of a medium-sized business set up an AWS account. What are the security recommendations he must follow while creating the AWS account root user? (Select two) A. Encrypt the access keys and save them on Amazon S3 B. Create AWS account root user access keys and share those keys only with the business owner C. Create a strong password for the AWS account root user D. Send an email to the business owner with details of the login username and password for the AWS root user. This will help the business owner to troubleshoot any login issues in future E. Enable Multi Factor Authentication (MFA) for the AWS account root user account

C, E

CloudFront offers a multi-tier cache in the form of regional edge caches that improve latency. However, there are certain content types that bypass the regional edge cache, and go directly to the origin. Which of the following content types skip the regional edge cache? (Select two) A. E-commerce assets such as product photos B. User-generated videos C. Dynamic content, as determined at request time (cache-behavior configured to forward all headers) D. Static content such as style sheets, JavaScript files E. Proxy methods PUT/POST/PATCH/OPTIONS/DELETE

C, E

The DevOps team at an e-commerce company wants to perform some maintenance work on a specific EC2 instance that is part of an Auto Scaling group using a step scaling policy. The team is facing a maintenance challenge - every time the team deploys a maintenance patch, the instance health check status shows as out of service for a few minutes. This causes the Auto Scaling group to provision another replacement instance immediately. As a solutions architect, which are the MOST time/resource efficient steps that you would recommend so that the maintenance work can be completed at the earliest? (Select two) A. Take a snapshot of the instance, create a new AMI and then launch a new instance using this AMI. Apply the maintenance patch to this new instance and then add it back to the Auto Scaling Group by using the manual scaling policy. Terminate the earlier instance that had the maintenance issue B. Delete the Auto Scaling group and apply the maintenance fix to the given instance. Create a new Auto Scaling group and add all the instances again using the manual scaling policy C. Put the instance into the Standby state and then update the instance by applying the maintenance patch. Once the instance is ready, you can exit the Standby state and then return the instance to service c. D. Suspend the ScheduledActions process type for the Auto Scaling group and apply the maintenance patch to the instance. Once the instance is ready, you can you can manually set the instance's health status back to healthy and activate the ScheduledActions process type again E. Suspend the ReplaceUnhealthy process type for the Auto Scaling group and apply the maintenance patch to the instance. Once the instance is ready, you can manually set the instance's health status back to healthy and activate the ReplaceUnhealthy process type again

C, E

A leading video streaming service delivers billions of hours of content from Amazon S3 to customers around the world. Amazon S3 also serves as the data lake for its big data analytics solution. The data lake has a staging zone where intermediary query results are kept only for 24 hours. These results are also heavily referenced by other parts of the analytics pipeline. Which of the following is the MOST cost-effective strategy for storing this intermediary query data? A. Store the intermediary query results in S3 Intelligent-Tiering storage class B. Store the intermediary query results in S3 Standard-Infrequent Access storage class C. Store the intermediary query results in S3 One Zone-Infrequent Access storage class D. Store the intermediary query results in S3 Standard storage class

D

A major bank is using SQS to migrate several core banking applications to the cloud to ensure high availability and cost efficiency while simplifying administrative complexity and overhead. The development team at the bank expects a peak rate of about 1000 messages per second to be processed via SQS. It is important that the messages are processed in order. Which of the following options can be used to implement this system? A. Use Amazon SQS standard queue to process the messages B. Use Amazon SQS FIFO queue to process the messages C.Use Amazon SQS FIFO queue in batch mode of 2 messages per operation to process the messages at the peak rate D. Use Amazon SQS FIFO queue in batch mode of 4 messages per operation to process the messages at the peak rate

D

A media agency stores its re-creatable assets on Amazon S3 buckets. The assets are accessed by a large number of users for the first few days and the frequency of access falls down drastically after a week. Although the assets would be accessed occasionally after the first week, but they must continue to be immediately accessible when required. The cost of maintaining all the assets on S3 storage is turning out to be very expensive and the agency is looking at reducing costs as much as possible. As a Solutions Architect, can you suggest a way to lower the storage costs while fulfilling the business requirements? A. Configure a lifecycle policy to transition the objects to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days B. Configure a lifecycle policy to transition the objects to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) after 7 days C. Configure a lifecycle policy to transition the objects to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days D. Configure a lifecycle policy to transition the objects to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days

D

A social gaming startup has its flagship application hosted on a fleet of EC2 servers running behind an Elastic Load Balancer. These servers are part of an Auto Scaling Group. 90% of the users start logging into the system at 6 pm every day and continue till midnight. The engineering team at the startup has observed that there is a significant performance lag during the initial hour from 6 pm to 7 pm. The application is able to function normally thereafter. As a solutions architect, which of the following steps would you recommend addressing the performance bottleneck during that initial hour of traffic spike? A. Configure your Auto Scaling group by creating a lifecycle hook that kicks-off before 6 pm. This causes the scale-out to happen even before peak traffic kicks in at 6 pm B. Configure your Auto Scaling group by creating a target tracking policy. This causes the scale-out to happen even before peak traffic kicks in at 6 pm C. Configure your Auto Scaling group by creating a step scaling policy. This causes the scale-out to happen even before peak traffic kicks in at 6 pm D. Configure your Auto Scaling group by creating a scheduled action that kicks-off before 6 pm. This causes the scale-out to happen even before peak traffic kicks in at 6 pm

D

A social photo-sharing company uses Amazon S3 to store the images uploaded by the users. These images are kept encrypted in S3 by using AWS-KMS and the company manages its own Customer Master Key (CMK) for encryption. A member of the DevOps team accidentally deleted the CMK a day ago, thereby rendering the user's photo data unrecoverable. You have been contacted by the company to consult them on possible solutions to this crisis. As a solutions architect, which of the following steps would you recommend to solve this issue? A. Contact AWS support to retrieve the CMK from their backup B. The CMK can be recovered by the AWS root account user C. The company should issue a notification on its web application informing the users about the loss of their data D. As the CMK was deleted a day ago, it must be in the 'pending deletion' status and hence you can just cancel the CMK deletion and recover the key

D

A technology blogger wants to write a review on the comparative pricing for various storage types available on AWS Cloud. The blogger has created a test file of size 1GB with some random data. Next he copies this test file into AWS S3 Standard storage class, provisions an EBS volume (General Purpose SSD (gp2)) with 100GB of provisioned storage and copies the test file into the EBS volume, and lastly copies the test file into an EFS Standard Storage filesystem. At the end of the month, he analyses the bill for costs incurred on the respective storage types for the test file. What is the correct order of the storage charges incurred for the test file on these three storage types? A. Cost of test file storage on S3 Standard < Cost of test file storage on EBS < Cost of test file storage on EFS B. Cost of test file storage on EFS < Cost of test file storage on S3 Standard < Cost of test file storage on EBS C. Cost of test file storage on EBS < Cost of test file storage on S3 Standard < Cost of test file storage on EFS D. Cost of test file storage on S3 Standard < Cost of test file storage on EFS < Cost of test file storage on EBS

D

An IT company is working on client engagement to build a real-time data analytics tool for the Internet of Things (IoT) data. The IoT data is funneled into Kinesis Data Streams which further acts as the source of a delivery stream for Kinesis Firehose. The engineering team has now configured a Kinesis Agent to send IoT data from another set of devices to the same Firehose delivery stream. They noticed that data is not reaching Firehose as expected. As a solutions architect, which of the following options would you attribute as the MOST plausible root cause behind this issue? A. Kinesis Agent can only write to Kinesis Data Streams, not to Kinesis Firehose B. Kinesis Firehose delivery stream has reached its limit and needs to be scaled manually C. The data sent by Kinesis Agent is lost because of a configuration error D. Kinesis Agent cannot write to a Kinesis Firehose for which the delivery stream source is already set as Kinesis Data

D

An audit department generates and accesses the audit reports only twice in a financial year. The department uses AWS Step Functions to orchestrate the report creating process that has failover and retry scenarios built into the solution. The underlying data to create these audit reports is stored on S3, runs into hundreds of Terabytes and should be available with millisecond latency. As a solutions architect, which is the MOST cost-effective storage class that you would recommend to be used for this use-case? A. Amazon S3 Standard B. Amazon S3 Intelligent-Tiering (S3 Intelligent-Tiering) C. Amazon S3 Glacier (S3 Glacier) D. Amazon S3 Standard-Infrequent Access (S3 Standard-IA)

D

An e-commerce company operates multiple AWS accounts and has interconnected these accounts in a hub-and-spoke style using the AWS Transit Gateway. VPCs have been provisioned across these AWS accounts to facilitate network isolation. Which of the following solutions would reduce both the administrative overhead and the costs while providing shared access to services required by workloads in each of the VPCs? A. Use Transit VPC to reduce cost and share the resources across VPCs B. Use Fully meshed VPC Peers C. Use VPCs connected with AWS Direct Connect D. Build a shared services VPC

D

The flagship application for a gaming company connects to an Amazon Aurora database and the entire technology stack is currently deployed in the United States. Now, the company has plans to expand to Europe and Asia for its operations. It needs the games table to be accessible globally but needs the users and games_played tables to be regional only. How would you implement this with minimal application refactoring? A. Use an Amazon Aurora Global Database for the games table and use DynamoDB tables for the users and games_played tables B. Use a DynamoDB global table for the games table and use Amazon Aurora for the users and games_played tables C. Use a DynamoDB global table for the games table and use DynamoDB tables for the users and games_played tables D. Use an Amazon Aurora Global Database for the games table and use Amazon Aurora for the users and games_played tables

D

You would like to use Snowball to move on-premises backups into a long term archival tier on AWS. Which solution provides the MOST cost savings? A. Create a Snowball job and target a Glacier Vault B. Create a Snowball job and target a Glacier Deep Archive Vault C. Create a Snowball job and target an S3 bucket. Create a lifecycle policy to immediately move data to Glacier D. Create a Snowball job and target an S3 bucket. Create a lifecycle policy to immediately move data to Glacier Deep Archive

D


Ensembles d'études connexes

Chapter 6: Environmental Considerations

View Set

Fundamentals of Nursing Course Point Quiz CH. 8 (updated)

View Set