AWS Solutions Archi-Test1-SkillCert
You are working for a San Francisco-based company which provides digital transaction management services for facilitating electronic exchanges of contracts and signed documents. Using their online system, businessmen and contractors can digitally sign contracts anywhere and anytime, removing the hassle of signing them in paper and in person. They are using AWS to host their multi-tier online portal in which the application tier is using a NGINX server hosted on an extra large EC2 instance; the database tier is using an Oracle database which is regularly backed up to an S3 bucket using a custom backup utility and lastly, its static content is kept on a 512GB stored volume in AWS Storage Gateway which is attached to the application server via the iSCSI interface. In this scenario, which AWS based disaster recovery strategy will give you the best RTO?
1. Deploy the Oracle database and the NGINX app server on an EC2 instance. 2. Restore the Recovery Manager (RMAN) Oracle backups from an Amazon S3 bucket. 3. Generate an EBS volume of static content from the Storage Gateway and attach it to the NGINX EC2 server. (Needs review)
A data analytics startup has been chosen to develop a data analytics system that will track all statistics in the Fédération Internationale de Football Association (FIFA) World Cup which will also be used by other 3rd-party analytics sites. The system will record, store and provide statistical data reports about the top scorers, goal scores for each team, average goals, average passes and average yellow/red cards per match and many other details. FIFA fans all over the world will frequently access the statistics reports everyday and thus, it should be durably stored, highly available and highly scalable. In addition, the data analytics system will allow the users to vote for the best male and female FIFA player as well as the best male and female coach. Due to the popularity of the FIFA World Cup event, it is projected that there will be over 10 million queries on game day and could spike to 30 million queries over the course of time. Which of the following is the most cost-effective solution that will meet these requirements?
1. Generate the FIFA reports from MySQL database in Multi-AZ RDS deployments configuration with Read Replicas. 2. Set up a batch job that put reports in an S3 bucket. 3. Launch a CloudFront distribution to cache the content with a TTL set to expire objects daily.
You are working as a Cloud Engineer for an IoT start-up company which is developing a health monitoring pet collar for dogs and cats. The company has hired an electrical engineer to build a smart pet collar that collects biometric information of the pet every second and then sends it to a web portal through a POST API request. Your task is to architect the API services and the web portal which will accept and process the biometric data as well as provide complete trends and health reports to the pet owners. The portal should be highly durable, available, and scalable with an additional feature for showing real-time biometric data analytics. Which of the following is the best architecture to meet the above requirement?
1. Use Amazon Kinesis Data Streams to collect the incoming biometric data. 2. Analyze the data using Kinesis and show the results in real-time dashboard. 3. Set up a simple data aggregation process and pass the results to Amazon S3. 4. Store the data to Redshift, configured with automated backups, to handle complex analytics.
You are working as a Solutions Architect for Air France. The government requires every major airline institution, including your company, to perform a compulsory audit every year. An internal auditor from a major audit firm has been assigned to review your company's internal AWS services. In this situation, what is the best solution that will provide the auditor the necessary access required to audit your services without compromising the security of your data?
Assign an IAM Role to the IAM user of the auditor and provide permissions for read-only access to the company's AWS services.
A fintech startup has developed a cloud-based payment processing system which accepts credit card payments as well as cryptocurrencies such as Bitcoin, Ripple and the likes. The system is deployed in AWS which uses EC2, DynamoDB, S3, and CloudFront to process the payments. Since they are accepting credit card information from the users, they are required to be compliant with the Payment Card Industry Data Security Standard (PCI DSS). On the recent 3rd-party audit, it was found that the credit card numbers are not properly encrypted and hence, their system failed the PCI DSS compliance test. You were hired by the fintech startup to solve this issue so they can release the product in the market as soon as possible. In addition, you also have to improve performance by increasing the proportion of your viewer requests that are served from CloudFront edge caches instead of going to your origin servers for content.In this scenario, what is the best option to protect and encrypt the sensitive credit card information of the users and to improve the cache hit ratio of your CloudFront distribution?
Configure the CloudFront distribution to enforce secure end-to-end connections to origin servers by using HTTPS and field-level encryption. Configure your origin to add a Cache-Control max-age directive to your objects, and specify the longest practical value for max-age to increase your cache hit ratio.
You are working as a Solutions Architect for an online sports betting company in Melbourne, Australia which uses a large on-demand EC2 instance to host its online betting platform. To ensure redundancy, your manager instructed you to migrate the large on-demand EC2 instance from one region to another, and use its same PEM key which was generated using the Amazon EC2 console.How can you satisfy this requirement?
Copy the AMI of your EC2 machine to your new region and start up an instance using the AMI.
In your on-premises data center, you have a multi-tiered supply chain application which is using trusted IP addresses that your 3rd party vendors have whitelisted in their network. As the Solutions Architect of the company, you are responsible to migrate the application to your VPC in AWS without requiring your vendors to change their IP address whitelists. This has to be done in the most cost-effective manner.Which of the following is the BEST solution that the Architect should implement to meet the above requirement?
Create Elastic IP addresses from your Bring Your Own IP (BYOIP) address prefix and use them with AWS resources such as EC2 instances, Network Load Balancers, and NAT Gateways.
A tech startup is planning to launch a new global mobile marketplace using AWS Amplify and AWS Mobile Hub. To lower the latency, the backend APIs will be launched to multiple AWS regions to process the sales and financial transactions on the region closest to the users. You are instructed to design the system architecture to ensure that the transactions made in one region are automatically replicated to other regions. In the coming months ahead, it is expected that the marketplace will have millions of users across North America, South America, Europe, and Asia.Which of the following is the most scalable, cost-effective and highly available architecture that you should implement?
Create a Global DynamoDB table with replica tables across several AWS regions that you prefer. In each local region, store the individual transactions to a DynamoDB replica table in the same region. Any changes made in one of the replica tables will automatically be replicated across all other tables.
A print media company has a popular web application hosted on their on-premises network which allows anyone around the globe to search its back catalog and retrieve individual newspaper pages on their web portal. They have scanned the old newspapers into PNG image format and used Optical Character Recognition (OCR) software to automatically convert images to a text file. The license of their OCR software will expire soon and the news organization decided to move to AWS and produce a scalable, durable, and highly available architecture. Which is the best option to achieve this requirement?
Create a new S3 bucket to store and serve the scanned image files using a CloudFront web distribution. Launch a new Elastic Beanstalk environment to host the website across multiple Availability Zones and set up a CloudSearch for query processing, which the website can use. Use Amazon Rekognition to detect and recognize text from the scanned old newspapers.
You currently operate a sports web portal that covers the latest cricket news in Australia. You manage the main AWS account which has multiple AWS regions. The online application is hosted on a fleet of on-demand EC2 instances and an RDS database which are also deployed to other AWS regions. Your IT Security Compliance Officer has given you the task of developing a reliable and durable logging solution to track changes made to all of your EC2, IAM, and RDS resources in all of the AWS regions. The solution must ensure the integrity and confidentiality of your log data. Which of the following solutions would be the best option to choose?
Create a new trail in AWS CloudTrail with the global services option selected, and create one new Amazon S3 bucket to store the logs. Create IAM roles, S3 bucket policies, and enable Multi Factor Authentication (MFA) Delete on the S3 bucket storing your logs.
A Solutions Architect has been assigned to develop a workflow to ensure that the required patches of all of their Windows EC2 instances are properly identified and applied automatically. To maintain their system uptime requirements, it is of utmost importance to ensure that the EC2 instance reboots do not occur at the same time on all of their Windows instances. This is to avoid any loss of revenue that could be caused by any unavailability issues of their systems.Which of the following will meet the above requirements?
Create two Patch Groups with unique tags that you will assign to all of your EC2 Windows Instances. Associate the predefined AWS-DefaultPatchBaseline baseline on both patch groups. Set up two non-overlapping maintenance windows and associate each with a different patch group. Using Patch Group tags, register targets with specific maintenance windows and lastly, assign the AWS-RunPatchBaseline document as a task within each maintenance window which has a different processing start time.
An unusual API activity and intra-VPC port scanning have been identified by the security team of your department. They noticed that there are multiple port scans being triggered to your EC2 instances from a specific IP address. To fix the issue immediately, your team has decided to simply block the offending IP address. You are also instructed to fortify their existing cloud infrastructure security from the most frequently occurring network and transport layer DDoS attacks.Which of the following is the most suitable method to satisfy the above requirement in AWS?
Deny access from the IP Address block in the Network ACL. Use AWS Shield Advanced to protect your cloud resources.
Last year, the big four banks in your country have collaborated to create a simple-to-use, mobile payment app that enables the users to easily transfer money and pay bills without the hassle of logging in to their online banking, entering the account details of the other party and spending time going through other security verification processes. With their mobile payment app, anyone can easily pay another person, split the bill with their friends or pay for their coffee in an instant with just a few taps in the app. The payment app is available on both Android and iOS devices, including a web portal that is deployed in AWS using OpsWorks Stacks and EC2 instances. It was a big success with over 5 millions users nationwide and has over 100 transactions every hour. After one year, a new feature that will enable the users to store their credit card information in the app is ready to be added to the existing web portal. However, due to PCI-DSS compliance, the new version of the APIs and web portal cannot be deployed to the existing application stack. As the Solutions Architect of this project, how would you deploy the new web portal for the mobile app without having any impact to your 5 million users?
Deploy a new OpsWorks stack that contains a new layer with the latest web portal version. Shift traffic between existing stack and new stack, running different versions of the web portal using Blue/Green deployment strategy by using Route53. Route only a small portion of incoming production traffic to use the new application stack while maintaining the old application stack. Check the features of the new portal; once it's 100% validated, slowly increase incoming production traffic to the new stack. If there are issues on the new stack, change Route53 to revert to old stack.
You are working as a Solutions Architect in a leading commercial bank that is building a new online banking portal to replace their obsolete online system. Due to the volume of transactions that goes through the online portal everyday, your job is to ensure that the portal is always available 24 hours a day, 7 days a week. The bank chose to deploy the portal in AWS using EC2 instances and a MySQL RDS instance for its database. How can you ensure high availability of the online portal even in the event of application and database server failure?
Deploy the online portal to two EC2 instances in two different Availability Zones with a load balancer in front using OpsWorks and then enable Auto Healing. Launch MySQL RDS in Multi-AZ deployments configuration.
You are working as the Lead Systems Architect for a government bank in which you are handling a web application that retrieves and displays highly-sensitive information about the clients. The amount of traffic the site will receive is known and not expected to fluctuate. SSL will be used as part of the application's data security. Your chief information security officer (CISO) is concerned about the security of your SSL private key and she wants to ensure that the key cannot be accidentally or intentionally moved outside the corporate environment. You are also concerned that the application logs might contain some sensitive information, although you have already configured an encrypted EBS volume to store the data. In this scenario, the application logs must be stored securely and durably so that they can only be decrypted by the authorized government employees.Which of the following is the most suitable and highly available architecture that can meet all of the requirements?
Distribute traffic to a set of web servers using an Elastic Load Balancer that performs TCP load balancing. Use CloudHSM deployed to two Availability Zones to perform the SSL transactions and deliver your application logs to a private Amazon S3 bucket using server-side encryption.
The department of education just recently decided to leverage on AWS cloud infrastructure to supplement their current on-premises network. They are building a new learning portal that teaches kids basic computer science concepts and provides innovative gamified courses for teenagers where they can gain higher rankings, power-ups and badges. A Solutions Architect is instructed to build a highly available cloud infrastructure in AWS with multiple Availability Zones. The department wants to increase the application's reliability and gain actionable insights using application logs. A Solutions Architect needs to aggregate logs, automate log analysis for errors and immediately notify the IT Operations team when errors breached a certain threshold.Which of the following is the MOST suitable solution that the Architect should implement?
Download and install the Amazon CloudWatch agent in the on-premises servers and send the logs to Amazon CloudWatch Logs. Create a metric filter in CloudWatch to turn log data into numerical metrics to identify and measure application errors. Create a CloudWatch Alarm that monitors the metric filter and immediately notify the IT Operations team for any issues.
A graphics design startup is using multiple Amazon S3 buckets to store high-resolution media files for their various digital artworks. After securing a partnership deal with a leading media company, the two parties shall be sharing digital resources with one another as part of the contract. The media company frequently performs multiple object retrievals from the S3 buckets everyday, which increased the startup's data transfer costs.As the Solutions Architect, what should you do to help the startup lower their operational costs?
Enable the Requester Pays feature in all of the startup's S3 buckets to make the media company pay the cost of the data transfer from the buckets.
A multinational investment bank has a hybrid cloud architecture which uses a single 1 Gbps AWS Direct Connect connection to integrate their on-premises network to AWS Cloud. The bank has a total of 10 VPCs which are all connected to their on-premises data center via the same Direct Connect connection that you manage. Based on the recent IT audit, the existing network setup has a single point of failure which needs to be addressed immediately.Which of the following is the MOST cost-effective solution that you should implement in order to improve the connection redundancy of your hybrid network?
Establish VPN tunnels from your on-premises data center to each of the 10 VPCs. Terminate each VPN tunnel connection at the virtual private gateway (VGW) of the respective VPC. Configure BGP for route management. (Needs review)
A company is planning to launch a global e-commerce marketplace that will be accessible to multiple countries and regions. The Solutions Architect must ensure that the clients are protected from common web vulnerabilities as well as "man-in-the-middle" attacks to secure their sensitive financial information.Which of the following is MOST secure setup that the Architect should implement in this scenario?
For the web domain registration, use Amazon Route 53 and then register a 2048-bit RSASHA256 encryption key from a third-party certificate service. Enable Domain Name System Security Extensions (DNSSEC) by using a 3rd party DNS provider that uses customer managed keys. Register the SSL certificates in ACM and attach them to the Application Load Balancer of the global e-commerce marketplace. Configure the Server Name Identification extension in all user requests to the website. (Needs Review)
A leading media company has a hybrid architecture where its on-premises data center is connected to AWS via a Direct Connect connection. They also have a repository of over 50-TB digital videos and media files. These files are stored on their on-premises tape library and are used by their Media Asset Management (MAM) system. Due to the sheer size of their data, they want to implement an automated catalog system that will enable them to search their files using facial recognition. A catalog will store the faces of the people who are present in these videos including a still image of each person. Eventually, the media company would like to migrate these media files to AWS including the MAM video contents.Which of the following options provides a solution which uses the LEAST amount of ongoing management overhead and will cause MINIMAL disruption to the existing system?
Integrate the file system of your local data center to AWS Storage Gateway by setting up a file gateway appliance on-premises. Utilize the MAM solution to extract the media files from the current data store and send them into the file gateway. Build a collection using Amazon Rekognition by populating a catalog of faces from the processed media files. Use an AWS Lambda function to invoke Amazon Rekognition Javascript SDK to have it fetch the media file from the S3 bucket which is backing the file gateway, retrieve the needed metadata, and finally, persist the information into the MAM solution.
A web application is composed of an Application Load Balancer and EC2 instances across three Availability Zones. During peak load, the web servers operate at 95% utilization. The system is set up to use Reserved Instances to handle steady state load and On-Demand Instances to handle the peak load. Your manager instructed you to review the current architecture and do the necessary changes to improve the system.Which of the following provides the most cost-effective architecture to allow the application to recover quickly in the event that an Availability Zone is unavailable during peak load?
Launch a Spot Fleet using a diversified allocation strategy, with Auto Scaling enabled on each AZ to handle the peak load instead of On-Demand instances. Retain the current set up for handling the steady state load.
You are a Cloud Engineer and currently managing an enterprise financial auditing system that generates regular analytics reports from your firm's application log files. All log data are collected in an Amazon S3 bucket which are then processed by a daily Amazon Elastic MapReduce job. It generates daily reports and aggregated tables in CSV format, which is stored in another S3 bucket and then transferred to an Amazon Redshift data warehouse.? Your manager tasked you to optimize the cost structure for this system. Which of the following options will lower costs without compromising performance or data integrity?
Launch a combination of Spot and Reserved EC2 Instances for Amazon EMR jobs then use Reserved instances for Amazon Redshift. Choose the Amazon S3 Intelligent-Tiering storage class to store all data in S3.
You are working as a Solutions Architect for a credit company. They are running a customer analytics web application in AWS and your data analytics department has asked you to add a reporting tier to the application. This new component will aggregate and publish status reports every hour from user-generated information that is being stored in a Multi-AZ RDS MySQL database instance. The RDS instance is configured with Elasticache as a database caching layer between the application tier and database tier. How do you implement a reporting tier with as little impact to your database as possible?
Launch an RDS Read Replica linked to your Multi AZ master database and generate reports from the Read Replica. Use QuickSight to visualize the reports.
Your company has just launched a new central employee registry server which contains all of the public employee registration information of each staff in the company. The management teams from other departments who have their servers located in different VPC's need to connect to the central repository server to continue their work. How will you implement the new architecture of the new server given these circumstances?
Link each of the teams' VPCs to the central server VPC using VPC Peering.
An advertising firm is required to analyze the clickstream data of all of their websites in real time. The data will be used for clickstream analysis which contains the pages that the user visits and the sequential stream of clicks they create as they move across the website. Which of the following options will fulfill this requirement in AWS?
Push the clickstream data by session to an Amazon Kinesis stream and then analyze the data by using Amazon Kinesis workers.
Your startup company is building a web app that lets users post photos of good deeds in their neighborhood with a 143-character caption/article. You decided to write the application in ReactJS, a popular javascript framework, so that it would run on the broadest range of browsers, mobile phones, and tablets. Your app should provide access to Amazon DynamoDB to store the caption. The initial prototype shows that there aren't large spikes in usage. Which option provides the most cost-effective and scalable architecture for this application?
Register the web application with a Web Identity Provider such as Google, Facebook, Amazon or from any other popular social sites and use the AssumeRoleWithWebIdentity API of STS to generate temporary credentials. Create an IAM role for that web provider and set up permissions for the IAM role to allow GET operations in S3 and PUT operations in DynamoDB. Serve your web app out of an S3 bucket enabled as a website.
Your organization is looking to quickly migrate their legacy system to AWS and be able to scale it to meet their business needs. Optimization of the existing application and its components is out of the question since they don't have the budget and the time to accommodate these changes. However, they are planning to re-architect their systems once these components are already migrated and running properly in the cloud.Which of the following migration strategies is the most suitable one to execute in this scenario?
Rehost
As a Solutions Architect in a top IT consultancy firm, your role is to implement a reliable and highly available system that can recover from infrastructure or service disruptions. In addition, it should dynamically acquire computing resources to meet demand and mitigate service disruptions such as misconfigurations or transient network issues. Which of the following is the most suitable option that you can implement to satisfy the above requirement?
Scale horizontally to increase aggregate system availability. Replace one large resource with multiple small resources to reduce the impact of a single failure on the overall system. Distribute requests across multiple, smaller resources to ensure that they don't share a common point of failure. Implement Auto-Scaling on your EC2 instances and utilize multiple Availability Zones. Clone your stack to another AWS Region and implement a Route 53 Weighted routing policy.
Your team had developed an online voting application for a photo competition in AWS using CloudFormation. The application accepts high-quality images of each contestant and stores them in S3 then records the information about the image as well as the contestant's profile in RDS. After the competition, the CloudFormation stack is not used anymore and to save resources, the stack can be terminated. Your manager instructed you to back up the RDS database and the S3 bucket so the data can still be used even after the CloudFormation template is deleted.Which of the following options is the MOST suitable solution to fulfill this requirement?
Set the DeletionPolicy on the RDS resource to snapshot and set the S3 bucket to retain.
You are working for the country's biggest stock exchange as a Solutions Architect. Due to the nature of their financial operations, it is required that all of their trading applications must be highly available and fault-tolerant. They have auto-scaled On-Demand EC2 instances which are deployed to two separate Availability Zones with an Elastic Load Balancing and an Amazon RDS instance configured with Multi-AZ configuration. In this scenario, what is the type of replication that occurs between the instances when configuring an RDS environment for Multi-AZ in a particular region?
Synchronous replication-The correct answer is Synchronous replication as the type of replication that RDS Multi-AZ deployments does is synchronous replication.
An innovative Business Process Outsourcing (BPO) startup is planning to launch a scalable and cost-effective call center system using AWS. The system should be able to receive inbound calls from thousands of customers and generate user contact flows. Callers must have the capability to perform basic tasks such as changing their password or checking their balance without them having to speak to a call center agent. It should also have advanced deep learning functionalities such as automatic speech recognition (ASR) to achieve highly engaging user experiences and lifelike conversational interactions. A feature that allows the solution to query other business applications and send relevant data back to callers must also be implemented.Which of the following is the MOST suitable solution that the Solutions Architect should implement?
Set up a cloud-based contact center using the Amazon Connect service. Create a conversational chatbot using Amazon Lex with automatic speech recognition and natural language understanding to recognize the intent of the caller then integrate it with Amazon Connect. Connect the solution to various business applications and other internal systems using AWS Lambda functions.
A media company has established a Direct Connect connection between their on-premises data center and their VPC in AWS. The web applications hosted on their data center are experiencing high latency when accessing data from S3 bucket. As the Solutions Architect, what can you do to reduce the latency in this hybrid cloud architecture?
Set up a public virtual interface to connect to a public S3 endpoint resource via the Direct Connect connection.
You are working as a Solutions Architect for a leading media company. There is a requirement to copy information to or from the shared resource in the other AWS account. You have to provide the other account access to several AWS resources such as S3, KMS and Amazon ES, in the form of a list of AWS account ID numbers. In addition, the user in the other account should still work in the trusted account and there is no need to give up his or her user permissions in place of the role permissions. You must also set up a solution that continuously assess, audit, and monitor the policy configurations.Which of the following is the MOST suitable type of policy that you should use in this scenario?
Set up cross-account access with a resource-based Policy. Use AWS Config rules to periodically audit changes to the IAM policy and monitor the compliance of the configuration.
You are working as an AWS Developer for a mobile development company. They are currently developing new android and iOS mobile apps and are considering storing the customization data in AWS. This would provide a more uniform cross-platform experience to their users using multiple mobile devices to access the apps. The preference data for each user is estimated to be 50KB in size. Additionally, 3 million customers are expected to use the application on a regular basis, using their social login accounts for easier user authentication. How would you design a highly available, cost-effective, scalable, and secure solution to meet the above requirements?
Setup a table in DynamoDB containing an item for each user having the necessary attributes to hold the user preferences. The mobile app will query the user preferences directly from the table. Use STS, Web Identity Federation, and DynamoDB's Fine Grained Access Control for authentication and authorization. (Needs review)
You have a production, development, and test environments in your software development department, and each environment contains tens to hundreds of EC2 instances, along with other AWS services. Recently, Ubuntu released a series of security patches for a critical flaw that was detected in their OS. Although this is an urgent matter, there is no guarantee yet that these patches will be bug-free and production-ready hence, you have to immediately patch all of your affected EC2 instances in all the environments, except for the production environment. The EC2 instances in the production environment will only be patched after you have verified that the patches work effectively. Each environment also has different baseline patch requirements that you will need to satisfy.Using the AWS Systems Manager service, how should you perform this task with the least amount of effort?
Tag each instance based on its environment and OS. Create a patch baseline in AWS Systems Manager Patch Manager for each environment. Categorize EC2 instances based on their tags using Patch Groups and apply the patches specified in the corresponding patch baseline to each Patch Group.
A leading financial company is planning to launch its MERN (MongoDB, Express, React, Node.js) application with an Amazon RDS MariaDB database to serve its clients worldwide. The application will run on both on-premises servers as well as Reserved EC2 instances. To comply with the company's strict security policy, the database credentials must be encrypted both at rest and in transit. These credentials will be used by the application servers to connect to the database. The Solutions Architect is tasked to manage all of the aspects of the application architecture and production deployment.How should the Architect automate the deployment process of the application in the MOST secure manner?
Upload the database credentials with a Secure String data type in AWS Systems Manager Parameter Store. Set up a new IAM role with an attached policy that enables access and decryption of the database credentials then associate this role to all on-premises servers and EC2 instances. Deploy the application packages to the EC2 instances and on-premises servers using AWS CodeDeploy. (Needs Review)
A company has created multiple accounts in AWS to support the rapid growth of its cloud services. The multiple accounts are used to separate their various departments such as finance, human resources, engineering, and many others. Each account is managed by a Systems Administrator which has the root access for that specific account only. There is a requirement to centrally manage policies across multiple AWS accounts by allowing or denying particular AWS services for individual accounts, or for groups of accounts.Which is the most suitable solution that you should implement with the LEAST amount of complexity?
Use AWS Organizations and Service Control Policies to control the list of AWS services that can be used by each member account.
A legacy web application, which is composed of an Auto Scaling group of EC2 instances and an Application Load Balancer, will be decommissioned soon. You are tasked to set up a new serverless architecture that comprises of AWS Lambda, API Gateway, and DynamoDB. In addition, you are also required to build a CI/CD pipeline to automate the build process and support gradual deployments.Which is the most suitable way to build, test, and deploy your new architecture in AWS?
Use AWS Serverless Application Model (AWS SAM) and set up AWS CodeBuild, AWS CodeDeploy, and AWS CodePipeline to build a CI/CD pipeline. (Needs Review)
You are setting up a storage solution which will be accessed by over a thousand Linux servers across multiple availability zones. The storage service should maintain high performance and high durability while being able to handle rapidly changing data. In addition, it should also be highly available whenever the servers are fetching and storing data to it, with minimal management overhead. You are also required to choose a configuration management service which will ensure that all of your EC2 instances are bootstrapped with a specific analytics software at start-up.Which of the following is the most suitable solution that you should use to meet the above requirement?
Use EFS as the storage solution and the Systems Manager State Manager as the configuration management service.
An electronics company has an on-premises network as well as a cloud infrastructure in AWS. The on-site data storage which is used by their enterprise document management system is heavily being used, and they are looking at utilizing the storage services in AWS for cost-effective backup and rapid disaster recovery. You are tasked to set up a storage solution that will provide a low-latency access to the enterprise document management system. Most of the documents uploaded in their system are printed circuit board (PCB) designs and schematic diagrams which are frequently used and accessed by their engineers, QA analysts, and their Research and Design department. Hence, you also have to ensure that these employees can access the entire dataset quickly, without sacrificing durability.How can you satisfy the requirement for this scenario?
Use a Stored Volume Gateway to provide cloud-backed storage volumes that you can mount as Internet Small Computer System Interface (iSCSI) devices from your on-premises application servers. This requirement can be fulfilled by setting up a Stored Volume gateway in AWS Storage Gateway.By using stored volumes, you can store your primary data locally, while asynchronously back up that data to AWS. Stored volumes provide your on-premises applications with low-latency access to the entire datasets. At the same time, they provide durable, offsite backups. You can create storage volumes and mount them as iSCSI devices from your on-premises application servers.
A multinational research institute has an urgent requirement to migrate 2 PB of genomic data to AWS in about a week. This is because their data center has been recently struck by a massive magnitude 8 earthquake and the building has been badly damaged, although still operational. They have a 100 Mbps Internet line but the connection is intermittent due to the damages in the electrical grid.In this scenario, what is the most suitable service to use to migrate the data to AWS?
Use multiple AWS Snowball appliances to transfer the data to AWS Cloud.
A company has recently adopted a hybrid cloud architecture which requires them to migrate their databases from their on-premises data center to AWS. One of their applications requires a heterogeneous database migration in which they need to transform their on-premises Oracle database to PostgreSQL. A schema and code transformation should be done first in order to successfully migrate the data.Which of the following options is the most suitable approach to migrate the database in AWS?
Use the AWS Schema Conversion Tool (SCT) to convert the source schema to match that of the target database. Migrate the data using the AWS Database Migration Service (DMS) from the source database to an Amazon RDS for PostgreSQL database.
A company is planning to build its new customer relationship management (CRM) portal in AWS. The application architecture will be using a containerized microservices hosted on an Amazon ECS cluster. A Solutions Architect has been tasked to set up the architecture and comply with the AWS security best practice of granting the least privilege. The architecture should also support the use of security groups and standard network monitoring tools at the container level to comply with the company's strict IT security policies.Which of the following provides the MOST secure configuration for the CRM portal?
Use the awsvpc network mode in the task definition in your Amazon ECS Cluster. Attach security groups to the ECS tasks then use IAM roles for tasks to access other resources.
A company is using AWS Organizations to manage their multi-account and multi-region AWS infrastructure. They are currently doing large-scale automation for their key daily processes to save costs. One of these key processes is sharing specified AWS resources, which an organizational account owns, with other AWS accounts of the company using AWS RAM. There is already an existing service which was previously managed by a separate organization account moderator, who also maintained the specific configuration details.In this scenario, what could be a simple and effective solution that would allow the service to perform its tasks on the organization accounts on the moderator's behal
Use trusted access by running the enable-sharing-with-aws-organization command in the AWS RAM CLI. Mirror the configuration changes that was performed by the account that previously managed this service. (Needs review)
A government agency has multiple VPCs in various AWS regions across the United States that need to be linked up to an on-premises central office network in Washington, D.C. The central office requires inter-region VPC access over a private network that is dedicated to each region for enhanced security and more predictable data transfer performance. Your team is tasked to quickly build this network mesh and to minimize the management overhead to maintain these connections.Which of the following options is the most secure, highly available, and durable solution that you should use to set up this kind of interconnectivity?
Utilize AWS Direct Connect Gateway for inter-region VPC access. Create a virtual private gateway in each VPC, then create a private virtual interface for each AWS Direct Connect connection to the Direct Connect gateway.
A serverless application is using a Lambda function which fetches data from a public REST API as part of its processing. There is a new requirement to configure the function to store the results to a database hosted in a virtual private cloud (VPC) in your account. You have provided the additional VPC-specific configuration information which includes the subnet IDs and security group IDs. However, your function had stopped working and could not complete the processing after your change.Which of the following should you do to fix this issue? (Choose 2)
a. Add a NAT gateway to your VPC. b. Ensure that the associated security group of the Lambda function allows outbound connections.
You are the Lead Solutions Architect for an IT consulting firm which has various teams and departments that have been grouped into several organizational units (OUs) using AWS Organizations. You received a report from the security team that there was a suspected breach in your environment where a third-party AWS account was suddenly added to your organization without any prior approval. The external account has high level access privileges to the accounts that you own but luckily, no detrimental action was performed.What should you do to properly set up a monitoring system than notifies you for any changes to your AWS accounts? (Choose 2)
a. Create a trail in Amazon CloudTrail to capture all API calls to your AWS Organizations, including calls from the AWS Organizations console and from code calls to the AWS Organizations APIs. Use CloudWatch Events and SNS to raise events when administrator-specified actions occur in an organization and send a notification to you. b.Use AWS Config to monitor the compliance of your AWS Organizations. Set up an SNS Topic or CloudWatch Events that will send alerts to you for any changes.
The telecommunications company that you are working for will do a major public announcement for a new phone offer and it is expected that there would be millions of people who will access their website to get the new offer. Their e-commerce platform is running on an Auto Scaling group of On-Demand EC2 instances deployed across multiple Availability Zones. For the database tier, the platform is using an Amazon RDS database in a Multi-AZ deployments configuration. Their e-commerce site performs a high number of small reads and writes per second to handle customer transactions and relies on an eventual consistency model. The Operations team identified that there is read contention on RDS MySQL database after conducting a series of performance tests.Which combination of options should you implement to provide a fast, cost-efficient, and scalable solution? (Select TWO)
a. Set up Read Replicas in each Availability Zone. b. Implement an in-memory cache using Amazon ElastiCache For this scenario, the optimal services to use are Amazon ElastiCache and RDS Read Replicas. Amazon ElastiCache can be used to significantly improve latency and throughput for many read-heavy application workloads (such as social networking, gaming, media sharing and Q&A portals) or compute-intensive workloads (such as a recommendation engine) by allowing you to store the objects that are often read in cache.
An international foreign exchange company has a serverless forex trading application which was built using AWS SAM and is hosted on AWS Serverless Application Repository. They have millions of users worldwide who use their online portal 24/7 to trade currencies. However, they are receiving a lot of complaints that it takes a few minutes for their users to login to their portal lately, including occasional HTTP 504 errors. As the Solutions Architect, you are tasked to optimize the system and to significantly reduce the time to login to improve the customers' satisfaction.Which of the following should you implement in order to improve the performance of the application with minimal cost? (Choose 2)
a. Use Lambda@Edge to allow your Lambda functions to customize content that CloudFront delivers and to execute the authentication process in AWS locations closer to the users. b.Set up an origin failover by creating an origin group with two origins. Specify one as the primary origin and the other as the second origin which CloudFront automatically switches to when the primary origin returns specific HTTP status code failure responses.
In an effort to ensure and strengthen data security, your company has launched a company-wide bug bounty program to find and patch up security vulnerabilities in your web applications as well as the underlying cloud resources. You are working as a Cloud Engineer and decided to focus on checking system vulnerabilities of your AWS resources. Due to budget constraints, the company cannot afford to use AWS Shield Advanced.Which of the following are the best techniques to avoid Distributed Denial of Service (DDoS) attacks for your cloud infrastructure hosted in AWS? (Choose 2)
a. Use an Application Load Balancer (ALB) to reduce the risk of overloading your application by distributing traffic across many backend instances. Integrate AWS WAF and the ALB to protect your web applications from common web exploits that could affect application availability. b. se an Amazon CloudFront distribution for both static and dynamic content of your web applications. Add CloudWatch alerts to automatically look and notify the Operations team for high CPUUtilization and NetworkIn metrics, as well as to trigger Auto Scaling of your EC2 instances.