AWS associate 1

Ace your homework & exams now with Quizwiz!

Which of the following actions is required by Lambda execution role to write the logs into AWS CloudWatch? (choose 3 options)A. logs:CreateLogGroup B. logs:GetLogEvents C. logs:CreateLogStream D. logs:DescribeLogStreams E. logs:PutLogEvents

ACE

A Large Medical Institute is using a legacy database for saving all its patient details. Due to compatibility issues with the latest software, they plan to migrate this database to AWS cloud infrastructure. This large size database will be using a NoSQL database Amazon DynamoDB in AWS. As an AWS consultant, you need to ensure that all the current legacy database tables are migrated without a glitch to Amazon DynamoDB. Which of the following is the most cost-effective way of transferring legacy databases to Amazon DynamoDB?A. Use AWS DMS with AWS Schema Conversion Tool to save data to Amazon S3 bucket then upload all data to Amazon DynamoDB. B. Use AWS DMS with engine conversion tool to save data to Amazon S3 bucket then upload all data to Amazon DynamoDB. C. Use AWS DMS with engine conversion tool to save data to Amazon EC2 then upload all data to Amazon DynamoDB. D. Use AWS DMS with AWS Schema Conversion Tool to save data to Amazon EC2 instance then upload all data to Amazon DynamoDB.

A

A company currently hosts a Redshift cluster in AWS. It should ensure that all traffic from and to the Redshift cluster does not go through the Internet for security reasons. Which features can be used to fulfill this requirement in an efficient manner?A. Enable Amazon Redshift Enhanced VPC Routing. B. Create a NAT Gateway to route the traffic. C. Create a NAT Instance to route the traffic. D. Create a VPN Connection to ensure traffic does not flow through the Internet.

A

A company has a lot of data hosted on their On-premises infrastructure. Running out of storage space, the company wants a quick win solution using AWS. There should be low latency for the frequently accessed data. Which of the following would allow the easy extension of their data infrastructure to AWS?A. The company could start using Gateway Cached Volumes. B. The company could start using Gateway Stored Volumes. C. The company could start using the Amazon S3 Glacier Deep Archive storage class. D. The company could start using Amazon S3 Glacier.

A

A company has an infrastructure that consists of machines that send log information every 5 minutes. The number of these machines can run into thousands. It is required to ensure that the analysis of every log item is completed within 24 hours. What could help to fulfill this requirement?A. Use Kinesis Data Streams to collect the logs and persist the data to S3 using Kinesis Firehose and Lambda. B. Launch an Elastic Beanstalk application to take the processing job of the logs. C. Launch an EC2 instance with enough EBS volumes to consume the logs which can be used for further processing. D. Use CloudTrail to store all the logs which can be analyzed at a later stage.

A

A company is building a two-tier web application to serve dynamic transaction-based content. Which services would you leverage to enable an elastic and scalable WEB TIER?A. Elastic Load Balancing, Amazon EC2, and Auto Scaling B. Elastic Load Balancing, Amazon RDS with Multi-AZ, and Amazon S3 C. Amazon RDS with Multi-AZ and Auto Scaling D. Amazon EC2, Amazon Dynamo DB, and Amazon S3

A

A company is generating large datasets with millions of rows to be summarized column-wise. To build daily reports from these data sets, Business Intelligence tools would be used. Which storage service would meet these requirements?A. Amazon Redshift B. Amazon RDS C. ElastiCache D. DynamoDB

A

A company is using AWS Organizations for managing accounts created in multiple regions. Each of these accounts has created Amazon S3 buckets for storing files. During a security audit, it was found that some of these S3 buckets have public access without any proper requirements leading to security risks. The Security Team has engaged you to propose a secure design to deny all accounts in AWS Organizations from creating an S3 bucket with public access. What policies can be designed to ensure additional protection?A. Enable Amazon S3 Block Public Access on an AWS Account and configure SCPs to deny users making changes to these settings B. Enable Amazon S3 Block Public Access on individual objects in all the S3 buckets and configure SCPs to deny users making changes to these settings C. Use Amazon S3 ACLs on individual objects in all the S3 buckets and configure SCPs to deny users making changes to these settings D. Use the Amazon S3 bucket policy in all the S3 buckets and configure SCPs to deny users making changes to these settings

A

A company is using S3 as their primary storage of large amounts of financial data that arrives in the form of documents, images, videos which are highly confidential. This data is produced as a result of the company executing transactions using its highly modularized microservices architecture for different financial service domains. They require a monitoring solution that will intelligently detect malicious activities that can cause a threat to their storage media compromising confidential data. Apart from S3, the company would also want its Accounts and other AWS services to be protected from threats. The solution should also be extremely cost-effective. Which of the following AWS services can be used for addressing the above requirements?A. Use Amazon Guard Duty to continuously monitor S3 events for any suspicious actions B. Use Amazon Macie to continuously monitor S3 events C. Use CloudTrail to record actions taken by users on S3. Monitor the actions by setting up CloudWatch logs and alarms D. Enable AWS Config rules to monitor compliance changes to S3 resources

A

A large IT company is using Amazon CloudFront for its web application. Static Content for this application is saved in the Amazon S3 bucket. Amazon CloudFront is configured for this application to provide faster access to these files for global users. IT Team is concerned about some critical files that need to be accessed only by users from certain white-list countries that you have defined in Amazon CloudFront geo-restriction. There is a requirement that no users should access these files directly using the Amazon S3 URL. Which of the following is the best way to achieve the given requirement?A. Create an OAI user to associate with distribution modify permission on Amazon S3 bucket using bucket policy. B. Create Amazon CloudFront Signed URLs to limit access to these files modify permission on Amazon S3 bucket using bucket policy. C. Create an OAI user to associate with distribution modify permission on Amazon S3 bucket using object ACL's. D. Create Amazon CloudFront Signed URLs to limit access to these files modify permission on Amazon S3 bucket using object ACL's.

A

A large amount of structured data is stored in Amazon S3 using the JSON format. You need to use a service to analyze the S3 data directly with standard SQL. In the meantime, the data should be easily visualized through data dashboards. Which of the following services is the most appropriate?A. Amazon Athena and Amazon QuickSight. B. AWS Glue and Amazon Athena. C. AWS Glue and Amazon QuickSight. D. Amazon Kinesis Data Stream and Amazon QuickSight.

A

A large engineering company plans to deploy a distributed application with Amazon Aurora as a database. The database should be restored with a Recovery Time objective (RTO) of one minute when there is a service degradation in the primary region. The service restoration should incur the least admin work. What approach can be initiated to design an Aurora database to meet cross-region disaster recovery requirements?A. Use Amazon Aurora Global Database and use the secondary region as a failover for service degradation in the primary region B. Use Multi-AZ deployments with Aurora Replicas which will go into failover to one of the Replicas for service degradation in the primary region C. Create DB Snapshots from the existing Amazon Aurora database and save them in the Amazon S3 bucket. Create a new database instance in a new region using these snapshots when service degradation occurs in the primary region D. Use Amazon Aurora point-in-time recovery to automatically store backups in the Amazon S3 bucket. Restore a new database instance in a new region when service degradation occurs in the primary region using these backups

A

A legal consultant firm is using versioning enabled S3 buckets to save all its legal documents. To avoid any deletion/ modification of these documents, they have locked these files with a retention period of 6 months. In some cases, these legal documents are getting updated with new information that the firm requires to set a different retention period than the original object. Which of the following actions will meet this requirement with the least efforts?A. Create another version of the object with the same name and have a separate retention period than the current object. B. Create another bucket place new objects with different retention periods. C. Overwrite the current object and then place the object in the same bucket with different retention periods. D. Modify name version of object have separate retention period than the current object.

A

A security audit discovers that one of your RDS MySQL instances is not encrypted. The instance has a Read Replica in the same AWS region which is also not encrypted. You need to fix this issue as soon as possible. What is the proper way to add encryption to the instance and its replica?A. Create a DB snapshot from the instance. Copy the DB snapshot with encryption enabled. Restore a new DB instance from the new encrypted snapshot and configure a Read Replica in the new DB instance. B. Encrypt the DB instance. Launch a new Read Replica and the replica is encrypted automatically. C. Create a DB snapshot from the RDS instance and encrypt the newly-created snapshot. Launch a new instance and its Read Replica from the snapshot. D. Promote the Read Replica to be a standalone instance and encrypt it. Add a new Read Replica to the standalone instance.

A

A start-up firm has created a cloud storage application that gives users the ability to store any amount of personal data share them with their connections. For this, they are using Amazon S3 buckets to store user data. The firm has used Amazon S3 multipart upload to upload large objects in parts. During the last quarter, the finance team has observed a surge in storage costs for the S3 bucket. On further checking, the firm observed that many 100 GB files are uploaded by users are in a partially completed state. As an AWS consultant, the IT Team requests you prevent this from happening again. Which of the following actions can be taken to meet this requirement cost-effectively with the least effort?A. Create an S3 lifecycle Configuration to abort incomplete multipart uploads. B. Manually delete incomplete multipart uploads from the S3 bucket. C. Use Cron tool to identify incomplete uploads delete those files. D. No action is required. All Incomplete uploads are automatically deleted every three months by Amazon S3.

A

A startup firm has a large number of applications servers hosted on VMs (virtual machines) associated with VMware vCenter at the on-premises data center. Each of these VMs has different operating systems. They are planning to host these servers in the AWS Cloud. For estimating Amazon EC2 sizing in the AWS Cloud, the IT Team is looking for the resource utilization from on-premises servers which should include key parameters like CPU, disk, memory, and network. This data should be saved in an encrypted format and shared with the SME (Subject Matter Expert) working on this migration. Which method is best suited to get these server details?A. Use Agentless-discovery method with AWS Application Discovery Service B. Use Agentless-discovery method with AWS Server Migration Service C. Use Agent-based discovery method with AWS Server Migration Service D. Use Agent-based discovery method with AWS Application Discovery Service

A

An EC2 Instance hosts a Java-based application that accesses a DynamoDB table. This EC2 Instance is currently serving production users. What would be a secure way for the EC2 Instance to access the DynamoDB table?A. Use IAM Roles with permissions to interact with DynamoDB and assign it to the EC2 Instance. B. Use KMS Keys with the right permissions to interact with DynamoDB and assign it to the EC2 Instance. C. Use IAM Access Keys with the right permissions to interact with DynamoDB and assign it to the EC2 Instance. D. Use IAM Access Groups with the right permissions to interact with DynamoDB and assign it to the EC2 Instance.

A

You have an application hosted on AWS consisting of EC2 Instances launched via an Auto Scaling Group. You notice that the EC2 Instances are not scaling when the traffic is high. Which check should be done to ensure that the scaling occurs as expected?A. Ensure that the right metrics are being used to trigger the scaling. B. Check your scaling policies to see whether more than one policy is triggered by an event. C. Ensure that AutoScaling health checks are being used. D. Ensure that you are using Load Balancers.

A

An e-commerce company is planning to build an application for identifying site visitors based upon prior site visits. The database should query large amounts of site visit data from Amazon S3 and create a graph database. The company is looking for a fully managed high-performance database for this requirement. Additionally, this database should be deployed in an isolated environment. Which database can be selected to meet the requirements?A. Use Amazon Neptune B. Use Amazon DynamoDB C. Use Amazon Aurora Serverless D. Use Amazon RDS

A

Third-party sign-in (Federation) has been implemented in your web application to allow users who need access to AWS resources. Users have been successfully logging in using Google, Facebook, and other third-party credentials. Suddenly, their access to some AWS resources has been restricted. What is the most likely cause of the restricted use of AWS resources?A. IAM policies for resources were changed, thereby restricting access to AWS resources. B. Federation protocols are used to authorize services and need to be updated. C. IAM groups for accessing the AWS resources were changed, thereby restricting their access via federated login. D. The identity providers no longer allow access to AWS services.

A

An oil drilling company is planning to use Kubernetes clusters on offshore platforms. Some of these platforms are in remote locations without having any Internet access. The IT Team is looking for an automated option for cluster management along with the creation of clusters at the offshore platforms. What design can be proposed to manage these Kubernetes clusters?A. Deploy Amazon EKS Anywhere using VMware vSphere. Use the EKS distro along with open-source tools for running the clusters B. Deploy Amazon EKS Anywhere on AWS Outposts. Use Amazon EKS for running clusters C. Deploy Amazon EKS Anywhere using BareMetal deployments. Use Amazon EKS for running clusters D. Deploy Amazon EKS Anywhere using AWS ECR. Use the EKS distro along with open-source tools for running the clusters

A

Instances hosted in the private subnet of your VPC need to access some important documents from the S3 bucket which is outside the VPC. Due to the confidential nature of these documents, you have to ensure that the traffic does not traverse through the internet. As an architect, how would you implement this solution?A. Consider using a VPC Endpoint. B. Consider using an EC2 Endpoint. C. Move the instances to a public subnet. D. Create a VPN connection and access the S3 resources from the EC2 Instance.

A

Shoptech is a recently launched E-Commerce platform serving customers around the globe. For the platform, they have used EC2 instances as application servers managed by an Auto Scaling Group. For the database layer, they have used Amazon RDS with MySQL engine. During their regular monitoring activity, the team observed performance issues in the form of slower database queries over the last few days. They also observed that the DB instance is intermittently throwing "too many connections" errors. They found that this might happen due to the large number of database connections getting opened to ensure quick user response times. These active connections are barely getting used. Which of the following options can solve the problem in the MOST Efficient way?A. Use Amazon RDS Proxy with the MySQL DB instance B. Provision more capacity to the MySQL DB instance C. Use Multi-AZ deployments for MySQL DB instance D. Create Read Replicas with the MySQL DB instance

A

The security policy of an organization requires an application to encrypt data before writing to the disk. Which solution should the organization use to meet this requirement?A. AWS KMS API B. AWS Certificate Manager C. API Gateway with STS D. IAM Access Key

A

There is a requirement to host a database on an EC2 Instance. It is also required that the EBS volume should support 32,000 IOPS. Which Amazon EBS volume type would meet the performance requirements of this database?A. EBS Provisioned IOPS SSD B. EBS Throughput Optimized HDD C. EBS General Purpose SSD D. EBS Cold HDD

A

You are creating several EC2 instances for a new application. The instances need to communicate with each other. For a better performance of the application, both low network latency and high network throughput are required for the EC2 instances. All instances should be launched in a single availability zone. How would you configure this?A. Launch all EC2 instances in a placement group using a Cluster placement strategy. B. Auto assign a public IP when launching the EC2 instances. C. Launch EC2 instances in an EC2 placement group and select the Spread placement strategy. D. When launching the EC2 instances, select an instance type that supports enhanced networking.

A

You are deploying an application to track the GPS coordinates of delivery trucks in the United States. Coordinates are transmitted from each delivery truck once every three seconds. You need to design an architecture that will enable real-time processing of these coordinates from multiple consumers. Which of the following services would you use to implement data ingestion?A. Amazon Kinesis B. AWS Data Pipeline C. Amazon Elastic Transcoder D. Amazon Simple Queue Service

A

You are part of the IT sector at the finance department of your company. Your organization has implemented AWS Organizations for each internal department, and you have access to the master account. You need to manage Amazon EC2 Dedicated Hosts centrally, and share the host's instance capacity with other AWS accounts in the AWS Organizations. How can you accomplish this in the easiest way?A. Use AWS Resource Access Manager to manage the EC2 Dedicated Hosts centrally and share them with other member accounts. B. Use service control policies to share the EC2 Dedicated Hosts in the member accounts. C. Use AWS Control Tower. D. Create IAM policies with conditions and assign them to users in every member account.

A

You are part of the IT team of an assurance company. You have been having a consistent amount of usage of your EC2 instances and Fargate. However, there is also a consistent amount of usage increase. Because of this, you can predict that you may need to increase the size of the instances in 2 or 3 years. The finance team has asked you if there is a way to save costs in the EC2 instances and Fargate. What do you suggest?A. Purchase a Compute Saving plan. B. Purchase an EC2 instance saving plan. C. Purchase a Convertible Reserved Instance. D. Purchase a Standard Reserved Instance.

A

You are working as an AWS Architect for a software company. You are working on a new project which involves an application deployed on twenty C5 EC2 On-demand Instances with Elastic IP attached to each instance. During peak hours, when you are initiating new instances, a considerable delay is observed. You perform a pilot test for the option of initiating these Instances and hibernating so that during peak hours, these instances could be quickly launched. It works fine during the pilot phase. You are recommending this option to be implemented in production. The management team is concerned about the pricing of many EC2 instances in the Hibernate state. What is considered to calculate the pricing for an EC2 instance in the Hibernate state?A. Elastic IP address and EBS volumes attached to EC2 Instance B. Total Compute capacity per hour, Elastic IP address and EBS volumes attached to EC2 Instance C. Total Compute capacity per hour and EBS volumes attached to EC2 Instance D. Total Compute capacity per hour and Elastic IP address attached to EC2 Instance

A

You are working as an AWS consultant in an E-Commerce organization. Your organization is planning to migrate its database from on-premises data centers to Amazon RDS. The automated backup helps to restore the Database to any specific time during the backup retention period in Amazon RDS. Which of the following actions are performed as a part of the Amazon RDS automated backup process?A. AWS creates a storage volume snapshot of the database instance during the backup window once a day. AWS RDS also captures transactions logs and uploads them to S3 buckets every 5 minutes. B. AWS creates a full snapshot of the database every 12 hours during the backup window, captures transactions logs throughout the day, and stores them in S3 buckets. C. AWS creates a full daily snapshot during the backup window. With the snapshot, the RDS instance can be restored at any time. D. AWS creates a storage volume snapshot of the database instance every 12 hours during the backup window, captures transactions logs throughout the day, and stores them in S3 buckets.

A

You have an S3 bucket that receives photos uploaded by customers. When an object is uploaded, an event notification is sent to an SQS queue with the object details. You also have an ECS cluster that gets messages from the queue to do the batch processing. Each of the batch processing job takes the same amount of time to get executed. The queue size may change greatly depending on the number of incoming messages and backend processing speed. Which metric would you use to scale up/down the ECS cluster capacity?A. The number of messages in the SQS queue. B. Memory usage of the ECS cluster. C. Number of objects in the S3 bucket. D. Number of containers in the ECS cluster.

A

You have an application hosted in an Auto Scaling group, and an application load balancer distributes traffic to the ASG. You want to add a scaling policy that keeps the average aggregate CPU utilization of the Auto Scaling group to be 60 percent. The capacity of the Auto Scaling group should increase or decrease based on this target value. Which scaling policy does it belong to?A. Target tracking scaling policy. B. Step scaling policy. C. Simple scaling policy. D. Scheduled scaling policy.

A

You have created an AWS Lambda function that will write data to a DynamoDB table. Which of the following must be in place to ensure that the Lambda function can interact with the DynamoDB table?A. Ensure an IAM Role is attached to the Lambda function which has the required DynamoDB privileges. B. Ensure an IAM User is attached to the Lambda function which has the required DynamoDB privileges. C. Ensure the Access keys are embedded in the AWS Lambda function. D. Ensure the IAM user password is embedded in the AWS Lambda function.

A

You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point, you find out that other sites have been linking to the photos on your site, causing loss to your business. What would be an effective method to mitigate this?A. Remove public read access and use presigned URL with expiry dates. B. Use CloudFront distributions for static content. C. Block the IPs of the offending websites in Security Groups. D. Store photos on an EBS Volume of the web server.

A

You work as an architect for a company. An application is going to be deployed on a set of EC2 instances in a VPC. The Instances will be hosting a web application. You need to design the security group to ensure that users have the ability to connect from the Internet via HTTPS. Which of the following needs to be configured for the security group?A. Allow Inbound access on port 443 for 0.0.0.0/0 B. Allow Outbound access on port 443 for 0.0.0.0/0 C. Allow Inbound access on port 80 for 0.0.0.0/0 D. Allow Outbound access on port 80 for 0.0.0.0/0

A

Your app uses AWS Cognito Identity for authentication and stores user profiles in a User Pool. To expand the availability and ease of signing in to the app, your team is requesting advice on allowing the use of OpenID Connect (OIDC) identity providers as additional means of authenticating users and saving the user profile information. What is your recommendation on OIDC identity providers?A. This is supported, along with social and SAML based identity providers. B. This is not supported, only social identity providers can be integrated into User Pools C. If you want OIDC identity providers, then you must include SAML and social-based support as well D. It's too much effort to add non-Cognito authenticated user information to a User Pool

A

Your company is planning to use Route 53 as the DNS provider. There is a need to ensure that the company's domain name points to an existing CloudFront distribution. How could this be achieved?A. Create an Alias record which points to the CloudFront distribution. B. Create a host record which points to the CloudFront distribution. C. Create a CNAME record which points to the CloudFront distribution. D. Create a Non-Alias Record which points to the CloudFront distribution.

A

Your company needs to develop an application that needs to have a login module in place. Their key requirement is to ensure that users can also use their current identities with various providers such as Facebook to log into the application. Which of the following can help you accomplish this?A. Using the AWS Cognito service B. Using the AWS Config service C. Using the AWS SQS service D. Using the AWS WAF service

A

Your company owns several EC2 Windows servers in production. In order to be compliant with recent company security policies, you need to create an EC2 Windows bastion host for users to connect to the instances via the Remote Desktop Protocol (RDP). How would you ensure that users can perform remote administration for the Windows servers ONLY through the new bastion host?A. Configure the security groups of the Windows server instances to only accept TCP/3389 connections from the security group of the Windows bastion host. B. Configure the security group of the Windows bastion host to only allow RDP from the company's IP addresses. C. Add a NACL rule in the subnets of the Windows server instances to deny TCP/443 and TCP/22. D. In the NACL of the bastion host server, allow the inbound and outbound traffic for TCP/3389.

A

Your company uses KMS to fully manage the master keys and perform encryption and decryption operations on your data and applications. As an additional level of security, you now recommend AWS rotate your keys. What would happen after enabling this additional feature?A. Nothing needs to be done. KMS will manage all encrypt/decrypt actions using the appropriate keys. B. Your company must instruct KMS to re-encrypt all data in all services each time a new key is created. C. You have 30 days to delete old keys after a new one is rotated in. D. Your company must create its own keys and import them to KMS to enable key rotation.

A

Your team is developing a high-performance computing (HPC) application. The application resolves complex, compute-intensive problems and needs a high-performance and low-latency Lustre file system. You need to configure this file system in AWS at a low cost. Which method is the most suitable?A. Create a Lustre file system through Amazon FSx. B. Launch a high performance Lustre file system in Amazon EBS. C. Create a high-speed volume cluster in EC2 placement group. D. Launch the Lustre file system from AWS Marketplace.

A

Your team uses Amazon ECS to manage containers for several micro-services. To save cost, multiple ECS tasks should run at a single container instance. When a task is launched, the host port should be dynamically chosen from the container instance's ephemeral port range. The ECS service should select a load balancer that supports dynamic port mapping. Which types of load balancers are appropriate?A. Application Load Balancer or Network Load Balancer. B. Application Load Balancer only. C. Network Load Balancer only. D. Application Load Balancer or Classic Load Balancer.

A

A company has recently installed multiple software on an Amazon EC2 instance for its new web application. Recently there was an incident that caused a major outage to this web application. The root cause was identified as network ports were open which were exploited. The Security Team is looking for a detailed report on the Amazon EC2 instance which should gather information on all network ports open unintentionally and not used for any service. The solution should provide a list that can help remediate these findings based on criticality. Which of the following approaches can be initiated to get the required reports?A. Implement Amazon Inspector on the Amazon EC2 instance B. Implement Amazon GuardDuty on the Amazon EC2 instance C. Implement Amazon Detective on Amazon EC2 instance D. Implement AWS Artifact on Amazon EC2 instance

A.

A start-up firm has created account A using the Amazon RDS DB instance as a database for a web application. The operations team regularly creates manual snapshots for this DB instance in unencrypted format. The Projects Team plans to create a DB instance in other accounts using these snapshots. They are looking for your suggestion for sharing this snapshot and restoring it to DB instances in other accounts. While sharing this snapshot, it must allow only specific accounts specified by the project teams to restore DB instances from the snapshot. What actions can be initiated for this purpose?A. From Account A, share the manual snapshot by setting the 'DB snapshot' visibility option as private. In other Accounts, directly restore to DB instances from the snapshot B. From Account A, share the manual snapshot by setting the 'DB snapshot' visibility option as public. In other Accounts, directly restore to DB instances from the snapshot C. From Account A, share the manual snapshot by setting the 'DB snapshot' visibility option as private. In other Accounts, create a copy from the snapshot and then restore it to the DB instance from that copy D. From Account A, share the manual snapshot by setting the 'DB snapshot' visibility option as public. In other Accounts, create a copy from the snapshot and then restore it to the DB instance from that copy

A.

A start-up firm is using a JSON-based database for content management. They are planning to rehost this database to AWS Cloud from on-premises. For this, they are looking for a suitable option to deploy this database, which can handle millions of requests per second with low latency. Databases should have a flexible schema that can store any type of user data from multiple sources and should effectively process similar data stored in different formats. Which of the following databases can be selected to meet the requirements?A. Use Amazon DocumentDB (with MongoDB compatibility) in the AWS cloud to rehost the database from an on-premises location B. Use Amazon Neptune in the AWS cloud to rehost the database from an on-premises location C. Use Amazon Timestream in AWS cloud to rehost database from an on-premises location D. Use Amazon Keyspaces in AWS cloud to rehost database from an on-premises location

A.

An IT company is using EBS volumes for storing projects related work. Some of these projects are already closed. The data for these projects should be stored long-term as per regulatory guidelines and will be rarely accessed. The operations team is looking for options to store the snapshots created from EBS volumes. The solution should be cost-effective and incur the least admin work. What solution can be designed for storing data from EBS volumes?A. Create EBS Snapshots from the volumes and store them in the EBS Snapshots Archive B. Use Lambda functions to store incremental EBS snapshots to AWS S3 Glacier C. Create EBS Snapshots from the volumes and store them in a third-party low-cost, long-term storage D. Create EBS Snapshots from the volumes and store them in the EBS standard tier

A.

An organization in the banking sector has got their AWS resources distributed in multiple Availability Zones (AZ) in a region. They share one NAT gateway to connect to all their RDS instances placed in Private Subnet in different AZs to the internet. While trying to perform some Database related operations, the employee of the organization reported intermittent connectivity issues. However, on checking the logs in AWS, they found that the RDS instances were all up and running during the time when the issue was reported. You are hired as a Solution Architect to identify the root cause of this connectivity issue and remediate it without compromising security and resiliency. How would you approach this?A. The customer experiences a connectivity issue when the NAT gateway's Availability Zone goes down. To remediate this, create a NAT gateway in each Availability Zone and configure your routing to ensure that resources use the NAT gateway in the same Availability Zone B. The customer experiences a connectivity issue due to insufficient IAM Policy and Roles. Resolve this by adding the required permissions in the IAM Policy and attach them to the role used for the AWS resources C. The customer experiences a connectivity issue due to low bandwidth in their network. Ask the customer to sign up for a higher bandwidth plan with the network provider/operator D. The customer experiences the connectivity issue when the NAT gateway's Availability Zone goes down. To remediate this, remove the NAT gateway and use VPC Peering to connect to the Multi-AZ RDS instances

A.

In response to the high demand and increase in load, a customer plans to migrate his on-premises and native MongoDB to AWS Cloud. The customer is looking for a compatible Database solution in AWS for easy and fast migration with minimum operation and management overhead. The new database should also be compatible with existing MongoDB so that the applications don't require code changes. As a Solution Architect in the company, what would be your suggestion for this scenario?A. Amazon DocumentDB B. Amazon DynamoDB C. Amazon Keyspaces D. Amazon Neptune

A.

The operations team requires users to grant permission to access AWS resources. Resources are categorized as critical and non-critical resources. For granting these permissions, the principle of least privilege should be followed. Users will be accessing critical resources only on a required basis and non-critical resources on a daily basis. The proposed solution should be an efficient solution considering a large number of resources and users. How can access permissions be designed for this purpose?A. Assign permissions to roles for access to critical resources. Users can switch to these roles to access critical resources. Users can use regular credentials to access non-critical resources B. Create separate user ids for accessing non-critical and critical resources. Users can switch between two user ids while accessing non-critical and critical resources C. Grant full access to all the users to both critical and non-critical resources D. Create a resource-based policy on critical resources. Grant permission to specific users who require access to these resources. Users can use regular credentials to access non-critical resources

A.

Which of the following components are included with Amazon EKS Distro?A. Kubelet, CNI plugins, CoreDNS, etcd, CSI Sidecars, aws-iam-authenticator, Kubernetes Metrics Server B. CNI plugins, CoreDNS, etcd, CSI Sidecars,aws-iam-authenticator, Kubernetes Metrics Server, Amazon Systems Manager Agent C. FluxCD operator, Kubernetes, CNI plugins, CoreDNS ,etcd,CSI Sidecars,aws-iam-authenticator D. Amazon CloudWatch agent, Kubernetes, CNI plugins, CoreDNS, etcd, CSI Sidecars,aws-iam-authenticator, Kubernetes Metrics Server

A.

You are a DevOps Engineer specializing in Containers. You want to run your container workloads running in a Linux environment in your current Data Center for regulations with easy management of your Docker tasks using the AWS Console. You have heard about Amazon ECS Anywhere, and you would like to explore it deeply. What are the main components you should have in your current Linux Servers in an ECS Cluster?A. AWS Systems Manager Agent, Amazon ECS container agent, and Docker must be installed on these Linux Servers B. AWS Systems Manager Agentñ Docker must be installed as part of the process C. Amazon ECS container agent and Docker must be installed on these external instances D. The Amazon CloudWatch Agent, Amazon ECS container agent, and Docker must be installed on these external instances

A.

You are a Research Scientist working on NLP (Natural Language Processing) models. You are planning to use Amazon Comprehend to do some research about multiple texts that are currently stored in your email, but you have some ownership concerns about this service. Who would retain the ownership of the content of the emails that you will analyze using Amazon Comprehend?A. Customer B. AWS C. A third-party company that is in charge of managing the Amazon Comprehend service D. Both, AWS and the Customer

A.

Your company plans to use AppSync with Amazon DynamoDB as a data source. The operations you need to manage between AWS AppSync DynamoDB resolver and DynamoDB are BatchGetItem, BatchPutItem, and BatchDeleteItem. Which policy should you assign to AppSync to use DynamoDB as a source of data and apply the above operations?A. {"Version":"2012-10-17","Statement":[{"Action":["dynamodb:BatchGetItem","dynamodb:BatchWriteItem"],"Effect":"Allow","Resource":["arn:aws:dynamodb:region:account:table/TABLENAME","arn:aws:dynamodb:region:account:table/TABLENAME/*"]}]} B. {"Version":"2012-10-17","Statement":[{"Action":["dynamodb:BatchGetItem","dynamodb:BatchPutItem","dynamodb:BatchDeleteItem"],"Effect":"Allow","Resource":["arn:aws:dynamodb:region:account:table/TABLENAME","arn:aws:dynamodb:region:account:table/TABLENAME/*"]}]} C. {"Version":"2012-10-17","Statement":[{"Action":["dynamodb:BatchGetItem","dynamodb:BatchPutItem","dynamodb:BatchDeleteItem"],"Effect":"Allow","Resource":["arn:aws:dynamodb:region:account:table/TABLENAME/*"]}]} D. {"Version":"2012-10-17","Statement":[{"Action":["dynamodb:BatchGetItem","dynamodb:BatchWriteItem"],"Effect":"Allow","Resource":["arn:aws:dynamodb:region:account:table/TABLENAME"]}]}

A.

You are using AWS DataSync to migrate more than 8TB from on-prem to Amazon S3. After the first DataSync task runs, you notice that some files were not copied. After reviewing the CloudWatch logs, you noticed that the files were skipped. What could be the main cause?A. The source file was locked and couldn't be opened by AWS DataSync B. The source file was opened and modified while it was transferred C. The source file's owner has been changed after it was transferred during the VERIFYING phase D. The source file's permissions are changed after it was transferred and couldn't be read during the VERIFYING phase

A. B.

The CIO of a Start-up Company is very much concerned with the performance of their DevOps team as they take a long time to detect and investigate issues using AWS resources. Sometimes this leads to a revenue loss for the company. In addition to this, the same team had several compliance issues in a recent security audit as the audit team found credentials, license keys, and sensitive AMI IDs being mentioned directly in the code. The company has hired you as a Solution Architect, and the CIO instructed you to resolve all the challenges faced by the DevOps team on priority and get them back to their efficiency. What would you do?A. For failure analysis and investigation, use AWS Systems Manager Application Manager B. For failure analysis and investigation, use AWS AppSync C. Resolve the compliance issue by storing all the secrets in AWS Secrets Manager and change the code to access the secrets from there D. Resolve the compliance issue by storing all the secrets in AWS Systems Manager Parameter Store and changing the code to access the secrets from there E. Resolve the compliance issue by storing all the secrets in a private Amazon S3 bucket. Then create a Gateway VPN Endpoint to access the secret from the bucket securely

A. D.

You are a solutions architect working for an online retailer. Your online website uses REST API calls via API Gateway and Lambda from your Angular SPA front-end to interact with your DynamoDB data store. Your DynamoDB tables are used for customer preferences, account, and product information. When your web traffic spikes, some requests return a 429 error response. What might be the reason your requests are returning a 429 response?A. Your Lambda function has exceeded the concurrency limit B. DynamoDB concurrency limit has been exceeded C. Your Angular service failed to connect to your API Gateway REST endpoint D. Your Angular service cannot handle the volume spike E. Your API Gateway has exceeded the steady-state request rate and burst limits

A. E.

An application consists of frontend and backend EC2 Instances behind classic ELBs. The backend consists of a database deployed on EC2 instances. You want both, the application and the database should be highly scalable. What would you do to achieve the requirement? (Select TWO)A. Use Auto Scaling for the frontend EC2 instances. B. Use Auto Scaling for the backend EC2 instances. C. Replace the Classic ELB with Application ELB. D. Use Network ELB for both the frontend and backend instances.

AB

A company has an application hosted in AWS. This application consists of EC2 Instances that sit behind an ELB. The following are the requirements from an administrative perspective: a) Ensure that notifications are sent when the read requests go beyond 1000 requests per minute. b) Ensure that notifications are sent when the latency goes beyond 10 seconds. c) Monitor all AWS API request activities on the AWS resources. Which of the following can be used to satisfy these requirements? (SELECT TWO)A. Use CloudTrail to monitor the API Activity. B. Use CloudWatch Logs to monitor the API Activity. C. Use CloudWatch Metrics for the metrics that need to be monitored as per the requirement and set up an alarm activity to send out notifications when the metric reaches the set threshold limit. D. Use custom log software to monitor the latency and read requests to the ELB.

AC

Your company currently has a web distribution hosted using the AWS CloudFront service. The IT Security department has confirmed that the application using this web distribution now falls under the scope of PCI (Payment Card Industry) compliance. What are the necessary steps to be followed before auditing? (SELECT TWO)A. Enable CloudFront access logs. B. Enable Cache in CloudFront. C. Use AWS CloudTrail to capture requests sent to the CloudFront API. D. Enable VPC Flow Logs

AC

A Media firm Firm_A uses AWS infrastructure and has a global presence for its sports programming; broadcasting network. It uses AWS Organization to manage multiple AWS accounts. Recently it was acquired by Firm_B which also uses AWS Infrastructure. Firm_B also has its own sets of AWS accounts. After the merger, AWS Accounts of both organizations need to merge to create; manage policies more effectively. As an AWS Consultant, which of the following steps would you suggest to the client to move the management account of the Firm_A to the organization used by the merged entity? (Select THREE)A. Remove all member accounts from the organization in Firm_A. B. Configure another member account as the management account in the Firm_A organization. C. Delete the organization in Firm_A. D. Invite the Firm_A management account to join the new organization (Firm_B) as a member account. E. Invite the Firm_A management account to join the new organization (Firm_B) as a management account.

ACD

A retailer exports data daily from its transactional databases into an S3 bucket in the Sydney region. The retailer's Data Warehousing team wants to import this data into an existing Amazon Redshift cluster in their VPC in Sydney. Corporate security policy mandates that data can only be transported within the AWS's private network. Which steps would satisfy the security policy? (SELECT TWO.)A. Enable Amazon Redshift Enhanced VPC Routing. B. Create a Cluster Security Group to allow the Amazon Redshift cluster to access Amazon S3. C. Create a NAT gateway in a public subnet to allow the Amazon Redshift cluster to access Amazon S3. D. Create and configure an Amazon S3 VPC endpoint.

AD

For which of the following scenarios should a Solutions Architect consider using Elastic BeanStalk? (Select TWO)A. A Java web application using Amazon Linux EC2 instances B. An Enterprise Data Warehouse C. Configuring AWS resources using Chef D. A worker environment with an SQS queue and an Auto Scaling group E. A management task run once on nightly basis

AD

A Financial firm is planning to build a highly resilient application with primary database servers located at on-premises data centers while maintaining its DB snapshots in an S3 bucket. The IT Team is looking for a cost-effective and secure way of transferring the large customer financial databases from on-premises servers to the Amazon S3 bucket with no impact on the client usage of these applications. Also, post this data transfer, the on-premises application will be fetching data from the Amazon S3 bucket in case of a primary database failure. So, your solution should ensure that the Amazon S3 data is fully synced with the on-premises database. Which of the following can be used to meet this requirement?A. Use Amazon S3 Transfer Acceleration for transferring data between the on-premises Amazon S3 bucket while using AWS Data Sync for accessing these S3 bucket data from the on-premises application. B. Use AWS Data Sync for transferring data between the on-premises Amazon S3 bucket while using AWS Storage Gateway for accessing these S3 bucket data from the on-premises application. C. Use AWS Snowball Edge for transferring data between the on-premises Amazon S3 bucket while using AWS Storage Gateway for accessing these S3 bucket data from the on-premises application. D. Use AWS Transfer for transferring data between the on-premises Amazon S3 bucket while using AWS Data Sync for accessing these S3 bucket data from the on-premises application.

B

A Redshift cluster currently contains 60TB of data. There is a requirement that a disaster recovery site is put in place in another region. Which solution would help ensure that this requirement is fulfilled?A. Take a copy of the underlying EBS volumes to S3, and then do Cross-Region Replication. B. Enable Cross-Region snapshots for the Redshift Cluster. C. Create a CloudFormation template to restore the Cluster in another region. D. Enable Cross Availability Zone snapshots for the Redshift Cluster.

B

A Solutions Architect is designing a highly scalable system to track records. These records must remain available for immediate download for up to three months and then must be deleted. What is the most appropriate decision for this use case?A. Store the files in Amazon EBS and create a Lifecycle Policy to remove files after 3 months. B. Store the files in Amazon S3 and create a Lifecycle Policy to remove files after 3 months. C. Store the files in Amazon Glacier and create a Lifecycle Policy to remove files after 3 months. D. Store the files in Amazon EFS and create a Lifecycle Policy to remove files after 3 months.

B

A company has a set of web servers. It is required to ensure that all the logs from these web servers can be analyzed in real-time for any sort of threat detection. What could be the right choice in this regard?A. Upload all the logs to the SQS Service and then use EC2 Instances to scan the logs. B. Upload the logs to Amazon Kinesis and then analyze the logs accordingly. C. Upload the logs to CloudTrail and then analyze the logs accordingly. D. Upload the logs to Glacier and then analyze the logs accordingly.

B

A company has an application that stores images and thumbnails on S3. The thumbnail needs to be available for download immediately. Additionally, both the images and thumbnails are not accessed frequently. What would be the cost-efficient storage option that meets the above-mentioned requirements?A. Amazon Glacier with Expedited Retrievals. B. Amazon S3 Standard Infrequent Access C. Amazon EFS D. Amazon S3 Standard

B

A company has an entire infrastructure hosted on AWS. It requires to create code templates used to provide the same set of resources in another region in case of a disaster in the primary region. Which AWS service can be helpful in this regard?A. AWS Beanstalk B. AWS CloudFormation C. AWS CodeBuild D. AWS CodeDeploy

B

A company wants to have a fully managed data store in AWS. It should be a compatible MySQL database, which is an application requirement. Which of the following AWS database engines has the best throughput?A. AWS RDS MySQL B. AWS Aurora C. AWS DynamoDB D. AWS Redshift

B

A company has its major applications deployed in AWS. The company is building a new office and requires a high-performance network connection between the local office network and the AWS network. The connection needs to have high bandwidth throughput and allow users in the office to connect with multiple AWS VPCs of multiple AWS Regions. How would you establish the connection in the most appropriate way?A. For each AWS Region, create an AWS Direct Connect by configuring a public VIF between the VPC Virtual Private Gateway and the Customer Router. B. Create a Direct Connect Gateway to connect the local network with multiple Amazon VPCs across different regions. C. Configure two Direct Connects with two private VIFs to provide highly-available and dedicated private connections. D. Create an AWS Direct Connect dedicated network connection on top of Amazon VPN to establish an end-to-end secure IPSec connection.

B

A company has resources hosted in its AWS Account. There is a requirement to monitor API activity for all regions and the audit needs to be applied for future regions as well. What would fulfill this requirement?A. Ensure CloudTrail trail for each region, then enable trail for each future region. B. Ensure one CloudTrail trail is enabled for all regions. C. Create a CloudTrail for each region. Use CloudFormation to enable the trail for all future regions. D. Create a CloudTrail for each region. Use AWS Config to enable the trail for all future regions.

B

A company is planning on testing a large set of IoT-enabled devices. These devices will generate a large amount of data every second. You need a scalable and durable real-time data streaming service to capture the data generated from these devices. Which AWS service would be the most appropriate for this purpose?A. AWS EMR. B. AWS Kinesis Data Streams. C. AWS SQS. D. AWS SNS.

B

A company is planning to build an application using the services available on AWS. This application will be stateless in nature, and the service must have the ability to scale according to the demand. Which compute service should be used in this scenario?A. AWS DynamoDB B. AWS Lambda C. AWS S3 D. AWS SQS

B

A company needs to store images that are uploaded by users via a mobile application. There is also a need to ensure that security measures are in place to avoid data loss. Which of the following steps should be taken to protect against unintended user actions?A. Store data in an EBS volume and create snapshots once a week. B. Store data in an S3 bucket and enable versioning. C. Store data on Amazon EFS storage. D. Store data on EC2 instance storage.

B

A company owns an API deployed in EC2 written using Python. All the requests can be finished within 1 second. Most of traffic happens during the daytime. The company wants to save the API cost and simplify the maintenance of the server without impacting the performance. How can this be achieved?A. Use API Gateway with the backend services as it is. B. Use the API Gateway along with AWS Lambda. C. Use CloudFront along with the API backend service as it is. D. Use ElastiCache along with the API backend service as it is.

B

A company requires to use the AWS RDS service to host a MySQL database. This database will be used for production purposes and is expected to experience a high number of read/write activities. Which EBS volume type would be ideal for this database?A. General Purpose SSD B. Provisioned IOPS SSD C. Throughput Optimized HDD D. Cold HDD

B

A company wants to host a web application and a database layer in AWS. This will be done with the use of subnets in a VPC. What would be a proper architectural design for supporting the required tiers of the application?A. Use a public subnet for the web tier and another public subnet for the database layer. B. Use a public subnet for the web tier and a private subnet for the database layer. C. Use a private subnet for the web tier and another private subnet for the database layer. D. Use a private subnet for the web tier and a public subnet for the database layer.

B

A company with a set of admin jobs (.NET core) in the C# programming language is moving its infrastructure to AWS. What would be an efficient mean of hosting the admin related jobs in AWS?A. Use AWS DynamoDB to store the jobs and then run them on demand. B. Use AWS Lambda functions with C# for the Admin jobs. C. Use AWS S3 to store the jobs and then run them on demand. D. Use AWS Config functions with C# for the Admin jobs.

B

A consulting firm repeatedly builds large architectures for their customers using AWS resources from several AWS services, including IAM, Amazon EC2, Amazon RDS, DynamoDB and Amazon VPC. The consultants have architecture diagrams for each of their architectures and are frustrated that they cannot use them to create their resources automatically. Which service should provide immediate benefits to the organization?A. AWS Elastic Beanstalk B. AWS CloudFormation C. AWS CodeBuild D. AWS CodeDeploy

B

A critical web application is deployed on an Amazon EC2 instance. ELB (Elastic Load Balancer) is deployed in front of this Amazon EC2 instance to load balance incoming traffic. The security team is looking for the maximum level of protection for this application from DDoS attacks, and it customized mitigations during attacks. The Operations Team should get near real-time visibility for the complex attacks on this application. What secure solution can be deployed for this purpose?A. Enable Amazon GuardDuty in an account where Amazon EC2 instances are launched. Use Amazon Detective to get real-time visibility for complex attacks B. Enable AWS Shield Advanced protection on ELB. Use AWS WAF to create a proactive rule to mitigate application attacks C. Use AWS Shield Standard to detect DDoS attacks on Amazon EC2 Instance. Use AWS WAF to create a proactive rule to mitigate application attacks D. Use Amazon Inspector to detect DDoS attacks on Amazon EC2 Instance. Use Amazon Detective to get real-time visibility for complex attacks

B

It is expected that only certain specified customers can upload images to the S3 bucket for a certain period of time. What would you suggest as an architect to fulfill this requirement?A. Create a secondary S3 bucket. Then, use an AWS Lambda to sync the contents to the primary bucket. B. Use pre-signed URLs for uploading the images. C. Use ECS Containers to upload the images. D. Upload the images to SQS and then push them to the S3 bucket.

B

A large educational institute is using Amazon S3 buckets to save data for all graduation streams. During annual external audits from local government bodies, institutes need to fetch data of specific streams to get it audited from auditors. A large amount of data is saved in these S3 buckets, making it cumbersome to download whole data retrieve only a small amount of information from it. The IT Team is looking for your consultation for this issue without incurring additional costs or compromising security. Which of the following actions is recommended for resolution?A. Store objects in CSV format compressing it with Snappy using server-side encryption. Use Amazon S3 Select to retrieve a subset of data. B. Store objects in JSON format compressing it with GZIP using server-side encryption. Use Amazon S3 Select to retrieve a subset of data. C. Store objects in Apache Parquet format compressing the whole object with GZIP using server-side encryption. Use Amazon S3 Select to retrieve a subset of data. D. Store objects in CSV format compressing it with BZIP2 without any encryption. Use Amazon S3 Select to retrieve a subset of data.

B

A website runs on EC2 Instances behind an Application Load Balancer. The instances run in an Auto Scaling Group across multiple Availability Zones and deliver several static files stored on a shared Amazon EFS file system. The company needs to avoid serving the files from EC2 Instances every time a user requests these digital assets. What should the company do to improve the user experience of the website?A. Move the digital assets to Amazon Glacier. B. Cache static content using CloudFront. C. Resize the images so that they are smaller. D. Use reserved EC2 Instances.

B

An AWS Solutions Architect designing a solution to store and archive corporate documents has determined Amazon Glacier as the right choice. An important requirement is that the data must be delivered within 5 minutes of a retrieval request. Which feature in Amazon Glacier could help to meet this requirement?A. Vault Lock B. Expedited retrieval C. Bulk retrieval D. Standard retrieval

B

An application hosted in AWS allows external users to upload videos to an S3 bucket. The external users are required to be given access to upload a video for a week based on their respective profiles. How could this be accomplished in the best way possible?A. Create an IAM bucket policy to provide access for one week. B. Create a pre-signed URL for each profile which will last for one week. C. Create an S3 bucket policy to provide access for one week. D. Create an IAM role to provide access for one week.

B

An application hosted on EC2 Instances has its promotional campaign due to start in 2 weeks. The performance team performs some analysis based on the historical data and informs you the number of instances that are required for the campaign. You need to make sure that the Auto Scaling group is properly configured with the provided number of instances. What should be done to fulfill this requirement?A. Migrate the application from the Auto Scaling group to a Lambda function so that the application scales automatically by AWS. B. Configure Scheduled scaling in the Auto Scaling Group. C. Configure a Lambda function that scales up the ASG when the activity starts and scales down when the activity ends. D. Configure Static scaling for the Auto Scaling Group.

B

In your organization, development teams use S3 buckets to store log files for various applications hosted in AWS development environments. The developers intend to keep the logs for a month for troubleshooting purposes and subsequently purge the logs. Which feature should be used to enable this requirement?A. Adding a bucket policy on the S3 bucket. B. Configuring lifecycle configuration rules on the S3 bucket. C. Creating an IAM policy for the S3 bucket. D. Enabling CORS on the S3 bucket.

B

An instance is launched into a VPC subnet with the network ACL configured to allow all outbound traffic and deny all inbound traffic. The security group of the instance is configured to allow SSH from any IP address. What changes are required to allow SSH access to the instance?A. The Outbound Security Group needs to be modified to allow outbound traffic. B. The Inbound Network ACL needs to be modified to allow inbound traffic C. Nothing, it can be accessed from any IP address using SSH. D. Both the Outbound Security Group and Outbound Network ACL need to be modified to allow outbound traffic.

B

An online hypermarket company has deployed a web application using REST API with Amazon API Gateway. Recently they have upgraded the backend to make API scalable. After the upgrade, it was found that some of the consumers using older methods cannot access this API. The older method used by these consumers is not compatible with the responses by the backend host. How should a solution architect redesign the API Gateway to make API compatible with the old method?A. Enable API caching in Amazon API Gateway B. Configure Mapping templates with Amazon API Gateway C. Set up Gateway Response customization in OpenAPI D. Set up a method response model with Amazon API Gateway

B

An organization hosts a multi-language website on AWS, which is served using CloudFront. Language is specified in the HTTP request as shown below: - http://d11111f8.cloudfront.net/main.html?language=de - http://d11111f8.cloudfront.net/main.html?language=en - http://d11111f8.cloudfront.net/main.html?language=es How should AWS CloudFront be configured to deliver cached data in the correct language?A. Forward cookies to the origin B. Based on query string parameters C. Cache objects at the origin D. Serve dynamic content

B

As a Solutions Architect for a multinational organization with more than 150000 employees, management has decided to implement a real-time analysis for their employees' time spent in offices worldwide. You are tasked to design an architecture that will receive the inputs from 10000+ sensors with swipe machine sending in and out data across the globe, each sending 20KB data every 5 Seconds in JSON format. The application will process and analyze the data and upload the results to dashboards in real-time. Other application requirements will include the ability to apply real-time analytics on the captured data. Processing of captured data will be parallel and durable. The application must be scalable as per the requirement as the load varies and new sensors are added or removed at various facilities. The analytic processing results are stored in a persistent data storage for data mining. What combination of AWS services would be used for the above scenario?A. Use EMR to copy the data coming from Swipe machines into DynamoDB and make it available for analytics. B. Use Amazon Kinesis Data Streams to ingest the Swipe data coming from sensors, Use custom Kinesis Data Streams Applications to analyze the data and then move analytics outcomes to RedShift using AWS EMR. C. Use SQS to receive the data coming from sensors, Kinesis Firehose to analyze the data from SQS, then save the results to a Multi-AZ RDS instance. D. Use Amazon Kinesis Data Streams to ingest the sensors' data, Use custom Kinesis Streams applications to analyze the data, and move analytics outcomes to RDS using AWS EMR.

B

Currently, a company uses EBS snapshots to back up their EBS Volumes. As a part of the business continuity requirement, these snapshots need to be made available in another region. How could this be achieved?A. Directly create the snapshot in another region. B. Create a snapshot and copy it to another region. C. Copy the snapshot to an S3 bucket and then enable Cross-Region Replication for the bucket. D. Copy the EBS Snapshot to an EC2 instance in another region.

B

Jim is a Solutions Architect working in an MNC that owns a global E-Commerce application. They have stored the data across different regions around the world and always look for ways to provide low latency data delivery to their global customers securely. All the data is encrypted using KMS, but they have observed some latency issues in some regions recently. After checking out a few configurations, Jim found the cause of the issue: the call made to KMS for using a single encryption key is available in the Mumbai region only. What should Jim use to resolve the latency issues in the given scenario?A. Store all the data in the Mumbai Region only instead of multiple Regions B. Create Multi-Region keys in the Regions where the data resides C. Disable encryption and serve the unencrypted data to avoid the encryption key issue D. KMS Keys are not Region-specific. Instead, they are available in all regions by default, no matter where you create them. Latency might be due to other unknown issues

B

There is a requirement to get the source IP addresses that access resources in a private subnet. Which of the following cost-optimized service could be used to fulfill this purpose?A. AWS Trusted Advisor B. VPC Flow Logs C. Use CloudWatch metrics D. Use CloudTrail

B

Which of the following is the correct way to load streaming data into Amazon OpenSearch Service from different sources?A. Load streaming data from Amazon Kinesis Data Firehose using AWS Lambda functions as event handlers. B. Load streaming data from Amazon S3 using AWS Lambda functions as event handlers. C. Load streaming data from Amazon CloudWatch Logs using AWS Lambda functions as event handlers. D. Load streaming data from AWS IoT using AWS Lambda functions as event handlers.

B

While managing permissions for the API Gateway, what could be used to ensure that the right level of permissions is given to Developers, IT Admins, and end-users? The permissions should be easily managed.A. Use the secure token service to manage the permissions for different users. B. Use IAM Permissions to create different policies for different types of users. C. Use the AWS Config tool to manage the permissions for different users. D. Use IAM Access Keys to create sets of keys for different types of users.

B

You are a solutions architect working for a data analytics company that delivers analytics data to politicians that need the data to manage their campaigns. Political campaigns use your company's analytics data to decide on where to spend their campaign money to get the best results for the efforts. Your political campaign users access your analytics data through an Angular SPA via API Gateway REST endpoints. You need to manage the access and use of your analytics platform to ensure that the individual campaign data is separate. Specifically, you need to produce logs of all user requests and responses to those requests, including request payloads, response payloads, and error traces. Which type of AWS logging service should you use to achieve your goals?A. Use CloudWatch access logging B. Use CloudWatch execution logging C. Use CloudTrail logging D. Use CloudTrail execution logging

B

You are creating a new architecture for a financial firm. The architecture consists of some EC2 instances with the same type and size (M5.large). In this architecture, all the EC2 mostly communicate with each other. Business people have asked you to create this architecture keeping in mind low latency as a priority. Which placement group option could you suggest for the instances?A. Partition Placement Group B. Clustered Placement Group C. Spread Placement Group D. Enhanced Networking Placement Group

B

You are currently a Business Intelligence developer for a company. Many data sources that are defined for the Logistics team in your company are hosted in AWS. They are now looking for a quick solution to build visualization screens around the data hosted in AWS. Which of the following can be used to fulfill this requirement?A. AWS Redshift B. AWS Quicksight C. AWS Glue D. AWS DynamoDB

B

You are developing a new mobile application which is expected to be used by thousands of customers. You are considering to store user preferences in AWS and need a non-relational data store to save the same. Each data item is expected to be 20KB in size. The solution needs to be cost-effective, highly available, scalable, and secure. Which of the following designs is the most suitable?A. Create a new Amazon RDS instance and store the user data there. B. Create a Amazon DynamoDB table with the required Read and Write capacity and use it as the data layer. C. Use Amazon Glacier to store the user data. D. Use an Amazon Redshift Cluster for managing the user preferences.

B

You are developing an application using AWS SDK to get objects from AWS S3. The objects have big sizes. Sometimes there are failures when getting objects, especially when the network connectivity is poor. You want to get a specific range of bytes in a single GET request and retrieve the whole object in parts. Which method can achieve this?A. Enable multipart upload in the AWS SDK. B. Use the "Range" HTTP header in a GET request to download the specified range bytes of an object. C. Reduce the retry requests and enlarge the retry timeouts through AWS SDK when fetching S3 objects. D. Retrieve the whole S3 object through a single GET operation.

B

You are part of the IT team of an insurance company. You have 4 M5.large EC2 instances used to compute some data of your core services. The amount of usage of these instances has been very consistent. So you predict that it will not increase in the next two or three years. However, your CFO is asking if there is a way to reduce costs in the EC2 instances. What do you suggest to get the maximum cost reduction?A. Use a Compute Savings Plan. B. Use an EC2 instance Savings Plan. C. Use a Convertible Reserved Instance. D. Use a Dedicated Instance.

B

You are planning to launch the AWS ECS container instance. You would like to set the ECS container agent configuration during the ECS container instance initial launch. What should you perform to configure container agent information?A. Set configuration in the ECS metadata parameter during cluster creation. B. Set configuration in the user data parameter of EC2 instance. C. Define configuration in the task definition. D. Define configuration in the service definition.

B

You are planning to use Auto Scaling groups to maintain the performance of your web application. How would you ensure that the scaling activity has sufficient time to stabilize without executing another scaling action?A. Modify the Instance User Data property with a timeout interval. B. Increase the Auto Scaling Cooldown timer value. C. Enable the Auto Scaling cross zone balancing feature. D. Disable CloudWatch alarms till the application stabilizes.

B

You are working as AWS Solutions Architect for a large banking organization. The requirement is that under normal business hours, there would always be at least 24 web servers up and running in a region (example: US - West (Oregon)). It will be a three-tier architecture connecting to the databases. The solution offered should be highly available, secure, and cost-effective. It should respond to the heavy requests during peak hours and fault-tolerate up to one AZ failure. What would be the best solution to meet this requirement?A. In a given region, use ELB behind two different AZs, each AZ with minimum or desired 24 web servers hosted in a public subnet and Multi-AZ database architecture in a private subnet. B. In a given region, use ELB behind three different AZs, each AZ having ASG, with minimum or desired 12 web servers hosted in a public subnet and Multi-AZ database architecture in a private subnet. C. In a given region, use ELB behind two different AZs, each AZ having ASG, with minimum or desired 12 web servers hosted in a public subnet and Multi-AZ database architecture in a private subnet. D. In a given region, use ELB behind three different AZs, each AZ having ASG, with minimum or desired 8 web servers hosted in public subnet and Multi-AZ database architecture in a different public subnet.

B

You are working as an AWS Architect for a start-up company. They have a two-tier production website. Database servers are spread across multiple Availability Zones. You have configured Auto Scaling Group for these database servers with a minimum of 2 instances a maximum of 6 instances. During post-peak hours, you observe some data loss. Which feature needs to be configured additionally to avoid future data loss (and copy data before instance termination)?A. Modify the cooldown period to complete custom actions before the Instance terminates. B. Add lifecycle hooks to Auto Scaling group. C. Customize Termination policy to complete data copy before termination. D. Suspend Terminate process that will avoid data loss.

B

You are working for a start-up company that develops mobile gaming applications using AWS resources. For creating AWS resources, the project team is using CloudFormation Templates. The Project Team is concerned about the changes made in EC2 instance properties by the Operations Team, apart from parameters specified in CloudFormation Templates. To observe changes in AWS EC2 instance, you advise using CloudFormation Drift Detection. After Drift detection, when you check drift status for all AWS EC2 instances, drift for certain property values with default values for resource properties is not displayed. What would you do to include these resource properties to be captured in CloudFormation Drift Detection?A. Run CloudFormation Drift Detection on individual stack resources instead of entire CloudFormation stack. B. Explicitly set the property value, which can be the same as the default value. C. Manually check these resources as this is not supported in CloudFormation Drift Detection. D. Assign Read permission to CloudFormation Drift Detection to determine drift.

B

You currently have your EC2 instances running in multiple availability zones in an AWS region. You need to create NAT gateways for your private instances to access internet. How would you set up the NAT gateways so that they are highly available?A. Create two NAT Gateways and place them behind an ELB. B. Create a NAT Gateway in each Availability Zone. C. Create a NAT Gateway in another region. D. Use Auto Scaling groups to scale the NAT Gateways.

B

You have a cluster of Windows instances joined to an AWS Managed Active Directory. You want to have a shared storage for all these instances and control this storage access with the Managed Active Directory. Which of the following services allows you to achieve this?A. Amazon FSx for Lustre B. Amazon FSx for Windows File Server C. Amazon EFS D. Use S3 and AD Connector

B

You have a local data center on-premise that stores archived files. The total amount of the files is about 70TB. The data needs to be transferred to Amazon Simple Storage Service (S3). After the data transfer is finished, the local data center will not be used. Which solution is the most appropriate?A. AWS Direct Connect. B. AWS Snowball. C. Amazon S3 Transfer Acceleration. D. AWS Global Accelerator.

B

You have implemented AWS Cognito services to require users to sign in and sign up to your app through social identity providers like Facebook, Google, etc. Your marketing department wants users to anonymously try out the app because the current log-in requirement is excessive, which may reduce the demand for products and services offered through the app. What would you suggest to the marketing department in this regard?A. It's too much of a security risk to allow unauthenticated users access to the app. B. Cognito Identity supports guest users for the ability to enter the app and have limited access. C. A second version of the app will need to be offered for unauthenticated users. D. This is possible only if we remove the authentication from everywhere.

B

You need to deploy a high performance computing (HPC) and machine learning application in AWS Linux EC2 instances. The performance of inter-instance communication is very critical for the application. You want to attach a network device to the instance so that the computing performance can be greatly improved. Which of the following options can achieve the best performance?A. Enable enhanced networking feature in the EC2 instance. B. Configure Elastic Fabric Adapter (EFA) in the instance. C. Attach high speed Elastic Network Interface (ENI) in the instance. D. Create Elastic File System (EFS) and mount the file system in the instance.

B

You need to install a 150 GB volume on an EC2 Instance for a new application. While the data in the volume is used less frequently with small peaks in the morning and evening, which storage type would be the most cost-effective option for the given requirement?A. Amazon EBS provisioned IOPS SSD. B. Amazon EBS Cold HDD. C. Amazon EBS General Purpose SSD. D. Amazon EFS.

B

You work in a large organization. Your team creates AWS resources such as Amazon EC2 dedicated hosts and reserved capacities that need to be shared by other AWS accounts. You need an AWS service to centrally manage these resources so that you can easily specify which accounts or Organizations can access the resources. Which AWS service would you choose to meet this requirement?A. IAM B. Resource Access Manager C. Service Catalog D. AWS Single Sign-On

B

Your company currently has a set of non-production EC2 Instances hosted in AWS. To save costs, you want to stop the EC2 instance when the average CPU utilization percentage has been lower than 10 percent for 24 hours, signaling that it is idle and no longer in use. Which step could be helpful to fulfill this requirement?A. Use CloudWatch Logs to store the state change of the instances. B. Create Amazon CloudWatch alarms that monitor the CPU utilization metric and stop the instances when the alarms are triggered. C. Use SQS to monitor the metric and add the record to a DynamoDB table. D. Use AWS Lambda to monitor the metric and store the state in a DynamoDB table.

B

Your company is planning on the following architecture for their application. - A set of EC2 Instances hosting the web part of the application. - A relational database for the backend. - A Load balancer for distribution of traffic. - A NAT gateway for routing traffic from the database server to the Internet. Which of the following architecture ensures high availability across all components?A. A Load balancer with one public subnet, one private subnet. The EC2 Instances placed in one Availability Zone. RDS with Multi-AZ Enabled. NAT Gateway in one availability zone. B. A Load balancer with 2 public subnets, 2 private subnets. The EC2 Instances placed across 2 Availability Zones. RDS with Multi-AZ Enabled. NAT Gateways in each availability zone. C. A Load balancer with 2 public subnets, 2 private subnets. The EC2 Instances placed in 2 Availability Zones. RDS with Multi-AZ Enabled. NAT Gateway in one availability zone. D. A Load balancer with 2 public subnets, 2 private subnets. The EC2 Instances placed in one Availability Zone. RDS with Multi-AZ Enabled. NAT Gateway in one availability zone.

B

Your company is planning to make use of the Elastic Container service for managing their container-based applications. They are going to process both critical and non-critical workloads with these applications. Which of the following cost-effective setup would they consider?A. Use ECS orchestration and Spot Instances for processing critical data and On-Demand for the non-critical data. B. Use ECS orchestration and On-Demand Instances for processing critical data and Spot Instances for the non-critical data. C. Use ECS orchestration and Spot Instances for both the processing of critical data and non-critical data. D. Use ECS orchestration and On-Demand Instances for both the processing of critical data and non-critical data.

B

Your current setup in AWS consists of the following architecture: 2 public subnets, one subnet with web servers accessed by users across the Internet and another subnet for the database server. Which of the following changes to the architecture would add a better security boundary to the resources hosted in this setup?A. Consider moving the web server to a private subnet. B. Create a private subnet and move the database server to a private subnet. C. Consider moving both the web and database servers to a private subnet. D. Consider creating a private subnet and adding a NAT Instance to that subnet.

B

Your organization had asked to be cost-efficient in designing AWS solutions. You have created three VPCs(VPC A, VPC B, VPC C), peered VPC A to VPC B and VPC B to VPC C. You have created a NAT gateway in VPC B and would like to use the same NAT Gateway for resources within VPC A and VPC C. However, the resources within VPC A and VPC C cannot communicate to the internet through NAT Gateway, but resources in VPC B can communicate. What could be the reason?A. Route tables in VPC A and VPC C are not configured to have VPC B's NAT gateway. B. Using another VPC's NAT Gateway is not supported in AWS. C. VPC A has not peered with VPC C. D. NAT Gateway is not created inside VPC B's public subnet.

B

Your recent security reviews revealed a large spike in logins attempted to your AWS account. With respect to sensitive data stored in encryption enabled S3, the data has not been encrypted and is susceptible to fraud if it was to be stolen. You've recommended AWS Key Management Service as a solution. Which of the following is true regarding the operations of KMS?A. Only KMS generated keys can be used to encrypt or decrypt data. B. Data is encrypted at rest with KMS. C. KMS allows all users and roles to use the keys by default. D. Data is encrypted in transit with the KMS key.

B

Your team has deployed an application that consists of a web and database tier hosted on separate EC2 Instances. Both EC2 Instances are using General Purpose SSD for their underlying volume type. Of late, there are performance issues related to the read and writes of the database EC2 Instance. Which of the following could be used to alleviate the issue?A. Change the Instance type to a higher Instance Type. B. Change the EBS volume to Provisioned IOPS SSD. C. Enable Enhanced Networking on the Instance. D. Enable Multi-AZ for the database.

B

A company is sharing geospatial data with users in different AWS accounts for commercial purposes. Users from these accounts access a large amount of data stored in the Amazon S3 bucket in the us-east-1 region from different AWS regions. The company has incurred high charges for this data sharing belonging to transfer charges. The Finance Team is looking for an option to minimize these charges. What solution can be designed to minimize this cost?A. Configure Amazon CloudFront in front of the Amazon S3 bucket to share data from the nearest edge locations B. Configure the Requester Pays option on the Amazon S3 bucket C. Share pre-signed URLs with the users to access data from the Amazon S3 bucket D. Replicate data to Amazon S3 buckets in all the regions to enable users to download data from local Amazon S3 buckets

B.

A drug research team in a Medical Company has decided to use Amazon Elastic File System (EFS) as shared file system storage for their Linux workloads. All these files are related to new drug discoveries in the field of cancer treatment and are critically important for the next six months. The customer is looking for a solution to protect the data by backing up the EFS file system and simplifying the creation, migration, restoration, and deletion of backups while providing improved reporting and auditing. As a Solution Architect, what would be your suggestions for a centralized and easy-to-develop backup strategy for the above requirement?A. Use Amazon S3 File Gateway to back up the Amazon EFS file system B. Use AWS Backup to back up the Amazon EFS file systems C. Amazon FSx File Gateway to back up the Amazon EFS file systems D. Use Amazon S3 Transfer Acceleration to copy the files from EFS into a centralized S3 bucket and then configure Cross-Region Replication of the bucket

B.

An IT firm is planning to store all its critical project-related documents in an Amazon S3 bucket. All these files should be encrypted at rest. As per security guidelines, firms need to manage the encryption process internally, but keys used for the encryption should not be stored locally. How can encryption solutions be designed to meet the data encryption guidelines?A. Use a key stored within the application for client-side encryption while uploading/downloading data from the Amazon S3 bucket B. Use an AWS KMS key for client-side encryption while uploading/downloading data from the Amazon S3 bucket C. Use a customer-provided key for client-side encryption while uploading/downloading data from the Amazon S3 bucket D. Use an Amazon S3 bucket key for client-side encryption while uploading/downloading data from the Amazon S3 bucket

B.

An electronic manufacturing company plans to deploy a web application using the Amazon Aurora database. The Management is concerned about the disk failures with DB instances and needs your advice for increasing reliability using Amazon Aurora automatic features. In the event of disk failures, data loss should be avoided, reducing additional work to perform from the point-in-time restoration. What design suggestions can be provided to increase reliability?A. Add Aurora Replicas to primary DB instances by placing them in different regions. Aurora's crash recovery feature will avoid data loss post disk failure B. Add Aurora Replicas to primary DB instances by placing them in different availability zones. Aurora storage auto-repair feature will avoid data loss post disk failure C. Add Aurora Replicas to the primary DB instance by placing them in different regions. Aurora Survivable page cache feature will avoid data loss post disk failure D. Add Aurora Replicas to the primary DB instance by placing them in different availability zones. Aurora's crash recovery feature will avoid data loss post disk failure

B.

An engineering firm uses Amazon CloudTrail to record user activities across multiple accounts. Log files for this CloudTrail are stored in the Amazon S3 bucket in the us-east-1 region. Keys used for encrypting these logs should be managed by the Security team in this firm. Only specific users in the team should have permission to use this key for encrypting and decrypting log files. You have been assigned to work on this solution to suggest an efficient solution for additional security to log files from multiple accounts. Which of the following solutions can you propose?A. Use Server-side encryption with Amazon S3-managed encryption keys (SSE-S3) for CloudTrail log files. Use different keys for encrypting and decrypting log files for multiple accounts across different regions B. Use Server-side encryption with AWS KMS-managed keys (SSE-KMS) for CloudTrail log files. Create a KMS key in the same region as the S3 bucket storing the log files. Use the same key for encrypting and decrypting log files for multiple accounts across different regions C. Use Server-side encryption with Amazon S3-managed encryption keys (SSE-S3) for CloudTrail log files. Use the same keys for encrypting and decrypting log files for multiple accounts across different regions D. Use Server-side encryption with AWS KMS-managed keys (SSE-KMS) for CloudTrail log files. Create a KMS key in a different region than the S3 bucket storing the log files. Use the different keys for encrypting and decrypting log files for multiple accounts across different regions

B.

An online educational platform is developing a web application that millions of students will use to access educational content. They will be using the Amazon EC2 instance for their compute services and are looking for a high-performance shared storage solution that will be accessed parallelly. For each of the user sessions accessing a file system, it should be able to provide high throughput of more than 25 GB/s. Which file system can be selected to meet performance requirements?A. FSx for NetApp ONTAP B. FSx for Lustre C. FSx for Windows File Server D. FSx for OpenZFS

B.

You are a solutions architect working for a data analytics company that delivers analytics data to politicians that need the data to manage their campaigns. Political campaigns use your company's analytics data to decide on where to spend their campaign money to get the best results for the efforts. Your political campaign users access your analytics data through an Angular SPA via API Gateway REST endpoints. You need to manage the access and use of your analytics platform to ensure that the individual campaign data is separate. Specifically, you need to produce logs of all user requests and responses to those requests, including request payloads, response payloads, and error traces. Which type of AWS logging service should you use to achieve your goals?A. Use CloudWatch access logging B. Use CloudWatch execution logging C. Use CloudTrail logging D. Use CloudTrail execution logging

B.

You are a solutions architect working for a financial services firm that operates applications in the hybrid cloud model. You have applications running on EC2 instances in your VPC that communicate with resources in your on-prem data center. You have a workload on an EC2 network interface in one subnet and a transit gateway association in a different subnet. Also, these two subnets are associated with different NACLs. You have set up Network Access Control List (NACL) rules to control the traffic to and from your EC2 instances and transit gateway. Which of the following is true about the NACL rules for traffic from your EC2 instances to the transit gateway?A. Outbound rules use the source IP address to evaluate traffic from the instances to the transit gateway B. Outbound rules use the destination IP address to evaluate traffic from the instances to the transit gateway C. Outbound rules are not evaluated for the transit gateway subnet D. Inbound rules use the destination IP address to evaluate traffic from the transit gateway to the instances

B.

You are an engineer in charge of the FinOps department of your organization. The multi-account strategy has been created using AWS Control Tower as part of the best practices and recommendations. You want to ensure that all accounts under the 'OU=development' of the AWS Organizations should not create resources outside of Ireland (eu-west-1). How can you make sure that the required condition is applied using the below Policy Statement? {"Version":"2012-10-17","Statement":[{"Sid":"IrelandDeny","Effect":"Deny","Action":["*"],"Resource":"*","Condition":{"StringNotEquals":{"aws:RequestedRegion":["eu-west-1"]}}}]}A. Add the Policy Statement to a Permissions Boundary to the developer IAM role B. Add the Policy Statement to the SCP (Service control policy) and attach it to the Organizational Unit OU=development C. Add the Policy Statement to the SCP (Service control policy) and attach it to the Organizational Unit OU=root D. Add the Policy Statement as a managed policy for the role

B.

You are the owner of a Microservices application that has a poor latency when it runs into the ECS cluster. Which AWS services could help you analyze the root cause by tracing different calls into the application?A. Amazon CloudWatch B. AWS X-Ray C. Amazon Event Bridge D. Amazon CloudTrail

B.

You are working in a multimedia company and want to transfer a massive amount of data to Amazon S3. You have heard that SnowBall Edge could be the right tool for this purpose. When you are trying to transfer data using the AWS CLI, one of our biggest files of 12TB, you get an error with the client validating this transfer. What could be the main cause of the error?A. The maximum file size that could be transferred using the AWS CLI is 150GB B. The maximum file size that could be transferred using the AWS CLI is 5TB C. The role that you are using to transfer files can't transfer more than 5TB D. Amazon S3 doesn't support files larger than 10TB

B.

A company hosts a popular web application that connects to an Amazon RDS MySQL DB instance running in a default VPC private subnet with the default NACL settings created by AWS. The web servers must be accessible only to customers on HTTPS connections, and the database must only be accessible to web servers in a public subnet. Which solution would meet these requirements without impacting other applications? (SELECT TWO)A. Create a network ACL on the Web Server's subnets, allow HTTPS port 443 inbound and specify the source as 0.0.0.0/0. B. Create a Web Server security group that allows HTTPS port 443 inbound traffic from anywhere (0.0.0.0/0) and apply it to the Web Servers. C. Create a DB Server security group that allows MySQL port 3306 inbound and specify the source as the Web Server security group. D. Create a network ACL on the DB subnet, allow MySQL port 3306 inbound for Web Servers and deny all outbound traffic. E. Create a DB Server security group that allows HTTPS port 443 inbound and specify the source as a Web Server security group.

BC

A company plans to deploy a batch processing application using docker containers. Which of the following would ideally help to host this application? (SELECT TWO)A. Copy the batch processing application to an ECS Container. B. Create a docker image of your batch processing application. C. Deploy the image as an Amazon ECS task. D. Deploy the container behind the ELB.

BC

An application consists of the following architecture: EC2 Instances in a single AZ behind an ELB A NAT Instance which is used to ensure that instances can download updates from the Internet What could be done to ensure better fault tolerance in this setup? (SELECT TWO.)A. Add more instances in the existing Availability Zone. B. Add an Auto Scaling Group to the setup. C. Add more instances in another Availability Zone. D. Add another ELB for more fault tolerance.

BC

You are a solutions architect working for a social media company that provides a place for civil discussion of political and news-related events. Due to the ever-changing regulatory requirements and restrictions placed on social media apps that provide these services, you need to build your app in an environment where you can change your implementation instantly without updating code. You have chosen to build the REST API endpoints used by your social media app user interface code using Lambda. How can you securely configure your Lambda functions without updating code? (Select TWO)A. Pass environment variables to your Lambda function via the request header sent to your API Gateway methods. B. Configure your Lambda functions to use key configuration. C. Use encryption helpers D. Use Lambda layers E. Use Lambda aliases

BC

You have a requirement to host a static website for a domain named mycompany.com in AWS. Which of the listed steps will you follow in order to set this up? (SELECT TWO.)A. Host the static site on an EC2 Instance. B. Use Route53 with static web site in S3. C. Use Route53 as the domain registrar to register the domain name. D. Place the EC2 instance behind the ELB.

BC

You have planned to host a web application on AWS. You create an EC2 Instance in a public subnet that needs to connect to an EC2 Instance that will host an Oracle database. Which steps would ensure a secure setup? (SELECT TWO)A. Place the EC2 Instance with the Oracle database in the same public subnet as the Webserver for faster communication. B. Place the ec2 instance that will host the Oracle database in a private subnet. C. Create a database Security group which allows incoming traffic only from the Web server's security group. D. Ensure that the database security group allows incoming traffic from 0.0.0.0/0.

BC

A company is developing a web application to be hosted in AWS. This application needs a data store for session data. As an AWS Solution Architect, what would you recommend as an ideal option to store session data? (SELECT TWO)A. CloudWatch B. DynamoDB C. Elastic Load Balancing D. ElastiCache E. Storage Gateway

BD

A company is using a Redshift cluster to store its data warehouse. There is a requirement from the Internal IT Security team to encrypt data in the Redshift database. How could this be achieved? (SELECT TWO)A. Encrypt the EBS volumes of the underlying EC2 Instances. B. Use AWS KMS Customer Default master key. C. Use SSL/TLS for encrypting the data. D. Use hardware security module (HSM) to manage the top-level encryption keys .

BD

You lead a team to develop a new web application in AWS EC2. The application will have a large number of users globally. For a great user experience, this application requires very low network latency and jitter. If the network speed is not fast enough, you will lose customers. Which tool would you choose to improve the application performance? (Select TWO.)A. AWS VPN B. AWS Global Accelerator C. Direct Connect D. API Gateway E. CloudFront

BE

You are in charge of migrating your actual On-Premise Postgres database to AWS Cloud. There is a requirement that the database must remain fully operational during the migration. Which of these services is well suited for this task?A. AWS DataSync B. AWS Server Migration Service C. AWS Database Migration Service D. AWS Migration Hub

C

A Media firm is saving all its old videos in S3 Glacier Deep Archive. Due to the shortage of new video footage, the channel has decided to reuse all these old videos. Since these are old videos, the channel is not sure of their popularity response from users. Channel Head wants to make sure that these huge size files do not shoot up their budget. For this, as an AWS consultant, you advise them to use the S3 intelligent storage class. The Operations Team is concerned about moving these files to the S3 Intelligent-Tiering storage class. Which of the following actions can be taken to move objects in Amazon S3 Glacier Deep Archive to the S3 Intelligent-Tiering storage class?A. Use Amazon S3 Console to copy these objects from S3 Glacier Deep Archive to the required S3 Intelligent-Tiering storage class. B. Use Amazon S3 Glacier Console to restore objects from S3 Glacier Deep Archive then copy these objects to the required S3 Intelligent-Tiering storage class. C. Use Amazon S3 console to restore objects from S3 Glacier Deep Archive then copy these objects to the required S3 Intelligent-Tiering storage class. D. Use the Amazon S3 Glacier console to copy these objects to the required S3 Intelligent-Tiering storage class.

C

A Solutions Architect is designing an online shopping application running in a VPC on EC2 Instances behind an Elastic Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application tier must read and write data to a customer-managed database cluster. There should be no access to the database from the Internet. But the cluster must be able to obtain software patches from the Internet. Which of the following VPC design meets the requirements?A. Create public subnets for the application tier and the database cluster. B. Create public subnets for the application tier and private subnets for the database cluster. C. Create public subnets with NAT Gateway for the application tier and private subnets for the database cluster. D. Create private subnets for the application tier, and private subnets with NAT Gateway for the database cluster.

C

A company has a media processing application deployed in a local data center. Its file storage is built on a Microsoft Windows file server. The application and file server need to be migrated to AWS. You want to set up the file server in AWS quickly. The application code should continue working to access the file systems. Which method should you choose to create the file server?A. Create a Windows File Server from Amazon WorkSpaces. B. Configure a high performance Windows File System in Amazon EFS. C. Create a Windows File Server in Amazon FSx. D. Configure a secure enterprise storage through Amazon WorkDocs.

C

A company hosts 5 web servers in AWS. They want to ensure that multiple values for a DNS query should be returned and traffic routed to multiple IP addresses. In addition, you want to associate your routing records with a Route 53 health check. Which routing policy should be used to fulfill this requirement?A. Simple B. Weighted C. Multivalue Answer D. Latency

C

A database is being hosted using the Amazon RDS service. This database will be deployed in production and needs to be highly available. Which of the following could be used to achieve this requirement?A. Use Multi-AZ for the RDS instance to ensure that a secondary database is created in another region. B. Use the Read Replica feature to create another instance of the DB in another region. C. Use Multi-AZ for the RDS instance to ensure that a secondary database is created in another Availability Zone. D. Use the Read Replica feature to create another instance of the DB in another Availability Zone.

C

A database, hosted using the Amazon RDS service, is getting many database queries. It has now become a bottleneck for the associating application. Which action would ensure that the database is not a performance bottleneck?A. Setup a CloudFront distribution in front of the database. B. Setup an ELB in front of the database. C. Setup ElastiCache in front of the database. D. Setup SNS in front of the database.

C

A finance company is using Amazon S3 to store data for all its customers. During an annual audit, it was observed that sensitive data is stored by some of the customers. Operations Head is looking for an automated tool to scan all data in Amazon S3 buckets and create a report based on the findings from all the buckets with sensitive data. Which solution can be designed to get the required details?A. Enable Amazon GuardDuty on the Amazon S3 buckets B. Enable Amazon Detective on the Amazon S3 buckets C. Enable Amazon Macie on the Amazon S3 buckets D. Enable Amazon Inspector on the Amazon S3 buckets

C

A popular blogging site plans to use AWS DataSync to migrate all the data from the on-premises network file system (NFS) server to AWS EFS. The blogging application constantly updates its on-premises dataset. You need to ensure that all the files saved at EFS are validated for data integrity. How would you set up the data verification in AWS DataSync?A. Enable verification all the time. B. Enable verification during initial file transfers and disable it during the final cut-over. C. Disable verification during initial file transfers and enable it during the final cut-over. D. Disable verification all the time.

C

A popular media company delivers content on News, Sports and Entertainment to the audiences across the globe. The company uses AWS Redshift to analyze petabytes of structured and semi-structured data across their data warehouse, operational database, and Amazon S3 files to activate data-driven decisions and powerful insights. As their petabyte-scale data continues to grow rapidly, the company starts facing bottlenecks around network bandwidth and memory processing (CPU) that result in slow query performance. As a solution architect in the company, you have to find a solution that will improvise the query performance without increasing the operational overhead and cost. What would you recommend?A. Use Amazon S3 Transfer Acceleration to copy the data to a central S3 bucket and then use Redshift Spectrum for the query purpose B. Use Amazon Redshift Spectrum to enhance query performance C. Use AQUA (Advanced Query Accelerator) for Amazon Redshift D. Enable and configure caching solutions to expedite query performance using Amazon ElastiCache Memcached

C

A start-up firm is using an AWS Organization for managing policies across its Development and Production accounts. The development account needs an EC2 dedicated host. The Production account has subscribed to an EC2 dedicated host for its application but is not currently using it. Sharing has NOT been enabled with the AWS Organization in AWS RAM. Which of the following can be done to share the Amazon EC2 dedicated host from the Production account to the Development account?A. Remove both Development Production Accounts from Organization then share resources between them. B. Resources in the same organization are automatically shared without the need to accept the invitation of sharing resources. C. Create a resource share in the production account and accept the invitation in the development account. D. Remove the destination Development account from an Organization then share resources with it.

C

A team is building an application that must persist and index JSON data in a highly available data store. The latency of data access must remain consistent despite very high application traffic. Which service would help the team to meet the above requirement?A. Amazon EFS B. Amazon Redshift C. DynamoDB D. AWS CloudFormation

C

An EC2 instance in the private subnet needs access to the S3 bucket placed in the same region as that of the EC2 instance. The EC2 instance needs to upload and download bigger files to the S3 bucket frequently. As an AWS Solutions Architect, what quick and cost-effective solution would you suggest to your customers? You need to consider that the EC2 instances are present in the private subnet, and the customers do not want their data to be exposed over the internet.A. Place the S3 bucket in another public subnet of the same region and create a VPC peering connection to this private subnet where the EC2 instance is placed. The traffic to upload and download files will go through secure Amazon's private network. B. Create an IAM role having access over the S3 service and assign it to the EC2 instance. C. Create a VPC endpoint for S3, use your route tables to control which instances can access resources in Amazon S3 via the endpoint. The traffic to upload and download files will go through the Amazon private network. D. A private subnet can always access S3 bucket/ service through the NAT Gateways or NAT instances, so there is no need for additional setup.

C

An IT company has recently deployed highly available resilient web servers on Amazon EC2 instances. Application Load Balancers are used as the front-end to these instances. The company has deployed a lower-capacity web server at the on-premises data center. IT Head wants to have Amazon EC2 instances in AWS Cloud as primary and web servers at the data center as secondary. You will be using Amazon Route 53 to configure this failover. How can Amazon Route 53 health checks be designed to get the required results?A. For primary resources in the AWS Cloud, create alias records and set Evaluate Target Health to Yes. For secondary records, create a health check in Route 53 for web servers in the data center. Create a single failover alias record for both primary and secondary resources B. For primary resources in the AWS Cloud, create alias records and health checks. For secondary records, create a health check in Route 53 for web servers in the data center. Create a single failover alias record for both primary and secondary resources C. For primary resources in the AWS Cloud, create alias records and set Evaluate Target Health to Yes. For secondary records, create a health check in Route 53 for web servers in the data center. Create two failover alias records for each primary and secondary resource D. For primary resources in the AWS Cloud, create alias records and health checks. For secondary records, create a health check in Route 53 for web servers in the data center. Create two failover alias records for each primary and secondary resource

C

An application consists of the following VPC architecture: a. EC2 Instances in multiple AZ's behind an ELB b. EC2 Instances are launched via an Auto Scaling Group. c. There is one NAT Gateway for all AZ's instances to download the updates from the Internet. What is a bottleneck in the architecture based on the availability?A. The EC2 Instances B. The ELB C. The NAT Gateway D. The Auto Scaling Group

C

An application needs to have a relational Datastore hosted in AWS. The following requirements are in place for the Datastore: a) The initial storage capacity of 8 TB b) The ability to accommodate a database growth of 8GB per day c) The ability to have 4 Read Replicas Which of the following Datastore is the best for this requirement?A. DynamoDB B. Amazon S3 C. Amazon Aurora D. ElastiCache

C

An application sends images to S3. The metadata for these images needs to be saved in persistent storage and is required to be indexed. Which one of the following is the best for the underlying metadata storage?A. Amazon Aurora B. Amazon S3 C. Amazon DynamoDB D. Amazon RDS

C

An organization is currently implementing a Cloud-Native microservices architecture using AWS EKS for their Banking application. The pods, whose nodes are EC2 instances running in the EKS cluster, store sensitive data. They are looking for a secure encrypted storage option that will exhibit high performance and throughput for their intensive transactional workloads. Which of the following can be the best fit Architecture for fulfilling the Organization's requirements?A. Use a general-purpose SSD Backed EBS volume with "Multi Attach" for storing data. Enable "Encryption at Rest" B. Use an EBS-Optimized instance with SSD Backed EBS volume and "Multi Attach" for storing data. Enable "Encryption at Rest" C. Use a Provisioned-IOPS SSD EBS volume with "Multi Attach" for storing data. Enable "Encryption at Rest" D. Use a throughput optimized HDD EBS volume for storing data with "Multi Attach". Enable "Encryption at Rest"

C

An organization runs its application in EC2 that is behind an Application Load Balancer along with Auto Scaling Groups to manage the traffic efficiently. After a successful product launch, the organization started experiencing a significant increase in the write operations to their database hosted in Amazon RDS. The potential load is such that it could cause the database engine to be unavailable at any time, and users may experience downtime. You are a Solutions Architect in the organization. You have been asked to resolve this using the quickest and most cost-effective measures. Which of the following would you recommend?A. Vertically scale RDS by increasing RDS instance size and set RDS storage type as "Provisioned IOPS" B. Migrate RDS data to the DynamoDB tables C. Implement the SQS service in front of the RDS to achieve asynchronous write operation to the database D. Use Amazon MQ to take the user input and write data to the RDS database

C

As an AWS Solutions Architect, you are designing a new Java application in EC2 with a relational database deployed in RDS. During proof of concept, it has been found that the database encounters an extended number of write operations at certain times and cannot handle the load. Which of the following options is appropriate to improve the write performance?A. Add a read replica to the RDS DB instance. B. Replace AWS RDS with DynamoDB. C. Use SQS to queue the database writes. D. Use SNS to send notification for the missed database writes and then add them manually at a later stage.

C

Kayne is instructed by his manager to build a solution to detect whether the visitors entering their office building are wearing a face mask or not. The building has two entrances with CCTVs installed on both. The data needs to be captured from them and sent to AWS for detection and analysis. He is exploring AWS Services to build this solution efficiently. After some research, he has found that Amazon Kinesis with a combination of Amazon Rekognition can serve the purpose. But he is not aware of what capability in Kinesis will help in this case. Which of the following Kinesis capabilities is MOST appropriate for the given scenario?A. Kinesis Data Firehose B. Kinesis Data Analytics C. Kinesis Video Streams D. Kinesis Data Streams

C

The development team is working on a new application for which they will be launching an EC2 Instance. To decrease time in launching the EC2 instance, they want you to pre-warm the instance keep it ready for launching with all required patches software. Which of the following can be done to meet this requirement?A. Launch the Amazon EC2 instance within an Auto-Scaling group and enable Hibernate on the instance in the Auto-Scaling group. B. Launch the Amazon EC2 instance with an instance store volume and enable Hibernate. C. Launch the Amazon EC2 instance with an Amazon EBS root volume and enable Hibernate. D. Launch the Amazon EC2 instance within an Auto-Scaling group and enable Hibernate only on the EC2 instance that needs to be hibernated.

C

To comply with industry regulations, a Healthcare Institute wants to keep their large volume of lab records in some durable, secure, lowest-cost storage class for an extended period of time (say about five years). The data will be rarely accessed but requires immediate retrieval (in milliseconds) when required. As a Solutions Architect, the Institute wants your suggestion to select a suitable storage class here. Which of the following would you recommend for the given requirement?A. Amazon S3 Standard B. Amazon S3 Standard-Infrequent Access C. Amazon S3 Glacier Instant Retrieval D. AWS S3 One Zone-Infrequent Access

C

To improve the network performance, you launch a C5 EC2 Amazon Linux instance and enable Enhanced Networking by modifying the instance attribute with "aws ec2 modify-instance-attribute --instance-id instance_id --ena-support". Which mechanism does the EC2 instance use to enhance the networking capabilities?A. Intel 82599 Virtual Function (VF) interface. B. Transit Virtual Interface C. Elastic Network Adapter (ENA). D. Elastic Network Interface (ENI).

C

You are building an automated transcription service where Amazon EC2 worker instances process an uploaded audio file and generate a text file. You must store both of these files in the same durable storage until the text file is retrieved. Customers fetch the text files frequently. You do not know about the storage capacity requirements. Which storage option would be both cost-efficient and highly available in this situation?A. Multiple Amazon EBS Volume with snapshots B. A single Amazon Glacier Vault C. A single Amazon S3 bucket D. Multiple instance stores

C

You are a solutions architect working for a media company that produces stock images and videos for sale via a mobile app and website. Your app and website allow users to gain access only to stock content they have purchased. Your content is stored in S3 buckets. You need to restrict access to multiple files that your users have purchased. Also, due to the nature of the stock content (purchasable by multiple users), you don't want to change the URLs of each stock item. Which access control option best fits your scenario?A. Use CloudFront signed URLs B. Use S3 Presigned URLs C. Use CloudFront Signed Cookies D. Use S3 Signed Cookies

C

You are part of an IT team who have created a streaming application. The application is hosted in two separate regions, us-east-1(N Virginia) and ap-south-1 (Mumbai). Your application recently became very popular, and now has users from all around the world. However, these new users have been experiencing high latency in the application. How can you solve this problem, keeping in mind that possible failovers in the app need to be solved very quickly?A. Enable a DNS-based traffic management solution with Geolocation route policies in Route53. B. Enable AWS WAF to securely serve your application content to the nearest Edge Locations to the users. C. Enable Global Accelerator endpoint for your two regions. D. Enable Direct Connect.

C

You are part of the IT team of a small car manufacturer company. The company is starting to move its On-Premise resources to the cloud. The Marketing department was the first department to migrate its applications to the cloud. Now the finance team wants to do the same. Each department should have its own AWS account but you need one management account to pay for the bills of all the AWS accounts. What do you suggest to solve this?A. Create a different VPC for the Finance Department and limit their access to resources with IAM Roles and Policies. B. Use AWS Control Tower. C. Use AWS Organizations to manage both AWS accounts. D. Use AWS Cost Explorer to divide the bills and use IAM policies to limit the access to resources.

C

You are responsible for performing a migration from your company's on-premise data to the AWS cloud. You have about 400 GB of data stored in an NFS. One requirement of this migration is to transfer some of this data to AWS EFS and the other part to S3. Which is the easiest to use and with the most cost-effective solution?A. Use AWS Storage gateway. B. Use S3 Transfer Acceleration. C. Use AWS DataSync. D. Use AWS Database Migration Service.

C

You are working as an AWS Architect for a start-up company. The company has web servers deployed in all AZs in the AWS eu-central-1 (Frankfurt) region. These web servers provide news for users from Germany. The application is deployed in multiple EC2 servers with several static IP addresses and you need to create a record set that returns multiple values for the application. Which of the following routing policy would you use to configure the record set in Route 53?A. Latency routing policy B. Weighted routing policy C. Multivalue answer routing policy D. Geolocation routing policy

C

You configure an Amazon S3 bucket as the origin for a new CloudFront distribution. The traffic should not hit the S3 URLs directly instead, they should be directed to the CloudFront distribution and the files should be fetched through the CloudFront URL. Which method is the most appropriate?A. Configure Signed URLs to serve private content by using CloudFront. B. Configure Signed Cookies to restrict access to S3 files. C. Create the origin access identity (OAI) and associate it with the distribution. D. Configure the CloudFront web distribution to ask viewers to use HTTPS to request S3 objects.

C

You have 2 development environments hosted in 2 different VPCs in an AWS account in the same region. There is now a requirement to access the resources of one VPC from another. How could this be accomplished?A. Establish a Direct Connect connection. B. Establish a VPN connection. C. Establish VPC Peering. D. Establish Subnet Peering.

C

You have a requirement to get a snapshot of the current configuration of resources in your AWS Account. Which service can be used for this purpose?A. AWS CodeDeploy B. AWS Trusted Advisor C. AWS Config D. AWS IAM

C

You have been designing a CloudFormation template that creates one elastic load balancer fronting two EC2 instances. Which section of the template should you edit so that the load balancer's DNS is returned upon creating the stack?A. Resources B. Parameters C. Outputs D. Mappings

C

You have developed a new web application on AWS for a real estate firm. It has a web interface where real estate employees upload photos of newly constructed houses in S3 buckets. Prospective buyers log in to the website and access photos. The marketing team has initiated an intensive marketing event to promote new housing schemes which will lead to customers who frequently access these images. As this is a new application, you have no projection of traffic on the S3 bucket. You need an S3 storage class that can automatically optimize the storage costs with changing access patterns. Which of the following is a recommended storage solution to meet this requirement?A. Use One Zone-IA storage class to store all images. B. Use Standard-IA to store all images. C. Use S3 Intelligent-Tiering storage class. D. Use Standard storage class and use Storage class analytics to identify and move objects using lifecycle policies.

C

Your current architecture consists of a set of web servers spun up as part of an Autoscaling group. These web servers then communicate with a set of database servers. You need to ensure that the database servers' security groups are set properly to accept traffic from the web servers. Which of the following is the best way to accomplish this?A. Ensure that the Private IP addresses of the web servers are put as sources for the incoming rules in the database server security group. B. Ensure that the Public IP addresses of the web servers are put as sources for the incoming rules in the database server security group. C. Ensure that the web server security group is placed as the source for the incoming rules in the database server security group. D. Ensure that the Instance ID of the web servers are put as sources for the incoming rules in the database server security group.

C

You have developed a new web application on AWS for a real estate firm. It has a web interface where real estate employees upload photos of newly constructed houses in S3 buckets. Prospective buyers log in to the website and access photos. The marketing team has initiated an intensive marketing event to promote new housing schemes which will lead to customers who frequently access these images. As this is a new application, you have no projection of traffic on the S3 bucket. You need an S3 storage class that can automatically optimize the storage costs with changing access patterns. Which of the following is a recommended storage solution to meet this requirement?A. Use One Zone-IA storage class to store all images. B. Use Standard-IA to store all images. C. Use S3 Intelligent-Tiering storage class. D. Use Standard storage class and use Storage class analytics to identify move objects using lifecycle policies.

C

You have instances hosted in a private subnet in a VPC. There is a need for instances to download updates from the Internet. As an architect, what change would you suggest to the IT Operations team that would also be the most efficient and secure?A. Create a new public subnet and move the instance to that subnet. B. Create a new EC2 Instance to download the updates separately and then push them to the required instance. C. Use a NAT Gateway to allow the instances in the private subnet to download the updates. D. Create a VPC link to the Internet to allow the instances in the private subnet to download the updates.

C

You have several instances doing machine learning to compute. You have all the data required for the machine learning in an S3 bucket. You need to find a high-performance storage in which all the instances can read and write data simultaneously. Which of the following options is the best suited solution for this?A. FSx for Windows File Server. B. EFS. C. FSx for Lustre. D. DynamoDB Accelerator.

C

You manage the IT users for a large organization that is moving many services to AWS. You want a seamless way for your employees to log in and use cloud services. You also want to use AWS Managed Microsoft AD and have been asked if users can use it to access services in the on-premises environment. What would you respond?A. AWS Managed Microsoft AD requires data synchronization and replication to work properly. B. AWS Managed Microsoft AD can only be used for cloud or on-premises environments, not both. C. AWS Managed Microsoft AD can be used as the Active Directory over VPN or Direct Connect. D. AWS Managed Microsoft AD is 100% the same as Active Directory running on separate EC2 instance.

C

You need to launch several EC2 instances to run Cassandra. There are large distributed and replicated workloads in Cassandra and you plan to launch instances using EC2 placement groups. The traffic should be distributed evenly across several partitions and each partition should contain multiple instances. Which of the following placement groups would you use to achieve the requirement?A. Cluster placement group B. Spread placement group C. Partition placement group D. Network placement group

C

You work for a company that has a set of EC2 Instances. There is an internal requirement to create another instance in another availability zone. One of the EBS volumes from the current instance needs to be moved from one of the older instances to the new instance. How can you achieve this?A. Detach the volume and attach to an EC2 instance in another AZ. B. Create a new volume in the other AZ and specify the current volume as the source. C. Create a snapshot of the volume and then create a volume from the snapshot in the other AZ D. Create a new volume in the AZ and do a disk copy of contents from one volume to another.

C

You've implemented AWS Key Management Service to protect your data in your applications and other AWS services. Your global headquarters is in Northern Virginia (US-East-1: N. Virginia) where you created your keys and have provided the appropriate permissions to designated users and specific roles within your organization. While the N. Virginia users are not having issues, German and Japanese users cannot get KMS to function. What is the most likely cause of it?A. KMS is only offered in North Virginia. B. AWS CloudTrail has not been enabled to log events. C. KMS master keys are region-specific and the applications are hitting the wrong API endpoints. D. The master keys have been disabled.

C

Your company has designed an app and requires it to store data in DynamoDB. The company has registered the app with identity providers for users to sign-in using third-parties like Google and Facebook. What must be in place such that the app can obtain temporary credentials to access DynamoDB?A. Multi-factor authentication must be used to access DynamoDB. B. AWS CloudTrail needs to be enabled to audit usage. C. An IAM role allowing the app to have access to DynamoDB. D. The user must additionally log into the AWS console to gain database access.

C

Your company is planning to store sensitive documents in an S3 bucket. They want to keep the documents private but serve content only to selected users based on a particular time frame. Which of the following can help you accomplish this?A. Enable CORS for the S3 bucket B. Use KMS and enable encryption for the files C. Create pre-signed URL's D. Enable versioning for the S3 bucket

C

Your company manages an application that currently allows users to upload images to an S3 bucket. These images are picked up by EC2 Instances for processing and then placed in another S3 bucket. You need an area where the metadata for these images can be stored. What would be an ideal data store for this?A. AWS Redshift B. AWS Glacier C. AWS DynamoDB D. AWS SQS

C

A Direct Connect connection is established from an on-premises location to the AWS us-west-1 region using BGP (Border Gateway Protocol). This connectivity will only be used for accessing Amazon S3 from on-premises. IT head wants to ensure on-premises prefixes are advertised only to the us-west-1 region. These prefixes should not be exported to any other AWS region. How can the BGP routing policy be designed to control these advertisements?A. Set NO_EXPORT BGP community tags while advertising prefixes to AWS in the us-west-1 region B. Do not apply any BGP community tags; advertising prefixes can never be controlled C. Use BGP community tags while advertising prefixes to AWS in the us-west-1 region D. Use Local preference BGP community tags while advertising prefixes to AWS in the us-west-1 region

C.

A customer is looking for file storage in AWS that supports Network File System version 4 (NFSv4.1 and NFSv4.0) protocol. They want a simple, serverless, set-and-forget service that can grow and shrink automatically as they add and remove files. Accessibility of these files is going to be random and infrequent. The customer is also looking for an option to save cost by transitioning the files that have not been accessed for quite some time automatically to a low-cost storage tier. As a Solution Architect, which storage service will you choose that fits the customer's requirement perfectly?A. Use Amazon S3 for storage as it is for better cost-saving option B. Use Amazon S3 Glacier for the storage C. Use Amazon Elastic File System (EFS) with lifecycle policy D. Amazon FSx for Lustre

C.

A global beverage company is using AWS cloud infrastructure for hosting its web application. For a new beverage, the company plans to use a unique voice using Amazon Polly to help market this product to a wide range of customers. Which feature can be used with Amazon Polly for this purpose?A. Create custom Lexicons with Amazon Polly B. Use a custom SSML tag with Amazon Polly C. Build a Brand Voice using Amazon Polly D. Use a Newscaster Speaking Style with Amazon Polly

C.

An RD firm is looking to store research data in the AWS cloud. At on-premises locations, currently, they are storing this data in Windows servers and are looking for a storage option in AWS without any changes in the application. This data transfer to the cloud should be transparent to the end-users and should not have any performance impact. Files stored in AWS need to be accessed by SMB (Server Message Block) clients as well. How can hybrid cloud storage be designed?A. Implement hybrid cloud storage using the Amazon S3 file gateway B. Implement hybrid cloud storage using cached mode volume gateway C. Implement hybrid cloud storage using Amazon FSx file gateway D. Implement hybrid cloud storage using a stored mode volume gateway

C.

You are a solutions architect working for a media company that produces stock images and videos for sale via a mobile app and website. Your app and website allow users to gain access only to stock content they have purchased. Your content is stored in S3 buckets. You need to restrict access to multiple files that your users have purchased. Also, due to the nature of the stock content (purchasable by multiple users), you don't want to change the URLs of each stock item. Which access control option best fits your scenario?A. Use CloudFront signed URLs B. Use S3 Presigned URLs C. Use CloudFront Signed Cookies D. Use S3 Signed Cookies

C.

You are a Security Consultant who wants to prevent the application from DDoS attacks. You have heard about AWS Shield and DDoS attack vectors. Which of the following classes of attacks can be detected using AWS Shield?A. Layer 7 (Data Link Layer attacks) B. Layer 5 (Session Layer attacks) C. Layer 4 (Network protocol attacks) D. Layer 3 (Network volumetric attacks) E. Layer 1 (Physical Layer attacks)

C. D.

A company has set up an application in AWS that interacts with DynamoDB. It is required that when an item is modified in a DynamoDB table, an immediate entry has to be made to the associating application. How can this be accomplished? (SELECT TWO)A. Set up CloudWatch to monitor the DynamoDB table for changes. Then trigger a Lambda function to send the changes to the application. B. Set up CloudWatch logs to monitor the DynamoDB table for changes. Then trigger AWS SQS to send the changes to the application. C. Use DynamoDB streams to monitor the changes to the DynamoDB table. D. Trigger a lambda function to make an associated entry in the application as soon as the DynamoDB streams are modified.

CD

A company is planning to host an active-active site. One site will be deployed in AWS, and the other one on their On-premise data center. They need to ensure that the traffic is distributed to multiple resources, proportionately between both sites. Which of the following routing policy would you use for this purpose?A. Simple Routing B. Failover Routing C. Latency Routing D. Weighted Routing

D

A company is migrating an on-premises 5TB MySQL database to AWS and expects its database size to increase steadily. Which Amazon RDS engine would meet these requirements?A. MySQL B. Microsoft SQL Server C. Oracle D. Amazon Aurora

D

A company has a workflow that sends video files from their on-premise system to AWS for transcoding. They use EC2 worker instances to pull transcoding jobs from SQS for scalability. Why is SQS an appropriate service for this scenario?A. SQS guarantees the order of the messages. B. SQS synchronously provides transcoding output. C. SQS checks the health of the EC2 worker instances. D. SQS helps to facilitate horizontal scaling of EC2 worker instances when the queue grows.

D

A company has an application that delivers objects from S3 to global users. Of late, some users have been complaining of slow response times. Which additional step would help to build a cost-effective solution and ensure that the users get an optimal response to objects from S3?A. Use S3 Replication to replicate the objects to regions closest to the users. B. Ensure S3 Transfer Acceleration is enabled to ensure that all users get the desired response times. C. Place an ELB in front of S3 to distribute the load across S3. D. Place the S3 bucket behind a CloudFront distribution.

D

A company needs to extend its storage infrastructure to the AWS Cloud. The storage needs to be available as iSCSI devices for on-premises application servers. What should be done to fulfill this requirement?A. Create a Glacier vault. Use a Glacier Connector and mount it as an iSCSI device. B. Create an S3 bucket. Use an S3 Connector and mount it as an iSCSI device. C. Use the EFS file service and mount the different file systems to the on-premises servers. D. Use the AWS Storage Gateway-cached volumes service.

D

A drug research company is receiving sensitive scientific data from multiple sources in different formats. The organization wants to create a Data Lake in AWS to analyze the data thoroughly. Data cleansing is a critical step before the data lands in Date Lake, and all the matching data need to be removed. The solution should also enable secure access to sensitive data using granular controls at the column, row, and cell levels. You are hired as a Solutions Architect to help them achieve this in real quick time. Which of the following do you think would resolve the problem?A. Amazon Redshift Spectrum B. Amazon Redshift C. AWS Glue Data Catalog D. AWS Lake Formation

D

A global company has an Amazon Aurora database to store a large amount of customer data. The database is deployed in an AWS account owned by the development team, and the AWS account is within the AWS Organization A. Now the database needs to be shared with AWS accounts in another AWS Organization B. Which of the following can be done to achieve the requirement?A. In the Management AWS account of Organization A, share the database to the AWS Organization B in Resource Access Manager. B. In AWS Aurora Console, select the database and share it to all the AWS accounts of AWS Organization B. C. In AWS Organization console, select the database resource and share it to the AWS Organization B. D. In the Management AWS account of Organization A, share the database to the AWS accounts of AWS Organization B in Resource Access Manager.

D

A global sports news company has hosted its website on Amazon EC2 instance using a single Public IP address is front-ended by TLS-enabled Application Load Balancer. For an upcoming mega sports event, they plan to launch a new website on the existing Amazon EC2 instance. The company has registered a different domain name possesses a separate TLS certificate for this new website. As an AWS consultant to this company, which of the following recommendations will you provide to support multiple certificates with existing Public IP addresses in the most cost-effective way?A. Launch an additional TLS-enabled ALB front ending Amazon EC2 instance with different certificates for each domain. B. Use Wildcard certificates on ALB matching old and new domain name. C. Use a single certificate on ALB and add Subject Alternative Name (SAN) for additional domain name. D. Use multiple TLS certificates on ALB using Server Name Indication (SNI).

D

A large retail firm saves its global sales reports in the S3 bucket uses S3 Lifecycle rules to move this data from Standard_IA storage class to AWS S3 Glacier post 180 days. Due to the financial year-end, the Finance team is looking for a sales report for only the Europe region where a mismatch is reported in the sales figure. Which of the following is a recommended way to fetch this data with the least effort?A. Retrieve this data from Amazon Glacier to S3 bucket use Amazon S3 select to query specific continent data using simple SQL. B. Retrieve this data from Amazon Glacier to S3 bucket use Amazon Athena to query specific continent data using SQL. C. Use Amazon S3 Glacier Select to query specific continent data which is restored to S3 bucket from AWS S3 Glacier. D. Use Amazon S3 Glacier Select to query specific continent data directly from Amazon S3 Glacier using simple SQL.

D

A media firm uses the Amazon S3 bucket to save all videos shared by reporters across the globe. Operation Team has instructed all reporters to use only Multipart Uploads while uploading these large-sized videos to Amazon S3 bucket in each region. Most of the reporters are working from remote areas face challenges in uploading videos. The Finance Team is concerned about high costs incurred by saving data in the Amazon S3 bucket seeking your guidance. Post verification, you observe a large number of incomplete uploads in Amazon S3 buckets in each region. The uncompleted uploads can be deleted after a certain period of time. Which of the following actions can minimize charges for saving video files in the Amazon S3 bucket?A. Reporter's need to compress video files locally before uploading to Amazon S3 bucket. B. Reporter's need to upload Videos to Amazon S3 Glacier to save additional charges. C. Create a Lifecycle Policy to move all incomplete Multipart uploads to Amazon S3 Glacier after weeks' time from initiation. D. Create a Lifecycle Policy to delete all incomplete Multipart uploads after weeks' time from initiation.

D

A start-up company is using AWS CloudFormation templates to deploy software on Amazon EC2 instances. Developers are looking for an option to read metadata from the CloudFormation template and start software package installation on the Amazon EC2 instance. Which of the following scripts can be executed directly from AWS CloudFormation templates for this purpose?A. Use cfn-hup helper script to read template metadata and install the packages B. Use cfn-signal helper script to read template metadata and install the packages C. Use cfn-get-metadata helper script to read template metadata and install the packages D. Use cfn-init helper script to read template metadata and install the packages

D

A start-up firm has a corporate office in New York; a regional office in Washington; Chicago. These offices are interconnected over Internet links. Recently they have migrated a few application servers to EC2 instance launched in the AWS US-east-1 region. The Developer Team located at the corporate office requires secure access to these servers for initial testing; performance checks before go-live of the new application. Since the go-live date is approaching soon, the IT team is looking for quick connectivity to be established. As an AWS consultant, which link option will you suggest as a cost-effective; quick way to establish secure connectivity from on-premise to servers launched in AWS?A. Use AWS Direct Connect to establish IPSEC connectivity from On-premise to VGW. B. Install a third party software VPN appliance from AWS Marketplace in the EC2 instance to create a VPN connection to the on-premises network. C. Use Hardware VPN over AWS Direct Connect to establish IPSEC connectivity from On-premise to VGW. D. Use AWS Site-to-Site VPN to establish IPSEC VPN connectivity between VPC and the on-premises network.

D

An application team needs to quickly provision a development environment consisting of a web and database layer. What would be the quickest and most ideal way to get this set up in place?A. Create Spot Instances and install the web and database components. B. Create Reserved Instances and install the web and database components. C. Use AWS Lambda to create the web components and AWS RDS for the database layer. D. Use Elastic Beanstalk to quickly provision the environment.

D

An organization has implemented an online Savings Account application that uses a microservices architecture for orchestrating different processes. One of the orchestrating processes is "Account Creation" which orchestrates various API calls for creating the Savings Account. For performance reasons, the API orchestration is a mix of synchronous asynchronous calls. It has been observed that certain asynchronous calls leave the system in an inconsistent state when they fail. An example of this is the Savings Account would have been created, but the Customer's information may not have been created. What would you, as an Architect, do to ensure the highest durability of the system?A. Implement the asynchronous calls as synchronous and encapsulate them in a distributed transaction to ensure the highest durability B. Process the exception from the asynchronous call and implement a retry mechanism for ensuring that the call succeeds C. Process the exception from the asynchronous call and send an SNS notification to interested parties for resolution D. Implement an event-driven mechanism using SQS and Lambda instead of calling the API asynchronously

D

An organization is currently planning to move its Employee Self Service applications from its on-premises data center to AWS Cloud. The organization presently has lakhs of users maintained in its Corporate Directory on-premises. The organization needs to provide access to all the applications that would be migrated from on-premises to the cloud after logging in to their on-premises employee portal. The Organization is also planning to extend access to other Cloud-based applications like SalesForce in the future. What is the best solution can you, as an Architect, propose to have users on-premises access the applications in AWS?A. Define all users that are existing on-premises in IAM, provide access to the applications using IAM policies, and ask the user to do a secondary login to AWS for accessing those applications after login into their on-premises portal B. Use web identity federation using an Identity Provider like Amazon and Facebook that will authenticate the user and request temporary credentials from AWS STS. Use these temporary credentials and assume a role to access AWS applications C. Use SAML 2.0 Identity federation to authenticate users within their Corporate Directory and request temporary credentials from AWS STS to assume a role with SAML for accessing AWS applications D. Use AWS SSO to sign-on users defined in the Corporate Directory on-premises with SAML 2.0 based identity federation for accessing the AWS applications

D

As a Cloud Architect, you have deployed an existing application from the local server to an On-demand EC2 instance. You found out that there is an issue while connecting the application using the HTTPS Protocol. After troubleshooting the issue, you added port 443 to the security group of the instance. How much time will it take to update changes to all of the resources related to Security groups?A. It can take up to 10 minutes depending on the number of resources. B. You just need to restart the EC2 Server. C. You cannot make any change to existing security group, you have to create new Security group. D. Immediately without restart. E. You have to deploy your application again.

D

One of your colleagues, who is new to the company where you work as a cloud Architect, has some issues with IP Addresses. He has created an Amazon VPC with an IPV4 CIDR block 10.0.0.0/24, but now there is a requirement of hosting a few more resources to that VPC. As per his knowledge, he is thinking of creating a new VPC with a greater range. Could you suggest to him a better way that should be reliable?A. Delete the existing subnets in the VPC and create new Subnets in VPC. B. He is thinking of the right approach. C. You can create new VPC and connect old VPC with a new one. D. You can expand existing VPC by adding Secondary CIDR to your current VPC.

D

There is a multi-region website hosted in AWS EC2 under an ELB. Route 53 is used to manage its DNS record. The website might get a lot of traffic over the next couple of weeks. If the application experiences a natural disaster in the region during the time, what should be used to reduce potential disruption to users?A. Use an ELB to divert traffic to an Infrastructure hosted in another region. B. Use an ELB to divert traffic to an Infrastructure hosted in another AZ. C. Use CloudFormation to create backup resources in another AZ. D. Use Route53 to route requests to another instance in a different region

D

There is an application that allows a manufacturing site to upload files. Each uploaded file of 2500 MB needs to extract metadata, which can take a few seconds per file for processing. The frequency at which the uploading happens is unpredictable. Sometimes there can be no upload for hours, followed by several files being uploaded concurrently. Which architecture will address this workload in the most cost-efficient manner?A. Use a Kinesis Data Delivery Stream to store the file. Use Lambda for processing. B. Use an SQS queue to store the file to be accessed by a fleet of EC2 Instances. C. Store the file in an EBS volume, which can then be accessed by another EC2 Instance for processing. D. Store the file in an S3 bucket. Use Amazon S3 event notification to invoke a Lambda function for file processing.

D

Whizlabs, an E-Learning platform hosted on AWS provides various online courses to a global audience. They have video lessons and quiz questions for every lesson. They are more customer-centric and always work to improve their services based on the feedback received from their customers. Recently they have seen a surge in the responses where their customers are demanding a feature where they can listen to the questions in the quiz instead of just reading it because they understand it better by listening. It will help the visually impaired learners as well. Krish, the solutions architect at Whizlabs, is looking for a solution to introduce this feature to their platform. Which of the following options can fulfill the given requirement?A. Use Amazon Rekognition to identify the text from the quiz page and convert it from Text to Speech B. Use Amazon Textract to extract the text from the quiz questions and convert it from Text to Speech C. Use Amazon Comprehend to use its NLP-based functionality to implement this feature D. Use Amazon Polly to implement this feature in the platform

D

You are a Solutions Architect in a startup company that is releasing the first iteration of its app. Your company doesn't have a directory service for its intended users but wants the users to sign in and use the app. Which of the following solutions is the most cost-efficient?A. Create an IAM role for each end user and the user will assume the IAM role when he signs in the APP. B. Create an AWS user account for each customer. C. Invest heavily in Microsoft Active Directory as it's the industry standard. D. Use Cognito Identity along with a User Pool to securely save users' profile attributes.

D

You are a solutions architect working for a financial services firm. Your firm requires a very low latency response time for requests via API Gateway and Lambda integration to your securities master database. The securities master database, housed in Aurora, contains data about all of the securities your firm trades. The data consists of the security ticker, the trading exchange, trading partner firm for the security, etc. As this securities data is relatively static, you can improve the performance of your API Gateway REST endpoint by using API Gateway caching. Your REST API calls for equity security request types and fixed income security request types to be cached separately. Which of the following options is the most efficient way to separate your cache responses via request type using API Gateway caching?A. Payload compression B. Custom domain name C. API Stage D. Query string

D

You are an AWS Solutions Architect. Your company has a successful web application deployed across multiple AWS Regions. The application attracts more and more global customers. However, the application's performance is impacted. Your manager asks you how to improve the performance and availability of the application. Which of the following AWS services would you recommend?A. AWS DataSync B. Amazon DynamoDB Accelerator C. AWS Lake Formation D. AWS Global Accelerator

D

You are creating a new architecture for a financial firm. The architecture consists of some EC2 instances of different types and sizes. The management team has asked you to create this architecture by ensuring the reduction of the risk of simultaneous failures. Which placement group option could you suggest for the instances?A. Clustered Placement Group B. Partition Placement Group C. None of the above D. Spread Placement Group

D

You are deploying an application on Amazon EC2 that must call AWS APIs. Which method would you use to allow the application access to the APIs securely?A. Pass API credentials to the instance using Instance userdata. B. Store API credentials as an object in Amazon S3. C. Embed the API credentials into your application. D. Assign IAM roles to the EC2 Instances.

D

You are designing a website for a company that streams anime videos. You serve this content through CloudFront. The company has implemented a section for premium subscribers. This section contains more videos than the free section. You want to ensure that only premium subscribers can access this premium section. How can you achieve this easily?A. Using bucket policies. B. Requiring HTTPS for communication between users and CloudFront. C. Using CloudFront origin with signed URLs. D. Using CloudFront origin with signed cookies.

D

You are hired to implement cloud architecture for a movie theater company. The architecture will allow the user to rent the movies for a limited period of time. In order to do this, the user will log in to an application and pay to rent the movie. Then a link will be sent to the user through email. The only requisite is to allow the user to see this file through CloudFront for a limited period of time. What is the easiest way to achieve this?A. Use AWS Lambda authorizer and CloudFront. B. Use Lambda, Cognito and CloudFront. C. Using CloudFront origin access identify (OAI). D. Using CloudFront with signed URL.

D

You are working as an AWS Architect for a start-up company. The company has a two-tier production website on AWS with web servers in the front end database servers in the back end. The third-party firm has been looking after the operations of these database servers. They need to access these database servers in private subnets on the SSH port. As per standard operating procedure provided by the Security team, all access to these servers should be over a jumpbox accessible from internet. What will be the best solution to meet this requirement?A. Deploy Bastion hosts in Private Subnet B. Deploy NAT Instance in Private Subnet C. Deploy NAT Instance in Public Subnet D. Deploy Bastion hosts in Public Subnet

D

You are working as an AWS consultant for a start-up company. They have developed a web application, that requires a lot of memory, for their employees to share files with external vendors securely. They created an AutoScaling group for the web servers that require two m4.large EC2 instances running at all times, scaling up to a maximum of twelve instances. Post-deployment of the application, a huge rise in cost was observed. Due to a limited budget, the CTO has requested your advice to optimize the usage of instances in the Auto Scaling groups. What do you suggest for reducing the costs and minimizing the risk of adverse impact on the performance?A. Create an Auto Scaling group with t2. micro On-Demand instances. B. Create an Auto Scaling group with a mix of On-Demand Spot Instance. Select the On-Demand base as zero. Above On-Demand base, select 100% of On-Demand instance 0% of Spot Instance. C. Create an Auto Scaling group with all Spot Instance. D. Create an Auto Scaling group with a mix of On-Demand Spot Instance. Select the On-Demand base as 2. Above On-Demand base, select 20% of On-Demand instance 80% of Spot Instance.

D

You currently have the following architecture in AWS: A couple of EC2 Instances located in us-west-2a The EC2 Instances are launched via an Auto Scaling group. The EC2 Instances sit behind a Classic ELB. Which additional step would ensure that the above architecture conforms to a well-architected framework?A. Convert the Classic ELB to an Application ELB. B. Add an additional Auto Scaling Group. C. Add additional EC2 Instances to us-west-2a. D. Add or spread existing instances across multiple Availability Zones.

D

You have a web application hosted on an EC2 Instance in AWS that users can access across the globe. The Operations team has been receiving support requests about extreme slowness from users in some regions. What can be done to the architecture to improve the response time for these users?A. Add more EC2 Instances to support the load. B. Change the Instance type to a higher instance type. C. Add Route 53 health checks to improve the performance. D. Place the EC2 Instance behind CloudFront.

D

You have an Amazon Route 53 alias record that routes the traffic to an Application Load Balancer. Later on, the availability zones enabled for the load balancer are changed by a team member. When you check the load balancer using the dig command, you find that the IPs of the ELB have changed. What kind of change do you need to do for the alias record in Route 53?A. Change the record type from A to CNAME. B. Modify the destination to the DNS name of the Application Load Balancer. C. Add the new IP addresses in the destination of the alias record. D. Nothing, as Route 53 automatically recognizes changes in the resource for the alias record.

D

You have an S3 bucket that is used to store important data for a web application. You want to receive an email notification whenever an object removal event happens in the S3 bucket. How would you configure the S3 bucket to achieve this requirement?A. Configure the object-level logging for the S3 bucket and register an SNS topic to provide notifications. B. Configure the server access logging for the object removal events. Add an SNS topic to notify the team via emails. C. Set up an AWS Config rule to check the object deletion events. Register a Lambda function to send notifications. D. Configure an S3 event notification for the object removal events. Send the events to an SNS topic.

D

You have designed an application that uses AWS resources, such as S3, to operate and store users' documents. You currently use Cognito identity pools and user pools. To increase usage and ease of signing up, you decide that adding social identity federation is the best path forward. How would you differentiate the Cognito identity pool and the federated identity providers (e.g., Google)?A. They are the same and just called different things. B. First, you sign-in via Cognito then through a federated site, like Google. C. Federated identity providers and identity pools are used to authenticate services. D. You can choose a federated identity provider to authenticate users and associate a Cognito identity pool to authorize the users.

D

You host a static website in an S3 bucket, and there are global clients from multiple regions. You want to use an AWS service to store cache for frequently accessed content so that the latency is reduced and the data transfer rate increases. Which of the following options would you choose?A. Use AWS SDKs to horizontally scale parallel requests to the Amazon S3 service endpoints. B. Create multiple Amazon S3 buckets and put Amazon EC2 and S3 in the same AWS Region. C. Enable Cross-Region Replication to several AWS Regions to serve customers from different locations. D. Configure CloudFront to deliver the content in the S3 bucket.

D

You own a MySQL RDS instance in AWS Region us-east-1. The instance has a Multi-AZ instance in another availability zone for high availability. As business grows, more and more clients come from Europe (eu-west-2), and most of the database workload is read-only. What is the proper way to reduce the load on the source RDS instance?A. Create a snapshot of the instance and launch a new instance in eu-west-2. B. Promote the Multi-AZ instance to be a Read Replica and move the instance to eu-west-2 region. C. Configure a read-only Multi-AZ instance in eu-west-2 as Read Replicas cannot span across regions. D. Create a Read Replica in the AWS Region eu-west-2.

D

You use a CloudFront distribution for a website and the origin is an Amazon S3 bucket that supports HTTPS communication. You require HTTPS for the communication between CloudFront and Amazon S3. When viewers access the content in the CloudFront edge locations using HTTP, you want the HTTP requests to be automatically redirected to HTTPS requests. How would you achieve this requirement?A. No actions are needed as it is the default behavior. B. Configure the Viewer Protocol Policy of the CloudFront distribution to be "HTTPS only". C. Configure the Origin Protocol Policy of the CloudFront distribution to be "HTTPS". D. Configure the Viewer Protocol Policy of the CloudFront distribution to be "Redirect HTTP to HTTPS".

D

You work as an architect for a company. There is a requirement for an application to be deployed on a set of EC2 Instances. These would be part of a compute cluster that requires low inter-node latency. Which of the following would you use for this requirement?A. Multiple Availability Zones B. AWS Direct Connect C. EC2 Dedicated Instances D. Cluster placement Groups E. VPC private subnets

D

Your Operations department is using an incident-based application hosted on a set of EC2 Instances. These instances are placed behind an Auto Scaling Group to ensure that the right number of instances are in place to support the application. The Operations department has expressed dissatisfaction concerning poor application performance every day at 9:00 AM. However, it is also noted that the system performance returns to optimal at 9:45 AM. What could be done to fix this issue?A. Create another Dynamic Scaling Policy to ensure that the scaling happens at 9:00 AM. B. Add another Auto Scaling group to support the current one. C. Change the Cool Down Timers for the existing Auto Scaling Group. D. Add a Scheduled Scaling Policy at 8:30 AM.

D

Your company currently has setup their data store on AWS DynamoDB. One of your main revenue generating applications uses the tables in this service. Your application is now expanding to 2 different other locations and you want to ensure that the latency for data retrieval is the least from the new regions. Which of the following can help accomplish this?A. Place a cloudfront distribution in front of the database B. Enable Multi-AZ for DynamoDB C. Place an ElastiCache in front of DynamoDB D. Enable global tables for DynamoDB

D

Your company has a set of EC2 Instances hosted in AWS. It is required to prepare for regional disasters and come up with the necessary disaster recovery procedures. Which of the following steps would help to mitigate the effects of disaster in the future on EC2 Instances?A. Place an ELB in front of the EC2 Instances. B. Use Auto Scaling to ensure that the minimum number of instances are always running. C. Use CloudFront in front of the EC2 Instances. D. Create AMIs from the EC2 Instances. Use them to recreate the EC2 Instances in another region.

D

Your company has an online game application deployed in an Auto Scaling group. The traffic of the application is predictable. Every Friday, the traffic starts to increase, remains high on weekends and then drops on Monday. You need to plan the scaling actions for the Auto Scaling group. Which method is the most suitable for the scaling policy?A. Configure a scheduled CloudWatch event rule to launch/terminate instances at the specified time every week. B. Create a predefined target tracking scaling policy based on the average CPU metric and the ASG will scale automatically. C. Select the ASG and on the Automatic Scaling tab, add a step scaling policy to automatically scale out/in at fixed time every week. D. Configure a scheduled action in the Auto Scaling group by specifying the recurrence, start/end time, capacities, etc.

D

Your company has setup EC2 Instances in a VPC for their application. The IT Security department has advised that all traffic be monitored to the EC2 Instances. Which of the following features can be used to capture information for outgoing and incoming IP traffic from network interfaces in a VPC.A. AWS Cloudwatch B. AWS EC2 C. AWS SQS D. AWS VPC Flow Logs

D

A critical application deployed in AWS Cloud requires maximum availability to avoid any outages. The project team has already deployed all resources in multiple regions with redundancy at all levels. They are concerned about the configuration of Amazon Route 53 for this application which should complement higher availability and reliability. Route 53 should be configured to use failover resources during a disaster. What solution can be implemented with Amazon Route 53 for maximum availability and increased reliability?A. Associate multiple IP endpoints in different regions to Route 53 hostname. Use a weighted route policy to change the weights of the primary and failover resources. So, all traffic is diverted to failover resources during a disaster B. Create two sets of public-hosted zones for resources in multiple regions. During a disaster, update Route 53 public-hosted zone records to point to a healthy endpoint C. Create two sets of private hosted zones for resources in multiple regions. During a disaster, update Route 53 private hosted zone records to point to a healthy endpoint D. Associate multiple IP endpoints in different regions to Route 53 hostname. Using health checks, configure Route 53 to automatically failover to healthy endpoints during a disaster

D.

A financial institute has deployed a critical web application in the AWS cloud. The management team is looking for a resilient solution with RTO/RPO in ten minutes during a disaster. They have budget concerns, and the cost of provisioning the backup infrastructure should not be very high. As a solution architect, you have been assigned to work on setting a resilient solution meeting the RTO/RPO requirements within the cost constraints. Which strategy is suited perfectly?A. Multi-Site Active/Active B. Warm Standby C. Backup and Restore D. Pilot Light

D.

A large manufacturing company is looking to track IoT sensor data collected from thousands of equipment across multiple factory units. This is extremely high-volume traffic that needs to be collected in real-time and should be efficiently virtualized. The company is looking for a suitable database in the AWS cloud for storing these sensor data. Which of the following cost-effective databases can be selected for this purpose?A. Send sensor data to Amazon RDS (Relational Database Service) using Amazon Kinesis and virtualize data using Amazon QuickSight B. Send sensor data to Amazon Neptune using Amazon Kinesis and virtualize data using Amazon QuickSight C. Send sensor data to Amazon DynamoDB using Amazon Kinesis and virtualize data using Amazon QuickSight D. Send sensor data to Amazon Timestream using Amazon Kinesis and virtualize data using Amazon QuickSight

D.

An online advertising company wants to build a solution in AWS that will understand the interest of the customer and provide relevant and personalized recommendations of new products to them. The company is looking for a self-managed, highly durable, and available Database engine that stores relationships between information such as customer's interests, community networks, friend circle, likes, purchase history, etc., and quickly maps them to identify the pattern. As a Solution Architect in the company, what would be your recommendations for the database here?A. Amazon DocumentDB B. Amazon DynamoDB C. Amazon Aurora D. Amazon Neptune

D.

You are a Cloud Database Administrator and want to enable IAM authentication on your Aurora Databases for the user 'iam_db_user'. Which of the following is the correct method to enable the IAM authentication in your Aurora MySQL Database using AWSAuthenticationPlugin?A. CREATE USER iam_db_user IDENTIFIED WITH AWSAuthenticationPlugin; B. CREATE USER iam_db_user_plugin; C. Rename IAM iam_db_user as a Database user D. CREATE USER iam_db_user IDENTIFIED WITH AWSAuthenticationPlugin AS 'RDS';

D.

You are a DevOps Engineer specializing in Containers. You are currently running your container workloads nodes in your bare metal nodes due to regulatory compliance rules. You would like to have a fully self-managed orchestration system for your containers and also migrate your workloads to another Cloud Provider in case you want to replicate your architecture in another Public Cloud. You have heard about the possibility of using AWS-managed services for the requirement. What is the best solution to integrate your container workloads from your Data Center using a Kubernetes ecosystem?A. Use Amazon ECS Anywhere B. Move all your workloads from your current Data Center to Amazon EKS C. Deploy an Amazon EKS Anywhere technology on bare metal nodes D. Create a VMware vSphere cluster and integrate it with Amazon EKS Anywhere

D.

You have an application running in us-west-2 that requires 6 EC2 Instances running at all times. With 3 Availability Zones in the region viz. us-west-2a, us-west-2b, and us-west-2c, which of the following deployments provides fault tolerance if ONE Availability Zone in us-west-2 becomes unavailable? (SELECT TWO.)A. 2 EC2 Instances in us-west-2a, 2 EC2 Instances in us-west-2b, and 2 EC2 Instances in us-west-2c B. 3 EC2 Instances in us-west-2a, 3 EC2 Instances in us-west-2b, and no EC2 Instances in us-west-2c C. 4 EC2 Instances in us-west-2a, 2 EC2 Instances in us-west-2b, and 2 EC2 Instances in us-west-2c D. 6 EC2 Instances in us-west-2a, 6 EC2 Instances in us-west-2b, and no EC2 Instances in us-west-2c E. 3 EC2 Instances in us-west-2a, 3 EC2 Instances in us-west-2b, and 3 EC2 Instances in us-west-2c

DE

A media company is planning to host its relational database in AWS. They want a self-managed, low-cost, on-demand auto-scaling database from the RDS family that can handle variable and unpredictable workloads and scales compute capacity up and down based on your application's needs. Which of the following RDS types will fulfill this requirement?A. Amazon Aurora B. Amazon RDS for MySQL C. Amazon Aurora Serverless D. Amazon RDS for PostgreSQL

C

You are a solution architect in a gaming company and have been tasked to design Infrastructure as Code (IaC) for one of their online gaming applications. You have decided to use AWS CloudFormation for this. You create three stacks, e.g., Security Stack, Network Stack, and Application Stack. The customer has asked you to automate the creation of the Security Group defined in Security Stack for all the resources in a VPC defined in Network Stacks. Which of the following CloudFormation features will help you to import values into other stacks and create cross-stack references?A. CloudFormation Outputs B. CloudFormation Mappings C. CloudFormation Parameters D. CloudFormation Conditions

A

A document management company has an application A that sends a file to application B in their AWS account. These are classified files from the defense department. The organization wants the file to be digitally signed so that the receiving application B can verify that it hasn't been tampered with in transit. The organization also wants to ensure only application A can digitally sign files using the key because they don't want application B to receive a file thinking it's from application A when it was from a different sender that had access to the signing key. As a solution architect in the company, you are offering a solution with AWS KMS. Which of these encryption types will satisfy the customer requirement?A. Asymmetric KMS Keys B. AWS CloudHSM C. Symmetric KMS Keys D. Customer managed keys

A

A financial firm has built an application on AWS which contains containerized components running on AWS ECS. The containerized components receive lots of critical financial data in the form of files (PDFs, JPEG, DOCX) uploaded to a Document Management Store (DMS) asynchronously. There were instances reported in the production environment where the files were not available in the DMS as the upload operation was unsuccessful. The application needs to scale with an increase in the user base during Campaigns. It is expected to receive 500% more traffic than what it is currently receiving. How would you, as a Solutions Architect, help build resilience in the system with an emphasis on the cost-effectiveness of the solution?A. Use the EFS Standard - IA storage class to store the files and use EFS to access these files and upload them to DMS whenever the DMS operation fails B. Use the EFS Standard storage class to store the files and use EFS to access these files and upload them to DMS whenever the DMS operation fails C. Use the EFS One Zone storage class to store the files and use EFS to access these files and upload them to DMS whenever the DMS operation fails D. Use a relational database running in an EC2 instance to store the files and use it to access them and upload them to DMS whenever the DMS operation fails

A

The Developer Team has deployed a new application using Amazon Aurora DB cluster. This cluster has a primary instance and five Aurora Replicas. While testing this application, it was observed that the primary instance is getting overutilized with the read requests. Before going to production, the Project Manager wants you to analyze the issue and suggest changes. Which design changes can a solution architect propose to the application?A. Point application to the custom endpoint of the Amazon Aurora B. Point application to cluster endpoint of the Amazon Aurora C. Point application to reader endpoint of the Amazon Aurora D. Point application to instance endpoint of the Amazon Aurora

C.

A private bank is planning to use Amazon RDS as a database for its banking application. Data Files and backups for this database will be managed by a third-party vendor. Security Head wants you to ensure sensitive data is encrypted at rest in the database without any additional changes in the application. Cryptographic keys used for this encryption should be securely stored in a single tenant hardware module. Which database design can suffice these security requirements?A. Deploy Oracle on Amazon RDS with Transparent Data Encryption enabled. Use AWS CloudHSM to store all keys B. Deploy MariaDB on Amazon RDS with Transparent Data Encryption enabled. Use AWS CloudHSM to store all keys C. Deploy Microsoft SQL server on Amazon RDS with Transparent Data Encryption enabled. Use AWS KMS to store all keys D. Deploy PostgreSQL on Amazon RDS with Transparent Data Encryption enabled. Use AWS KMS to store all keys

A

A start-up company uses Amazon CloudFormation templates to launch Amazon EC2 instances in different regions. AMI used for these instances differs for each instance type and region. Separate templates need to be created to specify AMI ID as per instance type and as per the region in which instances need to be launched. The IT team is looking for an effective solution to updating the CloudFormation template with the correct AMI ID reducing additional management work. Which solution can be suggested to get the AMI ID updated in the most effective manner?A. Use Custom resources and a Lambda function to create a function that will update AMI IDs in the CloudFormation template B. Map AMI IDs to the specific instance type and regions. Manually update the AMI IDs in the CloudFormation templates C. Use Custom resources along with Amazon SNS which will update AMI IDs in the CloudFormation template D. Use Custom resources along with Amazon SQS which will update AMI IDs in the CloudFormation template

A

A start-up firm has established hybrid connectivity from an on-premises location to the AWS cloud using AWS Site-to-Site VPN. A large number of applications are deployed in the AWS cloud to be accessed from the on-premises location. Users are complaining of the slowness while accessing these applications during peak hours. You have been assigned to work on a solution to improve connectivity throughput from on-premises to AWS. What solution can be designed to increase VPN throughput?A. Establish multiple VPN connections to the ECMP-enabled Transit gateway. Enable dynamic routing on the Transit Gateway B. Establish multiple VPN connections to ECMP-enabled Virtual Private gateway. Enable route propagation on the Virtual Private Gateway C. Establish multiple VPN connections to multiple Transit gateways. Enable dynamic routing on the Transit Gateway D. Establish multiple VPN connections to multiple Virtual private gateways. Enable route propagation on the Virtual Private Gateway

A

A start-up firm is using the Internet via NAT Gateway attached to VPC A. NAT gateway is in a single availability zone, and all the subnets of the VPC A are accessing the internet via this NAT Gateway. Instances in different availability zones are transferring large volumes of traffic to the Internet across availability zones using this NAT Gateway. This is leading to high operational costs. Management is looking for a cost-saving option along with reliable Internet connectivity. What solution can be designed for cost-effective traffic flow between resources to the Internet?A. Create a separate Public NAT gateway in a public subnet of the availability zone having instances with large volumes of internet traffic B. Create a separate Public NAT gateway in a private subnet of the availability zone having instances with large volumes of internet traffic C. Create a separate Private NAT gateway in a private subnet of the availability zone having instances with large volumes of internet traffic D. Create a separate Private NAT gateway in a public subnet of the availability zone having instances with large volumes of internet traffic

A

An engineering firm has an application that stores all the data in Amazon S3 buckets. The developer team has developed a new application that would start processing if there is any modification to the objects stored in these Amazon S3 buckets. The developer team is looking for a quick and reliable solution to get the notifications from Amazon S3 for any updates to the objects. The proposed solution should be scalable and efficient to be used with all future deployments. What solution can be designed to get the required notifications for the Developer team?A. Use Amazon S3 Event Notifications with Amazon EventBridge B. Use Amazon S3 Event Notifications with AWS Lambda C. Use Amazon S3 Event Notifications with Amazon SQS queue D. Use Amazon S3 Event Notifications with the Amazon SNS

A

An online photo printing company is planning to free up on-premises IT resources by moving all its data to Amazon S3 buckets. This data is around 50 TB in size. All the data must be processed using a customized AWS Lambda function before storing them into the Amazon S3 bucket. Which design approach is best suited for this data transfer?A. Migrate data using AWS Snowball Edg B. Migrate data using AWS Snowcone C. Migrate data using AWS Transfer Family with FTPS D. Migrate data using AWS Snowcone SSD

A

An online photo printing company is planning to free up on-premises IT resources by moving all its data to Amazon S3 buckets. This data is around 50 TB in size. All the data must be processed using a customized AWS Lambda function before storing them into the Amazon S3 bucket. Which design approach is best suited for this data transfer?A. Migrate data using AWS Snowball Edge B. Migrate data using AWS Snowcone C. Migrate data using AWS Transfer Family with FTPS D. Migrate data using AWS Snowcone SSD

A

An organization runs nearly 500 EC2 instances in several accounts across regions. These EC2 instances are built on custom Amazon Machine Images (AMIs). The organization is concerned about the accidental deletions of AMIs used for production EC2 instances. They want a solution that can help them recover from accidental deletions as soon as they know about it. Which of the following can be used for the above scenario?A. Use Recycle Bin B. Use Cloudformation StackSets C. Use Elastic Beanstalk D. Take a snapshot of the EBS volume attached to all EC2 and later use it to restore the AMIs

A

Utopia Municipality Corporation runs its application used for the local citizen in EC2 while its database is still in an on-premise data center. The Organization is adamant about not migrating its Database to AWS due to regulatory compliances. However, they are willing to extend the database to the cloud to serve all other AWS services. The organization is looking for a solution by which all AWS services can communicate seamlessly to their on-premises Database without migrating or hosting it in the cloud. You are hired as a Solutions Architect to help the customer achieve this and also ensure a region-specific, friction-less, low-latency fully managed environment for a truly consistent hybrid experience. Which of the following would you recommend?A. AWS Outposts B. Use AWS Snowball Edge to copy the data and upload to AWS C. AWS DataSync D. AWS Storage Gateway

A

You have deployed an application on a fleet of EC2 Instances managed by an Auto Scaling Group. For the even distribution of traffic, you have deployed a load balancer also. For better protection, you use a TLS Certificate issued by AWS Certificate Manager with the load balancer for 390 days. The domain ownership of this certificate has been validated by your email address. Your manager instructed you to keep an eye on TLS Certificate expiration and renewal to avoid any downtime in your system. You checked the ACM (AWS Certificate Manager) Console for the certificate validity status, and it says "Pending validation." Which option describes the possible cause and the resolution for this?A. The TLS certificate is expiring soon and needs to be renewed. Renew it by following the link in the email received by ACM regarding certificate expiration on any of the domain's WHOIS mailbox addresses B. The TLS Certificate has expired today. ACM was not able to renew it before expiration. Request a new certificate C. The TLS certificate is expiring soon. ACM will automatically renew the certificate in some time, so no action is required by you D. The TLS Certificate has expired today. Write an email to AWS Support to renew your certificate

A

You have hosted an application on an EC2 Instance in a public subnet in a VPC. For this application's database layer, you are using an RDS DB instance placed in the private subnet of the same VPC, but it is not publicly accessible. As the best practice, you have been storing the DB credentials in AWS Secrets Manager instead of hardcoding them in the application code. The Security team has reviewed the architecture and is concerned that the internet connectivity to AWS Secrets Manager is a security risk. How can you resolve this security concern?A. Create an Interface VPC endpoint to establish a private connection between your VPC and Secrets Manager B. Access the credentials from Secrets Manager through a Site-to-Site VPN Connection C. Create a Gateway VPC endpoint to establish a private connection between your VPC and Secrets Manager D. Access the credentials from Secrets Manager by using a NAT Gateway

A

To comply with industry regulations, a Healthcare organization wants to keep their large volume of lab records in some durable, secure, lowest-cost AWS storage for a long period of time (say about five years). The data will be rarely accessed once per quarter but requires immediate retrieval (in milliseconds). You are a Solutions Architect in the organization and the organization wants your suggestion to select a suitable storage class here. Which of the following would you recommend for the given requirement?A. S3 Glacier Flexible Retrieval B. S3 Glacier Deep Archive C. S3 Glacier Instant Retrieval D. S3 Standard-Infrequent Access

C.

A Company has provisioned a website in the US West (N. California) region using Amazon EC2 instance and Amazon CloudFront. The company is using IAM to control access to these resources. The client plans to use a third-party SSL/TLS certificate to support HTTPS. As an AWS consultant, you have been engaged to advise importing the certificate and using it along with Amazon CloudFront. Certificates should be easily imported, and you should monitor the expiration dates of imported certificates. How can certificates be provisioned to meet this requirement?A. Import the third-party certificate in the US East (N. Virginia) region of AWS Certificate Manager and use it for Amazon CloudFront in the US West (N. California) region B. Import the third-party certificate in the US West (N. California) region of AWS Certificate Manager and use it for Amazon CloudFront in the US West (N. California) region C. Import the third-party certificate in the US East (N. Virginia) region of IAM Certificate Manager and use it for Amazon CloudFront in the US West (N. California) region D. Import the third-party certificate in the US West (N. California) region of IAM Certificate Manager and use it for Amazon CloudFront in the US West (N. California) region

A.

A stock broking company has deployed a stock trading web application on the Amazon EC2 instance. The company is looking for virtual agents to be integrated with this application to provide conversational channels to its premium customers. Real-time personalized stock recommendations should be provided for premium customers during market hours. Which service is best suited to integrate with this application?A. Amazon Lex B. Amazon Translate C. Amazon Transcribe D. Amazon Personalize

A.

A weather forecasting company comes up with the requirement of building a high-performance, highly parallel POSIX-compliant file system that stores data across multiple network file systems to serve thousands of simultaneous clients, driving millions of IOPS (Input/Output Operations per Second) with sub-millisecond latency. The company needs a cost-optimized file system storage for short-term, processing-heavy workloads that can provide burst throughput to meet this requirement. What type of file systems storage will suit the company in the best way?A. FSx for Lustre with Deployment Type as Scratch File System B. FSx for Lustre with Deployment Type as Persistent file systems C. Amazon Elastic File System (Amazon EFS) D. Amazon FSx for Windows File Server

A.

The drug research team in a Pharmaceutical company produces highly sensitive data and stores them in Amazon S3. The team wants to ensure top-notch security for their data while it is stored in Amazon S3. To have better control of the security, the team wants to use their own encryption key but doesn't want to maintain any code to perform data encryption and decryption. Also, the team wants to be responsible for storing the Secret key. As a Solutions Architect, which of the following encryption types will suit the above requirement?A. Server-side encryption with customer-provided encryption keys (SSE-C) B. Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3) C. Server-Side Encryption with KMS keys Stored in AWS Key Management Service (SSE-KMS) D. Protect the data using Client-Side Encryption

A.

An organization has recently moved their workloads to AWS Cloud. They have migrated their applications to run on EC2 instances. They are performing a test to run vulnerability assessments on Production instances using AWS Inspector to check access to the EC2 instances from the internet and to classify these assessments (High, Medium, Low). Which of the following steps related to configuring Amazon Inspector is incorrect?A. Define an Assessment Target and include all instances within the AWS Account and Region B. Include the "Network Reachability-1.1" rules package within the Assessment Template C. Change the duration of the vulnerability run from the default 1 hour to 15 minutes D. Do not set up the assessment to run in a recurring mode E. Run the Inspector configuration manually after creation

AE

A company has SQL Servers at the on-premises location which they are planning to migrate to AWS Cloud. This migration should be non-disruptive with minimal downtime. Prerequisite tests should be performed, and results should be captured before servers in AWS are elevated as primary servers. What cost-effective automated tool can be used to perform SQL server migration?A. AWS Migration Hub B. AWS Application Migration Service C. AWS DataSync D. AWS Server Migration Service

B

A company has created VPC A for deploying web applications. Recently this company has acquired another company that has created VPC B for deploying applications in an AWS cloud. It is found that subnets of both these VPCs are overlapping. The company requires applications from both these VPCs to communicate with each other. This communication should be bi-directional and should be over AWS-managed networking infrastructure. What design can be implemented to establish communications between these VPCs?A. Create new subnets from the new CIDR range in both VPCs. Create a public NAT Gateway in this subnet in both VPCs. Use AWS PrivateLink to connect these VPCs over new subnets. Update route table in both overlapping subnets to send traffic via NAT Gateway created in the new subnet to establish connectivity B. Create new subnets from the new CIDR range in both VPCs. Create a private NAT Gateway in this subnet in both VPCs. Use AWS Transit Gateway to connect these VPCs over new subnets. Update route table in both overlapping subnets to send traffic via NAT Gateway created in the new subnet to establish connectivity C. Create new subnets from the new CIDR range in both VPCs. Create a private NAT Gateway in this subnet in both VPCs. Use VPC Peering to connect these VPCs over new subnets. Update route table in both overlapping subnets to send traffic via NAT Gateway created in the new subnet to establish connectivity D. Create new subnets from the new CIDR range in both VPCs. Create a public NAT Gateway in this subnet in both VPCs. Use AWS Managed VPN to connect these VPCs over new subnets. Update route table in both overlapping subnets to send traffic via NAT Gateway created in the new subnet to establish connectivity

B

A company has deployed a memory-intensive financial application on an Amazon EC2 instance. During daily maintenance activity on the primary EC2 instance, there is a delay in the initialization of applications on the offline backup EC2 instances. The IT Head wants you to work on a solution to minimize this delay to ensure that applications on the backup instance are quickly initialized in a production environment. What approach can be initiated to meet this requirement?A. Launch a backup Amazon EC2 instance. Configure all required applications and bring the instance to desired production state. Create an AMI from this instance and store it in Amazon S3 for future deployment B. Launch a backup Amazon EC2 instance with hibernation enabled. Configure all required applications and bring the instance to desired production state. Hibernate the instance C. Launch a backup Amazon EC2 instance. Configure all required applications and bring the instance to desired production state. Shut the instance and reboot once it's required to be in production D. Launch a backup Amazon EC2 instance. Configure all required applications and bring the instance to desired production state. Store RAM data to EBS volumes and shut the instance. Reboot the instance with EBS volumes once it's required to be in production

B

A cyber security company needs to extract face attributes from millions of images. These images are stored in an Amazon S3 bucket. The company is mainly looking to extract the gender of the person from the image along with the emotions of the detected person. Which approach can be initiated to meet this requirement?A. Copy all the images from Amazon S3 buckets to Amazon Rekognition. Use the Facial Recognition feature of Amazon Rekognition to fetch the gender and emotions of the person in the images B. Point Amazon Rekognition to Amazon S3 buckets that contain images. Use the Facial Analysis feature of Amazon Rekognition to fetch the gender and emotions of the person in the images C. Copy all the images from Amazon S3 buckets to Amazon Rekognition. Use the Facial Comparison feature of Amazon Rekognition to fetch the gender and emotions of the person in the images D. Point Amazon Rekognition to Amazon S3 buckets that contain images. Use the Object and Scene Detection feature of Amazon Rekognition to fetch the gender and emotions of the person in the images

B

A financial company has deployed a business-critical application on an Amazon EC2 instance front-ended by an internet-facing Application Load Balancer. AWS WAF is used with Application Load Balancer for securing this application. The security team is looking to protect the expensive computational resources of the application specifically. The requests to these resources should be limited to a threshold number of sessions beyond which all the requests should be dropped. Which security policy can be designed to get the required protection for the application?A. Create AWS WAF blanket rate-based rules and attach them to the Application Load Balancer B. Create AWS WAF URI-specific rate-based rules and attach them to the Application Load Balancer C. Create AWS WAF IP reputation rate-based rules and attach them to the Application Load Balancer D. Create AWS WAF Managed rule group statements and attach them to the Application Load Balancer

B

A large company has multiple AWS accounts as part of AWS Organizations. Some of these accounts have created VPC with NAT gateway for internet access. The Security Team needs to control internet access to these accounts by attaching the following SCP (Service Control Policies) at the Organizations' root level. What will be the impact of applying this SCP? {"Version":"2012-10-17","Statement":[{"Effect":"Deny","Action":["ec2:AttachInternetGateway","ec2:CreateInternetGateway","ec2:CreateEgressOnlyInternetGateway","ec2:CreateVpcPeeringConnection","ec2:AcceptVpcPeeringConnection","globalaccelerator:Create*","globalaccelerator:Update*"],"Resource":"*"}]}A. The policy will deny existing Internet access to all users and roles in member and management accounts B. The policy will deny creating a new Internet Gateway to all users and roles in member accounts. There will have no impact on users in management accounts C. The policy will deny creating a new Internet Gateway for all users and roles in member and management accounts D. The policy will deny existing Internet access to all users and roles in member accounts. There will have no impact on users in management accounts

B

A large engineering company has created multiple accounts for deploying applications in an AWS Cloud. Production Account is using Amazon Redshift for data warehousing applications. The Quality Assurance Team having accounts in the same region needs access to the data in this Amazon Redshift. Data should be securely shared with specific users in this account for further analysis. What is the cost-effective and efficient method for sharing Amazon Redshift data between AWS accounts in the same region?A. Use a third-party ETL (extract transform load) tool to copy data from the production accounts and share it with specific users in Quality assurance accounts B. Create a Datashare from the Redshift console and authorize specific accounts to access this datashare C. Extract database from Amazon Redshift and store in Amazon S3. Use this S3 bucket to share the database with other accounts D. Extract database from Amazon Redshift and store in Amazon DynamoDB table. Use the Amazon DynamoDB table to share the database with other accounts

B

An IT Company has deployed Amazon EFS in VPC A created in eu-west-2. Data in this Amazon EFS needs to be accessed from the Amazon EC2 instance in VPC B created in us-east-1 and from an on-premises location. On-Premises locations have an existing AWS Direct Connect link with VPC B. You need to provide a high-performance cost-effective solution for this data access with optimum latency. Which solution can be designed for accessing data in Amazon EFS?A. Create an AWS Managed VPN from on-premises to VPC A. Over this connectivity, access Amazon EFS in VPC A. For instance, in VPC B, connect to the on-premises network using the existing Direct Connect Link. From there, use VPN connectivity to establish connectivity to Amazon EFS in VPC A B. Create an AWS PrivateLink between VPC A and VPC B. Access Amazon EFS in VPC A from an instance in VPC B over this PrivateLink. From the on-premises network, use existing AWS Direct Connect to VPC B. From there, use PrivateLink to connect to Amazon EFS in VPC A C. Create an inter-region VPC peering between VPC A and VPC B. Create an AWS Managed VPN from on-premises to VPC A. Access Amazon EFS in VPC A from the instance in VPC B over VPC peering while establishing connectivity from on-premises servers to Amazon EFS in VPC A over VPN connectivity D. Create an inter-region VPC peering between VPC A and VPC B. Access Amazon EFS in VPC A from the instance in VPC B over VPC peering. From the on-premises network, use existing AWS Direct Connect to VPC B. From there, use VPC peering to connect to Amazon EFS in VPC A

B

An organization has recently adopted AWS cloud for hosting its applications. They have multiple AWS accounts to gain the highest level of isolation amongst its resources security. They have implemented a Data Lake for analytics in one of their accounts (Analytics Account) and use SQS messaging queue for exporting data to the Analytics Account coming from various data sources in other accounts. A consumer in the Analytics Account reads the data from SQS transfers it to the Data Lake. How would you, as a Solutions Architect, enable different accounts to access the SQS queue?A. Use an IAM policy and provide SendMessage permission to the SQS queue to other accounts B. Use an SQS policy and provide SendMessage permission to the SQS queue to other accounts C. Use an IAM Role and provide SendMessage permission through SQS policy and assume the role in the other accounts D. Both B and C will work

B

You are a solutions architect in a gaming company. The customer has asked you to design Infrastructure as Code (IaC) for one of their applications. You have decided to use AWS CloudFormation for this. The customer has asked you to build the infrastructure so that all the EC2 instances are created out of their predefined Amazon Machine Images (AMIs) set based on a region. Which of the below CloudFormation features will help you satisfy the customer requirement?A. CloudFormation Outputs B. CloudFormation Mappings C. CloudFormation Parameters D. CloudFormation Conditions

B

You are a solutions architect working for a financial services firm that operates applications in the hybrid cloud model. You have applications running on EC2 instances in your VPC that communicate with resources in your on-prem data center. You have a workload on an EC2 network interface in one subnet and a transit gateway association in a different subnet. Also, these two subnets are associated with different NACLs. You have set up Network Access Control List (NACL) rules to control the traffic to and from your EC2 instances and transit gateway. Which of the following is true about the NACL rules for traffic from your EC2 instances to the transit gateway?A. Outbound rules use the source IP address to evaluate traffic from the instances to the transit gateway. B. Outbound rules use the destination IP address to evaluate traffic from the instances to the transit gateway. C. Outbound rules are not evaluated for the transit gateway subnet D. Inbound rules use the destination IP address to evaluate traffic from the transit gateway to the instances.

B

You are the Solutions Architect of an organization that runs 100 of modern EC2 instances in a production environment. To avoid non-compliance, you must immediately update the packages on all the production EC2 instances. There is a DevSecOps team who is in charge of security group policies used in those EC2, has the SSH access disabled in the security group policy. When you reached them to get the SSH enabled, they denied that. Which of the below options will help you to roll out the package for all the EC2 instances despite having the above restrictions from the DevSecOps team?A. Use AWS Config to roll out the package all at once and install it in EC2 instances B. Get the System Manager role added to your IAM roles and use Systems Manager Run Command to roll out the package installation C. Get the System Manager role added to your IAM roles and use System Manager Session Manager to SSH into the EC2s from browser mode to install the package D. Get the user credentials of one of the Security members to SSH into the EC2 instance and proceed with package installation

B

You are working on a Fraud Detection system that relies on getting real-time data from the database quickly. You perform the analysis on it. Your manager has instructed you to find a database solution where you can pursue the analytical queries directly on your current database where you are performing other transactional queries as well. The manager has asked you not to use a separate software or infrastructure to perform the analytics. Also, he has instructed you to use a solution where the underlying database can run the queries on thousands of CPUs together without slowing down or compromising the overall performance. Which of the following is the MOST efficient solution for this requirement?A. Amazon OpenSearch B. Amazon Aurora Parallel Query C. Amazon EMR D. Amazon QuickSight

B

You have designed a loosely coupled architecture for a restaurant's order processing application. There is a set of microservices built using lambda functions for different processes. You have used Amazon SNS for all the notification sending requirements. When the user places an order, a notification is sent to the restaurant, and the restaurant sends confirmation of acceptance or cancellation, and the process continues. You are exploring AWS services to find one that will let you orchestrate this architecture. You also want to have a track of each and every task and event in your application but without any additional overhead of building this manually. Which of the following services suits the given requirement in the BEST way?A. AWS Batch B. AWS Step Functions C. Amazon SQS D. AWS Glue

B

A premier educational institute is stepping up to AWS Cloud as part of their 'Go Digital' initiative. The goal is to design a hybrid cloud storage service that gives them on-premises access to virtually unlimited cloud storage. Hence the institute plans to use AWS native service to back up their on-premises files using NFS and SMB file protocol. The institute wants to minimize latency in accessing the files in AWS by the students and users located across the globe. Hence the institute prefers to have multi-region replicas of the storage class so that the users can access it from AWS Regions that are geographically closer to them. You are hired as a Solutions Architect to design this hybrid cloud facility. What will be your choice for the low-cost, secure and durable AWS Storage that supports multi-region data availability?A. Tape Gateway B. Amazon S3 File Gateway C. Amazon FSx File Gateway D. Volume Gateway

B.

An organization has archived all their data to Amazon S3 Glacier for a long term. However, the organization needs to retrieve some portion of the archived data regularly. This retrieval process is quite random and incurs a good amount of cost for the organization. As expense is the top priority, the organization wants to set a data retrieval policy to avoid any data retrieval charges. Which one of the following retrieval policies suits this in the best way?A. No Retrieval Limit B. Free Tier Only C. Max Retrieval Rate D. Standard Retrieval

B.

During a compliance review within an organization, the following issues were observed: all S3 buckets were publicly accessible, many of the EC2 instances that are running were overutilized. The organization would like to understand, manage remediate these issues in the near future for different AWS services that they are using. Which of these services will help them do so?A. AWS Guard Duty B. AWS Systems Manager C. AWS Shield D. AWS Security Hub E. AWS Inspector

BD

You are a solutions architect working as a consultant where you build web applications for clients. One of your clients needs a static website hosted on AWS. The website will predominantly host content files owned by the AWS account used to create the S3 bucket that will host the website. However, some of the objects in the bucket are owned by a parent company's AWS account. How should you configure the S3 bucket access controls to achieve the most secure website that is accessible to the public? (Choose TWO)A. Create a bucket policy that grants s3:GetObject access to the objects owned by the parent company account. B. Create a bucket policy that grants s3:GetObject access to the objects in the bucket owned by the account used to create the S3 bucket that will host the website. C. Create an object access control list to grant read permissions on objects owned by the account used to create the S3 bucket that will host the website. D. Create an object access control list to grant read permissions on objects owned by the parent company account. E. Create a bucket policy that grants s3:GetObject access to the objects owned by the parent company account and the objects owned by the account used to create the S3 bucket that will host the website.

BD

A Pharmaceutical company wants to apply encryption all through the lifecycle of their data generated by the drug research team. Initially, the data will be stored in S3; then, the same will be processed by some filtering logic written in the AWS Lambda function. Finally, it will be stored in DynamoDB tables. All these AWS services integrate with AWS KMS. Hence, the customer is exploring options to create an Encryption Key using KMS that should be a 256-bit encryption key that never leaves AWS KMS unencrypted. Additionally, they want to use the same key for encryption and decryption without any ownership of the KEY. Which type of encryption key should be applied to the data in this scenario?A. Asymmetric KMS Keys B. AWS CloudHCM C. Symmetric KMS Keys D. Customer managed key

C

A company is using AWS Organizations for managing multiple accounts created in an AWS cloud. During the annual audit, it was found that accounts use similar resources which increase cost and admin work. These resources are created for the same requirements in each account. The IT Head is looking for a cost-optimized solution for managing these resources across multiple accounts. What solution can be designed for new resources deployment to minimize costs for resources across accounts in AWS Organizations?A. Create resources in a single account and share this resource with member accounts in AWS Organizations by attaching a resource-based policy B. Create resources in a single account and share this resource with management accounts in AWS Organizations by attaching a resource-based policy that will share resources with all other member accounts C. Create resources in a single account and use AWS Resource Access Manager to share resources across member accounts in AWS Organizations D. Create resources in a single account and use AWS Resource Access Manager to share resources with management accounts in AWS Organizations. Management Account will further share resources with all other member accounts

C

A large government Organization has created multiple accounts as part of the AWS Organizations. Each of these accounts has a NAT Gateway attached for Internet access to applications. The Finance team is looking for total combined charges incurred for all the NAT Gateways as well as charges of individual accounts for using NAT Gateway. What strategy can be adopted to get cost details for all NAT Gateway in AWS Organizations?A. Assign Cost Allocation tags to NAT Gateway in each of the member accounts from individual member accounts. Use member accounts in AWS Organizations to access the Cost Allocation Tags manager in the billing console B. Assign Cost Allocation tags to NAT Gateway in each of the member accounts from the management account. Use a management account in an AWS Organizations to access the Cost Allocation Tags manager in the billing console C. Assign Cost Allocation tags to NAT Gateway in each of the member accounts from individual member accounts. Use a management account in an AWS Organizations to access the Cost Allocation Tags manager in the billing console D. Assign Cost Allocation tags to NAT Gateway in each of the member accounts from the management account. Use a member account in an AWS Organizations to access the Cost Allocation Tags manager in the billing console

C

A major health care institution is looking for a solution to store their files in the cloud to achieve high availability, durability, elasticity, and lower storage cost. The storage must support the Network File System version 4 (NFSv4.1 and NFSv4.0) protocol. These files in the cloud storage will mainly be used by Auditor once in a while. Which of the below best suits this requirement?A. EFS Standard B. EFS One Zone C. EFS Standard-Infrequent Access (IA) D. EFS One Zone-Infrequent Access (IA)

C

A media company uses Amazon EFS as shared storage for its distributed application. These applications are deployed on Amazon EC2 instances launched in different Availability Zones in the us-west-1 region. They are planning to launch these applications in Europe for which application will be set up in the eu-west-2 region. The IT team is looking for a cost-effective solution to transfer data in Amazon EFS between these two regions on a regular basis. The solution for this data transfer should not involve transferring data over an insecure public network. What solution can be adapted to meet this requirement?A. Copy files in Amazon EFS to Amazon S3 bucket in us-west-1. Move data between regions using Amazon S3. In destination eu-west-2 region transfer files from S3 to Amazon EFS B. Use Open-source tools to transfer data between Amazon EFS securely C. Use AWS DataSync to transfer data between Amazon EFS D. In the us-west-1 region, copy files from Amazon EFS to Snowball. At the eu-west-2 region, transfer files from Snowball to EFS

C

A monolith application is currently being converted into a microservices architecture. The microservices use a container orchestration engine (ECS) for managing all container-based deployments. The AWS account which is hosting the application has high-Security requirements. It plans to build an analytics platform to gather data from all of the AWS ECS Service API calls in near real-time. It is necessary to track analyze different state changes that occur during AWS ECS Service deployment runtime with different tools like Kinesis, ELK, and Lambda. How will you architect this solution to meet the requirement?A. Configure AWS Config and stream AWS ECS API calls to an SNS topic. Use a Lambda function to perform an analysis of the configuration changes by subscribing to the SNS Topic B. Use AWS CloudTrail Setup that will deliver AWS ECS API calls to S3. Subscribe a Lambda function to S3 events which will insert records into an ELK stack for analysis C. Use CloudWatch events for pulling the AWS ECS API calls and submitting them to AWS Kinesis Streams for analysis D. Use CloudWatch Logs for pulling the AWS ECS API calls and integrate them with an ELK stack for analysis

C

The CEO of your organization would like to enforce stringent compliance over users of your AWS Account who access resources make changes to them at all times. Changes to all AWS resources need to be recorded and maintained over a period of 2 years for enabling auditors to perform an analysis of the data and also store the results of the analysis. The CEO wants a solution that can be implemented quickly with the highest security integrity of the stored data. How best would you, as an Architect, solve this?A. Create a CloudTrail trail and send the logs to an S3 bucket to store them securely. Use Athena to query the logs in S3 and store the results in another S3 bucket B. Use the Event History of CloudTrail, download the events to your local machine, and manually query the required data for a quick and cost-effective solution C. Use AWS CloudTrail Lake, configure the duration of storage and the events that need to be captured. Once configured, use the CloudTrail Lake interface for querying data D. Use CloudWatch event rules to capture API requests from AWS resources with SNS Topic notifications. Subscribe a Lambda function to the SNS Topic which writes the data to S3. Use Athena to Query S3 for analyzing the data

C

You are a solutions architect working for a media company that produces and stores image and video content that is sold as stock content to other companies that wish to use your stock content in their web and mobile apps. You are storing your stock content in S3 and you need to optimize for cost. Some of your images are small, less than 128 KB in size. However, most of your stock content is much larger. The amount of content you manage is very large, with over 1 million objects in S3. These objects have varying access patterns. Some are accessed frequently, while others are accessed very infrequently. Also, the access patterns for the stock objects change over time. Which S3 storage class should you choose for your stock content to optimize your costs while also providing the best overall performance?A. S3 Standard B. S3 Standard-IA C. S3 Intelligent-Tiering D. S3 One Zone-IA

C

You have designed the architecture for an E-Commerce website for one of the clients. It is hosted on a set of EC2 Instances managed by an Auto Scaling Group and sitting behind an Application Load Balancer. You have registered the domain name as myshoppingweb.com. The client has asked you to ensure the users should be able to access the website with myshoppingweb.com (root domain) as well as www.myshoppigweb.com (subdomain). What configuration do you need to set up in Amazon Route 53 to satisfy the client's requirement?A. Create a CNAME record for myshoppingweb.com pointing to the ALB and an Alias record for www.myshoppingweb.com pointing to the ALB B. Create a CNAME record for myshoppingweb.com pointing to the ALB and a CNAME record for www.myshoppingweb.com pointing to the ALB C. Create an Alias record for myshoppingweb.com pointing to the ALB and a CNAME record for www.myshoppingweb.com pointing to the ALB D. Create an A record for myshoppingweb.com pointing to the ALB and AAAA record for www.myshoppingweb.com pointing to the ALB

C

A gaming company stores large size (terabytes to petabytes) of clickstream events data into their central S3 bucket. The company wants to analyze this clickstream data to generate business insight. Amazon Redshift, hosted securely in a private subnet of a VPC, is used for all data warehouse-related and analytical solutions. Using Amazon Redshift, the company wants to explore some solutions to securely run complex analytical queries on the clickstream data stored in S3 without transforming/copying or loading the data in the Redshift. As a Solutions Architect, which of the following AWS services would you recommend for this requirement, knowing that security and cost are two major priorities for the company?A. Create a VPC endpoint to establish a secure connection between Amazon Redshift and the S3 central bucket and use Amazon Athena to run the query B. Use NAT Gateway to connect Amazon Redshift to the internet and access the S3 static website. Use Amazon Redshift Spectrum to run the query C. Create a VPC endpoint to establish a secure connection between Amazon Redshift and the S3 central bucket and use Amazon Redshift Spectrum to run the query D. Create Site-to-Site VPN to set up a secure connection between Amazon Redshift and the S3 central bucket and use Amazon Redshift Spectrum to run the query

C.

A Research and Development department in a global pharma company is planning to store all its formulation documents as an archive in Amazon S3 Glacier Vault. The security team of this company wants to ensure that no deletion of these formulation documents is permitted to any user for an indefinite period. Users should retain permissions to delete temporary document archives stored in these vaults. What approach should be initiated to meet this requirement?A. Use vault access policy to match the retention tag and deny deletion of the formulation document archive B. Use vault lock policy to match the retention tag and deny deletion of the formulation document archive C. Apply a LegalHold Tag to the formulation document archive in the vault D. Apply a retention Tag to the formulation document archive in the vault E. Use vault lock policy to match the LegalHold tag and deny deletion of the formulation document archive

CE

A major news broadcasting company is looking for a solution to build a throughput intense, high performance, low-cost redundant file storage class to ensure continuous availability of data that are being used by several EC2 instances running in a region. The redundant data are meant for some local advertisements targeted at the audience of a particular availability zone (AZ). Also, these data can be re-created easily, if it is lost. The redundant data will be accessed infrequently unless there is loss or damage to the primary storage. But the customer prefers it to be a cost-optimized one. Which of the below suits the best to this requirement?A. EFS Standard B. EFS One Zone C. EFS Standard-Infrequent Access (IA) D. EFS One Zone-Infrequent Access (IA)

D

A scientific research team is using EBS as storage for their highly sensitive documents to be processed by EC2 instances for some scientific experiment. The team wants to ensure the highest level of security for their documents so that even if they are compromised, they cannot be read. Which of the following AWS features would you recommend as a Solutions Architect?A. Amazon EBS encryption with AWS Managed Keys B. Policies and permissions in AWS IAM C. AWS Config D. Amazon EBS encryption with Customer Managed Keys

D

A web-application deployed on Amazon EC2 Instance launched in VPC A needs to connect with AWS KMS for data encryption. This traffic should preferably flow over the AWS network. Access to the AWS KMS keys should be controlled by granting permissions only to specific entities and ensuring the least privileged security practice is followed. The proposed solution should be cost-effective and should be set up effectively. What design can be proposed?A. Deploy a firewall proxy server on an Amazon EC2 instance for internet access to AWS KMS. Create policies on proxy servers to control access to AWS KMS only from the Instance IP address B. Attach a NAT Gateway to VPC A to access AWS KMS. Create a Network ACL allowing communication with AWS KMS only from the Instance IP address C. Create a VPC endpoint from VPC A for AWS KMS. Create a key policy matching 'aws: SourceVpc' condition key which will match VPC A D. Create a VPC endpoint from VPC A for AWS KMS. Create a key policy matching 'aws: SourceVpce' condition key which will match VPC endpoint ID

D

An IT company Techify has recently started using Amazon SQS to let their web servers communicate with the application servers through the messages in the SQS queue. However, upon testing, the team observed that the request from the Web server is not reaching the App server. For the same, they are looking for an AWS Service that can efficiently help them debug such errors. They also want to identify potential issues and more information about errors and latency for the messages passing through SQS. Which of the following services/ features can be used in the given scenario?A. Amazon CloudTrail B. Amazon Inspector C. Amazon Cloudwatch D. Amazon X-Ray

D

An IT company uses Scaling policies to maintain an exact number of Amazon EC2 instances in different Availability zones as per application workloads. The developer team has developed a new version of the application for which a new AMI needs to be updated to all the instances. For this, you have been asked to ensure that instances with previous AMI are phased out quickly. Which termination criteria best suits the requirement?A. Specify termination criteria using "ClosestToNextInstanceHour" predefined termination policy B. Specify termination criteria using "OldestInstance" predefined termination policy C. Specify termination criteria using "AllocationStrategy" predefined termination policy D. Specify termination criteria using "OldestLaunchTemplate" predefined termination policy

D

An application needs to access resources from another AWS account of another VPC in the same region. Which of the following ensure that the resources can be accessed as required?A. Establish a NAT instance between both accounts. B. Use a VPN between both accounts. C. Use a NAT Gateway between both accounts. D. Use VPC Peering between both accounts.

D

You are a solutions architect working for a regional bank that is moving its data center to the AWS cloud. You need to migrate your data center storage to a new S3 and EFS data store in AWS. Since your data includes Personally Identifiable Information (PII), you have been asked to transfer data from your data center to AWS without traveling over the public internet. Which option gives you the most efficient solution that meets your requirements?A. Migrate your on-prem data to AWS using the DataSync agent using NAT Gateway. B. Create a public VPC endpoint, and configure the DataSync agent to communicate to the DataSync public service endpoints via the VPC endpoint using Direct Connect. C. Migrate your on-prem data to AWS using the DataSync agent using Internet Gateway. D. Create a private VPC endpoint, and configure the DataSync agent to communicate to the DataSync private service endpoints via the VPC endpoint using VPN.

D

A customer has two accounts in AWS - Account A and B. There is an Amazon S3 bucket that's owned by account A that has a resource-based policy to grant access to users from account B. The Organization Unit (OU) of Account A has an SCP attached that denies certain actions in the S3 bucket and objects. But users in account B, which is in another OU, do not face any restriction on S3 usage. What could be the possible reason for this?A. Permission must be denied in IAM permission policies first to make that effect in SCPs B. SCPs affect only member accounts in the organization. They have no effect on users or roles in the management account C. SCP was not configured properly D. SCPs don't affect users or roles from accounts outside the organization

D.

A gaming company planned to launch their new gaming application that will be in both web and mobile platforms. The company considers using GraphQL API to securely query or update data through a single endpoint from multiple databases, microservices, and several other API endpoints. They also want some portions of the data to be updated and accessed in real-time. The customer prefers to build this new application mostly on serverless components of AWS. As a Solutions Architect, which of the following AWS services would you recommend the customer to develop their GraphQL API?A. Kinesis Data Firehose B. Amazon Neptune C. Amazon API Gateway D. AWS AppSync

D.

An airline company needs to analyze customer feedback about services provided. A large number of files are created which have texts such as Ticket returns and Flight complaints based upon customer feedback. This text should be categorized, and a label needs to be assigned for further analysis. The company is planning to use Amazon Comprehend for this purpose. The project team is looking for your suggestions for storing files that Amazon Comprehend can use for processing and saving the results. How can a solution be implemented for this purpose?A. Store the files in Amazon EFS volumes. Use Amazon Comprehend to read the data from the Amazon EFS volumes and write results to Amazon Redshift B. Store the files in Amazon EBS volumes. Use Amazon Comprehend to read the data from the Amazon EBS volumes and write results to Amazon S3 buckets C. Store the files in Amazon Redshift. Use Amazon Comprehend to read the data from the Amazon Redshift and write results to Amazon S3 buckets D. Store the files in Amazon S3 bucket. Use Amazon Comprehend to read the data from the Amazon S3 bucket and write results to Amazon Redshift

D.

An online retail company stores a large number of customer data (terabytes to petabytes) into Amazon S3.The company wants to drive some business insight out of this data. They plan to securely run SQL-based complex analytical queries on the S3 data directly and process it to generate business insights and build a data visualization dashboard for the business and management review and decision-making. You are hired as a Solutions Architect to provide a cost-effective and quick solution to this. Which of the following AWS services would you recommend?A. Use Amazon Redshift Spectrum to run SQL-based queries on the data stored in Amazon S3 and then process it to Amazon Kinesis Data Analytics for creating a dashboard B. Use Amazon Redshift to run SQL-based queries on the data stored in Amazon S3 and then process it on a custom web-based dashboard for data visualization C. Use Amazon EMR to run SQL-based queries on the data stored in Amazon S3 and then process it to Amazon Quicksight for data visualization D. Use Amazon Athena to run SQL-based queries on the data stored in Amazon S3 and then process it to Amazon Quicksight for dashboard view

D.

A startup firm has a large number of applications servers hosted on VMs (virtual machines) associated with VMware vCenter at the on-premises data center. Each of these VMs has different operating systems. They are planning to host these servers in the AWS Cloud. For estimating Amazon EC2 sizing in the AWS Cloud, the IT Team is looking for the resource utilization from on-premises servers which should include key parameters like CPU, disk, memory, and network. This data should be saved in an encrypted format and shared with the SME (Subject Matter Expert) working on this migration.

Which method is best suited to get these server details?A. Use Agentless-discovery method with AWS Application Discovery Service B. Use Agentless-discovery method with AWS Server Migration Service C. Use Agent-based discovery method with AWS Server Migration Service D. Use Agent-based discovery method with AWS Application Discovery Service A


Related study sets

Alterations in the Musculoskeletal system quiz

View Set

Brunner and Suddharth Med Surg Chapter 39 Study Guide Questions Part 2

View Set

PHYSICS 171 Final Exam study guide

View Set

Unit 2: Material Facts Related to Property Condition and Location

View Set

Mental Health Powerpoint Questions

View Set

APUSH Chapter 12: Give Me Liberty

View Set

Applied Clinical Anatomy Section 1

View Set

Unit 1: Literature with a Purpose Study Guide

View Set

Biancas inscribed Angles - Circles Unit

View Set