AWS-SAA
Which service should an organization use if it requires an easily managed and scalable platform to host its web application running on Nginx?
AWS Elastic Beanstalk
A company's development team plans to create an Amazon S3 bucket that contains millions of images. The team wants to maximize the read performance ofAmazon S3.Which naming scheme should the company use?
Add a date as the prefix.
A company wants to analyze all of its sales information aggregated over the last 12 months. The company expects there to be over 10TB of data from multiple sources.What service should be used?
AmaAmazon Redshiftzon Redshift
A company runs a legacy application with a single-tier architecture on an Amazon EC2 instance. Disk I/O is low, with occasional small spikes during business hours. The company requires the instance to be stopped from 8 PM to 8 AM daily.Which storage option is MOST appropriate for this workload?
Amazon EBS General Purpose SSD (gp2) storage
A Solutions Architect is developing a solution for sharing files in an organization. The solution must allow multiple users to access the storage service at once from different virtual machines and scale automatically. It must also support file-level locking.Which storage service meets the requirements of this use case?
Amazon EFS
An application relies on messages being sent and received in order. The volume will never exceed more than 300 transactions each second.Which service should be used?
Amazon SQS
A Solutions Architect is building an application on AWS that will require 20,000 IOPS on a particular volume to support a media event. Once the event ends, theIOPS need is no longer required. The marketing team asks the Architect to build the platform to optimize storage without incurring downtime.How should the Architect design the platform to meet these requirements?
Change the EBS volume type to Provisioned IOPS.
A company requires that the source, destination, and protocol of all IP packets be recorded when traversing a private subnet.What is the MOST secure and reliable method of accomplishing this goal.
Create VPC flow logs on the subnet.
A mobile application serves scientific articles from individual files in an Amazon S3 bucket. Articles older than 30 days are rarely read. Articles older than 60 days no longer need to be available through the application, but the application owner would like to keep them for historical purposes.Which cost-effective solution BEST meets these requirements?
Create lifecycle rules to move files older than 30 days to Amazon S3 Standard Infrequent Access and move files older than 60 days to Amazon Glacier.
A Solutions Architect is designing a highly-available website that is served by multiple web servers hosted outside of AWS. If an instance becomes unresponsive, the Architect needs to remove it from the rotation.What is the MOST efficient way to fulfill this requirement?
D. Use Amazon Route 53 health checks.
A Solutions Architect is defining a shared Amazon S3 bucket where corporate applications will save objects.How can the Architect ensure that when an application uploads an object to the Amazon S3 bucket, the object is encrypted?
Set a bucket policy to encrypt all Amazon S3 objects.
A Solutions Architect is designing the storage layer for a production relational database. The database will run on Amazon EC2. The database is accessed by an application that performs intensive reads and writes, so the database requires the LOWEST random I/O latency.Which data storage method fulfills the above requirements?
Stripe data across multiple Amazon EBS volumes using RAID 0
A company is using AWS Key Management Service (AWS KMS) to secure their Amazon RDS databases. An auditor has recommended that the company log all use of their AWS KMS keys.What is the SIMPLEST solution?
Use AWS CloudTrail to log AWS KMS key usage.
A Solutions Architect is building a multi-tier website. The web servers will be in a public subnet, and the database servers will be in a private subnet. Only the web servers can be accessed from the Internet. The database servers must have Internet access for software updates.Which solution meets the requirements?
Use a NAT Gateway.
A Solutions Architect is designing an Amazon VPC. Applications in the VPC must have private connectivity to Amazon DynamoDB in the same AWS Region.The design should route DynamoDB traffic through:
VPC endpoint
A Solutions Architect is designing a VPC. Instances in a private subnet must be able to establish IPv6 traffic to the Internet. The design must scale automatically and not incur any additional cost.This can be accomplished with:
an egress-only internet gateway
A manufacturing company captures data from machines running at customer sites. Currently, thousands of machines send data every 5 minutes, and this is expected to grow to hundreds of thousands of machines in the near future. The data is logged with the intent to be analyzed in the future as needed.What is the SIMPLEST method to store this streaming data at scale?
A. Create an Amazon Kinesis Firehouse delivery stream to store the data in Amazon S3.
A Solutions Architect is about to deploy an API on multiple EC2 instances in an Auto Scaling group behind an ELB. The support team has the following operational requirements:1 They get an alert when the requests per second go over 50,0002 They get an alert when latency goes over 5 seconds3 They can validate how many times a day users call the API requesting highly-sensitive dataWhich combination of steps does the Architect need to take to satisfy these operational requirements? (Select two.)
A. Ensure that CloudTrail is enabled. C. Configure CloudWatch alarms for any metrics the support team requires.
An application tier currently hosts two web services on the same set of instances, listening on different ports.Which AWS service should a Solutions Architect use to route traffic to the service based on the incoming request path?
AWS Application Load Balancer
A legacy application needs to interact with local storage using iSCSI. A team needs to design a reliable storage solution to provision all new storage on AWS.Which storage solution meets the legacy application requirements?
AWS Storage Gateway in cached mode for the legacy application storage to write data to Amazon S3.
An e-commerce application is hosted in AWS. The last time a new product was launched, the application experienced a performance issue due to an enormous spike in traffic. Management decided that capacity must be doubled the week after the product is launched.Which is the MOST efficient way for management to ensure that capacity requirements are met?
Add a Dynamic Scaling policy.
A bank is writing new software that is heavily dependent upon the database transactions for write consistency. The application will also occasionally generate reports on data in the database, and will do joins across multiple tables. The database must automatically scale as the amount of data grows.Which AWS service should be used to run the database?
Amazon Aurora
A company wants to migrate a highly transactional database to AWS. Requirements state that the database has more than 6 TB of data and will grow exponentially.Which solution should a Solutions Architect recommend?
Amazon Aurora
A Solutions Architect is building a new feature using a Lambda to create metadata when a user uploads a picture to Amazon S3. All metadata must be indexed.Which AWS service should the Architect use to store this metadata?
Amazon DynamoDB
A company is launching an application that it expects to be very popular. The company needs a database that can scale with the rest of the application. The schema will change frequently. The application cannot afford any downtime for database changes.Which AWS service allows the company to achieve these objectives?
Amazon DynamoDB
A data analytics startup company asks a Solutions Architect to recommend an AWS data store options for indexed data. The data processing engine will generate and input more than 64 TB of processed data every day, with item sizes reaching up to 300 KB. The startup is flexible with data storage and is more interested in a database that requires minimal effort to scale with a growing dataset size.Which AWS data store service should the Architect recommend?
Amazon DynamoDB
An organization is currently hosting a large amount of frequently accessed data consisting of key-value pairs and semi-structured documents in their data center.They are planning to move this data to AWS.Which of one of the following services MOST effectively meets their needs?
Amazon DynamoDB
An application requires block storage for file updates. The data is 500 GB and must continuously sustain 100 MiB/s of aggregate read/write operations.Which storage option is appropriate for this application?
Amazon EBS
A company has a legacy application using a proprietary file system and plans to migrate the application to AWS.Which storage service should the company use?
Amazon EFS
An Administrator is hosting an application on a single Amazon EC2 instance, which users can access by the public hostname. The administrator is adding a second instance, but does not want users to have to decide between many public hostnames.Which AWS service will decouple the users from specific Amazon EC2 instances?
Amazon ELB
A social networking portal experiences latency and throughput issues due to an increased number of users. Application servers use very large datasets from anAmazon RDS database, which creates a performance bottleneck on the database.Which AWS service should be used to improve performance?
Amazon ElastiCache
Question #75Topic 1 A Solution Architect has a two-tier application with a single Amazon EC2 instance web server and Amazon RDS MySQL Multi-AZ DB instances. The Architect is re-architecting the application for high availability by adding instances in a second Availability Zone.Which additional services will improve the availability of the application? (Choose two.)
Amazon ElastiCache Auto Scaling group
A Solutions Architect is designing an architecture for a mobile gaming application. The application is expected to be very popular. The Architect needs to prevent the Amazon RDS MySQL database from becoming a bottleneck due to frequently accessed queries.Which service or feature should the Architect add to prevent a bottleneck?
Amazon ElastiCache in front of the RDS MySQL Database
A Solutions Architect is building an application that stores object data. Compliance requirements state that the data stored is immutable.Which service meets these requirements?
Amazon Glacier
A user is testing a new service that receives location updates from 3,600 rental cars every hour.Which service will collect data and automatically scale to accommodate production workload?
Amazon Kinesis Firehose
A company's website receives 50,000 requests each second, and the company wants to use multiple applications to analyze the navigation patterns of the users on their website so that the experience can be personalized.What can a Solutions Architect use to collect page clicks for the website and process them sequentially for each user?
Amazon Kinesis Stream
A customer has a production application that frequently overwrites and deletes data, the application requires the most up-to-date version of the data every time it is requested.Which storage should a Solutions Architect recommend to bet accommodate this use case?
Amazon RDS
A Solutions Architect is architecting a workload that requires a performant object-based storage system that must be shared with multiple Amazon EC2 instances.Which AWS service meets this requirement?
Amazon S3
A company has an application that stores sensitive data. The company is required by government regulations to store multiple copies of its data.What would be the MOST resilient and cost-effective option to meet this requirement?
Amazon S3
Legacy applications currently send messages through a single Amazon EC2 instance, which then routes the messages to the appropriate destinations. TheAmazon EC2 instance is a bottleneck and single point of failure, so the company would like to address these issues.Which services could address this architectural use case? (Choose two.)
Amazon SNS Amazon SQS
A website experiences unpredictable traffic. During peak traffic times, the database is unable to keep up with the write request.Which AWS service will help decouple the web application from the database?
Amazon SQS
A Solutions Architect is designing a database solution that must support a high rate of random disk reads and writes. It must provide consistent performance, and requires long-term persistence.Which storage solution BEST meets these requirements?
An Amazon EBS Provisioned IOPS volume
A Solutions Architect must select the storage type for a big data application that requires very high sequential I/O. The data must persist if the instance is stopped.Which of the following storage types will provide the best fit at the LOWEST cost for the application?
An Amazon EBS throughput optimized HDD volume
A Solutions Architect is developing software on AWS that requires access to multiple AWS services, including an Amazon EC2 instance. This is a security sensitive application, and AWS credentials such as Access Key ID and Secret Access Key need to be protected and cannot be exposed anywhere in the system.What security measure would satisfy these requirements?
Assign an IAM role to the Amazon EC2 instance
A Solutions Architect has a multi-layer application running in Amazon VPC. The application has an ELB Classic Load Balancer as the front end in a public subnet, and an Amazon EC2-based reverse proxy that performs content-based routing to two backend Amazon EC2 instances hosted in a private subnet. The Architect sees tremendous traffic growth and is concerned that the reverse proxy and current backend set up will be insufficient.Which actions should the Architect take to achieve a cost-effective solution that ensures the application automatically scales to meet traffic demand? (Select two.)
B. Add Auto Scaling to the Amazon EC2 backend fleet. E. Replace both the frontend and reverse proxy layers with an ELB Application Load Balancer.
A company hosts a popular web application. The web application connects to a database running in a private VPC subnet. The web servers must be accessible only to customers on an SSL connection. The RDS MySQL database server must be accessible only from the web servers.How should the Architect design a solution to meet the requirements without impacting running applications?
B. Open an HTTPS port on the security group for web servers and set the source to 0.0.0.0/0. Open the MySQL port on the database security group and attach it to the MySQL instance. Set the source to Web Server Security Group
A Solutions Architect is designing a web application that is running on an Amazon EC2 instance. The application stores data in DynamoDB. The Architect needs to secure access to the DynamoDB table.What combination of steps does AWS recommend to achieve secure authorization? (Select two.)
C. Create an IAM role with permissions to write to the DynamoDB table. D. Attach an IAM role to the Amazon EC2 instance.
A company is using an Amazon S3 bucket located in us-west-2 to serve videos to their customers. Their customers are located all around the world and the videos are requested a lot during peak hours. Customers in Europe complain about experiencing slow downloaded speeds, and during peak hours, customers in all locations report experiencing HTTP 500 errors.What can a Solutions Architect do to address these issues?
Cache the web content with Amazon CloudFront and use all Edge locations for content delivery.
An application is running on an Amazon EC2 instance in a private subnet. The application needs to read and write data onto Amazon Kinesis Data Streams, and corporate policy requires that this traffic should not go to the internet.How can these requirements be met?
Configure an interface VPC endpoint for Kinesis and route all traffic to Kinesis through the gateway VPC endpoint.
A Solution Architect is designing a three-tier web application. The Architect wants to restrict access to the database tier to accept traffic from the application servers only. However, these application servers are in an Auto Scaling group and may vary in quantity.How should the Architect configure the database servers to meet the requirements?
Configure the database security group to allow database traffic from the application server security group.
A Solution Architect is designing an application that uses Amazon EBS volumes. The volumes must be backed up to a different region.How should the Architect meet this requirement?
Create EBS snapshots and then copy them to the desired region.
A Solutions Architect needs to allow developers to have SSH connectivity to web servers. The requirements are as follows:✑ Limit access to users origination from the corporate network.✑ Web servers cannot have SSH access directly from the Internet.✑ Web servers reside in a private subnet.Which combination of steps must the Architect complete to meet these requirements? (Choose two.)
Create a bastion host with security group rules that only allow traffic from the corporate network Configure the web servers' security group to allow SSH traffic from a bastion hos
An application stack includes an Elastic Load Balancer in a public subnet, a fleet of Amazon EC2 instances in an Auto Scaling group, and an Amazon RDSMySQL cluster. Users connect to the application from the Internet. The application servers and database must be secure.How should a Solutions Architect perform this task?
Create a private subnet for the Amazon EC2 instances and a private subnet for the Amazon RDS cluster.
A web application stores all data in an Amazon RDS Aurora database instance. A Solutions Architect wants to provide access to the data for a detailed report for the Marketing team, but is concerned that the additional load on the database will affect the performance of the web application.How can the report be created without affecting the performance of the application?
Create a read replica of the database.
A web application experiences high compute costs due to serving a high amount of static web content.How should the web server architecture be designed to be the MOST cost-efficient?
Create an Amazon CloudFront distribution to pull static content from an Amazon S3 bucket.
A media company asked a Solutions Architect to design a highly available storage solution to serve as a centralized document store for their Amazon EC2 instances. The storage solution needs to be POSIX-compliant, scale dynamically, and be able to serve up to 100 concurrent EC2 instances.Which solution meets these requirements?
Create an Amazon Elastic File System (Amazon EFS) to store and share the documents.
A company is evaluating Amazon S3 as a data storage solution for their daily analyst reports. The company has implemented stringent requirements concerning the security of the data at rest. Specifically, the CISO asked for the use of envelope encryption with separate permissions for the use of an envelope key, automated rotation of the encryption keys, and visibility into when an encryption key was used and by whom.Which steps should a Solutions Architect take to satisfy the security requirements requested by the CISO?
Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS
A call center application consists of a three-tier application using Auto Scaling groups to automatically scale resources as needed. Users report that every morning at 9:00 AM the system becomes very slow for about 15 minutes. A Solution Architect determines that a large percentage of the call center staff starts work at 9:00AM, so Auto Scaling does not have enough time to scale out to meet demand.How can the Architect fix the problem?
Create an Auto Scaling scheduled action to scale out the necessary resources at 8:30 AM every morning.
A legacy application running in premises requires a Solutions Architect to be able to open a firewall to allow access to several Amazon S3 buckets. The Architect has a VPN connection to AWS in place.How should the Architect meet this requirement?
Create an IAM role that allows access from the corporate network to Amazon S3.
A Solutions Architect is designing a Lambda function that calls an API to list all running Amazon RDS instances.How should the request be authorized?
Create an IAM role to the Lambda function with permissions to list all Amazon RDS instances.
A popular e-commerce application runs on AWS. The application encounters performance issues. The database is unable to handle the amount of queries and load during peak times. The database is running on the RDS Aurora engine on the largest instance size available.What should an administrator do to improve performance?
Create one or more read replicas.
A Lambda function must execute a query against an Amazon RDS database in a private subnet.Which steps are required to allow the Lambda function to access the Amazon RDS database? (Select two.)
Create the Lambda function within the Amazon RDS VPC. Change the ingress rules of the Amazon RDS security group, allowing the Lambda security group
A company is launching a static website using the zone apex (mycompany.com). The company wants to use Amazon Route 53 for DNS.Which steps should the company perform to implement a scalable and cost-effective solution? (Choose two.)
D. Serve the website from an Amazon S3 bucket, and map a Route 53 alias record to the website endpoint. E. Create a Route 53 hosted zone, and set the NS records of the domain to use Route 53 name servers.
A Solutions Architect is designing a solution for a media company that will stream large amounts of data from an Amazon EC2 instance. The data streams are typically large and sequential, and must be able to support up to 500 MB/s.Which storage type will meet the performance requirements of this application?
EBS Throughput Optimized HDD
A Solutions Architect is designing a log-processing solution that requires storage that supports up to 500 MB/s throughput. The data is sequentially accessed by an Amazon EC2 instance.Which Amazon storage type satisfies these requirements?
EBS Throughput Optimized HDD (st1)
A Solutions Architect is designing a microservices-based application using Amazon ECS. The application includes a WebSocket component, and the traffic needs to be distributed between microservices based on the URL.Which service should the Architect choose to distribute the workload?
ELB Application Load Balancer
A Solutions Architect needs to design a solution that will enable a security team to detect, review, and perform root cause analysis of security incidents that occur in a cloud environment. The Architect must provide a centralized view of all API events for current and future AWS regions.How should the Architect accomplish this task?
Enable AWS CloudTrail by creating a new trail and apply the trail to all regions.
A Solution Architect is designing a disaster recovery solution for a 5 TB Amazon Redshift cluster. The recovery site must be at least 500 miles (805 kilometers) from the live site.How should the Architect meet these requirements?
Enable cross-region snapshots to a different region.
A Solutions Architect is designing an application on AWS that uses persistent block storage. Data must be encrypted at rest.Which solution meets the requirement?
Encrypt Amazon EBS volumes on Amazon EC2 instances.
A Solutions Architect is designing a new application that needs to access data in a different AWS account located within the same region. The data must not be accessed over the Internet.Which solution will meet these requirements with the LOWEST cost?
Establish a VPC Peering connection between accounts.
A Solutions Architect is designing a photo application on AWS. Every time a user uploads a photo to Amazon S3, the Architect must insert a new item to aDynamoDB table.Which AWS-managed service is the BEST fit to insert the item?
Lambda@Edge
A Solutions Architect is designing the architecture for a new three-tier web-based e-commerce site that must be available 24/7. Requests are expected to range from 100 to 10,000 each minute. Usage can vary depending on time of day, holidays, and promotions. The design should be able to handle these volumes, with the ability to handle higher volumes if necessary.How should the Architect design the architecture to ensure the web tier is cost-optimized and can handle the expected traffic? (Select two.)
Launch Amazon EC2 instances in an Auto Scaling group behind an ELB. Create an CloudFront distribution pointing to static content in Amazon S3.
A Solutions Architect plans to migrate NAT instances to NAT gateway. The Architect has NAT instances with scripts to manage high availability.What is the MOST efficient method to achieve similar high availability with NAT gateway?
Launch a NAT gateway in each Availability Zone.
A Solutions Architect is designing a web application. The web and application tiers need to access the Internet, but they cannot be accessed from the Internet.Which of the following steps is required?
Launch a NAT gateway in the public subnet and add a route to it from the private subnet.
An AWS workload in a VPC is running a legacy database on an Amazon EC2 instance. Data is stored on a 200GB Amazon EBS (gp2) volume. At peak load times, logs show excessive wait time.What solution should be implemented to improve database performance using persistent storage?
Migrate the data on the EBS volume to provisioned IOPS SSD (io1).
A Solutions Architect needs to build a resilient data warehouse using Amazon Redshift. The Architect needs to rebuild the Redshift cluster in another region.Which approach can the Architect take to address this requirement?
Modify the Redshift cluster and configure cross-region snapshots to the other region.
An interactive, dynamic website runs on Amazon EC2 instances in a single subnet behind an ELB Classic Load Balancer.Which design changes will make the site more highly available?
Move some Amazon EC2 instances to a subnet in a different way.
An Internet-facing multi-tier web application must be highly available. An ELB Classic Load Balancer is deployed in front of the web tier. Amazon EC2 instances at the web application tier are deployed evenly across two Availability Zones. The database is deployed using RDS Multi-AZ. A NAT instance is launched for AmazonEC2 instances and database resources to access the Internet. These instances are not assigned with public IP addresses.Which component poses a potential single point of failure in this architecture?
NAT instance
A development team is building an application with front-end and backend application tiers. Each tier consists of Amazon EC2 instances behind an ELB ClassicLoad Balancer. The instances run in Auto Scaling groups across multiple Availability Zones. The network team has allocated the 10.0.0.0/24 address space for this application. Only the front-end load balancer should be exposed to the Internet. There are concerns about the limited size of the address space and the ability of each tier to scale.What should the VPC subnet design be in each Availability Zone?
One public subnet for the load balancer tier and one shared private subnet for the application tiers.
Developers are creating a new online transaction processing (OLTP) application for a small database that is very read-write intensive. A single table in the database is updated continuously throughout the day, and the developers want to ensure that the database performance is consistent.Which Amazon EBS storage option will achieve the MOST consistent performance to help maintain application performance?
Provisioned IOPS SSD
A customer owns a simple API for their website that receives about 1,000 requests each day and has an average response time of 50 ms. It is currently hosted on one c4.large instance.Which changes to the architecture will provide high availability at the LOWEST cost?
Recreate the API using Amazon API Gateway and use AWS Lambda as the service backend.
A Solutions Architect needs to design an architecture for a new, mission-critical batch processing billing application. The application is required to run Monday,Wednesday, and Friday from 5 AM to 11 AM.Which is the MOST cost-effective Amazon EC2 pricing model?
Scheduled Reserved Instances
A company hosts a two-tier application that consists of a publicly accessible web server that communicates with a private database. Only HTTPS port 443 traffic to the web server must be allowed from the Internet.Which of the following options will achieve these requirements? (Choose two.)
Security group rule that allows inbound Internet traffic for port 443. Network ACL rule that allows port 443 inbound and all ports outbound for Internet traffic.
An organization runs an online media site, hosted on-premises. An employee posted a product review that contained videos and pictures. The review went viral and the organization needs to handle the resulting spike in website traffic.What action would provide an immediate solution?
Serve the images and videos via an Amazon CloudFront distribution created using the news site as the origin.
A Solutions Architect is designing a stateful web application that will run for one year (24/7) and then be decommissioned. Load on this platform will be constant, using a number of r4.8xlarge instances. Key drivers for this system include high availability, but elasticity is not required.What is the MOST cost-effective way to purchase compute for this platform?
Standard Reserved Instances
A news organization plans to migrate their 20 TB video archive to AWS. The files are rarely accessed, but when they are, a request is made in advance and a 3 to5-hour retrieval time frame is acceptable. However, when there is a breaking news story, the editors require access to archived footage within minutes.Which storage solution meets the needs of this organization while providing the LOWEST cost of storage?
Store the archive in Amazon Glacier and pay the additional charge for expedited retrieval when needed.
A customer has written an application that uses Amazon S3 exclusively as a data store. The application works well until the customer increases the rate at which the application is updating information. The customer now reports that outdated data occasionally appears when the application accesses objects in Amazon S3.What could be the problem, given that the application logic is otherwise correct?
The application is updating records by overwriting existing objects with the same keys.
A workload consists of downloading an image from an Amazon S3 bucket, processing the image, and moving it to another Amazon S3 bucket. An Amazon EC2 instance runs a scheduled task every hour to perform the operation.How should a Solutions Architect redesign the process so that it is highly available?
Trigger a Lambda function when a new object is uploaded.
A Solutions Architect is designing a mobile application that will capture receipt images to track expenses. The Architect wants to store the images on Amazon S3.However, uploading images through the web server will create too much traffic.What is the MOST efficient method to store images from a mobile application on Amazon S3?
Upload directly to S3 using a pre-signed URL.
A client notices that their engineers often make mistakes when creating Amazon SQS queues for their backend system.Which action should a Solutions Architect recommend to improve this process?
Use AWS CloudFormation Templates to manage the Amazon SQS queue creation.
As part of securing an API layer built on Amazon API gateway, a Solutions Architect has to authorize users who are currently authenticated by an existing identity provider. The users must be denied access for a period of one hour after three unsuccessful attempts.How can the Solutions Architect meet these requirements?
Use Amazon Cognito user pools to integrate with external identity providers.
A company plans to use AWS for all new batch processing workloads. The company's developers use Docker containers for the new batch processing. The system design must accommodate critical and non-critical batch processing workloads 24/7.How should a Solutions Architect design this architecture in a cost-efficient manner?
Use Amazon ECS orchestration and Auto Scaling groups: one with Reserve Instances, one with Spot Instances.
A Solutions Architect is designing a new social media application. The application must provide a secure method for uploading profile photos. Each user should be able to upload a profile photo into a shared storage location for one week after their profile is created.Which approach will meet all of these requirements
Use Amazon S3 with the default private access policy and generate pre-signed URLs each time a new site profile is created.
A company is launching a marketing campaign on their website tomorrow and expects a significant increase in traffic. The website is designed as a multi-tiered web architecture, and the increase in traffic could potentially overwhelm the current design.What should a Solutions Architect do to minimize the effects from a potential failure in one or more of the tiers?
Use Auto Scaling to keep up with the demand.
A Solutions Architect is designing network architecture for an application that has compliance requirements. The application will be hosted on Amazon EC2 instances in a private subnet and will be using Amazon S3 for storing data. The compliance requirements mandate that the data cannot traverse the publicInternet.What is the MOST secure way to satisfy this requirement?
Use a VPC endpoint.
A Solutions Architect is designing solution with AWS Lambda where different environments require different database passwords.What should the Architect do to accomplish this in a secure and scalable way?
Use encrypted AWS Lambda environmental variables.
A company is migrating its data center to AWS. As part of this migration, there is a three-tier web application that has strict data-at-rest encryption requirements.The customer deploys this application on Amazon EC2 using Amazon EBS, and now must provide encryption at-rest.How can this requirement be met without changing the application?
Use encrypted EBS storage volumes with AWS-managed keys.
A Solutions Architect is designing an application that will encrypt all data in an Amazon Redshift cluster.Which action will encrypt the data at rest?
Use the AWS KMS Default Customer master key.
Two Auto Scaling applications, Application A and Application B, currently run within a shared set of subnets. A Solutions Architect wants to make sure thatApplication A can make requests to Application B, but Application B should be denied from making requests to Application A.Which is the SIMPLEST solution to achieve this policy?
Using security groups that reference the security groups of the other application
A Solutions Architect is designing a solution that includes a managed VPN connection.To monitor whether the VPN connection is up or down, the Architect should use:
the CloudWatch TunnelState Metric.
